1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144 #include <stdlib.h>
145 #include <string.h>
146
147 #include <openssl/bytestring.h>
148 #include <openssl/crypto.h>
149 #include <openssl/err.h>
150 #include <openssl/lhash.h>
151 #include <openssl/mem.h>
152 #include <openssl/rand.h>
153
154 #include "internal.h"
155 #include "../crypto/internal.h"
156
157 #if defined(OPENSSL_WINDOWS)
158 #include <sys/timeb.h>
159 #else
160 #include <sys/socket.h>
161 #include <sys/time.h>
162 #endif
163
164
165 /* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
166 * to avoid downstream churn. */
167 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
168
169 /* The following errors are no longer emitted, but are used in nginx without
170 * #ifdefs. */
171 OPENSSL_DECLARE_ERROR_REASON(SSL, BLOCK_CIPHER_PAD_IS_WRONG)
172 OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED)
173
174 /* Some error codes are special. Ensure the make_errors.go script never
175 * regresses this. */
176 static_assert(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
177 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
178 "alert reason code mismatch");
179
180 /* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */
181 static const size_t kMaxHandshakeSize = (1u << 24) - 1;
182
183 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
184 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
185 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
186 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
187
SSL_library_init(void)188 int SSL_library_init(void) {
189 CRYPTO_library_init();
190 return 1;
191 }
192
ssl_session_hash(const SSL_SESSION * sess)193 static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
194 const uint8_t *session_id = sess->session_id;
195
196 uint8_t tmp_storage[sizeof(uint32_t)];
197 if (sess->session_id_length < sizeof(tmp_storage)) {
198 OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage));
199 OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length);
200 session_id = tmp_storage;
201 }
202
203 uint32_t hash =
204 ((uint32_t)session_id[0]) |
205 ((uint32_t)session_id[1] << 8) |
206 ((uint32_t)session_id[2] << 16) |
207 ((uint32_t)session_id[3] << 24);
208
209 return hash;
210 }
211
212 /* NB: If this function (or indeed the hash function which uses a sort of
213 * coarser function than this one) is changed, ensure
214 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
215 * able to construct an SSL_SESSION that will collide with any existing session
216 * with a matching session ID. */
ssl_session_cmp(const SSL_SESSION * a,const SSL_SESSION * b)217 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
218 if (a->ssl_version != b->ssl_version) {
219 return 1;
220 }
221
222 if (a->session_id_length != b->session_id_length) {
223 return 1;
224 }
225
226 return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
227 }
228
SSL_CTX_new(const SSL_METHOD * method)229 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
230 SSL_CTX *ret = NULL;
231
232 if (method == NULL) {
233 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
234 return NULL;
235 }
236
237 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
238 if (ret == NULL) {
239 goto err;
240 }
241
242 OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
243
244 ret->method = method->method;
245 ret->x509_method = method->x509_method;
246
247 CRYPTO_MUTEX_init(&ret->lock);
248
249 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
250 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
251
252 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
253 ret->session_psk_dhe_timeout = SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT;
254
255 ret->references = 1;
256
257 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
258 ret->verify_mode = SSL_VERIFY_NONE;
259 ret->cert = ssl_cert_new(method->x509_method);
260 if (ret->cert == NULL) {
261 goto err;
262 }
263
264 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
265 if (ret->sessions == NULL) {
266 goto err;
267 }
268
269 if (!ret->x509_method->ssl_ctx_new(ret)) {
270 goto err;
271 }
272
273 if (!SSL_CTX_set_strict_cipher_list(ret, SSL_DEFAULT_CIPHER_LIST)) {
274 goto err2;
275 }
276
277 ret->client_CA = sk_CRYPTO_BUFFER_new_null();
278 if (ret->client_CA == NULL) {
279 goto err;
280 }
281
282 CRYPTO_new_ex_data(&ret->ex_data);
283
284 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
285
286 /* Setup RFC4507 ticket keys */
287 if (!RAND_bytes(ret->tlsext_tick_key_name, 16) ||
288 !RAND_bytes(ret->tlsext_tick_hmac_key, 16) ||
289 !RAND_bytes(ret->tlsext_tick_aes_key, 16)) {
290 ret->options |= SSL_OP_NO_TICKET;
291 }
292
293 /* Disable the auto-chaining feature by default. Once this has stuck without
294 * problems, the feature will be removed entirely. */
295 ret->mode = SSL_MODE_NO_AUTO_CHAIN;
296
297 /* Lock the SSL_CTX to the specified version, for compatibility with legacy
298 * uses of SSL_METHOD, but we do not set the minimum version for
299 * |SSLv3_method|. */
300 if (!SSL_CTX_set_max_proto_version(ret, method->version) ||
301 !SSL_CTX_set_min_proto_version(ret, method->version == SSL3_VERSION
302 ? 0 /* default */
303 : method->version)) {
304 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
305 goto err2;
306 }
307
308 return ret;
309
310 err:
311 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
312 err2:
313 SSL_CTX_free(ret);
314 return NULL;
315 }
316
SSL_CTX_up_ref(SSL_CTX * ctx)317 int SSL_CTX_up_ref(SSL_CTX *ctx) {
318 CRYPTO_refcount_inc(&ctx->references);
319 return 1;
320 }
321
SSL_CTX_free(SSL_CTX * ctx)322 void SSL_CTX_free(SSL_CTX *ctx) {
323 if (ctx == NULL ||
324 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
325 return;
326 }
327
328 /* Free internal session cache. However: the remove_cb() may reference the
329 * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
330 * sessions were flushed. As the ex_data handling routines might also touch
331 * the session cache, the most secure solution seems to be: empty (flush) the
332 * cache, then free ex_data, then finally free the cache. (See ticket
333 * [openssl.org #212].) */
334 SSL_CTX_flush_sessions(ctx, 0);
335
336 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
337
338 CRYPTO_MUTEX_cleanup(&ctx->lock);
339 lh_SSL_SESSION_free(ctx->sessions);
340 ssl_cipher_preference_list_free(ctx->cipher_list);
341 ssl_cert_free(ctx->cert);
342 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
343 SSL_CUSTOM_EXTENSION_free);
344 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
345 SSL_CUSTOM_EXTENSION_free);
346 sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free);
347 ctx->x509_method->ssl_ctx_free(ctx);
348 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
349 OPENSSL_free(ctx->psk_identity_hint);
350 OPENSSL_free(ctx->supported_group_list);
351 OPENSSL_free(ctx->alpn_client_proto_list);
352 EVP_PKEY_free(ctx->tlsext_channel_id_private);
353 OPENSSL_free(ctx->verify_sigalgs);
354
355 OPENSSL_free(ctx);
356 }
357
SSL_new(SSL_CTX * ctx)358 SSL *SSL_new(SSL_CTX *ctx) {
359 if (ctx == NULL) {
360 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
361 return NULL;
362 }
363 if (ctx->method == NULL) {
364 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
365 return NULL;
366 }
367
368 SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL));
369 if (ssl == NULL) {
370 goto err;
371 }
372 OPENSSL_memset(ssl, 0, sizeof(SSL));
373
374 ssl->conf_min_version = ctx->conf_min_version;
375 ssl->conf_max_version = ctx->conf_max_version;
376 ssl->tls13_variant = ctx->tls13_variant;
377
378 /* RFC 6347 states that implementations SHOULD use an initial timer value of
379 * 1 second. */
380 ssl->initial_timeout_duration_ms = 1000;
381
382 ssl->options = ctx->options;
383 ssl->mode = ctx->mode;
384 ssl->max_cert_list = ctx->max_cert_list;
385
386 ssl->cert = ssl_cert_dup(ctx->cert);
387 if (ssl->cert == NULL) {
388 goto err;
389 }
390
391 ssl->msg_callback = ctx->msg_callback;
392 ssl->msg_callback_arg = ctx->msg_callback_arg;
393 ssl->verify_mode = ctx->verify_mode;
394 ssl->verify_callback = ctx->default_verify_callback;
395 ssl->retain_only_sha256_of_client_certs =
396 ctx->retain_only_sha256_of_client_certs;
397
398 ssl->quiet_shutdown = ctx->quiet_shutdown;
399 ssl->max_send_fragment = ctx->max_send_fragment;
400
401 SSL_CTX_up_ref(ctx);
402 ssl->ctx = ctx;
403 SSL_CTX_up_ref(ctx);
404 ssl->session_ctx = ctx;
405
406 if (!ssl->ctx->x509_method->ssl_new(ssl)) {
407 goto err;
408 }
409
410 if (ctx->supported_group_list) {
411 ssl->supported_group_list = (uint16_t *)BUF_memdup(
412 ctx->supported_group_list, ctx->supported_group_list_len * 2);
413 if (!ssl->supported_group_list) {
414 goto err;
415 }
416 ssl->supported_group_list_len = ctx->supported_group_list_len;
417 }
418
419 if (ctx->alpn_client_proto_list) {
420 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(
421 ctx->alpn_client_proto_list, ctx->alpn_client_proto_list_len);
422 if (ssl->alpn_client_proto_list == NULL) {
423 goto err;
424 }
425 ssl->alpn_client_proto_list_len = ctx->alpn_client_proto_list_len;
426 }
427
428 ssl->method = ctx->method;
429
430 if (!ssl->method->ssl_new(ssl)) {
431 goto err;
432 }
433
434 ssl->rwstate = SSL_NOTHING;
435
436 CRYPTO_new_ex_data(&ssl->ex_data);
437
438 ssl->psk_identity_hint = NULL;
439 if (ctx->psk_identity_hint) {
440 ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
441 if (ssl->psk_identity_hint == NULL) {
442 goto err;
443 }
444 }
445 ssl->psk_client_callback = ctx->psk_client_callback;
446 ssl->psk_server_callback = ctx->psk_server_callback;
447
448 ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
449 if (ctx->tlsext_channel_id_private) {
450 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
451 ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private;
452 }
453
454 ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
455 ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
456
457 return ssl;
458
459 err:
460 SSL_free(ssl);
461 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
462
463 return NULL;
464 }
465
SSL_free(SSL * ssl)466 void SSL_free(SSL *ssl) {
467 if (ssl == NULL) {
468 return;
469 }
470
471 if (ssl->ctx != NULL) {
472 ssl->ctx->x509_method->ssl_free(ssl);
473 }
474
475 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
476
477 BIO_free_all(ssl->rbio);
478 BIO_free_all(ssl->wbio);
479
480 BUF_MEM_free(ssl->init_buf);
481
482 /* add extra stuff */
483 ssl_cipher_preference_list_free(ssl->cipher_list);
484
485 SSL_SESSION_free(ssl->session);
486
487 ssl_cert_free(ssl->cert);
488
489 OPENSSL_free(ssl->tlsext_hostname);
490 SSL_CTX_free(ssl->session_ctx);
491 OPENSSL_free(ssl->supported_group_list);
492 OPENSSL_free(ssl->alpn_client_proto_list);
493 EVP_PKEY_free(ssl->tlsext_channel_id_private);
494 OPENSSL_free(ssl->psk_identity_hint);
495 sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
496 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
497
498 if (ssl->method != NULL) {
499 ssl->method->ssl_free(ssl);
500 }
501 SSL_CTX_free(ssl->ctx);
502
503 OPENSSL_free(ssl);
504 }
505
SSL_set_connect_state(SSL * ssl)506 void SSL_set_connect_state(SSL *ssl) {
507 ssl->server = 0;
508 ssl->handshake_func = ssl3_connect;
509 }
510
SSL_set_accept_state(SSL * ssl)511 void SSL_set_accept_state(SSL *ssl) {
512 ssl->server = 1;
513 ssl->handshake_func = ssl3_accept;
514 }
515
SSL_set0_rbio(SSL * ssl,BIO * rbio)516 void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
517 BIO_free_all(ssl->rbio);
518 ssl->rbio = rbio;
519 }
520
SSL_set0_wbio(SSL * ssl,BIO * wbio)521 void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
522 BIO_free_all(ssl->wbio);
523 ssl->wbio = wbio;
524 }
525
SSL_set_bio(SSL * ssl,BIO * rbio,BIO * wbio)526 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
527 /* For historical reasons, this function has many different cases in ownership
528 * handling. */
529
530 /* If nothing has changed, do nothing */
531 if (rbio == SSL_get_rbio(ssl) && wbio == SSL_get_wbio(ssl)) {
532 return;
533 }
534
535 /* If the two arguments are equal, one fewer reference is granted than
536 * taken. */
537 if (rbio != NULL && rbio == wbio) {
538 BIO_up_ref(rbio);
539 }
540
541 /* If only the wbio is changed, adopt only one reference. */
542 if (rbio == SSL_get_rbio(ssl)) {
543 SSL_set0_wbio(ssl, wbio);
544 return;
545 }
546
547 /* There is an asymmetry here for historical reasons. If only the rbio is
548 * changed AND the rbio and wbio were originally different, then we only adopt
549 * one reference. */
550 if (wbio == SSL_get_wbio(ssl) && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
551 SSL_set0_rbio(ssl, rbio);
552 return;
553 }
554
555 /* Otherwise, adopt both references. */
556 SSL_set0_rbio(ssl, rbio);
557 SSL_set0_wbio(ssl, wbio);
558 }
559
SSL_get_rbio(const SSL * ssl)560 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
561
SSL_get_wbio(const SSL * ssl)562 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
563
ssl_reset_error_state(SSL * ssl)564 void ssl_reset_error_state(SSL *ssl) {
565 /* Functions which use |SSL_get_error| must reset I/O and error state on
566 * entry. */
567 ssl->rwstate = SSL_NOTHING;
568 ERR_clear_error();
569 ERR_clear_system_error();
570 }
571
SSL_do_handshake(SSL * ssl)572 int SSL_do_handshake(SSL *ssl) {
573 ssl_reset_error_state(ssl);
574
575 if (ssl->handshake_func == NULL) {
576 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
577 return -1;
578 }
579
580 if (!SSL_in_init(ssl)) {
581 return 1;
582 }
583
584 if (ssl->s3->hs == NULL) {
585 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
586 return -1;
587 }
588
589 /* Run the handshake. */
590 assert(ssl->s3->hs != NULL);
591 int ret = ssl->handshake_func(ssl->s3->hs);
592 if (ret <= 0) {
593 return ret;
594 }
595
596 /* Destroy the handshake object if the handshake has completely finished. */
597 if (!SSL_in_init(ssl)) {
598 ssl_handshake_free(ssl->s3->hs);
599 ssl->s3->hs = NULL;
600 }
601
602 return 1;
603 }
604
SSL_connect(SSL * ssl)605 int SSL_connect(SSL *ssl) {
606 if (ssl->handshake_func == NULL) {
607 /* Not properly initialized yet */
608 SSL_set_connect_state(ssl);
609 }
610
611 return SSL_do_handshake(ssl);
612 }
613
SSL_accept(SSL * ssl)614 int SSL_accept(SSL *ssl) {
615 if (ssl->handshake_func == NULL) {
616 /* Not properly initialized yet */
617 SSL_set_accept_state(ssl);
618 }
619
620 return SSL_do_handshake(ssl);
621 }
622
ssl_can_write(const SSL * ssl)623 int ssl_can_write(const SSL *ssl) {
624 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write;
625 }
626
ssl_can_read(const SSL * ssl)627 int ssl_can_read(const SSL *ssl) {
628 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read;
629 }
630
ssl_do_renegotiate(SSL * ssl)631 static int ssl_do_renegotiate(SSL *ssl) {
632 /* We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be
633 * removed entirely in the future and requires retaining more data for
634 * renegotiation_info. */
635 if (ssl->server || ssl->version == SSL3_VERSION) {
636 goto no_renegotiation;
637 }
638
639 if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_REQUEST ||
640 ssl->init_num != 0) {
641 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
642 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST);
643 return 0;
644 }
645
646 switch (ssl->renegotiate_mode) {
647 case ssl_renegotiate_ignore:
648 /* Ignore the HelloRequest. */
649 return 1;
650
651 case ssl_renegotiate_once:
652 if (ssl->s3->total_renegotiations != 0) {
653 goto no_renegotiation;
654 }
655 break;
656
657 case ssl_renegotiate_never:
658 goto no_renegotiation;
659
660 case ssl_renegotiate_freely:
661 break;
662 }
663
664 /* Renegotiation is only supported at quiescent points in the application
665 * protocol, namely in HTTPS, just before reading the HTTP response. Require
666 * the record-layer be idle and avoid complexities of sending a handshake
667 * record while an application_data record is being written. */
668 if (ssl_write_buffer_is_pending(ssl)) {
669 goto no_renegotiation;
670 }
671
672 /* Begin a new handshake. */
673 if (ssl->s3->hs != NULL) {
674 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
675 return 0;
676 }
677 ssl->s3->hs = ssl_handshake_new(ssl);
678 if (ssl->s3->hs == NULL) {
679 return 0;
680 }
681
682 ssl->s3->total_renegotiations++;
683 return 1;
684
685 no_renegotiation:
686 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
687 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
688 return 0;
689 }
690
ssl_do_post_handshake(SSL * ssl)691 static int ssl_do_post_handshake(SSL *ssl) {
692 if (ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
693 return ssl_do_renegotiate(ssl);
694 }
695
696 return tls13_post_handshake(ssl);
697 }
698
ssl_read_impl(SSL * ssl,void * buf,int num,int peek)699 static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
700 ssl_reset_error_state(ssl);
701
702 if (ssl->handshake_func == NULL) {
703 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
704 return -1;
705 }
706
707 for (;;) {
708 /* Complete the current handshake, if any. False Start will cause
709 * |SSL_do_handshake| to return mid-handshake, so this may require multiple
710 * iterations. */
711 while (!ssl_can_read(ssl)) {
712 int ret = SSL_do_handshake(ssl);
713 if (ret < 0) {
714 return ret;
715 }
716 if (ret == 0) {
717 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
718 return -1;
719 }
720 }
721
722 int got_handshake;
723 int ret = ssl->method->read_app_data(ssl, &got_handshake, (uint8_t *)buf,
724 num, peek);
725 if (ret > 0 || !got_handshake) {
726 ssl->s3->key_update_count = 0;
727 return ret;
728 }
729
730 /* If we received an interrupt in early read (the end_of_early_data alert),
731 * loop again for the handshake to process it. */
732 if (SSL_in_init(ssl)) {
733 continue;
734 }
735
736 /* Handle the post-handshake message and try again. */
737 if (!ssl_do_post_handshake(ssl)) {
738 return -1;
739 }
740 ssl->method->release_current_message(ssl, 1 /* free buffer */);
741 }
742 }
743
SSL_read(SSL * ssl,void * buf,int num)744 int SSL_read(SSL *ssl, void *buf, int num) {
745 return ssl_read_impl(ssl, buf, num, 0 /* consume bytes */);
746 }
747
SSL_peek(SSL * ssl,void * buf,int num)748 int SSL_peek(SSL *ssl, void *buf, int num) {
749 return ssl_read_impl(ssl, buf, num, 1 /* peek */);
750 }
751
SSL_write(SSL * ssl,const void * buf,int num)752 int SSL_write(SSL *ssl, const void *buf, int num) {
753 ssl_reset_error_state(ssl);
754
755 if (ssl->handshake_func == NULL) {
756 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
757 return -1;
758 }
759
760 if (ssl->s3->send_shutdown != ssl_shutdown_none) {
761 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
762 return -1;
763 }
764
765 int ret = 0, needs_handshake = 0;
766 do {
767 /* If necessary, complete the handshake implicitly. */
768 if (!ssl_can_write(ssl)) {
769 ret = SSL_do_handshake(ssl);
770 if (ret < 0) {
771 return ret;
772 }
773 if (ret == 0) {
774 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
775 return -1;
776 }
777 }
778
779 ret = ssl->method->write_app_data(ssl, &needs_handshake,
780 (const uint8_t *)buf, num);
781 } while (needs_handshake);
782 return ret;
783 }
784
SSL_shutdown(SSL * ssl)785 int SSL_shutdown(SSL *ssl) {
786 ssl_reset_error_state(ssl);
787
788 if (ssl->handshake_func == NULL) {
789 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
790 return -1;
791 }
792
793 /* If we are in the middle of a handshake, silently succeed. Consumers often
794 * call this function before |SSL_free|, whether the handshake succeeded or
795 * not. We assume the caller has already handled failed handshakes. */
796 if (SSL_in_init(ssl)) {
797 return 1;
798 }
799
800 if (ssl->quiet_shutdown) {
801 /* Do nothing if configured not to send a close_notify. */
802 ssl->s3->send_shutdown = ssl_shutdown_close_notify;
803 ssl->s3->recv_shutdown = ssl_shutdown_close_notify;
804 return 1;
805 }
806
807 /* This function completes in two stages. It sends a close_notify and then it
808 * waits for a close_notify to come in. Perform exactly one action and return
809 * whether or not it succeeds. */
810
811 if (ssl->s3->send_shutdown != ssl_shutdown_close_notify) {
812 /* Send a close_notify. */
813 if (ssl3_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
814 return -1;
815 }
816 } else if (ssl->s3->alert_dispatch) {
817 /* Finish sending the close_notify. */
818 if (ssl->method->dispatch_alert(ssl) <= 0) {
819 return -1;
820 }
821 } else if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) {
822 /* Wait for the peer's close_notify. */
823 ssl->method->read_close_notify(ssl);
824 if (ssl->s3->recv_shutdown != ssl_shutdown_close_notify) {
825 return -1;
826 }
827 }
828
829 /* Return 0 for unidirectional shutdown and 1 for bidirectional shutdown. */
830 return ssl->s3->recv_shutdown == ssl_shutdown_close_notify;
831 }
832
SSL_send_fatal_alert(SSL * ssl,uint8_t alert)833 int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
834 if (ssl->s3->alert_dispatch) {
835 if (ssl->s3->send_alert[0] != SSL3_AL_FATAL ||
836 ssl->s3->send_alert[1] != alert) {
837 /* We are already attempting to write a different alert. */
838 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
839 return -1;
840 }
841 return ssl->method->dispatch_alert(ssl);
842 }
843
844 return ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
845 }
846
SSL_CTX_set_early_data_enabled(SSL_CTX * ctx,int enabled)847 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
848 ctx->cert->enable_early_data = !!enabled;
849 }
850
SSL_CTX_set_tls13_variant(SSL_CTX * ctx,enum tls13_variant_t variant)851 void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) {
852 ctx->tls13_variant = variant;
853 }
854
SSL_set_tls13_variant(SSL * ssl,enum tls13_variant_t variant)855 void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
856 ssl->tls13_variant = variant;
857 }
858
SSL_set_early_data_enabled(SSL * ssl,int enabled)859 void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
860 ssl->cert->enable_early_data = !!enabled;
861 }
862
SSL_in_early_data(const SSL * ssl)863 int SSL_in_early_data(const SSL *ssl) {
864 if (ssl->s3->hs == NULL) {
865 return 0;
866 }
867 return ssl->s3->hs->in_early_data;
868 }
869
SSL_early_data_accepted(const SSL * ssl)870 int SSL_early_data_accepted(const SSL *ssl) {
871 return ssl->early_data_accepted;
872 }
873
SSL_reset_early_data_reject(SSL * ssl)874 void SSL_reset_early_data_reject(SSL *ssl) {
875 SSL_HANDSHAKE *hs = ssl->s3->hs;
876 if (hs == NULL ||
877 hs->wait != ssl_hs_early_data_rejected) {
878 abort();
879 }
880
881 hs->wait = ssl_hs_ok;
882 hs->in_early_data = 0;
883 SSL_SESSION_free(hs->early_session);
884 hs->early_session = NULL;
885
886 /* Discard any unfinished writes from the perspective of |SSL_write|'s
887 * retry. The handshake will transparently flush out the pending record
888 * (discarded by the server) to keep the framing correct. */
889 ssl->s3->wpend_pending = 0;
890 }
891
bio_retry_reason_to_error(int reason)892 static int bio_retry_reason_to_error(int reason) {
893 switch (reason) {
894 case BIO_RR_CONNECT:
895 return SSL_ERROR_WANT_CONNECT;
896 case BIO_RR_ACCEPT:
897 return SSL_ERROR_WANT_ACCEPT;
898 default:
899 return SSL_ERROR_SYSCALL;
900 }
901 }
902
SSL_get_error(const SSL * ssl,int ret_code)903 int SSL_get_error(const SSL *ssl, int ret_code) {
904 if (ret_code > 0) {
905 return SSL_ERROR_NONE;
906 }
907
908 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
909 * where we do encode the error */
910 uint32_t err = ERR_peek_error();
911 if (err != 0) {
912 if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
913 return SSL_ERROR_SYSCALL;
914 }
915 return SSL_ERROR_SSL;
916 }
917
918 if (ret_code == 0) {
919 if (ssl->s3->recv_shutdown == ssl_shutdown_close_notify) {
920 return SSL_ERROR_ZERO_RETURN;
921 }
922 /* An EOF was observed which violates the protocol, and the underlying
923 * transport does not participate in the error queue. Bubble up to the
924 * caller. */
925 return SSL_ERROR_SYSCALL;
926 }
927
928 switch (ssl->rwstate) {
929 case SSL_PENDING_SESSION:
930 return SSL_ERROR_PENDING_SESSION;
931
932 case SSL_CERTIFICATE_SELECTION_PENDING:
933 return SSL_ERROR_PENDING_CERTIFICATE;
934
935 case SSL_READING: {
936 BIO *bio = SSL_get_rbio(ssl);
937 if (BIO_should_read(bio)) {
938 return SSL_ERROR_WANT_READ;
939 }
940
941 if (BIO_should_write(bio)) {
942 /* TODO(davidben): OpenSSL historically checked for writes on the read
943 * BIO. Can this be removed? */
944 return SSL_ERROR_WANT_WRITE;
945 }
946
947 if (BIO_should_io_special(bio)) {
948 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
949 }
950
951 break;
952 }
953
954 case SSL_WRITING: {
955 BIO *bio = SSL_get_wbio(ssl);
956 if (BIO_should_write(bio)) {
957 return SSL_ERROR_WANT_WRITE;
958 }
959
960 if (BIO_should_read(bio)) {
961 /* TODO(davidben): OpenSSL historically checked for reads on the write
962 * BIO. Can this be removed? */
963 return SSL_ERROR_WANT_READ;
964 }
965
966 if (BIO_should_io_special(bio)) {
967 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
968 }
969
970 break;
971 }
972
973 case SSL_X509_LOOKUP:
974 return SSL_ERROR_WANT_X509_LOOKUP;
975
976 case SSL_CHANNEL_ID_LOOKUP:
977 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
978
979 case SSL_PRIVATE_KEY_OPERATION:
980 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
981
982 case SSL_PENDING_TICKET:
983 return SSL_ERROR_PENDING_TICKET;
984
985 case SSL_EARLY_DATA_REJECTED:
986 return SSL_ERROR_EARLY_DATA_REJECTED;
987 }
988
989 return SSL_ERROR_SYSCALL;
990 }
991
SSL_CTX_set_options(SSL_CTX * ctx,uint32_t options)992 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
993 ctx->options |= options;
994 return ctx->options;
995 }
996
SSL_CTX_clear_options(SSL_CTX * ctx,uint32_t options)997 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
998 ctx->options &= ~options;
999 return ctx->options;
1000 }
1001
SSL_CTX_get_options(const SSL_CTX * ctx)1002 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
1003
SSL_set_options(SSL * ssl,uint32_t options)1004 uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
1005 ssl->options |= options;
1006 return ssl->options;
1007 }
1008
SSL_clear_options(SSL * ssl,uint32_t options)1009 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
1010 ssl->options &= ~options;
1011 return ssl->options;
1012 }
1013
SSL_get_options(const SSL * ssl)1014 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
1015
SSL_CTX_set_mode(SSL_CTX * ctx,uint32_t mode)1016 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
1017 ctx->mode |= mode;
1018 return ctx->mode;
1019 }
1020
SSL_CTX_clear_mode(SSL_CTX * ctx,uint32_t mode)1021 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
1022 ctx->mode &= ~mode;
1023 return ctx->mode;
1024 }
1025
SSL_CTX_get_mode(const SSL_CTX * ctx)1026 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
1027
SSL_set_mode(SSL * ssl,uint32_t mode)1028 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
1029 ssl->mode |= mode;
1030 return ssl->mode;
1031 }
1032
SSL_clear_mode(SSL * ssl,uint32_t mode)1033 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
1034 ssl->mode &= ~mode;
1035 return ssl->mode;
1036 }
1037
SSL_get_mode(const SSL * ssl)1038 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
1039
SSL_CTX_set0_buffer_pool(SSL_CTX * ctx,CRYPTO_BUFFER_POOL * pool)1040 void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) {
1041 ctx->pool = pool;
1042 }
1043
SSL_get_tls_unique(const SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out)1044 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
1045 size_t max_out) {
1046 *out_len = 0;
1047 OPENSSL_memset(out, 0, max_out);
1048
1049 /* tls-unique is not defined for SSL 3.0 or TLS 1.3. */
1050 if (!ssl->s3->initial_handshake_complete ||
1051 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1052 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1053 return 0;
1054 }
1055
1056 /* The tls-unique value is the first Finished message in the handshake, which
1057 * is the client's in a full handshake and the server's for a resumption. See
1058 * https://tools.ietf.org/html/rfc5929#section-3.1. */
1059 const uint8_t *finished = ssl->s3->previous_client_finished;
1060 size_t finished_len = ssl->s3->previous_client_finished_len;
1061 if (ssl->session != NULL) {
1062 /* tls-unique is broken for resumed sessions unless EMS is used. */
1063 if (!ssl->session->extended_master_secret) {
1064 return 0;
1065 }
1066 finished = ssl->s3->previous_server_finished;
1067 finished_len = ssl->s3->previous_server_finished_len;
1068 }
1069
1070 *out_len = finished_len;
1071 if (finished_len > max_out) {
1072 *out_len = max_out;
1073 }
1074
1075 OPENSSL_memcpy(out, finished, *out_len);
1076 return 1;
1077 }
1078
set_session_id_context(CERT * cert,const uint8_t * sid_ctx,size_t sid_ctx_len)1079 static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
1080 size_t sid_ctx_len) {
1081 if (sid_ctx_len > sizeof(cert->sid_ctx)) {
1082 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1083 return 0;
1084 }
1085
1086 static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large");
1087 cert->sid_ctx_length = (uint8_t)sid_ctx_len;
1088 OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
1089 return 1;
1090 }
1091
SSL_CTX_set_session_id_context(SSL_CTX * ctx,const uint8_t * sid_ctx,size_t sid_ctx_len)1092 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
1093 size_t sid_ctx_len) {
1094 return set_session_id_context(ctx->cert, sid_ctx, sid_ctx_len);
1095 }
1096
SSL_set_session_id_context(SSL * ssl,const uint8_t * sid_ctx,size_t sid_ctx_len)1097 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
1098 size_t sid_ctx_len) {
1099 return set_session_id_context(ssl->cert, sid_ctx, sid_ctx_len);
1100 }
1101
SSL_get0_session_id_context(const SSL * ssl,size_t * out_len)1102 const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
1103 *out_len = ssl->cert->sid_ctx_length;
1104 return ssl->cert->sid_ctx;
1105 }
1106
ssl_cipher_preference_list_free(struct ssl_cipher_preference_list_st * cipher_list)1107 void ssl_cipher_preference_list_free(
1108 struct ssl_cipher_preference_list_st *cipher_list) {
1109 if (cipher_list == NULL) {
1110 return;
1111 }
1112 sk_SSL_CIPHER_free(cipher_list->ciphers);
1113 OPENSSL_free(cipher_list->in_group_flags);
1114 OPENSSL_free(cipher_list);
1115 }
1116
SSL_certs_clear(SSL * ssl)1117 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
1118
SSL_get_fd(const SSL * ssl)1119 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
1120
SSL_get_rfd(const SSL * ssl)1121 int SSL_get_rfd(const SSL *ssl) {
1122 int ret = -1;
1123 BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR);
1124 if (b != NULL) {
1125 BIO_get_fd(b, &ret);
1126 }
1127 return ret;
1128 }
1129
SSL_get_wfd(const SSL * ssl)1130 int SSL_get_wfd(const SSL *ssl) {
1131 int ret = -1;
1132 BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR);
1133 if (b != NULL) {
1134 BIO_get_fd(b, &ret);
1135 }
1136 return ret;
1137 }
1138
SSL_set_fd(SSL * ssl,int fd)1139 int SSL_set_fd(SSL *ssl, int fd) {
1140 BIO *bio = BIO_new(BIO_s_socket());
1141 if (bio == NULL) {
1142 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1143 return 0;
1144 }
1145 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1146 SSL_set_bio(ssl, bio, bio);
1147 return 1;
1148 }
1149
SSL_set_wfd(SSL * ssl,int fd)1150 int SSL_set_wfd(SSL *ssl, int fd) {
1151 BIO *rbio = SSL_get_rbio(ssl);
1152 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET ||
1153 BIO_get_fd(rbio, NULL) != fd) {
1154 BIO *bio = BIO_new(BIO_s_socket());
1155 if (bio == NULL) {
1156 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1157 return 0;
1158 }
1159 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1160 SSL_set0_wbio(ssl, bio);
1161 } else {
1162 /* Copy the rbio over to the wbio. */
1163 BIO_up_ref(rbio);
1164 SSL_set0_wbio(ssl, rbio);
1165 }
1166
1167 return 1;
1168 }
1169
SSL_set_rfd(SSL * ssl,int fd)1170 int SSL_set_rfd(SSL *ssl, int fd) {
1171 BIO *wbio = SSL_get_wbio(ssl);
1172 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET ||
1173 BIO_get_fd(wbio, NULL) != fd) {
1174 BIO *bio = BIO_new(BIO_s_socket());
1175 if (bio == NULL) {
1176 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1177 return 0;
1178 }
1179 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1180 SSL_set0_rbio(ssl, bio);
1181 } else {
1182 /* Copy the wbio over to the rbio. */
1183 BIO_up_ref(wbio);
1184 SSL_set0_rbio(ssl, wbio);
1185 }
1186 return 1;
1187 }
1188
copy_finished(void * out,size_t out_len,const uint8_t * in,size_t in_len)1189 static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
1190 size_t in_len) {
1191 if (out_len > in_len) {
1192 out_len = in_len;
1193 }
1194 OPENSSL_memcpy(out, in, out_len);
1195 return in_len;
1196 }
1197
SSL_get_finished(const SSL * ssl,void * buf,size_t count)1198 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1199 if (!ssl->s3->initial_handshake_complete ||
1200 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1201 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1202 return 0;
1203 }
1204
1205 if (ssl->server) {
1206 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1207 ssl->s3->previous_server_finished_len);
1208 }
1209
1210 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1211 ssl->s3->previous_client_finished_len);
1212 }
1213
SSL_get_peer_finished(const SSL * ssl,void * buf,size_t count)1214 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1215 if (!ssl->s3->initial_handshake_complete ||
1216 ssl3_protocol_version(ssl) < TLS1_VERSION ||
1217 ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1218 return 0;
1219 }
1220
1221 if (ssl->server) {
1222 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1223 ssl->s3->previous_client_finished_len);
1224 }
1225
1226 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1227 ssl->s3->previous_server_finished_len);
1228 }
1229
SSL_get_verify_mode(const SSL * ssl)1230 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
1231
SSL_get_extms_support(const SSL * ssl)1232 int SSL_get_extms_support(const SSL *ssl) {
1233 /* TLS 1.3 does not require extended master secret and always reports as
1234 * supporting it. */
1235 if (!ssl->s3->have_version) {
1236 return 0;
1237 }
1238 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
1239 return 1;
1240 }
1241
1242 /* If the initial handshake completed, query the established session. */
1243 if (ssl->s3->established_session != NULL) {
1244 return ssl->s3->established_session->extended_master_secret;
1245 }
1246
1247 /* Otherwise, query the in-progress handshake. */
1248 if (ssl->s3->hs != NULL) {
1249 return ssl->s3->hs->extended_master_secret;
1250 }
1251 assert(0);
1252 return 0;
1253 }
1254
SSL_CTX_get_read_ahead(const SSL_CTX * ctx)1255 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
1256
SSL_get_read_ahead(const SSL * ssl)1257 int SSL_get_read_ahead(const SSL *ssl) { return 0; }
1258
SSL_CTX_set_read_ahead(SSL_CTX * ctx,int yes)1259 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
1260
SSL_set_read_ahead(SSL * ssl,int yes)1261 void SSL_set_read_ahead(SSL *ssl, int yes) { }
1262
SSL_pending(const SSL * ssl)1263 int SSL_pending(const SSL *ssl) {
1264 if (ssl->s3->rrec.type != SSL3_RT_APPLICATION_DATA) {
1265 return 0;
1266 }
1267 return ssl->s3->rrec.length;
1268 }
1269
1270 /* Fix this so it checks all the valid key/cert options */
SSL_CTX_check_private_key(const SSL_CTX * ctx)1271 int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1272 return ssl_cert_check_private_key(ctx->cert, ctx->cert->privatekey);
1273 }
1274
1275 /* Fix this function so that it takes an optional type parameter */
SSL_check_private_key(const SSL * ssl)1276 int SSL_check_private_key(const SSL *ssl) {
1277 return ssl_cert_check_private_key(ssl->cert, ssl->cert->privatekey);
1278 }
1279
SSL_get_default_timeout(const SSL * ssl)1280 long SSL_get_default_timeout(const SSL *ssl) {
1281 return SSL_DEFAULT_SESSION_TIMEOUT;
1282 }
1283
SSL_renegotiate(SSL * ssl)1284 int SSL_renegotiate(SSL *ssl) {
1285 /* Caller-initiated renegotiation is not supported. */
1286 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1287 return 0;
1288 }
1289
SSL_renegotiate_pending(SSL * ssl)1290 int SSL_renegotiate_pending(SSL *ssl) {
1291 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
1292 }
1293
SSL_total_renegotiations(const SSL * ssl)1294 int SSL_total_renegotiations(const SSL *ssl) {
1295 return ssl->s3->total_renegotiations;
1296 }
1297
SSL_CTX_get_max_cert_list(const SSL_CTX * ctx)1298 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
1299 return ctx->max_cert_list;
1300 }
1301
SSL_CTX_set_max_cert_list(SSL_CTX * ctx,size_t max_cert_list)1302 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1303 if (max_cert_list > kMaxHandshakeSize) {
1304 max_cert_list = kMaxHandshakeSize;
1305 }
1306 ctx->max_cert_list = (uint32_t)max_cert_list;
1307 }
1308
SSL_get_max_cert_list(const SSL * ssl)1309 size_t SSL_get_max_cert_list(const SSL *ssl) {
1310 return ssl->max_cert_list;
1311 }
1312
SSL_set_max_cert_list(SSL * ssl,size_t max_cert_list)1313 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1314 if (max_cert_list > kMaxHandshakeSize) {
1315 max_cert_list = kMaxHandshakeSize;
1316 }
1317 ssl->max_cert_list = (uint32_t)max_cert_list;
1318 }
1319
SSL_CTX_set_max_send_fragment(SSL_CTX * ctx,size_t max_send_fragment)1320 int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
1321 if (max_send_fragment < 512) {
1322 max_send_fragment = 512;
1323 }
1324 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1325 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1326 }
1327 ctx->max_send_fragment = (uint16_t)max_send_fragment;
1328
1329 return 1;
1330 }
1331
SSL_set_max_send_fragment(SSL * ssl,size_t max_send_fragment)1332 int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
1333 if (max_send_fragment < 512) {
1334 max_send_fragment = 512;
1335 }
1336 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1337 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1338 }
1339 ssl->max_send_fragment = (uint16_t)max_send_fragment;
1340
1341 return 1;
1342 }
1343
SSL_set_mtu(SSL * ssl,unsigned mtu)1344 int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1345 if (!SSL_is_dtls(ssl) || mtu < dtls1_min_mtu()) {
1346 return 0;
1347 }
1348 ssl->d1->mtu = mtu;
1349 return 1;
1350 }
1351
SSL_get_secure_renegotiation_support(const SSL * ssl)1352 int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1353 if (!ssl->s3->have_version) {
1354 return 0;
1355 }
1356 return ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
1357 ssl->s3->send_connection_binding;
1358 }
1359
LHASH_OF(SSL_SESSION)1360 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) { return ctx->sessions; }
1361
SSL_CTX_sess_number(const SSL_CTX * ctx)1362 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
1363 return lh_SSL_SESSION_num_items(ctx->sessions);
1364 }
1365
SSL_CTX_sess_set_cache_size(SSL_CTX * ctx,unsigned long size)1366 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
1367 unsigned long ret = ctx->session_cache_size;
1368 ctx->session_cache_size = size;
1369 return ret;
1370 }
1371
SSL_CTX_sess_get_cache_size(const SSL_CTX * ctx)1372 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
1373 return ctx->session_cache_size;
1374 }
1375
SSL_CTX_set_session_cache_mode(SSL_CTX * ctx,int mode)1376 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
1377 int ret = ctx->session_cache_mode;
1378 ctx->session_cache_mode = mode;
1379 return ret;
1380 }
1381
SSL_CTX_get_session_cache_mode(const SSL_CTX * ctx)1382 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
1383 return ctx->session_cache_mode;
1384 }
1385
1386
SSL_CTX_get_tlsext_ticket_keys(SSL_CTX * ctx,void * out,size_t len)1387 int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) {
1388 if (out == NULL) {
1389 return 48;
1390 }
1391 if (len != 48) {
1392 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1393 return 0;
1394 }
1395 uint8_t *out_bytes = reinterpret_cast<uint8_t *>(out);
1396 OPENSSL_memcpy(out_bytes, ctx->tlsext_tick_key_name, 16);
1397 OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16);
1398 OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16);
1399 return 1;
1400 }
1401
SSL_CTX_set_tlsext_ticket_keys(SSL_CTX * ctx,const void * in,size_t len)1402 int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
1403 if (in == NULL) {
1404 return 48;
1405 }
1406 if (len != 48) {
1407 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1408 return 0;
1409 }
1410 const uint8_t *in_bytes = reinterpret_cast<const uint8_t *>(in);
1411 OPENSSL_memcpy(ctx->tlsext_tick_key_name, in_bytes, 16);
1412 OPENSSL_memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16);
1413 OPENSSL_memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16);
1414 return 1;
1415 }
1416
SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX * ctx,int (* callback)(SSL * ssl,uint8_t * key_name,uint8_t * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hmac_ctx,int encrypt))1417 int SSL_CTX_set_tlsext_ticket_key_cb(
1418 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1419 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
1420 int encrypt)) {
1421 ctx->tlsext_ticket_key_cb = callback;
1422 return 1;
1423 }
1424
SSL_CTX_set1_curves(SSL_CTX * ctx,const int * curves,size_t curves_len)1425 int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) {
1426 return tls1_set_curves(&ctx->supported_group_list,
1427 &ctx->supported_group_list_len, curves,
1428 curves_len);
1429 }
1430
SSL_set1_curves(SSL * ssl,const int * curves,size_t curves_len)1431 int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
1432 return tls1_set_curves(&ssl->supported_group_list,
1433 &ssl->supported_group_list_len, curves,
1434 curves_len);
1435 }
1436
SSL_CTX_set1_curves_list(SSL_CTX * ctx,const char * curves)1437 int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
1438 return tls1_set_curves_list(&ctx->supported_group_list,
1439 &ctx->supported_group_list_len, curves);
1440 }
1441
SSL_set1_curves_list(SSL * ssl,const char * curves)1442 int SSL_set1_curves_list(SSL *ssl, const char *curves) {
1443 return tls1_set_curves_list(&ssl->supported_group_list,
1444 &ssl->supported_group_list_len, curves);
1445 }
1446
SSL_get_curve_id(const SSL * ssl)1447 uint16_t SSL_get_curve_id(const SSL *ssl) {
1448 /* TODO(davidben): This checks the wrong session if there is a renegotiation in
1449 * progress. */
1450 SSL_SESSION *session = SSL_get_session(ssl);
1451 if (session == NULL) {
1452 return 0;
1453 }
1454
1455 return session->group_id;
1456 }
1457
SSL_CTX_set_tmp_dh(SSL_CTX * ctx,const DH * dh)1458 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
1459 return 1;
1460 }
1461
SSL_set_tmp_dh(SSL * ssl,const DH * dh)1462 int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
1463 return 1;
1464 }
1465
STACK_OF(SSL_CIPHER)1466 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
1467 return ctx->cipher_list->ciphers;
1468 }
1469
STACK_OF(SSL_CIPHER)1470 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
1471 if (ssl == NULL) {
1472 return NULL;
1473 }
1474
1475 const struct ssl_cipher_preference_list_st *prefs =
1476 ssl_get_cipher_preferences(ssl);
1477 if (prefs == NULL) {
1478 return NULL;
1479 }
1480
1481 return prefs->ciphers;
1482 }
1483
SSL_get_cipher_list(const SSL * ssl,int n)1484 const char *SSL_get_cipher_list(const SSL *ssl, int n) {
1485 if (ssl == NULL) {
1486 return NULL;
1487 }
1488
1489 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
1490 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
1491 return NULL;
1492 }
1493
1494 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, n);
1495 if (c == NULL) {
1496 return NULL;
1497 }
1498
1499 return c->name;
1500 }
1501
SSL_CTX_set_cipher_list(SSL_CTX * ctx,const char * str)1502 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
1503 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str,
1504 0 /* not strict */);
1505 }
1506
SSL_CTX_set_strict_cipher_list(SSL_CTX * ctx,const char * str)1507 int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) {
1508 return ssl_create_cipher_list(ctx->method, &ctx->cipher_list, str,
1509 1 /* strict */);
1510 }
1511
SSL_set_cipher_list(SSL * ssl,const char * str)1512 int SSL_set_cipher_list(SSL *ssl, const char *str) {
1513 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str,
1514 0 /* not strict */);
1515 }
1516
SSL_set_strict_cipher_list(SSL * ssl,const char * str)1517 int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
1518 return ssl_create_cipher_list(ssl->ctx->method, &ssl->cipher_list, str,
1519 1 /* strict */);
1520 }
1521
SSL_get_servername(const SSL * ssl,const int type)1522 const char *SSL_get_servername(const SSL *ssl, const int type) {
1523 if (type != TLSEXT_NAMETYPE_host_name) {
1524 return NULL;
1525 }
1526
1527 /* Historically, |SSL_get_servername| was also the configuration getter
1528 * corresponding to |SSL_set_tlsext_host_name|. */
1529 if (ssl->tlsext_hostname != NULL) {
1530 return ssl->tlsext_hostname;
1531 }
1532
1533 /* During the handshake, report the handshake value. */
1534 if (ssl->s3->hs != NULL) {
1535 return ssl->s3->hs->hostname;
1536 }
1537
1538 /* SSL_get_servername may also be called after the handshake to look up the
1539 * SNI value.
1540 *
1541 * TODO(davidben): This is almost unused. Can we remove it? */
1542 SSL_SESSION *session = SSL_get_session(ssl);
1543 if (session == NULL) {
1544 return NULL;
1545 }
1546 return session->tlsext_hostname;
1547 }
1548
SSL_get_servername_type(const SSL * ssl)1549 int SSL_get_servername_type(const SSL *ssl) {
1550 SSL_SESSION *session = SSL_get_session(ssl);
1551 if (session == NULL || session->tlsext_hostname == NULL) {
1552 return -1;
1553 }
1554 return TLSEXT_NAMETYPE_host_name;
1555 }
1556
SSL_CTX_enable_signed_cert_timestamps(SSL_CTX * ctx)1557 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1558 ctx->signed_cert_timestamps_enabled = 1;
1559 }
1560
SSL_CTX_i_promise_to_verify_certs_after_the_handshake(SSL_CTX * ctx)1561 void SSL_CTX_i_promise_to_verify_certs_after_the_handshake(SSL_CTX *ctx) {
1562 ctx->i_promise_to_verify_certs_after_the_handshake = 1;
1563 }
1564
SSL_enable_signed_cert_timestamps(SSL * ssl)1565 void SSL_enable_signed_cert_timestamps(SSL *ssl) {
1566 ssl->signed_cert_timestamps_enabled = 1;
1567 }
1568
SSL_CTX_enable_ocsp_stapling(SSL_CTX * ctx)1569 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1570 ctx->ocsp_stapling_enabled = 1;
1571 }
1572
SSL_enable_ocsp_stapling(SSL * ssl)1573 void SSL_enable_ocsp_stapling(SSL *ssl) {
1574 ssl->ocsp_stapling_enabled = 1;
1575 }
1576
SSL_get0_signed_cert_timestamp_list(const SSL * ssl,const uint8_t ** out,size_t * out_len)1577 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1578 size_t *out_len) {
1579 SSL_SESSION *session = SSL_get_session(ssl);
1580
1581 *out_len = 0;
1582 *out = NULL;
1583 if (ssl->server || !session || !session->tlsext_signed_cert_timestamp_list) {
1584 return;
1585 }
1586
1587 *out = session->tlsext_signed_cert_timestamp_list;
1588 *out_len = session->tlsext_signed_cert_timestamp_list_length;
1589 }
1590
SSL_get0_ocsp_response(const SSL * ssl,const uint8_t ** out,size_t * out_len)1591 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1592 size_t *out_len) {
1593 SSL_SESSION *session = SSL_get_session(ssl);
1594
1595 *out_len = 0;
1596 *out = NULL;
1597 if (ssl->server || !session || !session->ocsp_response) {
1598 return;
1599 }
1600 *out = session->ocsp_response;
1601 *out_len = session->ocsp_response_length;
1602 }
1603
SSL_set_tlsext_host_name(SSL * ssl,const char * name)1604 int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1605 OPENSSL_free(ssl->tlsext_hostname);
1606 ssl->tlsext_hostname = NULL;
1607
1608 if (name == NULL) {
1609 return 1;
1610 }
1611
1612 size_t len = strlen(name);
1613 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
1614 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1615 return 0;
1616 }
1617 ssl->tlsext_hostname = BUF_strdup(name);
1618 if (ssl->tlsext_hostname == NULL) {
1619 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1620 return 0;
1621 }
1622 return 1;
1623 }
1624
SSL_CTX_set_tlsext_servername_callback(SSL_CTX * ctx,int (* callback)(SSL * ssl,int * out_alert,void * arg))1625 int SSL_CTX_set_tlsext_servername_callback(
1626 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
1627 ctx->tlsext_servername_callback = callback;
1628 return 1;
1629 }
1630
SSL_CTX_set_tlsext_servername_arg(SSL_CTX * ctx,void * arg)1631 int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
1632 ctx->tlsext_servername_arg = arg;
1633 return 1;
1634 }
1635
SSL_select_next_proto(uint8_t ** out,uint8_t * out_len,const uint8_t * peer,unsigned peer_len,const uint8_t * supported,unsigned supported_len)1636 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer,
1637 unsigned peer_len, const uint8_t *supported,
1638 unsigned supported_len) {
1639 const uint8_t *result;
1640 int status;
1641
1642 /* For each protocol in peer preference order, see if we support it. */
1643 for (unsigned i = 0; i < peer_len;) {
1644 for (unsigned j = 0; j < supported_len;) {
1645 if (peer[i] == supported[j] &&
1646 OPENSSL_memcmp(&peer[i + 1], &supported[j + 1], peer[i]) == 0) {
1647 /* We found a match */
1648 result = &peer[i];
1649 status = OPENSSL_NPN_NEGOTIATED;
1650 goto found;
1651 }
1652 j += supported[j];
1653 j++;
1654 }
1655 i += peer[i];
1656 i++;
1657 }
1658
1659 /* There's no overlap between our protocols and the peer's list. */
1660 result = supported;
1661 status = OPENSSL_NPN_NO_OVERLAP;
1662
1663 found:
1664 *out = (uint8_t *)result + 1;
1665 *out_len = result[0];
1666 return status;
1667 }
1668
SSL_get0_next_proto_negotiated(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1669 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
1670 unsigned *out_len) {
1671 *out_data = ssl->s3->next_proto_negotiated;
1672 *out_len = ssl->s3->next_proto_negotiated_len;
1673 }
1674
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg),void * arg)1675 void SSL_CTX_set_next_protos_advertised_cb(
1676 SSL_CTX *ctx,
1677 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
1678 void *arg) {
1679 ctx->next_protos_advertised_cb = cb;
1680 ctx->next_protos_advertised_cb_arg = arg;
1681 }
1682
SSL_CTX_set_next_proto_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1683 void SSL_CTX_set_next_proto_select_cb(
1684 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
1685 const uint8_t *in, unsigned in_len, void *arg),
1686 void *arg) {
1687 ctx->next_proto_select_cb = cb;
1688 ctx->next_proto_select_cb_arg = arg;
1689 }
1690
SSL_CTX_set_alpn_protos(SSL_CTX * ctx,const uint8_t * protos,unsigned protos_len)1691 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
1692 unsigned protos_len) {
1693 OPENSSL_free(ctx->alpn_client_proto_list);
1694 ctx->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
1695 if (!ctx->alpn_client_proto_list) {
1696 return 1;
1697 }
1698 ctx->alpn_client_proto_list_len = protos_len;
1699
1700 return 0;
1701 }
1702
SSL_set_alpn_protos(SSL * ssl,const uint8_t * protos,unsigned protos_len)1703 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
1704 OPENSSL_free(ssl->alpn_client_proto_list);
1705 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
1706 if (!ssl->alpn_client_proto_list) {
1707 return 1;
1708 }
1709 ssl->alpn_client_proto_list_len = protos_len;
1710
1711 return 0;
1712 }
1713
SSL_CTX_set_alpn_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)1714 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
1715 int (*cb)(SSL *ssl, const uint8_t **out,
1716 uint8_t *out_len, const uint8_t *in,
1717 unsigned in_len, void *arg),
1718 void *arg) {
1719 ctx->alpn_select_cb = cb;
1720 ctx->alpn_select_cb_arg = arg;
1721 }
1722
SSL_get0_alpn_selected(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)1723 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
1724 unsigned *out_len) {
1725 if (SSL_in_early_data(ssl) && !ssl->server) {
1726 *out_data = ssl->s3->hs->early_session->early_alpn;
1727 *out_len = ssl->s3->hs->early_session->early_alpn_len;
1728 } else {
1729 *out_data = ssl->s3->alpn_selected;
1730 *out_len = ssl->s3->alpn_selected_len;
1731 }
1732 }
1733
SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX * ctx,int enabled)1734 void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
1735 ctx->allow_unknown_alpn_protos = !!enabled;
1736 }
1737
SSL_CTX_set_tls_channel_id_enabled(SSL_CTX * ctx,int enabled)1738 void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) {
1739 ctx->tlsext_channel_id_enabled = !!enabled;
1740 }
1741
SSL_CTX_enable_tls_channel_id(SSL_CTX * ctx)1742 int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
1743 SSL_CTX_set_tls_channel_id_enabled(ctx, 1);
1744 return 1;
1745 }
1746
SSL_set_tls_channel_id_enabled(SSL * ssl,int enabled)1747 void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) {
1748 ssl->tlsext_channel_id_enabled = !!enabled;
1749 }
1750
SSL_enable_tls_channel_id(SSL * ssl)1751 int SSL_enable_tls_channel_id(SSL *ssl) {
1752 SSL_set_tls_channel_id_enabled(ssl, 1);
1753 return 1;
1754 }
1755
is_p256_key(EVP_PKEY * private_key)1756 static int is_p256_key(EVP_PKEY *private_key) {
1757 const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
1758 return ec_key != NULL &&
1759 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
1760 NID_X9_62_prime256v1;
1761 }
1762
SSL_CTX_set1_tls_channel_id(SSL_CTX * ctx,EVP_PKEY * private_key)1763 int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
1764 if (!is_p256_key(private_key)) {
1765 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
1766 return 0;
1767 }
1768
1769 EVP_PKEY_free(ctx->tlsext_channel_id_private);
1770 EVP_PKEY_up_ref(private_key);
1771 ctx->tlsext_channel_id_private = private_key;
1772 ctx->tlsext_channel_id_enabled = 1;
1773
1774 return 1;
1775 }
1776
SSL_set1_tls_channel_id(SSL * ssl,EVP_PKEY * private_key)1777 int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
1778 if (!is_p256_key(private_key)) {
1779 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
1780 return 0;
1781 }
1782
1783 EVP_PKEY_free(ssl->tlsext_channel_id_private);
1784 EVP_PKEY_up_ref(private_key);
1785 ssl->tlsext_channel_id_private = private_key;
1786 ssl->tlsext_channel_id_enabled = 1;
1787
1788 return 1;
1789 }
1790
SSL_get_tls_channel_id(SSL * ssl,uint8_t * out,size_t max_out)1791 size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
1792 if (!ssl->s3->tlsext_channel_id_valid) {
1793 return 0;
1794 }
1795 OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
1796 (max_out < 64) ? max_out : 64);
1797 return 64;
1798 }
1799
SSL_get0_certificate_types(SSL * ssl,const uint8_t ** out_types)1800 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
1801 if (ssl->server || ssl->s3->hs == NULL) {
1802 *out_types = NULL;
1803 return 0;
1804 }
1805 *out_types = ssl->s3->hs->certificate_types;
1806 return ssl->s3->hs->num_certificate_types;
1807 }
1808
ssl_update_cache(SSL_HANDSHAKE * hs,int mode)1809 void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
1810 SSL *const ssl = hs->ssl;
1811 SSL_CTX *ctx = ssl->session_ctx;
1812 /* Never cache sessions with empty session IDs. */
1813 if (ssl->s3->established_session->session_id_length == 0 ||
1814 ssl->s3->established_session->not_resumable ||
1815 (ctx->session_cache_mode & mode) != mode) {
1816 return;
1817 }
1818
1819 /* Clients never use the internal session cache. */
1820 int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
1821 SSL_SESS_CACHE_NO_INTERNAL_STORE);
1822
1823 /* A client may see new sessions on abbreviated handshakes if the server
1824 * decides to renew the ticket. Once the handshake is completed, it should be
1825 * inserted into the cache. */
1826 if (ssl->s3->established_session != ssl->session ||
1827 (!ssl->server && hs->ticket_expected)) {
1828 if (use_internal_cache) {
1829 SSL_CTX_add_session(ctx, ssl->s3->established_session);
1830 }
1831 if (ctx->new_session_cb != NULL) {
1832 SSL_SESSION_up_ref(ssl->s3->established_session);
1833 if (!ctx->new_session_cb(ssl, ssl->s3->established_session)) {
1834 /* |new_session_cb|'s return value signals whether it took ownership. */
1835 SSL_SESSION_free(ssl->s3->established_session);
1836 }
1837 }
1838 }
1839
1840 if (use_internal_cache &&
1841 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
1842 /* Automatically flush the internal session cache every 255 connections. */
1843 int flush_cache = 0;
1844 CRYPTO_MUTEX_lock_write(&ctx->lock);
1845 ctx->handshakes_since_cache_flush++;
1846 if (ctx->handshakes_since_cache_flush >= 255) {
1847 flush_cache = 1;
1848 ctx->handshakes_since_cache_flush = 0;
1849 }
1850 CRYPTO_MUTEX_unlock_write(&ctx->lock);
1851
1852 if (flush_cache) {
1853 struct OPENSSL_timeval now;
1854 ssl_get_current_time(ssl, &now);
1855 SSL_CTX_flush_sessions(ctx, now.tv_sec);
1856 }
1857 }
1858 }
1859
SSL_get_privatekey(const SSL * ssl)1860 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
1861 if (ssl->cert != NULL) {
1862 return ssl->cert->privatekey;
1863 }
1864
1865 return NULL;
1866 }
1867
SSL_CTX_get0_privatekey(const SSL_CTX * ctx)1868 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
1869 if (ctx->cert != NULL) {
1870 return ctx->cert->privatekey;
1871 }
1872
1873 return NULL;
1874 }
1875
SSL_get_current_cipher(const SSL * ssl)1876 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
1877 if (ssl->s3->aead_write_ctx == NULL) {
1878 return NULL;
1879 }
1880 return ssl->s3->aead_write_ctx->cipher;
1881 }
1882
SSL_session_reused(const SSL * ssl)1883 int SSL_session_reused(const SSL *ssl) {
1884 return ssl->s3->session_reused || SSL_in_early_data(ssl);
1885 }
1886
SSL_get_current_compression(SSL * ssl)1887 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
1888
SSL_get_current_expansion(SSL * ssl)1889 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
1890
SSL_get_server_tmp_key(SSL * ssl,EVP_PKEY ** out_key)1891 int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; }
1892
SSL_CTX_set_quiet_shutdown(SSL_CTX * ctx,int mode)1893 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
1894 ctx->quiet_shutdown = (mode != 0);
1895 }
1896
SSL_CTX_get_quiet_shutdown(const SSL_CTX * ctx)1897 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
1898 return ctx->quiet_shutdown;
1899 }
1900
SSL_set_quiet_shutdown(SSL * ssl,int mode)1901 void SSL_set_quiet_shutdown(SSL *ssl, int mode) {
1902 ssl->quiet_shutdown = (mode != 0);
1903 }
1904
SSL_get_quiet_shutdown(const SSL * ssl)1905 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
1906
SSL_set_shutdown(SSL * ssl,int mode)1907 void SSL_set_shutdown(SSL *ssl, int mode) {
1908 /* It is an error to clear any bits that have already been set. (We can't try
1909 * to get a second close_notify or send two.) */
1910 assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
1911
1912 if (mode & SSL_RECEIVED_SHUTDOWN &&
1913 ssl->s3->recv_shutdown == ssl_shutdown_none) {
1914 ssl->s3->recv_shutdown = ssl_shutdown_close_notify;
1915 }
1916
1917 if (mode & SSL_SENT_SHUTDOWN &&
1918 ssl->s3->send_shutdown == ssl_shutdown_none) {
1919 ssl->s3->send_shutdown = ssl_shutdown_close_notify;
1920 }
1921 }
1922
SSL_get_shutdown(const SSL * ssl)1923 int SSL_get_shutdown(const SSL *ssl) {
1924 int ret = 0;
1925 if (ssl->s3->recv_shutdown != ssl_shutdown_none) {
1926 /* Historically, OpenSSL set |SSL_RECEIVED_SHUTDOWN| on both close_notify
1927 * and fatal alert. */
1928 ret |= SSL_RECEIVED_SHUTDOWN;
1929 }
1930 if (ssl->s3->send_shutdown == ssl_shutdown_close_notify) {
1931 /* Historically, OpenSSL set |SSL_SENT_SHUTDOWN| on only close_notify. */
1932 ret |= SSL_SENT_SHUTDOWN;
1933 }
1934 return ret;
1935 }
1936
SSL_get_SSL_CTX(const SSL * ssl)1937 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
1938
SSL_set_SSL_CTX(SSL * ssl,SSL_CTX * ctx)1939 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
1940 if (ssl->ctx == ctx) {
1941 return ssl->ctx;
1942 }
1943
1944 /* One cannot change the X.509 callbacks during a connection. */
1945 if (ssl->ctx->x509_method != ctx->x509_method) {
1946 assert(0);
1947 return NULL;
1948 }
1949
1950 if (ctx == NULL) {
1951 ctx = ssl->session_ctx;
1952 }
1953
1954 ssl_cert_free(ssl->cert);
1955 ssl->cert = ssl_cert_dup(ctx->cert);
1956
1957 SSL_CTX_up_ref(ctx);
1958 SSL_CTX_free(ssl->ctx);
1959 ssl->ctx = ctx;
1960
1961 return ssl->ctx;
1962 }
1963
SSL_set_info_callback(SSL * ssl,void (* cb)(const SSL * ssl,int type,int value))1964 void SSL_set_info_callback(SSL *ssl,
1965 void (*cb)(const SSL *ssl, int type, int value)) {
1966 ssl->info_callback = cb;
1967 }
1968
SSL_get_info_callback(const SSL * ssl)1969 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
1970 int value) {
1971 return ssl->info_callback;
1972 }
1973
SSL_state(const SSL * ssl)1974 int SSL_state(const SSL *ssl) {
1975 return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
1976 }
1977
SSL_set_state(SSL * ssl,int state)1978 void SSL_set_state(SSL *ssl, int state) { }
1979
SSL_get_shared_ciphers(const SSL * ssl,char * buf,int len)1980 char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
1981 if (len <= 0) {
1982 return NULL;
1983 }
1984 buf[0] = '\0';
1985 return buf;
1986 }
1987
SSL_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)1988 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
1989 CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
1990 int index;
1991 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
1992 free_func)) {
1993 return -1;
1994 }
1995 return index;
1996 }
1997
SSL_set_ex_data(SSL * ssl,int idx,void * arg)1998 int SSL_set_ex_data(SSL *ssl, int idx, void *arg) {
1999 return CRYPTO_set_ex_data(&ssl->ex_data, idx, arg);
2000 }
2001
SSL_get_ex_data(const SSL * ssl,int idx)2002 void *SSL_get_ex_data(const SSL *ssl, int idx) {
2003 return CRYPTO_get_ex_data(&ssl->ex_data, idx);
2004 }
2005
SSL_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)2006 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2007 CRYPTO_EX_dup *dup_unused,
2008 CRYPTO_EX_free *free_func) {
2009 int index;
2010 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
2011 free_func)) {
2012 return -1;
2013 }
2014 return index;
2015 }
2016
SSL_CTX_set_ex_data(SSL_CTX * ctx,int idx,void * arg)2017 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg) {
2018 return CRYPTO_set_ex_data(&ctx->ex_data, idx, arg);
2019 }
2020
SSL_CTX_get_ex_data(const SSL_CTX * ctx,int idx)2021 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) {
2022 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2023 }
2024
SSL_want(const SSL * ssl)2025 int SSL_want(const SSL *ssl) { return ssl->rwstate; }
2026
SSL_CTX_set_tmp_rsa_callback(SSL_CTX * ctx,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2027 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
2028 RSA *(*cb)(SSL *ssl, int is_export,
2029 int keylength)) {
2030 }
2031
SSL_set_tmp_rsa_callback(SSL * ssl,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2032 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2033 int keylength)) {
2034 }
2035
SSL_CTX_set_tmp_dh_callback(SSL_CTX * ctx,DH * (* callback)(SSL * ssl,int is_export,int keylength))2036 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2037 DH *(*callback)(SSL *ssl, int is_export,
2038 int keylength)) {
2039 }
2040
SSL_set_tmp_dh_callback(SSL * ssl,DH * (* callback)(SSL * ssl,int is_export,int keylength))2041 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*callback)(SSL *ssl, int is_export,
2042 int keylength)) {
2043 }
2044
use_psk_identity_hint(char ** out,const char * identity_hint)2045 static int use_psk_identity_hint(char **out, const char *identity_hint) {
2046 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2047 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2048 return 0;
2049 }
2050
2051 /* Clear currently configured hint, if any. */
2052 OPENSSL_free(*out);
2053 *out = NULL;
2054
2055 /* Treat the empty hint as not supplying one. Plain PSK makes it possible to
2056 * send either no hint (omit ServerKeyExchange) or an empty hint, while
2057 * ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
2058 * so we interpret empty and missing as identical. */
2059 if (identity_hint != NULL && identity_hint[0] != '\0') {
2060 *out = BUF_strdup(identity_hint);
2061 if (*out == NULL) {
2062 return 0;
2063 }
2064 }
2065
2066 return 1;
2067 }
2068
SSL_CTX_use_psk_identity_hint(SSL_CTX * ctx,const char * identity_hint)2069 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2070 return use_psk_identity_hint(&ctx->psk_identity_hint, identity_hint);
2071 }
2072
SSL_use_psk_identity_hint(SSL * ssl,const char * identity_hint)2073 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
2074 return use_psk_identity_hint(&ssl->psk_identity_hint, identity_hint);
2075 }
2076
SSL_get_psk_identity_hint(const SSL * ssl)2077 const char *SSL_get_psk_identity_hint(const SSL *ssl) {
2078 if (ssl == NULL) {
2079 return NULL;
2080 }
2081 return ssl->psk_identity_hint;
2082 }
2083
SSL_get_psk_identity(const SSL * ssl)2084 const char *SSL_get_psk_identity(const SSL *ssl) {
2085 if (ssl == NULL) {
2086 return NULL;
2087 }
2088 SSL_SESSION *session = SSL_get_session(ssl);
2089 if (session == NULL) {
2090 return NULL;
2091 }
2092 return session->psk_identity;
2093 }
2094
SSL_set_psk_client_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2095 void SSL_set_psk_client_callback(
2096 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2097 unsigned max_identity_len, uint8_t *psk,
2098 unsigned max_psk_len)) {
2099 ssl->psk_client_callback = cb;
2100 }
2101
SSL_CTX_set_psk_client_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2102 void SSL_CTX_set_psk_client_callback(
2103 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2104 unsigned max_identity_len, uint8_t *psk,
2105 unsigned max_psk_len)) {
2106 ctx->psk_client_callback = cb;
2107 }
2108
SSL_set_psk_server_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2109 void SSL_set_psk_server_callback(
2110 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2111 unsigned max_psk_len)) {
2112 ssl->psk_server_callback = cb;
2113 }
2114
SSL_CTX_set_psk_server_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2115 void SSL_CTX_set_psk_server_callback(
2116 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
2117 uint8_t *psk, unsigned max_psk_len)) {
2118 ctx->psk_server_callback = cb;
2119 }
2120
SSL_CTX_set_msg_callback(SSL_CTX * ctx,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2121 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2122 void (*cb)(int write_p, int version,
2123 int content_type, const void *buf,
2124 size_t len, SSL *ssl, void *arg)) {
2125 ctx->msg_callback = cb;
2126 }
2127
SSL_CTX_set_msg_callback_arg(SSL_CTX * ctx,void * arg)2128 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
2129 ctx->msg_callback_arg = arg;
2130 }
2131
SSL_set_msg_callback(SSL * ssl,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2132 void SSL_set_msg_callback(SSL *ssl,
2133 void (*cb)(int write_p, int version, int content_type,
2134 const void *buf, size_t len, SSL *ssl,
2135 void *arg)) {
2136 ssl->msg_callback = cb;
2137 }
2138
SSL_set_msg_callback_arg(SSL * ssl,void * arg)2139 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
2140 ssl->msg_callback_arg = arg;
2141 }
2142
SSL_CTX_set_keylog_callback(SSL_CTX * ctx,void (* cb)(const SSL * ssl,const char * line))2143 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
2144 void (*cb)(const SSL *ssl, const char *line)) {
2145 ctx->keylog_callback = cb;
2146 }
2147
SSL_CTX_get_keylog_callback(const SSL_CTX * ctx)2148 void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))(const SSL *ssl,
2149 const char *line) {
2150 return ctx->keylog_callback;
2151 }
2152
SSL_CTX_set_current_time_cb(SSL_CTX * ctx,void (* cb)(const SSL * ssl,struct timeval * out_clock))2153 void SSL_CTX_set_current_time_cb(SSL_CTX *ctx,
2154 void (*cb)(const SSL *ssl,
2155 struct timeval *out_clock)) {
2156 ctx->current_time_cb = cb;
2157 }
2158
cbb_add_hex(CBB * cbb,const uint8_t * in,size_t in_len)2159 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
2160 static const char hextable[] = "0123456789abcdef";
2161 uint8_t *out;
2162
2163 if (!CBB_add_space(cbb, &out, in_len * 2)) {
2164 return 0;
2165 }
2166
2167 for (size_t i = 0; i < in_len; i++) {
2168 *(out++) = (uint8_t)hextable[in[i] >> 4];
2169 *(out++) = (uint8_t)hextable[in[i] & 0xf];
2170 }
2171
2172 return 1;
2173 }
2174
ssl_log_secret(const SSL * ssl,const char * label,const uint8_t * secret,size_t secret_len)2175 int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
2176 size_t secret_len) {
2177 if (ssl->ctx->keylog_callback == NULL) {
2178 return 1;
2179 }
2180
2181 CBB cbb;
2182 uint8_t *out;
2183 size_t out_len;
2184 if (!CBB_init(&cbb, strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
2185 secret_len * 2 + 1) ||
2186 !CBB_add_bytes(&cbb, (const uint8_t *)label, strlen(label)) ||
2187 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2188 !cbb_add_hex(&cbb, ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
2189 !CBB_add_bytes(&cbb, (const uint8_t *)" ", 1) ||
2190 !cbb_add_hex(&cbb, secret, secret_len) ||
2191 !CBB_add_u8(&cbb, 0 /* NUL */) ||
2192 !CBB_finish(&cbb, &out, &out_len)) {
2193 CBB_cleanup(&cbb);
2194 return 0;
2195 }
2196
2197 ssl->ctx->keylog_callback(ssl, (const char *)out);
2198 OPENSSL_free(out);
2199 return 1;
2200 }
2201
SSL_is_init_finished(const SSL * ssl)2202 int SSL_is_init_finished(const SSL *ssl) {
2203 return !SSL_in_init(ssl);
2204 }
2205
SSL_in_init(const SSL * ssl)2206 int SSL_in_init(const SSL *ssl) {
2207 SSL_HANDSHAKE *hs = ssl->s3->hs;
2208 return hs != NULL && hs->state != SSL_ST_OK;
2209 }
2210
SSL_in_false_start(const SSL * ssl)2211 int SSL_in_false_start(const SSL *ssl) {
2212 if (ssl->s3->hs == NULL) {
2213 return 0;
2214 }
2215 return ssl->s3->hs->in_false_start;
2216 }
2217
SSL_cutthrough_complete(const SSL * ssl)2218 int SSL_cutthrough_complete(const SSL *ssl) {
2219 return SSL_in_false_start(ssl);
2220 }
2221
SSL_get_structure_sizes(size_t * ssl_size,size_t * ssl_ctx_size,size_t * ssl_session_size)2222 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2223 size_t *ssl_session_size) {
2224 *ssl_size = sizeof(SSL);
2225 *ssl_ctx_size = sizeof(SSL_CTX);
2226 *ssl_session_size = sizeof(SSL_SESSION);
2227 }
2228
ssl3_can_false_start(const SSL * ssl)2229 int ssl3_can_false_start(const SSL *ssl) {
2230 const SSL_CIPHER *const cipher = SSL_get_current_cipher(ssl);
2231
2232 /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
2233 return !SSL_is_dtls(ssl) &&
2234 SSL_version(ssl) == TLS1_2_VERSION &&
2235 (ssl->s3->alpn_selected != NULL ||
2236 ssl->s3->next_proto_negotiated != NULL) &&
2237 cipher != NULL &&
2238 cipher->algorithm_mkey == SSL_kECDHE &&
2239 cipher->algorithm_mac == SSL_AEAD;
2240 }
2241
SSL_is_server(const SSL * ssl)2242 int SSL_is_server(const SSL *ssl) { return ssl->server; }
2243
SSL_is_dtls(const SSL * ssl)2244 int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
2245
SSL_CTX_set_select_certificate_cb(SSL_CTX * ctx,enum ssl_select_cert_result_t (* cb)(const SSL_CLIENT_HELLO *))2246 void SSL_CTX_set_select_certificate_cb(
2247 SSL_CTX *ctx,
2248 enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
2249 ctx->select_certificate_cb = cb;
2250 }
2251
SSL_CTX_set_dos_protection_cb(SSL_CTX * ctx,int (* cb)(const SSL_CLIENT_HELLO *))2252 void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx,
2253 int (*cb)(const SSL_CLIENT_HELLO *)) {
2254 ctx->dos_protection_cb = cb;
2255 }
2256
SSL_set_renegotiate_mode(SSL * ssl,enum ssl_renegotiate_mode_t mode)2257 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2258 ssl->renegotiate_mode = mode;
2259 }
2260
SSL_get_ivs(const SSL * ssl,const uint8_t ** out_read_iv,const uint8_t ** out_write_iv,size_t * out_iv_len)2261 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2262 const uint8_t **out_write_iv, size_t *out_iv_len) {
2263 if (ssl->s3->aead_read_ctx == NULL || ssl->s3->aead_write_ctx == NULL) {
2264 return 0;
2265 }
2266
2267 size_t write_iv_len;
2268 if (!EVP_AEAD_CTX_get_iv(&ssl->s3->aead_read_ctx->ctx, out_read_iv,
2269 out_iv_len) ||
2270 !EVP_AEAD_CTX_get_iv(&ssl->s3->aead_write_ctx->ctx, out_write_iv,
2271 &write_iv_len) ||
2272 *out_iv_len != write_iv_len) {
2273 return 0;
2274 }
2275
2276 return 1;
2277 }
2278
be_to_u64(const uint8_t in[8])2279 static uint64_t be_to_u64(const uint8_t in[8]) {
2280 return (((uint64_t)in[0]) << 56) | (((uint64_t)in[1]) << 48) |
2281 (((uint64_t)in[2]) << 40) | (((uint64_t)in[3]) << 32) |
2282 (((uint64_t)in[4]) << 24) | (((uint64_t)in[5]) << 16) |
2283 (((uint64_t)in[6]) << 8) | ((uint64_t)in[7]);
2284 }
2285
SSL_get_read_sequence(const SSL * ssl)2286 uint64_t SSL_get_read_sequence(const SSL *ssl) {
2287 /* TODO(davidben): Internally represent sequence numbers as uint64_t. */
2288 if (SSL_is_dtls(ssl)) {
2289 /* max_seq_num already includes the epoch. */
2290 assert(ssl->d1->r_epoch == (ssl->d1->bitmap.max_seq_num >> 48));
2291 return ssl->d1->bitmap.max_seq_num;
2292 }
2293 return be_to_u64(ssl->s3->read_sequence);
2294 }
2295
SSL_get_write_sequence(const SSL * ssl)2296 uint64_t SSL_get_write_sequence(const SSL *ssl) {
2297 uint64_t ret = be_to_u64(ssl->s3->write_sequence);
2298 if (SSL_is_dtls(ssl)) {
2299 assert((ret >> 48) == 0);
2300 ret |= ((uint64_t)ssl->d1->w_epoch) << 48;
2301 }
2302 return ret;
2303 }
2304
SSL_get_peer_signature_algorithm(const SSL * ssl)2305 uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
2306 /* TODO(davidben): This checks the wrong session if there is a renegotiation
2307 * in progress. */
2308 SSL_SESSION *session = SSL_get_session(ssl);
2309 if (session == NULL) {
2310 return 0;
2311 }
2312
2313 return session->peer_signature_algorithm;
2314 }
2315
SSL_get_client_random(const SSL * ssl,uint8_t * out,size_t max_out)2316 size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2317 if (max_out == 0) {
2318 return sizeof(ssl->s3->client_random);
2319 }
2320 if (max_out > sizeof(ssl->s3->client_random)) {
2321 max_out = sizeof(ssl->s3->client_random);
2322 }
2323 OPENSSL_memcpy(out, ssl->s3->client_random, max_out);
2324 return max_out;
2325 }
2326
SSL_get_server_random(const SSL * ssl,uint8_t * out,size_t max_out)2327 size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2328 if (max_out == 0) {
2329 return sizeof(ssl->s3->server_random);
2330 }
2331 if (max_out > sizeof(ssl->s3->server_random)) {
2332 max_out = sizeof(ssl->s3->server_random);
2333 }
2334 OPENSSL_memcpy(out, ssl->s3->server_random, max_out);
2335 return max_out;
2336 }
2337
SSL_get_pending_cipher(const SSL * ssl)2338 const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
2339 SSL_HANDSHAKE *hs = ssl->s3->hs;
2340 if (hs == NULL) {
2341 return NULL;
2342 }
2343 return hs->new_cipher;
2344 }
2345
SSL_set_retain_only_sha256_of_client_certs(SSL * ssl,int enabled)2346 void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
2347 ssl->retain_only_sha256_of_client_certs = !!enabled;
2348 }
2349
SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX * ctx,int enabled)2350 void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) {
2351 ctx->retain_only_sha256_of_client_certs = !!enabled;
2352 }
2353
SSL_CTX_set_grease_enabled(SSL_CTX * ctx,int enabled)2354 void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) {
2355 ctx->grease_enabled = !!enabled;
2356 }
2357
SSL_get_ticket_age_skew(const SSL * ssl)2358 int32_t SSL_get_ticket_age_skew(const SSL *ssl) {
2359 return ssl->s3->ticket_age_skew;
2360 }
2361
SSL_clear(SSL * ssl)2362 int SSL_clear(SSL *ssl) {
2363 /* In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
2364 * established session to be offered the next time around. wpa_supplicant
2365 * depends on this behavior, so emulate it. */
2366 SSL_SESSION *session = NULL;
2367 if (!ssl->server && ssl->s3->established_session != NULL) {
2368 session = ssl->s3->established_session;
2369 SSL_SESSION_up_ref(session);
2370 }
2371
2372 /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and
2373 * |SSL_clear| because it is per-connection state rather than configuration
2374 * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is
2375 * naturally reset at the right points between |SSL_new|, |SSL_clear|, and
2376 * |ssl3_new|. */
2377
2378 ssl->rwstate = SSL_NOTHING;
2379
2380 BUF_MEM_free(ssl->init_buf);
2381 ssl->init_buf = NULL;
2382 ssl->init_msg = NULL;
2383 ssl->init_num = 0;
2384
2385 /* The ssl->d1->mtu is simultaneously configuration (preserved across
2386 * clear) and connection-specific state (gets reset).
2387 *
2388 * TODO(davidben): Avoid this. */
2389 unsigned mtu = 0;
2390 if (ssl->d1 != NULL) {
2391 mtu = ssl->d1->mtu;
2392 }
2393
2394 ssl->method->ssl_free(ssl);
2395 if (!ssl->method->ssl_new(ssl)) {
2396 SSL_SESSION_free(session);
2397 return 0;
2398 }
2399
2400 if (SSL_is_dtls(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
2401 ssl->d1->mtu = mtu;
2402 }
2403
2404 if (session != NULL) {
2405 SSL_set_session(ssl, session);
2406 SSL_SESSION_free(session);
2407 }
2408
2409 return 1;
2410 }
2411
ssl_do_info_callback(const SSL * ssl,int type,int value)2412 void ssl_do_info_callback(const SSL *ssl, int type, int value) {
2413 void (*cb)(const SSL *ssl, int type, int value) = NULL;
2414 if (ssl->info_callback != NULL) {
2415 cb = ssl->info_callback;
2416 } else if (ssl->ctx->info_callback != NULL) {
2417 cb = ssl->ctx->info_callback;
2418 }
2419
2420 if (cb != NULL) {
2421 cb(ssl, type, value);
2422 }
2423 }
2424
ssl_do_msg_callback(SSL * ssl,int is_write,int content_type,const void * buf,size_t len)2425 void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
2426 const void *buf, size_t len) {
2427 if (ssl->msg_callback == NULL) {
2428 return;
2429 }
2430
2431 /* |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for
2432 * a V2ClientHello. */
2433 int version;
2434 switch (content_type) {
2435 case 0:
2436 /* V2ClientHello */
2437 version = SSL2_VERSION;
2438 break;
2439 case SSL3_RT_HEADER:
2440 version = 0;
2441 break;
2442 default:
2443 version = SSL_version(ssl);
2444 }
2445
2446 ssl->msg_callback(is_write, version, content_type, buf, len, ssl,
2447 ssl->msg_callback_arg);
2448 }
2449
SSL_CTX_sess_connect(const SSL_CTX * ctx)2450 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_good(const SSL_CTX * ctx)2451 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_renegotiate(const SSL_CTX * ctx)2452 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept(const SSL_CTX * ctx)2453 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_renegotiate(const SSL_CTX * ctx)2454 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_good(const SSL_CTX * ctx)2455 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_hits(const SSL_CTX * ctx)2456 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cb_hits(const SSL_CTX * ctx)2457 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_misses(const SSL_CTX * ctx)2458 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_timeouts(const SSL_CTX * ctx)2459 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cache_full(const SSL_CTX * ctx)2460 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }
2461
SSL_num_renegotiations(const SSL * ssl)2462 int SSL_num_renegotiations(const SSL *ssl) {
2463 return SSL_total_renegotiations(ssl);
2464 }
2465
SSL_CTX_need_tmp_RSA(const SSL_CTX * ctx)2466 int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { return 0; }
SSL_need_tmp_RSA(const SSL * ssl)2467 int SSL_need_tmp_RSA(const SSL *ssl) { return 0; }
SSL_CTX_set_tmp_rsa(SSL_CTX * ctx,const RSA * rsa)2468 int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { return 1; }
SSL_set_tmp_rsa(SSL * ssl,const RSA * rsa)2469 int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { return 1; }
ERR_load_SSL_strings(void)2470 void ERR_load_SSL_strings(void) {}
SSL_load_error_strings(void)2471 void SSL_load_error_strings(void) {}
SSL_cache_hit(SSL * ssl)2472 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); }
2473
SSL_CTX_set_tmp_ecdh(SSL_CTX * ctx,const EC_KEY * ec_key)2474 int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {
2475 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2476 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2477 return 0;
2478 }
2479 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2480 return SSL_CTX_set1_curves(ctx, &nid, 1);
2481 }
2482
SSL_set_tmp_ecdh(SSL * ssl,const EC_KEY * ec_key)2483 int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
2484 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2485 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2486 return 0;
2487 }
2488 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2489 return SSL_set1_curves(ssl, &nid, 1);
2490 }
2491
ssl_get_current_time(const SSL * ssl,struct OPENSSL_timeval * out_clock)2492 void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) {
2493 if (ssl->ctx->current_time_cb != NULL) {
2494 /* TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
2495 * https://crbug.com/boringssl/155. */
2496 struct timeval clock;
2497 ssl->ctx->current_time_cb(ssl, &clock);
2498 if (clock.tv_sec < 0) {
2499 assert(0);
2500 out_clock->tv_sec = 0;
2501 out_clock->tv_usec = 0;
2502 } else {
2503 out_clock->tv_sec = (uint64_t)clock.tv_sec;
2504 out_clock->tv_usec = (uint32_t)clock.tv_usec;
2505 }
2506 return;
2507 }
2508
2509 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
2510 out_clock->tv_sec = 1234;
2511 out_clock->tv_usec = 1234;
2512 #elif defined(OPENSSL_WINDOWS)
2513 struct _timeb time;
2514 _ftime(&time);
2515 if (time.time < 0) {
2516 assert(0);
2517 out_clock->tv_sec = 0;
2518 out_clock->tv_usec = 0;
2519 } else {
2520 out_clock->tv_sec = time.time;
2521 out_clock->tv_usec = time.millitm * 1000;
2522 }
2523 #else
2524 struct timeval clock;
2525 gettimeofday(&clock, NULL);
2526 if (clock.tv_sec < 0) {
2527 assert(0);
2528 out_clock->tv_sec = 0;
2529 out_clock->tv_usec = 0;
2530 } else {
2531 out_clock->tv_sec = (uint64_t)clock.tv_sec;
2532 out_clock->tv_usec = (uint32_t)clock.tv_usec;
2533 }
2534 #endif
2535 }
2536
SSL_CTX_set_ticket_aead_method(SSL_CTX * ctx,const SSL_TICKET_AEAD_METHOD * aead_method)2537 void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
2538 const SSL_TICKET_AEAD_METHOD *aead_method) {
2539 ctx->ticket_aead_method = aead_method;
2540 }
2541