int use_context))ssl_undefined_function,
};
+static void clear_ciphers(SSL *s)
+{
+ /* clear the current cipher */
+ ssl_clear_cipher_ctx(s);
+ ssl_clear_hash_ctx(&s->read_hash);
+ ssl_clear_hash_ctx(&s->write_hash);
+}
+
int SSL_clear(SSL *s)
{
if (s->method == NULL) {
BUF_MEM_free(s->init_buf);
s->init_buf = NULL;
- ssl_clear_cipher_ctx(s);
- ssl_clear_hash_ctx(&s->read_hash);
- ssl_clear_hash_ctx(&s->write_hash);
+ clear_ciphers(s);
s->first_packet = 0;
/*
SSL_SESSION_free(s->session);
}
- ssl_clear_cipher_ctx(s);
- ssl_clear_hash_ctx(&s->read_hash);
- ssl_clear_hash_ctx(&s->write_hash);
+ clear_ciphers(s);
ssl_cert_free(s->cert);
/* Free up if allocated */
{
STACK_OF(X509) *r;
- if ((s == NULL) || (s->session == NULL)
- || (s->session->sess_cert == NULL))
+ if ((s == NULL) || (s->session == NULL))
r = NULL;
else
- r = s->session->sess_cert->cert_chain;
+ r = s->session->peer_chain;
/*
* If we are a client, cert_chain includes the peer's own certificate; if
return (NULL);
}
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+ if ((s == NULL) || (s->session == NULL) || !s->server)
+ return NULL;
+ return s->session->ciphers;
+}
+
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
{
CERT_PKEY *cpk;
CERT *c = s->cert;
- int *pvalid = s->s3->tmp.valid_flags;
+ uint32_t *pvalid = s->s3->tmp.valid_flags;
int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
int rsa_enc_export, dh_rsa_export, dh_dsa_export;
int rsa_tmp_export, dh_tmp_export, kl;
mask_k |= SSL_kGOST;
mask_a |= SSL_aGOST01;
}
- cpk = &(c->pkeys[SSL_PKEY_GOST94]);
- if (cpk->x509 != NULL && cpk->privatekey != NULL) {
- mask_k |= SSL_kGOST;
- mask_a |= SSL_aGOST94;
- }
if (rsa_enc || (rsa_tmp && rsa_sign))
mask_k |= SSL_kRSA;
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
emask_a |= SSL_aPSK;
+ if (mask_k & SSL_kRSA)
+ mask_k |= SSL_kRSAPSK;
+ if (mask_k & SSL_kDHE)
+ mask_k |= SSL_kDHEPSK;
+ if (mask_k & SSL_kECDHE)
+ mask_k |= SSL_kECDHEPSK;
#endif
s->s3->tmp.mask_k = mask_k;
return (ret);
}
-/*
- * For the next 2 functions, SSL_clear() sets shutdown and so one of these
- * calls will reset it
- */
void SSL_set_accept_state(SSL *s)
{
s->server = 1;
s->shutdown = 0;
s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
s->handshake_func = s->method->ssl_accept;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- ssl_clear_hash_ctx(&s->read_hash);
- ssl_clear_hash_ctx(&s->write_hash);
+ clear_ciphers(s);
}
void SSL_set_connect_state(SSL *s)
s->shutdown = 0;
s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
s->handshake_func = s->method->ssl_connect;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- ssl_clear_hash_ctx(&s->read_hash);
- ssl_clear_hash_ctx(&s->write_hash);
+ clear_ciphers(s);
}
int ssl_undefined_function(SSL *s)
return (ssl->verify_result);
}
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->client_random);
+ if (outlen > sizeof(ssl->s3->client_random))
+ outlen = sizeof(ssl->s3->client_random);
+ memcpy(out, ssl->s3->client_random, outlen);
+ return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->server_random);
+ if (outlen > sizeof(ssl->s3->server_random))
+ outlen = sizeof(ssl->s3->server_random);
+ memcpy(out, ssl->s3->server_random, outlen);
+ return outlen;
+}
+
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen)
+{
+ if (session->master_key_length < 0) {
+ /* Should never happen */
+ return 0;
+ }
+ if (outlen == 0)
+ return session->master_key_length;
+ if (outlen > (size_t)session->master_key_length)
+ outlen = session->master_key_length;
+ memcpy(out, session->master_key, outlen);
+ return outlen;
+}
+
int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{