diff -Nru openssl-1.1.1w/debian/changelog openssl-1.1.1w/debian/changelog --- openssl-1.1.1w/debian/changelog 2023-10-27 18:46:31.000000000 +0000 +++ openssl-1.1.1w/debian/changelog 2023-11-08 00:24:02.000000000 +0000 @@ -1,8 +1,8 @@ -openssl (1.1.1w-5myguard5~focal) focal; urgency=medium +openssl (1.1.1w-5myguard7~focal) focal; urgency=medium * Rebuild and backport with quictls - -- Thijs Eilander Fri, 27 Oct 2023 20:46:31 +0200 + -- Thijs Eilander Wed, 08 Nov 2023 01:24:02 +0100 openssl (1.1.1i-1) unstable; urgency=medium diff -Nru openssl-1.1.1w/debian/patches/openssl-1.1.1c-sess_set_get_cb_yield.patch openssl-1.1.1w/debian/patches/openssl-1.1.1c-sess_set_get_cb_yield.patch --- openssl-1.1.1w/debian/patches/openssl-1.1.1c-sess_set_get_cb_yield.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.1w/debian/patches/openssl-1.1.1c-sess_set_get_cb_yield.patch 2023-11-08 00:24:02.000000000 +0000 @@ -0,0 +1,10163 @@ +diff -urN openssl-1.1.1w.orig/include/openssl/bio.h openssl-1.1.1w/include/openssl/bio.h +--- openssl-1.1.1w.orig/include/openssl/bio.h 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/include/openssl/bio.h 2023-11-08 01:21:37.262754997 +0100 +@@ -216,6 +216,8 @@ + /* Returned from the accept BIO when an accept would have blocked */ + # define BIO_RR_ACCEPT 0x03 + ++# define BIO_RR_SSL_SESSION_LOOKUP 0x09 ++ + /* These are passed by the BIO callback */ + # define BIO_CB_FREE 0x01 + # define BIO_CB_READ 0x02 +diff -urN openssl-1.1.1w.orig/include/openssl/ssl.h openssl-1.1.1w/include/openssl/ssl.h +--- openssl-1.1.1w.orig/include/openssl/ssl.h 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/include/openssl/ssl.h 2023-11-08 01:21:37.262754997 +0100 +@@ -896,6 +896,7 @@ + # define SSL_ASYNC_PAUSED 5 + # define SSL_ASYNC_NO_JOBS 6 + # define SSL_CLIENT_HELLO_CB 7 ++# define SSL_SESS_LOOKUP 99 + + /* These will only be used when doing non-blocking IO */ + # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +@@ -905,6 +906,7 @@ + # define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) + # define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) + # define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) ++# define SSL_want_sess_lookup(s) (SSL_want(s) == SSL_SESS_LOOKUP) + + # define SSL_MAC_FLAG_READ_MAC_STREAM 1 + # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +@@ -1190,6 +1192,8 @@ + # define SSL_ERROR_WANT_ASYNC 9 + # define SSL_ERROR_WANT_ASYNC_JOB 10 + # define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 ++# define SSL_ERROR_WANT_SESSION_LOOKUP 99 ++# define SSL_ERROR_PENDING_SESSION 99 /* BoringSSL compatibility */ + # define SSL_CTRL_SET_TMP_DH 3 + # define SSL_CTRL_SET_TMP_ECDH 4 + # define SSL_CTRL_SET_TMP_DH_CB 6 +@@ -1672,6 +1676,7 @@ + int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); + int SSL_SESSION_up_ref(SSL_SESSION *ses); + void SSL_SESSION_free(SSL_SESSION *ses); ++SSL_SESSION *SSL_magic_pending_session_ptr(void); + __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); + __owur int SSL_set_session(SSL *to, SSL_SESSION *session); + int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +diff -urN openssl-1.1.1w.orig/include/openssl/ssl.h.orig openssl-1.1.1w/include/openssl/ssl.h.orig +--- openssl-1.1.1w.orig/include/openssl/ssl.h.orig 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-1.1.1w/include/openssl/ssl.h.orig 2023-09-11 16:08:11.000000000 +0200 +@@ -0,0 +1,2448 @@ ++/* ++ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved ++ * Copyright 2005 Nokia. All rights reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef HEADER_SSL_H ++# define HEADER_SSL_H ++ ++# include ++# include ++# include ++# include ++# if OPENSSL_API_COMPAT < 0x10100000L ++# include ++# include ++# include ++# endif ++# include ++# include ++# include ++# include ++ ++# include ++# include ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* OpenSSL version number for ASN.1 encoding of the session information */ ++/*- ++ * Version 0 - initial version ++ * Version 1 - added the optional peer certificate ++ */ ++# define SSL_SESSION_ASN1_VERSION 0x0001 ++ ++# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 ++# define SSL_MAX_SID_CTX_LENGTH 32 ++ ++# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) ++# define SSL_MAX_KEY_ARG_LENGTH 8 ++# define SSL_MAX_MASTER_KEY_LENGTH 48 ++ ++/* The maximum number of encrypt/decrypt pipelines we can support */ ++# define SSL_MAX_PIPELINES 32 ++ ++/* text strings for the ciphers */ ++ ++/* These are used to specify which ciphers to use and not to use */ ++ ++# define SSL_TXT_LOW "LOW" ++# define SSL_TXT_MEDIUM "MEDIUM" ++# define SSL_TXT_HIGH "HIGH" ++# define SSL_TXT_FIPS "FIPS" ++ ++# define SSL_TXT_aNULL "aNULL" ++# define SSL_TXT_eNULL "eNULL" ++# define SSL_TXT_NULL "NULL" ++ ++# define SSL_TXT_kRSA "kRSA" ++# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ ++# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ ++# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ ++# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ ++# define SSL_TXT_kDHE "kDHE" ++# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ ++# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ ++# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ ++# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ ++# define SSL_TXT_kECDHE "kECDHE" ++# define SSL_TXT_kPSK "kPSK" ++# define SSL_TXT_kRSAPSK "kRSAPSK" ++# define SSL_TXT_kECDHEPSK "kECDHEPSK" ++# define SSL_TXT_kDHEPSK "kDHEPSK" ++# define SSL_TXT_kGOST "kGOST" ++# define SSL_TXT_kSRP "kSRP" ++ ++# define SSL_TXT_aRSA "aRSA" ++# define SSL_TXT_aDSS "aDSS" ++# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ ++# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ ++# define SSL_TXT_aECDSA "aECDSA" ++# define SSL_TXT_aPSK "aPSK" ++# define SSL_TXT_aGOST94 "aGOST94" ++# define SSL_TXT_aGOST01 "aGOST01" ++# define SSL_TXT_aGOST12 "aGOST12" ++# define SSL_TXT_aGOST "aGOST" ++# define SSL_TXT_aSRP "aSRP" ++ ++# define SSL_TXT_DSS "DSS" ++# define SSL_TXT_DH "DH" ++# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ ++# define SSL_TXT_EDH "EDH"/* alias for DHE */ ++# define SSL_TXT_ADH "ADH" ++# define SSL_TXT_RSA "RSA" ++# define SSL_TXT_ECDH "ECDH" ++# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ ++# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ ++# define SSL_TXT_AECDH "AECDH" ++# define SSL_TXT_ECDSA "ECDSA" ++# define SSL_TXT_PSK "PSK" ++# define SSL_TXT_SRP "SRP" ++ ++# define SSL_TXT_DES "DES" ++# define SSL_TXT_3DES "3DES" ++# define SSL_TXT_RC4 "RC4" ++# define SSL_TXT_RC2 "RC2" ++# define SSL_TXT_IDEA "IDEA" ++# define SSL_TXT_SEED "SEED" ++# define SSL_TXT_AES128 "AES128" ++# define SSL_TXT_AES256 "AES256" ++# define SSL_TXT_AES "AES" ++# define SSL_TXT_AES_GCM "AESGCM" ++# define SSL_TXT_AES_CCM "AESCCM" ++# define SSL_TXT_AES_CCM_8 "AESCCM8" ++# define SSL_TXT_CAMELLIA128 "CAMELLIA128" ++# define SSL_TXT_CAMELLIA256 "CAMELLIA256" ++# define SSL_TXT_CAMELLIA "CAMELLIA" ++# define SSL_TXT_CHACHA20 "CHACHA20" ++# define SSL_TXT_GOST "GOST89" ++# define SSL_TXT_ARIA "ARIA" ++# define SSL_TXT_ARIA_GCM "ARIAGCM" ++# define SSL_TXT_ARIA128 "ARIA128" ++# define SSL_TXT_ARIA256 "ARIA256" ++ ++# define SSL_TXT_MD5 "MD5" ++# define SSL_TXT_SHA1 "SHA1" ++# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ ++# define SSL_TXT_GOST94 "GOST94" ++# define SSL_TXT_GOST89MAC "GOST89MAC" ++# define SSL_TXT_GOST12 "GOST12" ++# define SSL_TXT_GOST89MAC12 "GOST89MAC12" ++# define SSL_TXT_SHA256 "SHA256" ++# define SSL_TXT_SHA384 "SHA384" ++ ++# define SSL_TXT_SSLV3 "SSLv3" ++# define SSL_TXT_TLSV1 "TLSv1" ++# define SSL_TXT_TLSV1_1 "TLSv1.1" ++# define SSL_TXT_TLSV1_2 "TLSv1.2" ++ ++# define SSL_TXT_ALL "ALL" ++ ++/*- ++ * COMPLEMENTOF* definitions. These identifiers are used to (de-select) ++ * ciphers normally not being used. ++ * Example: "RC4" will activate all ciphers using RC4 including ciphers ++ * without authentication, which would normally disabled by DEFAULT (due ++ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" ++ * will make sure that it is also disabled in the specific selection. ++ * COMPLEMENTOF* identifiers are portable between version, as adjustments ++ * to the default cipher setup will also be included here. ++ * ++ * COMPLEMENTOFDEFAULT does not experience the same special treatment that ++ * DEFAULT gets, as only selection is being done and no sorting as needed ++ * for DEFAULT. ++ */ ++# define SSL_TXT_CMPALL "COMPLEMENTOFALL" ++# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" ++ ++/* ++ * The following cipher list is used by default. It also is substituted when ++ * an application-defined cipher list string starts with 'DEFAULT'. ++ * This applies to ciphersuites for TLSv1.2 and below. ++ */ ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" ++/* This is the default set of TLSv1.3 ciphersuites */ ++# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ++# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ ++ "TLS_CHACHA20_POLY1305_SHA256:" \ ++ "TLS_AES_128_GCM_SHA256" ++# else ++# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ ++ "TLS_AES_128_GCM_SHA256" ++#endif ++/* ++ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always ++ * starts with a reasonable order, and all we have to do for DEFAULT is ++ * throwing out anonymous and unencrypted ciphersuites! (The latter are not ++ * actually enabled by ALL, but "ALL:RSA" would enable some of them.) ++ */ ++ ++/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ ++# define SSL_SENT_SHUTDOWN 1 ++# define SSL_RECEIVED_SHUTDOWN 2 ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ++# define SSL_FILETYPE_PEM X509_FILETYPE_PEM ++ ++/* ++ * This is needed to stop compilers complaining about the 'struct ssl_st *' ++ * function parameters used to prototype callbacks in SSL_CTX. ++ */ ++typedef struct ssl_st *ssl_crock_st; ++typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; ++typedef struct ssl_method_st SSL_METHOD; ++typedef struct ssl_cipher_st SSL_CIPHER; ++typedef struct ssl_session_st SSL_SESSION; ++typedef struct tls_sigalgs_st TLS_SIGALGS; ++typedef struct ssl_conf_ctx_st SSL_CONF_CTX; ++typedef struct ssl_comp_st SSL_COMP; ++ ++STACK_OF(SSL_CIPHER); ++STACK_OF(SSL_COMP); ++ ++/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ ++typedef struct srtp_protection_profile_st { ++ const char *name; ++ unsigned long id; ++} SRTP_PROTECTION_PROFILE; ++ ++DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) ++ ++typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, ++ int len, void *arg); ++typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, ++ STACK_OF(SSL_CIPHER) *peer_ciphers, ++ const SSL_CIPHER **cipher, void *arg); ++ ++/* Extension context codes */ ++/* This extension is only allowed in TLS */ ++#define SSL_EXT_TLS_ONLY 0x0001 ++/* This extension is only allowed in DTLS */ ++#define SSL_EXT_DTLS_ONLY 0x0002 ++/* Some extensions may be allowed in DTLS but we don't implement them for it */ ++#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 ++/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ ++#define SSL_EXT_SSL3_ALLOWED 0x0008 ++/* Extension is only defined for TLS1.2 and below */ ++#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 ++/* Extension is only defined for TLS1.3 and above */ ++#define SSL_EXT_TLS1_3_ONLY 0x0020 ++/* Ignore this extension during parsing if we are resuming */ ++#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 ++#define SSL_EXT_CLIENT_HELLO 0x0080 ++/* Really means TLS1.2 or below */ ++#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 ++#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 ++#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 ++#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 ++#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 ++#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 ++#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 ++ ++/* Typedefs for handling custom extensions */ ++ ++typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, ++ const unsigned char **out, size_t *outlen, ++ int *al, void *add_arg); ++ ++typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, ++ const unsigned char *out, void *add_arg); ++ ++typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, ++ const unsigned char *in, size_t inlen, ++ int *al, void *parse_arg); ++ ++ ++typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, ++ unsigned int context, ++ const unsigned char **out, ++ size_t *outlen, X509 *x, ++ size_t chainidx, ++ int *al, void *add_arg); ++ ++typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, ++ unsigned int context, ++ const unsigned char *out, ++ void *add_arg); ++ ++typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, ++ unsigned int context, ++ const unsigned char *in, ++ size_t inlen, X509 *x, ++ size_t chainidx, ++ int *al, void *parse_arg); ++ ++/* Typedef for verification callback */ ++typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); ++ ++/* ++ * Some values are reserved until OpenSSL 1.2.0 because they were previously ++ * included in SSL_OP_ALL in a 1.1.x release. ++ * ++ * Reserved value (until OpenSSL 1.2.0) 0x00000001U ++ * Reserved value (until OpenSSL 1.2.0) 0x00000002U ++ */ ++/* Allow initial connection to servers that don't support RI */ ++# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U ++ ++/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ ++# define SSL_OP_TLSEXT_PADDING 0x00000010U ++/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ ++# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U ++/* ++ * Reserved value (until OpenSSL 1.2.0) 0x00000080U ++ * Reserved value (until OpenSSL 1.2.0) 0x00000100U ++ * Reserved value (until OpenSSL 1.2.0) 0x00000200U ++ */ ++ ++/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ ++# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U ++ ++/* ++ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in ++ * OpenSSL 0.9.6d. Usually (depending on the application protocol) the ++ * workaround is not needed. Unfortunately some broken SSL/TLS ++ * implementations cannot handle it at all, which is why we include it in ++ * SSL_OP_ALL. Added in 0.9.6e ++ */ ++# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U ++ ++/* DTLS options */ ++# define SSL_OP_NO_QUERY_MTU 0x00001000U ++/* Turn on Cookie Exchange (on relevant for servers) */ ++# define SSL_OP_COOKIE_EXCHANGE 0x00002000U ++/* Don't use RFC4507 ticket extension */ ++# define SSL_OP_NO_TICKET 0x00004000U ++# ifndef OPENSSL_NO_DTLS1_METHOD ++/* Use Cisco's "speshul" version of DTLS_BAD_VER ++ * (only with deprecated DTLSv1_client_method()) */ ++# define SSL_OP_CISCO_ANYCONNECT 0x00008000U ++# endif ++ ++/* As server, disallow session resumption on renegotiation */ ++# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U ++/* Don't use compression even if supported */ ++# define SSL_OP_NO_COMPRESSION 0x00020000U ++/* Permit unsafe legacy renegotiation */ ++# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U ++/* Disable encrypt-then-mac */ ++# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U ++ ++/* ++ * Enable TLSv1.3 Compatibility mode. This is on by default. A future version ++ * of OpenSSL may have this disabled by default. ++ */ ++# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U ++ ++/* Prioritize Chacha20Poly1305 when client does. ++ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ ++# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U ++ ++/* ++ * Set on servers to choose the cipher according to the server's preferences ++ */ ++# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U ++/* ++ * If set, a server will allow a client to issue a SSLv3.0 version number as ++ * latest version supported in the premaster secret, even when TLSv1.0 ++ * (version 3.1) was announced in the client hello. Normally this is ++ * forbidden to prevent version rollback attacks. ++ */ ++# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U ++ ++/* ++ * Switches off automatic TLSv1.3 anti-replay protection for early data. This ++ * is a server-side option only (no effect on the client). ++ */ ++# define SSL_OP_NO_ANTI_REPLAY 0x01000000U ++ ++# define SSL_OP_NO_SSLv3 0x02000000U ++# define SSL_OP_NO_TLSv1 0x04000000U ++# define SSL_OP_NO_TLSv1_2 0x08000000U ++# define SSL_OP_NO_TLSv1_1 0x10000000U ++# define SSL_OP_NO_TLSv1_3 0x20000000U ++ ++# define SSL_OP_NO_DTLSv1 0x04000000U ++# define SSL_OP_NO_DTLSv1_2 0x08000000U ++ ++# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ ++ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) ++# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) ++ ++/* Disallow all renegotiation */ ++# define SSL_OP_NO_RENEGOTIATION 0x40000000U ++ ++/* ++ * Make server add server-hello extension from early version of cryptopro ++ * draft, when GOST ciphersuite is negotiated. Required for interoperability ++ * with CryptoPro CSP 3.x ++ */ ++# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U ++ ++/* ++ * SSL_OP_ALL: various bug workarounds that should be rather harmless. ++ * This used to be 0x000FFFFFL before 0.9.7. ++ * This used to be 0x80000BFFU before 1.1.1. ++ */ ++# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ ++ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ ++ SSL_OP_LEGACY_SERVER_CONNECT|\ ++ SSL_OP_TLSEXT_PADDING|\ ++ SSL_OP_SAFARI_ECDHE_ECDSA_BUG) ++ ++/* OBSOLETE OPTIONS: retained for compatibility */ ++ ++/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ ++/* Related to removed SSLv2. */ ++# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ ++/* Related to removed SSLv2. */ ++# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 ++/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ ++/* Dead forever, see CVE-2010-4180 */ ++# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 ++/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ ++/* Refers to ancient SSLREF and SSLv2. */ ++# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ ++# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 ++/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ ++# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ ++/* Ancient SSLeay version. */ ++# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ ++# define SSL_OP_TLS_D5_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ ++# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ ++# define SSL_OP_SINGLE_ECDH_USE 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ ++# define SSL_OP_SINGLE_DH_USE 0x0 ++/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ ++# define SSL_OP_EPHEMERAL_RSA 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ ++# define SSL_OP_NO_SSLv2 0x0 ++/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ ++# define SSL_OP_PKCS1_CHECK_1 0x0 ++/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ ++# define SSL_OP_PKCS1_CHECK_2 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ ++# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 ++/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ ++# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 ++ ++/* ++ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success ++ * when just a single record has been written): ++ */ ++# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U ++/* ++ * Make it possible to retry SSL_write() with changed buffer location (buffer ++ * contents must stay the same!); this is not the default to avoid the ++ * misconception that non-blocking SSL_write() behaves like non-blocking ++ * write(): ++ */ ++# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U ++/* ++ * Never bother the application with retries if the transport is blocking: ++ */ ++# define SSL_MODE_AUTO_RETRY 0x00000004U ++/* Don't attempt to automatically build certificate chain */ ++# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U ++/* ++ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and ++ * TLS only.) Released buffers are freed. ++ */ ++# define SSL_MODE_RELEASE_BUFFERS 0x00000010U ++/* ++ * Send the current time in the Random fields of the ClientHello and ++ * ServerHello records for compatibility with hypothetical implementations ++ * that require it. ++ */ ++# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U ++# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U ++/* ++ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications ++ * that reconnect with a downgraded protocol version; see ++ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your ++ * application attempts a normal handshake. Only use this in explicit ++ * fallback retries, following the guidance in ++ * draft-ietf-tls-downgrade-scsv-00. ++ */ ++# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U ++/* ++ * Support Asynchronous operation ++ */ ++# define SSL_MODE_ASYNC 0x00000100U ++ ++/* ++ * When using DTLS/SCTP, include the terminating zero in the label ++ * used for computing the endpoint-pair shared secret. Required for ++ * interoperability with implementations having this bug like these ++ * older version of OpenSSL: ++ * - OpenSSL 1.0.0 series ++ * - OpenSSL 1.0.1 series ++ * - OpenSSL 1.0.2 series ++ * - OpenSSL 1.1.0 series ++ * - OpenSSL 1.1.1 and 1.1.1a ++ */ ++# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U ++ ++/* Cert related flags */ ++/* ++ * Many implementations ignore some aspects of the TLS standards such as ++ * enforcing certificate chain algorithms. When this is set we enforce them. ++ */ ++# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U ++ ++/* Suite B modes, takes same values as certificate verify flags */ ++# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 ++/* Suite B 192 bit only mode */ ++# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 ++/* Suite B 128 bit mode allowing 192 bit algorithms */ ++# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 ++ ++/* Perform all sorts of protocol violations for testing purposes */ ++# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 ++ ++/* Flags for building certificate chains */ ++/* Treat any existing certificates as untrusted CAs */ ++# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 ++/* Don't include root CA in chain */ ++# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 ++/* Just check certificates already there */ ++# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 ++/* Ignore verification errors */ ++# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 ++/* Clear verification errors from queue */ ++# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 ++ ++/* Flags returned by SSL_check_chain */ ++/* Certificate can be used with this session */ ++# define CERT_PKEY_VALID 0x1 ++/* Certificate can also be used for signing */ ++# define CERT_PKEY_SIGN 0x2 ++/* EE certificate signing algorithm OK */ ++# define CERT_PKEY_EE_SIGNATURE 0x10 ++/* CA signature algorithms OK */ ++# define CERT_PKEY_CA_SIGNATURE 0x20 ++/* EE certificate parameters OK */ ++# define CERT_PKEY_EE_PARAM 0x40 ++/* CA certificate parameters OK */ ++# define CERT_PKEY_CA_PARAM 0x80 ++/* Signing explicitly allowed as opposed to SHA1 fallback */ ++# define CERT_PKEY_EXPLICIT_SIGN 0x100 ++/* Client CA issuer names match (always set for server cert) */ ++# define CERT_PKEY_ISSUER_NAME 0x200 ++/* Cert type matches client types (always set for server cert) */ ++# define CERT_PKEY_CERT_TYPE 0x400 ++/* Cert chain suitable to Suite B */ ++# define CERT_PKEY_SUITEB 0x800 ++ ++# define SSL_CONF_FLAG_CMDLINE 0x1 ++# define SSL_CONF_FLAG_FILE 0x2 ++# define SSL_CONF_FLAG_CLIENT 0x4 ++# define SSL_CONF_FLAG_SERVER 0x8 ++# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 ++# define SSL_CONF_FLAG_CERTIFICATE 0x20 ++# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 ++/* Configuration value types */ ++# define SSL_CONF_TYPE_UNKNOWN 0x0 ++# define SSL_CONF_TYPE_STRING 0x1 ++# define SSL_CONF_TYPE_FILE 0x2 ++# define SSL_CONF_TYPE_DIR 0x3 ++# define SSL_CONF_TYPE_NONE 0x4 ++ ++/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ ++# define SSL_COOKIE_LENGTH 4096 ++ ++/* ++ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they ++ * cannot be used to clear bits. ++ */ ++ ++unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); ++unsigned long SSL_get_options(const SSL *s); ++unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); ++unsigned long SSL_clear_options(SSL *s, unsigned long op); ++unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++unsigned long SSL_set_options(SSL *s, unsigned long op); ++ ++# define SSL_CTX_set_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) ++# define SSL_CTX_clear_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) ++# define SSL_CTX_get_mode(ctx) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) ++# define SSL_clear_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) ++# define SSL_set_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) ++# define SSL_get_mode(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) ++# define SSL_set_mtu(ssl, mtu) \ ++ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) ++# define DTLS_set_link_mtu(ssl, mtu) \ ++ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) ++# define DTLS_get_link_min_mtu(ssl) \ ++ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) ++ ++# define SSL_get_secure_renegotiation_support(ssl) \ ++ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) ++ ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_heartbeat(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) ++# endif ++ ++# define SSL_CTX_set_cert_flags(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) ++# define SSL_set_cert_flags(s,op) \ ++ SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) ++# define SSL_CTX_clear_cert_flags(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) ++# define SSL_clear_cert_flags(s,op) \ ++ SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) ++ ++void SSL_CTX_set_msg_callback(SSL_CTX *ctx, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)); ++void SSL_set_msg_callback(SSL *ssl, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)); ++# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) ++# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) ++ ++# define SSL_get_extms_support(s) \ ++ SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) ++ ++# ifndef OPENSSL_NO_SRP ++ ++/* see tls_srp.c */ ++__owur int SSL_SRP_CTX_init(SSL *s); ++__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); ++int SSL_SRP_CTX_free(SSL *ctx); ++int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); ++__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); ++__owur int SRP_Calc_A_param(SSL *s); ++ ++# endif ++ ++/* 100k max cert list */ ++# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 ++ ++# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) ++ ++/* ++ * This callback type is used inside SSL_CTX, SSL, and in the functions that ++ * set them. It is used to override the generation of SSL/TLS session IDs in ++ * a server. Return value should be zero on an error, non-zero to proceed. ++ * Also, callbacks should themselves check if the id they generate is unique ++ * otherwise the SSL handshake will fail with an error - callbacks can do ++ * this using the 'ssl' value they're passed by; ++ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in ++ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 ++ * bytes. The callback can alter this length to be less if desired. It is ++ * also an error for the callback to set the size to zero. ++ */ ++typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, ++ unsigned int *id_len); ++ ++# define SSL_SESS_CACHE_OFF 0x0000 ++# define SSL_SESS_CACHE_CLIENT 0x0001 ++# define SSL_SESS_CACHE_SERVER 0x0002 ++# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) ++# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 ++/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ ++# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 ++# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 ++# define SSL_SESS_CACHE_NO_INTERNAL \ ++ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) ++ ++LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); ++# define SSL_CTX_sess_number(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) ++# define SSL_CTX_sess_connect(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) ++# define SSL_CTX_sess_connect_good(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) ++# define SSL_CTX_sess_connect_renegotiate(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) ++# define SSL_CTX_sess_accept(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) ++# define SSL_CTX_sess_accept_renegotiate(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) ++# define SSL_CTX_sess_accept_good(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) ++# define SSL_CTX_sess_hits(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) ++# define SSL_CTX_sess_cb_hits(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) ++# define SSL_CTX_sess_misses(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) ++# define SSL_CTX_sess_timeouts(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) ++# define SSL_CTX_sess_cache_full(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) ++ ++void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, ++ int (*new_session_cb) (struct ssl_st *ssl, ++ SSL_SESSION *sess)); ++int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, ++ SSL_SESSION *sess); ++void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, ++ void (*remove_session_cb) (struct ssl_ctx_st ++ *ctx, ++ SSL_SESSION *sess)); ++void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, ++ SSL_SESSION *sess); ++void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, ++ SSL_SESSION *(*get_session_cb) (struct ssl_st ++ *ssl, ++ const unsigned char ++ *data, int len, ++ int *copy)); ++SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, ++ const unsigned char *data, ++ int len, int *copy); ++void SSL_CTX_set_info_callback(SSL_CTX *ctx, ++ void (*cb) (const SSL *ssl, int type, int val)); ++void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, ++ int val); ++void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, ++ int (*client_cert_cb) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey)); ++int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey); ++# ifndef OPENSSL_NO_ENGINE ++__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); ++# endif ++void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, ++ int (*app_gen_cookie_cb) (SSL *ssl, ++ unsigned char ++ *cookie, ++ unsigned int ++ *cookie_len)); ++void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, ++ int (*app_verify_cookie_cb) (SSL *ssl, ++ const unsigned ++ char *cookie, ++ unsigned int ++ cookie_len)); ++ ++void SSL_CTX_set_stateless_cookie_generate_cb( ++ SSL_CTX *ctx, ++ int (*gen_stateless_cookie_cb) (SSL *ssl, ++ unsigned char *cookie, ++ size_t *cookie_len)); ++void SSL_CTX_set_stateless_cookie_verify_cb( ++ SSL_CTX *ctx, ++ int (*verify_stateless_cookie_cb) (SSL *ssl, ++ const unsigned char *cookie, ++ size_t cookie_len)); ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ ++typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, ++ const unsigned char **out, ++ unsigned int *outlen, ++ void *arg); ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, ++ SSL_CTX_npn_advertised_cb_func cb, ++ void *arg); ++# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb ++ ++typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, ++ unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, ++ SSL_CTX_npn_select_cb_func cb, ++ void *arg); ++# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb ++ ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, ++ unsigned *len); ++# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated ++# endif ++ ++__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, ++ const unsigned char *client, ++ unsigned int client_len); ++ ++# define OPENSSL_NPN_UNSUPPORTED 0 ++# define OPENSSL_NPN_NEGOTIATED 1 ++# define OPENSSL_NPN_NO_OVERLAP 2 ++ ++__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, ++ unsigned int protos_len); ++__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, ++ unsigned int protos_len); ++typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, ++ const unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg); ++void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, ++ SSL_CTX_alpn_select_cb_func cb, ++ void *arg); ++void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, ++ unsigned int *len); ++ ++# ifndef OPENSSL_NO_PSK ++/* ++ * the maximum length of the buffer given to callbacks containing the ++ * resulting identity/psk ++ */ ++# define PSK_MAX_IDENTITY_LEN 128 ++# define PSK_MAX_PSK_LEN 256 ++typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, ++ const char *hint, ++ char *identity, ++ unsigned int max_identity_len, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); ++void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); ++ ++typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, ++ const char *identity, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); ++void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); ++ ++__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); ++__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); ++const char *SSL_get_psk_identity_hint(const SSL *s); ++const char *SSL_get_psk_identity(const SSL *s); ++# endif ++ ++typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, ++ const unsigned char *identity, ++ size_t identity_len, ++ SSL_SESSION **sess); ++typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, ++ const unsigned char **id, ++ size_t *idlen, ++ SSL_SESSION **sess); ++ ++void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); ++void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, ++ SSL_psk_find_session_cb_func cb); ++void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); ++void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, ++ SSL_psk_use_session_cb_func cb); ++ ++/* Register callbacks to handle custom TLS Extensions for client or server. */ ++ ++__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, ++ unsigned int ext_type); ++ ++__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, ++ unsigned int ext_type, ++ custom_ext_add_cb add_cb, ++ custom_ext_free_cb free_cb, ++ void *add_arg, ++ custom_ext_parse_cb parse_cb, ++ void *parse_arg); ++ ++__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, ++ unsigned int ext_type, ++ custom_ext_add_cb add_cb, ++ custom_ext_free_cb free_cb, ++ void *add_arg, ++ custom_ext_parse_cb parse_cb, ++ void *parse_arg); ++ ++__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, ++ unsigned int context, ++ SSL_custom_ext_add_cb_ex add_cb, ++ SSL_custom_ext_free_cb_ex free_cb, ++ void *add_arg, ++ SSL_custom_ext_parse_cb_ex parse_cb, ++ void *parse_arg); ++ ++__owur int SSL_extension_supported(unsigned int ext_type); ++ ++# define SSL_NOTHING 1 ++# define SSL_WRITING 2 ++# define SSL_READING 3 ++# define SSL_X509_LOOKUP 4 ++# define SSL_ASYNC_PAUSED 5 ++# define SSL_ASYNC_NO_JOBS 6 ++# define SSL_CLIENT_HELLO_CB 7 ++ ++/* These will only be used when doing non-blocking IO */ ++# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) ++# define SSL_want_read(s) (SSL_want(s) == SSL_READING) ++# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) ++# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) ++# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) ++# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) ++# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) ++ ++# define SSL_MAC_FLAG_READ_MAC_STREAM 1 ++# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 ++ ++/* ++ * A callback for logging out TLS key material. This callback should log out ++ * |line| followed by a newline. ++ */ ++typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); ++ ++/* ++ * SSL_CTX_set_keylog_callback configures a callback to log key material. This ++ * is intended for debugging use with tools like Wireshark. The cb function ++ * should log line followed by a newline. ++ */ ++void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); ++ ++/* ++ * SSL_CTX_get_keylog_callback returns the callback configured by ++ * SSL_CTX_set_keylog_callback. ++ */ ++SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); ++ ++int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); ++uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); ++int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); ++uint32_t SSL_get_max_early_data(const SSL *s); ++int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); ++uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); ++int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); ++uint32_t SSL_get_recv_max_early_data(const SSL *s); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++# include ++# include ++# include /* This is mostly sslv3 with a few tweaks */ ++# include /* Datagram TLS */ ++# include /* Support for the use_srtp extension */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * These need to be after the above set of includes due to a compiler bug ++ * in VisualStudio 2015 ++ */ ++DEFINE_STACK_OF_CONST(SSL_CIPHER) ++DEFINE_STACK_OF(SSL_COMP) ++ ++/* compatibility */ ++# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) ++# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) ++# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ ++ (char *)(a))) ++# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) ++# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) ++# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ ++ (char *)(arg))) ++DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) ++ ++/* TLSv1.3 KeyUpdate message types */ ++/* -1 used so that this is an invalid value for the on-the-wire protocol */ ++#define SSL_KEY_UPDATE_NONE -1 ++/* Values as defined for the on-the-wire protocol */ ++#define SSL_KEY_UPDATE_NOT_REQUESTED 0 ++#define SSL_KEY_UPDATE_REQUESTED 1 ++ ++/* ++ * The valid handshake states (one for each type message sent and one for each ++ * type of message received). There are also two "special" states: ++ * TLS = TLS or DTLS state ++ * DTLS = DTLS specific state ++ * CR/SR = Client Read/Server Read ++ * CW/SW = Client Write/Server Write ++ * ++ * The "special" states are: ++ * TLS_ST_BEFORE = No handshake has been initiated yet ++ * TLS_ST_OK = A handshake has been successfully completed ++ */ ++typedef enum { ++ TLS_ST_BEFORE, ++ TLS_ST_OK, ++ DTLS_ST_CR_HELLO_VERIFY_REQUEST, ++ TLS_ST_CR_SRVR_HELLO, ++ TLS_ST_CR_CERT, ++ TLS_ST_CR_CERT_STATUS, ++ TLS_ST_CR_KEY_EXCH, ++ TLS_ST_CR_CERT_REQ, ++ TLS_ST_CR_SRVR_DONE, ++ TLS_ST_CR_SESSION_TICKET, ++ TLS_ST_CR_CHANGE, ++ TLS_ST_CR_FINISHED, ++ TLS_ST_CW_CLNT_HELLO, ++ TLS_ST_CW_CERT, ++ TLS_ST_CW_KEY_EXCH, ++ TLS_ST_CW_CERT_VRFY, ++ TLS_ST_CW_CHANGE, ++ TLS_ST_CW_NEXT_PROTO, ++ TLS_ST_CW_FINISHED, ++ TLS_ST_SW_HELLO_REQ, ++ TLS_ST_SR_CLNT_HELLO, ++ DTLS_ST_SW_HELLO_VERIFY_REQUEST, ++ TLS_ST_SW_SRVR_HELLO, ++ TLS_ST_SW_CERT, ++ TLS_ST_SW_KEY_EXCH, ++ TLS_ST_SW_CERT_REQ, ++ TLS_ST_SW_SRVR_DONE, ++ TLS_ST_SR_CERT, ++ TLS_ST_SR_KEY_EXCH, ++ TLS_ST_SR_CERT_VRFY, ++ TLS_ST_SR_NEXT_PROTO, ++ TLS_ST_SR_CHANGE, ++ TLS_ST_SR_FINISHED, ++ TLS_ST_SW_SESSION_TICKET, ++ TLS_ST_SW_CERT_STATUS, ++ TLS_ST_SW_CHANGE, ++ TLS_ST_SW_FINISHED, ++ TLS_ST_SW_ENCRYPTED_EXTENSIONS, ++ TLS_ST_CR_ENCRYPTED_EXTENSIONS, ++ TLS_ST_CR_CERT_VRFY, ++ TLS_ST_SW_CERT_VRFY, ++ TLS_ST_CR_HELLO_REQ, ++ TLS_ST_SW_KEY_UPDATE, ++ TLS_ST_CW_KEY_UPDATE, ++ TLS_ST_SR_KEY_UPDATE, ++ TLS_ST_CR_KEY_UPDATE, ++ TLS_ST_EARLY_DATA, ++ TLS_ST_PENDING_EARLY_DATA_END, ++ TLS_ST_CW_END_OF_EARLY_DATA, ++ TLS_ST_SR_END_OF_EARLY_DATA ++} OSSL_HANDSHAKE_STATE; ++ ++/* ++ * Most of the following state values are no longer used and are defined to be ++ * the closest equivalent value in the current state machine code. Not all ++ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT ++ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, ++ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. ++ */ ++ ++# define SSL_ST_CONNECT 0x1000 ++# define SSL_ST_ACCEPT 0x2000 ++ ++# define SSL_ST_MASK 0x0FFF ++ ++# define SSL_CB_LOOP 0x01 ++# define SSL_CB_EXIT 0x02 ++# define SSL_CB_READ 0x04 ++# define SSL_CB_WRITE 0x08 ++# define SSL_CB_ALERT 0x4000/* used in callback */ ++# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) ++# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) ++# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) ++# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) ++# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) ++# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) ++# define SSL_CB_HANDSHAKE_START 0x10 ++# define SSL_CB_HANDSHAKE_DONE 0x20 ++ ++/* Is the SSL_connection established? */ ++# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) ++# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) ++int SSL_in_init(const SSL *s); ++int SSL_in_before(const SSL *s); ++int SSL_is_init_finished(const SSL *s); ++ ++/* ++ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you ++ * should not need these ++ */ ++# define SSL_ST_READ_HEADER 0xF0 ++# define SSL_ST_READ_BODY 0xF1 ++# define SSL_ST_READ_DONE 0xF2 ++ ++/*- ++ * Obtain latest Finished message ++ * -- that we sent (SSL_get_finished) ++ * -- that we expected from peer (SSL_get_peer_finished). ++ * Returns length (0 == no Finished so far), copies up to 'count' bytes. ++ */ ++size_t SSL_get_finished(const SSL *s, void *buf, size_t count); ++size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); ++ ++/* ++ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are ++ * 'ored' with SSL_VERIFY_PEER if they are desired ++ */ ++# define SSL_VERIFY_NONE 0x00 ++# define SSL_VERIFY_PEER 0x01 ++# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 ++# define SSL_VERIFY_CLIENT_ONCE 0x04 ++# define SSL_VERIFY_POST_HANDSHAKE 0x08 ++ ++# if OPENSSL_API_COMPAT < 0x10100000L ++# define OpenSSL_add_ssl_algorithms() SSL_library_init() ++# define SSLeay_add_ssl_algorithms() SSL_library_init() ++# endif ++ ++/* More backward compatibility */ ++# define SSL_get_cipher(s) \ ++ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) ++# define SSL_get_cipher_bits(s,np) \ ++ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) ++# define SSL_get_cipher_version(s) \ ++ SSL_CIPHER_get_version(SSL_get_current_cipher(s)) ++# define SSL_get_cipher_name(s) \ ++ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) ++# define SSL_get_time(a) SSL_SESSION_get_time(a) ++# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) ++# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) ++# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) ++ ++# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) ++# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) ++ ++DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) ++# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value ++ * from SSL_AD_... */ ++/* These alert types are for SSLv3 and TLSv1 */ ++# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY ++/* fatal */ ++# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE ++/* fatal */ ++# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC ++# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED ++# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW ++/* fatal */ ++# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE ++/* fatal */ ++# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE ++/* Not for TLS */ ++# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE ++# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE ++# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE ++# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED ++# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED ++# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN ++/* fatal */ ++# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER ++/* fatal */ ++# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA ++/* fatal */ ++# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED ++/* fatal */ ++# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR ++# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR ++/* fatal */ ++# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION ++/* fatal */ ++# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION ++/* fatal */ ++# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY ++/* fatal */ ++# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR ++# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED ++# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION ++# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION ++# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED ++# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION ++# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE ++# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME ++# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE ++# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE ++/* fatal */ ++# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY ++/* fatal */ ++# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK ++# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL ++# define SSL_ERROR_NONE 0 ++# define SSL_ERROR_SSL 1 ++# define SSL_ERROR_WANT_READ 2 ++# define SSL_ERROR_WANT_WRITE 3 ++# define SSL_ERROR_WANT_X509_LOOKUP 4 ++# define SSL_ERROR_SYSCALL 5/* look at error stack/return ++ * value/errno */ ++# define SSL_ERROR_ZERO_RETURN 6 ++# define SSL_ERROR_WANT_CONNECT 7 ++# define SSL_ERROR_WANT_ACCEPT 8 ++# define SSL_ERROR_WANT_ASYNC 9 ++# define SSL_ERROR_WANT_ASYNC_JOB 10 ++# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 ++# define SSL_CTRL_SET_TMP_DH 3 ++# define SSL_CTRL_SET_TMP_ECDH 4 ++# define SSL_CTRL_SET_TMP_DH_CB 6 ++# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 ++# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 ++# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 ++# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 ++# define SSL_CTRL_GET_FLAGS 13 ++# define SSL_CTRL_EXTRA_CHAIN_CERT 14 ++# define SSL_CTRL_SET_MSG_CALLBACK 15 ++# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 ++/* only applies to datagram connections */ ++# define SSL_CTRL_SET_MTU 17 ++/* Stats */ ++# define SSL_CTRL_SESS_NUMBER 20 ++# define SSL_CTRL_SESS_CONNECT 21 ++# define SSL_CTRL_SESS_CONNECT_GOOD 22 ++# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 ++# define SSL_CTRL_SESS_ACCEPT 24 ++# define SSL_CTRL_SESS_ACCEPT_GOOD 25 ++# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 ++# define SSL_CTRL_SESS_HIT 27 ++# define SSL_CTRL_SESS_CB_HIT 28 ++# define SSL_CTRL_SESS_MISSES 29 ++# define SSL_CTRL_SESS_TIMEOUTS 30 ++# define SSL_CTRL_SESS_CACHE_FULL 31 ++# define SSL_CTRL_MODE 33 ++# define SSL_CTRL_GET_READ_AHEAD 40 ++# define SSL_CTRL_SET_READ_AHEAD 41 ++# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 ++# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 ++# define SSL_CTRL_SET_SESS_CACHE_MODE 44 ++# define SSL_CTRL_GET_SESS_CACHE_MODE 45 ++# define SSL_CTRL_GET_MAX_CERT_LIST 50 ++# define SSL_CTRL_SET_MAX_CERT_LIST 51 ++# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 ++/* see tls1.h for macros based on these */ ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 ++# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 ++# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 ++/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ ++/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ ++/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 ++# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 ++# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 ++# define SSL_CTRL_SET_SRP_ARG 78 ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 ++# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 ++# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 ++# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 ++# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 ++# endif ++# define DTLS_CTRL_GET_TIMEOUT 73 ++# define DTLS_CTRL_HANDLE_TIMEOUT 74 ++# define SSL_CTRL_GET_RI_SUPPORT 76 ++# define SSL_CTRL_CLEAR_MODE 78 ++# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 ++# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 ++# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 ++# define SSL_CTRL_CHAIN 88 ++# define SSL_CTRL_CHAIN_CERT 89 ++# define SSL_CTRL_GET_GROUPS 90 ++# define SSL_CTRL_SET_GROUPS 91 ++# define SSL_CTRL_SET_GROUPS_LIST 92 ++# define SSL_CTRL_GET_SHARED_GROUP 93 ++# define SSL_CTRL_SET_SIGALGS 97 ++# define SSL_CTRL_SET_SIGALGS_LIST 98 ++# define SSL_CTRL_CERT_FLAGS 99 ++# define SSL_CTRL_CLEAR_CERT_FLAGS 100 ++# define SSL_CTRL_SET_CLIENT_SIGALGS 101 ++# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 ++# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 ++# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 ++# define SSL_CTRL_BUILD_CERT_CHAIN 105 ++# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 ++# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 ++# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 ++# define SSL_CTRL_GET_PEER_TMP_KEY 109 ++# define SSL_CTRL_GET_RAW_CIPHERLIST 110 ++# define SSL_CTRL_GET_EC_POINT_FORMATS 111 ++# define SSL_CTRL_GET_CHAIN_CERTS 115 ++# define SSL_CTRL_SELECT_CURRENT_CERT 116 ++# define SSL_CTRL_SET_CURRENT_CERT 117 ++# define SSL_CTRL_SET_DH_AUTO 118 ++# define DTLS_CTRL_SET_LINK_MTU 120 ++# define DTLS_CTRL_GET_LINK_MIN_MTU 121 ++# define SSL_CTRL_GET_EXTMS_SUPPORT 122 ++# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 ++# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 ++# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 ++# define SSL_CTRL_SET_MAX_PIPELINES 126 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 ++# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 ++# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 ++# define SSL_CTRL_GET_SIGNATURE_NID 132 ++# define SSL_CTRL_GET_TMP_KEY 133 ++# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 ++# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 ++# define SSL_CERT_SET_FIRST 1 ++# define SSL_CERT_SET_NEXT 2 ++# define SSL_CERT_SET_SERVER 3 ++# define DTLSv1_get_timeout(ssl, arg) \ ++ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) ++# define DTLSv1_handle_timeout(ssl) \ ++ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) ++# define SSL_num_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) ++# define SSL_clear_num_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) ++# define SSL_total_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) ++# define SSL_CTX_set_tmp_dh(ctx,dh) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) ++# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) ++# define SSL_CTX_set_dh_auto(ctx, onoff) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) ++# define SSL_set_dh_auto(s, onoff) \ ++ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) ++# define SSL_set_tmp_dh(ssl,dh) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) ++# define SSL_set_tmp_ecdh(ssl,ecdh) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) ++# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) ++# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) ++# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) ++# define SSL_CTX_clear_extra_chain_certs(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) ++# define SSL_CTX_set0_chain(ctx,sk) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) ++# define SSL_CTX_set1_chain(ctx,sk) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) ++# define SSL_CTX_add0_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) ++# define SSL_CTX_add1_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) ++# define SSL_CTX_get0_chain_certs(ctx,px509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) ++# define SSL_CTX_clear_chain_certs(ctx) \ ++ SSL_CTX_set0_chain(ctx,NULL) ++# define SSL_CTX_build_cert_chain(ctx, flags) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) ++# define SSL_CTX_select_current_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) ++# define SSL_CTX_set_current_cert(ctx, op) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) ++# define SSL_CTX_set0_verify_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) ++# define SSL_CTX_set1_verify_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) ++# define SSL_CTX_get0_verify_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) ++# define SSL_CTX_set0_chain_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) ++# define SSL_CTX_set1_chain_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) ++# define SSL_CTX_get0_chain_cert_store(ctx,st) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) ++# define SSL_set0_chain(s,sk) \ ++ SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) ++# define SSL_set1_chain(s,sk) \ ++ SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) ++# define SSL_add0_chain_cert(s,x509) \ ++ SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) ++# define SSL_add1_chain_cert(s,x509) \ ++ SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) ++# define SSL_get0_chain_certs(s,px509) \ ++ SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) ++# define SSL_clear_chain_certs(s) \ ++ SSL_set0_chain(s,NULL) ++# define SSL_build_cert_chain(s, flags) \ ++ SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) ++# define SSL_select_current_cert(s,x509) \ ++ SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) ++# define SSL_set_current_cert(s,op) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) ++# define SSL_set0_verify_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) ++# define SSL_set1_verify_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) ++#define SSL_get0_verify_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) ++# define SSL_set0_chain_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) ++# define SSL_set1_chain_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) ++#define SSL_get0_chain_cert_store(s,st) \ ++ SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) ++# define SSL_get1_groups(s, glist) \ ++ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) ++# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) ++# define SSL_CTX_set1_groups_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) ++# define SSL_set1_groups(s, glist, glistlen) \ ++ SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) ++# define SSL_set1_groups_list(s, str) \ ++ SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) ++# define SSL_get_shared_group(s, n) \ ++ SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) ++# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) ++# define SSL_CTX_set1_sigalgs_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) ++# define SSL_set1_sigalgs(s, slist, slistlen) \ ++ SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) ++# define SSL_set1_sigalgs_list(s, str) \ ++ SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) ++# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) ++# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) ++# define SSL_set1_client_sigalgs(s, slist, slistlen) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) ++# define SSL_set1_client_sigalgs_list(s, str) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) ++# define SSL_get0_certificate_types(s, clist) \ ++ SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) ++# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ ++ (char *)(clist)) ++# define SSL_set1_client_certificate_types(s, clist, clistlen) \ ++ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) ++# define SSL_get_signature_nid(s, pn) \ ++ SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) ++# define SSL_get_peer_signature_nid(s, pn) \ ++ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) ++# define SSL_get_peer_tmp_key(s, pk) \ ++ SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) ++# define SSL_get_tmp_key(s, pk) \ ++ SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) ++# define SSL_get0_raw_cipherlist(s, plst) \ ++ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) ++# define SSL_get0_ec_point_formats(s, plst) \ ++ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) ++# define SSL_CTX_set_min_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) ++# define SSL_CTX_set_max_proto_version(ctx, version) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) ++# define SSL_CTX_get_min_proto_version(ctx) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) ++# define SSL_CTX_get_max_proto_version(ctx) \ ++ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) ++# define SSL_set_min_proto_version(s, version) \ ++ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) ++# define SSL_set_max_proto_version(s, version) \ ++ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) ++# define SSL_get_min_proto_version(s) \ ++ SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) ++# define SSL_get_max_proto_version(s) \ ++ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) ++ ++/* Backwards compatibility, original 1.1.0 names */ ++# define SSL_CTRL_GET_SERVER_TMP_KEY \ ++ SSL_CTRL_GET_PEER_TMP_KEY ++# define SSL_get_server_tmp_key(s, pk) \ ++ SSL_get_peer_tmp_key(s, pk) ++ ++/* ++ * The following symbol names are old and obsolete. They are kept ++ * for compatibility reasons only and should not be used anymore. ++ */ ++# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS ++# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS ++# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST ++# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP ++ ++# define SSL_get1_curves SSL_get1_groups ++# define SSL_CTX_set1_curves SSL_CTX_set1_groups ++# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list ++# define SSL_set1_curves SSL_set1_groups ++# define SSL_set1_curves_list SSL_set1_groups_list ++# define SSL_get_shared_curve SSL_get_shared_group ++ ++ ++# if OPENSSL_API_COMPAT < 0x10100000L ++/* Provide some compatibility macros for removed functionality. */ ++# define SSL_CTX_need_tmp_RSA(ctx) 0 ++# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 ++# define SSL_need_tmp_RSA(ssl) 0 ++# define SSL_set_tmp_rsa(ssl,rsa) 1 ++# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) ++# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) ++/* ++ * We "pretend" to call the callback to avoid warnings about unused static ++ * functions. ++ */ ++# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) ++# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) ++# endif ++__owur const BIO_METHOD *BIO_f_ssl(void); ++__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); ++__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); ++__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); ++__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); ++void BIO_ssl_shutdown(BIO *ssl_bio); ++ ++__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); ++__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); ++int SSL_CTX_up_ref(SSL_CTX *ctx); ++void SSL_CTX_free(SSL_CTX *); ++__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); ++__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); ++__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); ++void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); ++void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); ++__owur int SSL_want(const SSL *s); ++__owur int SSL_clear(SSL *s); ++ ++void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); ++ ++__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); ++__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); ++__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); ++__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); ++__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ++__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); ++__owur const char *OPENSSL_cipher_name(const char *rfc_name); ++__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); ++__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); ++__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); ++__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); ++__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); ++__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); ++ ++__owur int SSL_get_fd(const SSL *s); ++__owur int SSL_get_rfd(const SSL *s); ++__owur int SSL_get_wfd(const SSL *s); ++__owur const char *SSL_get_cipher_list(const SSL *s, int n); ++__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); ++__owur int SSL_get_read_ahead(const SSL *s); ++__owur int SSL_pending(const SSL *s); ++__owur int SSL_has_pending(const SSL *s); ++# ifndef OPENSSL_NO_SOCK ++__owur int SSL_set_fd(SSL *s, int fd); ++__owur int SSL_set_rfd(SSL *s, int fd); ++__owur int SSL_set_wfd(SSL *s, int fd); ++# endif ++void SSL_set0_rbio(SSL *s, BIO *rbio); ++void SSL_set0_wbio(SSL *s, BIO *wbio); ++void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); ++__owur BIO *SSL_get_rbio(const SSL *s); ++__owur BIO *SSL_get_wbio(const SSL *s); ++__owur int SSL_set_cipher_list(SSL *s, const char *str); ++__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); ++__owur int SSL_set_ciphersuites(SSL *s, const char *str); ++void SSL_set_read_ahead(SSL *s, int yes); ++__owur int SSL_get_verify_mode(const SSL *s); ++__owur int SSL_get_verify_depth(const SSL *s); ++__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); ++void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); ++void SSL_set_verify_depth(SSL *s, int depth); ++void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); ++# ifndef OPENSSL_NO_RSA ++__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); ++__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, ++ long len); ++# endif ++__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); ++__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, ++ long len); ++__owur int SSL_use_certificate(SSL *ssl, X509 *x); ++__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); ++__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, ++ STACK_OF(X509) *chain, int override); ++ ++ ++/* serverinfo file format versions */ ++# define SSL_SERVERINFOV1 1 ++# define SSL_SERVERINFOV2 2 ++ ++/* Set serverinfo data for the current active cert. */ ++__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, ++ size_t serverinfo_length); ++__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, ++ const unsigned char *serverinfo, ++ size_t serverinfo_length); ++__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); ++ ++#ifndef OPENSSL_NO_RSA ++__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); ++#endif ++ ++__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); ++__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); ++ ++#ifndef OPENSSL_NO_RSA ++__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, ++ int type); ++#endif ++__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, ++ int type); ++__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, ++ int type); ++/* PEM type */ ++__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); ++__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); ++__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); ++__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, ++ const char *file); ++int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, ++ const char *dir); ++ ++# if OPENSSL_API_COMPAT < 0x10100000L ++# define SSL_load_error_strings() \ ++ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) ++# endif ++ ++__owur const char *SSL_state_string(const SSL *s); ++__owur const char *SSL_rstate_string(const SSL *s); ++__owur const char *SSL_state_string_long(const SSL *s); ++__owur const char *SSL_rstate_string_long(const SSL *s); ++__owur long SSL_SESSION_get_time(const SSL_SESSION *s); ++__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); ++__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); ++__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); ++__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); ++__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); ++ ++__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); ++__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); ++void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, ++ const unsigned char **alpn, ++ size_t *len); ++__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, ++ const unsigned char *alpn, ++ size_t len); ++__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); ++__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); ++__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); ++__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); ++void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, ++ size_t *len); ++__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); ++__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, ++ uint32_t max_early_data); ++__owur int SSL_copy_session_id(SSL *to, const SSL *from); ++__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); ++__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, ++ const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); ++__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, ++ unsigned int sid_len); ++__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); ++ ++__owur SSL_SESSION *SSL_SESSION_new(void); ++__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); ++const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, ++ unsigned int *len); ++const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, ++ unsigned int *len); ++__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); ++# ifndef OPENSSL_NO_STDIO ++int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); ++# endif ++int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); ++int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); ++int SSL_SESSION_up_ref(SSL_SESSION *ses); ++void SSL_SESSION_free(SSL_SESSION *ses); ++__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); ++__owur int SSL_set_session(SSL *to, SSL_SESSION *session); ++int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); ++int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); ++__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); ++__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); ++__owur int SSL_has_matching_session_id(const SSL *s, ++ const unsigned char *id, ++ unsigned int id_len); ++SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ++ long length); ++ ++# ifdef HEADER_X509_H ++__owur X509 *SSL_get_peer_certificate(const SSL *s); ++# endif ++ ++__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); ++ ++__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); ++__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); ++__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); ++void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); ++void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); ++void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, ++ int (*cb) (X509_STORE_CTX *, void *), ++ void *arg); ++void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), ++ void *arg); ++# ifndef OPENSSL_NO_RSA ++__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); ++__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, ++ long len); ++# endif ++__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); ++__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, ++ const unsigned char *d, long len); ++__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); ++__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, ++ const unsigned char *d); ++__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, ++ STACK_OF(X509) *chain, int override); ++ ++void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); ++void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); ++pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); ++void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); ++void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); ++void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); ++pem_password_cb *SSL_get_default_passwd_cb(SSL *s); ++void *SSL_get_default_passwd_cb_userdata(SSL *s); ++ ++__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); ++__owur int SSL_check_private_key(const SSL *ctx); ++ ++__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, ++ const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); ++ ++SSL *SSL_new(SSL_CTX *ctx); ++int SSL_up_ref(SSL *s); ++int SSL_is_dtls(const SSL *s); ++__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); ++ ++__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); ++__owur int SSL_set_purpose(SSL *ssl, int purpose); ++__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); ++__owur int SSL_set_trust(SSL *ssl, int trust); ++ ++__owur int SSL_set1_host(SSL *s, const char *hostname); ++__owur int SSL_add1_host(SSL *s, const char *hostname); ++__owur const char *SSL_get0_peername(SSL *s); ++void SSL_set_hostflags(SSL *s, unsigned int flags); ++ ++__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); ++__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, ++ uint8_t mtype, uint8_t ord); ++__owur int SSL_dane_enable(SSL *s, const char *basedomain); ++__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, ++ uint8_t mtype, unsigned const char *data, size_t dlen); ++__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); ++__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, ++ uint8_t *mtype, unsigned const char **data, ++ size_t *dlen); ++/* ++ * Bridge opacity barrier between libcrypt and libssl, also needed to support ++ * offline testing in test/danetest.c ++ */ ++SSL_DANE *SSL_get0_dane(SSL *ssl); ++/* ++ * DANE flags ++ */ ++unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); ++unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); ++unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); ++unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); ++ ++__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); ++__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); ++ ++__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); ++__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); ++ ++# ifndef OPENSSL_NO_SRP ++int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); ++int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); ++int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); ++int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, ++ char *(*cb) (SSL *, void *)); ++int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *, void *)); ++int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *, int *, void *)); ++int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); ++ ++int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, ++ BIGNUM *sa, BIGNUM *v, char *info); ++int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, ++ const char *grp); ++ ++__owur BIGNUM *SSL_get_srp_g(SSL *s); ++__owur BIGNUM *SSL_get_srp_N(SSL *s); ++ ++__owur char *SSL_get_srp_username(SSL *s); ++__owur char *SSL_get_srp_userinfo(SSL *s); ++# endif ++ ++/* ++ * ClientHello callback and helpers. ++ */ ++ ++# define SSL_CLIENT_HELLO_SUCCESS 1 ++# define SSL_CLIENT_HELLO_ERROR 0 ++# define SSL_CLIENT_HELLO_RETRY (-1) ++ ++typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); ++void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, ++ void *arg); ++int SSL_client_hello_isv2(SSL *s); ++unsigned int SSL_client_hello_get0_legacy_version(SSL *s); ++size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); ++size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); ++size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); ++size_t SSL_client_hello_get0_compression_methods(SSL *s, ++ const unsigned char **out); ++int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); ++int SSL_client_hello_get0_ext(SSL *s, unsigned int type, ++ const unsigned char **out, size_t *outlen); ++ ++void SSL_certs_clear(SSL *s); ++void SSL_free(SSL *ssl); ++# ifdef OSSL_ASYNC_FD ++/* ++ * Windows application developer has to include windows.h to use these. ++ */ ++__owur int SSL_waiting_for_async(SSL *s); ++__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); ++__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, ++ size_t *numaddfds, OSSL_ASYNC_FD *delfd, ++ size_t *numdelfds); ++# endif ++__owur int SSL_accept(SSL *ssl); ++__owur int SSL_stateless(SSL *s); ++__owur int SSL_connect(SSL *ssl); ++__owur int SSL_read(SSL *ssl, void *buf, int num); ++__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); ++ ++# define SSL_READ_EARLY_DATA_ERROR 0 ++# define SSL_READ_EARLY_DATA_SUCCESS 1 ++# define SSL_READ_EARLY_DATA_FINISH 2 ++ ++__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, ++ size_t *readbytes); ++__owur int SSL_peek(SSL *ssl, void *buf, int num); ++__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); ++__owur int SSL_write(SSL *ssl, const void *buf, int num); ++__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); ++__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, ++ size_t *written); ++long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); ++long SSL_callback_ctrl(SSL *, int, void (*)(void)); ++long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); ++long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); ++ ++# define SSL_EARLY_DATA_NOT_SENT 0 ++# define SSL_EARLY_DATA_REJECTED 1 ++# define SSL_EARLY_DATA_ACCEPTED 2 ++ ++__owur int SSL_get_early_data_status(const SSL *s); ++ ++__owur int SSL_get_error(const SSL *s, int ret_code); ++__owur const char *SSL_get_version(const SSL *s); ++ ++/* This sets the 'default' SSL version that SSL_new() will create */ ++__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); ++ ++# ifndef OPENSSL_NO_SSL3_METHOD ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) ++# endif ++ ++#define SSLv23_method TLS_method ++#define SSLv23_server_method TLS_server_method ++#define SSLv23_client_method TLS_client_method ++ ++/* Negotiate highest available SSL/TLS version */ ++__owur const SSL_METHOD *TLS_method(void); ++__owur const SSL_METHOD *TLS_server_method(void); ++__owur const SSL_METHOD *TLS_client_method(void); ++ ++# ifndef OPENSSL_NO_TLS1_METHOD ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) ++# endif ++ ++# ifndef OPENSSL_NO_TLS1_1_METHOD ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) ++# endif ++ ++# ifndef OPENSSL_NO_TLS1_2_METHOD ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) ++# endif ++ ++# ifndef OPENSSL_NO_DTLS1_METHOD ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) ++# endif ++ ++# ifndef OPENSSL_NO_DTLS1_2_METHOD ++/* DTLSv1.2 */ ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) ++DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) ++# endif ++ ++__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ ++__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ ++__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ ++ ++__owur size_t DTLS_get_data_mtu(const SSL *s); ++ ++__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); ++__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); ++__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); ++__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); ++ ++__owur int SSL_do_handshake(SSL *s); ++int SSL_key_update(SSL *s, int updatetype); ++int SSL_get_key_update_type(const SSL *s); ++int SSL_renegotiate(SSL *s); ++int SSL_renegotiate_abbreviated(SSL *s); ++__owur int SSL_renegotiate_pending(const SSL *s); ++int SSL_shutdown(SSL *s); ++__owur int SSL_verify_client_post_handshake(SSL *s); ++void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); ++void SSL_set_post_handshake_auth(SSL *s, int val); ++ ++__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); ++__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); ++__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); ++__owur const char *SSL_alert_type_string_long(int value); ++__owur const char *SSL_alert_type_string(int value); ++__owur const char *SSL_alert_desc_string_long(int value); ++__owur const char *SSL_alert_desc_string(int value); ++ ++void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); ++void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); ++__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); ++__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); ++__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); ++__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); ++__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); ++ ++void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); ++void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); ++__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); ++__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); ++__owur int SSL_add_client_CA(SSL *ssl, X509 *x); ++__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); ++ ++void SSL_set_connect_state(SSL *s); ++void SSL_set_accept_state(SSL *s); ++ ++__owur long SSL_get_default_timeout(const SSL *s); ++ ++# if OPENSSL_API_COMPAT < 0x10100000L ++# define SSL_library_init() OPENSSL_init_ssl(0, NULL) ++# endif ++ ++__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); ++__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); ++ ++__owur SSL *SSL_dup(SSL *ssl); ++ ++__owur X509 *SSL_get_certificate(const SSL *ssl); ++/* ++ * EVP_PKEY ++ */ ++struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); ++ ++__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); ++__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); ++ ++void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); ++__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); ++void SSL_set_quiet_shutdown(SSL *ssl, int mode); ++__owur int SSL_get_quiet_shutdown(const SSL *ssl); ++void SSL_set_shutdown(SSL *ssl, int mode); ++__owur int SSL_get_shutdown(const SSL *ssl); ++__owur int SSL_version(const SSL *ssl); ++__owur int SSL_client_version(const SSL *s); ++__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); ++__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); ++__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); ++__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, ++ const char *CApath); ++# define SSL_get0_session SSL_get_session/* just peek at pointer */ ++__owur SSL_SESSION *SSL_get_session(const SSL *ssl); ++__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ ++__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); ++SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); ++void SSL_set_info_callback(SSL *ssl, ++ void (*cb) (const SSL *ssl, int type, int val)); ++void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, ++ int val); ++__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); ++ ++void SSL_set_verify_result(SSL *ssl, long v); ++__owur long SSL_get_verify_result(const SSL *ssl); ++__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); ++ ++__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, ++ size_t outlen); ++__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, ++ size_t outlen); ++__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, ++ unsigned char *out, size_t outlen); ++__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, ++ const unsigned char *in, size_t len); ++uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); ++ ++#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ ++ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) ++__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); ++void *SSL_get_ex_data(const SSL *ssl, int idx); ++#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ ++ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) ++__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); ++void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); ++#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ ++ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) ++__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); ++void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); ++ ++__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); ++ ++# define SSL_CTX_sess_set_cache_size(ctx,t) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) ++# define SSL_CTX_sess_get_cache_size(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) ++# define SSL_CTX_set_session_cache_mode(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) ++# define SSL_CTX_get_session_cache_mode(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) ++ ++# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) ++# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) ++# define SSL_CTX_get_read_ahead(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) ++# define SSL_CTX_set_read_ahead(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) ++# define SSL_CTX_get_max_cert_list(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) ++# define SSL_CTX_set_max_cert_list(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) ++# define SSL_get_max_cert_list(ssl) \ ++ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) ++# define SSL_set_max_cert_list(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) ++ ++# define SSL_CTX_set_max_send_fragment(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) ++# define SSL_set_max_send_fragment(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) ++# define SSL_CTX_set_split_send_fragment(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) ++# define SSL_set_split_send_fragment(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) ++# define SSL_CTX_set_max_pipelines(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) ++# define SSL_set_max_pipelines(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) ++ ++void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); ++void SSL_set_default_read_buffer_len(SSL *s, size_t len); ++ ++# ifndef OPENSSL_NO_DH ++/* NB: the |keylength| is only applicable when is_export is true */ ++void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, ++ DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)); ++void SSL_set_tmp_dh_callback(SSL *ssl, ++ DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)); ++# endif ++ ++__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); ++__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); ++__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); ++__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); ++__owur int SSL_COMP_get_id(const SSL_COMP *comp); ++STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); ++__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) ++ *meths); ++# if OPENSSL_API_COMPAT < 0x10100000L ++# define SSL_COMP_free_compression_methods() while(0) continue ++# endif ++__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); ++ ++const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); ++int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); ++int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); ++int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, ++ int isv2format, STACK_OF(SSL_CIPHER) **sk, ++ STACK_OF(SSL_CIPHER) **scsvs); ++ ++/* TLS extensions functions */ ++__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); ++ ++__owur int SSL_set_session_ticket_ext_cb(SSL *s, ++ tls_session_ticket_ext_cb_fn cb, ++ void *arg); ++ ++/* Pre-shared secret session resumption functions */ ++__owur int SSL_set_session_secret_cb(SSL *s, ++ tls_session_secret_cb_fn session_secret_cb, ++ void *arg); ++ ++void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ int ++ is_forward_secure)); ++ ++void SSL_set_not_resumable_session_callback(SSL *ssl, ++ int (*cb) (SSL *ssl, ++ int is_forward_secure)); ++ ++void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, ++ size_t (*cb) (SSL *ssl, int type, ++ size_t len, void *arg)); ++void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); ++void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); ++int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); ++ ++void SSL_set_record_padding_callback(SSL *ssl, ++ size_t (*cb) (SSL *ssl, int type, ++ size_t len, void *arg)); ++void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); ++void *SSL_get_record_padding_callback_arg(const SSL *ssl); ++int SSL_set_block_padding(SSL *ssl, size_t block_size); ++ ++int SSL_set_num_tickets(SSL *s, size_t num_tickets); ++size_t SSL_get_num_tickets(const SSL *s); ++int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); ++size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); ++ ++# if OPENSSL_API_COMPAT < 0x10100000L ++# define SSL_cache_hit(s) SSL_session_reused(s) ++# endif ++ ++__owur int SSL_session_reused(const SSL *s); ++__owur int SSL_is_server(const SSL *s); ++ ++__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); ++int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); ++void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); ++unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); ++__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, ++ unsigned int flags); ++__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); ++ ++void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); ++void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); ++ ++__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); ++__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); ++__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); ++ ++void SSL_add_ssl_module(void); ++int SSL_config(SSL *s, const char *name); ++int SSL_CTX_config(SSL_CTX *ctx, const char *name); ++ ++# ifndef OPENSSL_NO_SSL_TRACE ++void SSL_trace(int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++# endif ++ ++# ifndef OPENSSL_NO_SOCK ++int DTLSv1_listen(SSL *s, BIO_ADDR *client); ++# endif ++ ++# ifndef OPENSSL_NO_CT ++ ++/* ++ * A callback for verifying that the received SCTs are sufficient. ++ * Expected to return 1 if they are sufficient, otherwise 0. ++ * May return a negative integer if an error occurs. ++ * A connection should be aborted if the SCTs are deemed insufficient. ++ */ ++typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, ++ const STACK_OF(SCT) *scts, void *arg); ++ ++/* ++ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate ++ * the received SCTs. ++ * If the callback returns a non-positive result, the connection is terminated. ++ * Call this function before beginning a handshake. ++ * If a NULL |callback| is provided, SCT validation is disabled. ++ * |arg| is arbitrary userdata that will be passed to the callback whenever it ++ * is invoked. Ownership of |arg| remains with the caller. ++ * ++ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response ++ * will be requested. ++ */ ++int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, ++ void *arg); ++int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ++ ssl_ct_validation_cb callback, ++ void *arg); ++#define SSL_disable_ct(s) \ ++ ((void) SSL_set_validation_callback((s), NULL, NULL)) ++#define SSL_CTX_disable_ct(ctx) \ ++ ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) ++ ++/* ++ * The validation type enumerates the available behaviours of the built-in SSL ++ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). ++ * The underlying callback is a static function in libssl. ++ */ ++enum { ++ SSL_CT_VALIDATION_PERMISSIVE = 0, ++ SSL_CT_VALIDATION_STRICT ++}; ++ ++/* ++ * Enable CT by setting up a callback that implements one of the built-in ++ * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always ++ * continues the handshake, the application can make appropriate decisions at ++ * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at ++ * least one valid SCT, or else handshake termination will be requested. The ++ * handshake may continue anyway if SSL_VERIFY_NONE is in effect. ++ */ ++int SSL_enable_ct(SSL *s, int validation_mode); ++int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); ++ ++/* ++ * Report whether a non-NULL callback is enabled. ++ */ ++int SSL_ct_is_enabled(const SSL *s); ++int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); ++ ++/* Gets the SCTs received from a connection */ ++const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); ++ ++/* ++ * Loads the CT log list from the default location. ++ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, ++ * the log information loaded from this file will be appended to the ++ * CTLOG_STORE. ++ * Returns 1 on success, 0 otherwise. ++ */ ++int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); ++ ++/* ++ * Loads the CT log list from the specified file path. ++ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, ++ * the log information loaded from this file will be appended to the ++ * CTLOG_STORE. ++ * Returns 1 on success, 0 otherwise. ++ */ ++int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); ++ ++/* ++ * Sets the CT log list used by all SSL connections created from this SSL_CTX. ++ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. ++ */ ++void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); ++ ++/* ++ * Gets the CT log list used by all SSL connections created from this SSL_CTX. ++ * This will be NULL unless one of the following functions has been called: ++ * - SSL_CTX_set_default_ctlog_list_file ++ * - SSL_CTX_set_ctlog_list_file ++ * - SSL_CTX_set_ctlog_store ++ */ ++const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); ++ ++# endif /* OPENSSL_NO_CT */ ++ ++/* What the "other" parameter contains in security callback */ ++/* Mask for type */ ++# define SSL_SECOP_OTHER_TYPE 0xffff0000 ++# define SSL_SECOP_OTHER_NONE 0 ++# define SSL_SECOP_OTHER_CIPHER (1 << 16) ++# define SSL_SECOP_OTHER_CURVE (2 << 16) ++# define SSL_SECOP_OTHER_DH (3 << 16) ++# define SSL_SECOP_OTHER_PKEY (4 << 16) ++# define SSL_SECOP_OTHER_SIGALG (5 << 16) ++# define SSL_SECOP_OTHER_CERT (6 << 16) ++ ++/* Indicated operation refers to peer key or certificate */ ++# define SSL_SECOP_PEER 0x1000 ++ ++/* Values for "op" parameter in security callback */ ++ ++/* Called to filter ciphers */ ++/* Ciphers client supports */ ++# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) ++/* Cipher shared by client/server */ ++# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) ++/* Sanity check of cipher server selects */ ++# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) ++/* Curves supported by client */ ++# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) ++/* Curves shared by client/server */ ++# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) ++/* Sanity check of curve server selects */ ++# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) ++/* Temporary DH key */ ++# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) ++/* SSL/TLS version */ ++# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) ++/* Session tickets */ ++# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) ++/* Supported signature algorithms sent to peer */ ++# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) ++/* Shared signature algorithm */ ++# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) ++/* Sanity check signature algorithm allowed */ ++# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) ++/* Used to get mask of supported public key signature algorithms */ ++# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) ++/* Use to see if compression is allowed */ ++# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) ++/* EE key in certificate */ ++# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) ++/* CA key in certificate */ ++# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) ++/* CA digest algorithm in certificate */ ++# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) ++/* Peer EE key in certificate */ ++# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) ++/* Peer CA key in certificate */ ++# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) ++/* Peer CA digest algorithm in certificate */ ++# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) ++ ++void SSL_set_security_level(SSL *s, int level); ++__owur int SSL_get_security_level(const SSL *s); ++void SSL_set_security_callback(SSL *s, ++ int (*cb) (const SSL *s, const SSL_CTX *ctx, ++ int op, int bits, int nid, ++ void *other, void *ex)); ++int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, ++ const SSL_CTX *ctx, int op, ++ int bits, int nid, void *other, ++ void *ex); ++void SSL_set0_security_ex_data(SSL *s, void *ex); ++__owur void *SSL_get0_security_ex_data(const SSL *s); ++ ++void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); ++__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); ++void SSL_CTX_set_security_callback(SSL_CTX *ctx, ++ int (*cb) (const SSL *s, const SSL_CTX *ctx, ++ int op, int bits, int nid, ++ void *other, void *ex)); ++int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, ++ const SSL_CTX *ctx, ++ int op, int bits, ++ int nid, ++ void *other, ++ void *ex); ++void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); ++__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); ++ ++/* OPENSSL_INIT flag 0x010000 reserved for internal use */ ++# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L ++# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L ++ ++# define OPENSSL_INIT_SSL_DEFAULT \ ++ (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) ++ ++int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++ ++# ifndef OPENSSL_NO_UNIT_TEST ++__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); ++# endif ++ ++__owur int SSL_free_buffers(SSL *ssl); ++__owur int SSL_alloc_buffers(SSL *ssl); ++ ++/* Status codes passed to the decrypt session ticket callback. Some of these ++ * are for internal use only and are never passed to the callback. */ ++typedef int SSL_TICKET_STATUS; ++ ++/* Support for ticket appdata */ ++/* fatal error, malloc failure */ ++# define SSL_TICKET_FATAL_ERR_MALLOC 0 ++/* fatal error, either from parsing or decrypting the ticket */ ++# define SSL_TICKET_FATAL_ERR_OTHER 1 ++/* No ticket present */ ++# define SSL_TICKET_NONE 2 ++/* Empty ticket present */ ++# define SSL_TICKET_EMPTY 3 ++/* the ticket couldn't be decrypted */ ++# define SSL_TICKET_NO_DECRYPT 4 ++/* a ticket was successfully decrypted */ ++# define SSL_TICKET_SUCCESS 5 ++/* same as above but the ticket needs to be renewed */ ++# define SSL_TICKET_SUCCESS_RENEW 6 ++ ++/* Return codes for the decrypt session ticket callback */ ++typedef int SSL_TICKET_RETURN; ++ ++/* An error occurred */ ++#define SSL_TICKET_RETURN_ABORT 0 ++/* Do not use the ticket, do not send a renewed ticket to the client */ ++#define SSL_TICKET_RETURN_IGNORE 1 ++/* Do not use the ticket, send a renewed ticket to the client */ ++#define SSL_TICKET_RETURN_IGNORE_RENEW 2 ++/* Use the ticket, do not send a renewed ticket to the client */ ++#define SSL_TICKET_RETURN_USE 3 ++/* Use the ticket, send a renewed ticket to the client */ ++#define SSL_TICKET_RETURN_USE_RENEW 4 ++ ++typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); ++typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, ++ const unsigned char *keyname, ++ size_t keyname_length, ++ SSL_TICKET_STATUS status, ++ void *arg); ++int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, ++ SSL_CTX_generate_session_ticket_fn gen_cb, ++ SSL_CTX_decrypt_session_ticket_fn dec_cb, ++ void *arg); ++int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); ++int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); ++ ++extern const char SSL_version_str[]; ++ ++typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); ++ ++void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); ++ ++ ++typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); ++void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, ++ SSL_allow_early_data_cb_fn cb, ++ void *arg); ++void SSL_set_allow_early_data_cb(SSL *s, ++ SSL_allow_early_data_cb_fn cb, ++ void *arg); ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -urN openssl-1.1.1w.orig/ssl/bio_ssl.c openssl-1.1.1w/ssl/bio_ssl.c +--- openssl-1.1.1w.orig/ssl/bio_ssl.c 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/ssl/bio_ssl.c 2023-11-08 01:21:37.262754997 +0100 +@@ -138,6 +138,10 @@ + BIO_set_retry_special(b); + retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; ++ case SSL_ERROR_WANT_SESSION_LOOKUP: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_SSL_SESSION_LOOKUP; ++ break; + case SSL_ERROR_WANT_ACCEPT: + BIO_set_retry_special(b); + retry_reason = BIO_RR_ACCEPT; +@@ -206,6 +210,10 @@ + BIO_set_retry_special(b); + retry_reason = BIO_RR_SSL_X509_LOOKUP; + break; ++ case SSL_ERROR_WANT_SESSION_LOOKUP: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_SSL_SESSION_LOOKUP; ++ break; + case SSL_ERROR_WANT_CONNECT: + BIO_set_retry_special(b); + retry_reason = BIO_RR_CONNECT; +@@ -361,6 +369,10 @@ + BIO_set_retry_special(b); + BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP); + break; ++ case SSL_ERROR_WANT_SESSION_LOOKUP: ++ BIO_set_retry_special(b); ++ BIO_set_retry_reason(b, BIO_RR_SSL_SESSION_LOOKUP); ++ break; + default: + break; + } +diff -urN openssl-1.1.1w.orig/ssl/bio_ssl.c.orig openssl-1.1.1w/ssl/bio_ssl.c.orig +--- openssl-1.1.1w.orig/ssl/bio_ssl.c.orig 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-1.1.1w/ssl/bio_ssl.c.orig 2023-09-11 16:08:11.000000000 +0200 +@@ -0,0 +1,506 @@ ++/* ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "internal/bio.h" ++#include ++#include "ssl_local.h" ++ ++static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written); ++static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes); ++static int ssl_puts(BIO *h, const char *str); ++static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int ssl_new(BIO *h); ++static int ssl_free(BIO *data); ++static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); ++typedef struct bio_ssl_st { ++ SSL *ssl; /* The ssl handle :-) */ ++ /* re-negotiate every time the total number of bytes is this size */ ++ int num_renegotiates; ++ unsigned long renegotiate_count; ++ size_t byte_count; ++ unsigned long renegotiate_timeout; ++ unsigned long last_time; ++} BIO_SSL; ++ ++static const BIO_METHOD methods_sslp = { ++ BIO_TYPE_SSL, ++ "ssl", ++ ssl_write, ++ NULL, /* ssl_write_old, */ ++ ssl_read, ++ NULL, /* ssl_read_old, */ ++ ssl_puts, ++ NULL, /* ssl_gets, */ ++ ssl_ctrl, ++ ssl_new, ++ ssl_free, ++ ssl_callback_ctrl, ++}; ++ ++const BIO_METHOD *BIO_f_ssl(void) ++{ ++ return &methods_sslp; ++} ++ ++static int ssl_new(BIO *bi) ++{ ++ BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs)); ++ ++ if (bs == NULL) { ++ BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ BIO_set_init(bi, 0); ++ BIO_set_data(bi, bs); ++ /* Clear all flags */ ++ BIO_clear_flags(bi, ~0); ++ ++ return 1; ++} ++ ++static int ssl_free(BIO *a) ++{ ++ BIO_SSL *bs; ++ ++ if (a == NULL) ++ return 0; ++ bs = BIO_get_data(a); ++ if (BIO_get_shutdown(a)) { ++ if (bs->ssl != NULL) ++ SSL_shutdown(bs->ssl); ++ if (BIO_get_init(a)) ++ SSL_free(bs->ssl); ++ BIO_clear_flags(a, ~0); /* Clear all flags */ ++ BIO_set_init(a, 0); ++ } ++ OPENSSL_free(bs); ++ return 1; ++} ++ ++static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes) ++{ ++ int ret = 1; ++ BIO_SSL *sb; ++ SSL *ssl; ++ int retry_reason = 0; ++ int r = 0; ++ ++ if (buf == NULL) ++ return 0; ++ sb = BIO_get_data(b); ++ ssl = sb->ssl; ++ ++ BIO_clear_retry_flags(b); ++ ++ ret = ssl_read_internal(ssl, buf, size, readbytes); ++ ++ switch (SSL_get_error(ssl, ret)) { ++ case SSL_ERROR_NONE: ++ if (sb->renegotiate_count > 0) { ++ sb->byte_count += *readbytes; ++ if (sb->byte_count > sb->renegotiate_count) { ++ sb->byte_count = 0; ++ sb->num_renegotiates++; ++ SSL_renegotiate(ssl); ++ r = 1; ++ } ++ } ++ if ((sb->renegotiate_timeout > 0) && (!r)) { ++ unsigned long tm; ++ ++ tm = (unsigned long)time(NULL); ++ if (tm > sb->last_time + sb->renegotiate_timeout) { ++ sb->last_time = tm; ++ sb->num_renegotiates++; ++ SSL_renegotiate(ssl); ++ } ++ } ++ ++ break; ++ case SSL_ERROR_WANT_READ: ++ BIO_set_retry_read(b); ++ break; ++ case SSL_ERROR_WANT_WRITE: ++ BIO_set_retry_write(b); ++ break; ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_SSL_X509_LOOKUP; ++ break; ++ case SSL_ERROR_WANT_ACCEPT: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_ACCEPT; ++ break; ++ case SSL_ERROR_WANT_CONNECT: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_CONNECT; ++ break; ++ case SSL_ERROR_SYSCALL: ++ case SSL_ERROR_SSL: ++ case SSL_ERROR_ZERO_RETURN: ++ default: ++ break; ++ } ++ ++ BIO_set_retry_reason(b, retry_reason); ++ ++ return ret; ++} ++ ++static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written) ++{ ++ int ret, r = 0; ++ int retry_reason = 0; ++ SSL *ssl; ++ BIO_SSL *bs; ++ ++ if (buf == NULL) ++ return 0; ++ bs = BIO_get_data(b); ++ ssl = bs->ssl; ++ ++ BIO_clear_retry_flags(b); ++ ++ ret = ssl_write_internal(ssl, buf, size, written); ++ ++ switch (SSL_get_error(ssl, ret)) { ++ case SSL_ERROR_NONE: ++ if (bs->renegotiate_count > 0) { ++ bs->byte_count += *written; ++ if (bs->byte_count > bs->renegotiate_count) { ++ bs->byte_count = 0; ++ bs->num_renegotiates++; ++ SSL_renegotiate(ssl); ++ r = 1; ++ } ++ } ++ if ((bs->renegotiate_timeout > 0) && (!r)) { ++ unsigned long tm; ++ ++ tm = (unsigned long)time(NULL); ++ if (tm > bs->last_time + bs->renegotiate_timeout) { ++ bs->last_time = tm; ++ bs->num_renegotiates++; ++ SSL_renegotiate(ssl); ++ } ++ } ++ break; ++ case SSL_ERROR_WANT_WRITE: ++ BIO_set_retry_write(b); ++ break; ++ case SSL_ERROR_WANT_READ: ++ BIO_set_retry_read(b); ++ break; ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_SSL_X509_LOOKUP; ++ break; ++ case SSL_ERROR_WANT_CONNECT: ++ BIO_set_retry_special(b); ++ retry_reason = BIO_RR_CONNECT; ++ case SSL_ERROR_SYSCALL: ++ case SSL_ERROR_SSL: ++ default: ++ break; ++ } ++ ++ BIO_set_retry_reason(b, retry_reason); ++ ++ return ret; ++} ++ ++static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ++{ ++ SSL **sslp, *ssl; ++ BIO_SSL *bs, *dbs; ++ BIO *dbio, *bio; ++ long ret = 1; ++ BIO *next; ++ ++ bs = BIO_get_data(b); ++ next = BIO_next(b); ++ ssl = bs->ssl; ++ if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) ++ return 0; ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ SSL_shutdown(ssl); ++ ++ if (ssl->handshake_func == ssl->method->ssl_connect) ++ SSL_set_connect_state(ssl); ++ else if (ssl->handshake_func == ssl->method->ssl_accept) ++ SSL_set_accept_state(ssl); ++ ++ if (!SSL_clear(ssl)) { ++ ret = 0; ++ break; ++ } ++ ++ if (next != NULL) ++ ret = BIO_ctrl(next, cmd, num, ptr); ++ else if (ssl->rbio != NULL) ++ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ++ else ++ ret = 1; ++ break; ++ case BIO_CTRL_INFO: ++ ret = 0; ++ break; ++ case BIO_C_SSL_MODE: ++ if (num) /* client mode */ ++ SSL_set_connect_state(ssl); ++ else ++ SSL_set_accept_state(ssl); ++ break; ++ case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: ++ ret = bs->renegotiate_timeout; ++ if (num < 60) ++ num = 5; ++ bs->renegotiate_timeout = (unsigned long)num; ++ bs->last_time = (unsigned long)time(NULL); ++ break; ++ case BIO_C_SET_SSL_RENEGOTIATE_BYTES: ++ ret = bs->renegotiate_count; ++ if ((long)num >= 512) ++ bs->renegotiate_count = (unsigned long)num; ++ break; ++ case BIO_C_GET_SSL_NUM_RENEGOTIATES: ++ ret = bs->num_renegotiates; ++ break; ++ case BIO_C_SET_SSL: ++ if (ssl != NULL) { ++ ssl_free(b); ++ if (!ssl_new(b)) ++ return 0; ++ bs = BIO_get_data(b); ++ } ++ BIO_set_shutdown(b, num); ++ ssl = (SSL *)ptr; ++ bs->ssl = ssl; ++ bio = SSL_get_rbio(ssl); ++ if (bio != NULL) { ++ if (next != NULL) ++ BIO_push(bio, next); ++ BIO_set_next(b, bio); ++ BIO_up_ref(bio); ++ } ++ BIO_set_init(b, 1); ++ break; ++ case BIO_C_GET_SSL: ++ if (ptr != NULL) { ++ sslp = (SSL **)ptr; ++ *sslp = ssl; ++ } else ++ ret = 0; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = BIO_get_shutdown(b); ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ BIO_set_shutdown(b, (int)num); ++ break; ++ case BIO_CTRL_WPENDING: ++ ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_PENDING: ++ ret = SSL_pending(ssl); ++ if (ret == 0) ++ ret = BIO_pending(ssl->rbio); ++ break; ++ case BIO_CTRL_FLUSH: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ case BIO_CTRL_PUSH: ++ if ((next != NULL) && (next != ssl->rbio)) { ++ /* ++ * We are going to pass ownership of next to the SSL object...but ++ * we don't own a reference to pass yet - so up ref ++ */ ++ BIO_up_ref(next); ++ SSL_set_bio(ssl, next, next); ++ } ++ break; ++ case BIO_CTRL_POP: ++ /* Only detach if we are the BIO explicitly being popped */ ++ if (b == ptr) { ++ /* This will clear the reference we obtained during push */ ++ SSL_set_bio(ssl, NULL, NULL); ++ } ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ++ BIO_set_retry_reason(b, 0); ++ ret = (int)SSL_do_handshake(ssl); ++ ++ switch (SSL_get_error(ssl, (int)ret)) { ++ case SSL_ERROR_WANT_READ: ++ BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); ++ break; ++ case SSL_ERROR_WANT_WRITE: ++ BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); ++ break; ++ case SSL_ERROR_WANT_CONNECT: ++ BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); ++ BIO_set_retry_reason(b, BIO_get_retry_reason(next)); ++ break; ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ BIO_set_retry_special(b); ++ BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP); ++ break; ++ default: ++ break; ++ } ++ break; ++ case BIO_CTRL_DUP: ++ dbio = (BIO *)ptr; ++ dbs = BIO_get_data(dbio); ++ SSL_free(dbs->ssl); ++ dbs->ssl = SSL_dup(ssl); ++ dbs->num_renegotiates = bs->num_renegotiates; ++ dbs->renegotiate_count = bs->renegotiate_count; ++ dbs->byte_count = bs->byte_count; ++ dbs->renegotiate_timeout = bs->renegotiate_timeout; ++ dbs->last_time = bs->last_time; ++ ret = (dbs->ssl != NULL); ++ break; ++ case BIO_C_GET_FD: ++ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_SET_CALLBACK: ++ ret = 0; /* use callback ctrl */ ++ break; ++ default: ++ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ++ break; ++ } ++ return ret; ++} ++ ++static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ++{ ++ SSL *ssl; ++ BIO_SSL *bs; ++ long ret = 1; ++ ++ bs = BIO_get_data(b); ++ ssl = bs->ssl; ++ switch (cmd) { ++ case BIO_CTRL_SET_CALLBACK: ++ ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++ return ret; ++} ++ ++static int ssl_puts(BIO *bp, const char *str) ++{ ++ int n, ret; ++ ++ n = strlen(str); ++ ret = BIO_write(bp, str, n); ++ return ret; ++} ++ ++BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) ++{ ++#ifndef OPENSSL_NO_SOCK ++ BIO *ret = NULL, *buf = NULL, *ssl = NULL; ++ ++ if ((buf = BIO_new(BIO_f_buffer())) == NULL) ++ return NULL; ++ if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) ++ goto err; ++ if ((ret = BIO_push(buf, ssl)) == NULL) ++ goto err; ++ return ret; ++ err: ++ BIO_free(buf); ++ BIO_free(ssl); ++#endif ++ return NULL; ++} ++ ++BIO *BIO_new_ssl_connect(SSL_CTX *ctx) ++{ ++#ifndef OPENSSL_NO_SOCK ++ BIO *ret = NULL, *con = NULL, *ssl = NULL; ++ ++ if ((con = BIO_new(BIO_s_connect())) == NULL) ++ return NULL; ++ if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) ++ goto err; ++ if ((ret = BIO_push(ssl, con)) == NULL) ++ goto err; ++ return ret; ++ err: ++ BIO_free(ssl); ++ BIO_free(con); ++#endif ++ return NULL; ++} ++ ++BIO *BIO_new_ssl(SSL_CTX *ctx, int client) ++{ ++ BIO *ret; ++ SSL *ssl; ++ ++ if ((ret = BIO_new(BIO_f_ssl())) == NULL) ++ return NULL; ++ if ((ssl = SSL_new(ctx)) == NULL) { ++ BIO_free(ret); ++ return NULL; ++ } ++ if (client) ++ SSL_set_connect_state(ssl); ++ else ++ SSL_set_accept_state(ssl); ++ ++ BIO_set_ssl(ret, ssl, BIO_CLOSE); ++ return ret; ++} ++ ++int BIO_ssl_copy_session_id(BIO *t, BIO *f) ++{ ++ BIO_SSL *tdata, *fdata; ++ t = BIO_find_type(t, BIO_TYPE_SSL); ++ f = BIO_find_type(f, BIO_TYPE_SSL); ++ if ((t == NULL) || (f == NULL)) ++ return 0; ++ tdata = BIO_get_data(t); ++ fdata = BIO_get_data(f); ++ if ((tdata->ssl == NULL) || (fdata->ssl == NULL)) ++ return 0; ++ if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl))) ++ return 0; ++ return 1; ++} ++ ++void BIO_ssl_shutdown(BIO *b) ++{ ++ BIO_SSL *bdata; ++ ++ for (; b != NULL; b = BIO_next(b)) { ++ if (BIO_method_type(b) != BIO_TYPE_SSL) ++ continue; ++ bdata = BIO_get_data(b); ++ if (bdata != NULL && bdata->ssl != NULL) ++ SSL_shutdown(bdata->ssl); ++ } ++} +diff -urN openssl-1.1.1w.orig/ssl/ssl_lib.c openssl-1.1.1w/ssl/ssl_lib.c +--- openssl-1.1.1w.orig/ssl/ssl_lib.c 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/ssl/ssl_lib.c 2023-11-08 01:21:37.262754997 +0100 +@@ -3688,6 +3688,8 @@ + return SSL_ERROR_WANT_ASYNC_JOB; + if (SSL_want_client_hello_cb(s)) + return SSL_ERROR_WANT_CLIENT_HELLO_CB; ++ if (SSL_want_sess_lookup(s)) ++ return SSL_ERROR_WANT_SESSION_LOOKUP; + + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) +diff -urN openssl-1.1.1w.orig/ssl/ssl_lib.c.orig openssl-1.1.1w/ssl/ssl_lib.c.orig +--- openssl-1.1.1w.orig/ssl/ssl_lib.c.orig 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-1.1.1w/ssl/ssl_lib.c.orig 2023-09-11 16:08:11.000000000 +0200 +@@ -0,0 +1,5709 @@ ++/* ++ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved ++ * Copyright 2005 Nokia. All rights reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include "ssl_local.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "internal/cryptlib.h" ++#include "internal/refcount.h" ++ ++const char SSL_version_str[] = OPENSSL_VERSION_TEXT; ++ ++static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) ++{ ++ (void)r; ++ (void)s; ++ (void)t; ++ return ssl_undefined_function(ssl); ++} ++ ++static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, ++ int t) ++{ ++ (void)r; ++ (void)s; ++ (void)t; ++ return ssl_undefined_function(ssl); ++} ++ ++static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, ++ unsigned char *s, size_t t, size_t *u) ++{ ++ (void)r; ++ (void)s; ++ (void)t; ++ (void)u; ++ return ssl_undefined_function(ssl); ++} ++ ++static int ssl_undefined_function_4(SSL *ssl, int r) ++{ ++ (void)r; ++ return ssl_undefined_function(ssl); ++} ++ ++static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, ++ unsigned char *t) ++{ ++ (void)r; ++ (void)s; ++ (void)t; ++ return ssl_undefined_function(ssl); ++} ++ ++static int ssl_undefined_function_6(int r) ++{ ++ (void)r; ++ return ssl_undefined_function(NULL); ++} ++ ++static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s, ++ const char *t, size_t u, ++ const unsigned char *v, size_t w, int x) ++{ ++ (void)r; ++ (void)s; ++ (void)t; ++ (void)u; ++ (void)v; ++ (void)w; ++ (void)x; ++ return ssl_undefined_function(ssl); ++} ++ ++SSL3_ENC_METHOD ssl3_undef_enc_method = { ++ ssl_undefined_function_1, ++ ssl_undefined_function_2, ++ ssl_undefined_function, ++ ssl_undefined_function_3, ++ ssl_undefined_function_4, ++ ssl_undefined_function_5, ++ NULL, /* client_finished_label */ ++ 0, /* client_finished_label_len */ ++ NULL, /* server_finished_label */ ++ 0, /* server_finished_label_len */ ++ ssl_undefined_function_6, ++ ssl_undefined_function_7, ++}; ++ ++struct ssl_async_args { ++ SSL *s; ++ void *buf; ++ size_t num; ++ enum { READFUNC, WRITEFUNC, OTHERFUNC } type; ++ union { ++ int (*func_read) (SSL *, void *, size_t, size_t *); ++ int (*func_write) (SSL *, const void *, size_t, size_t *); ++ int (*func_other) (SSL *); ++ } f; ++}; ++ ++static const struct { ++ uint8_t mtype; ++ uint8_t ord; ++ int nid; ++} dane_mds[] = { ++ { ++ DANETLS_MATCHING_FULL, 0, NID_undef ++ }, ++ { ++ DANETLS_MATCHING_2256, 1, NID_sha256 ++ }, ++ { ++ DANETLS_MATCHING_2512, 2, NID_sha512 ++ }, ++}; ++ ++static int dane_ctx_enable(struct dane_ctx_st *dctx) ++{ ++ const EVP_MD **mdevp; ++ uint8_t *mdord; ++ uint8_t mdmax = DANETLS_MATCHING_LAST; ++ int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */ ++ size_t i; ++ ++ if (dctx->mdevp != NULL) ++ return 1; ++ ++ mdevp = OPENSSL_zalloc(n * sizeof(*mdevp)); ++ mdord = OPENSSL_zalloc(n * sizeof(*mdord)); ++ ++ if (mdord == NULL || mdevp == NULL) { ++ OPENSSL_free(mdord); ++ OPENSSL_free(mdevp); ++ SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ /* Install default entries */ ++ for (i = 0; i < OSSL_NELEM(dane_mds); ++i) { ++ const EVP_MD *md; ++ ++ if (dane_mds[i].nid == NID_undef || ++ (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL) ++ continue; ++ mdevp[dane_mds[i].mtype] = md; ++ mdord[dane_mds[i].mtype] = dane_mds[i].ord; ++ } ++ ++ dctx->mdevp = mdevp; ++ dctx->mdord = mdord; ++ dctx->mdmax = mdmax; ++ ++ return 1; ++} ++ ++static void dane_ctx_final(struct dane_ctx_st *dctx) ++{ ++ OPENSSL_free(dctx->mdevp); ++ dctx->mdevp = NULL; ++ ++ OPENSSL_free(dctx->mdord); ++ dctx->mdord = NULL; ++ dctx->mdmax = 0; ++} ++ ++static void tlsa_free(danetls_record *t) ++{ ++ if (t == NULL) ++ return; ++ OPENSSL_free(t->data); ++ EVP_PKEY_free(t->spki); ++ OPENSSL_free(t); ++} ++ ++static void dane_final(SSL_DANE *dane) ++{ ++ sk_danetls_record_pop_free(dane->trecs, tlsa_free); ++ dane->trecs = NULL; ++ ++ sk_X509_pop_free(dane->certs, X509_free); ++ dane->certs = NULL; ++ ++ X509_free(dane->mcert); ++ dane->mcert = NULL; ++ dane->mtlsa = NULL; ++ dane->mdpth = -1; ++ dane->pdpth = -1; ++} ++ ++/* ++ * dane_copy - Copy dane configuration, sans verification state. ++ */ ++static int ssl_dane_dup(SSL *to, SSL *from) ++{ ++ int num; ++ int i; ++ ++ if (!DANETLS_ENABLED(&from->dane)) ++ return 1; ++ ++ num = sk_danetls_record_num(from->dane.trecs); ++ dane_final(&to->dane); ++ to->dane.flags = from->dane.flags; ++ to->dane.dctx = &to->ctx->dane; ++ to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); ++ ++ if (to->dane.trecs == NULL) { ++ SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ for (i = 0; i < num; ++i) { ++ danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); ++ ++ if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype, ++ t->data, t->dlen) <= 0) ++ return 0; ++ } ++ return 1; ++} ++ ++static int dane_mtype_set(struct dane_ctx_st *dctx, ++ const EVP_MD *md, uint8_t mtype, uint8_t ord) ++{ ++ int i; ++ ++ if (mtype == DANETLS_MATCHING_FULL && md != NULL) { ++ SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL); ++ return 0; ++ } ++ ++ if (mtype > dctx->mdmax) { ++ const EVP_MD **mdevp; ++ uint8_t *mdord; ++ int n = ((int)mtype) + 1; ++ ++ mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); ++ if (mdevp == NULL) { ++ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ dctx->mdevp = mdevp; ++ ++ mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord)); ++ if (mdord == NULL) { ++ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ dctx->mdord = mdord; ++ ++ /* Zero-fill any gaps */ ++ for (i = dctx->mdmax + 1; i < mtype; ++i) { ++ mdevp[i] = NULL; ++ mdord[i] = 0; ++ } ++ ++ dctx->mdmax = mtype; ++ } ++ ++ dctx->mdevp[mtype] = md; ++ /* Coerce ordinal of disabled matching types to 0 */ ++ dctx->mdord[mtype] = (md == NULL) ? 0 : ord; ++ ++ return 1; ++} ++ ++static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype) ++{ ++ if (mtype > dane->dctx->mdmax) ++ return NULL; ++ return dane->dctx->mdevp[mtype]; ++} ++ ++static int dane_tlsa_add(SSL_DANE *dane, ++ uint8_t usage, ++ uint8_t selector, ++ uint8_t mtype, unsigned const char *data, size_t dlen) ++{ ++ danetls_record *t; ++ const EVP_MD *md = NULL; ++ int ilen = (int)dlen; ++ int i; ++ int num; ++ ++ if (dane->trecs == NULL) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED); ++ return -1; ++ } ++ ++ if (ilen < 0 || dlen != (size_t)ilen) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH); ++ return 0; ++ } ++ ++ if (usage > DANETLS_USAGE_LAST) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE); ++ return 0; ++ } ++ ++ if (selector > DANETLS_SELECTOR_LAST) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR); ++ return 0; ++ } ++ ++ if (mtype != DANETLS_MATCHING_FULL) { ++ md = tlsa_md_get(dane, mtype); ++ if (md == NULL) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE); ++ return 0; ++ } ++ } ++ ++ if (md != NULL && dlen != (size_t)EVP_MD_size(md)) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); ++ return 0; ++ } ++ if (!data) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA); ++ return 0; ++ } ++ ++ if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ ++ t->usage = usage; ++ t->selector = selector; ++ t->mtype = mtype; ++ t->data = OPENSSL_malloc(dlen); ++ if (t->data == NULL) { ++ tlsa_free(t); ++ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ memcpy(t->data, data, dlen); ++ t->dlen = dlen; ++ ++ /* Validate and cache full certificate or public key */ ++ if (mtype == DANETLS_MATCHING_FULL) { ++ const unsigned char *p = data; ++ X509 *cert = NULL; ++ EVP_PKEY *pkey = NULL; ++ ++ switch (selector) { ++ case DANETLS_SELECTOR_CERT: ++ if (!d2i_X509(&cert, &p, ilen) || p < data || ++ dlen != (size_t)(p - data)) { ++ tlsa_free(t); ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); ++ return 0; ++ } ++ if (X509_get0_pubkey(cert) == NULL) { ++ tlsa_free(t); ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); ++ return 0; ++ } ++ ++ if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { ++ X509_free(cert); ++ break; ++ } ++ ++ /* ++ * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA ++ * records that contain full certificates of trust-anchors that are ++ * not present in the wire chain. For usage PKIX-TA(0), we augment ++ * the chain with untrusted Full(0) certificates from DNS, in case ++ * they are missing from the chain. ++ */ ++ if ((dane->certs == NULL && ++ (dane->certs = sk_X509_new_null()) == NULL) || ++ !sk_X509_push(dane->certs, cert)) { ++ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); ++ X509_free(cert); ++ tlsa_free(t); ++ return -1; ++ } ++ break; ++ ++ case DANETLS_SELECTOR_SPKI: ++ if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || ++ dlen != (size_t)(p - data)) { ++ tlsa_free(t); ++ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); ++ return 0; ++ } ++ ++ /* ++ * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA ++ * records that contain full bare keys of trust-anchors that are ++ * not present in the wire chain. ++ */ ++ if (usage == DANETLS_USAGE_DANE_TA) ++ t->spki = pkey; ++ else ++ EVP_PKEY_free(pkey); ++ break; ++ } ++ } ++ ++ /*- ++ * Find the right insertion point for the new record. ++ * ++ * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that ++ * they can be processed first, as they require no chain building, and no ++ * expiration or hostname checks. Because DANE-EE(3) is numerically ++ * largest, this is accomplished via descending sort by "usage". ++ * ++ * We also sort in descending order by matching ordinal to simplify ++ * the implementation of digest agility in the verification code. ++ * ++ * The choice of order for the selector is not significant, so we ++ * use the same descending order for consistency. ++ */ ++ num = sk_danetls_record_num(dane->trecs); ++ for (i = 0; i < num; ++i) { ++ danetls_record *rec = sk_danetls_record_value(dane->trecs, i); ++ ++ if (rec->usage > usage) ++ continue; ++ if (rec->usage < usage) ++ break; ++ if (rec->selector > selector) ++ continue; ++ if (rec->selector < selector) ++ break; ++ if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype]) ++ continue; ++ break; ++ } ++ ++ if (!sk_danetls_record_insert(dane->trecs, t, i)) { ++ tlsa_free(t); ++ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ dane->umask |= DANETLS_USAGE_BIT(usage); ++ ++ return 1; ++} ++ ++/* ++ * Return 0 if there is only one version configured and it was disabled ++ * at configure time. Return 1 otherwise. ++ */ ++static int ssl_check_allowed_versions(int min_version, int max_version) ++{ ++ int minisdtls = 0, maxisdtls = 0; ++ ++ /* Figure out if we're doing DTLS versions or TLS versions */ ++ if (min_version == DTLS1_BAD_VER ++ || min_version >> 8 == DTLS1_VERSION_MAJOR) ++ minisdtls = 1; ++ if (max_version == DTLS1_BAD_VER ++ || max_version >> 8 == DTLS1_VERSION_MAJOR) ++ maxisdtls = 1; ++ /* A wildcard version of 0 could be DTLS or TLS. */ ++ if ((minisdtls && !maxisdtls && max_version != 0) ++ || (maxisdtls && !minisdtls && min_version != 0)) { ++ /* Mixing DTLS and TLS versions will lead to sadness; deny it. */ ++ return 0; ++ } ++ ++ if (minisdtls || maxisdtls) { ++ /* Do DTLS version checks. */ ++ if (min_version == 0) ++ /* Ignore DTLS1_BAD_VER */ ++ min_version = DTLS1_VERSION; ++ if (max_version == 0) ++ max_version = DTLS1_2_VERSION; ++#ifdef OPENSSL_NO_DTLS1_2 ++ if (max_version == DTLS1_2_VERSION) ++ max_version = DTLS1_VERSION; ++#endif ++#ifdef OPENSSL_NO_DTLS1 ++ if (min_version == DTLS1_VERSION) ++ min_version = DTLS1_2_VERSION; ++#endif ++ /* Done massaging versions; do the check. */ ++ if (0 ++#ifdef OPENSSL_NO_DTLS1 ++ || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) ++ && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) ++#endif ++#ifdef OPENSSL_NO_DTLS1_2 ++ || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION) ++ && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version)) ++#endif ++ ) ++ return 0; ++ } else { ++ /* Regular TLS version checks. */ ++ if (min_version == 0) ++ min_version = SSL3_VERSION; ++ if (max_version == 0) ++ max_version = TLS1_3_VERSION; ++#ifdef OPENSSL_NO_TLS1_3 ++ if (max_version == TLS1_3_VERSION) ++ max_version = TLS1_2_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1_2 ++ if (max_version == TLS1_2_VERSION) ++ max_version = TLS1_1_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1_1 ++ if (max_version == TLS1_1_VERSION) ++ max_version = TLS1_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1 ++ if (max_version == TLS1_VERSION) ++ max_version = SSL3_VERSION; ++#endif ++#ifdef OPENSSL_NO_SSL3 ++ if (min_version == SSL3_VERSION) ++ min_version = TLS1_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1 ++ if (min_version == TLS1_VERSION) ++ min_version = TLS1_1_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1_1 ++ if (min_version == TLS1_1_VERSION) ++ min_version = TLS1_2_VERSION; ++#endif ++#ifdef OPENSSL_NO_TLS1_2 ++ if (min_version == TLS1_2_VERSION) ++ min_version = TLS1_3_VERSION; ++#endif ++ /* Done massaging versions; do the check. */ ++ if (0 ++#ifdef OPENSSL_NO_SSL3 ++ || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) ++#endif ++#ifdef OPENSSL_NO_TLS1 ++ || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version) ++#endif ++#ifdef OPENSSL_NO_TLS1_1 ++ || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version) ++#endif ++#ifdef OPENSSL_NO_TLS1_2 ++ || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version) ++#endif ++#ifdef OPENSSL_NO_TLS1_3 ++ || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) ++#endif ++ ) ++ return 0; ++ } ++ return 1; ++} ++ ++static void clear_ciphers(SSL *s) ++{ ++ /* clear the current cipher */ ++ ssl_clear_cipher_ctx(s); ++ ssl_clear_hash_ctx(&s->read_hash); ++ ssl_clear_hash_ctx(&s->write_hash); ++} ++ ++int SSL_clear(SSL *s) ++{ ++ if (s->method == NULL) { ++ SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); ++ return 0; ++ } ++ ++ if (ssl_clear_bad_session(s)) { ++ SSL_SESSION_free(s->session); ++ s->session = NULL; ++ } ++ SSL_SESSION_free(s->psksession); ++ s->psksession = NULL; ++ OPENSSL_free(s->psksession_id); ++ s->psksession_id = NULL; ++ s->psksession_id_len = 0; ++ s->hello_retry_request = 0; ++ s->sent_tickets = 0; ++ ++ s->error = 0; ++ s->hit = 0; ++ s->shutdown = 0; ++ ++ if (s->renegotiate) { ++ SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ ossl_statem_clear(s); ++ ++ s->version = s->method->version; ++ s->client_version = s->version; ++ s->rwstate = SSL_NOTHING; ++ ++ BUF_MEM_free(s->init_buf); ++ s->init_buf = NULL; ++ clear_ciphers(s); ++ s->first_packet = 0; ++ ++ s->key_update = SSL_KEY_UPDATE_NONE; ++ ++ EVP_MD_CTX_free(s->pha_dgst); ++ s->pha_dgst = NULL; ++ ++ /* Reset DANE verification result state */ ++ s->dane.mdpth = -1; ++ s->dane.pdpth = -1; ++ X509_free(s->dane.mcert); ++ s->dane.mcert = NULL; ++ s->dane.mtlsa = NULL; ++ ++ /* Clear the verification result peername */ ++ X509_VERIFY_PARAM_move_peername(s->param, NULL); ++ ++ /* Clear any shared connection state */ ++ OPENSSL_free(s->shared_sigalgs); ++ s->shared_sigalgs = NULL; ++ s->shared_sigalgslen = 0; ++ ++ /* ++ * Check to see if we were changed into a different method, if so, revert ++ * back. ++ */ ++ if (s->method != s->ctx->method) { ++ s->method->ssl_free(s); ++ s->method = s->ctx->method; ++ if (!s->method->ssl_new(s)) ++ return 0; ++ } else { ++ if (!s->method->ssl_clear(s)) ++ return 0; ++ } ++ ++ RECORD_LAYER_clear(&s->rlayer); ++ ++ return 1; ++} ++ ++/** Used to change an SSL_CTXs default SSL method type */ ++int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ++{ ++ STACK_OF(SSL_CIPHER) *sk; ++ ++ ctx->method = meth; ++ ++ if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) { ++ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); ++ return 0; ++ } ++ sk = ssl_create_cipher_list(ctx->method, ++ ctx->tls13_ciphersuites, ++ &(ctx->cipher_list), ++ &(ctx->cipher_list_by_id), ++ SSL_DEFAULT_CIPHER_LIST, ctx->cert); ++ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ++ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); ++ return 0; ++ } ++ return 1; ++} ++ ++SSL *SSL_new(SSL_CTX *ctx) ++{ ++ SSL *s; ++ ++ if (ctx == NULL) { ++ SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); ++ return NULL; ++ } ++ if (ctx->method == NULL) { ++ SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); ++ return NULL; ++ } ++ ++ s = OPENSSL_zalloc(sizeof(*s)); ++ if (s == NULL) ++ goto err; ++ ++ s->references = 1; ++ s->lock = CRYPTO_THREAD_lock_new(); ++ if (s->lock == NULL) { ++ OPENSSL_free(s); ++ s = NULL; ++ goto err; ++ } ++ ++ RECORD_LAYER_init(&s->rlayer, s); ++ ++ s->options = ctx->options; ++ s->dane.flags = ctx->dane.flags; ++ s->min_proto_version = ctx->min_proto_version; ++ s->max_proto_version = ctx->max_proto_version; ++ s->mode = ctx->mode; ++ s->max_cert_list = ctx->max_cert_list; ++ s->max_early_data = ctx->max_early_data; ++ s->recv_max_early_data = ctx->recv_max_early_data; ++ s->num_tickets = ctx->num_tickets; ++ s->pha_enabled = ctx->pha_enabled; ++ ++ /* Shallow copy of the ciphersuites stack */ ++ s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); ++ if (s->tls13_ciphersuites == NULL) ++ goto err; ++ ++ /* ++ * Earlier library versions used to copy the pointer to the CERT, not ++ * its contents; only when setting new parameters for the per-SSL ++ * copy, ssl_cert_new would be called (and the direct reference to ++ * the per-SSL_CTX settings would be lost, but those still were ++ * indirectly accessed for various purposes, and for that reason they ++ * used to be known as s->ctx->default_cert). Now we don't look at the ++ * SSL_CTX's CERT after having duplicated it once. ++ */ ++ s->cert = ssl_cert_dup(ctx->cert); ++ if (s->cert == NULL) ++ goto err; ++ ++ RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); ++ s->msg_callback = ctx->msg_callback; ++ s->msg_callback_arg = ctx->msg_callback_arg; ++ s->verify_mode = ctx->verify_mode; ++ s->not_resumable_session_cb = ctx->not_resumable_session_cb; ++ s->record_padding_cb = ctx->record_padding_cb; ++ s->record_padding_arg = ctx->record_padding_arg; ++ s->block_padding = ctx->block_padding; ++ s->sid_ctx_length = ctx->sid_ctx_length; ++ if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx))) ++ goto err; ++ memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); ++ s->verify_callback = ctx->default_verify_callback; ++ s->generate_session_id = ctx->generate_session_id; ++ ++ s->param = X509_VERIFY_PARAM_new(); ++ if (s->param == NULL) ++ goto err; ++ X509_VERIFY_PARAM_inherit(s->param, ctx->param); ++ s->quiet_shutdown = ctx->quiet_shutdown; ++ ++ s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; ++ s->max_send_fragment = ctx->max_send_fragment; ++ s->split_send_fragment = ctx->split_send_fragment; ++ s->max_pipelines = ctx->max_pipelines; ++ if (s->max_pipelines > 1) ++ RECORD_LAYER_set_read_ahead(&s->rlayer, 1); ++ if (ctx->default_read_buf_len > 0) ++ SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len); ++ ++ SSL_CTX_up_ref(ctx); ++ s->ctx = ctx; ++ s->ext.debug_cb = 0; ++ s->ext.debug_arg = NULL; ++ s->ext.ticket_expected = 0; ++ s->ext.status_type = ctx->ext.status_type; ++ s->ext.status_expected = 0; ++ s->ext.ocsp.ids = NULL; ++ s->ext.ocsp.exts = NULL; ++ s->ext.ocsp.resp = NULL; ++ s->ext.ocsp.resp_len = 0; ++ SSL_CTX_up_ref(ctx); ++ s->session_ctx = ctx; ++#ifndef OPENSSL_NO_EC ++ if (ctx->ext.ecpointformats) { ++ s->ext.ecpointformats = ++ OPENSSL_memdup(ctx->ext.ecpointformats, ++ ctx->ext.ecpointformats_len); ++ if (!s->ext.ecpointformats) { ++ s->ext.ecpointformats_len = 0; ++ goto err; ++ } ++ s->ext.ecpointformats_len = ++ ctx->ext.ecpointformats_len; ++ } ++ if (ctx->ext.supportedgroups) { ++ s->ext.supportedgroups = ++ OPENSSL_memdup(ctx->ext.supportedgroups, ++ ctx->ext.supportedgroups_len ++ * sizeof(*ctx->ext.supportedgroups)); ++ if (!s->ext.supportedgroups) { ++ s->ext.supportedgroups_len = 0; ++ goto err; ++ } ++ s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; ++ } ++#endif ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ s->ext.npn = NULL; ++#endif ++ ++ if (s->ctx->ext.alpn) { ++ s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); ++ if (s->ext.alpn == NULL) { ++ s->ext.alpn_len = 0; ++ goto err; ++ } ++ memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); ++ s->ext.alpn_len = s->ctx->ext.alpn_len; ++ } ++ ++ s->verified_chain = NULL; ++ s->verify_result = X509_V_OK; ++ ++ s->default_passwd_callback = ctx->default_passwd_callback; ++ s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; ++ ++ s->method = ctx->method; ++ ++ s->key_update = SSL_KEY_UPDATE_NONE; ++ ++ s->allow_early_data_cb = ctx->allow_early_data_cb; ++ s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; ++ ++ if (!s->method->ssl_new(s)) ++ goto err; ++ ++ s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; ++ ++ if (!SSL_clear(s)) ++ goto err; ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) ++ goto err; ++ ++#ifndef OPENSSL_NO_PSK ++ s->psk_client_callback = ctx->psk_client_callback; ++ s->psk_server_callback = ctx->psk_server_callback; ++#endif ++ s->psk_find_session_cb = ctx->psk_find_session_cb; ++ s->psk_use_session_cb = ctx->psk_use_session_cb; ++ ++ s->job = NULL; ++ ++#ifndef OPENSSL_NO_CT ++ if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, ++ ctx->ct_validation_callback_arg)) ++ goto err; ++#endif ++ ++ return s; ++ err: ++ SSL_free(s); ++ SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++} ++ ++int SSL_is_dtls(const SSL *s) ++{ ++ return SSL_IS_DTLS(s) ? 1 : 0; ++} ++ ++int SSL_up_ref(SSL *s) ++{ ++ int i; ++ ++ if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0) ++ return 0; ++ ++ REF_PRINT_COUNT("SSL", s); ++ REF_ASSERT_ISNT(i < 2); ++ return ((i > 1) ? 1 : 0); ++} ++ ++int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len) ++{ ++ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ++ SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, ++ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); ++ return 0; ++ } ++ ctx->sid_ctx_length = sid_ctx_len; ++ memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); ++ ++ return 1; ++} ++ ++int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len) ++{ ++ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ++ SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, ++ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); ++ return 0; ++ } ++ ssl->sid_ctx_length = sid_ctx_len; ++ memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); ++ ++ return 1; ++} ++ ++int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) ++{ ++ CRYPTO_THREAD_write_lock(ctx->lock); ++ ctx->generate_session_id = cb; ++ CRYPTO_THREAD_unlock(ctx->lock); ++ return 1; ++} ++ ++int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) ++{ ++ CRYPTO_THREAD_write_lock(ssl->lock); ++ ssl->generate_session_id = cb; ++ CRYPTO_THREAD_unlock(ssl->lock); ++ return 1; ++} ++ ++int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, ++ unsigned int id_len) ++{ ++ /* ++ * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how ++ * we can "construct" a session to give us the desired check - i.e. to ++ * find if there's a session in the hash table that would conflict with ++ * any new session built out of this id/id_len and the ssl_version in use ++ * by this SSL. ++ */ ++ SSL_SESSION r, *p; ++ ++ if (id_len > sizeof(r.session_id)) ++ return 0; ++ ++ r.ssl_version = ssl->version; ++ r.session_id_length = id_len; ++ memcpy(r.session_id, id, id_len); ++ ++ CRYPTO_THREAD_read_lock(ssl->session_ctx->lock); ++ p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r); ++ CRYPTO_THREAD_unlock(ssl->session_ctx->lock); ++ return (p != NULL); ++} ++ ++int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) ++{ ++ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); ++} ++ ++int SSL_set_purpose(SSL *s, int purpose) ++{ ++ return X509_VERIFY_PARAM_set_purpose(s->param, purpose); ++} ++ ++int SSL_CTX_set_trust(SSL_CTX *s, int trust) ++{ ++ return X509_VERIFY_PARAM_set_trust(s->param, trust); ++} ++ ++int SSL_set_trust(SSL *s, int trust) ++{ ++ return X509_VERIFY_PARAM_set_trust(s->param, trust); ++} ++ ++int SSL_set1_host(SSL *s, const char *hostname) ++{ ++ return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); ++} ++ ++int SSL_add1_host(SSL *s, const char *hostname) ++{ ++ return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0); ++} ++ ++void SSL_set_hostflags(SSL *s, unsigned int flags) ++{ ++ X509_VERIFY_PARAM_set_hostflags(s->param, flags); ++} ++ ++const char *SSL_get0_peername(SSL *s) ++{ ++ return X509_VERIFY_PARAM_get0_peername(s->param); ++} ++ ++int SSL_CTX_dane_enable(SSL_CTX *ctx) ++{ ++ return dane_ctx_enable(&ctx->dane); ++} ++ ++unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags) ++{ ++ unsigned long orig = ctx->dane.flags; ++ ++ ctx->dane.flags |= flags; ++ return orig; ++} ++ ++unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags) ++{ ++ unsigned long orig = ctx->dane.flags; ++ ++ ctx->dane.flags &= ~flags; ++ return orig; ++} ++ ++int SSL_dane_enable(SSL *s, const char *basedomain) ++{ ++ SSL_DANE *dane = &s->dane; ++ ++ if (s->ctx->dane.mdmax == 0) { ++ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED); ++ return 0; ++ } ++ if (dane->trecs != NULL) { ++ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED); ++ return 0; ++ } ++ ++ /* ++ * Default SNI name. This rejects empty names, while set1_host below ++ * accepts them and disables host name checks. To avoid side-effects with ++ * invalid input, set the SNI name first. ++ */ ++ if (s->ext.hostname == NULL) { ++ if (!SSL_set_tlsext_host_name(s, basedomain)) { ++ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); ++ return -1; ++ } ++ } ++ ++ /* Primary RFC6125 reference identifier */ ++ if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) { ++ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); ++ return -1; ++ } ++ ++ dane->mdpth = -1; ++ dane->pdpth = -1; ++ dane->dctx = &s->ctx->dane; ++ dane->trecs = sk_danetls_record_new_null(); ++ ++ if (dane->trecs == NULL) { ++ SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ return 1; ++} ++ ++unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags) ++{ ++ unsigned long orig = ssl->dane.flags; ++ ++ ssl->dane.flags |= flags; ++ return orig; ++} ++ ++unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags) ++{ ++ unsigned long orig = ssl->dane.flags; ++ ++ ssl->dane.flags &= ~flags; ++ return orig; ++} ++ ++int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki) ++{ ++ SSL_DANE *dane = &s->dane; ++ ++ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) ++ return -1; ++ if (dane->mtlsa) { ++ if (mcert) ++ *mcert = dane->mcert; ++ if (mspki) ++ *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL; ++ } ++ return dane->mdpth; ++} ++ ++int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, ++ uint8_t *mtype, unsigned const char **data, size_t *dlen) ++{ ++ SSL_DANE *dane = &s->dane; ++ ++ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK) ++ return -1; ++ if (dane->mtlsa) { ++ if (usage) ++ *usage = dane->mtlsa->usage; ++ if (selector) ++ *selector = dane->mtlsa->selector; ++ if (mtype) ++ *mtype = dane->mtlsa->mtype; ++ if (data) ++ *data = dane->mtlsa->data; ++ if (dlen) ++ *dlen = dane->mtlsa->dlen; ++ } ++ return dane->mdpth; ++} ++ ++SSL_DANE *SSL_get0_dane(SSL *s) ++{ ++ return &s->dane; ++} ++ ++int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, ++ uint8_t mtype, unsigned const char *data, size_t dlen) ++{ ++ return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); ++} ++ ++int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, ++ uint8_t ord) ++{ ++ return dane_mtype_set(&ctx->dane, md, mtype, ord); ++} ++ ++int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) ++{ ++ return X509_VERIFY_PARAM_set1(ctx->param, vpm); ++} ++ ++int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) ++{ ++ return X509_VERIFY_PARAM_set1(ssl->param, vpm); ++} ++ ++X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) ++{ ++ return ctx->param; ++} ++ ++X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) ++{ ++ return ssl->param; ++} ++ ++void SSL_certs_clear(SSL *s) ++{ ++ ssl_cert_clear_certs(s->cert); ++} ++ ++void SSL_free(SSL *s) ++{ ++ int i; ++ ++ if (s == NULL) ++ return; ++ CRYPTO_DOWN_REF(&s->references, &i, s->lock); ++ REF_PRINT_COUNT("SSL", s); ++ if (i > 0) ++ return; ++ REF_ASSERT_ISNT(i < 0); ++ ++ X509_VERIFY_PARAM_free(s->param); ++ dane_final(&s->dane); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); ++ ++ /* Ignore return value */ ++ ssl_free_wbio_buffer(s); ++ ++ BIO_free_all(s->wbio); ++ BIO_free_all(s->rbio); ++ ++ BUF_MEM_free(s->init_buf); ++ ++ /* add extra stuff */ ++ sk_SSL_CIPHER_free(s->cipher_list); ++ sk_SSL_CIPHER_free(s->cipher_list_by_id); ++ sk_SSL_CIPHER_free(s->tls13_ciphersuites); ++ sk_SSL_CIPHER_free(s->peer_ciphers); ++ ++ /* Make the next call work :-) */ ++ if (s->session != NULL) { ++ ssl_clear_bad_session(s); ++ SSL_SESSION_free(s->session); ++ } ++ SSL_SESSION_free(s->psksession); ++ OPENSSL_free(s->psksession_id); ++ ++ clear_ciphers(s); ++ ++ ssl_cert_free(s->cert); ++ OPENSSL_free(s->shared_sigalgs); ++ /* Free up if allocated */ ++ ++ OPENSSL_free(s->ext.hostname); ++ SSL_CTX_free(s->session_ctx); ++#ifndef OPENSSL_NO_EC ++ OPENSSL_free(s->ext.ecpointformats); ++ OPENSSL_free(s->ext.peer_ecpointformats); ++ OPENSSL_free(s->ext.supportedgroups); ++ OPENSSL_free(s->ext.peer_supportedgroups); ++#endif /* OPENSSL_NO_EC */ ++ sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); ++#ifndef OPENSSL_NO_OCSP ++ sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); ++#endif ++#ifndef OPENSSL_NO_CT ++ SCT_LIST_free(s->scts); ++ OPENSSL_free(s->ext.scts); ++#endif ++ OPENSSL_free(s->ext.ocsp.resp); ++ OPENSSL_free(s->ext.alpn); ++ OPENSSL_free(s->ext.tls13_cookie); ++ if (s->clienthello != NULL) ++ OPENSSL_free(s->clienthello->pre_proc_exts); ++ OPENSSL_free(s->clienthello); ++ OPENSSL_free(s->pha_context); ++ EVP_MD_CTX_free(s->pha_dgst); ++ ++ sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); ++ sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); ++ ++ sk_X509_pop_free(s->verified_chain, X509_free); ++ ++ if (s->method != NULL) ++ s->method->ssl_free(s); ++ ++ RECORD_LAYER_release(&s->rlayer); ++ ++ SSL_CTX_free(s->ctx); ++ ++ ASYNC_WAIT_CTX_free(s->waitctx); ++ ++#if !defined(OPENSSL_NO_NEXTPROTONEG) ++ OPENSSL_free(s->ext.npn); ++#endif ++ ++#ifndef OPENSSL_NO_SRTP ++ sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); ++#endif ++ ++ CRYPTO_THREAD_lock_free(s->lock); ++ ++ OPENSSL_free(s); ++} ++ ++void SSL_set0_rbio(SSL *s, BIO *rbio) ++{ ++ BIO_free_all(s->rbio); ++ s->rbio = rbio; ++} ++ ++void SSL_set0_wbio(SSL *s, BIO *wbio) ++{ ++ /* ++ * If the output buffering BIO is still in place, remove it ++ */ ++ if (s->bbio != NULL) ++ s->wbio = BIO_pop(s->wbio); ++ ++ BIO_free_all(s->wbio); ++ s->wbio = wbio; ++ ++ /* Re-attach |bbio| to the new |wbio|. */ ++ if (s->bbio != NULL) ++ s->wbio = BIO_push(s->bbio, s->wbio); ++} ++ ++void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) ++{ ++ /* ++ * For historical reasons, this function has many different cases in ++ * ownership handling. ++ */ ++ ++ /* If nothing has changed, do nothing */ ++ if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s)) ++ return; ++ ++ /* ++ * If the two arguments are equal then one fewer reference is granted by the ++ * caller than we want to take ++ */ ++ if (rbio != NULL && rbio == wbio) ++ BIO_up_ref(rbio); ++ ++ /* ++ * If only the wbio is changed only adopt one reference. ++ */ ++ if (rbio == SSL_get_rbio(s)) { ++ SSL_set0_wbio(s, wbio); ++ return; ++ } ++ /* ++ * There is an asymmetry here for historical reasons. If only the rbio is ++ * changed AND the rbio and wbio were originally different, then we only ++ * adopt one reference. ++ */ ++ if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) { ++ SSL_set0_rbio(s, rbio); ++ return; ++ } ++ ++ /* Otherwise, adopt both references. */ ++ SSL_set0_rbio(s, rbio); ++ SSL_set0_wbio(s, wbio); ++} ++ ++BIO *SSL_get_rbio(const SSL *s) ++{ ++ return s->rbio; ++} ++ ++BIO *SSL_get_wbio(const SSL *s) ++{ ++ if (s->bbio != NULL) { ++ /* ++ * If |bbio| is active, the true caller-configured BIO is its ++ * |next_bio|. ++ */ ++ return BIO_next(s->bbio); ++ } ++ return s->wbio; ++} ++ ++int SSL_get_fd(const SSL *s) ++{ ++ return SSL_get_rfd(s); ++} ++ ++int SSL_get_rfd(const SSL *s) ++{ ++ int ret = -1; ++ BIO *b, *r; ++ ++ b = SSL_get_rbio(s); ++ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); ++ if (r != NULL) ++ BIO_get_fd(r, &ret); ++ return ret; ++} ++ ++int SSL_get_wfd(const SSL *s) ++{ ++ int ret = -1; ++ BIO *b, *r; ++ ++ b = SSL_get_wbio(s); ++ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); ++ if (r != NULL) ++ BIO_get_fd(r, &ret); ++ return ret; ++} ++ ++#ifndef OPENSSL_NO_SOCK ++int SSL_set_fd(SSL *s, int fd) ++{ ++ int ret = 0; ++ BIO *bio = NULL; ++ ++ bio = BIO_new(BIO_s_socket()); ++ ++ if (bio == NULL) { ++ SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); ++ goto err; ++ } ++ BIO_set_fd(bio, fd, BIO_NOCLOSE); ++ SSL_set_bio(s, bio, bio); ++ ret = 1; ++ err: ++ return ret; ++} ++ ++int SSL_set_wfd(SSL *s, int fd) ++{ ++ BIO *rbio = SSL_get_rbio(s); ++ ++ if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET ++ || (int)BIO_get_fd(rbio, NULL) != fd) { ++ BIO *bio = BIO_new(BIO_s_socket()); ++ ++ if (bio == NULL) { ++ SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); ++ return 0; ++ } ++ BIO_set_fd(bio, fd, BIO_NOCLOSE); ++ SSL_set0_wbio(s, bio); ++ } else { ++ BIO_up_ref(rbio); ++ SSL_set0_wbio(s, rbio); ++ } ++ return 1; ++} ++ ++int SSL_set_rfd(SSL *s, int fd) ++{ ++ BIO *wbio = SSL_get_wbio(s); ++ ++ if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET ++ || ((int)BIO_get_fd(wbio, NULL) != fd)) { ++ BIO *bio = BIO_new(BIO_s_socket()); ++ ++ if (bio == NULL) { ++ SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); ++ return 0; ++ } ++ BIO_set_fd(bio, fd, BIO_NOCLOSE); ++ SSL_set0_rbio(s, bio); ++ } else { ++ BIO_up_ref(wbio); ++ SSL_set0_rbio(s, wbio); ++ } ++ ++ return 1; ++} ++#endif ++ ++/* return length of latest Finished message we sent, copy to 'buf' */ ++size_t SSL_get_finished(const SSL *s, void *buf, size_t count) ++{ ++ size_t ret = 0; ++ ++ if (s->s3 != NULL) { ++ ret = s->s3->tmp.finish_md_len; ++ if (count > ret) ++ count = ret; ++ memcpy(buf, s->s3->tmp.finish_md, count); ++ } ++ return ret; ++} ++ ++/* return length of latest Finished message we expected, copy to 'buf' */ ++size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) ++{ ++ size_t ret = 0; ++ ++ if (s->s3 != NULL) { ++ ret = s->s3->tmp.peer_finish_md_len; ++ if (count > ret) ++ count = ret; ++ memcpy(buf, s->s3->tmp.peer_finish_md, count); ++ } ++ return ret; ++} ++ ++int SSL_get_verify_mode(const SSL *s) ++{ ++ return s->verify_mode; ++} ++ ++int SSL_get_verify_depth(const SSL *s) ++{ ++ return X509_VERIFY_PARAM_get_depth(s->param); ++} ++ ++int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { ++ return s->verify_callback; ++} ++ ++int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) ++{ ++ return ctx->verify_mode; ++} ++ ++int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) ++{ ++ return X509_VERIFY_PARAM_get_depth(ctx->param); ++} ++ ++int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { ++ return ctx->default_verify_callback; ++} ++ ++void SSL_set_verify(SSL *s, int mode, ++ int (*callback) (int ok, X509_STORE_CTX *ctx)) ++{ ++ s->verify_mode = mode; ++ if (callback != NULL) ++ s->verify_callback = callback; ++} ++ ++void SSL_set_verify_depth(SSL *s, int depth) ++{ ++ X509_VERIFY_PARAM_set_depth(s->param, depth); ++} ++ ++void SSL_set_read_ahead(SSL *s, int yes) ++{ ++ RECORD_LAYER_set_read_ahead(&s->rlayer, yes); ++} ++ ++int SSL_get_read_ahead(const SSL *s) ++{ ++ return RECORD_LAYER_get_read_ahead(&s->rlayer); ++} ++ ++int SSL_pending(const SSL *s) ++{ ++ size_t pending = s->method->ssl_pending(s); ++ ++ /* ++ * SSL_pending cannot work properly if read-ahead is enabled ++ * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is ++ * impossible to fix since SSL_pending cannot report errors that may be ++ * observed while scanning the new data. (Note that SSL_pending() is ++ * often used as a boolean value, so we'd better not return -1.) ++ * ++ * SSL_pending also cannot work properly if the value >INT_MAX. In that case ++ * we just return INT_MAX. ++ */ ++ return pending < INT_MAX ? (int)pending : INT_MAX; ++} ++ ++int SSL_has_pending(const SSL *s) ++{ ++ /* ++ * Similar to SSL_pending() but returns a 1 to indicate that we have ++ * processed or unprocessed data available or 0 otherwise (as opposed to the ++ * number of bytes available). Unlike SSL_pending() this will take into ++ * account read_ahead data. A 1 return simply indicates that we have data. ++ * That data may not result in any application data, or we may fail to parse ++ * the records for some reason. ++ */ ++ ++ /* Check buffered app data if any first */ ++ if (SSL_IS_DTLS(s)) { ++ DTLS1_RECORD_DATA *rdata; ++ pitem *item, *iter; ++ ++ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q); ++ while ((item = pqueue_next(&iter)) != NULL) { ++ rdata = item->data; ++ if (rdata->rrec.length > 0) ++ return 1; ++ } ++ } ++ ++ if (RECORD_LAYER_processed_read_pending(&s->rlayer)) ++ return 1; ++ ++ return RECORD_LAYER_read_pending(&s->rlayer); ++} ++ ++X509 *SSL_get_peer_certificate(const SSL *s) ++{ ++ X509 *r; ++ ++ if ((s == NULL) || (s->session == NULL)) ++ r = NULL; ++ else ++ r = s->session->peer; ++ ++ if (r == NULL) ++ return r; ++ ++ X509_up_ref(r); ++ ++ return r; ++} ++ ++STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) ++{ ++ STACK_OF(X509) *r; ++ ++ if ((s == NULL) || (s->session == NULL)) ++ r = NULL; ++ else ++ r = s->session->peer_chain; ++ ++ /* ++ * If we are a client, cert_chain includes the peer's own certificate; if ++ * we are a server, it does not. ++ */ ++ ++ return r; ++} ++ ++/* ++ * Now in theory, since the calling process own 't' it should be safe to ++ * modify. We need to be able to read f without being hassled ++ */ ++int SSL_copy_session_id(SSL *t, const SSL *f) ++{ ++ int i; ++ /* Do we need to to SSL locking? */ ++ if (!SSL_set_session(t, SSL_get_session(f))) { ++ return 0; ++ } ++ ++ /* ++ * what if we are setup for one protocol version but want to talk another ++ */ ++ if (t->method != f->method) { ++ t->method->ssl_free(t); ++ t->method = f->method; ++ if (t->method->ssl_new(t) == 0) ++ return 0; ++ } ++ ++ CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); ++ ssl_cert_free(t->cert); ++ t->cert = f->cert; ++ if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { ++ return 0; ++ } ++ ++ return 1; ++} ++ ++/* Fix this so it checks all the valid key/cert options */ ++int SSL_CTX_check_private_key(const SSL_CTX *ctx) ++{ ++ if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) { ++ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); ++ return 0; ++ } ++ if (ctx->cert->key->privatekey == NULL) { ++ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); ++ return 0; ++ } ++ return X509_check_private_key ++ (ctx->cert->key->x509, ctx->cert->key->privatekey); ++} ++ ++/* Fix this function so that it takes an optional type parameter */ ++int SSL_check_private_key(const SSL *ssl) ++{ ++ if (ssl == NULL) { ++ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (ssl->cert->key->x509 == NULL) { ++ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); ++ return 0; ++ } ++ if (ssl->cert->key->privatekey == NULL) { ++ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); ++ return 0; ++ } ++ return X509_check_private_key(ssl->cert->key->x509, ++ ssl->cert->key->privatekey); ++} ++ ++int SSL_waiting_for_async(SSL *s) ++{ ++ if (s->job) ++ return 1; ++ ++ return 0; ++} ++ ++int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds) ++{ ++ ASYNC_WAIT_CTX *ctx = s->waitctx; ++ ++ if (ctx == NULL) ++ return 0; ++ return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds); ++} ++ ++int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, ++ OSSL_ASYNC_FD *delfd, size_t *numdelfds) ++{ ++ ASYNC_WAIT_CTX *ctx = s->waitctx; ++ ++ if (ctx == NULL) ++ return 0; ++ return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd, ++ numdelfds); ++} ++ ++int SSL_accept(SSL *s) ++{ ++ if (s->handshake_func == NULL) { ++ /* Not properly initialized yet */ ++ SSL_set_accept_state(s); ++ } ++ ++ return SSL_do_handshake(s); ++} ++ ++int SSL_connect(SSL *s) ++{ ++ if (s->handshake_func == NULL) { ++ /* Not properly initialized yet */ ++ SSL_set_connect_state(s); ++ } ++ ++ return SSL_do_handshake(s); ++} ++ ++long SSL_get_default_timeout(const SSL *s) ++{ ++ return s->method->get_timeout(); ++} ++ ++static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, ++ int (*func) (void *)) ++{ ++ int ret; ++ if (s->waitctx == NULL) { ++ s->waitctx = ASYNC_WAIT_CTX_new(); ++ if (s->waitctx == NULL) ++ return -1; ++ } ++ ++ s->rwstate = SSL_NOTHING; ++ switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, ++ sizeof(struct ssl_async_args))) { ++ case ASYNC_ERR: ++ s->rwstate = SSL_NOTHING; ++ SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC); ++ return -1; ++ case ASYNC_PAUSE: ++ s->rwstate = SSL_ASYNC_PAUSED; ++ return -1; ++ case ASYNC_NO_JOBS: ++ s->rwstate = SSL_ASYNC_NO_JOBS; ++ return -1; ++ case ASYNC_FINISH: ++ s->job = NULL; ++ return ret; ++ default: ++ s->rwstate = SSL_NOTHING; ++ SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR); ++ /* Shouldn't happen */ ++ return -1; ++ } ++} ++ ++static int ssl_io_intern(void *vargs) ++{ ++ struct ssl_async_args *args; ++ SSL *s; ++ void *buf; ++ size_t num; ++ ++ args = (struct ssl_async_args *)vargs; ++ s = args->s; ++ buf = args->buf; ++ num = args->num; ++ switch (args->type) { ++ case READFUNC: ++ return args->f.func_read(s, buf, num, &s->asyncrw); ++ case WRITEFUNC: ++ return args->f.func_write(s, buf, num, &s->asyncrw); ++ case OTHERFUNC: ++ return args->f.func_other(s); ++ } ++ return -1; ++} ++ ++int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) ++{ ++ if (s->handshake_func == NULL) { ++ SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED); ++ return -1; ++ } ++ ++ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { ++ s->rwstate = SSL_NOTHING; ++ return 0; ++ } ++ ++ if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY ++ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { ++ SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ /* ++ * If we are a client and haven't received the ServerHello etc then we ++ * better do that ++ */ ++ ossl_statem_check_finish_init(s, 0); ++ ++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { ++ struct ssl_async_args args; ++ int ret; ++ ++ args.s = s; ++ args.buf = buf; ++ args.num = num; ++ args.type = READFUNC; ++ args.f.func_read = s->method->ssl_read; ++ ++ ret = ssl_start_async_job(s, &args, ssl_io_intern); ++ *readbytes = s->asyncrw; ++ return ret; ++ } else { ++ return s->method->ssl_read(s, buf, num, readbytes); ++ } ++} ++ ++int SSL_read(SSL *s, void *buf, int num) ++{ ++ int ret; ++ size_t readbytes; ++ ++ if (num < 0) { ++ SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH); ++ return -1; ++ } ++ ++ ret = ssl_read_internal(s, buf, (size_t)num, &readbytes); ++ ++ /* ++ * The cast is safe here because ret should be <= INT_MAX because num is ++ * <= INT_MAX ++ */ ++ if (ret > 0) ++ ret = (int)readbytes; ++ ++ return ret; ++} ++ ++int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) ++{ ++ int ret = ssl_read_internal(s, buf, num, readbytes); ++ ++ if (ret < 0) ++ ret = 0; ++ return ret; ++} ++ ++int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) ++{ ++ int ret; ++ ++ if (!s->server) { ++ SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return SSL_READ_EARLY_DATA_ERROR; ++ } ++ ++ switch (s->early_data_state) { ++ case SSL_EARLY_DATA_NONE: ++ if (!SSL_in_before(s)) { ++ SSLerr(SSL_F_SSL_READ_EARLY_DATA, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return SSL_READ_EARLY_DATA_ERROR; ++ } ++ /* fall through */ ++ ++ case SSL_EARLY_DATA_ACCEPT_RETRY: ++ s->early_data_state = SSL_EARLY_DATA_ACCEPTING; ++ ret = SSL_accept(s); ++ if (ret <= 0) { ++ /* NBIO or error */ ++ s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; ++ return SSL_READ_EARLY_DATA_ERROR; ++ } ++ /* fall through */ ++ ++ case SSL_EARLY_DATA_READ_RETRY: ++ if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { ++ s->early_data_state = SSL_EARLY_DATA_READING; ++ ret = SSL_read_ex(s, buf, num, readbytes); ++ /* ++ * State machine will update early_data_state to ++ * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData ++ * message ++ */ ++ if (ret > 0 || (ret <= 0 && s->early_data_state ++ != SSL_EARLY_DATA_FINISHED_READING)) { ++ s->early_data_state = SSL_EARLY_DATA_READ_RETRY; ++ return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS ++ : SSL_READ_EARLY_DATA_ERROR; ++ } ++ } else { ++ s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; ++ } ++ *readbytes = 0; ++ return SSL_READ_EARLY_DATA_FINISH; ++ ++ default: ++ SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return SSL_READ_EARLY_DATA_ERROR; ++ } ++} ++ ++int SSL_get_early_data_status(const SSL *s) ++{ ++ return s->ext.early_data; ++} ++ ++static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) ++{ ++ if (s->handshake_func == NULL) { ++ SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED); ++ return -1; ++ } ++ ++ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { ++ return 0; ++ } ++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { ++ struct ssl_async_args args; ++ int ret; ++ ++ args.s = s; ++ args.buf = buf; ++ args.num = num; ++ args.type = READFUNC; ++ args.f.func_read = s->method->ssl_peek; ++ ++ ret = ssl_start_async_job(s, &args, ssl_io_intern); ++ *readbytes = s->asyncrw; ++ return ret; ++ } else { ++ return s->method->ssl_peek(s, buf, num, readbytes); ++ } ++} ++ ++int SSL_peek(SSL *s, void *buf, int num) ++{ ++ int ret; ++ size_t readbytes; ++ ++ if (num < 0) { ++ SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH); ++ return -1; ++ } ++ ++ ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes); ++ ++ /* ++ * The cast is safe here because ret should be <= INT_MAX because num is ++ * <= INT_MAX ++ */ ++ if (ret > 0) ++ ret = (int)readbytes; ++ ++ return ret; ++} ++ ++ ++int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) ++{ ++ int ret = ssl_peek_internal(s, buf, num, readbytes); ++ ++ if (ret < 0) ++ ret = 0; ++ return ret; ++} ++ ++int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) ++{ ++ if (s->handshake_func == NULL) { ++ SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED); ++ return -1; ++ } ++ ++ if (s->shutdown & SSL_SENT_SHUTDOWN) { ++ s->rwstate = SSL_NOTHING; ++ SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN); ++ return -1; ++ } ++ ++ if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY ++ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY ++ || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { ++ SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ /* If we are a client and haven't sent the Finished we better do that */ ++ ossl_statem_check_finish_init(s, 1); ++ ++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { ++ int ret; ++ struct ssl_async_args args; ++ ++ args.s = s; ++ args.buf = (void *)buf; ++ args.num = num; ++ args.type = WRITEFUNC; ++ args.f.func_write = s->method->ssl_write; ++ ++ ret = ssl_start_async_job(s, &args, ssl_io_intern); ++ *written = s->asyncrw; ++ return ret; ++ } else { ++ return s->method->ssl_write(s, buf, num, written); ++ } ++} ++ ++int SSL_write(SSL *s, const void *buf, int num) ++{ ++ int ret; ++ size_t written; ++ ++ if (num < 0) { ++ SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH); ++ return -1; ++ } ++ ++ ret = ssl_write_internal(s, buf, (size_t)num, &written); ++ ++ /* ++ * The cast is safe here because ret should be <= INT_MAX because num is ++ * <= INT_MAX ++ */ ++ if (ret > 0) ++ ret = (int)written; ++ ++ return ret; ++} ++ ++int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) ++{ ++ int ret = ssl_write_internal(s, buf, num, written); ++ ++ if (ret < 0) ++ ret = 0; ++ return ret; ++} ++ ++int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) ++{ ++ int ret, early_data_state; ++ size_t writtmp; ++ uint32_t partialwrite; ++ ++ switch (s->early_data_state) { ++ case SSL_EARLY_DATA_NONE: ++ if (s->server ++ || !SSL_in_before(s) ++ || ((s->session == NULL || s->session->ext.max_early_data == 0) ++ && (s->psk_use_session_cb == NULL))) { ++ SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ /* fall through */ ++ ++ case SSL_EARLY_DATA_CONNECT_RETRY: ++ s->early_data_state = SSL_EARLY_DATA_CONNECTING; ++ ret = SSL_connect(s); ++ if (ret <= 0) { ++ /* NBIO or error */ ++ s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; ++ return 0; ++ } ++ /* fall through */ ++ ++ case SSL_EARLY_DATA_WRITE_RETRY: ++ s->early_data_state = SSL_EARLY_DATA_WRITING; ++ /* ++ * We disable partial write for early data because we don't keep track ++ * of how many bytes we've written between the SSL_write_ex() call and ++ * the flush if the flush needs to be retried) ++ */ ++ partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; ++ s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; ++ ret = SSL_write_ex(s, buf, num, &writtmp); ++ s->mode |= partialwrite; ++ if (!ret) { ++ s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; ++ return ret; ++ } ++ s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; ++ /* fall through */ ++ ++ case SSL_EARLY_DATA_WRITE_FLUSH: ++ /* The buffering BIO is still in place so we need to flush it */ ++ if (statem_flush(s) != 1) ++ return 0; ++ *written = num; ++ s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; ++ return 1; ++ ++ case SSL_EARLY_DATA_FINISHED_READING: ++ case SSL_EARLY_DATA_READ_RETRY: ++ early_data_state = s->early_data_state; ++ /* We are a server writing to an unauthenticated client */ ++ s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; ++ ret = SSL_write_ex(s, buf, num, written); ++ /* The buffering BIO is still in place */ ++ if (ret) ++ (void)BIO_flush(s->wbio); ++ s->early_data_state = early_data_state; ++ return ret; ++ ++ default: ++ SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++} ++ ++int SSL_shutdown(SSL *s) ++{ ++ /* ++ * Note that this function behaves differently from what one might ++ * expect. Return values are 0 for no success (yet), 1 for success; but ++ * calling it once is usually not enough, even if blocking I/O is used ++ * (see ssl3_shutdown). ++ */ ++ ++ if (s->handshake_func == NULL) { ++ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); ++ return -1; ++ } ++ ++ if (!SSL_in_init(s)) { ++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { ++ struct ssl_async_args args; ++ ++ memset(&args, 0, sizeof(args)); ++ args.s = s; ++ args.type = OTHERFUNC; ++ args.f.func_other = s->method->ssl_shutdown; ++ ++ return ssl_start_async_job(s, &args, ssl_io_intern); ++ } else { ++ return s->method->ssl_shutdown(s); ++ } ++ } else { ++ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT); ++ return -1; ++ } ++} ++ ++int SSL_key_update(SSL *s, int updatetype) ++{ ++ /* ++ * TODO(TLS1.3): How will applications know whether TLSv1.3 has been ++ * negotiated, and that it is appropriate to call SSL_key_update() instead ++ * of SSL_renegotiate(). ++ */ ++ if (!SSL_IS_TLS13(s)) { ++ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION); ++ return 0; ++ } ++ ++ if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED ++ && updatetype != SSL_KEY_UPDATE_REQUESTED) { ++ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE); ++ return 0; ++ } ++ ++ if (!SSL_is_init_finished(s)) { ++ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT); ++ return 0; ++ } ++ ++ if (RECORD_LAYER_write_pending(&s->rlayer)) { ++ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY); ++ return 0; ++ } ++ ++ ossl_statem_set_in_init(s, 1); ++ s->key_update = updatetype; ++ return 1; ++} ++ ++int SSL_get_key_update_type(const SSL *s) ++{ ++ return s->key_update; ++} ++ ++int SSL_renegotiate(SSL *s) ++{ ++ if (SSL_IS_TLS13(s)) { ++ SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION); ++ return 0; ++ } ++ ++ if ((s->options & SSL_OP_NO_RENEGOTIATION)) { ++ SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION); ++ return 0; ++ } ++ ++ s->renegotiate = 1; ++ s->new_session = 1; ++ ++ return s->method->ssl_renegotiate(s); ++} ++ ++int SSL_renegotiate_abbreviated(SSL *s) ++{ ++ if (SSL_IS_TLS13(s)) { ++ SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION); ++ return 0; ++ } ++ ++ if ((s->options & SSL_OP_NO_RENEGOTIATION)) { ++ SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION); ++ return 0; ++ } ++ ++ s->renegotiate = 1; ++ s->new_session = 0; ++ ++ return s->method->ssl_renegotiate(s); ++} ++ ++int SSL_renegotiate_pending(const SSL *s) ++{ ++ /* ++ * becomes true when negotiation is requested; false again once a ++ * handshake has finished ++ */ ++ return (s->renegotiate != 0); ++} ++ ++long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) ++{ ++ long l; ++ ++ switch (cmd) { ++ case SSL_CTRL_GET_READ_AHEAD: ++ return RECORD_LAYER_get_read_ahead(&s->rlayer); ++ case SSL_CTRL_SET_READ_AHEAD: ++ l = RECORD_LAYER_get_read_ahead(&s->rlayer); ++ RECORD_LAYER_set_read_ahead(&s->rlayer, larg); ++ return l; ++ ++ case SSL_CTRL_SET_MSG_CALLBACK_ARG: ++ s->msg_callback_arg = parg; ++ return 1; ++ ++ case SSL_CTRL_MODE: ++ return (s->mode |= larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return (s->mode &= ~larg); ++ case SSL_CTRL_GET_MAX_CERT_LIST: ++ return (long)s->max_cert_list; ++ case SSL_CTRL_SET_MAX_CERT_LIST: ++ if (larg < 0) ++ return 0; ++ l = (long)s->max_cert_list; ++ s->max_cert_list = (size_t)larg; ++ return l; ++ case SSL_CTRL_SET_MAX_SEND_FRAGMENT: ++ if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) ++ return 0; ++ s->max_send_fragment = larg; ++ if (s->max_send_fragment < s->split_send_fragment) ++ s->split_send_fragment = s->max_send_fragment; ++ return 1; ++ case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: ++ if ((size_t)larg > s->max_send_fragment || larg == 0) ++ return 0; ++ s->split_send_fragment = larg; ++ return 1; ++ case SSL_CTRL_SET_MAX_PIPELINES: ++ if (larg < 1 || larg > SSL_MAX_PIPELINES) ++ return 0; ++ s->max_pipelines = larg; ++ if (larg > 1) ++ RECORD_LAYER_set_read_ahead(&s->rlayer, 1); ++ return 1; ++ case SSL_CTRL_GET_RI_SUPPORT: ++ if (s->s3) ++ return s->s3->send_connection_binding; ++ else ++ return 0; ++ case SSL_CTRL_CERT_FLAGS: ++ return (s->cert->cert_flags |= larg); ++ case SSL_CTRL_CLEAR_CERT_FLAGS: ++ return (s->cert->cert_flags &= ~larg); ++ ++ case SSL_CTRL_GET_RAW_CIPHERLIST: ++ if (parg) { ++ if (s->s3->tmp.ciphers_raw == NULL) ++ return 0; ++ *(unsigned char **)parg = s->s3->tmp.ciphers_raw; ++ return (int)s->s3->tmp.ciphers_rawlen; ++ } else { ++ return TLS_CIPHER_LEN; ++ } ++ case SSL_CTRL_GET_EXTMS_SUPPORT: ++ if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) ++ return -1; ++ if (s->session->flags & SSL_SESS_FLAG_EXTMS) ++ return 1; ++ else ++ return 0; ++ case SSL_CTRL_SET_MIN_PROTO_VERSION: ++ return ssl_check_allowed_versions(larg, s->max_proto_version) ++ && ssl_set_version_bound(s->ctx->method->version, (int)larg, ++ &s->min_proto_version); ++ case SSL_CTRL_GET_MIN_PROTO_VERSION: ++ return s->min_proto_version; ++ case SSL_CTRL_SET_MAX_PROTO_VERSION: ++ return ssl_check_allowed_versions(s->min_proto_version, larg) ++ && ssl_set_version_bound(s->ctx->method->version, (int)larg, ++ &s->max_proto_version); ++ case SSL_CTRL_GET_MAX_PROTO_VERSION: ++ return s->max_proto_version; ++ default: ++ return s->method->ssl_ctrl(s, cmd, larg, parg); ++ } ++} ++ ++long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) ++{ ++ switch (cmd) { ++ case SSL_CTRL_SET_MSG_CALLBACK: ++ s->msg_callback = (void (*) ++ (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, ++ void *arg))(fp); ++ return 1; ++ ++ default: ++ return s->method->ssl_callback_ctrl(s, cmd, fp); ++ } ++} ++ ++LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) ++{ ++ return ctx->sessions; ++} ++ ++long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ++{ ++ long l; ++ /* For some cases with ctx == NULL perform syntax checks */ ++ if (ctx == NULL) { ++ switch (cmd) { ++#ifndef OPENSSL_NO_EC ++ case SSL_CTRL_SET_GROUPS_LIST: ++ return tls1_set_groups_list(NULL, NULL, parg); ++#endif ++ case SSL_CTRL_SET_SIGALGS_LIST: ++ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: ++ return tls1_set_sigalgs_list(NULL, parg, 0); ++ default: ++ return 0; ++ } ++ } ++ ++ switch (cmd) { ++ case SSL_CTRL_GET_READ_AHEAD: ++ return ctx->read_ahead; ++ case SSL_CTRL_SET_READ_AHEAD: ++ l = ctx->read_ahead; ++ ctx->read_ahead = larg; ++ return l; ++ ++ case SSL_CTRL_SET_MSG_CALLBACK_ARG: ++ ctx->msg_callback_arg = parg; ++ return 1; ++ ++ case SSL_CTRL_GET_MAX_CERT_LIST: ++ return (long)ctx->max_cert_list; ++ case SSL_CTRL_SET_MAX_CERT_LIST: ++ if (larg < 0) ++ return 0; ++ l = (long)ctx->max_cert_list; ++ ctx->max_cert_list = (size_t)larg; ++ return l; ++ ++ case SSL_CTRL_SET_SESS_CACHE_SIZE: ++ if (larg < 0) ++ return 0; ++ l = (long)ctx->session_cache_size; ++ ctx->session_cache_size = (size_t)larg; ++ return l; ++ case SSL_CTRL_GET_SESS_CACHE_SIZE: ++ return (long)ctx->session_cache_size; ++ case SSL_CTRL_SET_SESS_CACHE_MODE: ++ l = ctx->session_cache_mode; ++ ctx->session_cache_mode = larg; ++ return l; ++ case SSL_CTRL_GET_SESS_CACHE_MODE: ++ return ctx->session_cache_mode; ++ ++ case SSL_CTRL_SESS_NUMBER: ++ return lh_SSL_SESSION_num_items(ctx->sessions); ++ case SSL_CTRL_SESS_CONNECT: ++ return tsan_load(&ctx->stats.sess_connect); ++ case SSL_CTRL_SESS_CONNECT_GOOD: ++ return tsan_load(&ctx->stats.sess_connect_good); ++ case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: ++ return tsan_load(&ctx->stats.sess_connect_renegotiate); ++ case SSL_CTRL_SESS_ACCEPT: ++ return tsan_load(&ctx->stats.sess_accept); ++ case SSL_CTRL_SESS_ACCEPT_GOOD: ++ return tsan_load(&ctx->stats.sess_accept_good); ++ case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: ++ return tsan_load(&ctx->stats.sess_accept_renegotiate); ++ case SSL_CTRL_SESS_HIT: ++ return tsan_load(&ctx->stats.sess_hit); ++ case SSL_CTRL_SESS_CB_HIT: ++ return tsan_load(&ctx->stats.sess_cb_hit); ++ case SSL_CTRL_SESS_MISSES: ++ return tsan_load(&ctx->stats.sess_miss); ++ case SSL_CTRL_SESS_TIMEOUTS: ++ return tsan_load(&ctx->stats.sess_timeout); ++ case SSL_CTRL_SESS_CACHE_FULL: ++ return tsan_load(&ctx->stats.sess_cache_full); ++ case SSL_CTRL_MODE: ++ return (ctx->mode |= larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return (ctx->mode &= ~larg); ++ case SSL_CTRL_SET_MAX_SEND_FRAGMENT: ++ if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) ++ return 0; ++ ctx->max_send_fragment = larg; ++ if (ctx->max_send_fragment < ctx->split_send_fragment) ++ ctx->split_send_fragment = ctx->max_send_fragment; ++ return 1; ++ case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: ++ if ((size_t)larg > ctx->max_send_fragment || larg == 0) ++ return 0; ++ ctx->split_send_fragment = larg; ++ return 1; ++ case SSL_CTRL_SET_MAX_PIPELINES: ++ if (larg < 1 || larg > SSL_MAX_PIPELINES) ++ return 0; ++ ctx->max_pipelines = larg; ++ return 1; ++ case SSL_CTRL_CERT_FLAGS: ++ return (ctx->cert->cert_flags |= larg); ++ case SSL_CTRL_CLEAR_CERT_FLAGS: ++ return (ctx->cert->cert_flags &= ~larg); ++ case SSL_CTRL_SET_MIN_PROTO_VERSION: ++ return ssl_check_allowed_versions(larg, ctx->max_proto_version) ++ && ssl_set_version_bound(ctx->method->version, (int)larg, ++ &ctx->min_proto_version); ++ case SSL_CTRL_GET_MIN_PROTO_VERSION: ++ return ctx->min_proto_version; ++ case SSL_CTRL_SET_MAX_PROTO_VERSION: ++ return ssl_check_allowed_versions(ctx->min_proto_version, larg) ++ && ssl_set_version_bound(ctx->method->version, (int)larg, ++ &ctx->max_proto_version); ++ case SSL_CTRL_GET_MAX_PROTO_VERSION: ++ return ctx->max_proto_version; ++ default: ++ return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); ++ } ++} ++ ++long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ++{ ++ switch (cmd) { ++ case SSL_CTRL_SET_MSG_CALLBACK: ++ ctx->msg_callback = (void (*) ++ (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, ++ void *arg))(fp); ++ return 1; ++ ++ default: ++ return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); ++ } ++} ++ ++int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) ++{ ++ if (a->id > b->id) ++ return 1; ++ if (a->id < b->id) ++ return -1; ++ return 0; ++} ++ ++int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, ++ const SSL_CIPHER *const *bp) ++{ ++ if ((*ap)->id > (*bp)->id) ++ return 1; ++ if ((*ap)->id < (*bp)->id) ++ return -1; ++ return 0; ++} ++ ++/** return a STACK of the ciphers available for the SSL and in order of ++ * preference */ ++STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) ++{ ++ if (s != NULL) { ++ if (s->cipher_list != NULL) { ++ return s->cipher_list; ++ } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { ++ return s->ctx->cipher_list; ++ } ++ } ++ return NULL; ++} ++ ++STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) ++{ ++ if ((s == NULL) || !s->server) ++ return NULL; ++ return s->peer_ciphers; ++} ++ ++STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) ++{ ++ STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; ++ int i; ++ ++ ciphers = SSL_get_ciphers(s); ++ if (!ciphers) ++ return NULL; ++ if (!ssl_set_client_disabled(s)) ++ return NULL; ++ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { ++ const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); ++ if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { ++ if (!sk) ++ sk = sk_SSL_CIPHER_new_null(); ++ if (!sk) ++ return NULL; ++ if (!sk_SSL_CIPHER_push(sk, c)) { ++ sk_SSL_CIPHER_free(sk); ++ return NULL; ++ } ++ } ++ } ++ return sk; ++} ++ ++/** return a STACK of the ciphers available for the SSL and in order of ++ * algorithm id */ ++STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) ++{ ++ if (s != NULL) { ++ if (s->cipher_list_by_id != NULL) { ++ return s->cipher_list_by_id; ++ } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { ++ return s->ctx->cipher_list_by_id; ++ } ++ } ++ return NULL; ++} ++ ++/** The old interface to get the same thing as SSL_get_ciphers() */ ++const char *SSL_get_cipher_list(const SSL *s, int n) ++{ ++ const SSL_CIPHER *c; ++ STACK_OF(SSL_CIPHER) *sk; ++ ++ if (s == NULL) ++ return NULL; ++ sk = SSL_get_ciphers(s); ++ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) ++ return NULL; ++ c = sk_SSL_CIPHER_value(sk, n); ++ if (c == NULL) ++ return NULL; ++ return c->name; ++} ++ ++/** return a STACK of the ciphers available for the SSL_CTX and in order of ++ * preference */ ++STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) ++{ ++ if (ctx != NULL) ++ return ctx->cipher_list; ++ return NULL; ++} ++ ++/* ++ * Distinguish between ciphers controlled by set_ciphersuite() and ++ * set_cipher_list() when counting. ++ */ ++static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) ++{ ++ int i, num = 0; ++ const SSL_CIPHER *c; ++ ++ if (sk == NULL) ++ return 0; ++ for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { ++ c = sk_SSL_CIPHER_value(sk, i); ++ if (c->min_tls >= TLS1_3_VERSION) ++ continue; ++ num++; ++ } ++ return num; ++} ++ ++/** specify the ciphers to be used by default by the SSL_CTX */ ++int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) ++{ ++ STACK_OF(SSL_CIPHER) *sk; ++ ++ sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, ++ &ctx->cipher_list, &ctx->cipher_list_by_id, str, ++ ctx->cert); ++ /* ++ * ssl_create_cipher_list may return an empty stack if it was unable to ++ * find a cipher matching the given rule string (for example if the rule ++ * string specifies a cipher which has been disabled). This is not an ++ * error as far as ssl_create_cipher_list is concerned, and hence ++ * ctx->cipher_list and ctx->cipher_list_by_id has been updated. ++ */ ++ if (sk == NULL) ++ return 0; ++ else if (cipher_list_tls12_num(sk) == 0) { ++ SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); ++ return 0; ++ } ++ return 1; ++} ++ ++/** specify the ciphers to be used by the SSL */ ++int SSL_set_cipher_list(SSL *s, const char *str) ++{ ++ STACK_OF(SSL_CIPHER) *sk; ++ ++ sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites, ++ &s->cipher_list, &s->cipher_list_by_id, str, ++ s->cert); ++ /* see comment in SSL_CTX_set_cipher_list */ ++ if (sk == NULL) ++ return 0; ++ else if (cipher_list_tls12_num(sk) == 0) { ++ SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); ++ return 0; ++ } ++ return 1; ++} ++ ++char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) ++{ ++ char *p; ++ STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; ++ const SSL_CIPHER *c; ++ int i; ++ ++ if (!s->server ++ || s->peer_ciphers == NULL ++ || size < 2) ++ return NULL; ++ ++ p = buf; ++ clntsk = s->peer_ciphers; ++ srvrsk = SSL_get_ciphers(s); ++ if (clntsk == NULL || srvrsk == NULL) ++ return NULL; ++ ++ if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) ++ return NULL; ++ ++ for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { ++ int n; ++ ++ c = sk_SSL_CIPHER_value(clntsk, i); ++ if (sk_SSL_CIPHER_find(srvrsk, c) < 0) ++ continue; ++ ++ n = strlen(c->name); ++ if (n + 1 > size) { ++ if (p != buf) ++ --p; ++ *p = '\0'; ++ return buf; ++ } ++ strcpy(p, c->name); ++ p += n; ++ *(p++) = ':'; ++ size -= n + 1; ++ } ++ p[-1] = '\0'; ++ return buf; ++} ++ ++/** ++ * Return the requested servername (SNI) value. Note that the behaviour varies ++ * depending on: ++ * - whether this is called by the client or the server, ++ * - if we are before or during/after the handshake, ++ * - if a resumption or normal handshake is being attempted/has occurred ++ * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 ++ * ++ * Note that only the host_name type is defined (RFC 3546). ++ */ ++const char *SSL_get_servername(const SSL *s, const int type) ++{ ++ /* ++ * If we don't know if we are the client or the server yet then we assume ++ * client. ++ */ ++ int server = s->handshake_func == NULL ? 0 : s->server; ++ if (type != TLSEXT_NAMETYPE_host_name) ++ return NULL; ++ ++ if (server) { ++ /** ++ * Server side ++ * In TLSv1.3 on the server SNI is not associated with the session ++ * but in TLSv1.2 or below it is. ++ * ++ * Before the handshake: ++ * - return NULL ++ * ++ * During/after the handshake (TLSv1.2 or below resumption occurred): ++ * - If a servername was accepted by the server in the original ++ * handshake then it will return that servername, or NULL otherwise. ++ * ++ * During/after the handshake (TLSv1.2 or below resumption did not occur): ++ * - The function will return the servername requested by the client in ++ * this handshake or NULL if none was requested. ++ */ ++ if (s->hit && !SSL_IS_TLS13(s)) ++ return s->session->ext.hostname; ++ } else { ++ /** ++ * Client side ++ * ++ * Before the handshake: ++ * - If a servername has been set via a call to ++ * SSL_set_tlsext_host_name() then it will return that servername ++ * - If one has not been set, but a TLSv1.2 resumption is being ++ * attempted and the session from the original handshake had a ++ * servername accepted by the server then it will return that ++ * servername ++ * - Otherwise it returns NULL ++ * ++ * During/after the handshake (TLSv1.2 or below resumption occurred): ++ * - If the session from the original handshake had a servername accepted ++ * by the server then it will return that servername. ++ * - Otherwise it returns the servername set via ++ * SSL_set_tlsext_host_name() (or NULL if it was not called). ++ * ++ * During/after the handshake (TLSv1.2 or below resumption did not occur): ++ * - It will return the servername set via SSL_set_tlsext_host_name() ++ * (or NULL if it was not called). ++ */ ++ if (SSL_in_before(s)) { ++ if (s->ext.hostname == NULL ++ && s->session != NULL ++ && s->session->ssl_version != TLS1_3_VERSION) ++ return s->session->ext.hostname; ++ } else { ++ if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) ++ return s->session->ext.hostname; ++ } ++ } ++ ++ return s->ext.hostname; ++} ++ ++int SSL_get_servername_type(const SSL *s) ++{ ++ if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL) ++ return TLSEXT_NAMETYPE_host_name; ++ return -1; ++} ++ ++/* ++ * SSL_select_next_proto implements the standard protocol selection. It is ++ * expected that this function is called from the callback set by ++ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a ++ * vector of 8-bit, length prefixed byte strings. The length byte itself is ++ * not included in the length. A byte string of length 0 is invalid. No byte ++ * string may be truncated. The current, but experimental algorithm for ++ * selecting the protocol is: 1) If the server doesn't support NPN then this ++ * is indicated to the callback. In this case, the client application has to ++ * abort the connection or have a default application level protocol. 2) If ++ * the server supports NPN, but advertises an empty list then the client ++ * selects the first protocol in its list, but indicates via the API that this ++ * fallback case was enacted. 3) Otherwise, the client finds the first ++ * protocol in the server's list that it supports and selects this protocol. ++ * This is because it's assumed that the server has better information about ++ * which protocol a client should use. 4) If the client doesn't support any ++ * of the server's advertised protocols, then this is treated the same as ++ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was ++ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. ++ */ ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++ const unsigned char *server, ++ unsigned int server_len, ++ const unsigned char *client, unsigned int client_len) ++{ ++ unsigned int i, j; ++ const unsigned char *result; ++ int status = OPENSSL_NPN_UNSUPPORTED; ++ ++ /* ++ * For each protocol in server preference order, see if we support it. ++ */ ++ for (i = 0; i < server_len;) { ++ for (j = 0; j < client_len;) { ++ if (server[i] == client[j] && ++ memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { ++ /* We found a match */ ++ result = &server[i]; ++ status = OPENSSL_NPN_NEGOTIATED; ++ goto found; ++ } ++ j += client[j]; ++ j++; ++ } ++ i += server[i]; ++ i++; ++ } ++ ++ /* There's no overlap between our protocols and the server's list. */ ++ result = client; ++ status = OPENSSL_NPN_NO_OVERLAP; ++ ++ found: ++ *out = (unsigned char *)result + 1; ++ *outlen = result[0]; ++ return status; ++} ++ ++#ifndef OPENSSL_NO_NEXTPROTONEG ++/* ++ * SSL_get0_next_proto_negotiated sets *data and *len to point to the ++ * client's requested protocol for this connection and returns 0. If the ++ * client didn't request any protocol, then *data is set to NULL. Note that ++ * the client can request any protocol it chooses. The value returned from ++ * this function need not be a member of the list of supported protocols ++ * provided by the callback. ++ */ ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, ++ unsigned *len) ++{ ++ *data = s->ext.npn; ++ if (!*data) { ++ *len = 0; ++ } else { ++ *len = (unsigned int)s->ext.npn_len; ++ } ++} ++ ++/* ++ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when ++ * a TLS server needs a list of supported protocols for Next Protocol ++ * Negotiation. The returned list must be in wire format. The list is ++ * returned by setting |out| to point to it and |outlen| to its length. This ++ * memory will not be modified, but one should assume that the SSL* keeps a ++ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it ++ * wishes to advertise. Otherwise, no such extension will be included in the ++ * ServerHello. ++ */ ++void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, ++ SSL_CTX_npn_advertised_cb_func cb, ++ void *arg) ++{ ++ ctx->ext.npn_advertised_cb = cb; ++ ctx->ext.npn_advertised_cb_arg = arg; ++} ++ ++/* ++ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a ++ * client needs to select a protocol from the server's provided list. |out| ++ * must be set to point to the selected protocol (which may be within |in|). ++ * The length of the protocol name must be written into |outlen|. The ++ * server's advertised protocols are provided in |in| and |inlen|. The ++ * callback can assume that |in| is syntactically valid. The client must ++ * select a protocol. It is fatal to the connection if this callback returns ++ * a value other than SSL_TLSEXT_ERR_OK. ++ */ ++void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, ++ SSL_CTX_npn_select_cb_func cb, ++ void *arg) ++{ ++ ctx->ext.npn_select_cb = cb; ++ ctx->ext.npn_select_cb_arg = arg; ++} ++#endif ++ ++static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) ++{ ++ unsigned int idx; ++ ++ if (protos_len < 2 || protos == NULL) ++ return 0; ++ ++ for (idx = 0; idx < protos_len; idx += protos[idx] + 1) { ++ if (protos[idx] == 0) ++ return 0; ++ } ++ return idx == protos_len; ++} ++/* ++ * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. ++ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit ++ * length-prefixed strings). Returns 0 on success. ++ */ ++int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, ++ unsigned int protos_len) ++{ ++ unsigned char *alpn; ++ ++ if (protos_len == 0 || protos == NULL) { ++ OPENSSL_free(ctx->ext.alpn); ++ ctx->ext.alpn = NULL; ++ ctx->ext.alpn_len = 0; ++ return 0; ++ } ++ /* Not valid per RFC */ ++ if (!alpn_value_ok(protos, protos_len)) ++ return 1; ++ ++ alpn = OPENSSL_memdup(protos, protos_len); ++ if (alpn == NULL) { ++ SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); ++ return 1; ++ } ++ OPENSSL_free(ctx->ext.alpn); ++ ctx->ext.alpn = alpn; ++ ctx->ext.alpn_len = protos_len; ++ ++ return 0; ++} ++ ++/* ++ * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. ++ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit ++ * length-prefixed strings). Returns 0 on success. ++ */ ++int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, ++ unsigned int protos_len) ++{ ++ unsigned char *alpn; ++ ++ if (protos_len == 0 || protos == NULL) { ++ OPENSSL_free(ssl->ext.alpn); ++ ssl->ext.alpn = NULL; ++ ssl->ext.alpn_len = 0; ++ return 0; ++ } ++ /* Not valid per RFC */ ++ if (!alpn_value_ok(protos, protos_len)) ++ return 1; ++ ++ alpn = OPENSSL_memdup(protos, protos_len); ++ if (alpn == NULL) { ++ SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); ++ return 1; ++ } ++ OPENSSL_free(ssl->ext.alpn); ++ ssl->ext.alpn = alpn; ++ ssl->ext.alpn_len = protos_len; ++ ++ return 0; ++} ++ ++/* ++ * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is ++ * called during ClientHello processing in order to select an ALPN protocol ++ * from the client's list of offered protocols. ++ */ ++void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, ++ SSL_CTX_alpn_select_cb_func cb, ++ void *arg) ++{ ++ ctx->ext.alpn_select_cb = cb; ++ ctx->ext.alpn_select_cb_arg = arg; ++} ++ ++/* ++ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. ++ * On return it sets |*data| to point to |*len| bytes of protocol name ++ * (not including the leading length-prefix byte). If the server didn't ++ * respond with a negotiated protocol then |*len| will be zero. ++ */ ++void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, ++ unsigned int *len) ++{ ++ *data = NULL; ++ if (ssl->s3) ++ *data = ssl->s3->alpn_selected; ++ if (*data == NULL) ++ *len = 0; ++ else ++ *len = (unsigned int)ssl->s3->alpn_selected_len; ++} ++ ++int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, ++ const char *label, size_t llen, ++ const unsigned char *context, size_t contextlen, ++ int use_context) ++{ ++ if (s->session == NULL ++ || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) ++ return -1; ++ ++ return s->method->ssl3_enc->export_keying_material(s, out, olen, label, ++ llen, context, ++ contextlen, use_context); ++} ++ ++int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, ++ const char *label, size_t llen, ++ const unsigned char *context, ++ size_t contextlen) ++{ ++ if (s->version != TLS1_3_VERSION) ++ return 0; ++ ++ return tls13_export_keying_material_early(s, out, olen, label, llen, ++ context, contextlen); ++} ++ ++static unsigned long ssl_session_hash(const SSL_SESSION *a) ++{ ++ const unsigned char *session_id = a->session_id; ++ unsigned long l; ++ unsigned char tmp_storage[4]; ++ ++ if (a->session_id_length < sizeof(tmp_storage)) { ++ memset(tmp_storage, 0, sizeof(tmp_storage)); ++ memcpy(tmp_storage, a->session_id, a->session_id_length); ++ session_id = tmp_storage; ++ } ++ ++ l = (unsigned long) ++ ((unsigned long)session_id[0]) | ++ ((unsigned long)session_id[1] << 8L) | ++ ((unsigned long)session_id[2] << 16L) | ++ ((unsigned long)session_id[3] << 24L); ++ return l; ++} ++ ++/* ++ * NB: If this function (or indeed the hash function which uses a sort of ++ * coarser function than this one) is changed, ensure ++ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on ++ * being able to construct an SSL_SESSION that will collide with any existing ++ * session with a matching session ID. ++ */ ++static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) ++{ ++ if (a->ssl_version != b->ssl_version) ++ return 1; ++ if (a->session_id_length != b->session_id_length) ++ return 1; ++ return memcmp(a->session_id, b->session_id, a->session_id_length); ++} ++ ++/* ++ * These wrapper functions should remain rather than redeclaring ++ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each ++ * variable. The reason is that the functions aren't static, they're exposed ++ * via ssl.h. ++ */ ++ ++SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ++{ ++ SSL_CTX *ret = NULL; ++ ++ if (meth == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); ++ return NULL; ++ } ++ ++ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) ++ return NULL; ++ ++ if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); ++ goto err; ++ } ++ ret = OPENSSL_zalloc(sizeof(*ret)); ++ if (ret == NULL) ++ goto err; ++ ++ ret->method = meth; ++ ret->min_proto_version = 0; ++ ret->max_proto_version = 0; ++ ret->mode = SSL_MODE_AUTO_RETRY; ++ ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ++ ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; ++ /* We take the system default. */ ++ ret->session_timeout = meth->get_timeout(); ++ ret->references = 1; ++ ret->lock = CRYPTO_THREAD_lock_new(); ++ if (ret->lock == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; ++ ret->verify_mode = SSL_VERIFY_NONE; ++ if ((ret->cert = ssl_cert_new()) == NULL) ++ goto err; ++ ++ ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp); ++ if (ret->sessions == NULL) ++ goto err; ++ ret->cert_store = X509_STORE_new(); ++ if (ret->cert_store == NULL) ++ goto err; ++#ifndef OPENSSL_NO_CT ++ ret->ctlog_store = CTLOG_STORE_new(); ++ if (ret->ctlog_store == NULL) ++ goto err; ++#endif ++ ++ if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES)) ++ goto err; ++ ++ if (!ssl_create_cipher_list(ret->method, ++ ret->tls13_ciphersuites, ++ &ret->cipher_list, &ret->cipher_list_by_id, ++ SSL_DEFAULT_CIPHER_LIST, ret->cert) ++ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); ++ goto err2; ++ } ++ ++ ret->param = X509_VERIFY_PARAM_new(); ++ if (ret->param == NULL) ++ goto err; ++ ++ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); ++ goto err2; ++ } ++ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); ++ goto err2; ++ } ++ ++ if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) ++ goto err; ++ ++ if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) ++ goto err; ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) ++ goto err; ++ ++ if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL) ++ goto err; ++ ++ /* No compression for DTLS */ ++ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) ++ ret->comp_methods = SSL_COMP_get_compression_methods(); ++ ++ ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; ++ ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; ++ ++ /* Setup RFC5077 ticket keys */ ++ if ((RAND_bytes(ret->ext.tick_key_name, ++ sizeof(ret->ext.tick_key_name)) <= 0) ++ || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key, ++ sizeof(ret->ext.secure->tick_hmac_key)) <= 0) ++ || (RAND_priv_bytes(ret->ext.secure->tick_aes_key, ++ sizeof(ret->ext.secure->tick_aes_key)) <= 0)) ++ ret->options |= SSL_OP_NO_TICKET; ++ ++ if (RAND_priv_bytes(ret->ext.cookie_hmac_key, ++ sizeof(ret->ext.cookie_hmac_key)) <= 0) ++ goto err; ++ ++#ifndef OPENSSL_NO_SRP ++ if (!SSL_CTX_SRP_CTX_init(ret)) ++ goto err; ++#endif ++#ifndef OPENSSL_NO_ENGINE ++# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO ++# define eng_strx(x) #x ++# define eng_str(x) eng_strx(x) ++ /* Use specific client engine automatically... ignore errors */ ++ { ++ ENGINE *eng; ++ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); ++ if (!eng) { ++ ERR_clear_error(); ++ ENGINE_load_builtin_engines(); ++ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); ++ } ++ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) ++ ERR_clear_error(); ++ } ++# endif ++#endif ++ /* ++ * Default is to connect to non-RI servers. When RI is more widely ++ * deployed might change this. ++ */ ++ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; ++ /* ++ * Disable compression by default to prevent CRIME. Applications can ++ * re-enable compression by configuring ++ * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); ++ * or by using the SSL_CONF library. Similarly we also enable TLSv1.3 ++ * middlebox compatibility by default. This may be disabled by default in ++ * a later OpenSSL version. ++ */ ++ ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; ++ ++ ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; ++ ++ /* ++ * We cannot usefully set a default max_early_data here (which gets ++ * propagated in SSL_new(), for the following reason: setting the ++ * SSL field causes tls_construct_stoc_early_data() to tell the ++ * client that early data will be accepted when constructing a TLS 1.3 ++ * session ticket, and the client will accordingly send us early data ++ * when using that ticket (if the client has early data to send). ++ * However, in order for the early data to actually be consumed by ++ * the application, the application must also have calls to ++ * SSL_read_early_data(); otherwise we'll just skip past the early data ++ * and ignore it. So, since the application must add calls to ++ * SSL_read_early_data(), we also require them to add ++ * calls to SSL_CTX_set_max_early_data() in order to use early data, ++ * eliminating the bandwidth-wasting early data in the case described ++ * above. ++ */ ++ ret->max_early_data = 0; ++ ++ /* ++ * Default recv_max_early_data is a fully loaded single record. Could be ++ * split across multiple records in practice. We set this differently to ++ * max_early_data so that, in the default case, we do not advertise any ++ * support for early_data, but if a client were to send us some (e.g. ++ * because of an old, stale ticket) then we will tolerate it and skip over ++ * it. ++ */ ++ ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; ++ ++ /* By default we send two session tickets automatically in TLSv1.3 */ ++ ret->num_tickets = 2; ++ ++ ssl_ctx_system_config(ret); ++ ++ return ret; ++ err: ++ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ err2: ++ SSL_CTX_free(ret); ++ return NULL; ++} ++ ++int SSL_CTX_up_ref(SSL_CTX *ctx) ++{ ++ int i; ++ ++ if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0) ++ return 0; ++ ++ REF_PRINT_COUNT("SSL_CTX", ctx); ++ REF_ASSERT_ISNT(i < 2); ++ return ((i > 1) ? 1 : 0); ++} ++ ++void SSL_CTX_free(SSL_CTX *a) ++{ ++ int i; ++ ++ if (a == NULL) ++ return; ++ ++ CRYPTO_DOWN_REF(&a->references, &i, a->lock); ++ REF_PRINT_COUNT("SSL_CTX", a); ++ if (i > 0) ++ return; ++ REF_ASSERT_ISNT(i < 0); ++ ++ X509_VERIFY_PARAM_free(a->param); ++ dane_ctx_final(&a->dane); ++ ++ /* ++ * Free internal session cache. However: the remove_cb() may reference ++ * the ex_data of SSL_CTX, thus the ex_data store can only be removed ++ * after the sessions were flushed. ++ * As the ex_data handling routines might also touch the session cache, ++ * the most secure solution seems to be: empty (flush) the cache, then ++ * free ex_data, then finally free the cache. ++ * (See ticket [openssl.org #212].) ++ */ ++ if (a->sessions != NULL) ++ SSL_CTX_flush_sessions(a, 0); ++ ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); ++ lh_SSL_SESSION_free(a->sessions); ++ X509_STORE_free(a->cert_store); ++#ifndef OPENSSL_NO_CT ++ CTLOG_STORE_free(a->ctlog_store); ++#endif ++ sk_SSL_CIPHER_free(a->cipher_list); ++ sk_SSL_CIPHER_free(a->cipher_list_by_id); ++ sk_SSL_CIPHER_free(a->tls13_ciphersuites); ++ ssl_cert_free(a->cert); ++ sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); ++ sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); ++ sk_X509_pop_free(a->extra_certs, X509_free); ++ a->comp_methods = NULL; ++#ifndef OPENSSL_NO_SRTP ++ sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); ++#endif ++#ifndef OPENSSL_NO_SRP ++ SSL_CTX_SRP_CTX_free(a); ++#endif ++#ifndef OPENSSL_NO_ENGINE ++ ENGINE_finish(a->client_cert_engine); ++#endif ++ ++#ifndef OPENSSL_NO_EC ++ OPENSSL_free(a->ext.ecpointformats); ++ OPENSSL_free(a->ext.supportedgroups); ++#endif ++ OPENSSL_free(a->ext.alpn); ++ OPENSSL_secure_free(a->ext.secure); ++ ++ CRYPTO_THREAD_lock_free(a->lock); ++ ++ OPENSSL_free(a); ++} ++ ++void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) ++{ ++ ctx->default_passwd_callback = cb; ++} ++ ++void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) ++{ ++ ctx->default_passwd_callback_userdata = u; ++} ++ ++pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) ++{ ++ return ctx->default_passwd_callback; ++} ++ ++void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) ++{ ++ return ctx->default_passwd_callback_userdata; ++} ++ ++void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) ++{ ++ s->default_passwd_callback = cb; ++} ++ ++void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) ++{ ++ s->default_passwd_callback_userdata = u; ++} ++ ++pem_password_cb *SSL_get_default_passwd_cb(SSL *s) ++{ ++ return s->default_passwd_callback; ++} ++ ++void *SSL_get_default_passwd_cb_userdata(SSL *s) ++{ ++ return s->default_passwd_callback_userdata; ++} ++ ++void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, ++ int (*cb) (X509_STORE_CTX *, void *), ++ void *arg) ++{ ++ ctx->app_verify_callback = cb; ++ ctx->app_verify_arg = arg; ++} ++ ++void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, ++ int (*cb) (int, X509_STORE_CTX *)) ++{ ++ ctx->verify_mode = mode; ++ ctx->default_verify_callback = cb; ++} ++ ++void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) ++{ ++ X509_VERIFY_PARAM_set_depth(ctx->param, depth); ++} ++ ++void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg) ++{ ++ ssl_cert_set_cert_cb(c->cert, cb, arg); ++} ++ ++void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) ++{ ++ ssl_cert_set_cert_cb(s->cert, cb, arg); ++} ++ ++void ssl_set_masks(SSL *s) ++{ ++ CERT *c = s->cert; ++ uint32_t *pvalid = s->s3->tmp.valid_flags; ++ int rsa_enc, rsa_sign, dh_tmp, dsa_sign; ++ unsigned long mask_k, mask_a; ++#ifndef OPENSSL_NO_EC ++ int have_ecc_cert, ecdsa_ok; ++#endif ++ if (c == NULL) ++ return; ++ ++#ifndef OPENSSL_NO_DH ++ dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto); ++#else ++ dh_tmp = 0; ++#endif ++ ++ rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; ++ rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; ++ dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; ++#ifndef OPENSSL_NO_EC ++ have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; ++#endif ++ mask_k = 0; ++ mask_a = 0; ++ ++#ifdef CIPHER_DEBUG ++ fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n", ++ dh_tmp, rsa_enc, rsa_sign, dsa_sign); ++#endif ++ ++#ifndef OPENSSL_NO_GOST ++ if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { ++ mask_k |= SSL_kGOST; ++ mask_a |= SSL_aGOST12; ++ } ++ if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { ++ mask_k |= SSL_kGOST; ++ mask_a |= SSL_aGOST12; ++ } ++ if (ssl_has_cert(s, SSL_PKEY_GOST01)) { ++ mask_k |= SSL_kGOST; ++ mask_a |= SSL_aGOST01; ++ } ++#endif ++ ++ if (rsa_enc) ++ mask_k |= SSL_kRSA; ++ ++ if (dh_tmp) ++ mask_k |= SSL_kDHE; ++ ++ /* ++ * If we only have an RSA-PSS certificate allow RSA authentication ++ * if TLS 1.2 and peer supports it. ++ */ ++ ++ if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) ++ && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN ++ && TLS1_get_version(s) == TLS1_2_VERSION)) ++ mask_a |= SSL_aRSA; ++ ++ if (dsa_sign) { ++ mask_a |= SSL_aDSS; ++ } ++ ++ mask_a |= SSL_aNULL; ++ ++ /* ++ * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites ++ * depending on the key usage extension. ++ */ ++#ifndef OPENSSL_NO_EC ++ if (have_ecc_cert) { ++ uint32_t ex_kusage; ++ ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); ++ ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; ++ if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ++ ecdsa_ok = 0; ++ if (ecdsa_ok) ++ mask_a |= SSL_aECDSA; ++ } ++ /* Allow Ed25519 for TLS 1.2 if peer supports it */ ++ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) ++ && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN ++ && TLS1_get_version(s) == TLS1_2_VERSION) ++ mask_a |= SSL_aECDSA; ++ ++ /* Allow Ed448 for TLS 1.2 if peer supports it */ ++ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) ++ && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN ++ && TLS1_get_version(s) == TLS1_2_VERSION) ++ mask_a |= SSL_aECDSA; ++#endif ++ ++#ifndef OPENSSL_NO_EC ++ mask_k |= SSL_kECDHE; ++#endif ++ ++#ifndef OPENSSL_NO_PSK ++ mask_k |= SSL_kPSK; ++ mask_a |= SSL_aPSK; ++ if (mask_k & SSL_kRSA) ++ mask_k |= SSL_kRSAPSK; ++ if (mask_k & SSL_kDHE) ++ mask_k |= SSL_kDHEPSK; ++ if (mask_k & SSL_kECDHE) ++ mask_k |= SSL_kECDHEPSK; ++#endif ++ ++ s->s3->tmp.mask_k = mask_k; ++ s->s3->tmp.mask_a = mask_a; ++} ++ ++#ifndef OPENSSL_NO_EC ++ ++int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) ++{ ++ if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) { ++ /* key usage, if present, must allow signing */ ++ if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) { ++ SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, ++ SSL_R_ECC_CERT_NOT_FOR_SIGNING); ++ return 0; ++ } ++ } ++ return 1; /* all checks are ok */ ++} ++ ++#endif ++ ++int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, ++ size_t *serverinfo_length) ++{ ++ CERT_PKEY *cpk = s->s3->tmp.cert; ++ *serverinfo_length = 0; ++ ++ if (cpk == NULL || cpk->serverinfo == NULL) ++ return 0; ++ ++ *serverinfo = cpk->serverinfo; ++ *serverinfo_length = cpk->serverinfo_length; ++ return 1; ++} ++ ++void ssl_update_cache(SSL *s, int mode) ++{ ++ int i; ++ ++ /* ++ * If the session_id_length is 0, we are not supposed to cache it, and it ++ * would be rather hard to do anyway :-) ++ */ ++ if (s->session->session_id_length == 0) ++ return; ++ ++ /* ++ * If sid_ctx_length is 0 there is no specific application context ++ * associated with this session, so when we try to resume it and ++ * SSL_VERIFY_PEER is requested to verify the client identity, we have no ++ * indication that this is actually a session for the proper application ++ * context, and the *handshake* will fail, not just the resumption attempt. ++ * Do not cache (on the server) these sessions that are not resumable ++ * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). ++ */ ++ if (s->server && s->session->sid_ctx_length == 0 ++ && (s->verify_mode & SSL_VERIFY_PEER) != 0) ++ return; ++ ++ i = s->session_ctx->session_cache_mode; ++ if ((i & mode) != 0 ++ && (!s->hit || SSL_IS_TLS13(s))) { ++ /* ++ * Add the session to the internal cache. In server side TLSv1.3 we ++ * normally don't do this because by default it's a full stateless ticket ++ * with only a dummy session id so there is no reason to cache it, ++ * unless: ++ * - we are doing early_data, in which case we cache so that we can ++ * detect replays ++ * - the application has set a remove_session_cb so needs to know about ++ * session timeout events ++ * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket ++ */ ++ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 ++ && (!SSL_IS_TLS13(s) ++ || !s->server ++ || (s->max_early_data > 0 ++ && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) ++ || s->session_ctx->remove_session_cb != NULL ++ || (s->options & SSL_OP_NO_TICKET) != 0)) ++ SSL_CTX_add_session(s->session_ctx, s->session); ++ ++ /* ++ * Add the session to the external cache. We do this even in server side ++ * TLSv1.3 without early data because some applications just want to ++ * know about the creation of a session and aren't doing a full cache. ++ */ ++ if (s->session_ctx->new_session_cb != NULL) { ++ SSL_SESSION_up_ref(s->session); ++ if (!s->session_ctx->new_session_cb(s, s->session)) ++ SSL_SESSION_free(s->session); ++ } ++ } ++ ++ /* auto flush every 255 connections */ ++ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { ++ TSAN_QUALIFIER int *stat; ++ if (mode & SSL_SESS_CACHE_CLIENT) ++ stat = &s->session_ctx->stats.sess_connect_good; ++ else ++ stat = &s->session_ctx->stats.sess_accept_good; ++ if ((tsan_load(stat) & 0xff) == 0xff) ++ SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); ++ } ++} ++ ++const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx) ++{ ++ return ctx->method; ++} ++ ++const SSL_METHOD *SSL_get_ssl_method(const SSL *s) ++{ ++ return s->method; ++} ++ ++int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) ++{ ++ int ret = 1; ++ ++ if (s->method != meth) { ++ const SSL_METHOD *sm = s->method; ++ int (*hf) (SSL *) = s->handshake_func; ++ ++ if (sm->version == meth->version) ++ s->method = meth; ++ else { ++ sm->ssl_free(s); ++ s->method = meth; ++ ret = s->method->ssl_new(s); ++ } ++ ++ if (hf == sm->ssl_connect) ++ s->handshake_func = meth->ssl_connect; ++ else if (hf == sm->ssl_accept) ++ s->handshake_func = meth->ssl_accept; ++ } ++ return ret; ++} ++ ++int SSL_get_error(const SSL *s, int i) ++{ ++ int reason; ++ unsigned long l; ++ BIO *bio; ++ ++ if (i > 0) ++ return SSL_ERROR_NONE; ++ ++ /* ++ * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, ++ * where we do encode the error ++ */ ++ if ((l = ERR_peek_error()) != 0) { ++ if (ERR_GET_LIB(l) == ERR_LIB_SYS) ++ return SSL_ERROR_SYSCALL; ++ else ++ return SSL_ERROR_SSL; ++ } ++ ++ if (SSL_want_read(s)) { ++ bio = SSL_get_rbio(s); ++ if (BIO_should_read(bio)) ++ return SSL_ERROR_WANT_READ; ++ else if (BIO_should_write(bio)) ++ /* ++ * This one doesn't make too much sense ... We never try to write ++ * to the rbio, and an application program where rbio and wbio ++ * are separate couldn't even know what it should wait for. ++ * However if we ever set s->rwstate incorrectly (so that we have ++ * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and ++ * wbio *are* the same, this test works around that bug; so it ++ * might be safer to keep it. ++ */ ++ return SSL_ERROR_WANT_WRITE; ++ else if (BIO_should_io_special(bio)) { ++ reason = BIO_get_retry_reason(bio); ++ if (reason == BIO_RR_CONNECT) ++ return SSL_ERROR_WANT_CONNECT; ++ else if (reason == BIO_RR_ACCEPT) ++ return SSL_ERROR_WANT_ACCEPT; ++ else ++ return SSL_ERROR_SYSCALL; /* unknown */ ++ } ++ } ++ ++ if (SSL_want_write(s)) { ++ /* Access wbio directly - in order to use the buffered bio if present */ ++ bio = s->wbio; ++ if (BIO_should_write(bio)) ++ return SSL_ERROR_WANT_WRITE; ++ else if (BIO_should_read(bio)) ++ /* ++ * See above (SSL_want_read(s) with BIO_should_write(bio)) ++ */ ++ return SSL_ERROR_WANT_READ; ++ else if (BIO_should_io_special(bio)) { ++ reason = BIO_get_retry_reason(bio); ++ if (reason == BIO_RR_CONNECT) ++ return SSL_ERROR_WANT_CONNECT; ++ else if (reason == BIO_RR_ACCEPT) ++ return SSL_ERROR_WANT_ACCEPT; ++ else ++ return SSL_ERROR_SYSCALL; ++ } ++ } ++ if (SSL_want_x509_lookup(s)) ++ return SSL_ERROR_WANT_X509_LOOKUP; ++ if (SSL_want_async(s)) ++ return SSL_ERROR_WANT_ASYNC; ++ if (SSL_want_async_job(s)) ++ return SSL_ERROR_WANT_ASYNC_JOB; ++ if (SSL_want_client_hello_cb(s)) ++ return SSL_ERROR_WANT_CLIENT_HELLO_CB; ++ ++ if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && ++ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) ++ return SSL_ERROR_ZERO_RETURN; ++ ++ return SSL_ERROR_SYSCALL; ++} ++ ++static int ssl_do_handshake_intern(void *vargs) ++{ ++ struct ssl_async_args *args; ++ SSL *s; ++ ++ args = (struct ssl_async_args *)vargs; ++ s = args->s; ++ ++ return s->handshake_func(s); ++} ++ ++int SSL_do_handshake(SSL *s) ++{ ++ int ret = 1; ++ ++ if (s->handshake_func == NULL) { ++ SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); ++ return -1; ++ } ++ ++ ossl_statem_check_finish_init(s, -1); ++ ++ s->method->ssl_renegotiate_check(s, 0); ++ ++ if (SSL_in_init(s) || SSL_in_before(s)) { ++ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { ++ struct ssl_async_args args; ++ ++ memset(&args, 0, sizeof(args)); ++ args.s = s; ++ ++ ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); ++ } else { ++ ret = s->handshake_func(s); ++ } ++ } ++ return ret; ++} ++ ++void SSL_set_accept_state(SSL *s) ++{ ++ s->server = 1; ++ s->shutdown = 0; ++ ossl_statem_clear(s); ++ s->handshake_func = s->method->ssl_accept; ++ clear_ciphers(s); ++} ++ ++void SSL_set_connect_state(SSL *s) ++{ ++ s->server = 0; ++ s->shutdown = 0; ++ ossl_statem_clear(s); ++ s->handshake_func = s->method->ssl_connect; ++ clear_ciphers(s); ++} ++ ++int ssl_undefined_function(SSL *s) ++{ ++ SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++} ++ ++int ssl_undefined_void_function(void) ++{ ++ SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++} ++ ++int ssl_undefined_const_function(const SSL *s) ++{ ++ return 0; ++} ++ ++const SSL_METHOD *ssl_bad_method(int ver) ++{ ++ SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return NULL; ++} ++ ++const char *ssl_protocol_to_string(int version) ++{ ++ switch(version) ++ { ++ case TLS1_3_VERSION: ++ return "TLSv1.3"; ++ ++ case TLS1_2_VERSION: ++ return "TLSv1.2"; ++ ++ case TLS1_1_VERSION: ++ return "TLSv1.1"; ++ ++ case TLS1_VERSION: ++ return "TLSv1"; ++ ++ case SSL3_VERSION: ++ return "SSLv3"; ++ ++ case DTLS1_BAD_VER: ++ return "DTLSv0.9"; ++ ++ case DTLS1_VERSION: ++ return "DTLSv1"; ++ ++ case DTLS1_2_VERSION: ++ return "DTLSv1.2"; ++ ++ default: ++ return "unknown"; ++ } ++} ++ ++const char *SSL_get_version(const SSL *s) ++{ ++ return ssl_protocol_to_string(s->version); ++} ++ ++static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) ++{ ++ STACK_OF(X509_NAME) *sk; ++ X509_NAME *xn; ++ int i; ++ ++ if (src == NULL) { ++ *dst = NULL; ++ return 1; ++ } ++ ++ if ((sk = sk_X509_NAME_new_null()) == NULL) ++ return 0; ++ for (i = 0; i < sk_X509_NAME_num(src); i++) { ++ xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); ++ if (xn == NULL) { ++ sk_X509_NAME_pop_free(sk, X509_NAME_free); ++ return 0; ++ } ++ if (sk_X509_NAME_insert(sk, xn, i) == 0) { ++ X509_NAME_free(xn); ++ sk_X509_NAME_pop_free(sk, X509_NAME_free); ++ return 0; ++ } ++ } ++ *dst = sk; ++ ++ return 1; ++} ++ ++SSL *SSL_dup(SSL *s) ++{ ++ SSL *ret; ++ int i; ++ ++ /* If we're not quiescent, just up_ref! */ ++ if (!SSL_in_init(s) || !SSL_in_before(s)) { ++ CRYPTO_UP_REF(&s->references, &i, s->lock); ++ return s; ++ } ++ ++ /* ++ * Otherwise, copy configuration state, and session if set. ++ */ ++ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) ++ return NULL; ++ ++ if (s->session != NULL) { ++ /* ++ * Arranges to share the same session via up_ref. This "copies" ++ * session-id, SSL_METHOD, sid_ctx, and 'cert' ++ */ ++ if (!SSL_copy_session_id(ret, s)) ++ goto err; ++ } else { ++ /* ++ * No session has been established yet, so we have to expect that ++ * s->cert or ret->cert will be changed later -- they should not both ++ * point to the same object, and thus we can't use ++ * SSL_copy_session_id. ++ */ ++ if (!SSL_set_ssl_method(ret, s->method)) ++ goto err; ++ ++ if (s->cert != NULL) { ++ ssl_cert_free(ret->cert); ++ ret->cert = ssl_cert_dup(s->cert); ++ if (ret->cert == NULL) ++ goto err; ++ } ++ ++ if (!SSL_set_session_id_context(ret, s->sid_ctx, ++ (int)s->sid_ctx_length)) ++ goto err; ++ } ++ ++ if (!ssl_dane_dup(ret, s)) ++ goto err; ++ ret->version = s->version; ++ ret->options = s->options; ++ ret->min_proto_version = s->min_proto_version; ++ ret->max_proto_version = s->max_proto_version; ++ ret->mode = s->mode; ++ SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); ++ SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); ++ ret->msg_callback = s->msg_callback; ++ ret->msg_callback_arg = s->msg_callback_arg; ++ SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s)); ++ SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); ++ ret->generate_session_id = s->generate_session_id; ++ ++ SSL_set_info_callback(ret, SSL_get_info_callback(s)); ++ ++ /* copy app data, a little dangerous perhaps */ ++ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) ++ goto err; ++ ++ ret->server = s->server; ++ if (s->handshake_func) { ++ if (s->server) ++ SSL_set_accept_state(ret); ++ else ++ SSL_set_connect_state(ret); ++ } ++ ret->shutdown = s->shutdown; ++ ret->hit = s->hit; ++ ++ ret->default_passwd_callback = s->default_passwd_callback; ++ ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; ++ ++ X509_VERIFY_PARAM_inherit(ret->param, s->param); ++ ++ /* dup the cipher_list and cipher_list_by_id stacks */ ++ if (s->cipher_list != NULL) { ++ if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) ++ goto err; ++ } ++ if (s->cipher_list_by_id != NULL) ++ if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) ++ == NULL) ++ goto err; ++ ++ /* Dup the client_CA list */ ++ if (!dup_ca_names(&ret->ca_names, s->ca_names) ++ || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) ++ goto err; ++ ++ return ret; ++ ++ err: ++ SSL_free(ret); ++ return NULL; ++} ++ ++void ssl_clear_cipher_ctx(SSL *s) ++{ ++ if (s->enc_read_ctx != NULL) { ++ EVP_CIPHER_CTX_free(s->enc_read_ctx); ++ s->enc_read_ctx = NULL; ++ } ++ if (s->enc_write_ctx != NULL) { ++ EVP_CIPHER_CTX_free(s->enc_write_ctx); ++ s->enc_write_ctx = NULL; ++ } ++#ifndef OPENSSL_NO_COMP ++ COMP_CTX_free(s->expand); ++ s->expand = NULL; ++ COMP_CTX_free(s->compress); ++ s->compress = NULL; ++#endif ++} ++ ++X509 *SSL_get_certificate(const SSL *s) ++{ ++ if (s->cert != NULL) ++ return s->cert->key->x509; ++ else ++ return NULL; ++} ++ ++EVP_PKEY *SSL_get_privatekey(const SSL *s) ++{ ++ if (s->cert != NULL) ++ return s->cert->key->privatekey; ++ else ++ return NULL; ++} ++ ++X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) ++{ ++ if (ctx->cert != NULL) ++ return ctx->cert->key->x509; ++ else ++ return NULL; ++} ++ ++EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) ++{ ++ if (ctx->cert != NULL) ++ return ctx->cert->key->privatekey; ++ else ++ return NULL; ++} ++ ++const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) ++{ ++ if ((s->session != NULL) && (s->session->cipher != NULL)) ++ return s->session->cipher; ++ return NULL; ++} ++ ++const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) ++{ ++ return s->s3->tmp.new_cipher; ++} ++ ++const COMP_METHOD *SSL_get_current_compression(const SSL *s) ++{ ++#ifndef OPENSSL_NO_COMP ++ return s->compress ? COMP_CTX_get_method(s->compress) : NULL; ++#else ++ return NULL; ++#endif ++} ++ ++const COMP_METHOD *SSL_get_current_expansion(const SSL *s) ++{ ++#ifndef OPENSSL_NO_COMP ++ return s->expand ? COMP_CTX_get_method(s->expand) : NULL; ++#else ++ return NULL; ++#endif ++} ++ ++int ssl_init_wbio_buffer(SSL *s) ++{ ++ BIO *bbio; ++ ++ if (s->bbio != NULL) { ++ /* Already buffered. */ ++ return 1; ++ } ++ ++ bbio = BIO_new(BIO_f_buffer()); ++ if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) { ++ BIO_free(bbio); ++ SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); ++ return 0; ++ } ++ s->bbio = bbio; ++ s->wbio = BIO_push(bbio, s->wbio); ++ ++ return 1; ++} ++ ++int ssl_free_wbio_buffer(SSL *s) ++{ ++ /* callers ensure s is never null */ ++ if (s->bbio == NULL) ++ return 1; ++ ++ s->wbio = BIO_pop(s->wbio); ++ BIO_free(s->bbio); ++ s->bbio = NULL; ++ ++ return 1; ++} ++ ++void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) ++{ ++ ctx->quiet_shutdown = mode; ++} ++ ++int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) ++{ ++ return ctx->quiet_shutdown; ++} ++ ++void SSL_set_quiet_shutdown(SSL *s, int mode) ++{ ++ s->quiet_shutdown = mode; ++} ++ ++int SSL_get_quiet_shutdown(const SSL *s) ++{ ++ return s->quiet_shutdown; ++} ++ ++void SSL_set_shutdown(SSL *s, int mode) ++{ ++ s->shutdown = mode; ++} ++ ++int SSL_get_shutdown(const SSL *s) ++{ ++ return s->shutdown; ++} ++ ++int SSL_version(const SSL *s) ++{ ++ return s->version; ++} ++ ++int SSL_client_version(const SSL *s) ++{ ++ return s->client_version; ++} ++ ++SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) ++{ ++ return ssl->ctx; ++} ++ ++SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) ++{ ++ CERT *new_cert; ++ if (ssl->ctx == ctx) ++ return ssl->ctx; ++ if (ctx == NULL) ++ ctx = ssl->session_ctx; ++ new_cert = ssl_cert_dup(ctx->cert); ++ if (new_cert == NULL) { ++ return NULL; ++ } ++ ++ if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) { ++ ssl_cert_free(new_cert); ++ return NULL; ++ } ++ ++ ssl_cert_free(ssl->cert); ++ ssl->cert = new_cert; ++ ++ /* ++ * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), ++ * so setter APIs must prevent invalid lengths from entering the system. ++ */ ++ if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx))) ++ return NULL; ++ ++ /* ++ * If the session ID context matches that of the parent SSL_CTX, ++ * inherit it from the new SSL_CTX as well. If however the context does ++ * not match (i.e., it was set per-ssl with SSL_set_session_id_context), ++ * leave it unchanged. ++ */ ++ if ((ssl->ctx != NULL) && ++ (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && ++ (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) { ++ ssl->sid_ctx_length = ctx->sid_ctx_length; ++ memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); ++ } ++ ++ SSL_CTX_up_ref(ctx); ++ SSL_CTX_free(ssl->ctx); /* decrement reference count */ ++ ssl->ctx = ctx; ++ ++ return ssl->ctx; ++} ++ ++int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) ++{ ++ return X509_STORE_set_default_paths(ctx->cert_store); ++} ++ ++int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) ++{ ++ X509_LOOKUP *lookup; ++ ++ lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir()); ++ if (lookup == NULL) ++ return 0; ++ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); ++ ++ /* Clear any errors if the default directory does not exist */ ++ ERR_clear_error(); ++ ++ return 1; ++} ++ ++int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) ++{ ++ X509_LOOKUP *lookup; ++ ++ lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file()); ++ if (lookup == NULL) ++ return 0; ++ ++ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); ++ ++ /* Clear any errors if the default file does not exist */ ++ ERR_clear_error(); ++ ++ return 1; ++} ++ ++int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, ++ const char *CApath) ++{ ++ return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath); ++} ++ ++void SSL_set_info_callback(SSL *ssl, ++ void (*cb) (const SSL *ssl, int type, int val)) ++{ ++ ssl->info_callback = cb; ++} ++ ++/* ++ * One compiler (Diab DCC) doesn't like argument names in returned function ++ * pointer. ++ */ ++void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ , ++ int /* type */ , ++ int /* val */ ) { ++ return ssl->info_callback; ++} ++ ++void SSL_set_verify_result(SSL *ssl, long arg) ++{ ++ ssl->verify_result = arg; ++} ++ ++long SSL_get_verify_result(const SSL *ssl) ++{ ++ return ssl->verify_result; ++} ++ ++size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) ++{ ++ if (outlen == 0) ++ return sizeof(ssl->s3->client_random); ++ if (outlen > sizeof(ssl->s3->client_random)) ++ outlen = sizeof(ssl->s3->client_random); ++ memcpy(out, ssl->s3->client_random, outlen); ++ return outlen; ++} ++ ++size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) ++{ ++ if (outlen == 0) ++ return sizeof(ssl->s3->server_random); ++ if (outlen > sizeof(ssl->s3->server_random)) ++ outlen = sizeof(ssl->s3->server_random); ++ memcpy(out, ssl->s3->server_random, outlen); ++ return outlen; ++} ++ ++size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, ++ unsigned char *out, size_t outlen) ++{ ++ if (outlen == 0) ++ return session->master_key_length; ++ if (outlen > session->master_key_length) ++ outlen = session->master_key_length; ++ memcpy(out, session->master_key, outlen); ++ return outlen; ++} ++ ++int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, ++ size_t len) ++{ ++ if (len > sizeof(sess->master_key)) ++ return 0; ++ ++ memcpy(sess->master_key, in, len); ++ sess->master_key_length = len; ++ return 1; ++} ++ ++ ++int SSL_set_ex_data(SSL *s, int idx, void *arg) ++{ ++ return CRYPTO_set_ex_data(&s->ex_data, idx, arg); ++} ++ ++void *SSL_get_ex_data(const SSL *s, int idx) ++{ ++ return CRYPTO_get_ex_data(&s->ex_data, idx); ++} ++ ++int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) ++{ ++ return CRYPTO_set_ex_data(&s->ex_data, idx, arg); ++} ++ ++void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) ++{ ++ return CRYPTO_get_ex_data(&s->ex_data, idx); ++} ++ ++X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) ++{ ++ return ctx->cert_store; ++} ++ ++void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) ++{ ++ X509_STORE_free(ctx->cert_store); ++ ctx->cert_store = store; ++} ++ ++void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) ++{ ++ if (store != NULL) ++ X509_STORE_up_ref(store); ++ SSL_CTX_set_cert_store(ctx, store); ++} ++ ++int SSL_want(const SSL *s) ++{ ++ return s->rwstate; ++} ++ ++/** ++ * \brief Set the callback for generating temporary DH keys. ++ * \param ctx the SSL context. ++ * \param dh the callback ++ */ ++ ++#ifndef OPENSSL_NO_DH ++void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, ++ DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)) ++{ ++ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); ++} ++ ++void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)) ++{ ++ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); ++} ++#endif ++ ++#ifndef OPENSSL_NO_PSK ++int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) ++{ ++ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { ++ SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); ++ return 0; ++ } ++ OPENSSL_free(ctx->cert->psk_identity_hint); ++ if (identity_hint != NULL) { ++ ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); ++ if (ctx->cert->psk_identity_hint == NULL) ++ return 0; ++ } else ++ ctx->cert->psk_identity_hint = NULL; ++ return 1; ++} ++ ++int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) ++{ ++ if (s == NULL) ++ return 0; ++ ++ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { ++ SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); ++ return 0; ++ } ++ OPENSSL_free(s->cert->psk_identity_hint); ++ if (identity_hint != NULL) { ++ s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint); ++ if (s->cert->psk_identity_hint == NULL) ++ return 0; ++ } else ++ s->cert->psk_identity_hint = NULL; ++ return 1; ++} ++ ++const char *SSL_get_psk_identity_hint(const SSL *s) ++{ ++ if (s == NULL || s->session == NULL) ++ return NULL; ++ return s->session->psk_identity_hint; ++} ++ ++const char *SSL_get_psk_identity(const SSL *s) ++{ ++ if (s == NULL || s->session == NULL) ++ return NULL; ++ return s->session->psk_identity; ++} ++ ++void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) ++{ ++ s->psk_client_callback = cb; ++} ++ ++void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) ++{ ++ ctx->psk_client_callback = cb; ++} ++ ++void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) ++{ ++ s->psk_server_callback = cb; ++} ++ ++void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) ++{ ++ ctx->psk_server_callback = cb; ++} ++#endif ++ ++void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) ++{ ++ s->psk_find_session_cb = cb; ++} ++ ++void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, ++ SSL_psk_find_session_cb_func cb) ++{ ++ ctx->psk_find_session_cb = cb; ++} ++ ++void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) ++{ ++ s->psk_use_session_cb = cb; ++} ++ ++void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, ++ SSL_psk_use_session_cb_func cb) ++{ ++ ctx->psk_use_session_cb = cb; ++} ++ ++void SSL_CTX_set_msg_callback(SSL_CTX *ctx, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)) ++{ ++ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); ++} ++ ++void SSL_set_msg_callback(SSL *ssl, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)) ++{ ++ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); ++} ++ ++void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ int ++ is_forward_secure)) ++{ ++ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, ++ (void (*)(void))cb); ++} ++ ++void SSL_set_not_resumable_session_callback(SSL *ssl, ++ int (*cb) (SSL *ssl, ++ int is_forward_secure)) ++{ ++ SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB, ++ (void (*)(void))cb); ++} ++ ++void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, ++ size_t (*cb) (SSL *ssl, int type, ++ size_t len, void *arg)) ++{ ++ ctx->record_padding_cb = cb; ++} ++ ++void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) ++{ ++ ctx->record_padding_arg = arg; ++} ++ ++void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx) ++{ ++ return ctx->record_padding_arg; ++} ++ ++int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) ++{ ++ /* block size of 0 or 1 is basically no padding */ ++ if (block_size == 1) ++ ctx->block_padding = 0; ++ else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) ++ ctx->block_padding = block_size; ++ else ++ return 0; ++ return 1; ++} ++ ++void SSL_set_record_padding_callback(SSL *ssl, ++ size_t (*cb) (SSL *ssl, int type, ++ size_t len, void *arg)) ++{ ++ ssl->record_padding_cb = cb; ++} ++ ++void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) ++{ ++ ssl->record_padding_arg = arg; ++} ++ ++void *SSL_get_record_padding_callback_arg(const SSL *ssl) ++{ ++ return ssl->record_padding_arg; ++} ++ ++int SSL_set_block_padding(SSL *ssl, size_t block_size) ++{ ++ /* block size of 0 or 1 is basically no padding */ ++ if (block_size == 1) ++ ssl->block_padding = 0; ++ else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) ++ ssl->block_padding = block_size; ++ else ++ return 0; ++ return 1; ++} ++ ++int SSL_set_num_tickets(SSL *s, size_t num_tickets) ++{ ++ s->num_tickets = num_tickets; ++ ++ return 1; ++} ++ ++size_t SSL_get_num_tickets(const SSL *s) ++{ ++ return s->num_tickets; ++} ++ ++int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) ++{ ++ ctx->num_tickets = num_tickets; ++ ++ return 1; ++} ++ ++size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx) ++{ ++ return ctx->num_tickets; ++} ++ ++/* ++ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer ++ * variable, freeing EVP_MD_CTX previously stored in that variable, if any. ++ * If EVP_MD pointer is passed, initializes ctx with this |md|. ++ * Returns the newly allocated ctx; ++ */ ++ ++EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) ++{ ++ ssl_clear_hash_ctx(hash); ++ *hash = EVP_MD_CTX_new(); ++ if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { ++ EVP_MD_CTX_free(*hash); ++ *hash = NULL; ++ return NULL; ++ } ++ return *hash; ++} ++ ++void ssl_clear_hash_ctx(EVP_MD_CTX **hash) ++{ ++ ++ EVP_MD_CTX_free(*hash); ++ *hash = NULL; ++} ++ ++/* Retrieve handshake hashes */ ++int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, ++ size_t *hashlen) ++{ ++ EVP_MD_CTX *ctx = NULL; ++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst; ++ int hashleni = EVP_MD_CTX_size(hdgst); ++ int ret = 0; ++ ++ if (hashleni < 0 || (size_t)hashleni > outlen) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ ctx = EVP_MD_CTX_new(); ++ if (ctx == NULL) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (!EVP_MD_CTX_copy_ex(ctx, hdgst) ++ || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ *hashlen = hashleni; ++ ++ ret = 1; ++ err: ++ EVP_MD_CTX_free(ctx); ++ return ret; ++} ++ ++int SSL_session_reused(const SSL *s) ++{ ++ return s->hit; ++} ++ ++int SSL_is_server(const SSL *s) ++{ ++ return s->server; ++} ++ ++#if OPENSSL_API_COMPAT < 0x10100000L ++void SSL_set_debug(SSL *s, int debug) ++{ ++ /* Old function was do-nothing anyway... */ ++ (void)s; ++ (void)debug; ++} ++#endif ++ ++void SSL_set_security_level(SSL *s, int level) ++{ ++ s->cert->sec_level = level; ++} ++ ++int SSL_get_security_level(const SSL *s) ++{ ++ return s->cert->sec_level; ++} ++ ++void SSL_set_security_callback(SSL *s, ++ int (*cb) (const SSL *s, const SSL_CTX *ctx, ++ int op, int bits, int nid, ++ void *other, void *ex)) ++{ ++ s->cert->sec_cb = cb; ++} ++ ++int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, ++ const SSL_CTX *ctx, int op, ++ int bits, int nid, void *other, ++ void *ex) { ++ return s->cert->sec_cb; ++} ++ ++void SSL_set0_security_ex_data(SSL *s, void *ex) ++{ ++ s->cert->sec_ex = ex; ++} ++ ++void *SSL_get0_security_ex_data(const SSL *s) ++{ ++ return s->cert->sec_ex; ++} ++ ++void SSL_CTX_set_security_level(SSL_CTX *ctx, int level) ++{ ++ ctx->cert->sec_level = level; ++} ++ ++int SSL_CTX_get_security_level(const SSL_CTX *ctx) ++{ ++ return ctx->cert->sec_level; ++} ++ ++void SSL_CTX_set_security_callback(SSL_CTX *ctx, ++ int (*cb) (const SSL *s, const SSL_CTX *ctx, ++ int op, int bits, int nid, ++ void *other, void *ex)) ++{ ++ ctx->cert->sec_cb = cb; ++} ++ ++int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, ++ const SSL_CTX *ctx, ++ int op, int bits, ++ int nid, ++ void *other, ++ void *ex) { ++ return ctx->cert->sec_cb; ++} ++ ++void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex) ++{ ++ ctx->cert->sec_ex = ex; ++} ++ ++void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) ++{ ++ return ctx->cert->sec_ex; ++} ++ ++/* ++ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that ++ * can return unsigned long, instead of the generic long return value from the ++ * control interface. ++ */ ++unsigned long SSL_CTX_get_options(const SSL_CTX *ctx) ++{ ++ return ctx->options; ++} ++ ++unsigned long SSL_get_options(const SSL *s) ++{ ++ return s->options; ++} ++ ++unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op) ++{ ++ return ctx->options |= op; ++} ++ ++unsigned long SSL_set_options(SSL *s, unsigned long op) ++{ ++ return s->options |= op; ++} ++ ++unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) ++{ ++ return ctx->options &= ~op; ++} ++ ++unsigned long SSL_clear_options(SSL *s, unsigned long op) ++{ ++ return s->options &= ~op; ++} ++ ++STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) ++{ ++ return s->verified_chain; ++} ++ ++IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); ++ ++#ifndef OPENSSL_NO_CT ++ ++/* ++ * Moves SCTs from the |src| stack to the |dst| stack. ++ * The source of each SCT will be set to |origin|. ++ * If |dst| points to a NULL pointer, a new stack will be created and owned by ++ * the caller. ++ * Returns the number of SCTs moved, or a negative integer if an error occurs. ++ */ ++static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, ++ sct_source_t origin) ++{ ++ int scts_moved = 0; ++ SCT *sct = NULL; ++ ++ if (*dst == NULL) { ++ *dst = sk_SCT_new_null(); ++ if (*dst == NULL) { ++ SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ while ((sct = sk_SCT_pop(src)) != NULL) { ++ if (SCT_set_source(sct, origin) != 1) ++ goto err; ++ ++ if (sk_SCT_push(*dst, sct) <= 0) ++ goto err; ++ scts_moved += 1; ++ } ++ ++ return scts_moved; ++ err: ++ if (sct != NULL) ++ sk_SCT_push(src, sct); /* Put the SCT back */ ++ return -1; ++} ++ ++/* ++ * Look for data collected during ServerHello and parse if found. ++ * Returns the number of SCTs extracted. ++ */ ++static int ct_extract_tls_extension_scts(SSL *s) ++{ ++ int scts_extracted = 0; ++ ++ if (s->ext.scts != NULL) { ++ const unsigned char *p = s->ext.scts; ++ STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); ++ ++ scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); ++ ++ SCT_LIST_free(scts); ++ } ++ ++ return scts_extracted; ++} ++ ++/* ++ * Checks for an OCSP response and then attempts to extract any SCTs found if it ++ * contains an SCT X509 extension. They will be stored in |s->scts|. ++ * Returns: ++ * - The number of SCTs extracted, assuming an OCSP response exists. ++ * - 0 if no OCSP response exists or it contains no SCTs. ++ * - A negative integer if an error occurs. ++ */ ++static int ct_extract_ocsp_response_scts(SSL *s) ++{ ++# ifndef OPENSSL_NO_OCSP ++ int scts_extracted = 0; ++ const unsigned char *p; ++ OCSP_BASICRESP *br = NULL; ++ OCSP_RESPONSE *rsp = NULL; ++ STACK_OF(SCT) *scts = NULL; ++ int i; ++ ++ if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0) ++ goto err; ++ ++ p = s->ext.ocsp.resp; ++ rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); ++ if (rsp == NULL) ++ goto err; ++ ++ br = OCSP_response_get1_basic(rsp); ++ if (br == NULL) ++ goto err; ++ ++ for (i = 0; i < OCSP_resp_count(br); ++i) { ++ OCSP_SINGLERESP *single = OCSP_resp_get0(br, i); ++ ++ if (single == NULL) ++ continue; ++ ++ scts = ++ OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); ++ scts_extracted = ++ ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE); ++ if (scts_extracted < 0) ++ goto err; ++ } ++ err: ++ SCT_LIST_free(scts); ++ OCSP_BASICRESP_free(br); ++ OCSP_RESPONSE_free(rsp); ++ return scts_extracted; ++# else ++ /* Behave as if no OCSP response exists */ ++ return 0; ++# endif ++} ++ ++/* ++ * Attempts to extract SCTs from the peer certificate. ++ * Return the number of SCTs extracted, or a negative integer if an error ++ * occurs. ++ */ ++static int ct_extract_x509v3_extension_scts(SSL *s) ++{ ++ int scts_extracted = 0; ++ X509 *cert = s->session != NULL ? s->session->peer : NULL; ++ ++ if (cert != NULL) { ++ STACK_OF(SCT) *scts = ++ X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL); ++ ++ scts_extracted = ++ ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); ++ ++ SCT_LIST_free(scts); ++ } ++ ++ return scts_extracted; ++} ++ ++/* ++ * Attempts to find all received SCTs by checking TLS extensions, the OCSP ++ * response (if it exists) and X509v3 extensions in the certificate. ++ * Returns NULL if an error occurs. ++ */ ++const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s) ++{ ++ if (!s->scts_parsed) { ++ if (ct_extract_tls_extension_scts(s) < 0 || ++ ct_extract_ocsp_response_scts(s) < 0 || ++ ct_extract_x509v3_extension_scts(s) < 0) ++ goto err; ++ ++ s->scts_parsed = 1; ++ } ++ return s->scts; ++ err: ++ return NULL; ++} ++ ++static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx, ++ const STACK_OF(SCT) *scts, void *unused_arg) ++{ ++ return 1; ++} ++ ++static int ct_strict(const CT_POLICY_EVAL_CTX * ctx, ++ const STACK_OF(SCT) *scts, void *unused_arg) ++{ ++ int count = scts != NULL ? sk_SCT_num(scts) : 0; ++ int i; ++ ++ for (i = 0; i < count; ++i) { ++ SCT *sct = sk_SCT_value(scts, i); ++ int status = SCT_get_validation_status(sct); ++ ++ if (status == SCT_VALIDATION_STATUS_VALID) ++ return 1; ++ } ++ SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS); ++ return 0; ++} ++ ++int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, ++ void *arg) ++{ ++ /* ++ * Since code exists that uses the custom extension handler for CT, look ++ * for this and throw an error if they have already registered to use CT. ++ */ ++ if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, ++ TLSEXT_TYPE_signed_certificate_timestamp)) ++ { ++ SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, ++ SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); ++ return 0; ++ } ++ ++ if (callback != NULL) { ++ /* ++ * If we are validating CT, then we MUST accept SCTs served via OCSP ++ */ ++ if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) ++ return 0; ++ } ++ ++ s->ct_validation_callback = callback; ++ s->ct_validation_callback_arg = arg; ++ ++ return 1; ++} ++ ++int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ++ ssl_ct_validation_cb callback, void *arg) ++{ ++ /* ++ * Since code exists that uses the custom extension handler for CT, look for ++ * this and throw an error if they have already registered to use CT. ++ */ ++ if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, ++ TLSEXT_TYPE_signed_certificate_timestamp)) ++ { ++ SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, ++ SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); ++ return 0; ++ } ++ ++ ctx->ct_validation_callback = callback; ++ ctx->ct_validation_callback_arg = arg; ++ return 1; ++} ++ ++int SSL_ct_is_enabled(const SSL *s) ++{ ++ return s->ct_validation_callback != NULL; ++} ++ ++int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx) ++{ ++ return ctx->ct_validation_callback != NULL; ++} ++ ++int ssl_validate_ct(SSL *s) ++{ ++ int ret = 0; ++ X509 *cert = s->session != NULL ? s->session->peer : NULL; ++ X509 *issuer; ++ SSL_DANE *dane = &s->dane; ++ CT_POLICY_EVAL_CTX *ctx = NULL; ++ const STACK_OF(SCT) *scts; ++ ++ /* ++ * If no callback is set, the peer is anonymous, or its chain is invalid, ++ * skip SCT validation - just return success. Applications that continue ++ * handshakes without certificates, with unverified chains, or pinned leaf ++ * certificates are outside the scope of the WebPKI and CT. ++ * ++ * The above exclusions notwithstanding the vast majority of peers will ++ * have rather ordinary certificate chains validated by typical ++ * applications that perform certificate verification and therefore will ++ * process SCTs when enabled. ++ */ ++ if (s->ct_validation_callback == NULL || cert == NULL || ++ s->verify_result != X509_V_OK || ++ s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1) ++ return 1; ++ ++ /* ++ * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3) ++ * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2 ++ */ ++ if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) { ++ switch (dane->mtlsa->usage) { ++ case DANETLS_USAGE_DANE_TA: ++ case DANETLS_USAGE_DANE_EE: ++ return 1; ++ } ++ } ++ ++ ctx = CT_POLICY_EVAL_CTX_new(); ++ if (ctx == NULL) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT, ++ ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ issuer = sk_X509_value(s->verified_chain, 1); ++ CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); ++ CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); ++ CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); ++ CT_POLICY_EVAL_CTX_set_time( ++ ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); ++ ++ scts = SSL_get0_peer_scts(s); ++ ++ /* ++ * This function returns success (> 0) only when all the SCTs are valid, 0 ++ * when some are invalid, and < 0 on various internal errors (out of ++ * memory, etc.). Having some, or even all, invalid SCTs is not sufficient ++ * reason to abort the handshake, that decision is up to the callback. ++ * Therefore, we error out only in the unexpected case that the return ++ * value is negative. ++ * ++ * XXX: One might well argue that the return value of this function is an ++ * unfortunate design choice. Its job is only to determine the validation ++ * status of each of the provided SCTs. So long as it correctly separates ++ * the wheat from the chaff it should return success. Failure in this case ++ * ought to correspond to an inability to carry out its duties. ++ */ ++ if (SCT_LIST_validate(scts, ctx) < 0) { ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, ++ SSL_R_SCT_VERIFICATION_FAILED); ++ goto end; ++ } ++ ++ ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); ++ if (ret < 0) ++ ret = 0; /* This function returns 0 on failure */ ++ if (!ret) ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, ++ SSL_R_CALLBACK_FAILED); ++ ++ end: ++ CT_POLICY_EVAL_CTX_free(ctx); ++ /* ++ * With SSL_VERIFY_NONE the session may be cached and re-used despite a ++ * failure return code here. Also the application may wish the complete ++ * the handshake, and then disconnect cleanly at a higher layer, after ++ * checking the verification status of the completed connection. ++ * ++ * We therefore force a certificate verification failure which will be ++ * visible via SSL_get_verify_result() and cached as part of any resumed ++ * session. ++ * ++ * Note: the permissive callback is for information gathering only, always ++ * returns success, and does not affect verification status. Only the ++ * strict callback or a custom application-specified callback can trigger ++ * connection failure or record a verification error. ++ */ ++ if (ret <= 0) ++ s->verify_result = X509_V_ERR_NO_VALID_SCTS; ++ return ret; ++} ++ ++int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode) ++{ ++ switch (validation_mode) { ++ default: ++ SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); ++ return 0; ++ case SSL_CT_VALIDATION_PERMISSIVE: ++ return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL); ++ case SSL_CT_VALIDATION_STRICT: ++ return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL); ++ } ++} ++ ++int SSL_enable_ct(SSL *s, int validation_mode) ++{ ++ switch (validation_mode) { ++ default: ++ SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE); ++ return 0; ++ case SSL_CT_VALIDATION_PERMISSIVE: ++ return SSL_set_ct_validation_callback(s, ct_permissive, NULL); ++ case SSL_CT_VALIDATION_STRICT: ++ return SSL_set_ct_validation_callback(s, ct_strict, NULL); ++ } ++} ++ ++int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx) ++{ ++ return CTLOG_STORE_load_default_file(ctx->ctlog_store); ++} ++ ++int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path) ++{ ++ return CTLOG_STORE_load_file(ctx->ctlog_store, path); ++} ++ ++void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs) ++{ ++ CTLOG_STORE_free(ctx->ctlog_store); ++ ctx->ctlog_store = logs; ++} ++ ++const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) ++{ ++ return ctx->ctlog_store; ++} ++ ++#endif /* OPENSSL_NO_CT */ ++ ++void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, ++ void *arg) ++{ ++ c->client_hello_cb = cb; ++ c->client_hello_cb_arg = arg; ++} ++ ++int SSL_client_hello_isv2(SSL *s) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ return s->clienthello->isv2; ++} ++ ++unsigned int SSL_client_hello_get0_legacy_version(SSL *s) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ return s->clienthello->legacy_version; ++} ++ ++size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ if (out != NULL) ++ *out = s->clienthello->random; ++ return SSL3_RANDOM_SIZE; ++} ++ ++size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ if (out != NULL) ++ *out = s->clienthello->session_id; ++ return s->clienthello->session_id_len; ++} ++ ++size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ if (out != NULL) ++ *out = PACKET_data(&s->clienthello->ciphersuites); ++ return PACKET_remaining(&s->clienthello->ciphersuites); ++} ++ ++size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) ++{ ++ if (s->clienthello == NULL) ++ return 0; ++ if (out != NULL) ++ *out = s->clienthello->compressions; ++ return s->clienthello->compressions_len; ++} ++ ++int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) ++{ ++ RAW_EXTENSION *ext; ++ int *present; ++ size_t num = 0, i; ++ ++ if (s->clienthello == NULL || out == NULL || outlen == NULL) ++ return 0; ++ for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { ++ ext = s->clienthello->pre_proc_exts + i; ++ if (ext->present) ++ num++; ++ } ++ if (num == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return 1; ++ } ++ if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { ++ SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { ++ ext = s->clienthello->pre_proc_exts + i; ++ if (ext->present) { ++ if (ext->received_order >= num) ++ goto err; ++ present[ext->received_order] = ext->type; ++ } ++ } ++ *out = present; ++ *outlen = num; ++ return 1; ++ err: ++ OPENSSL_free(present); ++ return 0; ++} ++ ++int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, ++ size_t *outlen) ++{ ++ size_t i; ++ RAW_EXTENSION *r; ++ ++ if (s->clienthello == NULL) ++ return 0; ++ for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) { ++ r = s->clienthello->pre_proc_exts + i; ++ if (r->present && r->type == type) { ++ if (out != NULL) ++ *out = PACKET_data(&r->data); ++ if (outlen != NULL) ++ *outlen = PACKET_remaining(&r->data); ++ return 1; ++ } ++ } ++ return 0; ++} ++ ++int SSL_free_buffers(SSL *ssl) ++{ ++ RECORD_LAYER *rl = &ssl->rlayer; ++ ++ if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) ++ return 0; ++ ++ RECORD_LAYER_release(rl); ++ return 1; ++} ++ ++int SSL_alloc_buffers(SSL *ssl) ++{ ++ return ssl3_setup_buffers(ssl); ++} ++ ++void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) ++{ ++ ctx->keylog_callback = cb; ++} ++ ++SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) ++{ ++ return ctx->keylog_callback; ++} ++ ++static int nss_keylog_int(const char *prefix, ++ SSL *ssl, ++ const uint8_t *parameter_1, ++ size_t parameter_1_len, ++ const uint8_t *parameter_2, ++ size_t parameter_2_len) ++{ ++ char *out = NULL; ++ char *cursor = NULL; ++ size_t out_len = 0; ++ size_t i; ++ size_t prefix_len; ++ ++ if (ssl->ctx->keylog_callback == NULL) ++ return 1; ++ ++ /* ++ * Our output buffer will contain the following strings, rendered with ++ * space characters in between, terminated by a NULL character: first the ++ * prefix, then the first parameter, then the second parameter. The ++ * meaning of each parameter depends on the specific key material being ++ * logged. Note that the first and second parameters are encoded in ++ * hexadecimal, so we need a buffer that is twice their lengths. ++ */ ++ prefix_len = strlen(prefix); ++ out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; ++ if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { ++ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ strcpy(cursor, prefix); ++ cursor += prefix_len; ++ *cursor++ = ' '; ++ ++ for (i = 0; i < parameter_1_len; i++) { ++ sprintf(cursor, "%02x", parameter_1[i]); ++ cursor += 2; ++ } ++ *cursor++ = ' '; ++ ++ for (i = 0; i < parameter_2_len; i++) { ++ sprintf(cursor, "%02x", parameter_2[i]); ++ cursor += 2; ++ } ++ *cursor = '\0'; ++ ++ ssl->ctx->keylog_callback(ssl, (const char *)out); ++ OPENSSL_clear_free(out, out_len); ++ return 1; ++ ++} ++ ++int ssl_log_rsa_client_key_exchange(SSL *ssl, ++ const uint8_t *encrypted_premaster, ++ size_t encrypted_premaster_len, ++ const uint8_t *premaster, ++ size_t premaster_len) ++{ ++ if (encrypted_premaster_len < 8) { ++ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ++ SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ /* We only want the first 8 bytes of the encrypted premaster as a tag. */ ++ return nss_keylog_int("RSA", ++ ssl, ++ encrypted_premaster, ++ 8, ++ premaster, ++ premaster_len); ++} ++ ++int ssl_log_secret(SSL *ssl, ++ const char *label, ++ const uint8_t *secret, ++ size_t secret_len) ++{ ++ return nss_keylog_int(label, ++ ssl, ++ ssl->s3->client_random, ++ SSL3_RANDOM_SIZE, ++ secret, ++ secret_len); ++} ++ ++#define SSLV2_CIPHER_LEN 3 ++ ++int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) ++{ ++ int n; ++ ++ n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; ++ ++ if (PACKET_remaining(cipher_suites) == 0) { ++ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST, ++ SSL_R_NO_CIPHERS_SPECIFIED); ++ return 0; ++ } ++ ++ if (PACKET_remaining(cipher_suites) % n != 0) { ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ++ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); ++ return 0; ++ } ++ ++ OPENSSL_free(s->s3->tmp.ciphers_raw); ++ s->s3->tmp.ciphers_raw = NULL; ++ s->s3->tmp.ciphers_rawlen = 0; ++ ++ if (sslv2format) { ++ size_t numciphers = PACKET_remaining(cipher_suites) / n; ++ PACKET sslv2ciphers = *cipher_suites; ++ unsigned int leadbyte; ++ unsigned char *raw; ++ ++ /* ++ * We store the raw ciphers list in SSLv3+ format so we need to do some ++ * preprocessing to convert the list first. If there are any SSLv2 only ++ * ciphersuites with a non-zero leading byte then we are going to ++ * slightly over allocate because we won't store those. But that isn't a ++ * problem. ++ */ ++ raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); ++ s->s3->tmp.ciphers_raw = raw; ++ if (raw == NULL) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ for (s->s3->tmp.ciphers_rawlen = 0; ++ PACKET_remaining(&sslv2ciphers) > 0; ++ raw += TLS_CIPHER_LEN) { ++ if (!PACKET_get_1(&sslv2ciphers, &leadbyte) ++ || (leadbyte == 0 ++ && !PACKET_copy_bytes(&sslv2ciphers, raw, ++ TLS_CIPHER_LEN)) ++ || (leadbyte != 0 ++ && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ++ SSL_R_BAD_PACKET); ++ OPENSSL_free(s->s3->tmp.ciphers_raw); ++ s->s3->tmp.ciphers_raw = NULL; ++ s->s3->tmp.ciphers_rawlen = 0; ++ return 0; ++ } ++ if (leadbyte == 0) ++ s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; ++ } ++ } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, ++ &s->s3->tmp.ciphers_rawlen)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ return 1; ++} ++ ++int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, ++ int isv2format, STACK_OF(SSL_CIPHER) **sk, ++ STACK_OF(SSL_CIPHER) **scsvs) ++{ ++ PACKET pkt; ++ ++ if (!PACKET_buf_init(&pkt, bytes, len)) ++ return 0; ++ return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); ++} ++ ++int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, ++ STACK_OF(SSL_CIPHER) **skp, ++ STACK_OF(SSL_CIPHER) **scsvs_out, ++ int sslv2format, int fatal) ++{ ++ const SSL_CIPHER *c; ++ STACK_OF(SSL_CIPHER) *sk = NULL; ++ STACK_OF(SSL_CIPHER) *scsvs = NULL; ++ int n; ++ /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ ++ unsigned char cipher[SSLV2_CIPHER_LEN]; ++ ++ n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; ++ ++ if (PACKET_remaining(cipher_suites) == 0) { ++ if (fatal) ++ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST, ++ SSL_R_NO_CIPHERS_SPECIFIED); ++ else ++ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED); ++ return 0; ++ } ++ ++ if (PACKET_remaining(cipher_suites) % n != 0) { ++ if (fatal) ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, ++ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); ++ else ++ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ++ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); ++ return 0; ++ } ++ ++ sk = sk_SSL_CIPHER_new_null(); ++ scsvs = sk_SSL_CIPHER_new_null(); ++ if (sk == NULL || scsvs == NULL) { ++ if (fatal) ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, ++ ERR_R_MALLOC_FAILURE); ++ else ++ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ while (PACKET_copy_bytes(cipher_suites, cipher, n)) { ++ /* ++ * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the ++ * first byte set to zero, while true SSLv2 ciphers have a non-zero ++ * first byte. We don't support any true SSLv2 ciphers, so skip them. ++ */ ++ if (sslv2format && cipher[0] != '\0') ++ continue; ++ ++ /* For SSLv2-compat, ignore leading 0-byte. */ ++ c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); ++ if (c != NULL) { ++ if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || ++ (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { ++ if (fatal) ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); ++ else ++ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ } ++ if (PACKET_remaining(cipher_suites) > 0) { ++ if (fatal) ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, ++ SSL_R_BAD_LENGTH); ++ else ++ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH); ++ goto err; ++ } ++ ++ if (skp != NULL) ++ *skp = sk; ++ else ++ sk_SSL_CIPHER_free(sk); ++ if (scsvs_out != NULL) ++ *scsvs_out = scsvs; ++ else ++ sk_SSL_CIPHER_free(scsvs); ++ return 1; ++ err: ++ sk_SSL_CIPHER_free(sk); ++ sk_SSL_CIPHER_free(scsvs); ++ return 0; ++} ++ ++int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) ++{ ++ ctx->max_early_data = max_early_data; ++ ++ return 1; ++} ++ ++uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) ++{ ++ return ctx->max_early_data; ++} ++ ++int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) ++{ ++ s->max_early_data = max_early_data; ++ ++ return 1; ++} ++ ++uint32_t SSL_get_max_early_data(const SSL *s) ++{ ++ return s->max_early_data; ++} ++ ++int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) ++{ ++ ctx->recv_max_early_data = recv_max_early_data; ++ ++ return 1; ++} ++ ++uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) ++{ ++ return ctx->recv_max_early_data; ++} ++ ++int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) ++{ ++ s->recv_max_early_data = recv_max_early_data; ++ ++ return 1; ++} ++ ++uint32_t SSL_get_recv_max_early_data(const SSL *s) ++{ ++ return s->recv_max_early_data; ++} ++ ++__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) ++{ ++ /* Return any active Max Fragment Len extension */ ++ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) ++ return GET_MAX_FRAGMENT_LENGTH(ssl->session); ++ ++ /* return current SSL connection setting */ ++ return ssl->max_send_fragment; ++} ++ ++__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) ++{ ++ /* Return a value regarding an active Max Fragment Len extension */ ++ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) ++ && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) ++ return GET_MAX_FRAGMENT_LENGTH(ssl->session); ++ ++ /* else limit |split_send_fragment| to current |max_send_fragment| */ ++ if (ssl->split_send_fragment > ssl->max_send_fragment) ++ return ssl->max_send_fragment; ++ ++ /* return current SSL connection setting */ ++ return ssl->split_send_fragment; ++} ++ ++int SSL_stateless(SSL *s) ++{ ++ int ret; ++ ++ /* Ensure there is no state left over from a previous invocation */ ++ if (!SSL_clear(s)) ++ return 0; ++ ++ ERR_clear_error(); ++ ++ s->s3->flags |= TLS1_FLAGS_STATELESS; ++ ret = SSL_accept(s); ++ s->s3->flags &= ~TLS1_FLAGS_STATELESS; ++ ++ if (ret > 0 && s->ext.cookieok) ++ return 1; ++ ++ if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s)) ++ return 0; ++ ++ return -1; ++} ++ ++void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) ++{ ++ ctx->pha_enabled = val; ++} ++ ++void SSL_set_post_handshake_auth(SSL *ssl, int val) ++{ ++ ssl->pha_enabled = val; ++} ++ ++int SSL_verify_client_post_handshake(SSL *ssl) ++{ ++ if (!SSL_IS_TLS13(ssl)) { ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION); ++ return 0; ++ } ++ if (!ssl->server) { ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER); ++ return 0; ++ } ++ ++ if (!SSL_is_init_finished(ssl)) { ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT); ++ return 0; ++ } ++ ++ switch (ssl->post_handshake_auth) { ++ case SSL_PHA_NONE: ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED); ++ return 0; ++ default: ++ case SSL_PHA_EXT_SENT: ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR); ++ return 0; ++ case SSL_PHA_EXT_RECEIVED: ++ break; ++ case SSL_PHA_REQUEST_PENDING: ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING); ++ return 0; ++ case SSL_PHA_REQUESTED: ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT); ++ return 0; ++ } ++ ++ ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; ++ ++ /* checks verify_mode and algorithm_auth */ ++ if (!send_certificate_request(ssl)) { ++ ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ ++ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG); ++ return 0; ++ } ++ ++ ossl_statem_set_in_init(ssl, 1); ++ return 1; ++} ++ ++int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, ++ SSL_CTX_generate_session_ticket_fn gen_cb, ++ SSL_CTX_decrypt_session_ticket_fn dec_cb, ++ void *arg) ++{ ++ ctx->generate_ticket_cb = gen_cb; ++ ctx->decrypt_ticket_cb = dec_cb; ++ ctx->ticket_cb_data = arg; ++ return 1; ++} ++ ++void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, ++ SSL_allow_early_data_cb_fn cb, ++ void *arg) ++{ ++ ctx->allow_early_data_cb = cb; ++ ctx->allow_early_data_cb_data = arg; ++} ++ ++void SSL_set_allow_early_data_cb(SSL *s, ++ SSL_allow_early_data_cb_fn cb, ++ void *arg) ++{ ++ s->allow_early_data_cb = cb; ++ s->allow_early_data_cb_data = arg; ++} +diff -urN openssl-1.1.1w.orig/ssl/ssl_sess.c openssl-1.1.1w/ssl/ssl_sess.c +--- openssl-1.1.1w.orig/ssl/ssl_sess.c 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/ssl/ssl_sess.c 2023-11-08 01:21:37.262754997 +0100 +@@ -16,6 +16,8 @@ + #include "ssl_local.h" + #include "statem/statem_local.h" + ++static const char g_pending_session_magic = 0; ++ + static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); + static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); + static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); +@@ -451,6 +453,10 @@ + + ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); + ++ if (ret == SSL_magic_pending_session_ptr()) { ++ return ret; /* Retry later */ ++ } ++ + if (ret != NULL) { + tsan_counter(&s->session_ctx->stats.sess_cb_hit); + +@@ -539,6 +545,9 @@ + try_session_cache = 1; + ret = lookup_sess_in_cache(s, hello->session_id, + hello->session_id_len); ++ if (ret == SSL_magic_pending_session_ptr()) { ++ return -2; /* Retry later */ ++ } + } + break; + case SSL_TICKET_NO_DECRYPT: +@@ -955,6 +964,11 @@ + return s->peer; + } + ++SSL_SESSION *SSL_magic_pending_session_ptr(void) ++{ ++ return (SSL_SESSION *) &g_pending_session_magic; ++} ++ + int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len) + { +diff -urN openssl-1.1.1w.orig/ssl/ssl_sess.c.orig openssl-1.1.1w/ssl/ssl_sess.c.orig +--- openssl-1.1.1w.orig/ssl/ssl_sess.c.orig 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-1.1.1w/ssl/ssl_sess.c.orig 2023-09-11 16:08:11.000000000 +0200 +@@ -0,0 +1,1283 @@ ++/* ++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2005 Nokia. All rights reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include "internal/refcount.h" ++#include "internal/cryptlib.h" ++#include "ssl_local.h" ++#include "statem/statem_local.h" ++ ++static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); ++static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); ++static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); ++ ++/* ++ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because, ++ * unlike in earlier protocol versions, the session ticket may not have been ++ * sent yet even though a handshake has finished. The session ticket data could ++ * come in sometime later...or even change if multiple session ticket messages ++ * are sent from the server. The preferred way for applications to obtain ++ * a resumable session is to use SSL_CTX_sess_set_new_cb(). ++ */ ++ ++SSL_SESSION *SSL_get_session(const SSL *ssl) ++/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ ++{ ++ return ssl->session; ++} ++ ++SSL_SESSION *SSL_get1_session(SSL *ssl) ++/* variant of SSL_get_session: caller really gets something */ ++{ ++ SSL_SESSION *sess; ++ /* ++ * Need to lock this all up rather than just use CRYPTO_add so that ++ * somebody doesn't free ssl->session between when we check it's non-null ++ * and when we up the reference count. ++ */ ++ CRYPTO_THREAD_read_lock(ssl->lock); ++ sess = ssl->session; ++ if (sess) ++ SSL_SESSION_up_ref(sess); ++ CRYPTO_THREAD_unlock(ssl->lock); ++ return sess; ++} ++ ++int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) ++{ ++ return CRYPTO_set_ex_data(&s->ex_data, idx, arg); ++} ++ ++void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) ++{ ++ return CRYPTO_get_ex_data(&s->ex_data, idx); ++} ++ ++SSL_SESSION *SSL_SESSION_new(void) ++{ ++ SSL_SESSION *ss; ++ ++ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) ++ return NULL; ++ ++ ss = OPENSSL_zalloc(sizeof(*ss)); ++ if (ss == NULL) { ++ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ++ ss->references = 1; ++ ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ ++ ss->time = (unsigned long)time(NULL); ++ ss->lock = CRYPTO_THREAD_lock_new(); ++ if (ss->lock == NULL) { ++ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(ss); ++ return NULL; ++ } ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) { ++ CRYPTO_THREAD_lock_free(ss->lock); ++ OPENSSL_free(ss); ++ return NULL; ++ } ++ return ss; ++} ++ ++SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src) ++{ ++ return ssl_session_dup(src, 1); ++} ++ ++/* ++ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If ++ * ticket == 0 then no ticket information is duplicated, otherwise it is. ++ */ ++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) ++{ ++ SSL_SESSION *dest; ++ ++ dest = OPENSSL_malloc(sizeof(*dest)); ++ if (dest == NULL) { ++ goto err; ++ } ++ memcpy(dest, src, sizeof(*dest)); ++ ++ /* ++ * Set the various pointers to NULL so that we can call SSL_SESSION_free in ++ * the case of an error whilst halfway through constructing dest ++ */ ++#ifndef OPENSSL_NO_PSK ++ dest->psk_identity_hint = NULL; ++ dest->psk_identity = NULL; ++#endif ++ dest->ext.hostname = NULL; ++ dest->ext.tick = NULL; ++ dest->ext.alpn_selected = NULL; ++#ifndef OPENSSL_NO_SRP ++ dest->srp_username = NULL; ++#endif ++ dest->peer_chain = NULL; ++ dest->peer = NULL; ++ dest->ticket_appdata = NULL; ++ memset(&dest->ex_data, 0, sizeof(dest->ex_data)); ++ ++ /* We deliberately don't copy the prev and next pointers */ ++ dest->prev = NULL; ++ dest->next = NULL; ++ ++ dest->references = 1; ++ ++ dest->lock = CRYPTO_THREAD_lock_new(); ++ if (dest->lock == NULL) { ++ OPENSSL_free(dest); ++ dest = NULL; ++ goto err; ++ } ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) ++ goto err; ++ ++ if (src->peer != NULL) { ++ if (!X509_up_ref(src->peer)) ++ goto err; ++ dest->peer = src->peer; ++ } ++ ++ if (src->peer_chain != NULL) { ++ dest->peer_chain = X509_chain_up_ref(src->peer_chain); ++ if (dest->peer_chain == NULL) ++ goto err; ++ } ++#ifndef OPENSSL_NO_PSK ++ if (src->psk_identity_hint) { ++ dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint); ++ if (dest->psk_identity_hint == NULL) { ++ goto err; ++ } ++ } ++ if (src->psk_identity) { ++ dest->psk_identity = OPENSSL_strdup(src->psk_identity); ++ if (dest->psk_identity == NULL) { ++ goto err; ++ } ++ } ++#endif ++ ++ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ++ &dest->ex_data, &src->ex_data)) { ++ goto err; ++ } ++ ++ if (src->ext.hostname) { ++ dest->ext.hostname = OPENSSL_strdup(src->ext.hostname); ++ if (dest->ext.hostname == NULL) { ++ goto err; ++ } ++ } ++ ++ if (ticket != 0 && src->ext.tick != NULL) { ++ dest->ext.tick = ++ OPENSSL_memdup(src->ext.tick, src->ext.ticklen); ++ if (dest->ext.tick == NULL) ++ goto err; ++ } else { ++ dest->ext.tick_lifetime_hint = 0; ++ dest->ext.ticklen = 0; ++ } ++ ++ if (src->ext.alpn_selected != NULL) { ++ dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, ++ src->ext.alpn_selected_len); ++ if (dest->ext.alpn_selected == NULL) ++ goto err; ++ } ++ ++#ifndef OPENSSL_NO_SRP ++ if (src->srp_username) { ++ dest->srp_username = OPENSSL_strdup(src->srp_username); ++ if (dest->srp_username == NULL) { ++ goto err; ++ } ++ } ++#endif ++ ++ if (src->ticket_appdata != NULL) { ++ dest->ticket_appdata = ++ OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); ++ if (dest->ticket_appdata == NULL) ++ goto err; ++ } ++ ++ return dest; ++ err: ++ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); ++ SSL_SESSION_free(dest); ++ return NULL; ++} ++ ++const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) ++{ ++ if (len) ++ *len = (unsigned int)s->session_id_length; ++ return s->session_id; ++} ++const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, ++ unsigned int *len) ++{ ++ if (len != NULL) ++ *len = (unsigned int)s->sid_ctx_length; ++ return s->sid_ctx; ++} ++ ++unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) ++{ ++ return s->compress_meth; ++} ++ ++/* ++ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling ++ * the ID with random junk repeatedly until we have no conflict is going to ++ * complete in one iteration pretty much "most" of the time (btw: ++ * understatement). So, if it takes us 10 iterations and we still can't avoid ++ * a conflict - well that's a reasonable point to call it quits. Either the ++ * RAND code is broken or someone is trying to open roughly very close to ++ * 2^256 SSL sessions to our server. How you might store that many sessions ++ * is perhaps a more interesting question ... ++ */ ++ ++#define MAX_SESS_ID_ATTEMPTS 10 ++static int def_generate_session_id(SSL *ssl, unsigned char *id, ++ unsigned int *id_len) ++{ ++ unsigned int retry = 0; ++ do ++ if (RAND_bytes(id, *id_len) <= 0) ++ return 0; ++ while (SSL_has_matching_session_id(ssl, id, *id_len) && ++ (++retry < MAX_SESS_ID_ATTEMPTS)) ; ++ if (retry < MAX_SESS_ID_ATTEMPTS) ++ return 1; ++ /* else - woops a session_id match */ ++ /* ++ * XXX We should also check the external cache -- but the probability of ++ * a collision is negligible, and we could not prevent the concurrent ++ * creation of sessions with identical IDs since we currently don't have ++ * means to atomically check whether a session ID already exists and make ++ * a reservation for it if it does not (this problem applies to the ++ * internal cache as well). ++ */ ++ return 0; ++} ++ ++int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) ++{ ++ unsigned int tmp; ++ GEN_SESSION_CB cb = def_generate_session_id; ++ ++ switch (s->version) { ++ case SSL3_VERSION: ++ case TLS1_VERSION: ++ case TLS1_1_VERSION: ++ case TLS1_2_VERSION: ++ case TLS1_3_VERSION: ++ case DTLS1_BAD_VER: ++ case DTLS1_VERSION: ++ case DTLS1_2_VERSION: ++ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; ++ break; ++ default: ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, ++ SSL_R_UNSUPPORTED_SSL_VERSION); ++ return 0; ++ } ++ ++ /*- ++ * If RFC5077 ticket, use empty session ID (as server). ++ * Note that: ++ * (a) ssl_get_prev_session() does lookahead into the ++ * ClientHello extensions to find the session ticket. ++ * When ssl_get_prev_session() fails, statem_srvr.c calls ++ * ssl_get_new_session() in tls_process_client_hello(). ++ * At that point, it has not yet parsed the extensions, ++ * however, because of the lookahead, it already knows ++ * whether a ticket is expected or not. ++ * ++ * (b) statem_clnt.c calls ssl_get_new_session() before parsing ++ * ServerHello extensions, and before recording the session ++ * ID received from the server, so this block is a noop. ++ */ ++ if (s->ext.ticket_expected) { ++ ss->session_id_length = 0; ++ return 1; ++ } ++ ++ /* Choose which callback will set the session ID */ ++ CRYPTO_THREAD_read_lock(s->lock); ++ CRYPTO_THREAD_read_lock(s->session_ctx->lock); ++ if (s->generate_session_id) ++ cb = s->generate_session_id; ++ else if (s->session_ctx->generate_session_id) ++ cb = s->session_ctx->generate_session_id; ++ CRYPTO_THREAD_unlock(s->session_ctx->lock); ++ CRYPTO_THREAD_unlock(s->lock); ++ /* Choose a session ID */ ++ memset(ss->session_id, 0, ss->session_id_length); ++ tmp = (int)ss->session_id_length; ++ if (!cb(s, ss->session_id, &tmp)) { ++ /* The callback failed */ ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, ++ SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); ++ return 0; ++ } ++ /* ++ * Don't allow the callback to set the session length to zero. nor ++ * set it higher than it was. ++ */ ++ if (tmp == 0 || tmp > ss->session_id_length) { ++ /* The callback set an illegal length */ ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, ++ SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); ++ return 0; ++ } ++ ss->session_id_length = tmp; ++ /* Finally, check for a conflict */ ++ if (SSL_has_matching_session_id(s, ss->session_id, ++ (unsigned int)ss->session_id_length)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, ++ SSL_R_SSL_SESSION_ID_CONFLICT); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int ssl_get_new_session(SSL *s, int session) ++{ ++ /* This gets used by clients and servers. */ ++ ++ SSL_SESSION *ss = NULL; ++ ++ if ((ss = SSL_SESSION_new()) == NULL) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ /* If the context has a default timeout, use it */ ++ if (s->session_ctx->session_timeout == 0) ++ ss->timeout = SSL_get_default_timeout(s); ++ else ++ ss->timeout = s->session_ctx->session_timeout; ++ ++ SSL_SESSION_free(s->session); ++ s->session = NULL; ++ ++ if (session) { ++ if (SSL_IS_TLS13(s)) { ++ /* ++ * We generate the session id while constructing the ++ * NewSessionTicket in TLSv1.3. ++ */ ++ ss->session_id_length = 0; ++ } else if (!ssl_generate_session_id(s, ss)) { ++ /* SSLfatal() already called */ ++ SSL_SESSION_free(ss); ++ return 0; ++ } ++ ++ } else { ++ ss->session_id_length = 0; ++ } ++ ++ if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, ++ ERR_R_INTERNAL_ERROR); ++ SSL_SESSION_free(ss); ++ return 0; ++ } ++ memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); ++ ss->sid_ctx_length = s->sid_ctx_length; ++ s->session = ss; ++ ss->ssl_version = s->version; ++ ss->verify_result = X509_V_OK; ++ ++ /* If client supports extended master secret set it in session */ ++ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) ++ ss->flags |= SSL_SESS_FLAG_EXTMS; ++ ++ return 1; ++} ++ ++SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, ++ size_t sess_id_len) ++{ ++ SSL_SESSION *ret = NULL; ++ ++ if ((s->session_ctx->session_cache_mode ++ & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { ++ SSL_SESSION data; ++ ++ data.ssl_version = s->version; ++ if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH)) ++ return NULL; ++ ++ memcpy(data.session_id, sess_id, sess_id_len); ++ data.session_id_length = sess_id_len; ++ ++ CRYPTO_THREAD_read_lock(s->session_ctx->lock); ++ ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); ++ if (ret != NULL) { ++ /* don't allow other threads to steal it: */ ++ SSL_SESSION_up_ref(ret); ++ } ++ CRYPTO_THREAD_unlock(s->session_ctx->lock); ++ if (ret == NULL) ++ tsan_counter(&s->session_ctx->stats.sess_miss); ++ } ++ ++ if (ret == NULL && s->session_ctx->get_session_cb != NULL) { ++ int copy = 1; ++ ++ ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); ++ ++ if (ret != NULL) { ++ tsan_counter(&s->session_ctx->stats.sess_cb_hit); ++ ++ /* ++ * Increment reference count now if the session callback asks us ++ * to do so (note that if the session structures returned by the ++ * callback are shared between threads, it must handle the ++ * reference count itself [i.e. copy == 0], or things won't be ++ * thread-safe). ++ */ ++ if (copy) ++ SSL_SESSION_up_ref(ret); ++ ++ /* ++ * Add the externally cached session to the internal cache as ++ * well if and only if we are supposed to. ++ */ ++ if ((s->session_ctx->session_cache_mode & ++ SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { ++ /* ++ * Either return value of SSL_CTX_add_session should not ++ * interrupt the session resumption process. The return ++ * value is intentionally ignored. ++ */ ++ (void)SSL_CTX_add_session(s->session_ctx, ret); ++ } ++ } ++ } ++ ++ return ret; ++} ++ ++/*- ++ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this ++ * connection. It is only called by servers. ++ * ++ * hello: The parsed ClientHello data ++ * ++ * Returns: ++ * -1: fatal error ++ * 0: no session found ++ * 1: a session may have been found. ++ * ++ * Side effects: ++ * - If a session is found then s->session is pointed at it (after freeing an ++ * existing session if need be) and s->verify_result is set from the session. ++ * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 ++ * if the server should issue a new session ticket (to 0 otherwise). ++ */ ++int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) ++{ ++ /* This is used only by servers. */ ++ ++ SSL_SESSION *ret = NULL; ++ int fatal = 0; ++ int try_session_cache = 0; ++ SSL_TICKET_STATUS r; ++ ++ if (SSL_IS_TLS13(s)) { ++ /* ++ * By default we will send a new ticket. This can be overridden in the ++ * ticket processing. ++ */ ++ s->ext.ticket_expected = 1; ++ if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, ++ SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, ++ NULL, 0) ++ || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, ++ hello->pre_proc_exts, NULL, 0)) ++ return -1; ++ ++ ret = s->session; ++ } else { ++ /* sets s->ext.ticket_expected */ ++ r = tls_get_ticket_from_client(s, hello, &ret); ++ switch (r) { ++ case SSL_TICKET_FATAL_ERR_MALLOC: ++ case SSL_TICKET_FATAL_ERR_OTHER: ++ fatal = 1; ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ case SSL_TICKET_NONE: ++ case SSL_TICKET_EMPTY: ++ if (hello->session_id_len > 0) { ++ try_session_cache = 1; ++ ret = lookup_sess_in_cache(s, hello->session_id, ++ hello->session_id_len); ++ } ++ break; ++ case SSL_TICKET_NO_DECRYPT: ++ case SSL_TICKET_SUCCESS: ++ case SSL_TICKET_SUCCESS_RENEW: ++ break; ++ } ++ } ++ ++ if (ret == NULL) ++ goto err; ++ ++ /* Now ret is non-NULL and we own one of its reference counts. */ ++ ++ /* Check TLS version consistency */ ++ if (ret->ssl_version != s->version) ++ goto err; ++ ++ if (ret->sid_ctx_length != s->sid_ctx_length ++ || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { ++ /* ++ * We have the session requested by the client, but we don't want to ++ * use it in this context. ++ */ ++ goto err; /* treat like cache miss */ ++ } ++ ++ if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { ++ /* ++ * We can't be sure if this session is being used out of context, ++ * which is especially important for SSL_VERIFY_PEER. The application ++ * should have used SSL[_CTX]_set_session_id_context. For this error ++ * case, we generate an error instead of treating the event like a ++ * cache miss (otherwise it would be easy for applications to ++ * effectively disable the session cache by accident without anyone ++ * noticing). ++ */ ++ ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, ++ SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); ++ fatal = 1; ++ goto err; ++ } ++ ++ if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ ++ tsan_counter(&s->session_ctx->stats.sess_timeout); ++ if (try_session_cache) { ++ /* session was from the cache, so remove it */ ++ SSL_CTX_remove_session(s->session_ctx, ret); ++ } ++ goto err; ++ } ++ ++ /* Check extended master secret extension consistency */ ++ if (ret->flags & SSL_SESS_FLAG_EXTMS) { ++ /* If old session includes extms, but new does not: abort handshake */ ++ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { ++ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION, ++ SSL_R_INCONSISTENT_EXTMS); ++ fatal = 1; ++ goto err; ++ } ++ } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { ++ /* If new session includes extms, but old does not: do not resume */ ++ goto err; ++ } ++ ++ if (!SSL_IS_TLS13(s)) { ++ /* We already did this for TLS1.3 */ ++ SSL_SESSION_free(s->session); ++ s->session = ret; ++ } ++ ++ tsan_counter(&s->session_ctx->stats.sess_hit); ++ s->verify_result = s->session->verify_result; ++ return 1; ++ ++ err: ++ if (ret != NULL) { ++ SSL_SESSION_free(ret); ++ /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ ++ if (SSL_IS_TLS13(s)) ++ s->session = NULL; ++ ++ if (!try_session_cache) { ++ /* ++ * The session was from a ticket, so we should issue a ticket for ++ * the new session ++ */ ++ s->ext.ticket_expected = 1; ++ } ++ } ++ if (fatal) ++ return -1; ++ ++ return 0; ++} ++ ++int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) ++{ ++ int ret = 0; ++ SSL_SESSION *s; ++ ++ /* ++ * add just 1 reference count for the SSL_CTX's session cache even though ++ * it has two ways of access: each session is in a doubly linked list and ++ * an lhash ++ */ ++ SSL_SESSION_up_ref(c); ++ /* ++ * if session c is in already in cache, we take back the increment later ++ */ ++ ++ CRYPTO_THREAD_write_lock(ctx->lock); ++ s = lh_SSL_SESSION_insert(ctx->sessions, c); ++ ++ /* ++ * s != NULL iff we already had a session with the given PID. In this ++ * case, s == c should hold (then we did not really modify ++ * ctx->sessions), or we're in trouble. ++ */ ++ if (s != NULL && s != c) { ++ /* We *are* in trouble ... */ ++ SSL_SESSION_list_remove(ctx, s); ++ SSL_SESSION_free(s); ++ /* ++ * ... so pretend the other session did not exist in cache (we cannot ++ * handle two SSL_SESSION structures with identical session ID in the ++ * same cache, which could happen e.g. when two threads concurrently ++ * obtain the same session from an external cache) ++ */ ++ s = NULL; ++ } else if (s == NULL && ++ lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) { ++ /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */ ++ ++ /* ++ * ... so take back the extra reference and also don't add ++ * the session to the SSL_SESSION_list at this time ++ */ ++ s = c; ++ } ++ ++ /* Put at the head of the queue unless it is already in the cache */ ++ if (s == NULL) ++ SSL_SESSION_list_add(ctx, c); ++ ++ if (s != NULL) { ++ /* ++ * existing cache entry -- decrement previously incremented reference ++ * count because it already takes into account the cache ++ */ ++ ++ SSL_SESSION_free(s); /* s == c */ ++ ret = 0; ++ } else { ++ /* ++ * new cache entry -- remove old ones if cache has become too large ++ */ ++ ++ ret = 1; ++ ++ if (SSL_CTX_sess_get_cache_size(ctx) > 0) { ++ while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { ++ if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) ++ break; ++ else ++ tsan_counter(&ctx->stats.sess_cache_full); ++ } ++ } ++ } ++ CRYPTO_THREAD_unlock(ctx->lock); ++ return ret; ++} ++ ++int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) ++{ ++ return remove_session_lock(ctx, c, 1); ++} ++ ++static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) ++{ ++ SSL_SESSION *r; ++ int ret = 0; ++ ++ if ((c != NULL) && (c->session_id_length != 0)) { ++ if (lck) ++ CRYPTO_THREAD_write_lock(ctx->lock); ++ if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) { ++ ret = 1; ++ r = lh_SSL_SESSION_delete(ctx->sessions, r); ++ SSL_SESSION_list_remove(ctx, r); ++ } ++ c->not_resumable = 1; ++ ++ if (lck) ++ CRYPTO_THREAD_unlock(ctx->lock); ++ ++ if (ctx->remove_session_cb != NULL) ++ ctx->remove_session_cb(ctx, c); ++ ++ if (ret) ++ SSL_SESSION_free(r); ++ } else ++ ret = 0; ++ return ret; ++} ++ ++void SSL_SESSION_free(SSL_SESSION *ss) ++{ ++ int i; ++ ++ if (ss == NULL) ++ return; ++ CRYPTO_DOWN_REF(&ss->references, &i, ss->lock); ++ REF_PRINT_COUNT("SSL_SESSION", ss); ++ if (i > 0) ++ return; ++ REF_ASSERT_ISNT(i < 0); ++ ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); ++ ++ OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); ++ OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); ++ X509_free(ss->peer); ++ sk_X509_pop_free(ss->peer_chain, X509_free); ++ OPENSSL_free(ss->ext.hostname); ++ OPENSSL_free(ss->ext.tick); ++#ifndef OPENSSL_NO_PSK ++ OPENSSL_free(ss->psk_identity_hint); ++ OPENSSL_free(ss->psk_identity); ++#endif ++#ifndef OPENSSL_NO_SRP ++ OPENSSL_free(ss->srp_username); ++#endif ++ OPENSSL_free(ss->ext.alpn_selected); ++ OPENSSL_free(ss->ticket_appdata); ++ CRYPTO_THREAD_lock_free(ss->lock); ++ OPENSSL_clear_free(ss, sizeof(*ss)); ++} ++ ++int SSL_SESSION_up_ref(SSL_SESSION *ss) ++{ ++ int i; ++ ++ if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0) ++ return 0; ++ ++ REF_PRINT_COUNT("SSL_SESSION", ss); ++ REF_ASSERT_ISNT(i < 2); ++ return ((i > 1) ? 1 : 0); ++} ++ ++int SSL_set_session(SSL *s, SSL_SESSION *session) ++{ ++ ssl_clear_bad_session(s); ++ if (s->ctx->method != s->method) { ++ if (!SSL_set_ssl_method(s, s->ctx->method)) ++ return 0; ++ } ++ ++ if (session != NULL) { ++ SSL_SESSION_up_ref(session); ++ s->verify_result = session->verify_result; ++ } ++ SSL_SESSION_free(s->session); ++ s->session = session; ++ ++ return 1; ++} ++ ++int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, ++ unsigned int sid_len) ++{ ++ if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { ++ SSLerr(SSL_F_SSL_SESSION_SET1_ID, ++ SSL_R_SSL_SESSION_ID_TOO_LONG); ++ return 0; ++ } ++ s->session_id_length = sid_len; ++ if (sid != s->session_id) ++ memcpy(s->session_id, sid, sid_len); ++ return 1; ++} ++ ++long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) ++{ ++ if (s == NULL) ++ return 0; ++ s->timeout = t; ++ return 1; ++} ++ ++long SSL_SESSION_get_timeout(const SSL_SESSION *s) ++{ ++ if (s == NULL) ++ return 0; ++ return s->timeout; ++} ++ ++long SSL_SESSION_get_time(const SSL_SESSION *s) ++{ ++ if (s == NULL) ++ return 0; ++ return s->time; ++} ++ ++long SSL_SESSION_set_time(SSL_SESSION *s, long t) ++{ ++ if (s == NULL) ++ return 0; ++ s->time = t; ++ return t; ++} ++ ++int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) ++{ ++ return s->ssl_version; ++} ++ ++int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version) ++{ ++ s->ssl_version = version; ++ return 1; ++} ++ ++const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s) ++{ ++ return s->cipher; ++} ++ ++int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher) ++{ ++ s->cipher = cipher; ++ return 1; ++} ++ ++const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) ++{ ++ return s->ext.hostname; ++} ++ ++int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname) ++{ ++ OPENSSL_free(s->ext.hostname); ++ if (hostname == NULL) { ++ s->ext.hostname = NULL; ++ return 1; ++ } ++ s->ext.hostname = OPENSSL_strdup(hostname); ++ ++ return s->ext.hostname != NULL; ++} ++ ++int SSL_SESSION_has_ticket(const SSL_SESSION *s) ++{ ++ return (s->ext.ticklen > 0) ? 1 : 0; ++} ++ ++unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) ++{ ++ return s->ext.tick_lifetime_hint; ++} ++ ++void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, ++ size_t *len) ++{ ++ *len = s->ext.ticklen; ++ if (tick != NULL) ++ *tick = s->ext.tick; ++} ++ ++uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s) ++{ ++ return s->ext.max_early_data; ++} ++ ++int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) ++{ ++ s->ext.max_early_data = max_early_data; ++ ++ return 1; ++} ++ ++void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, ++ const unsigned char **alpn, ++ size_t *len) ++{ ++ *alpn = s->ext.alpn_selected; ++ *len = s->ext.alpn_selected_len; ++} ++ ++int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, ++ size_t len) ++{ ++ OPENSSL_free(s->ext.alpn_selected); ++ if (alpn == NULL || len == 0) { ++ s->ext.alpn_selected = NULL; ++ s->ext.alpn_selected_len = 0; ++ return 1; ++ } ++ s->ext.alpn_selected = OPENSSL_memdup(alpn, len); ++ if (s->ext.alpn_selected == NULL) { ++ s->ext.alpn_selected_len = 0; ++ return 0; ++ } ++ s->ext.alpn_selected_len = len; ++ ++ return 1; ++} ++ ++X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) ++{ ++ return s->peer; ++} ++ ++int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len) ++{ ++ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { ++ SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, ++ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); ++ return 0; ++ } ++ s->sid_ctx_length = sid_ctx_len; ++ if (sid_ctx != s->sid_ctx) ++ memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); ++ ++ return 1; ++} ++ ++int SSL_SESSION_is_resumable(const SSL_SESSION *s) ++{ ++ /* ++ * In the case of EAP-FAST, we can have a pre-shared "ticket" without a ++ * session ID. ++ */ ++ return !s->not_resumable ++ && (s->session_id_length > 0 || s->ext.ticklen > 0); ++} ++ ++long SSL_CTX_set_timeout(SSL_CTX *s, long t) ++{ ++ long l; ++ if (s == NULL) ++ return 0; ++ l = s->session_timeout; ++ s->session_timeout = t; ++ return l; ++} ++ ++long SSL_CTX_get_timeout(const SSL_CTX *s) ++{ ++ if (s == NULL) ++ return 0; ++ return s->session_timeout; ++} ++ ++int SSL_set_session_secret_cb(SSL *s, ++ tls_session_secret_cb_fn tls_session_secret_cb, ++ void *arg) ++{ ++ if (s == NULL) ++ return 0; ++ s->ext.session_secret_cb = tls_session_secret_cb; ++ s->ext.session_secret_cb_arg = arg; ++ return 1; ++} ++ ++int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, ++ void *arg) ++{ ++ if (s == NULL) ++ return 0; ++ s->ext.session_ticket_cb = cb; ++ s->ext.session_ticket_cb_arg = arg; ++ return 1; ++} ++ ++int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) ++{ ++ if (s->version >= TLS1_VERSION) { ++ OPENSSL_free(s->ext.session_ticket); ++ s->ext.session_ticket = NULL; ++ s->ext.session_ticket = ++ OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); ++ if (s->ext.session_ticket == NULL) { ++ SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (ext_data != NULL) { ++ s->ext.session_ticket->length = ext_len; ++ s->ext.session_ticket->data = s->ext.session_ticket + 1; ++ memcpy(s->ext.session_ticket->data, ext_data, ext_len); ++ } else { ++ s->ext.session_ticket->length = 0; ++ s->ext.session_ticket->data = NULL; ++ } ++ ++ return 1; ++ } ++ ++ return 0; ++} ++ ++typedef struct timeout_param_st { ++ SSL_CTX *ctx; ++ long time; ++ LHASH_OF(SSL_SESSION) *cache; ++} TIMEOUT_PARAM; ++ ++static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p) ++{ ++ if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */ ++ /* ++ * The reason we don't call SSL_CTX_remove_session() is to save on ++ * locking overhead ++ */ ++ (void)lh_SSL_SESSION_delete(p->cache, s); ++ SSL_SESSION_list_remove(p->ctx, s); ++ s->not_resumable = 1; ++ if (p->ctx->remove_session_cb != NULL) ++ p->ctx->remove_session_cb(p->ctx, s); ++ SSL_SESSION_free(s); ++ } ++} ++ ++IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM); ++ ++void SSL_CTX_flush_sessions(SSL_CTX *s, long t) ++{ ++ unsigned long i; ++ TIMEOUT_PARAM tp; ++ ++ tp.ctx = s; ++ tp.cache = s->sessions; ++ if (tp.cache == NULL) ++ return; ++ tp.time = t; ++ CRYPTO_THREAD_write_lock(s->lock); ++ i = lh_SSL_SESSION_get_down_load(s->sessions); ++ lh_SSL_SESSION_set_down_load(s->sessions, 0); ++ lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp); ++ lh_SSL_SESSION_set_down_load(s->sessions, i); ++ CRYPTO_THREAD_unlock(s->lock); ++} ++ ++int ssl_clear_bad_session(SSL *s) ++{ ++ if ((s->session != NULL) && ++ !(s->shutdown & SSL_SENT_SHUTDOWN) && ++ !(SSL_in_init(s) || SSL_in_before(s))) { ++ SSL_CTX_remove_session(s->session_ctx, s->session); ++ return 1; ++ } else ++ return 0; ++} ++ ++/* locked by SSL_CTX in the calling function */ ++static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) ++{ ++ if ((s->next == NULL) || (s->prev == NULL)) ++ return; ++ ++ if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) { ++ /* last element in list */ ++ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { ++ /* only one element in list */ ++ ctx->session_cache_head = NULL; ++ ctx->session_cache_tail = NULL; ++ } else { ++ ctx->session_cache_tail = s->prev; ++ s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); ++ } ++ } else { ++ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { ++ /* first element in list */ ++ ctx->session_cache_head = s->next; ++ s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); ++ } else { ++ /* middle of list */ ++ s->next->prev = s->prev; ++ s->prev->next = s->next; ++ } ++ } ++ s->prev = s->next = NULL; ++} ++ ++static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) ++{ ++ if ((s->next != NULL) && (s->prev != NULL)) ++ SSL_SESSION_list_remove(ctx, s); ++ ++ if (ctx->session_cache_head == NULL) { ++ ctx->session_cache_head = s; ++ ctx->session_cache_tail = s; ++ s->prev = (SSL_SESSION *)&(ctx->session_cache_head); ++ s->next = (SSL_SESSION *)&(ctx->session_cache_tail); ++ } else { ++ s->next = ctx->session_cache_head; ++ s->next->prev = s; ++ s->prev = (SSL_SESSION *)&(ctx->session_cache_head); ++ ctx->session_cache_head = s; ++ } ++} ++ ++void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, ++ int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess)) ++{ ++ ctx->new_session_cb = cb; ++} ++ ++int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) { ++ return ctx->new_session_cb; ++} ++ ++void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, ++ void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess)) ++{ ++ ctx->remove_session_cb = cb; ++} ++ ++void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx, ++ SSL_SESSION *sess) { ++ return ctx->remove_session_cb; ++} ++ ++void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, ++ SSL_SESSION *(*cb) (struct ssl_st *ssl, ++ const unsigned char *data, ++ int len, int *copy)) ++{ ++ ctx->get_session_cb = cb; ++} ++ ++SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl, ++ const unsigned char ++ *data, int len, ++ int *copy) { ++ return ctx->get_session_cb; ++} ++ ++void SSL_CTX_set_info_callback(SSL_CTX *ctx, ++ void (*cb) (const SSL *ssl, int type, int val)) ++{ ++ ctx->info_callback = cb; ++} ++ ++void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, ++ int val) { ++ return ctx->info_callback; ++} ++ ++void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey)) ++{ ++ ctx->client_cert_cb = cb; ++} ++ ++int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey) { ++ return ctx->client_cert_cb; ++} ++ ++#ifndef OPENSSL_NO_ENGINE ++int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) ++{ ++ if (!ENGINE_init(e)) { ++ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); ++ return 0; ++ } ++ if (!ENGINE_get_ssl_client_cert_function(e)) { ++ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ++ SSL_R_NO_CLIENT_CERT_METHOD); ++ ENGINE_finish(e); ++ return 0; ++ } ++ ctx->client_cert_engine = e; ++ return 1; ++} ++#endif ++ ++void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ unsigned char *cookie, ++ unsigned int *cookie_len)) ++{ ++ ctx->app_gen_cookie_cb = cb; ++} ++ ++void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ const unsigned char *cookie, ++ unsigned int cookie_len)) ++{ ++ ctx->app_verify_cookie_cb = cb; ++} ++ ++int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len) ++{ ++ OPENSSL_free(ss->ticket_appdata); ++ ss->ticket_appdata_len = 0; ++ if (data == NULL || len == 0) { ++ ss->ticket_appdata = NULL; ++ return 1; ++ } ++ ss->ticket_appdata = OPENSSL_memdup(data, len); ++ if (ss->ticket_appdata != NULL) { ++ ss->ticket_appdata_len = len; ++ return 1; ++ } ++ return 0; ++} ++ ++int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len) ++{ ++ *data = ss->ticket_appdata; ++ *len = ss->ticket_appdata_len; ++ return 1; ++} ++ ++void SSL_CTX_set_stateless_cookie_generate_cb( ++ SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ unsigned char *cookie, ++ size_t *cookie_len)) ++{ ++ ctx->gen_stateless_cookie_cb = cb; ++} ++ ++void SSL_CTX_set_stateless_cookie_verify_cb( ++ SSL_CTX *ctx, ++ int (*cb) (SSL *ssl, ++ const unsigned char *cookie, ++ size_t cookie_len)) ++{ ++ ctx->verify_stateless_cookie_cb = cb; ++} ++ ++IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) +diff -urN openssl-1.1.1w.orig/ssl/statem/statem_srvr.c openssl-1.1.1w/ssl/statem/statem_srvr.c +--- openssl-1.1.1w.orig/ssl/statem/statem_srvr.c 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/ssl/statem/statem_srvr.c 2023-11-08 01:21:37.262754997 +0100 +@@ -1623,6 +1623,7 @@ + STACK_OF(SSL_CIPHER) *scsvs = NULL; + CLIENTHELLO_MSG *clienthello = s->clienthello; + DOWNGRADE dgrd = DOWNGRADE_NONE; ++ PACKET saved_ciphers; + + /* Finished parsing the ClientHello, now we can start processing it */ + /* Give the ClientHello callback a crack at things */ +@@ -1730,6 +1731,7 @@ + } + + s->hit = 0; ++ saved_ciphers = clienthello->ciphersuites; + + if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, + clienthello->isv2) || +@@ -1835,6 +1837,10 @@ + } else if (i == -1) { + /* SSLfatal() already called */ + goto err; ++ } else if (i == -2) { ++ clienthello->ciphersuites = saved_ciphers; ++ s->rwstate = SSL_SESS_LOOKUP; ++ goto retry; + } else { + /* i == 0 */ + if (!ssl_get_new_session(s, 1)) { +@@ -1842,6 +1848,7 @@ + goto err; + } + } ++ s->rwstate = SSL_NOTHING; + } + + if (SSL_IS_TLS13(s)) { +@@ -2107,6 +2114,10 @@ + s->clienthello = NULL; + + return 0; ++retry: ++ sk_SSL_CIPHER_free(ciphers); ++ sk_SSL_CIPHER_free(scsvs); ++ return -1; + } + + /* +diff -urN openssl-1.1.1w.orig/util/libssl.num openssl-1.1.1w/util/libssl.num +--- openssl-1.1.1w.orig/util/libssl.num 2023-09-11 16:08:11.000000000 +0200 ++++ openssl-1.1.1w/util/libssl.num 2023-11-08 01:21:37.262754997 +0100 +@@ -7,6 +7,7 @@ + SSL_CTX_set_srp_password 7 1_1_0 EXIST::FUNCTION:SRP + SSL_shutdown 8 1_1_0 EXIST::FUNCTION: + SSL_CTX_set_msg_callback 9 1_1_0 EXIST::FUNCTION: ++SSL_magic_pending_session_ptr 10 1_1_0 EXIST::FUNCTION: + SSL_SESSION_get0_ticket 11 1_1_0 EXIST::FUNCTION: + SSL_get1_supported_ciphers 12 1_1_0 EXIST::FUNCTION: + SSL_state_string_long 13 1_1_0 EXIST::FUNCTION: diff -Nru openssl-1.1.1w/debian/patches/series openssl-1.1.1w/debian/patches/series --- openssl-1.1.1w/debian/patches/series 2023-10-27 18:46:31.000000000 +0000 +++ openssl-1.1.1w/debian/patches/series 2023-11-08 00:24:02.000000000 +0000 @@ -27,3 +27,4 @@ man-section.patch no-symbolic.patch pic.patch +openssl-1.1.1c-sess_set_get_cb_yield.patch