X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=3770bdf0f572afb59634afc20ef7c83c500a14c6;hp=95e8405cd7d1919baeb5e2d0fc2afa39b0d13213;hb=a8eeb155b5323809113e57e62de887b31f9fba7b;hpb=d58d092bc9f0a541ce5f0b265ee819f7ab086560 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 95e8405cd7..3770bdf0f5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -61,6 +61,7 @@ #include #include #include +#include #include "ssl_locl.h" char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -71,12 +72,13 @@ static int ssl_meth_num=0; static int ssl_ctx_meth_num=0; OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ + /* evil casts, but these functions are only called if there's a libraryr bug */ + (int (*)(SSL *,int))ssl_undefined_function, + (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, - ssl_undefined_function, - ssl_undefined_function, - ssl_undefined_function, - ssl_undefined_function, - ssl_undefined_function, + (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, + (int (*)(SSL*, int))ssl_undefined_function, + (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function }; int SSL_clear(SSL *s) @@ -201,6 +203,8 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->verify_callback=ctx->default_verify_callback; + s->purpose = ctx->purpose; + s->trust = ctx->trust; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; @@ -215,6 +219,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->references=1; s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; s->options=ctx->options; + s->mode=ctx->mode; SSL_clear(s); CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data); @@ -261,6 +266,46 @@ int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, return 1; } +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) +{ + if(X509_PURPOSE_get_by_id(purpose) == -1) { + SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE); + return 0; + } + s->purpose = purpose; + return 1; +} + +int SSL_set_purpose(SSL *s, int purpose) +{ + if(X509_PURPOSE_get_by_id(purpose) == -1) { + SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE); + return 0; + } + s->purpose = purpose; + return 1; +} + +int SSL_CTX_set_trust(SSL_CTX *s, int trust) +{ + if(X509_TRUST_get_by_id(trust) == -1) { + SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST); + return 0; + } + s->trust = trust; + return 1; +} + +int SSL_set_trust(SSL *s, int trust) +{ + if(X509_TRUST_get_by_id(trust) == -1) { + SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST); + return 0; + } + s->trust = trust; + return 1; +} + void SSL_free(SSL *s) { int i; @@ -432,6 +477,38 @@ err: } #endif + +/* return length of latest Finished message we sent, copy to 'buf' */ +size_t SSL_get_finished(SSL *s, void *buf, size_t count) + { + size_t ret = 0; + + if (s->s3 != NULL) + { + ret = s->s3->tmp.finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3->tmp.finish_md, count); + } + return ret; + } + +/* return length of latest Finished message we expected, copy to 'buf' */ +size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) + { + size_t ret = 0; + + if (s->s3 != NULL) + { + ret = s->s3->tmp.peer_finish_md_len; + if (count > ret) + count = ret; + memcpy(buf, s->s3->tmp.peer_finish_md, count); + } + return ret; + } + + int SSL_get_verify_mode(SSL *s) { return(s->verify_mode); @@ -575,7 +652,10 @@ int SSL_check_private_key(SSL *ssl) return(0); } if (ssl->cert == NULL) - return(SSL_CTX_check_private_key(ssl->ctx)); + { + SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); + return 0; + } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); @@ -695,6 +775,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) return(l); case SSL_CTRL_OPTIONS: return(s->options|=larg); + case SSL_CTRL_MODE: + return(s->mode|=larg); default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } @@ -752,6 +834,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg) return(ctx->stats.sess_cache_full); case SSL_CTRL_OPTIONS: return(ctx->options|=larg); + case SSL_CTRL_MODE: + return(ctx->mode|=larg); default: return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); } @@ -826,7 +910,7 @@ const char *SSL_get_cipher_list(SSL *s,int n) return(c->name); } -/** specify the ciphers to be used by defaut by the SSL_CTX */ +/** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str) { STACK_OF(SSL_CIPHER) *sk; @@ -1027,6 +1111,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) goto err; ret->default_passwd_callback=NULL; + ret->default_passwd_callback_userdata=NULL; ret->client_cert_cb=NULL; ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); @@ -1126,10 +1211,20 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) ctx->default_passwd_callback=cb; } +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) + { + ctx->default_passwd_callback_userdata=u; + } + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg) { + /* now + * int (*cb)(X509_STORE_CTX *), + * but should be + * int (*cb)(X509_STORE_CTX *, void *arg) + */ ctx->app_verify_callback=cb; - ctx->app_verify_arg=arg; + ctx->app_verify_arg=arg; /* never used */ } void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))