* [including the GNU Public Licence.]
*/
+
+#include <assert.h>
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#include "ssl_locl.h"
-char *SSL_version_str=OPENSSL_VERSION_TEXT;
+const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-static STACK *ssl_meth=NULL;
-static STACK *ssl_ctx_meth=NULL;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
static int ssl_meth_num=0;
static int ssl_ctx_meth_num=0;
OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
- /* evil casts, but these functions are only called if there's a libraryr bug */
+ /* evil casts, but these functions are only called if there's a library bug */
(int (*)(SSL *,int))ssl_undefined_function,
(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
ssl_undefined_function,
s->hit=0;
s->shutdown=0;
-#if 0
+#if 0 /* Disabled since version 1.10 of this file (early return not
+ * needed because SSL_clear is not called when doing renegotiation) */
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
if (s->new_session) return(1);
+#else
+ if (s->new_session)
+ {
+ SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+ return 0;
+ }
#endif
state=s->state; /* Keep to check if we throw away the session-id */
return(NULL);
}
- s=(SSL *)Malloc(sizeof(SSL));
+ s=(SSL *)OPENSSL_malloc(sizeof(SSL));
if (s == NULL) goto err;
memset(s,0,sizeof(SSL));
s->mode=ctx->mode;
SSL_clear(s);
- CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+ CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
return(s);
err:
ssl_cert_free(s->cert);
if (s->ctx != NULL)
SSL_CTX_free(s->ctx); /* decrement reference count */
- Free(s);
+ OPENSSL_free(s);
}
SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
if (s->method != NULL) s->method->ssl_free(s);
- Free((char *)s);
+ OPENSSL_free(s);
}
void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
else
r=s->session->sess_cert->cert_chain;
+ /* If we are a client, cert_chain includes the peer's own
+ * certificate; if we are a server, it does not. */
+
return(r);
}
}
}
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
+ {
+ switch(cmd)
+ {
+ default:
+ return(s->method->ssl_callback_ctrl(s,cmd,fp));
+ }
+ }
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+ {
+ return ctx->sessions;
+ }
+
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
{
long l;
}
}
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+ {
+ switch(cmd)
+ {
+ default:
+ return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
+ }
+ }
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
long l;
return((l > 0)?1:-1);
}
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+ const SSL_CIPHER * const *bp)
{
long l;
}
/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{
STACK_OF(SSL_CIPHER) *sk;
}
/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,char *str)
+int SSL_set_cipher_list(SSL *s,const char *str)
{
STACK_OF(SSL_CIPHER) *sk;
return(NULL);
}
if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
+ sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
else
{
sk= *skp;
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
goto err;
}
- ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+ ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
if (ret == NULL)
goto err;
}
static void SSL_COMP_free(SSL_COMP *comp)
- { Free(comp); }
+ { OPENSSL_free(comp); }
void SSL_CTX_free(SSL_CTX *a)
{
sk_X509_pop_free(a->extra_certs,X509_free);
if (a->comp_methods != NULL)
sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
- Free((char *)a);
+ OPENSSL_free(a);
}
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
emask|=SSL_aDSS;
}
-#ifdef SSL_ALLOW_ADH
mask|=SSL_aNULL;
emask|=SSL_aNULL;
-#endif
c->mask=mask;
c->export_mask=emask;
c=s->cert;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
alg=s->s3->tmp.new_cipher->algorithms;
- is_export=SSL_IS_EXPORT(alg);
+ is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
mask=is_export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
return(NULL);
}
-char *SSL_get_version(SSL *s)
+const char *SSL_get_version(SSL *s)
{
if (s->version == TLS1_VERSION)
return("TLSv1");
if (s->enc_read_ctx != NULL)
{
EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
- Free(s->enc_read_ctx);
+ OPENSSL_free(s->enc_read_ctx);
s->enc_read_ctx=NULL;
}
if (s->enc_write_ctx != NULL)
{
EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
- Free(s->enc_write_ctx);
+ OPENSSL_free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
if (s->expand != NULL)
void ssl_free_wbio_buffer(SSL *s)
{
- BIO *under;
-
if (s->bbio == NULL) return;
if (s->bbio == s->wbio)
{
/* remove buffering */
- under=BIO_pop(s->wbio);
- if (under != NULL)
- s->wbio=under;
- else
- abort(); /* ok */
- }
+ s->wbio=BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
+ assert(s->wbio != NULL);
+#endif
+ }
BIO_free(s->bbio);
s->bbio=NULL;
}
return(ssl->verify_result);
}
-int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
- int (*dup_func)(),void (*free_func)())
+int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
ssl_meth_num++;
return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
return(CRYPTO_get_ex_data(&s->ex_data,idx));
}
-int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
- int (*dup_func)(),void (*free_func)())
+int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
{
ssl_ctx_meth_num++;
return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
int is_export,
int keylength))
- { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
-#endif
+ {
+ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+ }
-#ifndef NO_RSA
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
- int keylength))
- { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
+ int is_export,
+ int keylength))
+ {
+ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+ }
#endif
#ifdef DOXYGEN
#ifndef NO_DH
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
int keylength))
- { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+ {
+ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+ }
void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+ int keylength))
+ {
+ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+ }
#endif
#if defined(_WINDLL) && defined(WIN16)