1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141 #include <openssl/ssl.h>
142
143 #include <assert.h>
144 #include <stdlib.h>
145 #include <string.h>
146
147 #include <openssl/bytestring.h>
148 #include <openssl/crypto.h>
149 #include <openssl/err.h>
150 #include <openssl/lhash.h>
151 #include <openssl/mem.h>
152 #include <openssl/rand.h>
153
154 #include "internal.h"
155 #include "../crypto/internal.h"
156
157 #if defined(OPENSSL_WINDOWS)
158 #include <sys/timeb.h>
159 #else
160 #include <sys/socket.h>
161 #include <sys/time.h>
162 #endif
163
164
165 namespace bssl {
166
167 // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
168 // to avoid downstream churn.
169 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
170
171 // The following errors are no longer emitted, but are used in nginx without
172 // #ifdefs.
173 OPENSSL_DECLARE_ERROR_REASON(SSL, BLOCK_CIPHER_PAD_IS_WRONG)
174 OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED)
175
176 // Some error codes are special. Ensure the make_errors.go script never
177 // regresses this.
178 static_assert(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==
179 SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET,
180 "alert reason code mismatch");
181
182 // kMaxHandshakeSize is the maximum size, in bytes, of a handshake message.
183 static const size_t kMaxHandshakeSize = (1u << 24) - 1;
184
185 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl =
186 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
187 static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx =
188 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
189
CBBFinishArray(CBB * cbb,Array<uint8_t> * out)190 bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out) {
191 uint8_t *ptr;
192 size_t len;
193 if (!CBB_finish(cbb, &ptr, &len)) {
194 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
195 return false;
196 }
197 out->Reset(ptr, len);
198 return true;
199 }
200
ssl_reset_error_state(SSL * ssl)201 void ssl_reset_error_state(SSL *ssl) {
202 // Functions which use |SSL_get_error| must reset I/O and error state on
203 // entry.
204 ssl->s3->rwstate = SSL_NOTHING;
205 ERR_clear_error();
206 ERR_clear_system_error();
207 }
208
ssl_set_read_error(SSL * ssl)209 void ssl_set_read_error(SSL* ssl) {
210 ssl->s3->read_shutdown = ssl_shutdown_error;
211 ssl->s3->read_error.reset(ERR_save_state());
212 }
213
check_read_error(const SSL * ssl)214 static bool check_read_error(const SSL *ssl) {
215 if (ssl->s3->read_shutdown == ssl_shutdown_error) {
216 ERR_restore_state(ssl->s3->read_error.get());
217 return false;
218 }
219 return true;
220 }
221
ssl_can_write(const SSL * ssl)222 int ssl_can_write(const SSL *ssl) {
223 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_write;
224 }
225
ssl_can_read(const SSL * ssl)226 int ssl_can_read(const SSL *ssl) {
227 return !SSL_in_init(ssl) || ssl->s3->hs->can_early_read;
228 }
229
ssl_open_handshake(SSL * ssl,size_t * out_consumed,uint8_t * out_alert,Span<uint8_t> in)230 ssl_open_record_t ssl_open_handshake(SSL *ssl, size_t *out_consumed,
231 uint8_t *out_alert, Span<uint8_t> in) {
232 *out_consumed = 0;
233 if (!check_read_error(ssl)) {
234 *out_alert = 0;
235 return ssl_open_record_error;
236 }
237 auto ret = ssl->method->open_handshake(ssl, out_consumed, out_alert, in);
238 if (ret == ssl_open_record_error) {
239 ssl_set_read_error(ssl);
240 }
241 return ret;
242 }
243
ssl_open_change_cipher_spec(SSL * ssl,size_t * out_consumed,uint8_t * out_alert,Span<uint8_t> in)244 ssl_open_record_t ssl_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
245 uint8_t *out_alert,
246 Span<uint8_t> in) {
247 *out_consumed = 0;
248 if (!check_read_error(ssl)) {
249 *out_alert = 0;
250 return ssl_open_record_error;
251 }
252 auto ret =
253 ssl->method->open_change_cipher_spec(ssl, out_consumed, out_alert, in);
254 if (ret == ssl_open_record_error) {
255 ssl_set_read_error(ssl);
256 }
257 return ret;
258 }
259
ssl_open_app_data(SSL * ssl,Span<uint8_t> * out,size_t * out_consumed,uint8_t * out_alert,Span<uint8_t> in)260 ssl_open_record_t ssl_open_app_data(SSL *ssl, Span<uint8_t> *out,
261 size_t *out_consumed, uint8_t *out_alert,
262 Span<uint8_t> in) {
263 *out_consumed = 0;
264 if (!check_read_error(ssl)) {
265 *out_alert = 0;
266 return ssl_open_record_error;
267 }
268 auto ret = ssl->method->open_app_data(ssl, out, out_consumed, out_alert, in);
269 if (ret == ssl_open_record_error) {
270 ssl_set_read_error(ssl);
271 }
272 return ret;
273 }
274
ssl_cipher_preference_list_free(struct ssl_cipher_preference_list_st * cipher_list)275 void ssl_cipher_preference_list_free(
276 struct ssl_cipher_preference_list_st *cipher_list) {
277 if (cipher_list == NULL) {
278 return;
279 }
280 sk_SSL_CIPHER_free(cipher_list->ciphers);
281 OPENSSL_free(cipher_list->in_group_flags);
282 OPENSSL_free(cipher_list);
283 }
284
ssl_update_cache(SSL_HANDSHAKE * hs,int mode)285 void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
286 SSL *const ssl = hs->ssl;
287 SSL_CTX *ctx = ssl->session_ctx;
288 // Never cache sessions with empty session IDs.
289 if (ssl->s3->established_session->session_id_length == 0 ||
290 ssl->s3->established_session->not_resumable ||
291 (ctx->session_cache_mode & mode) != mode) {
292 return;
293 }
294
295 // Clients never use the internal session cache.
296 int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
297 SSL_SESS_CACHE_NO_INTERNAL_STORE);
298
299 // A client may see new sessions on abbreviated handshakes if the server
300 // decides to renew the ticket. Once the handshake is completed, it should be
301 // inserted into the cache.
302 if (ssl->s3->established_session.get() != ssl->session ||
303 (!ssl->server && hs->ticket_expected)) {
304 if (use_internal_cache) {
305 SSL_CTX_add_session(ctx, ssl->s3->established_session.get());
306 }
307 if (ctx->new_session_cb != NULL) {
308 SSL_SESSION_up_ref(ssl->s3->established_session.get());
309 if (!ctx->new_session_cb(ssl, ssl->s3->established_session.get())) {
310 // |new_session_cb|'s return value signals whether it took ownership.
311 SSL_SESSION_free(ssl->s3->established_session.get());
312 }
313 }
314 }
315
316 if (use_internal_cache &&
317 !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
318 // Automatically flush the internal session cache every 255 connections.
319 int flush_cache = 0;
320 CRYPTO_MUTEX_lock_write(&ctx->lock);
321 ctx->handshakes_since_cache_flush++;
322 if (ctx->handshakes_since_cache_flush >= 255) {
323 flush_cache = 1;
324 ctx->handshakes_since_cache_flush = 0;
325 }
326 CRYPTO_MUTEX_unlock_write(&ctx->lock);
327
328 if (flush_cache) {
329 struct OPENSSL_timeval now;
330 ssl_get_current_time(ssl, &now);
331 SSL_CTX_flush_sessions(ctx, now.tv_sec);
332 }
333 }
334 }
335
cbb_add_hex(CBB * cbb,const uint8_t * in,size_t in_len)336 static int cbb_add_hex(CBB *cbb, const uint8_t *in, size_t in_len) {
337 static const char hextable[] = "0123456789abcdef";
338 uint8_t *out;
339
340 if (!CBB_add_space(cbb, &out, in_len * 2)) {
341 return 0;
342 }
343
344 for (size_t i = 0; i < in_len; i++) {
345 *(out++) = (uint8_t)hextable[in[i] >> 4];
346 *(out++) = (uint8_t)hextable[in[i] & 0xf];
347 }
348
349 return 1;
350 }
351
ssl_log_secret(const SSL * ssl,const char * label,const uint8_t * secret,size_t secret_len)352 int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
353 size_t secret_len) {
354 if (ssl->ctx->keylog_callback == NULL) {
355 return 1;
356 }
357
358 ScopedCBB cbb;
359 uint8_t *out;
360 size_t out_len;
361 if (!CBB_init(cbb.get(), strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
362 secret_len * 2 + 1) ||
363 !CBB_add_bytes(cbb.get(), (const uint8_t *)label, strlen(label)) ||
364 !CBB_add_bytes(cbb.get(), (const uint8_t *)" ", 1) ||
365 !cbb_add_hex(cbb.get(), ssl->s3->client_random, SSL3_RANDOM_SIZE) ||
366 !CBB_add_bytes(cbb.get(), (const uint8_t *)" ", 1) ||
367 !cbb_add_hex(cbb.get(), secret, secret_len) ||
368 !CBB_add_u8(cbb.get(), 0 /* NUL */) ||
369 !CBB_finish(cbb.get(), &out, &out_len)) {
370 return 0;
371 }
372
373 ssl->ctx->keylog_callback(ssl, (const char *)out);
374 OPENSSL_free(out);
375 return 1;
376 }
377
ssl_do_info_callback(const SSL * ssl,int type,int value)378 void ssl_do_info_callback(const SSL *ssl, int type, int value) {
379 void (*cb)(const SSL *ssl, int type, int value) = NULL;
380 if (ssl->info_callback != NULL) {
381 cb = ssl->info_callback;
382 } else if (ssl->ctx->info_callback != NULL) {
383 cb = ssl->ctx->info_callback;
384 }
385
386 if (cb != NULL) {
387 cb(ssl, type, value);
388 }
389 }
390
ssl_do_msg_callback(SSL * ssl,int is_write,int content_type,Span<const uint8_t> in)391 void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
392 Span<const uint8_t> in) {
393 if (ssl->msg_callback == NULL) {
394 return;
395 }
396
397 // |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for
398 // a V2ClientHello.
399 int version;
400 switch (content_type) {
401 case 0:
402 // V2ClientHello
403 version = SSL2_VERSION;
404 break;
405 case SSL3_RT_HEADER:
406 version = 0;
407 break;
408 default:
409 version = SSL_version(ssl);
410 }
411
412 ssl->msg_callback(is_write, version, content_type, in.data(), in.size(), ssl,
413 ssl->msg_callback_arg);
414 }
415
ssl_get_current_time(const SSL * ssl,struct OPENSSL_timeval * out_clock)416 void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock) {
417 // TODO(martinkr): Change callers to |ssl_ctx_get_current_time| and drop the
418 // |ssl| arg from |current_time_cb| if possible.
419 ssl_ctx_get_current_time(ssl->ctx, out_clock);
420 }
421
ssl_ctx_get_current_time(const SSL_CTX * ctx,struct OPENSSL_timeval * out_clock)422 void ssl_ctx_get_current_time(const SSL_CTX *ctx,
423 struct OPENSSL_timeval *out_clock) {
424 if (ctx->current_time_cb != NULL) {
425 // TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
426 // https://crbug.com/boringssl/155.
427 struct timeval clock;
428 ctx->current_time_cb(nullptr /* ssl */, &clock);
429 if (clock.tv_sec < 0) {
430 assert(0);
431 out_clock->tv_sec = 0;
432 out_clock->tv_usec = 0;
433 } else {
434 out_clock->tv_sec = (uint64_t)clock.tv_sec;
435 out_clock->tv_usec = (uint32_t)clock.tv_usec;
436 }
437 return;
438 }
439
440 #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
441 out_clock->tv_sec = 1234;
442 out_clock->tv_usec = 1234;
443 #elif defined(OPENSSL_WINDOWS)
444 struct _timeb time;
445 _ftime(&time);
446 if (time.time < 0) {
447 assert(0);
448 out_clock->tv_sec = 0;
449 out_clock->tv_usec = 0;
450 } else {
451 out_clock->tv_sec = time.time;
452 out_clock->tv_usec = time.millitm * 1000;
453 }
454 #else
455 struct timeval clock;
456 gettimeofday(&clock, NULL);
457 if (clock.tv_sec < 0) {
458 assert(0);
459 out_clock->tv_sec = 0;
460 out_clock->tv_usec = 0;
461 } else {
462 out_clock->tv_sec = (uint64_t)clock.tv_sec;
463 out_clock->tv_usec = (uint32_t)clock.tv_usec;
464 }
465 #endif
466 }
467
SSL_CTX_set_handoff_mode(SSL_CTX * ctx,bool on)468 void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
469 ctx->handoff = on;
470 }
471
472 } // namespace bssl
473
474 using namespace bssl;
475
SSL_library_init(void)476 int SSL_library_init(void) {
477 CRYPTO_library_init();
478 return 1;
479 }
480
OPENSSL_init_ssl(uint64_t opts,const OPENSSL_INIT_SETTINGS * settings)481 int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
482 CRYPTO_library_init();
483 return 1;
484 }
485
ssl_session_hash(const SSL_SESSION * sess)486 static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
487 const uint8_t *session_id = sess->session_id;
488
489 uint8_t tmp_storage[sizeof(uint32_t)];
490 if (sess->session_id_length < sizeof(tmp_storage)) {
491 OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage));
492 OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length);
493 session_id = tmp_storage;
494 }
495
496 uint32_t hash =
497 ((uint32_t)session_id[0]) |
498 ((uint32_t)session_id[1] << 8) |
499 ((uint32_t)session_id[2] << 16) |
500 ((uint32_t)session_id[3] << 24);
501
502 return hash;
503 }
504
505 // NB: If this function (or indeed the hash function which uses a sort of
506 // coarser function than this one) is changed, ensure
507 // SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
508 // able to construct an SSL_SESSION that will collide with any existing session
509 // with a matching session ID.
ssl_session_cmp(const SSL_SESSION * a,const SSL_SESSION * b)510 static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
511 if (a->ssl_version != b->ssl_version) {
512 return 1;
513 }
514
515 if (a->session_id_length != b->session_id_length) {
516 return 1;
517 }
518
519 return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
520 }
521
SSL_CTX_new(const SSL_METHOD * method)522 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
523 SSL_CTX *ret = NULL;
524
525 if (method == NULL) {
526 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_METHOD_PASSED);
527 return NULL;
528 }
529
530 ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
531 if (ret == NULL) {
532 goto err;
533 }
534
535 OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
536
537 ret->method = method->method;
538 ret->x509_method = method->x509_method;
539
540 CRYPTO_MUTEX_init(&ret->lock);
541
542 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
543 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
544
545 ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
546 ret->session_psk_dhe_timeout = SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT;
547
548 ret->references = 1;
549
550 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
551 ret->verify_mode = SSL_VERIFY_NONE;
552 ret->cert = ssl_cert_new(method->x509_method);
553 if (ret->cert == NULL) {
554 goto err;
555 }
556
557 ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
558 if (ret->sessions == NULL) {
559 goto err;
560 }
561
562 if (!ret->x509_method->ssl_ctx_new(ret)) {
563 goto err;
564 }
565
566 if (!SSL_CTX_set_strict_cipher_list(ret, SSL_DEFAULT_CIPHER_LIST)) {
567 goto err2;
568 }
569
570 ret->client_CA = sk_CRYPTO_BUFFER_new_null();
571 if (ret->client_CA == NULL) {
572 goto err;
573 }
574
575 CRYPTO_new_ex_data(&ret->ex_data);
576
577 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
578
579 // Disable the auto-chaining feature by default. Once this has stuck without
580 // problems, the feature will be removed entirely.
581 ret->mode = SSL_MODE_NO_AUTO_CHAIN;
582
583 // Lock the SSL_CTX to the specified version, for compatibility with legacy
584 // uses of SSL_METHOD, but we do not set the minimum version for
585 // |SSLv3_method|.
586 if (!SSL_CTX_set_max_proto_version(ret, method->version) ||
587 !SSL_CTX_set_min_proto_version(ret, method->version == SSL3_VERSION
588 ? 0 // default
589 : method->version)) {
590 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
591 goto err2;
592 }
593
594 return ret;
595
596 err:
597 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
598 err2:
599 SSL_CTX_free(ret);
600 return NULL;
601 }
602
SSL_CTX_up_ref(SSL_CTX * ctx)603 int SSL_CTX_up_ref(SSL_CTX *ctx) {
604 CRYPTO_refcount_inc(&ctx->references);
605 return 1;
606 }
607
SSL_CTX_free(SSL_CTX * ctx)608 void SSL_CTX_free(SSL_CTX *ctx) {
609 if (ctx == NULL ||
610 !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) {
611 return;
612 }
613
614 // Free internal session cache. However: the remove_cb() may reference the
615 // ex_data of SSL_CTX, thus the ex_data store can only be removed after the
616 // sessions were flushed. As the ex_data handling routines might also touch
617 // the session cache, the most secure solution seems to be: empty (flush) the
618 // cache, then free ex_data, then finally free the cache. (See ticket
619 // [openssl.org #212].)
620 SSL_CTX_flush_sessions(ctx, 0);
621
622 CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
623
624 CRYPTO_MUTEX_cleanup(&ctx->lock);
625 lh_SSL_SESSION_free(ctx->sessions);
626 ssl_cipher_preference_list_free(ctx->cipher_list);
627 ssl_cert_free(ctx->cert);
628 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->client_custom_extensions,
629 SSL_CUSTOM_EXTENSION_free);
630 sk_SSL_CUSTOM_EXTENSION_pop_free(ctx->server_custom_extensions,
631 SSL_CUSTOM_EXTENSION_free);
632 sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free);
633 ctx->x509_method->ssl_ctx_free(ctx);
634 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
635 OPENSSL_free(ctx->psk_identity_hint);
636 OPENSSL_free(ctx->supported_group_list);
637 OPENSSL_free(ctx->alpn_client_proto_list);
638 EVP_PKEY_free(ctx->tlsext_channel_id_private);
639 OPENSSL_free(ctx->verify_sigalgs);
640 OPENSSL_free(ctx->tlsext_ticket_key_current);
641 OPENSSL_free(ctx->tlsext_ticket_key_prev);
642
643 OPENSSL_free(ctx);
644 }
645
SSL_new(SSL_CTX * ctx)646 SSL *SSL_new(SSL_CTX *ctx) {
647 if (ctx == NULL) {
648 OPENSSL_PUT_ERROR(SSL, SSL_R_NULL_SSL_CTX);
649 return NULL;
650 }
651 if (ctx->method == NULL) {
652 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
653 return NULL;
654 }
655
656 SSL *ssl = (SSL *)OPENSSL_malloc(sizeof(SSL));
657 if (ssl == NULL) {
658 goto err;
659 }
660 OPENSSL_memset(ssl, 0, sizeof(SSL));
661
662 ssl->conf_min_version = ctx->conf_min_version;
663 ssl->conf_max_version = ctx->conf_max_version;
664 ssl->tls13_variant = ctx->tls13_variant;
665
666 // RFC 6347 states that implementations SHOULD use an initial timer value of
667 // 1 second.
668 ssl->initial_timeout_duration_ms = 1000;
669
670 ssl->options = ctx->options;
671 ssl->mode = ctx->mode;
672 ssl->max_cert_list = ctx->max_cert_list;
673
674 ssl->cert = ssl_cert_dup(ctx->cert);
675 if (ssl->cert == NULL) {
676 goto err;
677 }
678
679 ssl->msg_callback = ctx->msg_callback;
680 ssl->msg_callback_arg = ctx->msg_callback_arg;
681 ssl->verify_mode = ctx->verify_mode;
682 ssl->verify_callback = ctx->default_verify_callback;
683 ssl->custom_verify_callback = ctx->custom_verify_callback;
684 ssl->retain_only_sha256_of_client_certs =
685 ctx->retain_only_sha256_of_client_certs;
686
687 ssl->quiet_shutdown = ctx->quiet_shutdown;
688 ssl->max_send_fragment = ctx->max_send_fragment;
689
690 SSL_CTX_up_ref(ctx);
691 ssl->ctx = ctx;
692 SSL_CTX_up_ref(ctx);
693 ssl->session_ctx = ctx;
694
695 if (!ssl->ctx->x509_method->ssl_new(ssl)) {
696 goto err;
697 }
698
699 if (ctx->supported_group_list) {
700 ssl->supported_group_list = (uint16_t *)BUF_memdup(
701 ctx->supported_group_list, ctx->supported_group_list_len * 2);
702 if (!ssl->supported_group_list) {
703 goto err;
704 }
705 ssl->supported_group_list_len = ctx->supported_group_list_len;
706 }
707
708 if (ctx->alpn_client_proto_list) {
709 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(
710 ctx->alpn_client_proto_list, ctx->alpn_client_proto_list_len);
711 if (ssl->alpn_client_proto_list == NULL) {
712 goto err;
713 }
714 ssl->alpn_client_proto_list_len = ctx->alpn_client_proto_list_len;
715 }
716
717 ssl->method = ctx->method;
718
719 if (!ssl->method->ssl_new(ssl)) {
720 goto err;
721 }
722
723 CRYPTO_new_ex_data(&ssl->ex_data);
724
725 ssl->psk_identity_hint = NULL;
726 if (ctx->psk_identity_hint) {
727 ssl->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
728 if (ssl->psk_identity_hint == NULL) {
729 goto err;
730 }
731 }
732 ssl->psk_client_callback = ctx->psk_client_callback;
733 ssl->psk_server_callback = ctx->psk_server_callback;
734
735 ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
736 if (ctx->tlsext_channel_id_private) {
737 EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
738 ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private;
739 }
740
741 ssl->signed_cert_timestamps_enabled = ctx->signed_cert_timestamps_enabled;
742 ssl->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
743 ssl->handoff = ctx->handoff;
744
745 return ssl;
746
747 err:
748 SSL_free(ssl);
749 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
750
751 return NULL;
752 }
753
SSL_free(SSL * ssl)754 void SSL_free(SSL *ssl) {
755 if (ssl == NULL) {
756 return;
757 }
758
759 if (ssl->ctx != NULL) {
760 ssl->ctx->x509_method->ssl_free(ssl);
761 }
762
763 CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
764
765 BIO_free_all(ssl->rbio);
766 BIO_free_all(ssl->wbio);
767
768 // add extra stuff
769 ssl_cipher_preference_list_free(ssl->cipher_list);
770
771 SSL_SESSION_free(ssl->session);
772
773 ssl_cert_free(ssl->cert);
774
775 OPENSSL_free(ssl->tlsext_hostname);
776 SSL_CTX_free(ssl->session_ctx);
777 OPENSSL_free(ssl->supported_group_list);
778 OPENSSL_free(ssl->alpn_client_proto_list);
779 OPENSSL_free(ssl->token_binding_params);
780 OPENSSL_free(ssl->quic_transport_params);
781 EVP_PKEY_free(ssl->tlsext_channel_id_private);
782 OPENSSL_free(ssl->psk_identity_hint);
783 sk_CRYPTO_BUFFER_pop_free(ssl->client_CA, CRYPTO_BUFFER_free);
784 sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles);
785
786 if (ssl->method != NULL) {
787 ssl->method->ssl_free(ssl);
788 }
789 SSL_CTX_free(ssl->ctx);
790
791 OPENSSL_free(ssl);
792 }
793
SSL_set_connect_state(SSL * ssl)794 void SSL_set_connect_state(SSL *ssl) {
795 ssl->server = false;
796 ssl->do_handshake = ssl_client_handshake;
797 }
798
SSL_set_accept_state(SSL * ssl)799 void SSL_set_accept_state(SSL *ssl) {
800 ssl->server = true;
801 ssl->do_handshake = ssl_server_handshake;
802 }
803
SSL_set0_rbio(SSL * ssl,BIO * rbio)804 void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
805 BIO_free_all(ssl->rbio);
806 ssl->rbio = rbio;
807 }
808
SSL_set0_wbio(SSL * ssl,BIO * wbio)809 void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
810 BIO_free_all(ssl->wbio);
811 ssl->wbio = wbio;
812 }
813
SSL_set_bio(SSL * ssl,BIO * rbio,BIO * wbio)814 void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
815 // For historical reasons, this function has many different cases in ownership
816 // handling.
817
818 // If nothing has changed, do nothing
819 if (rbio == SSL_get_rbio(ssl) && wbio == SSL_get_wbio(ssl)) {
820 return;
821 }
822
823 // If the two arguments are equal, one fewer reference is granted than
824 // taken.
825 if (rbio != NULL && rbio == wbio) {
826 BIO_up_ref(rbio);
827 }
828
829 // If only the wbio is changed, adopt only one reference.
830 if (rbio == SSL_get_rbio(ssl)) {
831 SSL_set0_wbio(ssl, wbio);
832 return;
833 }
834
835 // There is an asymmetry here for historical reasons. If only the rbio is
836 // changed AND the rbio and wbio were originally different, then we only adopt
837 // one reference.
838 if (wbio == SSL_get_wbio(ssl) && SSL_get_rbio(ssl) != SSL_get_wbio(ssl)) {
839 SSL_set0_rbio(ssl, rbio);
840 return;
841 }
842
843 // Otherwise, adopt both references.
844 SSL_set0_rbio(ssl, rbio);
845 SSL_set0_wbio(ssl, wbio);
846 }
847
SSL_get_rbio(const SSL * ssl)848 BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
849
SSL_get_wbio(const SSL * ssl)850 BIO *SSL_get_wbio(const SSL *ssl) { return ssl->wbio; }
851
SSL_do_handshake(SSL * ssl)852 int SSL_do_handshake(SSL *ssl) {
853 ssl_reset_error_state(ssl);
854
855 if (ssl->do_handshake == NULL) {
856 OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
857 return -1;
858 }
859
860 if (!SSL_in_init(ssl)) {
861 return 1;
862 }
863
864 // Run the handshake.
865 SSL_HANDSHAKE *hs = ssl->s3->hs.get();
866
867 bool early_return = false;
868 int ret = ssl_run_handshake(hs, &early_return);
869 ssl_do_info_callback(
870 ssl, ssl->server ? SSL_CB_ACCEPT_EXIT : SSL_CB_CONNECT_EXIT, ret);
871 if (ret <= 0) {
872 return ret;
873 }
874
875 // Destroy the handshake object if the handshake has completely finished.
876 if (!early_return) {
877 ssl->s3->hs.reset();
878 }
879
880 return 1;
881 }
882
SSL_connect(SSL * ssl)883 int SSL_connect(SSL *ssl) {
884 if (ssl->do_handshake == NULL) {
885 // Not properly initialized yet
886 SSL_set_connect_state(ssl);
887 }
888
889 return SSL_do_handshake(ssl);
890 }
891
SSL_accept(SSL * ssl)892 int SSL_accept(SSL *ssl) {
893 if (ssl->do_handshake == NULL) {
894 // Not properly initialized yet
895 SSL_set_accept_state(ssl);
896 }
897
898 return SSL_do_handshake(ssl);
899 }
900
ssl_do_post_handshake(SSL * ssl,const SSLMessage & msg)901 static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
902 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
903 return tls13_post_handshake(ssl, msg);
904 }
905
906 // We do not accept renegotiations as a server or SSL 3.0. SSL 3.0 will be
907 // removed entirely in the future and requires retaining more data for
908 // renegotiation_info.
909 if (ssl->server || ssl->version == SSL3_VERSION) {
910 goto no_renegotiation;
911 }
912
913 if (msg.type != SSL3_MT_HELLO_REQUEST || CBS_len(&msg.body) != 0) {
914 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
915 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HELLO_REQUEST);
916 return 0;
917 }
918
919 switch (ssl->renegotiate_mode) {
920 case ssl_renegotiate_ignore:
921 // Ignore the HelloRequest.
922 return 1;
923
924 case ssl_renegotiate_once:
925 if (ssl->s3->total_renegotiations != 0) {
926 goto no_renegotiation;
927 }
928 break;
929
930 case ssl_renegotiate_never:
931 goto no_renegotiation;
932
933 case ssl_renegotiate_freely:
934 break;
935 }
936
937 // Renegotiation is only supported at quiescent points in the application
938 // protocol, namely in HTTPS, just before reading the HTTP response. Require
939 // the record-layer be idle and avoid complexities of sending a handshake
940 // record while an application_data record is being written.
941 if (!ssl->s3->write_buffer.empty() ||
942 ssl->s3->write_shutdown != ssl_shutdown_none) {
943 goto no_renegotiation;
944 }
945
946 // Begin a new handshake.
947 if (ssl->s3->hs != nullptr) {
948 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
949 return 0;
950 }
951 ssl->s3->hs = ssl_handshake_new(ssl);
952 if (ssl->s3->hs == nullptr) {
953 return 0;
954 }
955
956 ssl->s3->total_renegotiations++;
957 return 1;
958
959 no_renegotiation:
960 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
961 ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_NO_RENEGOTIATION);
962 return 0;
963 }
964
ssl_read_impl(SSL * ssl)965 static int ssl_read_impl(SSL *ssl) {
966 ssl_reset_error_state(ssl);
967
968 if (ssl->do_handshake == NULL) {
969 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
970 return -1;
971 }
972
973 // Replay post-handshake message errors.
974 if (!check_read_error(ssl)) {
975 return -1;
976 }
977
978 while (ssl->s3->pending_app_data.empty()) {
979 // Complete the current handshake, if any. False Start will cause
980 // |SSL_do_handshake| to return mid-handshake, so this may require multiple
981 // iterations.
982 while (!ssl_can_read(ssl)) {
983 int ret = SSL_do_handshake(ssl);
984 if (ret < 0) {
985 return ret;
986 }
987 if (ret == 0) {
988 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
989 return -1;
990 }
991 }
992
993 // Process any buffered post-handshake messages.
994 SSLMessage msg;
995 if (ssl->method->get_message(ssl, &msg)) {
996 // If we received an interrupt in early read (EndOfEarlyData), loop again
997 // for the handshake to process it.
998 if (SSL_in_init(ssl)) {
999 ssl->s3->hs->can_early_read = false;
1000 continue;
1001 }
1002
1003 // Handle the post-handshake message and try again.
1004 if (!ssl_do_post_handshake(ssl, msg)) {
1005 ssl_set_read_error(ssl);
1006 return -1;
1007 }
1008 ssl->method->next_message(ssl);
1009 continue; // Loop again. We may have begun a new handshake.
1010 }
1011
1012 uint8_t alert = SSL_AD_DECODE_ERROR;
1013 size_t consumed = 0;
1014 auto ret = ssl_open_app_data(ssl, &ssl->s3->pending_app_data, &consumed,
1015 &alert, ssl->s3->read_buffer.span());
1016 bool retry;
1017 int bio_ret = ssl_handle_open_record(ssl, &retry, ret, consumed, alert);
1018 if (bio_ret <= 0) {
1019 return bio_ret;
1020 }
1021 if (!retry) {
1022 assert(!ssl->s3->pending_app_data.empty());
1023 ssl->s3->key_update_count = 0;
1024 }
1025 }
1026
1027 return 1;
1028 }
1029
SSL_read(SSL * ssl,void * buf,int num)1030 int SSL_read(SSL *ssl, void *buf, int num) {
1031 int ret = SSL_peek(ssl, buf, num);
1032 if (ret <= 0) {
1033 return ret;
1034 }
1035 // TODO(davidben): In DTLS, should the rest of the record be discarded? DTLS
1036 // is not a stream. See https://crbug.com/boringssl/65.
1037 ssl->s3->pending_app_data =
1038 ssl->s3->pending_app_data.subspan(static_cast<size_t>(ret));
1039 if (ssl->s3->pending_app_data.empty()) {
1040 ssl->s3->read_buffer.DiscardConsumed();
1041 }
1042 return ret;
1043 }
1044
SSL_peek(SSL * ssl,void * buf,int num)1045 int SSL_peek(SSL *ssl, void *buf, int num) {
1046 int ret = ssl_read_impl(ssl);
1047 if (ret <= 0) {
1048 return ret;
1049 }
1050 if (num <= 0) {
1051 return num;
1052 }
1053 size_t todo =
1054 std::min(ssl->s3->pending_app_data.size(), static_cast<size_t>(num));
1055 OPENSSL_memcpy(buf, ssl->s3->pending_app_data.data(), todo);
1056 return static_cast<int>(todo);
1057 }
1058
SSL_write(SSL * ssl,const void * buf,int num)1059 int SSL_write(SSL *ssl, const void *buf, int num) {
1060 ssl_reset_error_state(ssl);
1061
1062 if (ssl->do_handshake == NULL) {
1063 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
1064 return -1;
1065 }
1066
1067 if (ssl->s3->write_shutdown != ssl_shutdown_none) {
1068 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
1069 return -1;
1070 }
1071
1072 int ret = 0;
1073 bool needs_handshake = false;
1074 do {
1075 // If necessary, complete the handshake implicitly.
1076 if (!ssl_can_write(ssl)) {
1077 ret = SSL_do_handshake(ssl);
1078 if (ret < 0) {
1079 return ret;
1080 }
1081 if (ret == 0) {
1082 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
1083 return -1;
1084 }
1085 }
1086
1087 ret = ssl->method->write_app_data(ssl, &needs_handshake,
1088 (const uint8_t *)buf, num);
1089 } while (needs_handshake);
1090 return ret;
1091 }
1092
SSL_shutdown(SSL * ssl)1093 int SSL_shutdown(SSL *ssl) {
1094 ssl_reset_error_state(ssl);
1095
1096 if (ssl->do_handshake == NULL) {
1097 OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
1098 return -1;
1099 }
1100
1101 // If we are in the middle of a handshake, silently succeed. Consumers often
1102 // call this function before |SSL_free|, whether the handshake succeeded or
1103 // not. We assume the caller has already handled failed handshakes.
1104 if (SSL_in_init(ssl)) {
1105 return 1;
1106 }
1107
1108 if (ssl->quiet_shutdown) {
1109 // Do nothing if configured not to send a close_notify.
1110 ssl->s3->write_shutdown = ssl_shutdown_close_notify;
1111 ssl->s3->read_shutdown = ssl_shutdown_close_notify;
1112 return 1;
1113 }
1114
1115 // This function completes in two stages. It sends a close_notify and then it
1116 // waits for a close_notify to come in. Perform exactly one action and return
1117 // whether or not it succeeds.
1118
1119 if (ssl->s3->write_shutdown != ssl_shutdown_close_notify) {
1120 // Send a close_notify.
1121 if (ssl_send_alert(ssl, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY) <= 0) {
1122 return -1;
1123 }
1124 } else if (ssl->s3->alert_dispatch) {
1125 // Finish sending the close_notify.
1126 if (ssl->method->dispatch_alert(ssl) <= 0) {
1127 return -1;
1128 }
1129 } else if (ssl->s3->read_shutdown != ssl_shutdown_close_notify) {
1130 if (SSL_is_dtls(ssl)) {
1131 // Bidirectional shutdown doesn't make sense for an unordered
1132 // transport. DTLS alerts also aren't delivered reliably, so we may even
1133 // time out because the peer never received our close_notify. Report to
1134 // the caller that the channel has fully shut down.
1135 if (ssl->s3->read_shutdown == ssl_shutdown_error) {
1136 ERR_restore_state(ssl->s3->read_error.get());
1137 return -1;
1138 }
1139 ssl->s3->read_shutdown = ssl_shutdown_close_notify;
1140 } else {
1141 // Keep discarding data until we see a close_notify.
1142 for (;;) {
1143 ssl->s3->pending_app_data = Span<uint8_t>();
1144 int ret = ssl_read_impl(ssl);
1145 if (ret <= 0) {
1146 break;
1147 }
1148 }
1149 if (ssl->s3->read_shutdown != ssl_shutdown_close_notify) {
1150 return -1;
1151 }
1152 }
1153 }
1154
1155 // Return 0 for unidirectional shutdown and 1 for bidirectional shutdown.
1156 return ssl->s3->read_shutdown == ssl_shutdown_close_notify;
1157 }
1158
SSL_send_fatal_alert(SSL * ssl,uint8_t alert)1159 int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
1160 if (ssl->s3->alert_dispatch) {
1161 if (ssl->s3->send_alert[0] != SSL3_AL_FATAL ||
1162 ssl->s3->send_alert[1] != alert) {
1163 // We are already attempting to write a different alert.
1164 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
1165 return -1;
1166 }
1167 return ssl->method->dispatch_alert(ssl);
1168 }
1169
1170 return ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1171 }
1172
SSL_set_quic_transport_params(SSL * ssl,const uint8_t * params,size_t params_len)1173 int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
1174 size_t params_len) {
1175 ssl->quic_transport_params = (uint8_t *)BUF_memdup(params, params_len);
1176 if (!ssl->quic_transport_params) {
1177 return 0;
1178 }
1179 ssl->quic_transport_params_len = params_len;
1180 return 1;
1181 }
1182
SSL_get_peer_quic_transport_params(const SSL * ssl,const uint8_t ** out_params,size_t * out_params_len)1183 void SSL_get_peer_quic_transport_params(const SSL *ssl,
1184 const uint8_t **out_params,
1185 size_t *out_params_len) {
1186 *out_params = ssl->s3->peer_quic_transport_params.data();
1187 *out_params_len = ssl->s3->peer_quic_transport_params.size();
1188 }
1189
SSL_CTX_set_early_data_enabled(SSL_CTX * ctx,int enabled)1190 void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
1191 ctx->cert->enable_early_data = !!enabled;
1192 }
1193
SSL_CTX_set_tls13_variant(SSL_CTX * ctx,enum tls13_variant_t variant)1194 void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) {
1195 ctx->tls13_variant = variant;
1196 }
1197
SSL_set_tls13_variant(SSL * ssl,enum tls13_variant_t variant)1198 void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
1199 ssl->tls13_variant = variant;
1200 }
1201
SSL_set_early_data_enabled(SSL * ssl,int enabled)1202 void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
1203 ssl->cert->enable_early_data = !!enabled;
1204 }
1205
SSL_in_early_data(const SSL * ssl)1206 int SSL_in_early_data(const SSL *ssl) {
1207 if (ssl->s3->hs == NULL) {
1208 return 0;
1209 }
1210 return ssl->s3->hs->in_early_data;
1211 }
1212
SSL_early_data_accepted(const SSL * ssl)1213 int SSL_early_data_accepted(const SSL *ssl) {
1214 return ssl->s3->early_data_accepted;
1215 }
1216
SSL_reset_early_data_reject(SSL * ssl)1217 void SSL_reset_early_data_reject(SSL *ssl) {
1218 SSL_HANDSHAKE *hs = ssl->s3->hs.get();
1219 if (hs == NULL ||
1220 hs->wait != ssl_hs_early_data_rejected) {
1221 abort();
1222 }
1223
1224 hs->wait = ssl_hs_ok;
1225 hs->in_early_data = false;
1226 hs->early_session.reset();
1227
1228 // Discard any unfinished writes from the perspective of |SSL_write|'s
1229 // retry. The handshake will transparently flush out the pending record
1230 // (discarded by the server) to keep the framing correct.
1231 ssl->s3->wpend_pending = false;
1232 }
1233
bio_retry_reason_to_error(int reason)1234 static int bio_retry_reason_to_error(int reason) {
1235 switch (reason) {
1236 case BIO_RR_CONNECT:
1237 return SSL_ERROR_WANT_CONNECT;
1238 case BIO_RR_ACCEPT:
1239 return SSL_ERROR_WANT_ACCEPT;
1240 default:
1241 return SSL_ERROR_SYSCALL;
1242 }
1243 }
1244
SSL_get_error(const SSL * ssl,int ret_code)1245 int SSL_get_error(const SSL *ssl, int ret_code) {
1246 if (ret_code > 0) {
1247 return SSL_ERROR_NONE;
1248 }
1249
1250 // Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
1251 // where we do encode the error
1252 uint32_t err = ERR_peek_error();
1253 if (err != 0) {
1254 if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
1255 return SSL_ERROR_SYSCALL;
1256 }
1257 return SSL_ERROR_SSL;
1258 }
1259
1260 if (ret_code == 0) {
1261 if (ssl->s3->read_shutdown == ssl_shutdown_close_notify) {
1262 return SSL_ERROR_ZERO_RETURN;
1263 }
1264 // An EOF was observed which violates the protocol, and the underlying
1265 // transport does not participate in the error queue. Bubble up to the
1266 // caller.
1267 return SSL_ERROR_SYSCALL;
1268 }
1269
1270 switch (ssl->s3->rwstate) {
1271 case SSL_PENDING_SESSION:
1272 return SSL_ERROR_PENDING_SESSION;
1273
1274 case SSL_CERTIFICATE_SELECTION_PENDING:
1275 return SSL_ERROR_PENDING_CERTIFICATE;
1276
1277 case SSL_HANDOFF:
1278 return SSL_ERROR_HANDOFF;
1279
1280 case SSL_READING: {
1281 BIO *bio = SSL_get_rbio(ssl);
1282 if (BIO_should_read(bio)) {
1283 return SSL_ERROR_WANT_READ;
1284 }
1285
1286 if (BIO_should_write(bio)) {
1287 // TODO(davidben): OpenSSL historically checked for writes on the read
1288 // BIO. Can this be removed?
1289 return SSL_ERROR_WANT_WRITE;
1290 }
1291
1292 if (BIO_should_io_special(bio)) {
1293 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
1294 }
1295
1296 break;
1297 }
1298
1299 case SSL_WRITING: {
1300 BIO *bio = SSL_get_wbio(ssl);
1301 if (BIO_should_write(bio)) {
1302 return SSL_ERROR_WANT_WRITE;
1303 }
1304
1305 if (BIO_should_read(bio)) {
1306 // TODO(davidben): OpenSSL historically checked for reads on the write
1307 // BIO. Can this be removed?
1308 return SSL_ERROR_WANT_READ;
1309 }
1310
1311 if (BIO_should_io_special(bio)) {
1312 return bio_retry_reason_to_error(BIO_get_retry_reason(bio));
1313 }
1314
1315 break;
1316 }
1317
1318 case SSL_X509_LOOKUP:
1319 return SSL_ERROR_WANT_X509_LOOKUP;
1320
1321 case SSL_CHANNEL_ID_LOOKUP:
1322 return SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
1323
1324 case SSL_PRIVATE_KEY_OPERATION:
1325 return SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
1326
1327 case SSL_PENDING_TICKET:
1328 return SSL_ERROR_PENDING_TICKET;
1329
1330 case SSL_EARLY_DATA_REJECTED:
1331 return SSL_ERROR_EARLY_DATA_REJECTED;
1332
1333 case SSL_CERTIFICATE_VERIFY:
1334 return SSL_ERROR_WANT_CERTIFICATE_VERIFY;
1335 }
1336
1337 return SSL_ERROR_SYSCALL;
1338 }
1339
SSL_CTX_set_options(SSL_CTX * ctx,uint32_t options)1340 uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
1341 ctx->options |= options;
1342 return ctx->options;
1343 }
1344
SSL_CTX_clear_options(SSL_CTX * ctx,uint32_t options)1345 uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options) {
1346 ctx->options &= ~options;
1347 return ctx->options;
1348 }
1349
SSL_CTX_get_options(const SSL_CTX * ctx)1350 uint32_t SSL_CTX_get_options(const SSL_CTX *ctx) { return ctx->options; }
1351
SSL_set_options(SSL * ssl,uint32_t options)1352 uint32_t SSL_set_options(SSL *ssl, uint32_t options) {
1353 ssl->options |= options;
1354 return ssl->options;
1355 }
1356
SSL_clear_options(SSL * ssl,uint32_t options)1357 uint32_t SSL_clear_options(SSL *ssl, uint32_t options) {
1358 ssl->options &= ~options;
1359 return ssl->options;
1360 }
1361
SSL_get_options(const SSL * ssl)1362 uint32_t SSL_get_options(const SSL *ssl) { return ssl->options; }
1363
SSL_CTX_set_mode(SSL_CTX * ctx,uint32_t mode)1364 uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode) {
1365 ctx->mode |= mode;
1366 return ctx->mode;
1367 }
1368
SSL_CTX_clear_mode(SSL_CTX * ctx,uint32_t mode)1369 uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode) {
1370 ctx->mode &= ~mode;
1371 return ctx->mode;
1372 }
1373
SSL_CTX_get_mode(const SSL_CTX * ctx)1374 uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx) { return ctx->mode; }
1375
SSL_set_mode(SSL * ssl,uint32_t mode)1376 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
1377 ssl->mode |= mode;
1378 return ssl->mode;
1379 }
1380
SSL_clear_mode(SSL * ssl,uint32_t mode)1381 uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode) {
1382 ssl->mode &= ~mode;
1383 return ssl->mode;
1384 }
1385
SSL_get_mode(const SSL * ssl)1386 uint32_t SSL_get_mode(const SSL *ssl) { return ssl->mode; }
1387
SSL_CTX_set0_buffer_pool(SSL_CTX * ctx,CRYPTO_BUFFER_POOL * pool)1388 void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) {
1389 ctx->pool = pool;
1390 }
1391
SSL_get_tls_unique(const SSL * ssl,uint8_t * out,size_t * out_len,size_t max_out)1392 int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
1393 size_t max_out) {
1394 *out_len = 0;
1395 OPENSSL_memset(out, 0, max_out);
1396
1397 // tls-unique is not defined for SSL 3.0 or TLS 1.3.
1398 if (!ssl->s3->initial_handshake_complete ||
1399 ssl_protocol_version(ssl) < TLS1_VERSION ||
1400 ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1401 return 0;
1402 }
1403
1404 // The tls-unique value is the first Finished message in the handshake, which
1405 // is the client's in a full handshake and the server's for a resumption. See
1406 // https://tools.ietf.org/html/rfc5929#section-3.1.
1407 const uint8_t *finished = ssl->s3->previous_client_finished;
1408 size_t finished_len = ssl->s3->previous_client_finished_len;
1409 if (ssl->session != NULL) {
1410 // tls-unique is broken for resumed sessions unless EMS is used.
1411 if (!ssl->session->extended_master_secret) {
1412 return 0;
1413 }
1414 finished = ssl->s3->previous_server_finished;
1415 finished_len = ssl->s3->previous_server_finished_len;
1416 }
1417
1418 *out_len = finished_len;
1419 if (finished_len > max_out) {
1420 *out_len = max_out;
1421 }
1422
1423 OPENSSL_memcpy(out, finished, *out_len);
1424 return 1;
1425 }
1426
set_session_id_context(CERT * cert,const uint8_t * sid_ctx,size_t sid_ctx_len)1427 static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
1428 size_t sid_ctx_len) {
1429 if (sid_ctx_len > sizeof(cert->sid_ctx)) {
1430 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
1431 return 0;
1432 }
1433
1434 static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large");
1435 cert->sid_ctx_length = (uint8_t)sid_ctx_len;
1436 OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
1437 return 1;
1438 }
1439
SSL_CTX_set_session_id_context(SSL_CTX * ctx,const uint8_t * sid_ctx,size_t sid_ctx_len)1440 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx,
1441 size_t sid_ctx_len) {
1442 return set_session_id_context(ctx->cert, sid_ctx, sid_ctx_len);
1443 }
1444
SSL_set_session_id_context(SSL * ssl,const uint8_t * sid_ctx,size_t sid_ctx_len)1445 int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
1446 size_t sid_ctx_len) {
1447 return set_session_id_context(ssl->cert, sid_ctx, sid_ctx_len);
1448 }
1449
SSL_get0_session_id_context(const SSL * ssl,size_t * out_len)1450 const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
1451 *out_len = ssl->cert->sid_ctx_length;
1452 return ssl->cert->sid_ctx;
1453 }
1454
SSL_certs_clear(SSL * ssl)1455 void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); }
1456
SSL_get_fd(const SSL * ssl)1457 int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
1458
SSL_get_rfd(const SSL * ssl)1459 int SSL_get_rfd(const SSL *ssl) {
1460 int ret = -1;
1461 BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR);
1462 if (b != NULL) {
1463 BIO_get_fd(b, &ret);
1464 }
1465 return ret;
1466 }
1467
SSL_get_wfd(const SSL * ssl)1468 int SSL_get_wfd(const SSL *ssl) {
1469 int ret = -1;
1470 BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR);
1471 if (b != NULL) {
1472 BIO_get_fd(b, &ret);
1473 }
1474 return ret;
1475 }
1476
SSL_set_fd(SSL * ssl,int fd)1477 int SSL_set_fd(SSL *ssl, int fd) {
1478 BIO *bio = BIO_new(BIO_s_socket());
1479 if (bio == NULL) {
1480 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1481 return 0;
1482 }
1483 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1484 SSL_set_bio(ssl, bio, bio);
1485 return 1;
1486 }
1487
SSL_set_wfd(SSL * ssl,int fd)1488 int SSL_set_wfd(SSL *ssl, int fd) {
1489 BIO *rbio = SSL_get_rbio(ssl);
1490 if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET ||
1491 BIO_get_fd(rbio, NULL) != fd) {
1492 BIO *bio = BIO_new(BIO_s_socket());
1493 if (bio == NULL) {
1494 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1495 return 0;
1496 }
1497 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1498 SSL_set0_wbio(ssl, bio);
1499 } else {
1500 // Copy the rbio over to the wbio.
1501 BIO_up_ref(rbio);
1502 SSL_set0_wbio(ssl, rbio);
1503 }
1504
1505 return 1;
1506 }
1507
SSL_set_rfd(SSL * ssl,int fd)1508 int SSL_set_rfd(SSL *ssl, int fd) {
1509 BIO *wbio = SSL_get_wbio(ssl);
1510 if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET ||
1511 BIO_get_fd(wbio, NULL) != fd) {
1512 BIO *bio = BIO_new(BIO_s_socket());
1513 if (bio == NULL) {
1514 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
1515 return 0;
1516 }
1517 BIO_set_fd(bio, fd, BIO_NOCLOSE);
1518 SSL_set0_rbio(ssl, bio);
1519 } else {
1520 // Copy the wbio over to the rbio.
1521 BIO_up_ref(wbio);
1522 SSL_set0_rbio(ssl, wbio);
1523 }
1524 return 1;
1525 }
1526
copy_finished(void * out,size_t out_len,const uint8_t * in,size_t in_len)1527 static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
1528 size_t in_len) {
1529 if (out_len > in_len) {
1530 out_len = in_len;
1531 }
1532 OPENSSL_memcpy(out, in, out_len);
1533 return in_len;
1534 }
1535
SSL_get_finished(const SSL * ssl,void * buf,size_t count)1536 size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
1537 if (!ssl->s3->initial_handshake_complete ||
1538 ssl_protocol_version(ssl) < TLS1_VERSION ||
1539 ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1540 return 0;
1541 }
1542
1543 if (ssl->server) {
1544 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1545 ssl->s3->previous_server_finished_len);
1546 }
1547
1548 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1549 ssl->s3->previous_client_finished_len);
1550 }
1551
SSL_get_peer_finished(const SSL * ssl,void * buf,size_t count)1552 size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
1553 if (!ssl->s3->initial_handshake_complete ||
1554 ssl_protocol_version(ssl) < TLS1_VERSION ||
1555 ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1556 return 0;
1557 }
1558
1559 if (ssl->server) {
1560 return copy_finished(buf, count, ssl->s3->previous_client_finished,
1561 ssl->s3->previous_client_finished_len);
1562 }
1563
1564 return copy_finished(buf, count, ssl->s3->previous_server_finished,
1565 ssl->s3->previous_server_finished_len);
1566 }
1567
SSL_get_verify_mode(const SSL * ssl)1568 int SSL_get_verify_mode(const SSL *ssl) { return ssl->verify_mode; }
1569
SSL_get_extms_support(const SSL * ssl)1570 int SSL_get_extms_support(const SSL *ssl) {
1571 // TLS 1.3 does not require extended master secret and always reports as
1572 // supporting it.
1573 if (!ssl->s3->have_version) {
1574 return 0;
1575 }
1576 if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1577 return 1;
1578 }
1579
1580 // If the initial handshake completed, query the established session.
1581 if (ssl->s3->established_session != NULL) {
1582 return ssl->s3->established_session->extended_master_secret;
1583 }
1584
1585 // Otherwise, query the in-progress handshake.
1586 if (ssl->s3->hs != NULL) {
1587 return ssl->s3->hs->extended_master_secret;
1588 }
1589 assert(0);
1590 return 0;
1591 }
1592
SSL_CTX_get_read_ahead(const SSL_CTX * ctx)1593 int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; }
1594
SSL_get_read_ahead(const SSL * ssl)1595 int SSL_get_read_ahead(const SSL *ssl) { return 0; }
1596
SSL_CTX_set_read_ahead(SSL_CTX * ctx,int yes)1597 void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { }
1598
SSL_set_read_ahead(SSL * ssl,int yes)1599 void SSL_set_read_ahead(SSL *ssl, int yes) { }
1600
SSL_pending(const SSL * ssl)1601 int SSL_pending(const SSL *ssl) {
1602 return static_cast<int>(ssl->s3->pending_app_data.size());
1603 }
1604
1605 // Fix this so it checks all the valid key/cert options
SSL_CTX_check_private_key(const SSL_CTX * ctx)1606 int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
1607 return ssl_cert_check_private_key(ctx->cert, ctx->cert->privatekey);
1608 }
1609
1610 // Fix this function so that it takes an optional type parameter
SSL_check_private_key(const SSL * ssl)1611 int SSL_check_private_key(const SSL *ssl) {
1612 return ssl_cert_check_private_key(ssl->cert, ssl->cert->privatekey);
1613 }
1614
SSL_get_default_timeout(const SSL * ssl)1615 long SSL_get_default_timeout(const SSL *ssl) {
1616 return SSL_DEFAULT_SESSION_TIMEOUT;
1617 }
1618
SSL_renegotiate(SSL * ssl)1619 int SSL_renegotiate(SSL *ssl) {
1620 // Caller-initiated renegotiation is not supported.
1621 OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1622 return 0;
1623 }
1624
SSL_renegotiate_pending(SSL * ssl)1625 int SSL_renegotiate_pending(SSL *ssl) {
1626 return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete;
1627 }
1628
SSL_total_renegotiations(const SSL * ssl)1629 int SSL_total_renegotiations(const SSL *ssl) {
1630 return ssl->s3->total_renegotiations;
1631 }
1632
SSL_CTX_get_max_cert_list(const SSL_CTX * ctx)1633 size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx) {
1634 return ctx->max_cert_list;
1635 }
1636
SSL_CTX_set_max_cert_list(SSL_CTX * ctx,size_t max_cert_list)1637 void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
1638 if (max_cert_list > kMaxHandshakeSize) {
1639 max_cert_list = kMaxHandshakeSize;
1640 }
1641 ctx->max_cert_list = (uint32_t)max_cert_list;
1642 }
1643
SSL_get_max_cert_list(const SSL * ssl)1644 size_t SSL_get_max_cert_list(const SSL *ssl) {
1645 return ssl->max_cert_list;
1646 }
1647
SSL_set_max_cert_list(SSL * ssl,size_t max_cert_list)1648 void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
1649 if (max_cert_list > kMaxHandshakeSize) {
1650 max_cert_list = kMaxHandshakeSize;
1651 }
1652 ssl->max_cert_list = (uint32_t)max_cert_list;
1653 }
1654
SSL_CTX_set_max_send_fragment(SSL_CTX * ctx,size_t max_send_fragment)1655 int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
1656 if (max_send_fragment < 512) {
1657 max_send_fragment = 512;
1658 }
1659 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1660 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1661 }
1662 ctx->max_send_fragment = (uint16_t)max_send_fragment;
1663
1664 return 1;
1665 }
1666
SSL_set_max_send_fragment(SSL * ssl,size_t max_send_fragment)1667 int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
1668 if (max_send_fragment < 512) {
1669 max_send_fragment = 512;
1670 }
1671 if (max_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
1672 max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1673 }
1674 ssl->max_send_fragment = (uint16_t)max_send_fragment;
1675
1676 return 1;
1677 }
1678
SSL_set_mtu(SSL * ssl,unsigned mtu)1679 int SSL_set_mtu(SSL *ssl, unsigned mtu) {
1680 if (!SSL_is_dtls(ssl) || mtu < dtls1_min_mtu()) {
1681 return 0;
1682 }
1683 ssl->d1->mtu = mtu;
1684 return 1;
1685 }
1686
SSL_get_secure_renegotiation_support(const SSL * ssl)1687 int SSL_get_secure_renegotiation_support(const SSL *ssl) {
1688 if (!ssl->s3->have_version) {
1689 return 0;
1690 }
1691 return ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
1692 ssl->s3->send_connection_binding;
1693 }
1694
SSL_CTX_sess_number(const SSL_CTX * ctx)1695 size_t SSL_CTX_sess_number(const SSL_CTX *ctx) {
1696 MutexReadLock lock(const_cast<CRYPTO_MUTEX *>(&ctx->lock));
1697 return lh_SSL_SESSION_num_items(ctx->sessions);
1698 }
1699
SSL_CTX_sess_set_cache_size(SSL_CTX * ctx,unsigned long size)1700 unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size) {
1701 unsigned long ret = ctx->session_cache_size;
1702 ctx->session_cache_size = size;
1703 return ret;
1704 }
1705
SSL_CTX_sess_get_cache_size(const SSL_CTX * ctx)1706 unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx) {
1707 return ctx->session_cache_size;
1708 }
1709
SSL_CTX_set_session_cache_mode(SSL_CTX * ctx,int mode)1710 int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode) {
1711 int ret = ctx->session_cache_mode;
1712 ctx->session_cache_mode = mode;
1713 return ret;
1714 }
1715
SSL_CTX_get_session_cache_mode(const SSL_CTX * ctx)1716 int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx) {
1717 return ctx->session_cache_mode;
1718 }
1719
1720
SSL_CTX_get_tlsext_ticket_keys(SSL_CTX * ctx,void * out,size_t len)1721 int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, size_t len) {
1722 if (out == NULL) {
1723 return 48;
1724 }
1725 if (len != 48) {
1726 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1727 return 0;
1728 }
1729
1730 // The default ticket keys are initialized lazily. Trigger a key
1731 // rotation to initialize them.
1732 if (!ssl_ctx_rotate_ticket_encryption_key(ctx)) {
1733 return 0;
1734 }
1735
1736 uint8_t *out_bytes = reinterpret_cast<uint8_t *>(out);
1737 MutexReadLock lock(&ctx->lock);
1738 OPENSSL_memcpy(out_bytes, ctx->tlsext_ticket_key_current->name, 16);
1739 OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_ticket_key_current->hmac_key, 16);
1740 OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_ticket_key_current->aes_key, 16);
1741 return 1;
1742 }
1743
SSL_CTX_set_tlsext_ticket_keys(SSL_CTX * ctx,const void * in,size_t len)1744 int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
1745 if (in == NULL) {
1746 return 48;
1747 }
1748 if (len != 48) {
1749 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
1750 return 0;
1751 }
1752 if (!ctx->tlsext_ticket_key_current) {
1753 ctx->tlsext_ticket_key_current =
1754 (tlsext_ticket_key *)OPENSSL_malloc(sizeof(tlsext_ticket_key));
1755 if (!ctx->tlsext_ticket_key_current) {
1756 return 0;
1757 }
1758 }
1759 OPENSSL_memset(ctx->tlsext_ticket_key_current, 0, sizeof(tlsext_ticket_key));
1760 const uint8_t *in_bytes = reinterpret_cast<const uint8_t *>(in);
1761 OPENSSL_memcpy(ctx->tlsext_ticket_key_current->name, in_bytes, 16);
1762 OPENSSL_memcpy(ctx->tlsext_ticket_key_current->hmac_key, in_bytes + 16, 16);
1763 OPENSSL_memcpy(ctx->tlsext_ticket_key_current->aes_key, in_bytes + 32, 16);
1764 OPENSSL_free(ctx->tlsext_ticket_key_prev);
1765 ctx->tlsext_ticket_key_prev = nullptr;
1766 // Disable automatic key rotation.
1767 ctx->tlsext_ticket_key_current->next_rotation_tv_sec = 0;
1768 return 1;
1769 }
1770
SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX * ctx,int (* callback)(SSL * ssl,uint8_t * key_name,uint8_t * iv,EVP_CIPHER_CTX * ctx,HMAC_CTX * hmac_ctx,int encrypt))1771 int SSL_CTX_set_tlsext_ticket_key_cb(
1772 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
1773 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
1774 int encrypt)) {
1775 ctx->tlsext_ticket_key_cb = callback;
1776 return 1;
1777 }
1778
SSL_CTX_set1_curves(SSL_CTX * ctx,const int * curves,size_t curves_len)1779 int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) {
1780 return tls1_set_curves(&ctx->supported_group_list,
1781 &ctx->supported_group_list_len, curves,
1782 curves_len);
1783 }
1784
SSL_set1_curves(SSL * ssl,const int * curves,size_t curves_len)1785 int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
1786 return tls1_set_curves(&ssl->supported_group_list,
1787 &ssl->supported_group_list_len, curves,
1788 curves_len);
1789 }
1790
SSL_CTX_set1_curves_list(SSL_CTX * ctx,const char * curves)1791 int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
1792 return tls1_set_curves_list(&ctx->supported_group_list,
1793 &ctx->supported_group_list_len, curves);
1794 }
1795
SSL_set1_curves_list(SSL * ssl,const char * curves)1796 int SSL_set1_curves_list(SSL *ssl, const char *curves) {
1797 return tls1_set_curves_list(&ssl->supported_group_list,
1798 &ssl->supported_group_list_len, curves);
1799 }
1800
SSL_get_curve_id(const SSL * ssl)1801 uint16_t SSL_get_curve_id(const SSL *ssl) {
1802 // TODO(davidben): This checks the wrong session if there is a renegotiation
1803 // in progress.
1804 SSL_SESSION *session = SSL_get_session(ssl);
1805 if (session == NULL) {
1806 return 0;
1807 }
1808
1809 return session->group_id;
1810 }
1811
SSL_CTX_set_tmp_dh(SSL_CTX * ctx,const DH * dh)1812 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
1813 return 1;
1814 }
1815
SSL_set_tmp_dh(SSL * ssl,const DH * dh)1816 int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
1817 return 1;
1818 }
1819
STACK_OF(SSL_CIPHER)1820 STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
1821 return ctx->cipher_list->ciphers;
1822 }
1823
SSL_CTX_cipher_in_group(const SSL_CTX * ctx,size_t i)1824 int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i) {
1825 if (i >= sk_SSL_CIPHER_num(ctx->cipher_list->ciphers)) {
1826 return 0;
1827 }
1828 return ctx->cipher_list->in_group_flags[i];
1829 }
1830
STACK_OF(SSL_CIPHER)1831 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
1832 if (ssl == NULL) {
1833 return NULL;
1834 }
1835
1836 const struct ssl_cipher_preference_list_st *prefs =
1837 ssl_get_cipher_preferences(ssl);
1838 if (prefs == NULL) {
1839 return NULL;
1840 }
1841
1842 return prefs->ciphers;
1843 }
1844
SSL_get_cipher_list(const SSL * ssl,int n)1845 const char *SSL_get_cipher_list(const SSL *ssl, int n) {
1846 if (ssl == NULL) {
1847 return NULL;
1848 }
1849
1850 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
1851 if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
1852 return NULL;
1853 }
1854
1855 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, n);
1856 if (c == NULL) {
1857 return NULL;
1858 }
1859
1860 return c->name;
1861 }
1862
SSL_CTX_set_cipher_list(SSL_CTX * ctx,const char * str)1863 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) {
1864 return ssl_create_cipher_list(&ctx->cipher_list, str, false /* not strict */);
1865 }
1866
SSL_CTX_set_strict_cipher_list(SSL_CTX * ctx,const char * str)1867 int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, const char *str) {
1868 return ssl_create_cipher_list(&ctx->cipher_list, str, true /* strict */);
1869 }
1870
SSL_set_cipher_list(SSL * ssl,const char * str)1871 int SSL_set_cipher_list(SSL *ssl, const char *str) {
1872 return ssl_create_cipher_list(&ssl->cipher_list, str, false /* not strict */);
1873 }
1874
SSL_set_strict_cipher_list(SSL * ssl,const char * str)1875 int SSL_set_strict_cipher_list(SSL *ssl, const char *str) {
1876 return ssl_create_cipher_list(&ssl->cipher_list, str, true /* strict */);
1877 }
1878
SSL_get_servername(const SSL * ssl,const int type)1879 const char *SSL_get_servername(const SSL *ssl, const int type) {
1880 if (type != TLSEXT_NAMETYPE_host_name) {
1881 return NULL;
1882 }
1883
1884 // Historically, |SSL_get_servername| was also the configuration getter
1885 // corresponding to |SSL_set_tlsext_host_name|.
1886 if (ssl->tlsext_hostname != NULL) {
1887 return ssl->tlsext_hostname;
1888 }
1889
1890 return ssl->s3->hostname.get();
1891 }
1892
SSL_get_servername_type(const SSL * ssl)1893 int SSL_get_servername_type(const SSL *ssl) {
1894 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) == NULL) {
1895 return -1;
1896 }
1897 return TLSEXT_NAMETYPE_host_name;
1898 }
1899
SSL_CTX_set_custom_verify(SSL_CTX * ctx,int mode,enum ssl_verify_result_t (* callback)(SSL * ssl,uint8_t * out_alert))1900 void SSL_CTX_set_custom_verify(
1901 SSL_CTX *ctx, int mode,
1902 enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)) {
1903 ctx->verify_mode = mode;
1904 ctx->custom_verify_callback = callback;
1905 }
1906
SSL_set_custom_verify(SSL * ssl,int mode,enum ssl_verify_result_t (* callback)(SSL * ssl,uint8_t * out_alert))1907 void SSL_set_custom_verify(
1908 SSL *ssl, int mode,
1909 enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)) {
1910 ssl->verify_mode = mode;
1911 ssl->custom_verify_callback = callback;
1912 }
1913
SSL_CTX_enable_signed_cert_timestamps(SSL_CTX * ctx)1914 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
1915 ctx->signed_cert_timestamps_enabled = true;
1916 }
1917
SSL_enable_signed_cert_timestamps(SSL * ssl)1918 void SSL_enable_signed_cert_timestamps(SSL *ssl) {
1919 ssl->signed_cert_timestamps_enabled = true;
1920 }
1921
SSL_CTX_enable_ocsp_stapling(SSL_CTX * ctx)1922 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
1923 ctx->ocsp_stapling_enabled = true;
1924 }
1925
SSL_enable_ocsp_stapling(SSL * ssl)1926 void SSL_enable_ocsp_stapling(SSL *ssl) {
1927 ssl->ocsp_stapling_enabled = true;
1928 }
1929
SSL_get0_signed_cert_timestamp_list(const SSL * ssl,const uint8_t ** out,size_t * out_len)1930 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
1931 size_t *out_len) {
1932 SSL_SESSION *session = SSL_get_session(ssl);
1933 if (ssl->server || !session || !session->signed_cert_timestamp_list) {
1934 *out_len = 0;
1935 *out = NULL;
1936 return;
1937 }
1938
1939 *out = CRYPTO_BUFFER_data(session->signed_cert_timestamp_list);
1940 *out_len = CRYPTO_BUFFER_len(session->signed_cert_timestamp_list);
1941 }
1942
SSL_get0_ocsp_response(const SSL * ssl,const uint8_t ** out,size_t * out_len)1943 void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1944 size_t *out_len) {
1945 SSL_SESSION *session = SSL_get_session(ssl);
1946 if (ssl->server || !session || !session->ocsp_response) {
1947 *out_len = 0;
1948 *out = NULL;
1949 return;
1950 }
1951
1952 *out = CRYPTO_BUFFER_data(session->ocsp_response);
1953 *out_len = CRYPTO_BUFFER_len(session->ocsp_response);
1954 }
1955
SSL_set_tlsext_host_name(SSL * ssl,const char * name)1956 int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
1957 OPENSSL_free(ssl->tlsext_hostname);
1958 ssl->tlsext_hostname = NULL;
1959
1960 if (name == NULL) {
1961 return 1;
1962 }
1963
1964 size_t len = strlen(name);
1965 if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
1966 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1967 return 0;
1968 }
1969 ssl->tlsext_hostname = BUF_strdup(name);
1970 if (ssl->tlsext_hostname == NULL) {
1971 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
1972 return 0;
1973 }
1974 return 1;
1975 }
1976
SSL_CTX_set_tlsext_servername_callback(SSL_CTX * ctx,int (* callback)(SSL * ssl,int * out_alert,void * arg))1977 int SSL_CTX_set_tlsext_servername_callback(
1978 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
1979 ctx->tlsext_servername_callback = callback;
1980 return 1;
1981 }
1982
SSL_CTX_set_tlsext_servername_arg(SSL_CTX * ctx,void * arg)1983 int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
1984 ctx->tlsext_servername_arg = arg;
1985 return 1;
1986 }
1987
SSL_select_next_proto(uint8_t ** out,uint8_t * out_len,const uint8_t * peer,unsigned peer_len,const uint8_t * supported,unsigned supported_len)1988 int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer,
1989 unsigned peer_len, const uint8_t *supported,
1990 unsigned supported_len) {
1991 const uint8_t *result;
1992 int status;
1993
1994 // For each protocol in peer preference order, see if we support it.
1995 for (unsigned i = 0; i < peer_len;) {
1996 for (unsigned j = 0; j < supported_len;) {
1997 if (peer[i] == supported[j] &&
1998 OPENSSL_memcmp(&peer[i + 1], &supported[j + 1], peer[i]) == 0) {
1999 // We found a match
2000 result = &peer[i];
2001 status = OPENSSL_NPN_NEGOTIATED;
2002 goto found;
2003 }
2004 j += supported[j];
2005 j++;
2006 }
2007 i += peer[i];
2008 i++;
2009 }
2010
2011 // There's no overlap between our protocols and the peer's list.
2012 result = supported;
2013 status = OPENSSL_NPN_NO_OVERLAP;
2014
2015 found:
2016 *out = (uint8_t *)result + 1;
2017 *out_len = result[0];
2018 return status;
2019 }
2020
SSL_get0_next_proto_negotiated(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)2021 void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data,
2022 unsigned *out_len) {
2023 *out_data = ssl->s3->next_proto_negotiated.data();
2024 *out_len = ssl->s3->next_proto_negotiated.size();
2025 }
2026
SSL_CTX_set_next_protos_advertised_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg),void * arg)2027 void SSL_CTX_set_next_protos_advertised_cb(
2028 SSL_CTX *ctx,
2029 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
2030 void *arg) {
2031 ctx->next_protos_advertised_cb = cb;
2032 ctx->next_protos_advertised_cb_arg = arg;
2033 }
2034
SSL_CTX_set_next_proto_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)2035 void SSL_CTX_set_next_proto_select_cb(
2036 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
2037 const uint8_t *in, unsigned in_len, void *arg),
2038 void *arg) {
2039 ctx->next_proto_select_cb = cb;
2040 ctx->next_proto_select_cb_arg = arg;
2041 }
2042
SSL_CTX_set_alpn_protos(SSL_CTX * ctx,const uint8_t * protos,unsigned protos_len)2043 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
2044 unsigned protos_len) {
2045 OPENSSL_free(ctx->alpn_client_proto_list);
2046 ctx->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
2047 if (!ctx->alpn_client_proto_list) {
2048 return 1;
2049 }
2050 ctx->alpn_client_proto_list_len = protos_len;
2051
2052 return 0;
2053 }
2054
SSL_set_alpn_protos(SSL * ssl,const uint8_t * protos,unsigned protos_len)2055 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
2056 OPENSSL_free(ssl->alpn_client_proto_list);
2057 ssl->alpn_client_proto_list = (uint8_t *)BUF_memdup(protos, protos_len);
2058 if (!ssl->alpn_client_proto_list) {
2059 return 1;
2060 }
2061 ssl->alpn_client_proto_list_len = protos_len;
2062
2063 return 0;
2064 }
2065
SSL_CTX_set_alpn_select_cb(SSL_CTX * ctx,int (* cb)(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg),void * arg)2066 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
2067 int (*cb)(SSL *ssl, const uint8_t **out,
2068 uint8_t *out_len, const uint8_t *in,
2069 unsigned in_len, void *arg),
2070 void *arg) {
2071 ctx->alpn_select_cb = cb;
2072 ctx->alpn_select_cb_arg = arg;
2073 }
2074
SSL_get0_alpn_selected(const SSL * ssl,const uint8_t ** out_data,unsigned * out_len)2075 void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **out_data,
2076 unsigned *out_len) {
2077 if (SSL_in_early_data(ssl) && !ssl->server) {
2078 *out_data = ssl->s3->hs->early_session->early_alpn;
2079 *out_len = ssl->s3->hs->early_session->early_alpn_len;
2080 } else {
2081 *out_data = ssl->s3->alpn_selected.data();
2082 *out_len = ssl->s3->alpn_selected.size();
2083 }
2084 }
2085
SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX * ctx,int enabled)2086 void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
2087 ctx->allow_unknown_alpn_protos = !!enabled;
2088 }
2089
SSL_CTX_set_tls_channel_id_enabled(SSL_CTX * ctx,int enabled)2090 void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) {
2091 ctx->tlsext_channel_id_enabled = !!enabled;
2092 }
2093
SSL_CTX_enable_tls_channel_id(SSL_CTX * ctx)2094 int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
2095 SSL_CTX_set_tls_channel_id_enabled(ctx, 1);
2096 return 1;
2097 }
2098
SSL_set_tls_channel_id_enabled(SSL * ssl,int enabled)2099 void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled) {
2100 ssl->tlsext_channel_id_enabled = !!enabled;
2101 }
2102
SSL_enable_tls_channel_id(SSL * ssl)2103 int SSL_enable_tls_channel_id(SSL *ssl) {
2104 SSL_set_tls_channel_id_enabled(ssl, 1);
2105 return 1;
2106 }
2107
is_p256_key(EVP_PKEY * private_key)2108 static int is_p256_key(EVP_PKEY *private_key) {
2109 const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
2110 return ec_key != NULL &&
2111 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
2112 NID_X9_62_prime256v1;
2113 }
2114
SSL_CTX_set1_tls_channel_id(SSL_CTX * ctx,EVP_PKEY * private_key)2115 int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
2116 if (!is_p256_key(private_key)) {
2117 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
2118 return 0;
2119 }
2120
2121 EVP_PKEY_free(ctx->tlsext_channel_id_private);
2122 EVP_PKEY_up_ref(private_key);
2123 ctx->tlsext_channel_id_private = private_key;
2124 ctx->tlsext_channel_id_enabled = true;
2125
2126 return 1;
2127 }
2128
SSL_set1_tls_channel_id(SSL * ssl,EVP_PKEY * private_key)2129 int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
2130 if (!is_p256_key(private_key)) {
2131 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
2132 return 0;
2133 }
2134
2135 EVP_PKEY_free(ssl->tlsext_channel_id_private);
2136 EVP_PKEY_up_ref(private_key);
2137 ssl->tlsext_channel_id_private = private_key;
2138 ssl->tlsext_channel_id_enabled = true;
2139
2140 return 1;
2141 }
2142
SSL_get_tls_channel_id(SSL * ssl,uint8_t * out,size_t max_out)2143 size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
2144 if (!ssl->s3->tlsext_channel_id_valid) {
2145 return 0;
2146 }
2147 OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
2148 (max_out < 64) ? max_out : 64);
2149 return 64;
2150 }
2151
SSL_set_token_binding_params(SSL * ssl,const uint8_t * params,size_t len)2152 int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, size_t len) {
2153 if (len > 256) {
2154 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
2155 return 0;
2156 }
2157 OPENSSL_free(ssl->token_binding_params);
2158 ssl->token_binding_params = (uint8_t *)BUF_memdup(params, len);
2159 if (!ssl->token_binding_params) {
2160 return 0;
2161 }
2162 ssl->token_binding_params_len = len;
2163 return 1;
2164 }
2165
SSL_is_token_binding_negotiated(const SSL * ssl)2166 int SSL_is_token_binding_negotiated(const SSL *ssl) {
2167 return ssl->token_binding_negotiated;
2168 }
2169
SSL_get_negotiated_token_binding_param(const SSL * ssl)2170 uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl) {
2171 return ssl->negotiated_token_binding_param;
2172 }
2173
SSL_get0_certificate_types(SSL * ssl,const uint8_t ** out_types)2174 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
2175 if (ssl->server || ssl->s3->hs == NULL) {
2176 *out_types = NULL;
2177 return 0;
2178 }
2179 *out_types = ssl->s3->hs->certificate_types.data();
2180 return ssl->s3->hs->certificate_types.size();
2181 }
2182
SSL_get_privatekey(const SSL * ssl)2183 EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
2184 if (ssl->cert != NULL) {
2185 return ssl->cert->privatekey;
2186 }
2187
2188 return NULL;
2189 }
2190
SSL_CTX_get0_privatekey(const SSL_CTX * ctx)2191 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
2192 if (ctx->cert != NULL) {
2193 return ctx->cert->privatekey;
2194 }
2195
2196 return NULL;
2197 }
2198
SSL_get_current_cipher(const SSL * ssl)2199 const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
2200 return ssl->s3->aead_write_ctx->cipher();
2201 }
2202
SSL_session_reused(const SSL * ssl)2203 int SSL_session_reused(const SSL *ssl) {
2204 return ssl->s3->session_reused || SSL_in_early_data(ssl);
2205 }
2206
SSL_get_current_compression(SSL * ssl)2207 const COMP_METHOD *SSL_get_current_compression(SSL *ssl) { return NULL; }
2208
SSL_get_current_expansion(SSL * ssl)2209 const COMP_METHOD *SSL_get_current_expansion(SSL *ssl) { return NULL; }
2210
SSL_get_server_tmp_key(SSL * ssl,EVP_PKEY ** out_key)2211 int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key) { return 0; }
2212
SSL_CTX_set_quiet_shutdown(SSL_CTX * ctx,int mode)2213 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) {
2214 ctx->quiet_shutdown = (mode != 0);
2215 }
2216
SSL_CTX_get_quiet_shutdown(const SSL_CTX * ctx)2217 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) {
2218 return ctx->quiet_shutdown;
2219 }
2220
SSL_set_quiet_shutdown(SSL * ssl,int mode)2221 void SSL_set_quiet_shutdown(SSL *ssl, int mode) {
2222 ssl->quiet_shutdown = (mode != 0);
2223 }
2224
SSL_get_quiet_shutdown(const SSL * ssl)2225 int SSL_get_quiet_shutdown(const SSL *ssl) { return ssl->quiet_shutdown; }
2226
SSL_set_shutdown(SSL * ssl,int mode)2227 void SSL_set_shutdown(SSL *ssl, int mode) {
2228 // It is an error to clear any bits that have already been set. (We can't try
2229 // to get a second close_notify or send two.)
2230 assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2231
2232 if (mode & SSL_RECEIVED_SHUTDOWN &&
2233 ssl->s3->read_shutdown == ssl_shutdown_none) {
2234 ssl->s3->read_shutdown = ssl_shutdown_close_notify;
2235 }
2236
2237 if (mode & SSL_SENT_SHUTDOWN &&
2238 ssl->s3->write_shutdown == ssl_shutdown_none) {
2239 ssl->s3->write_shutdown = ssl_shutdown_close_notify;
2240 }
2241 }
2242
SSL_get_shutdown(const SSL * ssl)2243 int SSL_get_shutdown(const SSL *ssl) {
2244 int ret = 0;
2245 if (ssl->s3->read_shutdown != ssl_shutdown_none) {
2246 // Historically, OpenSSL set |SSL_RECEIVED_SHUTDOWN| on both close_notify
2247 // and fatal alert.
2248 ret |= SSL_RECEIVED_SHUTDOWN;
2249 }
2250 if (ssl->s3->write_shutdown == ssl_shutdown_close_notify) {
2251 // Historically, OpenSSL set |SSL_SENT_SHUTDOWN| on only close_notify.
2252 ret |= SSL_SENT_SHUTDOWN;
2253 }
2254 return ret;
2255 }
2256
SSL_get_SSL_CTX(const SSL * ssl)2257 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) { return ssl->ctx; }
2258
SSL_set_SSL_CTX(SSL * ssl,SSL_CTX * ctx)2259 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) {
2260 if (ssl->ctx == ctx) {
2261 return ssl->ctx;
2262 }
2263
2264 // One cannot change the X.509 callbacks during a connection.
2265 if (ssl->ctx->x509_method != ctx->x509_method) {
2266 assert(0);
2267 return NULL;
2268 }
2269
2270 if (ctx == NULL) {
2271 ctx = ssl->session_ctx;
2272 }
2273
2274 ssl_cert_free(ssl->cert);
2275 ssl->cert = ssl_cert_dup(ctx->cert);
2276
2277 SSL_CTX_up_ref(ctx);
2278 SSL_CTX_free(ssl->ctx);
2279 ssl->ctx = ctx;
2280
2281 return ssl->ctx;
2282 }
2283
SSL_set_info_callback(SSL * ssl,void (* cb)(const SSL * ssl,int type,int value))2284 void SSL_set_info_callback(SSL *ssl,
2285 void (*cb)(const SSL *ssl, int type, int value)) {
2286 ssl->info_callback = cb;
2287 }
2288
SSL_get_info_callback(const SSL * ssl)2289 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type,
2290 int value) {
2291 return ssl->info_callback;
2292 }
2293
SSL_state(const SSL * ssl)2294 int SSL_state(const SSL *ssl) {
2295 return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
2296 }
2297
SSL_set_state(SSL * ssl,int state)2298 void SSL_set_state(SSL *ssl, int state) { }
2299
SSL_get_shared_ciphers(const SSL * ssl,char * buf,int len)2300 char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
2301 if (len <= 0) {
2302 return NULL;
2303 }
2304 buf[0] = '\0';
2305 return buf;
2306 }
2307
SSL_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)2308 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2309 CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
2310 int index;
2311 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl, &index, argl, argp,
2312 free_func)) {
2313 return -1;
2314 }
2315 return index;
2316 }
2317
SSL_set_ex_data(SSL * ssl,int idx,void * data)2318 int SSL_set_ex_data(SSL *ssl, int idx, void *data) {
2319 return CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
2320 }
2321
SSL_get_ex_data(const SSL * ssl,int idx)2322 void *SSL_get_ex_data(const SSL *ssl, int idx) {
2323 return CRYPTO_get_ex_data(&ssl->ex_data, idx);
2324 }
2325
SSL_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)2326 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
2327 CRYPTO_EX_dup *dup_unused,
2328 CRYPTO_EX_free *free_func) {
2329 int index;
2330 if (!CRYPTO_get_ex_new_index(&g_ex_data_class_ssl_ctx, &index, argl, argp,
2331 free_func)) {
2332 return -1;
2333 }
2334 return index;
2335 }
2336
SSL_CTX_set_ex_data(SSL_CTX * ctx,int idx,void * data)2337 int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data) {
2338 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2339 }
2340
SSL_CTX_get_ex_data(const SSL_CTX * ctx,int idx)2341 void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) {
2342 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2343 }
2344
SSL_want(const SSL * ssl)2345 int SSL_want(const SSL *ssl) { return ssl->s3->rwstate; }
2346
SSL_CTX_set_tmp_rsa_callback(SSL_CTX * ctx,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2347 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
2348 RSA *(*cb)(SSL *ssl, int is_export,
2349 int keylength)) {}
2350
SSL_set_tmp_rsa_callback(SSL * ssl,RSA * (* cb)(SSL * ssl,int is_export,int keylength))2351 void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2352 int keylength)) {}
2353
SSL_CTX_set_tmp_dh_callback(SSL_CTX * ctx,DH * (* cb)(SSL * ssl,int is_export,int keylength))2354 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2355 DH *(*cb)(SSL *ssl, int is_export,
2356 int keylength)) {}
2357
SSL_set_tmp_dh_callback(SSL * ssl,DH * (* cb)(SSL * ssl,int is_export,int keylength))2358 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*cb)(SSL *ssl, int is_export,
2359 int keylength)) {}
2360
use_psk_identity_hint(char ** out,const char * identity_hint)2361 static int use_psk_identity_hint(char **out, const char *identity_hint) {
2362 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
2363 OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
2364 return 0;
2365 }
2366
2367 // Clear currently configured hint, if any.
2368 OPENSSL_free(*out);
2369 *out = NULL;
2370
2371 // Treat the empty hint as not supplying one. Plain PSK makes it possible to
2372 // send either no hint (omit ServerKeyExchange) or an empty hint, while
2373 // ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
2374 // so we interpret empty and missing as identical.
2375 if (identity_hint != NULL && identity_hint[0] != '\0') {
2376 *out = BUF_strdup(identity_hint);
2377 if (*out == NULL) {
2378 return 0;
2379 }
2380 }
2381
2382 return 1;
2383 }
2384
SSL_CTX_use_psk_identity_hint(SSL_CTX * ctx,const char * identity_hint)2385 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
2386 return use_psk_identity_hint(&ctx->psk_identity_hint, identity_hint);
2387 }
2388
SSL_use_psk_identity_hint(SSL * ssl,const char * identity_hint)2389 int SSL_use_psk_identity_hint(SSL *ssl, const char *identity_hint) {
2390 return use_psk_identity_hint(&ssl->psk_identity_hint, identity_hint);
2391 }
2392
SSL_get_psk_identity_hint(const SSL * ssl)2393 const char *SSL_get_psk_identity_hint(const SSL *ssl) {
2394 if (ssl == NULL) {
2395 return NULL;
2396 }
2397 return ssl->psk_identity_hint;
2398 }
2399
SSL_get_psk_identity(const SSL * ssl)2400 const char *SSL_get_psk_identity(const SSL *ssl) {
2401 if (ssl == NULL) {
2402 return NULL;
2403 }
2404 SSL_SESSION *session = SSL_get_session(ssl);
2405 if (session == NULL) {
2406 return NULL;
2407 }
2408 return session->psk_identity;
2409 }
2410
SSL_set_psk_client_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2411 void SSL_set_psk_client_callback(
2412 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2413 unsigned max_identity_len, uint8_t *psk,
2414 unsigned max_psk_len)) {
2415 ssl->psk_client_callback = cb;
2416 }
2417
SSL_CTX_set_psk_client_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * hint,char * identity,unsigned max_identity_len,uint8_t * psk,unsigned max_psk_len))2418 void SSL_CTX_set_psk_client_callback(
2419 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity,
2420 unsigned max_identity_len, uint8_t *psk,
2421 unsigned max_psk_len)) {
2422 ctx->psk_client_callback = cb;
2423 }
2424
SSL_set_psk_server_callback(SSL * ssl,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2425 void SSL_set_psk_server_callback(
2426 SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
2427 unsigned max_psk_len)) {
2428 ssl->psk_server_callback = cb;
2429 }
2430
SSL_CTX_set_psk_server_callback(SSL_CTX * ctx,unsigned (* cb)(SSL * ssl,const char * identity,uint8_t * psk,unsigned max_psk_len))2431 void SSL_CTX_set_psk_server_callback(
2432 SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
2433 uint8_t *psk, unsigned max_psk_len)) {
2434 ctx->psk_server_callback = cb;
2435 }
2436
SSL_set_dummy_pq_padding_size(SSL * ssl,size_t num_bytes)2437 int SSL_set_dummy_pq_padding_size(SSL *ssl, size_t num_bytes) {
2438 if (num_bytes > 0xffff) {
2439 return 0;
2440 }
2441
2442 ssl->dummy_pq_padding_len = num_bytes;
2443 return 1;
2444 }
2445
SSL_CTX_set_msg_callback(SSL_CTX * ctx,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2446 void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
2447 void (*cb)(int write_p, int version,
2448 int content_type, const void *buf,
2449 size_t len, SSL *ssl, void *arg)) {
2450 ctx->msg_callback = cb;
2451 }
2452
SSL_CTX_set_msg_callback_arg(SSL_CTX * ctx,void * arg)2453 void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg) {
2454 ctx->msg_callback_arg = arg;
2455 }
2456
SSL_set_msg_callback(SSL * ssl,void (* cb)(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg))2457 void SSL_set_msg_callback(SSL *ssl,
2458 void (*cb)(int write_p, int version, int content_type,
2459 const void *buf, size_t len, SSL *ssl,
2460 void *arg)) {
2461 ssl->msg_callback = cb;
2462 }
2463
SSL_set_msg_callback_arg(SSL * ssl,void * arg)2464 void SSL_set_msg_callback_arg(SSL *ssl, void *arg) {
2465 ssl->msg_callback_arg = arg;
2466 }
2467
SSL_CTX_set_keylog_callback(SSL_CTX * ctx,void (* cb)(const SSL * ssl,const char * line))2468 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
2469 void (*cb)(const SSL *ssl, const char *line)) {
2470 ctx->keylog_callback = cb;
2471 }
2472
SSL_CTX_get_keylog_callback(const SSL_CTX * ctx)2473 void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))(const SSL *ssl,
2474 const char *line) {
2475 return ctx->keylog_callback;
2476 }
2477
SSL_CTX_set_current_time_cb(SSL_CTX * ctx,void (* cb)(const SSL * ssl,struct timeval * out_clock))2478 void SSL_CTX_set_current_time_cb(SSL_CTX *ctx,
2479 void (*cb)(const SSL *ssl,
2480 struct timeval *out_clock)) {
2481 ctx->current_time_cb = cb;
2482 }
2483
SSL_is_init_finished(const SSL * ssl)2484 int SSL_is_init_finished(const SSL *ssl) {
2485 return !SSL_in_init(ssl);
2486 }
2487
SSL_in_init(const SSL * ssl)2488 int SSL_in_init(const SSL *ssl) {
2489 // This returns false once all the handshake state has been finalized, to
2490 // allow callbacks and getters based on SSL_in_init to return the correct
2491 // values.
2492 SSL_HANDSHAKE *hs = ssl->s3->hs.get();
2493 return hs != nullptr && !hs->handshake_finalized;
2494 }
2495
SSL_in_false_start(const SSL * ssl)2496 int SSL_in_false_start(const SSL *ssl) {
2497 if (ssl->s3->hs == NULL) {
2498 return 0;
2499 }
2500 return ssl->s3->hs->in_false_start;
2501 }
2502
SSL_cutthrough_complete(const SSL * ssl)2503 int SSL_cutthrough_complete(const SSL *ssl) {
2504 return SSL_in_false_start(ssl);
2505 }
2506
SSL_get_structure_sizes(size_t * ssl_size,size_t * ssl_ctx_size,size_t * ssl_session_size)2507 void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
2508 size_t *ssl_session_size) {
2509 *ssl_size = sizeof(SSL);
2510 *ssl_ctx_size = sizeof(SSL_CTX);
2511 *ssl_session_size = sizeof(SSL_SESSION);
2512 }
2513
SSL_is_server(const SSL * ssl)2514 int SSL_is_server(const SSL *ssl) { return ssl->server; }
2515
SSL_is_dtls(const SSL * ssl)2516 int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
2517
SSL_CTX_set_select_certificate_cb(SSL_CTX * ctx,enum ssl_select_cert_result_t (* cb)(const SSL_CLIENT_HELLO *))2518 void SSL_CTX_set_select_certificate_cb(
2519 SSL_CTX *ctx,
2520 enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
2521 ctx->select_certificate_cb = cb;
2522 }
2523
SSL_CTX_set_dos_protection_cb(SSL_CTX * ctx,int (* cb)(const SSL_CLIENT_HELLO *))2524 void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx,
2525 int (*cb)(const SSL_CLIENT_HELLO *)) {
2526 ctx->dos_protection_cb = cb;
2527 }
2528
SSL_set_renegotiate_mode(SSL * ssl,enum ssl_renegotiate_mode_t mode)2529 void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
2530 ssl->renegotiate_mode = mode;
2531 }
2532
SSL_get_ivs(const SSL * ssl,const uint8_t ** out_read_iv,const uint8_t ** out_write_iv,size_t * out_iv_len)2533 int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
2534 const uint8_t **out_write_iv, size_t *out_iv_len) {
2535 size_t write_iv_len;
2536 if (!ssl->s3->aead_read_ctx->GetIV(out_read_iv, out_iv_len) ||
2537 !ssl->s3->aead_write_ctx->GetIV(out_write_iv, &write_iv_len) ||
2538 *out_iv_len != write_iv_len) {
2539 return 0;
2540 }
2541
2542 return 1;
2543 }
2544
be_to_u64(const uint8_t in[8])2545 static uint64_t be_to_u64(const uint8_t in[8]) {
2546 return (((uint64_t)in[0]) << 56) | (((uint64_t)in[1]) << 48) |
2547 (((uint64_t)in[2]) << 40) | (((uint64_t)in[3]) << 32) |
2548 (((uint64_t)in[4]) << 24) | (((uint64_t)in[5]) << 16) |
2549 (((uint64_t)in[6]) << 8) | ((uint64_t)in[7]);
2550 }
2551
SSL_get_read_sequence(const SSL * ssl)2552 uint64_t SSL_get_read_sequence(const SSL *ssl) {
2553 // TODO(davidben): Internally represent sequence numbers as uint64_t.
2554 if (SSL_is_dtls(ssl)) {
2555 // max_seq_num already includes the epoch.
2556 assert(ssl->d1->r_epoch == (ssl->d1->bitmap.max_seq_num >> 48));
2557 return ssl->d1->bitmap.max_seq_num;
2558 }
2559 return be_to_u64(ssl->s3->read_sequence);
2560 }
2561
SSL_get_write_sequence(const SSL * ssl)2562 uint64_t SSL_get_write_sequence(const SSL *ssl) {
2563 uint64_t ret = be_to_u64(ssl->s3->write_sequence);
2564 if (SSL_is_dtls(ssl)) {
2565 assert((ret >> 48) == 0);
2566 ret |= ((uint64_t)ssl->d1->w_epoch) << 48;
2567 }
2568 return ret;
2569 }
2570
SSL_get_peer_signature_algorithm(const SSL * ssl)2571 uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
2572 // TODO(davidben): This checks the wrong session if there is a renegotiation
2573 // in progress.
2574 SSL_SESSION *session = SSL_get_session(ssl);
2575 if (session == NULL) {
2576 return 0;
2577 }
2578
2579 return session->peer_signature_algorithm;
2580 }
2581
SSL_get_client_random(const SSL * ssl,uint8_t * out,size_t max_out)2582 size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2583 if (max_out == 0) {
2584 return sizeof(ssl->s3->client_random);
2585 }
2586 if (max_out > sizeof(ssl->s3->client_random)) {
2587 max_out = sizeof(ssl->s3->client_random);
2588 }
2589 OPENSSL_memcpy(out, ssl->s3->client_random, max_out);
2590 return max_out;
2591 }
2592
SSL_get_server_random(const SSL * ssl,uint8_t * out,size_t max_out)2593 size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, size_t max_out) {
2594 if (max_out == 0) {
2595 return sizeof(ssl->s3->server_random);
2596 }
2597 if (max_out > sizeof(ssl->s3->server_random)) {
2598 max_out = sizeof(ssl->s3->server_random);
2599 }
2600 OPENSSL_memcpy(out, ssl->s3->server_random, max_out);
2601 return max_out;
2602 }
2603
SSL_get_pending_cipher(const SSL * ssl)2604 const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl) {
2605 SSL_HANDSHAKE *hs = ssl->s3->hs.get();
2606 if (hs == NULL) {
2607 return NULL;
2608 }
2609 return hs->new_cipher;
2610 }
2611
SSL_set_retain_only_sha256_of_client_certs(SSL * ssl,int enabled)2612 void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, int enabled) {
2613 ssl->retain_only_sha256_of_client_certs = !!enabled;
2614 }
2615
SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX * ctx,int enabled)2616 void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, int enabled) {
2617 ctx->retain_only_sha256_of_client_certs = !!enabled;
2618 }
2619
SSL_CTX_set_grease_enabled(SSL_CTX * ctx,int enabled)2620 void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled) {
2621 ctx->grease_enabled = !!enabled;
2622 }
2623
SSL_get_ticket_age_skew(const SSL * ssl)2624 int32_t SSL_get_ticket_age_skew(const SSL *ssl) {
2625 return ssl->s3->ticket_age_skew;
2626 }
2627
SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX * ctx,int allowed)2628 void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
2629 ctx->false_start_allowed_without_alpn = !!allowed;
2630 }
2631
SSL_is_draft_downgrade(const SSL * ssl)2632 int SSL_is_draft_downgrade(const SSL *ssl) { return ssl->s3->draft_downgrade; }
2633
SSL_clear(SSL * ssl)2634 int SSL_clear(SSL *ssl) {
2635 // In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously
2636 // established session to be offered the next time around. wpa_supplicant
2637 // depends on this behavior, so emulate it.
2638 UniquePtr<SSL_SESSION> session;
2639 if (!ssl->server && ssl->s3->established_session != NULL) {
2640 session.reset(ssl->s3->established_session.get());
2641 SSL_SESSION_up_ref(session.get());
2642 }
2643
2644 // The ssl->d1->mtu is simultaneously configuration (preserved across
2645 // clear) and connection-specific state (gets reset).
2646 //
2647 // TODO(davidben): Avoid this.
2648 unsigned mtu = 0;
2649 if (ssl->d1 != NULL) {
2650 mtu = ssl->d1->mtu;
2651 }
2652
2653 ssl->method->ssl_free(ssl);
2654 if (!ssl->method->ssl_new(ssl)) {
2655 return 0;
2656 }
2657
2658 if (SSL_is_dtls(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
2659 ssl->d1->mtu = mtu;
2660 }
2661
2662 if (session != nullptr) {
2663 SSL_set_session(ssl, session.get());
2664 }
2665
2666 return 1;
2667 }
2668
SSL_CTX_sess_connect(const SSL_CTX * ctx)2669 int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_good(const SSL_CTX * ctx)2670 int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_connect_renegotiate(const SSL_CTX * ctx)2671 int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept(const SSL_CTX * ctx)2672 int SSL_CTX_sess_accept(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_renegotiate(const SSL_CTX * ctx)2673 int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_accept_good(const SSL_CTX * ctx)2674 int SSL_CTX_sess_accept_good(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_hits(const SSL_CTX * ctx)2675 int SSL_CTX_sess_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cb_hits(const SSL_CTX * ctx)2676 int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_misses(const SSL_CTX * ctx)2677 int SSL_CTX_sess_misses(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_timeouts(const SSL_CTX * ctx)2678 int SSL_CTX_sess_timeouts(const SSL_CTX *ctx) { return 0; }
SSL_CTX_sess_cache_full(const SSL_CTX * ctx)2679 int SSL_CTX_sess_cache_full(const SSL_CTX *ctx) { return 0; }
2680
SSL_num_renegotiations(const SSL * ssl)2681 int SSL_num_renegotiations(const SSL *ssl) {
2682 return SSL_total_renegotiations(ssl);
2683 }
2684
SSL_CTX_need_tmp_RSA(const SSL_CTX * ctx)2685 int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx) { return 0; }
SSL_need_tmp_RSA(const SSL * ssl)2686 int SSL_need_tmp_RSA(const SSL *ssl) { return 0; }
SSL_CTX_set_tmp_rsa(SSL_CTX * ctx,const RSA * rsa)2687 int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa) { return 1; }
SSL_set_tmp_rsa(SSL * ssl,const RSA * rsa)2688 int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) { return 1; }
ERR_load_SSL_strings(void)2689 void ERR_load_SSL_strings(void) {}
SSL_load_error_strings(void)2690 void SSL_load_error_strings(void) {}
SSL_cache_hit(SSL * ssl)2691 int SSL_cache_hit(SSL *ssl) { return SSL_session_reused(ssl); }
2692
SSL_CTX_set_tmp_ecdh(SSL_CTX * ctx,const EC_KEY * ec_key)2693 int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key) {
2694 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2695 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2696 return 0;
2697 }
2698 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2699 return SSL_CTX_set1_curves(ctx, &nid, 1);
2700 }
2701
SSL_set_tmp_ecdh(SSL * ssl,const EC_KEY * ec_key)2702 int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
2703 if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
2704 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
2705 return 0;
2706 }
2707 int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
2708 return SSL_set1_curves(ssl, &nid, 1);
2709 }
2710
SSL_CTX_set_ticket_aead_method(SSL_CTX * ctx,const SSL_TICKET_AEAD_METHOD * aead_method)2711 void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
2712 const SSL_TICKET_AEAD_METHOD *aead_method) {
2713 ctx->ticket_aead_method = aead_method;
2714 }
2715