1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! \file ssl/ssl_lib.c 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \brief Version independent SSL functions. 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 61221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECC cipher suite support in OpenSSL originally developed by 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright 2005 Nokia. All rights reserved. 120221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 121221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The portions of the attached software ("Contribution") is developed by 122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation and is licensed pursuant to the OpenSSL open source 123221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * license. 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The Contribution, originally written by Mika Kousa and Pasi Eronen of 126221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * support (see RFC 4279) to OpenSSL. 128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No patent licenses or other rights except those expressly stated in 130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the OpenSSL open source license shall be deemed granted or received 131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * expressly, by implication, estoppel, or otherwise. 132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No assurances are provided by Nokia that the Contribution does not 134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * infringe the patent or other intellectual property rights of any third 135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * party or that the license provides you with all the necessary rights 136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * to make use of the Contribution. 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHERWISE. 143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# include <assert.h> 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ssl_locl.h" 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "kssl_lcl.h" 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/lhash.h> 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509v3.h> 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/dh.h> 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 159e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_ENGINE 160e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#include <openssl/engine.h> 161e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char *SSL_version_str=OPENSSL_VERSION_TEXT; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL3_ENC_METHOD ssl3_undef_enc_method={ 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* evil casts, but these functions are only called if there's a library bug */ 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (int (*)(SSL *,int))ssl_undefined_function, 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_undefined_function, 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (int (*)(SSL*, int))ssl_undefined_function, 172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function, 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* finish_mac_length */ 174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (int (*)(SSL *, int, unsigned char *))ssl_undefined_function, 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, /* client_finished_label */ 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* client_finished_label_len */ 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, /* server_finished_label */ 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* server_finished_label_len */ 179392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (int (*)(int))ssl_undefined_function, 180392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (int (*)(SSL *, unsigned char *, size_t, const char *, 181392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom size_t, const unsigned char *, size_t, 182392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int use_context)) ssl_undefined_function, 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_clear(SSL *s) 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->method == NULL) 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl_clear_bad_session(s)) 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION_free(s->session); 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session=NULL; 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->error=0; 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->hit=0; 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* Disabled since version 1.10 of this file (early return not 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * needed because SSL_clear is not called when doing renegotiation) */ 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This is set if we are doing dynamic renegotiation so keep 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the old cipher. It is sort of a SSL_clear_lite :-) */ 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate) return(1); 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate) 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->type=0; 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->version=s->method->version; 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->client_version=s->version; 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rwstate=SSL_NOTHING; 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rstate=SSL_ST_READ_HEADER; 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->read_ahead=s->ctx->read_ahead; 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf != NULL) 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_MEM_free(s->init_buf); 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->init_buf=NULL; 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_clear_cipher_ctx(s); 236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->read_hash); 237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->write_hash); 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->first_packet=0; 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check to see if we were changed into a different method, if 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so, revert back if we are not doing session-id reuse. */ 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_free(s); 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=s->ctx->method; 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->method->ssl_new(s)) 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_clear(s); 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** Used to change an SSL_CTXs default SSL method type */ 258221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->method=meth; 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &(ctx->cipher_list_by_id), 266221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL *SSL_new(SSL_CTX *ctx) 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL *s; 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx->method == NULL) 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s=(SSL *)OPENSSL_malloc(sizeof(SSL)); 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s == NULL) goto err; 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(s,0,sizeof(SSL)); 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->kssl_ctx = kssl_ctx_new(); 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->options=ctx->options; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->mode=ctx->mode; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list=ctx->max_cert_list; 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx->cert != NULL) 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Earlier library versions used to copy the pointer to 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the CERT, not its contents; only when setting new 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * parameters for the per-SSL copy, ssl_cert_new would be 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * called (and the direct reference to the per-SSL_CTX 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * settings would be lost, but those still were indirectly 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * accessed for various purposes, and for that reason they 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * used to be known as s->ctx->default_cert). 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Now we don't look at the SSL_CTX's CERT after having 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * duplicated it once. */ 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->cert = ssl_cert_dup(ctx->cert); 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert == NULL) 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->read_ahead=ctx->read_ahead; 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback=ctx->msg_callback; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback_arg=ctx->msg_callback_arg; 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_mode=ctx->verify_mode; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_depth=ctx->verify_depth; 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->sid_ctx_length=ctx->sid_ctx_length; 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_callback=ctx->default_verify_callback; 332fd113c07c3c2a6b07f8ab69dfae7d104e769f469Brian Carlstrom s->session_creation_enabled=1; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->generate_session_id=ctx->generate_session_id; 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->param = X509_VERIFY_PARAM_new(); 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->param) 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_inherit(s->param, ctx->param); 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->purpose = ctx->purpose; 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->trust = ctx->trust; 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->quiet_shutdown=ctx->quiet_shutdown; 344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->max_send_fragment = ctx->max_send_fragment; 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->ctx=ctx; 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_cb = 0; 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_debug_arg = NULL; 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ticket_expected = 0; 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_type = -1; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_status_expected = 0; 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_ids = NULL; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_exts = NULL; 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resp = NULL; 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_ocsp_resplen = -1; 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->initial_ctx=ctx; 360bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 361bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen s->next_proto_negotiated = NULL; 362bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_result=X509_V_OK; 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=ctx->method; 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s->method->ssl_new(s)) 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->references=1; 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_clear(s); 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->psk_client_callback=ctx->psk_client_callback; 381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->psk_server_callback=ctx->psk_server_callback; 382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s); 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s != NULL) 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert != NULL) 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_cert_free(s->cert); 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->ctx != NULL) 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_free(s->ctx); /* decrement reference count */ 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s); 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int sid_ctx_len) 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(sid_ctx_len > sizeof ctx->sid_ctx) 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->sid_ctx_length=sid_ctx_len; 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int sid_ctx_len) 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->sid_ctx_length=sid_ctx_len; 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->generate_session_id = cb; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_SSL); 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->generate_session_id = cb; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int id_len) 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * we can "construct" a session to give us the desired check - ie. to 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * find if there's a session in the hash table that would conflict with 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * any new session built out of this id/id_len and the ssl_version in 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * use by this SSL. */ 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION r, *p; 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(id_len > sizeof r.session_id) 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r.ssl_version = ssl->version; 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r.session_id_length = id_len; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(r.session_id, id, id_len); 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * callback is calling us to check the uniqueness of a shorter ID, it 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must be compared as a padded-out ID because that is what it will be 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * converted to when the callback has finished choosing it. */ 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((r.ssl_version == SSL2_VERSION) && 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (id_len < SSL2_SSL_SESSION_ID_LENGTH)) 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(r.session_id + id_len, 0, 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL2_SSL_SESSION_ID_LENGTH - id_len); 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 471221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return (p != NULL); 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_purpose(SSL_CTX *s, int purpose) 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_purpose(SSL *s, int purpose) 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_set_purpose(s->param, purpose); 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_trust(SSL_CTX *s, int trust) 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_set_trust(s->param, trust); 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_trust(SSL *s, int trust) 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_set_trust(s->param, trust); 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 496221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) 497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return X509_VERIFY_PARAM_set1(ctx->param, vpm); 499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) 502221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 503221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return X509_VERIFY_PARAM_set1(ssl->param, vpm); 504221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 505221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_free(SSL *s) 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(s == NULL) 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_PRINT 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project REF_PRINT("SSL",s); 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > 0) return; 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"SSL_free, bad reference count\n"); 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project abort(); /* ok */ 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->param) 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_free(s->param); 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio != NULL) 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If the buffering BIO is in place, pop it off */ 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio == s->wbio) 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_pop(s->wbio); 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(s->bbio); 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->bbio=NULL; 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->rbio != NULL) 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(s->rbio); 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->wbio != NULL) && (s->wbio != s->rbio)) 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(s->wbio); 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* add extra stuff */ 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Make the next call work :-) */ 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session != NULL) 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_clear_bad_session(s); 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION_free(s->session); 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_clear_cipher_ctx(s); 560221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->read_hash); 561221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->write_hash); 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert != NULL) ssl_cert_free(s->cert); 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Free up if allocated */ 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 567e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (s->tlsext_hostname) 568e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu OPENSSL_free(s->tlsext_hostname); 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); 570221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 571221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_EC */ 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_exts) 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION_free); 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_ids) 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->tlsext_ocsp_resp) 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->tlsext_ocsp_resp); 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 583221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->client_CA != NULL) 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->method != NULL) s->method->ssl_free(s); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 58998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->ctx) SSL_CTX_free(s->ctx); 59098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->kssl_ctx != NULL) 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kssl_ctx_free(s->kssl_ctx); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 596bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 597bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (s->next_proto_negotiated) 598bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen OPENSSL_free(s->next_proto_negotiated); 599bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 600bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 601392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srtp_profiles) 602392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); 603392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If the output buffering BIO is still in place, remove it 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio != NULL) 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->wbio == s->bbio) 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=s->wbio->next_bio; 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->bbio->next_bio=NULL; 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->rbio != NULL) && (s->rbio != rbio)) 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(s->rbio); 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(s->wbio); 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rbio=rbio; 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=wbio; 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectBIO *SSL_get_rbio(const SSL *s) 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { return(s->rbio); } 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectBIO *SSL_get_wbio(const SSL *s) 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { return(s->wbio); } 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_fd(const SSL *s) 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_get_rfd(s)); 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_rfd(const SSL *s) 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *b,*r; 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b=SSL_get_rbio(s); 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != NULL) 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_get_fd(r,&ret); 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_wfd(const SSL *s) 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret= -1; 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *b,*r; 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b=SSL_get_wbio(s); 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != NULL) 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_get_fd(r,&ret); 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SOCK 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_fd(SSL *s,int fd) 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio=NULL; 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio=BIO_new(BIO_s_socket()); 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio == NULL) 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fd(bio,fd,BIO_NOCLOSE); 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(s,bio,bio); 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_wfd(SSL *s,int fd) 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio=NULL; 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || ((int)BIO_get_fd(s->rbio,NULL) != fd)) 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio=BIO_new(BIO_s_socket()); 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio == NULL) 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fd(bio,fd,BIO_NOCLOSE); 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(s,SSL_get_rbio(s),bio); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_rfd(SSL *s,int fd) 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio=NULL; 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || ((int)BIO_get_fd(s->wbio,NULL) != fd)) 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio=BIO_new(BIO_s_socket()); 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio == NULL) 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fd(bio,fd,BIO_NOCLOSE); 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(s,bio,SSL_get_wbio(s)); 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* return length of latest Finished message we sent, copy to 'buf' */ 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectsize_t SSL_get_finished(const SSL *s, void *buf, size_t count) 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t ret = 0; 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3 != NULL) 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->s3->tmp.finish_md_len; 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (count > ret) 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project count = ret; 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(buf, s->s3->tmp.finish_md, count); 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* return length of latest Finished message we expected, copy to 'buf' */ 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t ret = 0; 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->s3 != NULL) 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = s->s3->tmp.peer_finish_md_len; 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (count > ret) 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project count = ret; 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(buf, s->s3->tmp.peer_finish_md, count); 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_verify_mode(const SSL *s) 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->verify_mode); 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_verify_depth(const SSL *s) 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_get_depth(s->param); 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->verify_callback); 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_get_verify_mode(const SSL_CTX *ctx) 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->verify_mode); 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_get_verify_depth(const SSL_CTX *ctx) 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509_VERIFY_PARAM_get_depth(ctx->param); 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->default_verify_callback); 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_verify(SSL *s,int mode, 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int (*callback)(int ok,X509_STORE_CTX *ctx)) 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_mode=mode; 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (callback != NULL) 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->verify_callback=callback; 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_verify_depth(SSL *s,int depth) 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_set_depth(s->param, depth); 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_read_ahead(SSL *s,int yes) 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->read_ahead=yes; 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_read_ahead(const SSL *s) 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->read_ahead); 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_pending(const SSL *s) 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL_pending cannot work properly if read-ahead is enabled 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and it is impossible to fix since SSL_pending cannot report 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * errors that may be observed while scanning the new data. 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (Note that SSL_pending() is often used as a boolean value, 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * so we'd better not return -1.) 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_pending(s)); 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509 *SSL_get_peer_certificate(const SSL *s) 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *r; 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s == NULL) || (s->session == NULL)) 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=NULL; 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=s->session->peer; 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r == NULL) return(r); 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *r; 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=NULL; 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=s->session->sess_cert->cert_chain; 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we are a client, cert_chain includes the peer's own 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certificate; if we are a server, it does not. */ 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Now in theory, since the calling process own 't' it should be safe to 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modify. We need to be able to read f without being hassled */ 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_copy_session_id(SSL *t,const SSL *f) 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT *tmp; 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Do we need to to SSL locking? */ 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_session(t,SSL_get_session(f)); 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* what if we are setup as SSLv2 but want to talk SSLv3 or 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * vice-versa */ 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (t->method != f->method) 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project t->method->ssl_free(t); /* cleanup current */ 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project t->method=f->method; /* change method */ 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project t->method->ssl_new(t); /* setup new */ 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp=t->cert; 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f->cert != NULL) 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project t->cert=f->cert; 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project t->cert=NULL; 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tmp != NULL) ssl_cert_free(tmp); 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Fix this so it checks all the valid key/cert options */ 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_check_private_key(const SSL_CTX *ctx) 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( (ctx == NULL) || 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (ctx->cert == NULL) || 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (ctx->cert->key->x509 == NULL)) 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx->cert->key->privatekey == NULL) 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Fix this function so that it takes an optional type parameter */ 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_check_private_key(const SSL *ssl) 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl == NULL) 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->cert == NULL) 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 916221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->cert->key->x509 == NULL) 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->cert->key->privatekey == NULL) 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_check_private_key(ssl->cert->key->x509, 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->cert->key->privatekey)); 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_accept(SSL *s) 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Not properly initialized yet */ 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_accept_state(s); 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_accept(s)); 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_connect(SSL *s) 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Not properly initialized yet */ 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_connect_state(s); 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_connect(s)); 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_get_default_timeout(const SSL *s) 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->get_timeout()); 954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_read(SSL *s,void *buf,int num) 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rwstate=SSL_NOTHING; 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_read(s,buf,num)); 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_peek(SSL *s,void *buf,int num) 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->shutdown & SSL_RECEIVED_SHUTDOWN) 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_peek(s,buf,num)); 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_write(SSL *s,const void *buf,int num) 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->shutdown & SSL_SENT_SHUTDOWN) 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->rwstate=SSL_NOTHING; 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_write(s,buf,num)); 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_shutdown(SSL *s) 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Note that this function behaves differently from what one might 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * expect. Return values are 0 for no success (yet), 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1 for success; but calling it once is usually not enough, 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * even if blocking I/O is used (see ssl3_shutdown). 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == 0) 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s != NULL) && !SSL_in_init(s)) 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_shutdown(s)); 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_renegotiate(SSL *s) 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1026392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate == 0) 1027392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->renegotiate=1; 1028392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1029392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->new_session=1; 1030392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1031392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return(s->method->ssl_renegotiate(s)); 1032392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1033392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1034392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_renegotiate_abbreviated(SSL *s) 1035392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1036392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate == 0) 1037392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->renegotiate=1; 1038392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1039392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->new_session=0; 1040392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_renegotiate(s)); 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_renegotiate_pending(SSL *s) 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* becomes true when negotiation is requested; 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * false again once a handshake has finished */ 1048392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (s->renegotiate != 0); 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_ctrl(SSL *s,int cmd,long larg,void *parg) 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long l; 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (cmd) 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_READ_AHEAD: 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->read_ahead); 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_READ_AHEAD: 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=s->read_ahead; 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->read_ahead=larg; 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback_arg = parg; 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_OPTIONS: 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->options|=larg); 107098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case SSL_CTRL_CLEAR_OPTIONS: 107198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return(s->options&=~larg); 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_MODE: 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->mode|=larg); 107498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case SSL_CTRL_CLEAR_MODE: 107598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return(s->mode &=~larg); 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_MAX_CERT_LIST: 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->max_cert_list); 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MAX_CERT_LIST: 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=s->max_cert_list; 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->max_cert_list=larg; 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MTU: 10837b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom#ifndef OPENSSL_NO_DTLS1 10847b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (larg < (long)dtls1_min_mtu()) 10857b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom return 0; 10867b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom#endif 10877b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 108898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (SSL_version(s) == DTLS1_VERSION || 108998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_version(s) == DTLS1_BAD_VER) 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->d1->mtu = larg; 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return larg; 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1095221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1096221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1097221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1098221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->max_send_fragment = larg; 1099221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 110098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case SSL_CTRL_GET_RI_SUPPORT: 110198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->s3) 110298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return s->s3->send_connection_binding; 110398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else return 0; 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_ctrl(s,cmd,larg,parg)); 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(cmd) 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MSG_CALLBACK: 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method->ssl_callback_ctrl(s,cmd,fp)); 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ctx->sessions; 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long l; 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (cmd) 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_READ_AHEAD: 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->read_ahead); 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_READ_AHEAD: 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=ctx->read_ahead; 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->read_ahead=larg; 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->msg_callback_arg = parg; 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_MAX_CERT_LIST: 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->max_cert_list); 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MAX_CERT_LIST: 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=ctx->max_cert_list; 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->max_cert_list=larg; 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_SESS_CACHE_SIZE: 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=ctx->session_cache_size; 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->session_cache_size=larg; 1154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_SESS_CACHE_SIZE: 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->session_cache_size); 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_SESS_CACHE_MODE: 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=ctx->session_cache_mode; 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->session_cache_mode=larg; 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_GET_SESS_CACHE_MODE: 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->session_cache_mode); 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_NUMBER: 1165221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return(lh_SSL_SESSION_num_items(ctx->sessions)); 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_CONNECT: 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_connect); 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_CONNECT_GOOD: 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_connect_good); 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_connect_renegotiate); 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_ACCEPT: 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_accept); 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_ACCEPT_GOOD: 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_accept_good); 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_accept_renegotiate); 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_HIT: 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_hit); 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_CB_HIT: 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_cb_hit); 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_MISSES: 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_miss); 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_TIMEOUTS: 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_timeout); 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SESS_CACHE_FULL: 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->stats.sess_cache_full); 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_OPTIONS: 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->options|=larg); 119098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case SSL_CTRL_CLEAR_OPTIONS: 119198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return(ctx->options&=~larg); 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_MODE: 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->mode|=larg); 119498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case SSL_CTRL_CLEAR_MODE: 119598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return(ctx->mode&=~larg); 1196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 1199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx->max_send_fragment = larg; 1200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(cmd) 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_CTRL_SET_MSG_CALLBACK: 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long l; 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=a->id-b->id; 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (l == 0L) 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return((l > 0)?1:-1); 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const SSL_CIPHER * const *bp) 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long l; 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=(*ap)->id-(*bp)->id; 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (l == 0L) 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return((l > 0)?1:-1); 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** return a STACK of the ciphers available for the SSL and in order of 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * preference */ 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s != NULL) 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list != NULL) 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->cipher_list); 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((s->ctx != NULL) && 1253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->ctx->cipher_list != NULL)) 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->ctx->cipher_list); 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** return a STACK of the ciphers available for the SSL and in order of 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * algorithm id */ 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s != NULL) 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list_by_id != NULL) 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->cipher_list_by_id); 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((s->ctx != NULL) && 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->ctx->cipher_list_by_id != NULL)) 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->ctx->cipher_list_by_id); 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** The old interface to get the same thing as SSL_get_ciphers() */ 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char *SSL_get_cipher_list(const SSL *s,int n) 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER *c; 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s == NULL) return(NULL); 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=SSL_get_ciphers(s); 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=sk_SSL_CIPHER_value(sk,n); 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c == NULL) return(NULL); 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(c->name); 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** specify the ciphers to be used by default by the SSL_CTX */ 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ctx->cipher_list_by_id,str); 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ssl_create_cipher_list may return an empty stack if it 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * was unable to find a cipher matching the given rule string 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (for example if the rule string specifies a cipher which 1305221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * has been disabled). This is not an error as far as 1306221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ssl_create_cipher_list is concerned, and hence 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ctx->cipher_list and ctx->cipher_list_by_id has been 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * updated. */ 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk == NULL) 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (sk_SSL_CIPHER_num(sk) == 0) 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** specify the ciphers to be used by the SSL */ 1320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_cipher_list(SSL *s,const char *str) 1321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 1323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &s->cipher_list_by_id,str); 1326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* see comment in SSL_CTX_set_cipher_list */ 1327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk == NULL) 1328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (sk_SSL_CIPHER_num(sk) == 0) 1330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 1333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 1335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1337904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom/** specify the ciphers to be used by the SSL */ 1338904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstromint SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk) 1339904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom { 1340904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom STACK_OF(SSL_CIPHER) *tmp_cipher_list; 1341904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom 1342904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom if (sk == NULL) 1343904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom return 0; 1344904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom 1345904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom /* Based on end of ssl_create_cipher_list */ 1346904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom tmp_cipher_list = sk_SSL_CIPHER_dup(sk); 1347904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom if (tmp_cipher_list == NULL) 1348904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom { 1349904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom return 0; 1350904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom } 1351904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom if (s->cipher_list != NULL) 1352904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom sk_SSL_CIPHER_free(s->cipher_list); 1353904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom s->cipher_list = sk; 1354904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom if (s->cipher_list_by_id != NULL) 1355904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom sk_SSL_CIPHER_free(s->cipher_list_by_id); 1356904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom s->cipher_list_by_id = tmp_cipher_list; 1357904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1358904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom 1359904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom sk_SSL_CIPHER_sort(s->cipher_list_by_id); 1360904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom return 1; 1361904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom } 1362904c5bb06deb8e0b17c3673c0ceb7d80420c16f3Brian Carlstrom 1363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* works well for SSLv2, not so good for SSLv3 */ 1364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectchar *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) 1365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *p; 1367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 1368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER *c; 1369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 1370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->session == NULL) || (s->session->ciphers == NULL) || 1372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (len < 2)) 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=buf; 1376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=s->session->ciphers; 1377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int n; 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=sk_SSL_CIPHER_value(sk,i); 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=strlen(c->name); 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n+1 > len) 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p != buf) 1386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project --p; 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p='\0'; 1388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return buf; 1389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strcpy(p,c->name); 1391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=n; 1392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(p++)=':'; 1393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len-=n+1; 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p[-1]='\0'; 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(buf); 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 1400221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,j=0; 1403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER *c; 1404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *q; 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 1406221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk == NULL) return(0); 1410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q=p; 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=sk_SSL_CIPHER_value(sk,i); 1415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((c->algorithm_ssl & SSL_TLSV1_2) && 1417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom continue; 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 1420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && 1421221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom nokrb5) 1422221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_KRB5 */ 1424221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1425221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* with PSK there must be client callback set */ 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->psk_client_callback == NULL) 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif /* OPENSSL_NO_PSK */ 1430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); 1431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=j; 1432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 143398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* If p == q, no ciphers and caller indicates an error. Otherwise 143498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * add SCSV if not renegotiating. 143598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 1436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p != q && !s->renegotiate) 143798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 143898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom static SSL_CIPHER scsv = 143998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 1440221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 144198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom }; 144298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); 144398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom p+=j; 144498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifdef OPENSSL_RI_DEBUG 144598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom fprintf(stderr, "SCSV sent by client\n"); 144698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 144798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 144898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(p-q); 1450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 1453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) **skp) 1454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1455221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const SSL_CIPHER *c; 1456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 1457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,n; 145898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->s3) 145998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->s3->send_connection_binding = 0; 1460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=ssl_put_cipher_by_char(s,NULL,NULL); 1462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((num%n) != 0) 1463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((skp == NULL) || (*skp == NULL)) 1468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ 1469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk= *skp; 1472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_SSL_CIPHER_zero(sk); 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<num; i+=n) 1476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 147798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Check for SCSV */ 147898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (s->s3 && (n != 3 || !p[0]) && 147998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 148098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (p[n-1] == (SSL3_CK_SCSV & 0xff))) 148198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 148298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* SCSV fatal if renegotiating */ 1483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->renegotiate) 148498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 148598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 148698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 148798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto err; 148898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 148998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom s->s3->send_connection_binding = 1; 149098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom p += n; 149198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifdef OPENSSL_RI_DEBUG 149298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom fprintf(stderr, "SCSV received by server\n"); 149398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 149498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom continue; 149598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 149698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=ssl_get_cipher_by_char(s,p); 1498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p+=n; 1499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c != NULL) 1500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_SSL_CIPHER_push(sk,c)) 1502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (skp != NULL) 1510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *skp=sk; 1511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(sk); 1512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((skp == NULL) || (*skp == NULL)) 1514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_SSL_CIPHER_free(sk); 1515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1518221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/** return a servername extension value if provided in Client Hello, or NULL. 1521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * So far, only host_name types are defined (RFC 3546). 1522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst char *SSL_get_servername(const SSL *s, const int type) 1525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (type != TLSEXT_NAMETYPE_host_name) 1527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 1528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return s->session && !s->tlsext_hostname ? 1530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->session->tlsext_hostname : 1531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->tlsext_hostname; 1532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_servername_type(const SSL *s) 1535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 1537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return TLSEXT_NAMETYPE_host_name; 1538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 1539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1540bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1541bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 1542bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* SSL_select_next_proto implements the standard protocol selection. It is 1543bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * expected that this function is called from the callback set by 1544bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * SSL_CTX_set_next_proto_select_cb. 1545bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1546bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * The protocol data is assumed to be a vector of 8-bit, length prefixed byte 1547bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * strings. The length byte itself is not included in the length. A byte 1548bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * string of length 0 is invalid. No byte string may be truncated. 1549bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1550bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * The current, but experimental algorithm for selecting the protocol is: 1551bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1552bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1) If the server doesn't support NPN then this is indicated to the 1553bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * callback. In this case, the client application has to abort the connection 1554bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * or have a default application level protocol. 1555bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1556bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 2) If the server supports NPN, but advertises an empty list then the 1557bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * client selects the first protcol in its list, but indicates via the 1558bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * API that this fallback case was enacted. 1559bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1560bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 3) Otherwise, the client finds the first protocol in the server's list 1561bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * that it supports and selects this protocol. This is because it's 1562bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * assumed that the server has better information about which protocol 1563bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * a client should use. 1564bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1565bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 4) If the client doesn't support any of the server's advertised 1566bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * protocols, then this is treated the same as case 2. 1567bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1568bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * It returns either 1569bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or 1570bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1571bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen */ 1572bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) 1573bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1574bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int i, j; 1575bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const unsigned char *result; 1576bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen int status = OPENSSL_NPN_UNSUPPORTED; 1577bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1578bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* For each protocol in server preference order, see if we support it. */ 1579bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen for (i = 0; i < server_len; ) 1580bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1581bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen for (j = 0; j < client_len; ) 1582bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1583bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (server[i] == client[j] && 1584bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen memcmp(&server[i+1], &client[j+1], server[i]) == 0) 1585bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1586bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* We found a match */ 1587bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen result = &server[i]; 1588bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen status = OPENSSL_NPN_NEGOTIATED; 1589bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen goto found; 1590bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1591bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen j += client[j]; 1592bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen j++; 1593bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1594bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen i += server[i]; 1595bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen i++; 1596bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1597bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1598bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen /* There's no overlap between our protocols and the server's list. */ 1599bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen result = client; 1600bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen status = OPENSSL_NPN_NO_OVERLAP; 1601bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1602bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen found: 1603bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *out = (unsigned char *) result + 1; 1604bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *outlen = result[0]; 1605bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return status; 1606bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1607bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1608bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's 1609bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * requested protocol for this connection and returns 0. If the client didn't 1610bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * request any protocol, then *data is set to NULL. 1611bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1612bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * Note that the client can request any protocol it chooses. The value returned 1613bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * from this function need not be a member of the list of supported protocols 1614bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * provided by the callback. 1615bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen */ 1616bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenvoid SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) 1617bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1618bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *data = s->next_proto_negotiated; 1619bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (!*data) { 1620bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *len = 0; 1621bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } else { 1622bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *len = s->next_proto_negotiated_len; 1623bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1624bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen} 1625bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1626bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a 1627bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * TLS server needs a list of supported protocols for Next Protocol 1628bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * Negotiation. The returned list must be in wire format. The list is returned 1629bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * by setting |out| to point to it and |outlen| to its length. This memory will 1630bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * not be modified, but one should assume that the SSL* keeps a reference to 1631bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * it. 1632bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1633bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no 1634bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * such extension will be included in the ServerHello. */ 1635bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1636bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1637bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ctx->next_protos_advertised_cb = cb; 1638bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ctx->next_protos_advertised_cb_arg = arg; 1639bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1640bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1641bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1642bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * client needs to select a protocol from the server's provided list. |out| 1643bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * must be set to point to the selected protocol (which may be within |in|). 1644bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * The length of the protocol name must be written into |outlen|. The server's 1645bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * advertised protocols are provided in |in| and |inlen|. The callback can 1646bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * assume that |in| is syntactically valid. 1647bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * 1648bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * The client must select a protocol. It is fatal to the connection if this 1649bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen * callback returns a value other than SSL_TLSEXT_ERR_OK. 1650bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen */ 1651bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1652bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1653bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ctx->next_proto_select_cb = cb; 1654bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ctx->next_proto_select_cb_arg = arg; 1655bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1656bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 1657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1659392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1660392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const char *label, size_t llen, const unsigned char *p, size_t plen, 1661392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int use_context) 1662392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1663392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->version < TLS1_VERSION) 1664392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 1665392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1666392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1667392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom llen, p, plen, 1668392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom use_context); 1669392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1670392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1671221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic unsigned long ssl_session_hash(const SSL_SESSION *a) 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long l; 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=(unsigned long) 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((unsigned int) a->session_id[0] )| 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((unsigned int) a->session_id[1]<< 8L)| 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((unsigned long)a->session_id[2]<<16L)| 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((unsigned long)a->session_id[3]<<24L); 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(l); 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* NB: If this function (or indeed the hash function which uses a sort of 1684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * coarser function than this one) is changed, ensure 1685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * able to construct an SSL_SESSION that will collide with any existing session 1687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * with a matching session ID. */ 1688221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) 1689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->ssl_version != b->ssl_version) 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->session_id_length != b->session_id_length) 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(memcmp(a->session_id,b->session_id,a->session_id_length)); 1695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* These wrapper functions should remain rather than redeclaring 1698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * variable. The reason is that the functions aren't static, they're exposed via 1700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ssl.h. */ 1701221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1702221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1704221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX *ret=NULL; 1707221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (meth == NULL) 1709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 1711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1714392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef OPENSSL_FIPS 1715392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (FIPS_mode() && (meth->version < TLS1_VERSION)) 1716392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1717392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); 1718392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return NULL; 1719392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1720392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1721392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); 1728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 1729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(ret,0,sizeof(SSL_CTX)); 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->method=meth; 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->cert_store=NULL; 1736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->session_cache_mode=SSL_SESS_CACHE_SERVER; 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->session_cache_head=NULL; 1739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->session_cache_tail=NULL; 1740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We take the system default */ 1742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->session_timeout=meth->get_timeout(); 1743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->new_session_cb=0; 1745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->remove_session_cb=0; 1746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->get_session_cb=0; 1747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->generate_session_id=0; 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset((char *)&ret->stats,0,sizeof(ret->stats)); 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->references=1; 1752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->quiet_shutdown=0; 1753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ret->cipher=NULL;*/ 1755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ret->s2->challenge=NULL; 1756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->master_key=NULL; 1757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->key_arg=NULL; 1758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->s2->conn_id=NULL; */ 1759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->info_callback=NULL; 1761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->app_verify_callback=0; 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->app_verify_arg=NULL; 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->read_ahead=0; 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->msg_callback=0; 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->msg_callback_arg=NULL; 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->verify_mode=SSL_VERIFY_NONE; 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->sid_ctx_length=0; 1774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->default_verify_callback=NULL; 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->cert=ssl_cert_new()) == NULL) 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->default_passwd_callback=0; 1779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->default_passwd_callback_userdata=NULL; 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->client_cert_cb=0; 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->app_gen_cookie_cb=0; 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->app_verify_cookie_cb=0; 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1784221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->sessions=lh_SSL_SESSION_new(); 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->sessions == NULL) goto err; 1786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->cert_store=X509_STORE_new(); 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->cert_store == NULL) goto err; 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_create_cipher_list(ret->method, 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &ret->cipher_list,&ret->cipher_list_by_id, 1791221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->cipher_list == NULL 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) 1794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err2; 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->param = X509_VERIFY_PARAM_new(); 1800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ret->param) 1801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) 1804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); 1806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err2; 1807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) 1809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err2; 1812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) 1814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err2; 1817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) 1820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->extra_certs=NULL; 1825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->comp_methods=SSL_COMP_get_compression_methods(); 1826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->tlsext_servername_callback = 0; 1831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->tlsext_servername_arg = NULL; 1832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Setup RFC4507 ticket keys */ 1833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->options |= SSL_OP_NO_TICKET; 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->tlsext_status_cb = 0; 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->tlsext_status_arg = NULL; 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1841bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 1842bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret->next_protos_advertised_cb = 0; 1843bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen ret->next_proto_select_cb = 0; 1844bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1846221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1847221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->psk_identity_hint=NULL; 1848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->psk_client_callback=NULL; 1849221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->psk_server_callback=NULL; 1850221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1851392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1852392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_SRP_CTX_init(ret); 1853392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1854221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_BUF_FREELISTS 1855221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 1856221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1857221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ret->rbuf_freelist) 1858221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1859221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->rbuf_freelist->chunklen = 0; 1860221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->rbuf_freelist->len = 0; 1861221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->rbuf_freelist->head = NULL; 1862221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1863221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ret->wbuf_freelist) 1864221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1865221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(ret->rbuf_freelist); 1866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1867221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1868221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->wbuf_freelist->chunklen = 0; 1869221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->wbuf_freelist->len = 0; 1870221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret->wbuf_freelist->head = NULL; 1871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1872e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_ENGINE 1873e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ret->client_cert_engine = NULL; 1874e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 1875e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#define eng_strx(x) #x 1876e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#define eng_str(x) eng_strx(x) 1877e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu /* Use specific client engine automatically... ignore errors */ 1878e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 1879e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ENGINE *eng; 1880e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1881e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!eng) 1882e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 1883e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ERR_clear_error(); 1884e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ENGINE_load_builtin_engines(); 1885e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1886e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 1887e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 1888e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ERR_clear_error(); 1889e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 1890e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 1891e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 189298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Default is to connect to non-RI servers. When RI is more widely 189398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom * deployed might change this. 189498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom */ 189598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1896e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 1897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 1898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr2: 1901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) SSL_CTX_free(ret); 1902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 1903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 1906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void SSL_COMP_free(SSL_COMP *comp) 1907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { OPENSSL_free(comp); } 1908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_BUF_FREELISTS 1911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic void 1912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromssl_buf_freelist_free(SSL3_BUF_FREELIST *list) 1913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL3_BUF_FREELIST_ENTRY *ent, *next; 1915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (ent = list->head; ent; ent = next) 1916221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1917221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom next = ent->next; 1918221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(ent); 1919221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1920221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(list); 1921221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1922221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1923221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_free(SSL_CTX *a) 1925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 1927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a == NULL) return; 1929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); 1931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_PRINT 1932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project REF_PRINT("SSL_CTX",a); 1933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > 0) return; 1935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK 1936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 1937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"SSL_CTX_free, bad reference count\n"); 1939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project abort(); /* ok */ 1940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->param) 1944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_free(a->param); 1945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 1947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Free internal session cache. However: the remove_cb() may reference 1948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the ex_data of SSL_CTX, thus the ex_data store can only be removed 1949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * after the sessions were flushed. 1950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * As the ex_data handling routines might also touch the session cache, 1951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the most secure solution seems to be: empty (flush) the cache, then 1952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * free ex_data, then finally free the cache. 1953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (See ticket [openssl.org #212].) 1954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->sessions != NULL) 1956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_flush_sessions(a,0); 1957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 1959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->sessions != NULL) 1961221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom lh_SSL_SESSION_free(a->sessions); 1962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->cert_store != NULL) 1964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_free(a->cert_store); 1965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->cipher_list != NULL) 1966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_SSL_CIPHER_free(a->cipher_list); 1967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->cipher_list_by_id != NULL) 1968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_SSL_CIPHER_free(a->cipher_list_by_id); 1969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->cert != NULL) 1970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_cert_free(a->cert); 1971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->client_CA != NULL) 1972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); 1973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->extra_certs != NULL) 1974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(a->extra_certs,X509_free); 1975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* This should never be done, since it removes a global database */ 1976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->comp_methods != NULL) 1977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); 1978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a->comp_methods = NULL; 1980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1981221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1982392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (a->srtp_profiles) 1983392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); 1984392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1985221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1986221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (a->psk_identity_hint) 1987221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(a->psk_identity_hint); 1988221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1989392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1990392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_SRP_CTX_free(a); 1991392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1992e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_ENGINE 1993e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (a->client_cert_engine) 1994e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu ENGINE_finish(a->client_cert_engine); 1995e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 1996221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1997221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_BUF_FREELISTS 1998221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (a->wbuf_freelist) 1999221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_buf_freelist_free(a->wbuf_freelist); 2000221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (a->rbuf_freelist) 2001221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_buf_freelist_free(a->rbuf_freelist); 2002221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2003221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(a); 2005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) 2008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->default_passwd_callback=cb; 2010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) 2013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->default_passwd_callback_userdata=u; 2015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) 2018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->app_verify_callback=cb; 2020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->app_verify_arg=arg; 2021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) 2024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->verify_mode=mode; 2026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->default_verify_callback=cb; 2027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) 2030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2034221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT_PKEY *cpk; 2037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 2038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rsa_enc_export,dh_rsa_export,dh_dsa_export; 2039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rsa_tmp_export,dh_tmp_export,kl; 2040221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long mask_k,mask_a,emask_k,emask_a; 2041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 2042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int have_ecdh_tmp; 2044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x = NULL; 2046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *ecc_pkey = NULL; 2047ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom int signature_nid = 0, pk_nid = 0, md_nid = 0; 2048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c == NULL) return; 2050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project kl=SSL_C_EXPORT_PKEYLENGTH(cipher); 2052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 2054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 2055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_tmp_export=(c->rsa_tmp_cb != NULL || 2056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); 2057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_tmp=rsa_tmp_export=0; 2059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 2061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 2062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_tmp_export=(c->dh_tmp_cb != NULL || 2063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); 2064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_tmp=dh_tmp_export=0; 2066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 2070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); 2072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); 2073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); 2077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); 2078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); 2079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); 2082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* FIX THIS EAY EAY EAY */ 2083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); 2084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 2085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cpk= &(c->pkeys[SSL_PKEY_ECC]); 2086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); 2087221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k=0; 2088221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a=0; 2089221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k=0; 2090221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a=0; 2091221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2092221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CIPHER_DEBUG 2095221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2096221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, 2097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 2098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2099221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k |= SSL_kGOST; 2103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a |= SSL_aGOST01; 2104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cpk = &(c->pkeys[SSL_PKEY_GOST94]); 2106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cpk->x509 != NULL && cpk->privatekey !=NULL) { 2107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k |= SSL_kGOST; 2108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a |= SSL_aGOST94; 2109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa_enc || (rsa_tmp && rsa_sign)) 2112221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kRSA; 2113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 2114221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kRSA; 2115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 2117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 2118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ( (dh_tmp || dh_rsa || dh_dsa) && 2119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa_enc || rsa_sign || dsa_sign)) 2120221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kEDH; 2121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 2122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa_enc || rsa_sign || dsa_sign)) 2123221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kEDH; 2124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2126221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dh_tmp_export) 2127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kEDH; 2128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dh_tmp) 2130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kEDH; 2131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dh_rsa) mask_k|=SSL_kDHr; 2133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dh_rsa_export) emask_k|=SSL_kDHr; 2134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dh_dsa) mask_k|=SSL_kDHd; 2136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (dh_dsa_export) emask_k|=SSL_kDHd; 2137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa_enc || rsa_sign) 2139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aRSA; 2141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aRSA; 2142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dsa_sign) 2145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aDSS; 2147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aDSS; 2148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aNULL; 2151221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aNULL; 2152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kKRB5; 2155221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aKRB5; 2156221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kKRB5; 2157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aKRB5; 2158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* An ECC certificate may be usable for ECDH and/or 2161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECDSA cipher suites depending on the key usage extension. 2162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (have_ecc_cert) 2164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2165221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* This call populates extension flags (ex_flags) */ 2166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x = (c->pkeys[SSL_PKEY_ECC]).x509; 2167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_check_purpose(x, -1, 0); 2168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ecc_pkey = X509_get_pubkey(x); 2173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ecc_pkey_size = (ecc_pkey != NULL) ? 2174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_bits(ecc_pkey) : 0; 2175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(ecc_pkey); 2176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((x->sig_alg) && (x->sig_alg->algorithm)) 2177ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom { 2178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2179ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2180ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom } 2181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh_ok) 2183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2184ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom 2185ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) 2186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kECDHr; 2188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aECDH; 2189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecc_pkey_size <= 163) 2190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kECDHr; 2192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aECDH; 2193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2196ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom if (pk_nid == NID_X9_62_id_ecPublicKey) 2197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kECDHe; 2199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aECDH; 2200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecc_pkey_size <= 163) 2201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kECDHe; 2203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aECDH; 2204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDSA 2209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdsa_ok) 2210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a|=SSL_aECDSA; 2212221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a|=SSL_aECDSA; 2213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 2218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (have_ecdh_tmp) 2219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2220221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k|=SSL_kEECDH; 2221221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k|=SSL_kEECDH; 2222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2224221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2225221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 2226221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_k |= SSL_kPSK; 2227221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom mask_a |= SSL_aPSK; 2228221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_k |= SSL_kPSK; 2229221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom emask_a |= SSL_aPSK; 2230221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2231221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2232221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom c->mask_k=mask_k; 2233221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom c->mask_a=mask_a; 2234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom c->export_mask_k=emask_k; 2235221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom c->export_mask_a=emask_a; 2236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c->valid=1; 2237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* This handy macro borrowed from crypto/x509v3/v3_purp.c */ 2240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ku_reject(x, usage) \ 2241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) 2242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_EC 2244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2245392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_k, alg_a; 2248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey = NULL; 2249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int keysize = 0; 2250ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom int signature_nid = 0, md_nid = 0, pk_nid = 0; 2251392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k = cs->algorithm_mkey; 2254221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = cs->algorithm_auth; 2255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_C_IS_EXPORT(cs)) 2257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ECDH key length in export ciphers must be <= 163 bits */ 2259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey = X509_get_pubkey(x); 2260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey == NULL) return 0; 2261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project keysize = EVP_PKEY_bits(pkey); 2262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 2263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (keysize > 163) return 0; 2264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This call populates the ex_flags field correctly */ 2267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_check_purpose(x, -1, 0); 2268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((x->sig_alg) && (x->sig_alg->algorithm)) 2269ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom { 2270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2271ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); 2272ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom } 2273221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) 2274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* key usage, if present, must allow key agreement */ 2276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) 2277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 2280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2281392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) 2282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* signature alg must be ECDSA */ 2284ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom if (pk_nid != NID_X9_62_id_ecPublicKey) 2285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2286221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 2288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2290392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) 2291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* signature alg must be RSA */ 2293221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2294ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3Brian Carlstrom if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) 2295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2296221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 2298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2300221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2301221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_a & SSL_aECDSA) 2302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* key usage, if present, must allow signing */ 2304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) 2305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2306221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 2308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; /* all checks are ok */ 2312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2314221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2315221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* THIS NEEDS CLEANING UP */ 2317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509 *ssl_get_server_send_cert(SSL *s) 2318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 231943c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom unsigned long alg_k,alg_a; 2320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT *c; 232143c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom int i; 2322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=s->cert; 2324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2325221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2327221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2329221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (alg_k & (SSL_kECDHr|SSL_kECDHe)) 2330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2331221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* we don't need to look at SSL_kEECDH 2332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * since no certificate is needed for 2333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * anon ECDH and for authenticated 2334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * EECDH, the check for the auth 2335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * algorithm will set i correctly 2336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOTE: For ECDH-RSA, we need an ECC 2337221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * not an RSA cert but for EECDH-RSA 2338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * we need an RSA cert. Placing the 2339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * checks for SSL_kECDH before RSA 2340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * checks ensures the correct cert is chosen. 2341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_ECC; 2343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aECDSA) 2345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_ECC; 2347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kDHr) 2349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_DH_RSA; 2350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_k & SSL_kDHd) 2351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_DH_DSA; 2352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aDSS) 2353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_DSA_SIGN; 2354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aRSA) 2355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 2357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_RSA_SIGN; 2358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_PKEY_RSA_ENC; 2360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aKRB5) 2362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* VRS something else here? */ 2364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aGOST94) 2367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=SSL_PKEY_GOST94; 2368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aGOST01) 2369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=SSL_PKEY_GOST01; 2370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else /* if (alg_a & SSL_aNULL) */ 2371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); 2373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[i].x509 == NULL) return(NULL); 2376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(c->pkeys[i].x509); 2378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian CarlstromEVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) 2381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned long alg_a; 2383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERT *c; 2384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int idx = -1; 2385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom alg_a = cipher->algorithm_auth; 2387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=s->cert; 2388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((alg_a & SSL_aDSS) && 2390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_DSA_SIGN; 2392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (alg_a & SSL_aRSA) 2393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_RSA_SIGN; 2396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_RSA_ENC; 2398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2399221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if ((alg_a & SSL_aECDSA) && 2400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom idx = SSL_PKEY_ECC; 2402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (idx == -1) 2403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); 2405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (pmd) 2408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *pmd = c->pkeys[idx].digest; 2409392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return c->pkeys[idx].privatekey; 2410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid ssl_update_cache(SSL *s,int mode) 2413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 2415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If the session_id_length is 0, we are not supposed to cache it, 2417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and it would be rather hard to do anyway :-) */ 2418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session->session_id_length == 0) return; 2419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2420221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=s->session_ctx->session_cache_mode; 2421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i & mode) && (!s->hit) 2422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom || SSL_CTX_add_session(s->session_ctx,s->session)) 2424221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom && (s->session_ctx->new_session_cb != NULL)) 2425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 2427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!s->session_ctx->new_session_cb(s,s->session)) 2428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION_free(s->session); 2429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* auto flush every 255 connections */ 2432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 2433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((i & mode) == mode)) 2434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( (((mode & SSL_SESS_CACHE_CLIENT) 2436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ?s->session_ctx->stats.sess_connect_good 2437221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) 2438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2439221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); 2440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2444221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromconst SSL_METHOD *SSL_get_ssl_method(SSL *s) 2445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->method); 2447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2449221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int conn= -1; 2452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 2453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->method != meth) 2455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func != NULL) 2457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project conn=(s->handshake_func == s->method->ssl_connect); 2458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->method->version == meth->version) 2460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=meth; 2461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_free(s); 2464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method=meth; 2465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=s->method->ssl_new(s); 2466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (conn == 1) 2469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=meth->ssl_connect; 2470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (conn == 0) 2471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=meth->ssl_accept; 2472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_error(const SSL *s,int i) 2477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int reason; 2479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long l; 2480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio; 2481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i > 0) return(SSL_ERROR_NONE); 2483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake 2485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * etc, where we do encode the error */ 2486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((l=ERR_peek_error()) != 0) 2487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ERR_GET_LIB(l) == ERR_LIB_SYS) 2489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_SYSCALL); 2490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_SSL); 2492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i < 0) && SSL_want_read(s)) 2495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio=SSL_get_rbio(s); 2497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_should_read(bio)) 2498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_READ); 2499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_write(bio)) 2500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This one doesn't make too much sense ... We never try 2501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to write to the rbio, and an application program where 2502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * rbio and wbio are separate couldn't even know what it 2503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * should wait for. 2504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * However if we ever set s->rwstate incorrectly 2505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (so that we have SSL_want_read(s) instead of 2506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SSL_want_write(s)) and rbio and wbio *are* the same, 2507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * this test works around that bug; so it might be safer 2508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * to keep it. */ 2509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_WRITE); 2510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_io_special(bio)) 2511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason=BIO_get_retry_reason(bio); 2513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason == BIO_RR_CONNECT) 2514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_CONNECT); 2515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (reason == BIO_RR_ACCEPT) 2516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_ACCEPT); 2517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_SYSCALL); /* unknown */ 2519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i < 0) && SSL_want_write(s)) 2523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio=SSL_get_wbio(s); 2525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_should_write(bio)) 2526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_WRITE); 2527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_read(bio)) 2528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 2529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_READ); 2530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (BIO_should_io_special(bio)) 2531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason=BIO_get_retry_reason(bio); 2533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason == BIO_RR_CONNECT) 2534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_CONNECT); 2535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (reason == BIO_RR_ACCEPT) 2536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_ACCEPT); 2537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_SYSCALL); 2539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i < 0) && SSL_want_x509_lookup(s)) 2542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_WANT_X509_LOOKUP); 2544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 2547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->version == SSL2_VERSION) 2549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* assume it is the socket being closed */ 2551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_ZERO_RETURN); 2552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_ZERO_RETURN); 2558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(SSL_ERROR_SYSCALL); 2561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_do_handshake(SSL *s) 2564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 2566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->handshake_func == NULL) 2568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); 2570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(-1); 2571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->method->ssl_renegotiate_check(s); 2574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_in_init(s) || SSL_in_before(s)) 2576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=s->handshake_func(s); 2578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* For the next 2 functions, SSL_clear() sets shutdown and so 2583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * one of these calls will reset it */ 2584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_accept_state(SSL *s) 2585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=1; 2587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 2588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; 2589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_accept; 2590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* clear the current cipher */ 2591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_clear_cipher_ctx(s); 2592221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->read_hash); 2593221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->write_hash); 2594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_connect_state(SSL *s) 2597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->server=0; 2599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=0; 2600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; 2601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->handshake_func=s->method->ssl_connect; 2602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* clear the current cipher */ 2603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_clear_cipher_ctx(s); 2604221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->read_hash); 2605221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(&s->write_hash); 2606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_undefined_function(SSL *s) 2609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_undefined_void_function(void) 2615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_undefined_const_function(const SSL *s) 2621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL_METHOD *ssl_bad_method(int ver) 2627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 26328be882eb81101ceede7641e88ccbdaded610ff5fBrian Carlstromstatic const char *ssl_get_version(int version) 2633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2634392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (version == TLS1_2_VERSION) 2635392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return("TLSv1.2"); 2636392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (version == TLS1_1_VERSION) 2637392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return("TLSv1.1"); 2638d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom if (version == TLS1_VERSION) 2639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return("TLSv1"); 2640d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom else if (version == SSL3_VERSION) 2641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return("SSLv3"); 2642d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom else if (version == SSL2_VERSION) 2643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return("SSLv2"); 2644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return("unknown"); 2646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2648d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstromconst char *SSL_get_version(const SSL *s) 2649d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom { 2650d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom return ssl_get_version(s->version); 2651d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom } 2652d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom 2653d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstromconst char *SSL_SESSION_get_version(const SSL_SESSION *s) 2654d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom { 2655d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom return ssl_get_version(s->ssl_version); 2656d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom } 2657d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom 2658d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstromconst char* SSL_authentication_method(const SSL* ssl) 2659d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom { 2660c1fd76c1679ed77b14f41043a8bd30e94491bdefBrian Carlstrom if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) 2661c1fd76c1679ed77b14f41043a8bd30e94491bdefBrian Carlstrom return SSL_TXT_RSA "_" SSL_TXT_EXPORT; 2662d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom switch (ssl->version) 2663d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom { 2664d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom case SSL2_VERSION: 2665d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom return SSL_TXT_RSA; 2666d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom default: 2667392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); 2668d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom } 2669d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom } 2670d524efd1ee2dde250eb759c483c9db089f653d16Brian Carlstrom 2671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL *SSL_dup(SSL *s) 2672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509_NAME) *sk; 2674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *xn; 2675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL *ret; 2676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 2677221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->version = s->version; 2682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->type = s->type; 2683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->method = s->method; 2684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->session != NULL) 2686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_copy_session_id(ret,s); 2689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* No session has been established yet, so we have to expect 2693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * that s->cert or ret->cert will be changed later -- 2694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * they should not both point to the same object, 2695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and thus we can't use SSL_copy_session_id. */ 2696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->method->ssl_free(ret); 2698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->method = s->method; 2699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->method->ssl_new(ret); 2700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert != NULL) 2702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->cert != NULL) 2704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_cert_free(ret->cert); 2706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->cert = ssl_cert_dup(s->cert); 2708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->cert == NULL) 2709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_session_id_context(ret, 2713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->sid_ctx, s->sid_ctx_length); 2714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->options=s->options; 2717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->mode=s->mode; 2718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); 2719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); 2720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->msg_callback = s->msg_callback; 2721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->msg_callback_arg = s->msg_callback_arg; 2722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_verify(ret,SSL_get_verify_mode(s), 2723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_get_verify_callback(s)); 2724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); 2725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->generate_session_id = s->generate_session_id; 2726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_info_callback(ret,SSL_get_info_callback(s)); 2728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->debug=s->debug; 2730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* copy app data, a little dangerous perhaps */ 2732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* setup rbio, and wbio */ 2736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->rbio != NULL) 2737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) 2739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->wbio != NULL) 2742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->wbio != s->rbio) 2744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) 2746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->wbio=ret->rbio; 2750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->rwstate = s->rwstate; 2752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->in_handshake = s->in_handshake; 2753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->handshake_func = s->handshake_func; 2754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->server = s->server; 2755392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret->renegotiate = s->renegotiate; 2756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->new_session = s->new_session; 2757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->quiet_shutdown = s->quiet_shutdown; 2758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->shutdown=s->shutdown; 2759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->state=s->state; /* SSL_dup does not really work at any state, though */ 2760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->rstate=s->rstate; 2761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ 2762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->hit=s->hit; 2763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_VERIFY_PARAM_inherit(ret->param, s->param); 2765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* dup the cipher_list and cipher_list_by_id stacks */ 2767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list != NULL) 2768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cipher_list_by_id != NULL) 2773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project == NULL) 2775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Dup the client_CA list */ 2778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->client_CA != NULL) 2779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; 2781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->client_CA=sk; 2782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_X509_NAME_num(sk); i++) 2783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project xn=sk_X509_NAME_value(sk,i); 2785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) 2786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(xn); 2788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 2794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) SSL_free(ret); 2797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=NULL; 2798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid ssl_clear_cipher_ctx(SSL *s) 2803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->enc_read_ctx != NULL) 2805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); 2807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->enc_read_ctx); 2808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->enc_read_ctx=NULL; 2809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->enc_write_ctx != NULL) 2811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); 2813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(s->enc_write_ctx); 2814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->enc_write_ctx=NULL; 2815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_COMP 2817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->expand != NULL) 2818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project COMP_CTX_free(s->expand); 2820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->expand=NULL; 2821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->compress != NULL) 2823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project COMP_CTX_free(s->compress); 2825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->compress=NULL; 2826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Fix this function so that it takes an optional type parameter */ 2831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509 *SSL_get_certificate(const SSL *s) 2832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert != NULL) 2834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->cert->key->x509); 2835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Fix this function so that it takes an optional type parameter */ 2840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectEVP_PKEY *SSL_get_privatekey(SSL *s) 2841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->cert != NULL) 2843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->cert->key->privatekey); 2844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2848221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 2849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((s->session != NULL) && (s->session->cipher != NULL)) 2851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->session->cipher); 2852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_COMP 2855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst void *SSL_get_current_compression(SSL *s) 2856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 2858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst void *SSL_get_current_expansion(SSL *s) 2860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 2862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst COMP_METHOD *SSL_get_current_compression(SSL *s) 2866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->compress != NULL) 2868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->compress->meth); 2869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst COMP_METHOD *SSL_get_current_expansion(SSL *s) 2873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->expand != NULL) 2875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->expand->meth); 2876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 2877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_init_wbio_buffer(SSL *s,int push) 2881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bbio; 2883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio == NULL) 2885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bbio=BIO_new(BIO_f_buffer()); 2887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bbio == NULL) return(0); 2888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->bbio=bbio; 2889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bbio=s->bbio; 2893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio == s->wbio) 2894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_pop(s->wbio); 2895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_reset(bbio); 2897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_set_read_buffer_size(bbio,1)) 2899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); 2901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (push) 2904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->wbio != bbio) 2906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_push(bbio,s->wbio); 2907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->wbio == bbio) 2911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_pop(bbio); 2912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 2914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid ssl_free_wbio_buffer(SSL *s) 2917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio == NULL) return; 2919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s->bbio == s->wbio) 2921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* remove buffering */ 2923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->wbio=BIO_pop(s->wbio); 2924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ 2925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project assert(s->wbio != NULL); 2926221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(s->bbio); 2929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->bbio=NULL; 2930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) 2933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->quiet_shutdown=mode; 2935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 2938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->quiet_shutdown); 2940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_quiet_shutdown(SSL *s,int mode) 2943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->quiet_shutdown=mode; 2945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_quiet_shutdown(const SSL *s) 2948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->quiet_shutdown); 2950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_shutdown(SSL *s,int mode) 2953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s->shutdown=mode; 2955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_shutdown(const SSL *s) 2958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->shutdown); 2960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_version(const SSL *s) 2963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->version); 2965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) 2968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl->ctx); 2970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) 2973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->ctx == ctx) 2975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ssl->ctx; 2976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 2977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 2978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = ssl->initial_ctx; 2979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->cert != NULL) 2981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_cert_free(ssl->cert); 2982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->cert = ssl_cert_dup(ctx->cert); 2983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 2984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ssl->ctx != NULL) 2985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_free(ssl->ctx); /* decrement reference count */ 2986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->ctx = ctx; 2987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl->ctx); 2988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_STDIO 2991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) 2992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_STORE_set_default_paths(ctx->cert_store)); 2994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 2997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *CApath) 2998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); 3000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_info_callback(SSL *ssl, 3004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void (*cb)(const SSL *ssl,int type,int val)) 3005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->info_callback=cb; 3007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* One compiler (Diab DCC) doesn't like argument names in returned 3010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project function pointer. */ 3011221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 3012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ssl->info_callback; 3014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_state(const SSL *ssl) 3017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl->state); 3019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3021392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromvoid SSL_set_state(SSL *ssl, int state) 3022392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3023392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ssl->state = state; 3024392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3025392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 3026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_verify_result(SSL *ssl,long arg) 3027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl->verify_result=arg; 3029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong SSL_get_verify_result(const SSL *ssl) 3032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ssl->verify_result); 3034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_func, dup_func, free_func); 3041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_set_ex_data(SSL *s,int idx,void *arg) 3044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *SSL_get_ex_data(const SSL *s,int idx) 3049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, 3054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) 3055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project new_func, dup_func, free_func); 3058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) 3061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); 3063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) 3066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(CRYPTO_get_ex_data(&s->ex_data,idx)); 3068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint ssl_ok(SSL *s) 3071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 3073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) 3076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ctx->cert_store); 3078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) 3081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx->cert_store != NULL) 3083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_free(ctx->cert_store); 3084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx->cert_store=store; 3085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint SSL_want(const SSL *s) 3088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(s->rwstate); 3090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 3093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \brief Set the callback for generating temporary RSA keys. 3094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param ctx the SSL context. 3095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param cb the callback 3096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 3097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 3099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, 3100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int is_export, 3101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int keylength)) 3102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, 3107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int is_export, 3108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int keylength)) 3109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); 3111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef DOXYGEN 3115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 3116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \brief The RSA temporary key callback function. 3117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param ssl the SSL session. 3118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. 3119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param keylength if \c is_export is \c TRUE, then \c keylength is the size 3120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * of the required key in bits. 3121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \return the temporary RSA key. 3122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback 3123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 3124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectRSA *cb(SSL *ssl,int is_export,int keylength) 3126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project {} 3127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/*! 3130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \brief Set the callback for generating temporary DH keys. 3131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param ctx the SSL context. 3132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * \param dh the callback 3133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 3134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 3136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 3137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int keylength)) 3138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 3143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int keylength)) 3144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 3146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 3150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3151221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int keylength)) 3152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 3157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int keylength)) 3158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3163221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 3164221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3165221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3166221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3167221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3168221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3169221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 3170221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3171221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ctx->psk_identity_hint != NULL) 3172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(ctx->psk_identity_hint); 3173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (identity_hint != NULL) 3174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3175221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx->psk_identity_hint = BUF_strdup(identity_hint); 3176221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ctx->psk_identity_hint == NULL) 3177221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 3178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3179221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 3180221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx->psk_identity_hint = NULL; 3181221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 3182221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3183221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) 3185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3186221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s == NULL) 3187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 3188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session == NULL) 3190221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; /* session not created yet, ignored */ 3191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) 3193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 3196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->psk_identity_hint != NULL) 3198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_free(s->session->psk_identity_hint); 3199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (identity_hint != NULL) 3200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->psk_identity_hint = BUF_strdup(identity_hint); 3202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s->session->psk_identity_hint == NULL) 3203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 3204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 3206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->session->psk_identity_hint = NULL; 3207221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 1; 3208221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3209221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3210221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromconst char *SSL_get_psk_identity_hint(const SSL *s) 3211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3212221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s == NULL || s->session == NULL) 3213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 3214221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return(s->session->psk_identity_hint); 3215221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3216221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3217221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromconst char *SSL_get_psk_identity(const SSL *s) 3218221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3219221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s == NULL || s->session == NULL) 3220221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return NULL; 3221221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return(s->session->psk_identity); 3222221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3223221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3224221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid SSL_set_psk_client_callback(SSL *s, 3225221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int (*cb)(SSL *ssl, const char *hint, 3226221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom char *identity, unsigned int max_identity_len, unsigned char *psk, 3227221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int max_psk_len)) 3228221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3229221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->psk_client_callback = cb; 3230221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3231221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3232221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3233221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int (*cb)(SSL *ssl, const char *hint, 3234221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom char *identity, unsigned int max_identity_len, unsigned char *psk, 3235221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int max_psk_len)) 3236221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3237221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx->psk_client_callback = cb; 3238221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3239221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3240221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid SSL_set_psk_server_callback(SSL *s, 3241221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int (*cb)(SSL *ssl, const char *identity, 3242221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *psk, unsigned int max_psk_len)) 3243221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom s->psk_server_callback = cb; 3245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3246221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3247221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int (*cb)(SSL *ssl, const char *identity, 3249221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *psk, unsigned int max_psk_len)) 3250221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 3251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ctx->psk_server_callback = cb; 3252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 3253221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 3254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3264ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wuint SSL_cutthrough_complete(const SSL *s) 3265ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu { 3266ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu return (!s->server && /* cutthrough only applies to clients */ 3267ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu !s->hit && /* full-handshake */ 3268ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->version >= SSL3_VERSION && 3269ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ 3270ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ 327135ae949c4a2af9df0ba74156cde5629c9d9f8c69Huahui Wu SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */ 3272d635a5e0e6a4232010f71715d04767b40af66973Brian Carlstrom s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */ 327335ae949c4a2af9df0ba74156cde5629c9d9f8c69Huahui Wu (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ 327435ae949c4a2af9df0ba74156cde5629c9d9f8c69Huahui Wu s->state == SSL3_ST_CR_FINISHED_A)); 3275ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu } 3276ef1d181713d602df2075f0bf367788fd8b15100dHuahui Wu 3277221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * vairable, freeing EVP_MD_CTX previously stored in that variable, if 3279221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * any. If EVP_MD pointer is passed, initializes ctx with this md 3280221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Returns newly allocated ctx; 3281221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 3282221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 3283221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromEVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 3284221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom{ 3285221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_clear_hash_ctx(hash); 3286221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *hash = EVP_MD_CTX_create(); 3287221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (md) EVP_DigestInit_ex(*hash,md,NULL); 3288221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return *hash; 3289221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom} 3290221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromvoid ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3291221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom{ 32927f9d8bc8c32fa4196cff8a8f1c64c5183eefad9eBrian Carlstrom 3293221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (*hash) EVP_MD_CTX_destroy(*hash); 3294221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom *hash=NULL; 3295221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom} 3296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromvoid SSL_set_debug(SSL *s, int debug) 3298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->debug = debug; 3300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 3302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_cache_hit(SSL *s) 3303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 3304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->hit; 3305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 3306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 3307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) 3308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "../crypto/bio/bss_file.c" 3309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_STACK_OF(SSL_CIPHER) 3312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectIMPLEMENT_STACK_OF(SSL_COMP) 3313221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromIMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, 3314221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ssl_cipher_id); 3315