1 /*! \file ssl/ssl_lib.c 2 * \brief Version independent SSL functions. 3 */ 4 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 5 * All rights reserved. 6 * 7 * This package is an SSL implementation written 8 * by Eric Young (eay@cryptsoft.com). 9 * The implementation was written so as to conform with Netscapes SSL. 10 * 11 * This library is free for commercial and non-commercial use as long as 12 * the following conditions are aheared to. The following conditions 13 * apply to all code found in this distribution, be it the RC4, RSA, 14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 15 * included with this distribution is covered by the same copyright terms 16 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 17 * 18 * Copyright remains Eric Young's, and as such any Copyright notices in 19 * the code are not to be removed. 20 * If this package is used in a product, Eric Young should be given attribution 21 * as the author of the parts of the library used. 22 * This can be in the form of a textual message at program startup or 23 * in documentation (online or textual) provided with the package. 24 * 25 * Redistribution and use in source and binary forms, with or without 26 * modification, are permitted provided that the following conditions 27 * are met: 28 * 1. Redistributions of source code must retain the copyright 29 * notice, this list of conditions and the following disclaimer. 30 * 2. Redistributions in binary form must reproduce the above copyright 31 * notice, this list of conditions and the following disclaimer in the 32 * documentation and/or other materials provided with the distribution. 33 * 3. All advertising materials mentioning features or use of this software 34 * must display the following acknowledgement: 35 * "This product includes cryptographic software written by 36 * Eric Young (eay@cryptsoft.com)" 37 * The word 'cryptographic' can be left out if the rouines from the library 38 * being used are not cryptographic related :-). 39 * 4. If you include any Windows specific code (or a derivative thereof) from 40 * the apps directory (application code) you must include an acknowledgement: 41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 42 * 43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 * 55 * The licence and distribution terms for any publically available version or 56 * derivative of this code cannot be changed. i.e. this code cannot simply be 57 * copied and put under another distribution licence 58 * [including the GNU Public Licence.] 59 */ 60 61 62 #include <assert.h> 63 #include <stdio.h> 64 #include <openssl/objects.h> 65 #include <openssl/lhash.h> 66 #include <openssl/x509v3.h> 67 #include "ssl_locl.h" 68 69 const char *SSL_version_str=OPENSSL_VERSION_TEXT; 70 71 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL; 72 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL; 73 static int ssl_meth_num=0; 74 static int ssl_ctx_meth_num=0; 75 76 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ 77 /* evil casts, but these functions are only called if there's a library bug */ 78 (int (*)(SSL *,int))ssl_undefined_function, 79 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 80 ssl_undefined_function, 81 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, 82 (int (*)(SSL*, int))ssl_undefined_function, 83 (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function 84 }; 85 86 int SSL_clear(SSL *s) 87 { 88 int state; 89 90 if (s->method == NULL) 91 { 92 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); 93 return(0); 94 } 95 96 s->error=0; 97 s->hit=0; 98 s->shutdown=0; 99 100 #if 0 /* Disabled since version 1.10 of this file (early return not 101 * needed because SSL_clear is not called when doing renegotiation) */ 102 /* This is set if we are doing dynamic renegotiation so keep 103 * the old cipher. It is sort of a SSL_clear_lite :-) */ 104 if (s->new_session) return(1); 105 #else 106 if (s->new_session) 107 { 108 SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR); 109 return 0; 110 } 111 #endif 112 113 state=s->state; /* Keep to check if we throw away the session-id */ 114 s->type=0; 115 116 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); 117 118 s->version=s->method->version; 119 s->client_version=s->version; 120 s->rwstate=SSL_NOTHING; 121 s->rstate=SSL_ST_READ_HEADER; 122 #if 0 123 s->read_ahead=s->ctx->read_ahead; 124 #endif 125 126 if (s->init_buf != NULL) 127 { 128 BUF_MEM_free(s->init_buf); 129 s->init_buf=NULL; 130 } 131 132 ssl_clear_cipher_ctx(s); 133 134 if (ssl_clear_bad_session(s)) 135 { 136 SSL_SESSION_free(s->session); 137 s->session=NULL; 138 } 139 140 s->first_packet=0; 141 142 #if 1 143 /* Check to see if we were changed into a different method, if 144 * so, revert back if we are not doing session-id reuse. */ 145 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) 146 { 147 s->method->ssl_free(s); 148 s->method=s->ctx->method; 149 if (!s->method->ssl_new(s)) 150 return(0); 151 } 152 else 153 #endif 154 s->method->ssl_clear(s); 155 return(1); 156 } 157 158 /** Used to change an SSL_CTXs default SSL method type */ 159 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth) 160 { 161 STACK_OF(SSL_CIPHER) *sk; 162 163 ctx->method=meth; 164 165 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 166 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); 167 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) 168 { 169 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 170 return(0); 171 } 172 return(1); 173 } 174 175 SSL *SSL_new(SSL_CTX *ctx) 176 { 177 SSL *s; 178 179 if (ctx == NULL) 180 { 181 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); 182 return(NULL); 183 } 184 if (ctx->method == NULL) 185 { 186 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 187 return(NULL); 188 } 189 190 s=(SSL *)OPENSSL_malloc(sizeof(SSL)); 191 if (s == NULL) goto err; 192 memset(s,0,sizeof(SSL)); 193 194 if (ctx->cert != NULL) 195 { 196 /* Earlier library versions used to copy the pointer to 197 * the CERT, not its contents; only when setting new 198 * parameters for the per-SSL copy, ssl_cert_new would be 199 * called (and the direct reference to the per-SSL_CTX 200 * settings would be lost, but those still were indirectly 201 * accessed for various purposes, and for that reason they 202 * used to be known as s->ctx->default_cert). 203 * Now we don't look at the SSL_CTX's CERT after having 204 * duplicated it once. */ 205 206 s->cert = ssl_cert_dup(ctx->cert); 207 if (s->cert == NULL) 208 goto err; 209 } 210 else 211 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ 212 s->sid_ctx_length=ctx->sid_ctx_length; 213 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 214 s->verify_mode=ctx->verify_mode; 215 s->verify_depth=ctx->verify_depth; 216 s->verify_callback=ctx->default_verify_callback; 217 s->purpose = ctx->purpose; 218 s->trust = ctx->trust; 219 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 220 s->ctx=ctx; 221 222 s->verify_result=X509_V_OK; 223 224 s->method=ctx->method; 225 226 if (!s->method->ssl_new(s)) 227 goto err; 228 229 s->quiet_shutdown=ctx->quiet_shutdown; 230 s->references=1; 231 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 232 s->options=ctx->options; 233 s->mode=ctx->mode; 234 s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */ 235 SSL_clear(s); 236 237 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data); 238 239 return(s); 240 err: 241 if (s != NULL) 242 { 243 if (s->cert != NULL) 244 ssl_cert_free(s->cert); 245 if (s->ctx != NULL) 246 SSL_CTX_free(s->ctx); /* decrement reference count */ 247 OPENSSL_free(s); 248 } 249 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 250 return(NULL); 251 } 252 253 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 254 unsigned int sid_ctx_len) 255 { 256 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 257 { 258 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 259 return 0; 260 } 261 ctx->sid_ctx_length=sid_ctx_len; 262 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); 263 264 return 1; 265 } 266 267 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 268 unsigned int sid_ctx_len) 269 { 270 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 271 { 272 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 273 return 0; 274 } 275 ssl->sid_ctx_length=sid_ctx_len; 276 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); 277 278 return 1; 279 } 280 281 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 282 { 283 if(X509_PURPOSE_get_by_id(purpose) == -1) { 284 SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE); 285 return 0; 286 } 287 s->purpose = purpose; 288 return 1; 289 } 290 291 int SSL_set_purpose(SSL *s, int purpose) 292 { 293 if(X509_PURPOSE_get_by_id(purpose) == -1) { 294 SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE); 295 return 0; 296 } 297 s->purpose = purpose; 298 return 1; 299 } 300 301 int SSL_CTX_set_trust(SSL_CTX *s, int trust) 302 { 303 if(X509_TRUST_get_by_id(trust) == -1) { 304 SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST); 305 return 0; 306 } 307 s->trust = trust; 308 return 1; 309 } 310 311 int SSL_set_trust(SSL *s, int trust) 312 { 313 if(X509_TRUST_get_by_id(trust) == -1) { 314 SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST); 315 return 0; 316 } 317 s->trust = trust; 318 return 1; 319 } 320 321 void SSL_free(SSL *s) 322 { 323 int i; 324 325 if(s == NULL) 326 return; 327 328 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); 329 #ifdef REF_PRINT 330 REF_PRINT("SSL",s); 331 #endif 332 if (i > 0) return; 333 #ifdef REF_CHECK 334 if (i < 0) 335 { 336 fprintf(stderr,"SSL_free, bad reference count\n"); 337 abort(); /* ok */ 338 } 339 #endif 340 341 CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data); 342 343 if (s->bbio != NULL) 344 { 345 /* If the buffering BIO is in place, pop it off */ 346 if (s->bbio == s->wbio) 347 { 348 s->wbio=BIO_pop(s->wbio); 349 } 350 BIO_free(s->bbio); 351 s->bbio=NULL; 352 } 353 if (s->rbio != NULL) 354 BIO_free_all(s->rbio); 355 if ((s->wbio != NULL) && (s->wbio != s->rbio)) 356 BIO_free_all(s->wbio); 357 358 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); 359 360 /* add extra stuff */ 361 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); 362 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); 363 364 /* Make the next call work :-) */ 365 if (s->session != NULL) 366 { 367 ssl_clear_bad_session(s); 368 SSL_SESSION_free(s->session); 369 } 370 371 ssl_clear_cipher_ctx(s); 372 373 if (s->cert != NULL) ssl_cert_free(s->cert); 374 /* Free up if allocated */ 375 376 if (s->ctx) SSL_CTX_free(s->ctx); 377 378 if (s->client_CA != NULL) 379 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); 380 381 if (s->method != NULL) s->method->ssl_free(s); 382 383 OPENSSL_free(s); 384 } 385 386 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) 387 { 388 /* If the output buffering BIO is still in place, remove it 389 */ 390 if (s->bbio != NULL) 391 { 392 if (s->wbio == s->bbio) 393 { 394 s->wbio=s->wbio->next_bio; 395 s->bbio->next_bio=NULL; 396 } 397 } 398 if ((s->rbio != NULL) && (s->rbio != rbio)) 399 BIO_free_all(s->rbio); 400 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 401 BIO_free_all(s->wbio); 402 s->rbio=rbio; 403 s->wbio=wbio; 404 } 405 406 BIO *SSL_get_rbio(SSL *s) 407 { return(s->rbio); } 408 409 BIO *SSL_get_wbio(SSL *s) 410 { return(s->wbio); } 411 412 int SSL_get_fd(SSL *s) 413 { 414 return(SSL_get_rfd(s)); 415 } 416 417 int SSL_get_rfd(SSL *s) 418 { 419 int ret= -1; 420 BIO *b,*r; 421 422 b=SSL_get_rbio(s); 423 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 424 if (r != NULL) 425 BIO_get_fd(r,&ret); 426 return(ret); 427 } 428 429 int SSL_get_wfd(SSL *s) 430 { 431 int ret= -1; 432 BIO *b,*r; 433 434 b=SSL_get_wbio(s); 435 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 436 if (r != NULL) 437 BIO_get_fd(r,&ret); 438 return(ret); 439 } 440 441 #ifndef NO_SOCK 442 int SSL_set_fd(SSL *s,int fd) 443 { 444 int ret=0; 445 BIO *bio=NULL; 446 447 bio=BIO_new(BIO_s_socket()); 448 449 if (bio == NULL) 450 { 451 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); 452 goto err; 453 } 454 BIO_set_fd(bio,fd,BIO_NOCLOSE); 455 SSL_set_bio(s,bio,bio); 456 ret=1; 457 err: 458 return(ret); 459 } 460 461 int SSL_set_wfd(SSL *s,int fd) 462 { 463 int ret=0; 464 BIO *bio=NULL; 465 466 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 467 || ((int)BIO_get_fd(s->rbio,NULL) != fd)) 468 { 469 bio=BIO_new(BIO_s_socket()); 470 471 if (bio == NULL) 472 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } 473 BIO_set_fd(bio,fd,BIO_NOCLOSE); 474 SSL_set_bio(s,SSL_get_rbio(s),bio); 475 } 476 else 477 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); 478 ret=1; 479 err: 480 return(ret); 481 } 482 483 int SSL_set_rfd(SSL *s,int fd) 484 { 485 int ret=0; 486 BIO *bio=NULL; 487 488 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 489 || ((int)BIO_get_fd(s->wbio,NULL) != fd)) 490 { 491 bio=BIO_new(BIO_s_socket()); 492 493 if (bio == NULL) 494 { 495 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); 496 goto err; 497 } 498 BIO_set_fd(bio,fd,BIO_NOCLOSE); 499 SSL_set_bio(s,bio,SSL_get_wbio(s)); 500 } 501 else 502 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); 503 ret=1; 504 err: 505 return(ret); 506 } 507 #endif 508 509 510 /* return length of latest Finished message we sent, copy to 'buf' */ 511 size_t SSL_get_finished(SSL *s, void *buf, size_t count) 512 { 513 size_t ret = 0; 514 515 if (s->s3 != NULL) 516 { 517 ret = s->s3->tmp.finish_md_len; 518 if (count > ret) 519 count = ret; 520 memcpy(buf, s->s3->tmp.finish_md, count); 521 } 522 return ret; 523 } 524 525 /* return length of latest Finished message we expected, copy to 'buf' */ 526 size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) 527 { 528 size_t ret = 0; 529 530 if (s->s3 != NULL) 531 { 532 ret = s->s3->tmp.peer_finish_md_len; 533 if (count > ret) 534 count = ret; 535 memcpy(buf, s->s3->tmp.peer_finish_md, count); 536 } 537 return ret; 538 } 539 540 541 int SSL_get_verify_mode(SSL *s) 542 { 543 return(s->verify_mode); 544 } 545 546 int SSL_get_verify_depth(SSL *s) 547 { 548 return(s->verify_depth); 549 } 550 551 int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *) 552 { 553 return(s->verify_callback); 554 } 555 556 int SSL_CTX_get_verify_mode(SSL_CTX *ctx) 557 { 558 return(ctx->verify_mode); 559 } 560 561 int SSL_CTX_get_verify_depth(SSL_CTX *ctx) 562 { 563 return(ctx->verify_depth); 564 } 565 566 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *) 567 { 568 return(ctx->default_verify_callback); 569 } 570 571 void SSL_set_verify(SSL *s,int mode, 572 int (*callback)(int ok,X509_STORE_CTX *ctx)) 573 { 574 s->verify_mode=mode; 575 if (callback != NULL) 576 s->verify_callback=callback; 577 } 578 579 void SSL_set_verify_depth(SSL *s,int depth) 580 { 581 s->verify_depth=depth; 582 } 583 584 void SSL_set_read_ahead(SSL *s,int yes) 585 { 586 s->read_ahead=yes; 587 } 588 589 int SSL_get_read_ahead(SSL *s) 590 { 591 return(s->read_ahead); 592 } 593 594 int SSL_pending(SSL *s) 595 { 596 return(s->method->ssl_pending(s)); 597 } 598 599 X509 *SSL_get_peer_certificate(SSL *s) 600 { 601 X509 *r; 602 603 if ((s == NULL) || (s->session == NULL)) 604 r=NULL; 605 else 606 r=s->session->peer; 607 608 if (r == NULL) return(r); 609 610 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); 611 612 return(r); 613 } 614 615 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) 616 { 617 STACK_OF(X509) *r; 618 619 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 620 r=NULL; 621 else 622 r=s->session->sess_cert->cert_chain; 623 624 /* If we are a client, cert_chain includes the peer's own 625 * certificate; if we are a server, it does not. */ 626 627 return(r); 628 } 629 630 /* Now in theory, since the calling process own 't' it should be safe to 631 * modify. We need to be able to read f without being hassled */ 632 void SSL_copy_session_id(SSL *t,SSL *f) 633 { 634 CERT *tmp; 635 636 /* Do we need to to SSL locking? */ 637 SSL_set_session(t,SSL_get_session(f)); 638 639 /* what if we are setup as SSLv2 but want to talk SSLv3 or 640 * vice-versa */ 641 if (t->method != f->method) 642 { 643 t->method->ssl_free(t); /* cleanup current */ 644 t->method=f->method; /* change method */ 645 t->method->ssl_new(t); /* setup new */ 646 } 647 648 tmp=t->cert; 649 if (f->cert != NULL) 650 { 651 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); 652 t->cert=f->cert; 653 } 654 else 655 t->cert=NULL; 656 if (tmp != NULL) ssl_cert_free(tmp); 657 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); 658 } 659 660 /* Fix this so it checks all the valid key/cert options */ 661 int SSL_CTX_check_private_key(SSL_CTX *ctx) 662 { 663 if ( (ctx == NULL) || 664 (ctx->cert == NULL) || 665 (ctx->cert->key->x509 == NULL)) 666 { 667 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 668 return(0); 669 } 670 if (ctx->cert->key->privatekey == NULL) 671 { 672 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); 673 return(0); 674 } 675 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); 676 } 677 678 /* Fix this function so that it takes an optional type parameter */ 679 int SSL_check_private_key(SSL *ssl) 680 { 681 if (ssl == NULL) 682 { 683 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); 684 return(0); 685 } 686 if (ssl->cert == NULL) 687 { 688 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 689 return 0; 690 } 691 if (ssl->cert->key->x509 == NULL) 692 { 693 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 694 return(0); 695 } 696 if (ssl->cert->key->privatekey == NULL) 697 { 698 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); 699 return(0); 700 } 701 return(X509_check_private_key(ssl->cert->key->x509, 702 ssl->cert->key->privatekey)); 703 } 704 705 int SSL_accept(SSL *s) 706 { 707 if (s->handshake_func == 0) 708 /* Not properly initialized yet */ 709 SSL_set_accept_state(s); 710 711 return(s->method->ssl_accept(s)); 712 } 713 714 int SSL_connect(SSL *s) 715 { 716 if (s->handshake_func == 0) 717 /* Not properly initialized yet */ 718 SSL_set_connect_state(s); 719 720 return(s->method->ssl_connect(s)); 721 } 722 723 long SSL_get_default_timeout(SSL *s) 724 { 725 return(s->method->get_timeout()); 726 } 727 728 int SSL_read(SSL *s,void *buf,int num) 729 { 730 if (s->handshake_func == 0) 731 { 732 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 733 return -1; 734 } 735 736 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 737 { 738 s->rwstate=SSL_NOTHING; 739 return(0); 740 } 741 return(s->method->ssl_read(s,buf,num)); 742 } 743 744 int SSL_peek(SSL *s,void *buf,int num) 745 { 746 if (s->handshake_func == 0) 747 { 748 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 749 return -1; 750 } 751 752 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 753 { 754 return(0); 755 } 756 return(s->method->ssl_peek(s,buf,num)); 757 } 758 759 int SSL_write(SSL *s,const void *buf,int num) 760 { 761 if (s->handshake_func == 0) 762 { 763 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 764 return -1; 765 } 766 767 if (s->shutdown & SSL_SENT_SHUTDOWN) 768 { 769 s->rwstate=SSL_NOTHING; 770 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); 771 return(-1); 772 } 773 return(s->method->ssl_write(s,buf,num)); 774 } 775 776 int SSL_shutdown(SSL *s) 777 { 778 /* Note that this function behaves differently from what one might 779 * expect. Return values are 0 for no success (yet), 780 * 1 for success; but calling it once is usually not enough, 781 * even if blocking I/O is used (see ssl3_shutdown). 782 */ 783 784 if (s->handshake_func == 0) 785 { 786 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 787 return -1; 788 } 789 790 if ((s != NULL) && !SSL_in_init(s)) 791 return(s->method->ssl_shutdown(s)); 792 else 793 return(1); 794 } 795 796 int SSL_renegotiate(SSL *s) 797 { 798 s->new_session=1; 799 return(s->method->ssl_renegotiate(s)); 800 } 801 802 long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) 803 { 804 long l; 805 806 switch (cmd) 807 { 808 case SSL_CTRL_GET_READ_AHEAD: 809 return(s->read_ahead); 810 case SSL_CTRL_SET_READ_AHEAD: 811 l=s->read_ahead; 812 s->read_ahead=larg; 813 return(l); 814 case SSL_CTRL_OPTIONS: 815 return(s->options|=larg); 816 case SSL_CTRL_MODE: 817 return(s->mode|=larg); 818 default: 819 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 820 } 821 } 822 823 long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)()) 824 { 825 switch(cmd) 826 { 827 default: 828 return(s->method->ssl_callback_ctrl(s,cmd,fp)); 829 } 830 } 831 832 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx) 833 { 834 return ctx->sessions; 835 } 836 837 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg) 838 { 839 long l; 840 841 switch (cmd) 842 { 843 case SSL_CTRL_GET_READ_AHEAD: 844 return(ctx->read_ahead); 845 case SSL_CTRL_SET_READ_AHEAD: 846 l=ctx->read_ahead; 847 ctx->read_ahead=larg; 848 return(l); 849 850 case SSL_CTRL_SET_SESS_CACHE_SIZE: 851 l=ctx->session_cache_size; 852 ctx->session_cache_size=larg; 853 return(l); 854 case SSL_CTRL_GET_SESS_CACHE_SIZE: 855 return(ctx->session_cache_size); 856 case SSL_CTRL_SET_SESS_CACHE_MODE: 857 l=ctx->session_cache_mode; 858 ctx->session_cache_mode=larg; 859 return(l); 860 case SSL_CTRL_GET_SESS_CACHE_MODE: 861 return(ctx->session_cache_mode); 862 863 case SSL_CTRL_SESS_NUMBER: 864 return(ctx->sessions->num_items); 865 case SSL_CTRL_SESS_CONNECT: 866 return(ctx->stats.sess_connect); 867 case SSL_CTRL_SESS_CONNECT_GOOD: 868 return(ctx->stats.sess_connect_good); 869 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 870 return(ctx->stats.sess_connect_renegotiate); 871 case SSL_CTRL_SESS_ACCEPT: 872 return(ctx->stats.sess_accept); 873 case SSL_CTRL_SESS_ACCEPT_GOOD: 874 return(ctx->stats.sess_accept_good); 875 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 876 return(ctx->stats.sess_accept_renegotiate); 877 case SSL_CTRL_SESS_HIT: 878 return(ctx->stats.sess_hit); 879 case SSL_CTRL_SESS_CB_HIT: 880 return(ctx->stats.sess_cb_hit); 881 case SSL_CTRL_SESS_MISSES: 882 return(ctx->stats.sess_miss); 883 case SSL_CTRL_SESS_TIMEOUTS: 884 return(ctx->stats.sess_timeout); 885 case SSL_CTRL_SESS_CACHE_FULL: 886 return(ctx->stats.sess_cache_full); 887 case SSL_CTRL_OPTIONS: 888 return(ctx->options|=larg); 889 case SSL_CTRL_MODE: 890 return(ctx->mode|=larg); 891 default: 892 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 893 } 894 } 895 896 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) 897 { 898 switch(cmd) 899 { 900 default: 901 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); 902 } 903 } 904 905 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 906 { 907 long l; 908 909 l=a->id-b->id; 910 if (l == 0L) 911 return(0); 912 else 913 return((l > 0)?1:-1); 914 } 915 916 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 917 const SSL_CIPHER * const *bp) 918 { 919 long l; 920 921 l=(*ap)->id-(*bp)->id; 922 if (l == 0L) 923 return(0); 924 else 925 return((l > 0)?1:-1); 926 } 927 928 /** return a STACK of the ciphers available for the SSL and in order of 929 * preference */ 930 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) 931 { 932 if ((s != NULL) && (s->cipher_list != NULL)) 933 { 934 return(s->cipher_list); 935 } 936 else if ((s->ctx != NULL) && 937 (s->ctx->cipher_list != NULL)) 938 { 939 return(s->ctx->cipher_list); 940 } 941 return(NULL); 942 } 943 944 /** return a STACK of the ciphers available for the SSL and in order of 945 * algorithm id */ 946 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 947 { 948 if ((s != NULL) && (s->cipher_list_by_id != NULL)) 949 { 950 return(s->cipher_list_by_id); 951 } 952 else if ((s != NULL) && (s->ctx != NULL) && 953 (s->ctx->cipher_list_by_id != NULL)) 954 { 955 return(s->ctx->cipher_list_by_id); 956 } 957 return(NULL); 958 } 959 960 /** The old interface to get the same thing as SSL_get_ciphers() */ 961 const char *SSL_get_cipher_list(SSL *s,int n) 962 { 963 SSL_CIPHER *c; 964 STACK_OF(SSL_CIPHER) *sk; 965 966 if (s == NULL) return(NULL); 967 sk=SSL_get_ciphers(s); 968 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 969 return(NULL); 970 c=sk_SSL_CIPHER_value(sk,n); 971 if (c == NULL) return(NULL); 972 return(c->name); 973 } 974 975 /** specify the ciphers to be used by default by the SSL_CTX */ 976 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 977 { 978 STACK_OF(SSL_CIPHER) *sk; 979 980 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 981 &ctx->cipher_list_by_id,str); 982 /* XXXX */ 983 return((sk == NULL)?0:1); 984 } 985 986 /** specify the ciphers to be used by the SSL */ 987 int SSL_set_cipher_list(SSL *s,const char *str) 988 { 989 STACK_OF(SSL_CIPHER) *sk; 990 991 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 992 &s->cipher_list_by_id,str); 993 /* XXXX */ 994 return((sk == NULL)?0:1); 995 } 996 997 /* works well for SSLv2, not so good for SSLv3 */ 998 char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) 999 { 1000 char *p; 1001 const char *cp; 1002 STACK_OF(SSL_CIPHER) *sk; 1003 SSL_CIPHER *c; 1004 int i; 1005 1006 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1007 (len < 2)) 1008 return(NULL); 1009 1010 p=buf; 1011 sk=s->session->ciphers; 1012 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1013 { 1014 /* Decrement for either the ':' or a '\0' */ 1015 len--; 1016 c=sk_SSL_CIPHER_value(sk,i); 1017 for (cp=c->name; *cp; ) 1018 { 1019 if (len-- == 0) 1020 { 1021 *p='\0'; 1022 return(buf); 1023 } 1024 else 1025 *(p++)= *(cp++); 1026 } 1027 *(p++)=':'; 1028 } 1029 p[-1]='\0'; 1030 return(buf); 1031 } 1032 1033 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) 1034 { 1035 int i,j=0; 1036 SSL_CIPHER *c; 1037 unsigned char *q; 1038 1039 if (sk == NULL) return(0); 1040 q=p; 1041 1042 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1043 { 1044 c=sk_SSL_CIPHER_value(sk,i); 1045 j=ssl_put_cipher_by_char(s,c,p); 1046 p+=j; 1047 } 1048 return(p-q); 1049 } 1050 1051 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 1052 STACK_OF(SSL_CIPHER) **skp) 1053 { 1054 SSL_CIPHER *c; 1055 STACK_OF(SSL_CIPHER) *sk; 1056 int i,n; 1057 1058 n=ssl_put_cipher_by_char(s,NULL,NULL); 1059 if ((num%n) != 0) 1060 { 1061 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1062 return(NULL); 1063 } 1064 if ((skp == NULL) || (*skp == NULL)) 1065 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1066 else 1067 { 1068 sk= *skp; 1069 sk_SSL_CIPHER_zero(sk); 1070 } 1071 1072 for (i=0; i<num; i+=n) 1073 { 1074 c=ssl_get_cipher_by_char(s,p); 1075 p+=n; 1076 if (c != NULL) 1077 { 1078 if (!sk_SSL_CIPHER_push(sk,c)) 1079 { 1080 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1081 goto err; 1082 } 1083 } 1084 } 1085 1086 if (skp != NULL) 1087 *skp=sk; 1088 return(sk); 1089 err: 1090 if ((skp == NULL) || (*skp == NULL)) 1091 sk_SSL_CIPHER_free(sk); 1092 return(NULL); 1093 } 1094 1095 unsigned long SSL_SESSION_hash(SSL_SESSION *a) 1096 { 1097 unsigned long l; 1098 1099 l=(unsigned long) 1100 ((unsigned int) a->session_id[0] )| 1101 ((unsigned int) a->session_id[1]<< 8L)| 1102 ((unsigned long)a->session_id[2]<<16L)| 1103 ((unsigned long)a->session_id[3]<<24L); 1104 return(l); 1105 } 1106 1107 int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) 1108 { 1109 if (a->ssl_version != b->ssl_version) 1110 return(1); 1111 if (a->session_id_length != b->session_id_length) 1112 return(1); 1113 return(memcmp(a->session_id,b->session_id,a->session_id_length)); 1114 } 1115 1116 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) 1117 { 1118 SSL_CTX *ret=NULL; 1119 1120 if (meth == NULL) 1121 { 1122 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 1123 return(NULL); 1124 } 1125 1126 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1127 { 1128 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1129 goto err; 1130 } 1131 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1132 if (ret == NULL) 1133 goto err; 1134 1135 memset(ret,0,sizeof(SSL_CTX)); 1136 1137 ret->method=meth; 1138 1139 ret->cert_store=NULL; 1140 ret->session_cache_mode=SSL_SESS_CACHE_SERVER; 1141 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1142 ret->session_cache_head=NULL; 1143 ret->session_cache_tail=NULL; 1144 1145 /* We take the system default */ 1146 ret->session_timeout=meth->get_timeout(); 1147 1148 ret->new_session_cb=NULL; 1149 ret->remove_session_cb=NULL; 1150 ret->get_session_cb=NULL; 1151 1152 memset((char *)&ret->stats,0,sizeof(ret->stats)); 1153 1154 ret->references=1; 1155 ret->quiet_shutdown=0; 1156 1157 /* ret->cipher=NULL;*/ 1158 /* ret->s2->challenge=NULL; 1159 ret->master_key=NULL; 1160 ret->key_arg=NULL; 1161 ret->s2->conn_id=NULL; */ 1162 1163 ret->info_callback=NULL; 1164 1165 ret->app_verify_callback=NULL; 1166 ret->app_verify_arg=NULL; 1167 1168 ret->read_ahead=0; 1169 ret->verify_mode=SSL_VERIFY_NONE; 1170 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ 1171 ret->default_verify_callback=NULL; 1172 if ((ret->cert=ssl_cert_new()) == NULL) 1173 goto err; 1174 1175 ret->default_passwd_callback=NULL; 1176 ret->default_passwd_callback_userdata=NULL; 1177 ret->client_cert_cb=NULL; 1178 1179 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); 1180 if (ret->sessions == NULL) goto err; 1181 ret->cert_store=X509_STORE_new(); 1182 if (ret->cert_store == NULL) goto err; 1183 1184 ssl_create_cipher_list(ret->method, 1185 &ret->cipher_list,&ret->cipher_list_by_id, 1186 SSL_DEFAULT_CIPHER_LIST); 1187 if (ret->cipher_list == NULL 1188 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) 1189 { 1190 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); 1191 goto err2; 1192 } 1193 1194 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) 1195 { 1196 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); 1197 goto err2; 1198 } 1199 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) 1200 { 1201 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1202 goto err2; 1203 } 1204 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) 1205 { 1206 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1207 goto err2; 1208 } 1209 1210 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) 1211 goto err; 1212 1213 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data); 1214 1215 ret->extra_certs=NULL; 1216 ret->comp_methods=SSL_COMP_get_compression_methods(); 1217 1218 return(ret); 1219 err: 1220 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1221 err2: 1222 if (ret != NULL) SSL_CTX_free(ret); 1223 return(NULL); 1224 } 1225 1226 static void SSL_COMP_free(SSL_COMP *comp) 1227 { OPENSSL_free(comp); } 1228 1229 void SSL_CTX_free(SSL_CTX *a) 1230 { 1231 int i; 1232 1233 if (a == NULL) return; 1234 1235 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); 1236 #ifdef REF_PRINT 1237 REF_PRINT("SSL_CTX",a); 1238 #endif 1239 if (i > 0) return; 1240 #ifdef REF_CHECK 1241 if (i < 0) 1242 { 1243 fprintf(stderr,"SSL_CTX_free, bad reference count\n"); 1244 abort(); /* ok */ 1245 } 1246 #endif 1247 CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); 1248 1249 if (a->sessions != NULL) 1250 { 1251 SSL_CTX_flush_sessions(a,0); 1252 lh_free(a->sessions); 1253 } 1254 if (a->cert_store != NULL) 1255 X509_STORE_free(a->cert_store); 1256 if (a->cipher_list != NULL) 1257 sk_SSL_CIPHER_free(a->cipher_list); 1258 if (a->cipher_list_by_id != NULL) 1259 sk_SSL_CIPHER_free(a->cipher_list_by_id); 1260 if (a->cert != NULL) 1261 ssl_cert_free(a->cert); 1262 if (a->client_CA != NULL) 1263 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); 1264 if (a->extra_certs != NULL) 1265 sk_X509_pop_free(a->extra_certs,X509_free); 1266 if (a->comp_methods != NULL) 1267 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); 1268 OPENSSL_free(a); 1269 } 1270 1271 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 1272 { 1273 ctx->default_passwd_callback=cb; 1274 } 1275 1276 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) 1277 { 1278 ctx->default_passwd_callback_userdata=u; 1279 } 1280 1281 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg) 1282 { 1283 /* now 1284 * int (*cb)(X509_STORE_CTX *), 1285 * but should be 1286 * int (*cb)(X509_STORE_CTX *, void *arg) 1287 */ 1288 ctx->app_verify_callback=cb; 1289 ctx->app_verify_arg=arg; /* never used */ 1290 } 1291 1292 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) 1293 { 1294 ctx->verify_mode=mode; 1295 ctx->default_verify_callback=cb; 1296 } 1297 1298 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) 1299 { 1300 ctx->verify_depth=depth; 1301 } 1302 1303 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) 1304 { 1305 CERT_PKEY *cpk; 1306 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 1307 int rsa_enc_export,dh_rsa_export,dh_dsa_export; 1308 int rsa_tmp_export,dh_tmp_export,kl; 1309 unsigned long mask,emask; 1310 1311 if (c == NULL) return; 1312 1313 kl=SSL_C_EXPORT_PKEYLENGTH(cipher); 1314 1315 #ifndef NO_RSA 1316 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 1317 rsa_tmp_export=(c->rsa_tmp_cb != NULL || 1318 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); 1319 #else 1320 rsa_tmp=rsa_tmp_export=0; 1321 #endif 1322 #ifndef NO_DH 1323 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1324 dh_tmp_export=(c->dh_tmp_cb != NULL || 1325 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); 1326 #else 1327 dh_tmp=dh_tmp_export=0; 1328 #endif 1329 1330 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); 1331 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); 1332 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 1333 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); 1334 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 1335 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); 1336 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 1337 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); 1338 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 1339 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 1340 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); 1341 /* FIX THIS EAY EAY EAY */ 1342 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 1343 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 1344 1345 mask=0; 1346 emask=0; 1347 1348 #ifdef CIPHER_DEBUG 1349 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 1350 rsa_tmp,rsa_tmp_export,dh_tmp, 1351 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 1352 #endif 1353 1354 if (rsa_enc || (rsa_tmp && rsa_sign)) 1355 mask|=SSL_kRSA; 1356 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 1357 emask|=SSL_kRSA; 1358 1359 #if 0 1360 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 1361 if ( (dh_tmp || dh_rsa || dh_dsa) && 1362 (rsa_enc || rsa_sign || dsa_sign)) 1363 mask|=SSL_kEDH; 1364 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 1365 (rsa_enc || rsa_sign || dsa_sign)) 1366 emask|=SSL_kEDH; 1367 #endif 1368 1369 if (dh_tmp_export) 1370 emask|=SSL_kEDH; 1371 1372 if (dh_tmp) 1373 mask|=SSL_kEDH; 1374 1375 if (dh_rsa) mask|=SSL_kDHr; 1376 if (dh_rsa_export) emask|=SSL_kDHr; 1377 1378 if (dh_dsa) mask|=SSL_kDHd; 1379 if (dh_dsa_export) emask|=SSL_kDHd; 1380 1381 if (rsa_enc || rsa_sign) 1382 { 1383 mask|=SSL_aRSA; 1384 emask|=SSL_aRSA; 1385 } 1386 1387 if (dsa_sign) 1388 { 1389 mask|=SSL_aDSS; 1390 emask|=SSL_aDSS; 1391 } 1392 1393 mask|=SSL_aNULL; 1394 emask|=SSL_aNULL; 1395 1396 c->mask=mask; 1397 c->export_mask=emask; 1398 c->valid=1; 1399 } 1400 1401 /* THIS NEEDS CLEANING UP */ 1402 X509 *ssl_get_server_send_cert(SSL *s) 1403 { 1404 unsigned long alg,mask,kalg; 1405 CERT *c; 1406 int i,is_export; 1407 1408 c=s->cert; 1409 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 1410 alg=s->s3->tmp.new_cipher->algorithms; 1411 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 1412 mask=is_export?c->export_mask:c->mask; 1413 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); 1414 1415 if (kalg & SSL_kDHr) 1416 i=SSL_PKEY_DH_RSA; 1417 else if (kalg & SSL_kDHd) 1418 i=SSL_PKEY_DH_DSA; 1419 else if (kalg & SSL_aDSS) 1420 i=SSL_PKEY_DSA_SIGN; 1421 else if (kalg & SSL_aRSA) 1422 { 1423 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 1424 i=SSL_PKEY_RSA_SIGN; 1425 else 1426 i=SSL_PKEY_RSA_ENC; 1427 } 1428 else /* if (kalg & SSL_aNULL) */ 1429 { 1430 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR); 1431 return(NULL); 1432 } 1433 if (c->pkeys[i].x509 == NULL) return(NULL); 1434 return(c->pkeys[i].x509); 1435 } 1436 1437 EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) 1438 { 1439 unsigned long alg; 1440 CERT *c; 1441 1442 alg=cipher->algorithms; 1443 c=s->cert; 1444 1445 if ((alg & SSL_aDSS) && 1446 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 1447 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey); 1448 else if (alg & SSL_aRSA) 1449 { 1450 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 1451 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey); 1452 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 1453 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey); 1454 else 1455 return(NULL); 1456 } 1457 else /* if (alg & SSL_aNULL) */ 1458 { 1459 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR); 1460 return(NULL); 1461 } 1462 } 1463 1464 void ssl_update_cache(SSL *s,int mode) 1465 { 1466 int i; 1467 1468 /* If the session_id_length is 0, we are not supposed to cache it, 1469 * and it would be rather hard to do anyway :-) */ 1470 if (s->session->session_id_length == 0) return; 1471 1472 if ((s->ctx->session_cache_mode & mode) 1473 && (!s->hit) 1474 && SSL_CTX_add_session(s->ctx,s->session) 1475 && (s->ctx->new_session_cb != NULL)) 1476 { 1477 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 1478 if (!s->ctx->new_session_cb(s,s->session)) 1479 SSL_SESSION_free(s->session); 1480 } 1481 1482 /* auto flush every 255 connections */ 1483 i=s->ctx->session_cache_mode; 1484 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 1485 ((i & mode) == mode)) 1486 { 1487 if ( (((mode & SSL_SESS_CACHE_CLIENT) 1488 ?s->ctx->stats.sess_connect_good 1489 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) 1490 { 1491 SSL_CTX_flush_sessions(s->ctx,time(NULL)); 1492 } 1493 } 1494 } 1495 1496 SSL_METHOD *SSL_get_ssl_method(SSL *s) 1497 { 1498 return(s->method); 1499 } 1500 1501 int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) 1502 { 1503 int conn= -1; 1504 int ret=1; 1505 1506 if (s->method != meth) 1507 { 1508 if (s->handshake_func != NULL) 1509 conn=(s->handshake_func == s->method->ssl_connect); 1510 1511 if (s->method->version == meth->version) 1512 s->method=meth; 1513 else 1514 { 1515 s->method->ssl_free(s); 1516 s->method=meth; 1517 ret=s->method->ssl_new(s); 1518 } 1519 1520 if (conn == 1) 1521 s->handshake_func=meth->ssl_connect; 1522 else if (conn == 0) 1523 s->handshake_func=meth->ssl_accept; 1524 } 1525 return(ret); 1526 } 1527 1528 int SSL_get_error(SSL *s,int i) 1529 { 1530 int reason; 1531 unsigned long l; 1532 BIO *bio; 1533 1534 if (i > 0) return(SSL_ERROR_NONE); 1535 1536 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 1537 * etc, where we do encode the error */ 1538 if ((l=ERR_peek_error()) != 0) 1539 { 1540 if (ERR_GET_LIB(l) == ERR_LIB_SYS) 1541 return(SSL_ERROR_SYSCALL); 1542 else 1543 return(SSL_ERROR_SSL); 1544 } 1545 1546 if ((i < 0) && SSL_want_read(s)) 1547 { 1548 bio=SSL_get_rbio(s); 1549 if (BIO_should_read(bio)) 1550 return(SSL_ERROR_WANT_READ); 1551 else if (BIO_should_write(bio)) 1552 /* This one doesn't make too much sense ... We never try 1553 * to write to the rbio, and an application program where 1554 * rbio and wbio are separate couldn't even know what it 1555 * should wait for. 1556 * However if we ever set s->rwstate incorrectly 1557 * (so that we have SSL_want_read(s) instead of 1558 * SSL_want_write(s)) and rbio and wbio *are* the same, 1559 * this test works around that bug; so it might be safer 1560 * to keep it. */ 1561 return(SSL_ERROR_WANT_WRITE); 1562 else if (BIO_should_io_special(bio)) 1563 { 1564 reason=BIO_get_retry_reason(bio); 1565 if (reason == BIO_RR_CONNECT) 1566 return(SSL_ERROR_WANT_CONNECT); 1567 else 1568 return(SSL_ERROR_SYSCALL); /* unknown */ 1569 } 1570 } 1571 1572 if ((i < 0) && SSL_want_write(s)) 1573 { 1574 bio=SSL_get_wbio(s); 1575 if (BIO_should_write(bio)) 1576 return(SSL_ERROR_WANT_WRITE); 1577 else if (BIO_should_read(bio)) 1578 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 1579 return(SSL_ERROR_WANT_READ); 1580 else if (BIO_should_io_special(bio)) 1581 { 1582 reason=BIO_get_retry_reason(bio); 1583 if (reason == BIO_RR_CONNECT) 1584 return(SSL_ERROR_WANT_CONNECT); 1585 else 1586 return(SSL_ERROR_SYSCALL); 1587 } 1588 } 1589 if ((i < 0) && SSL_want_x509_lookup(s)) 1590 { 1591 return(SSL_ERROR_WANT_X509_LOOKUP); 1592 } 1593 1594 if (i == 0) 1595 { 1596 if (s->version == SSL2_VERSION) 1597 { 1598 /* assume it is the socket being closed */ 1599 return(SSL_ERROR_ZERO_RETURN); 1600 } 1601 else 1602 { 1603 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 1604 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 1605 return(SSL_ERROR_ZERO_RETURN); 1606 } 1607 } 1608 return(SSL_ERROR_SYSCALL); 1609 } 1610 1611 int SSL_do_handshake(SSL *s) 1612 { 1613 int ret=1; 1614 1615 if (s->handshake_func == NULL) 1616 { 1617 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); 1618 return(-1); 1619 } 1620 1621 s->method->ssl_renegotiate_check(s); 1622 1623 if (SSL_in_init(s) || SSL_in_before(s)) 1624 { 1625 ret=s->handshake_func(s); 1626 } 1627 return(ret); 1628 } 1629 1630 /* For the next 2 functions, SSL_clear() sets shutdown and so 1631 * one of these calls will reset it */ 1632 void SSL_set_accept_state(SSL *s) 1633 { 1634 s->server=1; 1635 s->shutdown=0; 1636 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; 1637 s->handshake_func=s->method->ssl_accept; 1638 /* clear the current cipher */ 1639 ssl_clear_cipher_ctx(s); 1640 } 1641 1642 void SSL_set_connect_state(SSL *s) 1643 { 1644 s->server=0; 1645 s->shutdown=0; 1646 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; 1647 s->handshake_func=s->method->ssl_connect; 1648 /* clear the current cipher */ 1649 ssl_clear_cipher_ctx(s); 1650 } 1651 1652 int ssl_undefined_function(SSL *s) 1653 { 1654 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1655 return(0); 1656 } 1657 1658 SSL_METHOD *ssl_bad_method(int ver) 1659 { 1660 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1661 return(NULL); 1662 } 1663 1664 const char *SSL_get_version(SSL *s) 1665 { 1666 if (s->version == TLS1_VERSION) 1667 return("TLSv1"); 1668 else if (s->version == SSL3_VERSION) 1669 return("SSLv3"); 1670 else if (s->version == SSL2_VERSION) 1671 return("SSLv2"); 1672 else 1673 return("unknown"); 1674 } 1675 1676 SSL *SSL_dup(SSL *s) 1677 { 1678 STACK_OF(X509_NAME) *sk; 1679 X509_NAME *xn; 1680 SSL *ret; 1681 int i; 1682 1683 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 1684 return(NULL); 1685 1686 if (s->session != NULL) 1687 { 1688 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 1689 SSL_copy_session_id(ret,s); 1690 } 1691 else 1692 { 1693 /* No session has been established yet, so we have to expect 1694 * that s->cert or ret->cert will be changed later -- 1695 * they should not both point to the same object, 1696 * and thus we can't use SSL_copy_session_id. */ 1697 1698 ret->method = s->method; 1699 ret->method->ssl_new(ret); 1700 1701 if (s->cert != NULL) 1702 { 1703 if (ret->cert != NULL) 1704 { 1705 ssl_cert_free(ret->cert); 1706 } 1707 ret->cert = ssl_cert_dup(s->cert); 1708 if (ret->cert == NULL) 1709 goto err; 1710 } 1711 1712 SSL_set_session_id_context(ret, 1713 s->sid_ctx, s->sid_ctx_length); 1714 } 1715 1716 SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 1717 SSL_set_verify(ret,SSL_get_verify_mode(s), 1718 SSL_get_verify_callback(s)); 1719 SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); 1720 1721 SSL_set_info_callback(ret,SSL_get_info_callback(s)); 1722 1723 ret->debug=s->debug; 1724 ret->options=s->options; 1725 1726 /* copy app data, a little dangerous perhaps */ 1727 if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data)) 1728 goto err; 1729 1730 /* setup rbio, and wbio */ 1731 if (s->rbio != NULL) 1732 { 1733 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 1734 goto err; 1735 } 1736 if (s->wbio != NULL) 1737 { 1738 if (s->wbio != s->rbio) 1739 { 1740 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 1741 goto err; 1742 } 1743 else 1744 ret->wbio=ret->rbio; 1745 } 1746 1747 /* dup the cipher_list and cipher_list_by_id stacks */ 1748 if (s->cipher_list != NULL) 1749 { 1750 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 1751 goto err; 1752 } 1753 if (s->cipher_list_by_id != NULL) 1754 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 1755 == NULL) 1756 goto err; 1757 1758 /* Dup the client_CA list */ 1759 if (s->client_CA != NULL) 1760 { 1761 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; 1762 ret->client_CA=sk; 1763 for (i=0; i<sk_X509_NAME_num(sk); i++) 1764 { 1765 xn=sk_X509_NAME_value(sk,i); 1766 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) 1767 { 1768 X509_NAME_free(xn); 1769 goto err; 1770 } 1771 } 1772 } 1773 1774 ret->shutdown=s->shutdown; 1775 ret->state=s->state; 1776 ret->handshake_func=s->handshake_func; 1777 ret->server=s->server; 1778 1779 if (0) 1780 { 1781 err: 1782 if (ret != NULL) SSL_free(ret); 1783 ret=NULL; 1784 } 1785 return(ret); 1786 } 1787 1788 void ssl_clear_cipher_ctx(SSL *s) 1789 { 1790 if (s->enc_read_ctx != NULL) 1791 { 1792 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 1793 OPENSSL_free(s->enc_read_ctx); 1794 s->enc_read_ctx=NULL; 1795 } 1796 if (s->enc_write_ctx != NULL) 1797 { 1798 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 1799 OPENSSL_free(s->enc_write_ctx); 1800 s->enc_write_ctx=NULL; 1801 } 1802 if (s->expand != NULL) 1803 { 1804 COMP_CTX_free(s->expand); 1805 s->expand=NULL; 1806 } 1807 if (s->compress != NULL) 1808 { 1809 COMP_CTX_free(s->compress); 1810 s->compress=NULL; 1811 } 1812 } 1813 1814 /* Fix this function so that it takes an optional type parameter */ 1815 X509 *SSL_get_certificate(SSL *s) 1816 { 1817 if (s->cert != NULL) 1818 return(s->cert->key->x509); 1819 else 1820 return(NULL); 1821 } 1822 1823 /* Fix this function so that it takes an optional type parameter */ 1824 EVP_PKEY *SSL_get_privatekey(SSL *s) 1825 { 1826 if (s->cert != NULL) 1827 return(s->cert->key->privatekey); 1828 else 1829 return(NULL); 1830 } 1831 1832 SSL_CIPHER *SSL_get_current_cipher(SSL *s) 1833 { 1834 if ((s->session != NULL) && (s->session->cipher != NULL)) 1835 return(s->session->cipher); 1836 return(NULL); 1837 } 1838 1839 int ssl_init_wbio_buffer(SSL *s,int push) 1840 { 1841 BIO *bbio; 1842 1843 if (s->bbio == NULL) 1844 { 1845 bbio=BIO_new(BIO_f_buffer()); 1846 if (bbio == NULL) return(0); 1847 s->bbio=bbio; 1848 } 1849 else 1850 { 1851 bbio=s->bbio; 1852 if (s->bbio == s->wbio) 1853 s->wbio=BIO_pop(s->wbio); 1854 } 1855 (void)BIO_reset(bbio); 1856 /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 1857 if (!BIO_set_read_buffer_size(bbio,1)) 1858 { 1859 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); 1860 return(0); 1861 } 1862 if (push) 1863 { 1864 if (s->wbio != bbio) 1865 s->wbio=BIO_push(bbio,s->wbio); 1866 } 1867 else 1868 { 1869 if (s->wbio == bbio) 1870 s->wbio=BIO_pop(bbio); 1871 } 1872 return(1); 1873 } 1874 1875 void ssl_free_wbio_buffer(SSL *s) 1876 { 1877 if (s->bbio == NULL) return; 1878 1879 if (s->bbio == s->wbio) 1880 { 1881 /* remove buffering */ 1882 s->wbio=BIO_pop(s->wbio); 1883 #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ 1884 assert(s->wbio != NULL); 1885 #endif 1886 } 1887 BIO_free(s->bbio); 1888 s->bbio=NULL; 1889 } 1890 1891 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) 1892 { 1893 ctx->quiet_shutdown=mode; 1894 } 1895 1896 int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx) 1897 { 1898 return(ctx->quiet_shutdown); 1899 } 1900 1901 void SSL_set_quiet_shutdown(SSL *s,int mode) 1902 { 1903 s->quiet_shutdown=mode; 1904 } 1905 1906 int SSL_get_quiet_shutdown(SSL *s) 1907 { 1908 return(s->quiet_shutdown); 1909 } 1910 1911 void SSL_set_shutdown(SSL *s,int mode) 1912 { 1913 s->shutdown=mode; 1914 } 1915 1916 int SSL_get_shutdown(SSL *s) 1917 { 1918 return(s->shutdown); 1919 } 1920 1921 int SSL_version(SSL *s) 1922 { 1923 return(s->version); 1924 } 1925 1926 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl) 1927 { 1928 return(ssl->ctx); 1929 } 1930 1931 #ifndef NO_STDIO 1932 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 1933 { 1934 return(X509_STORE_set_default_paths(ctx->cert_store)); 1935 } 1936 1937 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 1938 const char *CApath) 1939 { 1940 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); 1941 } 1942 #endif 1943 1944 void SSL_set_info_callback(SSL *ssl,void (*cb)()) 1945 { 1946 ssl->info_callback=cb; 1947 } 1948 1949 void (*SSL_get_info_callback(SSL *ssl))(void) 1950 { 1951 return((void (*)())ssl->info_callback); 1952 } 1953 1954 int SSL_state(SSL *ssl) 1955 { 1956 return(ssl->state); 1957 } 1958 1959 void SSL_set_verify_result(SSL *ssl,long arg) 1960 { 1961 ssl->verify_result=arg; 1962 } 1963 1964 long SSL_get_verify_result(SSL *ssl) 1965 { 1966 return(ssl->verify_result); 1967 } 1968 1969 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 1970 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 1971 { 1972 ssl_meth_num++; 1973 return(CRYPTO_get_ex_new_index(ssl_meth_num-1, 1974 &ssl_meth,argl,argp,new_func,dup_func,free_func)); 1975 } 1976 1977 int SSL_set_ex_data(SSL *s,int idx,void *arg) 1978 { 1979 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 1980 } 1981 1982 void *SSL_get_ex_data(SSL *s,int idx) 1983 { 1984 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 1985 } 1986 1987 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 1988 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 1989 { 1990 ssl_ctx_meth_num++; 1991 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1, 1992 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func)); 1993 } 1994 1995 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) 1996 { 1997 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 1998 } 1999 2000 void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx) 2001 { 2002 return(CRYPTO_get_ex_data(&s->ex_data,idx)); 2003 } 2004 2005 int ssl_ok(SSL *s) 2006 { 2007 return(1); 2008 } 2009 2010 X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx) 2011 { 2012 return(ctx->cert_store); 2013 } 2014 2015 void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) 2016 { 2017 if (ctx->cert_store != NULL) 2018 X509_STORE_free(ctx->cert_store); 2019 ctx->cert_store=store; 2020 } 2021 2022 int SSL_want(SSL *s) 2023 { 2024 return(s->rwstate); 2025 } 2026 2027 /*! 2028 * \brief Set the callback for generating temporary RSA keys. 2029 * \param ctx the SSL context. 2030 * \param cb the callback 2031 */ 2032 2033 #ifndef NO_RSA 2034 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, 2035 int is_export, 2036 int keylength)) 2037 { 2038 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); 2039 } 2040 2041 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, 2042 int is_export, 2043 int keylength)) 2044 { 2045 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); 2046 } 2047 #endif 2048 2049 #ifdef DOXYGEN 2050 /*! 2051 * \brief The RSA temporary key callback function. 2052 * \param ssl the SSL session. 2053 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. 2054 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size 2055 * of the required key in bits. 2056 * \return the temporary RSA key. 2057 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 2058 */ 2059 2060 RSA *cb(SSL *ssl,int is_export,int keylength) 2061 {} 2062 #endif 2063 2064 /*! 2065 * \brief Set the callback for generating temporary DH keys. 2066 * \param ctx the SSL context. 2067 * \param dh the callback 2068 */ 2069 2070 #ifndef NO_DH 2071 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 2072 int keylength)) 2073 { 2074 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); 2075 } 2076 2077 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 2078 int keylength)) 2079 { 2080 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); 2081 } 2082 #endif 2083 2084 #if defined(_WINDLL) && defined(WIN16) 2085 #include "../crypto/bio/bss_file.c" 2086 #endif 2087 2088 IMPLEMENT_STACK_OF(SSL_CIPHER) 2089 IMPLEMENT_STACK_OF(SSL_COMP) 2090