(int (*)(SSL *, int))ssl_undefined_function,
(size_t (*)(SSL *, const char *, size_t, unsigned char *))
ssl_undefined_function,
- 0, /* finish_mac_length */
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
struct ssl_async_args {
SSL *s;
void *buf;
- int num;
+ size_t num;
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union {
int (*func_read) (SSL *, void *, size_t, size_t *);
t->usage = usage;
t->selector = selector;
t->mtype = mtype;
- t->data = OPENSSL_malloc(ilen);
+ t->data = OPENSSL_malloc(dlen);
if (t->data == NULL) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
return -1;
}
- memcpy(t->data, data, ilen);
- t->dlen = ilen;
+ memcpy(t->data, data, dlen);
+ t->dlen = dlen;
/* Validate and cache full certificate or public key */
if (mtype == DANETLS_MATCHING_FULL) {
switch (selector) {
case DANETLS_SELECTOR_CERT:
- if (!d2i_X509(&cert, &p, dlen) || p < data ||
+ if (!d2i_X509(&cert, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
break;
case DANETLS_SELECTOR_SPKI:
- if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data ||
+ if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
SSL_CTX_up_ref(ctx);
s->ctx = ctx;
- s->tlsext_debug_cb = 0;
- s->tlsext_debug_arg = NULL;
- s->tlsext_ticket_expected = 0;
- s->tlsext_status_type = ctx->tlsext_status_type;
- s->tlsext_status_expected = 0;
- s->tlsext_ocsp_ids = NULL;
- s->tlsext_ocsp_exts = NULL;
- s->tlsext_ocsp_resp = NULL;
- s->tlsext_ocsp_resplen = -1;
+ s->ext.debug_cb = 0;
+ s->ext.debug_arg = NULL;
+ s->ext.ticket_expected = 0;
+ s->ext.status_type = ctx->ext.status_type;
+ s->ext.status_expected = 0;
+ s->ext.ocsp.ids = NULL;
+ s->ext.ocsp.exts = NULL;
+ s->ext.ocsp.resp = NULL;
+ s->ext.ocsp.resp_len = 0;
SSL_CTX_up_ref(ctx);
s->initial_ctx = ctx;
#ifndef OPENSSL_NO_EC
- if (ctx->tlsext_ecpointformatlist) {
- s->tlsext_ecpointformatlist =
- OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
- ctx->tlsext_ecpointformatlist_length);
- if (!s->tlsext_ecpointformatlist)
+ if (ctx->ext.ecpointformats) {
+ s->ext.ecpointformats =
+ OPENSSL_memdup(ctx->ext.ecpointformats,
+ ctx->ext.ecpointformats_len);
+ if (!s->ext.ecpointformats)
goto err;
- s->tlsext_ecpointformatlist_length =
- ctx->tlsext_ecpointformatlist_length;
- }
- if (ctx->tlsext_ellipticcurvelist) {
- s->tlsext_ellipticcurvelist =
- OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
- ctx->tlsext_ellipticcurvelist_length);
- if (!s->tlsext_ellipticcurvelist)
+ s->ext.ecpointformats_len =
+ ctx->ext.ecpointformats_len;
+ }
+ if (ctx->ext.supportedgroups) {
+ s->ext.supportedgroups =
+ OPENSSL_memdup(ctx->ext.supportedgroups,
+ ctx->ext.supportedgroups_len);
+ if (!s->ext.supportedgroups)
goto err;
- s->tlsext_ellipticcurvelist_length =
- ctx->tlsext_ellipticcurvelist_length;
+ s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
}
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
- s->next_proto_negotiated = NULL;
+ s->ext.npn = NULL;
#endif
- if (s->ctx->alpn_client_proto_list) {
- s->alpn_client_proto_list =
- OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
- if (s->alpn_client_proto_list == NULL)
+ if (s->ctx->ext.alpn) {
+ s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+ if (s->ext.alpn == NULL)
goto err;
- memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
- s->ctx->alpn_client_proto_list_len);
- s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
+ memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+ s->ext.alpn_len = s->ctx->ext.alpn_len;
}
s->verified_chain = NULL;
{
int i;
- if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0)
+ if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
return 0;
REF_PRINT_COUNT("SSL", s);
* accepts them and disables host name checks. To avoid side-effects with
* invalid input, set the SNI name first.
*/
- if (s->tlsext_hostname == NULL) {
+ if (s->ext.hostname == NULL) {
if (!SSL_set_tlsext_host_name(s, basedomain)) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
return -1;
if (s == NULL)
return;
- CRYPTO_atomic_add(&s->references, -1, &i, s->lock);
+ CRYPTO_DOWN_REF(&s->references, &i, s->lock);
REF_PRINT_COUNT("SSL", s);
if (i > 0)
return;
ssl_cert_free(s->cert);
/* Free up if allocated */
- OPENSSL_free(s->tlsext_hostname);
+ OPENSSL_free(s->ext.hostname);
SSL_CTX_free(s->initial_ctx);
#ifndef OPENSSL_NO_EC
- OPENSSL_free(s->tlsext_ecpointformatlist);
- OPENSSL_free(s->tlsext_ellipticcurvelist);
+ OPENSSL_free(s->ext.ecpointformats);
+ OPENSSL_free(s->ext.supportedgroups);
#endif /* OPENSSL_NO_EC */
- sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+ sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
#ifndef OPENSSL_NO_OCSP
- sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+ sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
#endif
#ifndef OPENSSL_NO_CT
SCT_LIST_free(s->scts);
- OPENSSL_free(s->tlsext_scts);
+ OPENSSL_free(s->ext.scts);
#endif
- OPENSSL_free(s->tlsext_ocsp_resp);
- OPENSSL_free(s->alpn_client_proto_list);
+ OPENSSL_free(s->ext.ocsp.resp);
+ OPENSSL_free(s->ext.alpn);
sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
ASYNC_WAIT_CTX_free(s->waitctx);
#if !defined(OPENSSL_NO_NEXTPROTONEG)
- OPENSSL_free(s->next_proto_negotiated);
+ OPENSSL_free(s->ext.npn);
#endif
#ifndef OPENSSL_NO_SRTP
int SSL_pending(const SSL *s)
{
+ size_t pending = s->method->ssl_pending(s);
+
/*
* SSL_pending cannot work properly if read-ahead is enabled
* (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
* impossible to fix since SSL_pending cannot report errors that may be
* observed while scanning the new data. (Note that SSL_pending() is
* often used as a boolean value, so we'd better not return -1.)
+ *
+ * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+ * we just return INT_MAX.
*/
- return (s->method->ssl_pending(s));
+ return pending < INT_MAX ? (int)pending : INT_MAX;
}
int SSL_has_pending(const SSL *s)
return 0;
}
- CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock);
+ CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
ssl_cert_free(t->cert);
t->cert = f->cert;
- if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
+ if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
return 0;
}
struct ssl_async_args *args;
SSL *s;
void *buf;
- int num;
+ size_t num;
args = (struct ssl_async_args *)vargs;
s = args->s;
int SSL_read(SSL *s, void *buf, int num)
{
int ret;
- size_t read;
+ size_t readbytes;
if (num < 0) {
SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
return -1;
}
- ret = SSL_read_ex(s, buf, (size_t)num, &read);
+ ret = SSL_read_ex(s, buf, (size_t)num, &readbytes);
/*
* The cast is safe here because ret should be <= INT_MAX because num is
* <= INT_MAX
*/
if (ret > 0)
- ret = (int)read;
+ ret = (int)readbytes;
return ret;
}
-int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *read)
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED);
args.f.func_read = s->method->ssl_read;
ret = ssl_start_async_job(s, &args, ssl_io_intern);
- *read = s->asyncrw;
+ *readbytes = s->asyncrw;
return ret;
} else {
- return s->method->ssl_read(s, buf, num, read);
+ return s->method->ssl_read(s, buf, num, readbytes);
}
}
int SSL_peek(SSL *s, void *buf, int num)
{
int ret;
- size_t read;
+ size_t readbytes;
if (num < 0) {
SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
return -1;
}
- ret = SSL_peek_ex(s, buf, (size_t)num, &read);
+ ret = SSL_peek_ex(s, buf, (size_t)num, &readbytes);
/*
* The cast is safe here because ret should be <= INT_MAX because num is
* <= INT_MAX
*/
if (ret > 0)
- ret = (int)read;
+ ret = (int)readbytes;
return ret;
}
-int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *read)
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED);
args.f.func_read = s->method->ssl_peek;
ret = ssl_start_async_job(s, &args, ssl_io_intern);
- *read = s->asyncrw;
+ *readbytes = s->asyncrw;
return ret;
} else {
- return s->method->ssl_peek(s, buf, num, read);
+ return s->method->ssl_peek(s, buf, num, readbytes);
}
}
int SSL_renegotiate(SSL *s)
{
+ /*
+ * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
+ * instead when we support that?
+ */
+ if (SSL_IS_TLS13(s))
+ return 0;
+
if (s->renegotiate == 0)
s->renegotiate = 1;
int SSL_renegotiate_abbreviated(SSL *s)
{
+ /*
+ * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
+ * instead when we support that?
+ */
+ if (SSL_IS_TLS13(s))
+ return 0;
+
if (s->renegotiate == 0)
s->renegotiate = 1;
case SSL_CTRL_CLEAR_MODE:
return (s->mode &= ~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
- return (s->max_cert_list);
+ return (long)(s->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
- l = s->max_cert_list;
- s->max_cert_list = larg;
- return (l);
+ if (larg < 0)
+ return 0;
+ l = (long)s->max_cert_list;
+ s->max_cert_list = (size_t)larg;
+ return l;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
if (ctx == NULL) {
switch (cmd) {
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(NULL, NULL, parg);
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(NULL, NULL, parg);
#endif
case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
return 1;
case SSL_CTRL_GET_MAX_CERT_LIST:
- return (ctx->max_cert_list);
+ return (long)(ctx->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
- l = ctx->max_cert_list;
- ctx->max_cert_list = larg;
- return (l);
+ if (larg < 0)
+ return 0;
+ l = (long)ctx->max_cert_list;
+ ctx->max_cert_list = (size_t)larg;
+ return l;
case SSL_CTRL_SET_SESS_CACHE_SIZE:
- l = ctx->session_cache_size;
- ctx->session_cache_size = larg;
- return (l);
+ if (larg < 0)
+ return 0;
+ l = (long)ctx->session_cache_size;
+ ctx->session_cache_size = (size_t)larg;
+ return l;
case SSL_CTRL_GET_SESS_CACHE_SIZE:
- return (ctx->session_cache_size);
+ return (long)(ctx->session_cache_size);
case SSL_CTRL_SET_SESS_CACHE_MODE:
l = ctx->session_cache_mode;
ctx->session_cache_mode = larg;
if (type != TLSEXT_NAMETYPE_host_name)
return NULL;
- return s->session && !s->tlsext_hostname ?
- s->session->tlsext_hostname : s->tlsext_hostname;
+ return s->session && !s->ext.hostname ?
+ s->session->ext.hostname : s->ext.hostname;
}
int SSL_get_servername_type(const SSL *s)
{
if (s->session
- && (!s->tlsext_hostname ? s->session->
- tlsext_hostname : s->tlsext_hostname))
+ && (!s->ext.hostname ? s->session->
+ ext.hostname : s->ext.hostname))
return TLSEXT_NAMETYPE_host_name;
return -1;
}
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len)
{
- *data = s->next_proto_negotiated;
+ *data = s->ext.npn;
if (!*data) {
*len = 0;
} else {
- *len = s->next_proto_negotiated_len;
+ *len = (unsigned int)s->ext.npn_len;
}
}
/*
- * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
* a TLS server needs a list of supported protocols for Next Protocol
* Negotiation. The returned list must be in wire format. The list is
* returned by setting |out| to point to it and |outlen| to its length. This
* wishes to advertise. Otherwise, no such extension will be included in the
* ServerHello.
*/
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
- int (*cb) (SSL *ssl,
- const unsigned char
- **out,
- unsigned int *outlen,
- void *arg), void *arg)
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+ SSL_CTX_npn_advertised_cb_func cb,
+ void *arg)
{
- ctx->next_protos_advertised_cb = cb;
- ctx->next_protos_advertised_cb_arg = arg;
+ ctx->ext.npn_advertised_cb = cb;
+ ctx->ext.npn_advertised_cb_arg = arg;
}
/*
* select a protocol. It is fatal to the connection if this callback returns
* a value other than SSL_TLSEXT_ERR_OK.
*/
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
- int (*cb) (SSL *s, unsigned char **out,
- unsigned char *outlen,
- const unsigned char *in,
- unsigned int inlen,
- void *arg), void *arg)
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+ SSL_CTX_npn_select_cb_func cb,
+ void *arg)
{
- ctx->next_proto_select_cb = cb;
- ctx->next_proto_select_cb_arg = arg;
+ ctx->ext.npn_select_cb = cb;
+ ctx->ext.npn_select_cb_arg = arg;
}
#endif
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len)
{
- OPENSSL_free(ctx->alpn_client_proto_list);
- ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
- if (ctx->alpn_client_proto_list == NULL) {
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ctx->ext.alpn == NULL) {
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
- ctx->alpn_client_proto_list_len = protos_len;
+ ctx->ext.alpn_len = protos_len;
return 0;
}
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len)
{
- OPENSSL_free(ssl->alpn_client_proto_list);
- ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
- if (ssl->alpn_client_proto_list == NULL) {
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ssl->ext.alpn == NULL) {
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
- ssl->alpn_client_proto_list_len = protos_len;
+ ssl->ext.alpn_len = protos_len;
return 0;
}
* from the client's list of offered protocols.
*/
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
- int (*cb) (SSL *ssl,
- const unsigned char **out,
- unsigned char *outlen,
- const unsigned char *in,
- unsigned int inlen,
- void *arg), void *arg)
+ SSL_CTX_alpn_select_cb_func cb,
+ void *arg)
{
- ctx->alpn_select_cb = cb;
- ctx->alpn_select_cb_arg = arg;
+ ctx->ext.alpn_select_cb = cb;
+ ctx->ext.alpn_select_cb_arg = arg;
}
/*
if (*data == NULL)
*len = 0;
else
- *len = ssl->s3->alpn_selected_len;
+ *len = (unsigned int)ssl->s3->alpn_selected_len;
}
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
/* Setup RFC5077 ticket keys */
- if ((RAND_bytes(ret->tlsext_tick_key_name,
- sizeof(ret->tlsext_tick_key_name)) <= 0)
- || (RAND_bytes(ret->tlsext_tick_hmac_key,
- sizeof(ret->tlsext_tick_hmac_key)) <= 0)
- || (RAND_bytes(ret->tlsext_tick_aes_key,
- sizeof(ret->tlsext_tick_aes_key)) <= 0))
+ if ((RAND_bytes(ret->ext.tick_key_name,
+ sizeof(ret->ext.tick_key_name)) <= 0)
+ || (RAND_bytes(ret->ext.tick_hmac_key,
+ sizeof(ret->ext.tick_hmac_key)) <= 0)
+ || (RAND_bytes(ret->ext.tick_aes_key,
+ sizeof(ret->ext.tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
*/
ret->options |= SSL_OP_NO_COMPRESSION;
- ret->tlsext_status_type = -1;
+ ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
return ret;
err:
{
int i;
- if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0)
+ if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
return 0;
REF_PRINT_COUNT("SSL_CTX", ctx);
if (a == NULL)
return;
- CRYPTO_atomic_add(&a->references, -1, &i, a->lock);
+ CRYPTO_DOWN_REF(&a->references, &i, a->lock);
REF_PRINT_COUNT("SSL_CTX", a);
if (i > 0)
return;
#endif
#ifndef OPENSSL_NO_EC
- OPENSSL_free(a->tlsext_ecpointformatlist);
- OPENSSL_free(a->tlsext_ellipticcurvelist);
+ OPENSSL_free(a->ext.ecpointformats);
+ OPENSSL_free(a->ext.supportedgroups);
#endif
- OPENSSL_free(a->alpn_client_proto_list);
+ OPENSSL_free(a->ext.alpn);
CRYPTO_THREAD_lock_free(a->lock);
static int ssl_get_server_cert_index(const SSL *s)
{
int idx;
+
+ /*
+ * TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the
+ * ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite
+ * forces the use of an RSA cert. This will need to change.
+ */
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
idx = SSL_PKEY_RSA_SIGN;
return (SSL_ERROR_SSL);
}
- if (i < 0) {
- if (SSL_want_read(s)) {
- bio = SSL_get_rbio(s);
- if (BIO_should_read(bio))
- return (SSL_ERROR_WANT_READ);
- else if (BIO_should_write(bio))
- /*
- * This one doesn't make too much sense ... We never try to write
- * to the rbio, and an application program where rbio and wbio
- * are separate couldn't even know what it should wait for.
- * However if we ever set s->rwstate incorrectly (so that we have
- * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
- * wbio *are* the same, this test works around that bug; so it
- * might be safer to keep it.
- */
- return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_io_special(bio)) {
- reason = BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return (SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return (SSL_ERROR_WANT_ACCEPT);
- else
- return (SSL_ERROR_SYSCALL); /* unknown */
- }
+ if (SSL_want_read(s)) {
+ bio = SSL_get_rbio(s);
+ if (BIO_should_read(bio))
+ return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_write(bio))
+ /*
+ * This one doesn't make too much sense ... We never try to write
+ * to the rbio, and an application program where rbio and wbio
+ * are separate couldn't even know what it should wait for.
+ * However if we ever set s->rwstate incorrectly (so that we have
+ * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+ * wbio *are* the same, this test works around that bug; so it
+ * might be safer to keep it.
+ */
+ return (SSL_ERROR_WANT_WRITE);
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return (SSL_ERROR_WANT_CONNECT);
+ else if (reason == BIO_RR_ACCEPT)
+ return (SSL_ERROR_WANT_ACCEPT);
+ else
+ return (SSL_ERROR_SYSCALL); /* unknown */
}
+ }
- if (SSL_want_write(s)) {
+ if (SSL_want_write(s)) {
+ /*
+ * Access wbio directly - in order to use the buffered bio if
+ * present
+ */
+ bio = s->wbio;
+ if (BIO_should_write(bio))
+ return (SSL_ERROR_WANT_WRITE);
+ else if (BIO_should_read(bio))
/*
- * Access wbio directly - in order to use the buffered bio if
- * present
+ * See above (SSL_want_read(s) with BIO_should_write(bio))
*/
- bio = s->wbio;
- if (BIO_should_write(bio))
- return (SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- /*
- * See above (SSL_want_read(s) with BIO_should_write(bio))
- */
- return (SSL_ERROR_WANT_READ);
- else if (BIO_should_io_special(bio)) {
- reason = BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return (SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return (SSL_ERROR_WANT_ACCEPT);
- else
- return (SSL_ERROR_SYSCALL);
- }
- }
- if (SSL_want_x509_lookup(s)) {
- return (SSL_ERROR_WANT_X509_LOOKUP);
- }
- if (SSL_want_async(s)) {
- return SSL_ERROR_WANT_ASYNC;
- }
- if (SSL_want_async_job(s)) {
- return SSL_ERROR_WANT_ASYNC_JOB;
+ return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return (SSL_ERROR_WANT_CONNECT);
+ else if (reason == BIO_RR_ACCEPT)
+ return (SSL_ERROR_WANT_ACCEPT);
+ else
+ return (SSL_ERROR_SYSCALL);
}
}
-
- if (i == 0) {
- if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return (SSL_ERROR_ZERO_RETURN);
+ if (SSL_want_x509_lookup(s)) {
+ return (SSL_ERROR_WANT_X509_LOOKUP);
}
+ if (SSL_want_async(s)) {
+ return SSL_ERROR_WANT_ASYNC;
+ }
+ if (SSL_want_async_job(s)) {
+ return SSL_ERROR_WANT_ASYNC_JOB;
+ }
+
+ if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ return (SSL_ERROR_ZERO_RETURN);
+
return (SSL_ERROR_SYSCALL);
}
return -1;
}
- s->method->ssl_renegotiate_check(s);
+ s->method->ssl_renegotiate_check(s, 0);
if (SSL_in_init(s) || SSL_in_before(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
/* If we're not quiescent, just up_ref! */
if (!SSL_in_init(s) || !SSL_in_before(s)) {
- CRYPTO_atomic_add(&s->references, 1, &i, s->lock);
+ CRYPTO_UP_REF(&s->references, &i, s->lock);
return s;
}
goto err;
}
- if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
+ if (!SSL_set_session_id_context(ret, s->sid_ctx,
+ (int)s->sid_ctx_length))
goto err;
}
return (s->session->psk_identity);
}
-void SSL_set_psk_client_callback(SSL *s,
- unsigned int (*cb) (SSL *ssl,
- const char *hint,
- char *identity,
- unsigned int
- max_identity_len,
- unsigned char *psk,
- unsigned int max_psk_len))
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
{
s->psk_client_callback = cb;
}
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
- unsigned int (*cb) (SSL *ssl,
- const char *hint,
- char *identity,
- unsigned int
- max_identity_len,
- unsigned char *psk,
- unsigned int
- max_psk_len))
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
{
ctx->psk_client_callback = cb;
}
-void SSL_set_psk_server_callback(SSL *s,
- unsigned int (*cb) (SSL *ssl,
- const char *identity,
- unsigned char *psk,
- unsigned int max_psk_len))
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
{
s->psk_server_callback = cb;
}
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
- unsigned int (*cb) (SSL *ssl,
- const char *identity,
- unsigned char *psk,
- unsigned int
- max_psk_len))
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
{
ctx->psk_server_callback = cb;
}
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
* variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
- * allocated ctx;
+ * If EVP_MD pointer is passed, initializes ctx with this md.
+ * Returns the newly allocated ctx;
*/
EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
{
- if (*hash)
- EVP_MD_CTX_free(*hash);
+ EVP_MD_CTX_free(*hash);
*hash = NULL;
}
{
int scts_extracted = 0;
- if (s->tlsext_scts != NULL) {
- const unsigned char *p = s->tlsext_scts;
- STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len);
+ if (s->ext.scts != NULL) {
+ const unsigned char *p = s->ext.scts;
+ STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
STACK_OF(SCT) *scts = NULL;
int i;
- if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0)
+ if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
goto err;
- p = s->tlsext_ocsp_resp;
- rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen);
+ p = s->ext.ocsp.resp;
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
if (rsp == NULL)
goto err;
CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+ CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
scts = SSL_get0_peer_scts(s);
}
#endif
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+ ctx->keylog_callback = cb;
+}
+
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+ return ctx->keylog_callback;
+}
+
+static int nss_keylog_int(const char *prefix,
+ SSL *ssl,
+ const uint8_t *parameter_1,
+ size_t parameter_1_len,
+ const uint8_t *parameter_2,
+ size_t parameter_2_len)
+{
+ char *out = NULL;
+ char *cursor = NULL;
+ size_t out_len = 0;
+ size_t i;
+ size_t prefix_len;
+
+ if (ssl->ctx->keylog_callback == NULL) return 1;
+
+ /*
+ * Our output buffer will contain the following strings, rendered with
+ * space characters in between, terminated by a NULL character: first the
+ * prefix, then the first parameter, then the second parameter. The
+ * meaning of each parameter depends on the specific key material being
+ * logged. Note that the first and second parameters are encoded in
+ * hexadecimal, so we need a buffer that is twice their lengths.
+ */
+ prefix_len = strlen(prefix);
+ out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+ if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
+ SSLerr(SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ strcpy(cursor, prefix);
+ cursor += prefix_len;
+ *cursor++ = ' ';
+
+ for (i = 0; i < parameter_1_len; i++) {
+ sprintf(cursor, "%02x", parameter_1[i]);
+ cursor += 2;
+ }
+ *cursor++ = ' ';
+
+ for (i = 0; i < parameter_2_len; i++) {
+ sprintf(cursor, "%02x", parameter_2[i]);
+ cursor += 2;
+ }
+ *cursor = '\0';
+
+ ssl->ctx->keylog_callback(ssl, (const char *)out);
+ OPENSSL_free(out);
+ return 1;
+
+}
+
+int ssl_log_rsa_client_key_exchange(SSL *ssl,
+ const uint8_t *encrypted_premaster,
+ size_t encrypted_premaster_len,
+ const uint8_t *premaster,
+ size_t premaster_len)
+{
+ if (encrypted_premaster_len < 8) {
+ SSLerr(SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /* We only want the first 8 bytes of the encrypted premaster as a tag. */
+ return nss_keylog_int("RSA",
+ ssl,
+ encrypted_premaster,
+ 8,
+ premaster,
+ premaster_len);
+}
+
+int ssl_log_master_secret(SSL *ssl,
+ const uint8_t *client_random,
+ size_t client_random_len,
+ const uint8_t *master,
+ size_t master_len)
+{
+ /*
+ * TLSv1.3 changes the derivation of the master secret compared to earlier
+ * TLS versions, meaning that logging it out is less useful. Instead we
+ * want to log out other secrets: specifically, the handshake and
+ * application traffic secrets. For this reason, if this function is called
+ * for TLSv1.3 we don't bother logging, and just return success
+ * immediately.
+ */
+ if (SSL_IS_TLS13(ssl)) return 1;
+
+ if (client_random_len != 32) {
+ SSLerr(SSL_F_SSL_LOG_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return nss_keylog_int("CLIENT_RANDOM",
+ ssl,
+ client_random,
+ client_random_len,
+ master,
+ master_len);
+}
+