/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/objects.h>
-#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/ocsp.h>
const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+ int t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+ unsigned char *s, size_t t, size_t *u)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ (void)u;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+ (void)r;
+ return ssl_undefined_function(ssl);
+}
+
+static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
+ unsigned char *t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+ (void)r;
+ return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+ const char *t, size_t u,
+ const unsigned char *v, size_t w, int x)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ (void)u;
+ (void)v;
+ (void)w;
+ (void)x;
+ return ssl_undefined_function(ssl);
+}
+
SSL3_ENC_METHOD ssl3_undef_enc_method = {
- /*
- * evil casts, but these functions are only called if there's a library
- * bug
- */
- (int (*)(SSL *, SSL3_RECORD *, size_t, int))ssl_undefined_function,
- (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function,
+ ssl_undefined_function_1,
+ ssl_undefined_function_2,
ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *))
- ssl_undefined_function,
- (int (*)(SSL *, int))ssl_undefined_function,
- (size_t (*)(SSL *, const char *, size_t, unsigned char *))
- ssl_undefined_function,
+ ssl_undefined_function_3,
+ ssl_undefined_function_4,
+ ssl_undefined_function_5,
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
0, /* server_finished_label_len */
- (int (*)(int))ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, size_t, const char *,
- size_t, const unsigned char *, size_t,
- int use_context))ssl_undefined_function,
+ ssl_undefined_function_6,
+ ssl_undefined_function_7,
};
struct ssl_async_args {
if (!DANETLS_ENABLED(&from->dane))
return 1;
+ num = sk_danetls_record_num(from->dane.trecs);
dane_final(&to->dane);
to->dane.flags = from->dane.flags;
to->dane.dctx = &to->ctx->dane;
- to->dane.trecs = sk_danetls_record_new_null();
+ to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
if (to->dane.trecs == NULL) {
SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
return 0;
}
- num = sk_danetls_record_num(from->dane.trecs);
for (i = 0; i < num; ++i) {
danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
static int dane_tlsa_add(SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen)
+ uint8_t mtype, unsigned const char *data, size_t dlen)
{
danetls_record *t;
const EVP_MD *md = NULL;
OPENSSL_free(s->psksession_id);
s->psksession_id = NULL;
s->psksession_id_len = 0;
+ s->hello_retry_request = 0;
s->error = 0;
s->hit = 0;
s->key_update = SSL_KEY_UPDATE_NONE;
+ EVP_MD_CTX_free(s->pha_dgst);
+ s->pha_dgst = NULL;
+
/* Reset DANE verification result state */
s->dane.mdpth = -1;
s->dane.pdpth = -1;
SSL_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return (0);
+ return 0;
}
- return (1);
+ return 1;
}
SSL *SSL_new(SSL_CTX *ctx)
if (ctx == NULL) {
SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
- return (NULL);
+ return NULL;
}
if (ctx->method == NULL) {
SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
- return (NULL);
+ return NULL;
}
s = OPENSSL_zalloc(sizeof(*s));
if (s == NULL)
goto err;
+ s->references = 1;
s->lock = CRYPTO_THREAD_lock_new();
- if (s->lock == NULL)
+ if (s->lock == NULL) {
+ OPENSSL_free(s);
+ s = NULL;
goto err;
+ }
/*
* If not using the standard RAND (say for fuzzing), then don't use a
* chained DRBG.
*/
if (RAND_get_rand_method() == RAND_OpenSSL()) {
- s->drbg = RAND_DRBG_new(NID_aes_128_ctr, RAND_DRBG_FLAG_CTR_USE_DF,
- RAND_DRBG_get0_global());
+ s->drbg =
+ RAND_DRBG_new(RAND_DRBG_NID, 0, RAND_DRBG_get0_public());
if (s->drbg == NULL
- || RAND_DRBG_instantiate(s->drbg, NULL, 0) == 0) {
- CRYPTO_THREAD_lock_free(s->lock);
+ || RAND_DRBG_instantiate(s->drbg,
+ (const unsigned char *) SSL_version_str,
+ sizeof(SSL_version_str) - 1) == 0)
goto err;
- }
}
RECORD_LAYER_init(&s->rlayer, s);
s->max_proto_version = ctx->max_proto_version;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
- s->references = 1;
s->max_early_data = ctx->max_early_data;
/*
s->record_padding_arg = ctx->record_padding_arg;
s->block_padding = ctx->block_padding;
s->sid_ctx_length = ctx->sid_ctx_length;
- if (!ossl_assert(s->sid_ctx_length <= sizeof s->sid_ctx))
+ if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
goto err;
memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
s->verify_callback = ctx->default_verify_callback;
goto err;
X509_VERIFY_PARAM_inherit(s->param, ctx->param);
s->quiet_shutdown = ctx->quiet_shutdown;
+
+ s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
s->max_send_fragment = ctx->max_send_fragment;
s->split_send_fragment = ctx->split_send_fragment;
s->max_pipelines = ctx->max_pipelines;
s->ext.supportedgroups =
OPENSSL_memdup(ctx->ext.supportedgroups,
ctx->ext.supportedgroups_len
- * sizeof(ctx->ext.supportedgroups));
+ * sizeof(*ctx->ext.supportedgroups));
if (!s->ext.supportedgroups)
goto err;
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
- if (sid_ctx_len > sizeof ctx->sid_ctx) {
+ if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
*/
SSL_SESSION r, *p;
- if (id_len > sizeof r.session_id)
+ if (id_len > sizeof(r.session_id))
return 0;
r.ssl_version = ssl->version;
}
int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen)
+ uint8_t mtype, unsigned const char *data, size_t dlen)
{
return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
}
OPENSSL_free(s->ext.alpn);
OPENSSL_free(s->ext.tls13_cookie);
OPENSSL_free(s->clienthello);
+ OPENSSL_free(s->pha_context);
+ EVP_MD_CTX_free(s->pha_dgst);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
if (r != NULL)
BIO_get_fd(r, &ret);
- return (ret);
+ return ret;
}
int SSL_get_wfd(const SSL *s)
r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
if (r != NULL)
BIO_get_fd(r, &ret);
- return (ret);
+ return ret;
}
#ifndef OPENSSL_NO_SOCK
SSL_set_bio(s, bio, bio);
ret = 1;
err:
- return (ret);
+ return ret;
}
int SSL_set_wfd(SSL *s, int fd)
int SSL_get_verify_mode(const SSL *s)
{
- return (s->verify_mode);
+ return s->verify_mode;
}
int SSL_get_verify_depth(const SSL *s)
}
int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
- return (s->verify_callback);
+ return s->verify_callback;
}
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
- return (ctx->verify_mode);
+ return ctx->verify_mode;
}
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
}
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
- return (ctx->default_verify_callback);
+ return ctx->default_verify_callback;
}
void SSL_set_verify(SSL *s, int mode,
r = s->session->peer;
if (r == NULL)
- return (r);
+ return r;
X509_up_ref(r);
- return (r);
+ return r;
}
STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
* we are a server, it does not.
*/
- return (r);
+ return r;
}
/*
{
if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
- return (0);
+ return 0;
}
if (ctx->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return (0);
+ return 0;
}
- return (X509_check_private_key
- (ctx->cert->key->x509, ctx->cert->key->privatekey));
+ return X509_check_private_key
+ (ctx->cert->key->x509, ctx->cert->key->privatekey);
}
/* Fix this function so that it takes an optional type parameter */
{
if (ssl == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
- return (0);
+ return 0;
}
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
- return (0);
+ return 0;
}
if (ssl->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return (0);
+ return 0;
}
- return (X509_check_private_key(ssl->cert->key->x509,
- ssl->cert->key->privatekey));
+ return X509_check_private_key(ssl->cert->key->x509,
+ ssl->cert->key->privatekey);
}
int SSL_waiting_for_async(SSL *s)
long SSL_get_default_timeout(const SSL *s)
{
- return (s->method->get_timeout());
+ return s->method->get_timeout();
}
static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
{
int ret, early_data_state;
+ size_t writtmp;
+ uint32_t partialwrite;
switch (s->early_data_state) {
case SSL_EARLY_DATA_NONE:
case SSL_EARLY_DATA_WRITE_RETRY:
s->early_data_state = SSL_EARLY_DATA_WRITING;
- ret = SSL_write_ex(s, buf, num, written);
+ /*
+ * We disable partial write for early data because we don't keep track
+ * of how many bytes we've written between the SSL_write_ex() call and
+ * the flush if the flush needs to be retried)
+ */
+ partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
+ s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+ ret = SSL_write_ex(s, buf, num, &writtmp);
+ s->mode |= partialwrite;
+ if (!ret) {
+ s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+ return ret;
+ }
+ s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
+ /* fall through */
+
+ case SSL_EARLY_DATA_WRITE_FLUSH:
+ /* The buffering BIO is still in place so we need to flush it */
+ if (statem_flush(s) != 1)
+ return 0;
+ *written = num;
s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
- return ret;
+ return 1;
case SSL_EARLY_DATA_FINISHED_READING:
case SSL_EARLY_DATA_READ_RETRY:
s->renegotiate = 1;
s->new_session = 1;
- return (s->method->ssl_renegotiate(s));
+ return s->method->ssl_renegotiate(s);
}
int SSL_renegotiate_abbreviated(SSL *s)
s->renegotiate = 1;
s->new_session = 0;
- return (s->method->ssl_renegotiate(s));
+ return s->method->ssl_renegotiate(s);
}
int SSL_renegotiate_pending(SSL *s)
switch (cmd) {
case SSL_CTRL_GET_READ_AHEAD:
- return (RECORD_LAYER_get_read_ahead(&s->rlayer));
+ return RECORD_LAYER_get_read_ahead(&s->rlayer);
case SSL_CTRL_SET_READ_AHEAD:
l = RECORD_LAYER_get_read_ahead(&s->rlayer);
RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
- return (l);
+ return l;
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
s->msg_callback_arg = parg;
case SSL_CTRL_CLEAR_MODE:
return (s->mode &= ~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
- return (long)(s->max_cert_list);
+ return (long)s->max_cert_list;
case SSL_CTRL_SET_MAX_CERT_LIST:
if (larg < 0)
return 0;
case SSL_CTRL_GET_MAX_PROTO_VERSION:
return s->max_proto_version;
default:
- return (s->method->ssl_ctrl(s, cmd, larg, parg));
+ return s->method->ssl_ctrl(s, cmd, larg, parg);
}
}
return 1;
default:
- return (s->method->ssl_callback_ctrl(s, cmd, fp));
+ return s->method->ssl_callback_ctrl(s, cmd, fp);
}
}
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
long l;
+ int i;
/* For some cases with ctx == NULL perform syntax checks */
if (ctx == NULL) {
switch (cmd) {
switch (cmd) {
case SSL_CTRL_GET_READ_AHEAD:
- return (ctx->read_ahead);
+ return ctx->read_ahead;
case SSL_CTRL_SET_READ_AHEAD:
l = ctx->read_ahead;
ctx->read_ahead = larg;
- return (l);
+ return l;
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
ctx->msg_callback_arg = parg;
return 1;
case SSL_CTRL_GET_MAX_CERT_LIST:
- return (long)(ctx->max_cert_list);
+ return (long)ctx->max_cert_list;
case SSL_CTRL_SET_MAX_CERT_LIST:
if (larg < 0)
return 0;
ctx->session_cache_size = (size_t)larg;
return l;
case SSL_CTRL_GET_SESS_CACHE_SIZE:
- return (long)(ctx->session_cache_size);
+ return (long)ctx->session_cache_size;
case SSL_CTRL_SET_SESS_CACHE_MODE:
l = ctx->session_cache_mode;
ctx->session_cache_mode = larg;
- return (l);
+ return l;
case SSL_CTRL_GET_SESS_CACHE_MODE:
- return (ctx->session_cache_mode);
+ return ctx->session_cache_mode;
case SSL_CTRL_SESS_NUMBER:
- return (lh_SSL_SESSION_num_items(ctx->sessions));
+ return lh_SSL_SESSION_num_items(ctx->sessions);
case SSL_CTRL_SESS_CONNECT:
- return (ctx->stats.sess_connect);
+ return CRYPTO_atomic_read(&ctx->stats.sess_connect, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_CONNECT_GOOD:
- return (ctx->stats.sess_connect_good);
+ return CRYPTO_atomic_read(&ctx->stats.sess_connect_good, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
- return (ctx->stats.sess_connect_renegotiate);
+ return CRYPTO_atomic_read(&ctx->stats.sess_connect_renegotiate, &i,
+ ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_ACCEPT:
- return (ctx->stats.sess_accept);
+ return CRYPTO_atomic_read(&ctx->stats.sess_accept, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_ACCEPT_GOOD:
- return (ctx->stats.sess_accept_good);
+ return CRYPTO_atomic_read(&ctx->stats.sess_accept_good, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
- return (ctx->stats.sess_accept_renegotiate);
+ return CRYPTO_atomic_read(&ctx->stats.sess_accept_renegotiate, &i,
+ ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_HIT:
- return (ctx->stats.sess_hit);
+ return CRYPTO_atomic_read(&ctx->stats.sess_hit, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_CB_HIT:
- return (ctx->stats.sess_cb_hit);
+ return CRYPTO_atomic_read(&ctx->stats.sess_cb_hit, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_MISSES:
- return (ctx->stats.sess_miss);
+ return CRYPTO_atomic_read(&ctx->stats.sess_miss, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_TIMEOUTS:
- return (ctx->stats.sess_timeout);
+ return CRYPTO_atomic_read(&ctx->stats.sess_timeout, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_SESS_CACHE_FULL:
- return (ctx->stats.sess_cache_full);
+ return CRYPTO_atomic_read(&ctx->stats.sess_cache_full, &i, ctx->lock)
+ ? i : 0;
case SSL_CTRL_MODE:
return (ctx->mode |= larg);
case SSL_CTRL_CLEAR_MODE:
case SSL_CTRL_GET_MAX_PROTO_VERSION:
return ctx->max_proto_version;
default:
- return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
+ return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
}
}
return 1;
default:
- return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
+ return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
}
}
{
if (s != NULL) {
if (s->cipher_list != NULL) {
- return (s->cipher_list);
+ return s->cipher_list;
} else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
- return (s->ctx->cipher_list);
+ return s->ctx->cipher_list;
}
}
- return (NULL);
+ return NULL;
}
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
{
STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
int i;
+
ciphers = SSL_get_ciphers(s);
if (!ciphers)
return NULL;
- ssl_set_client_disabled(s);
+ if (!ssl_set_client_disabled(s))
+ return NULL;
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
{
if (s != NULL) {
if (s->cipher_list_by_id != NULL) {
- return (s->cipher_list_by_id);
+ return s->cipher_list_by_id;
} else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
- return (s->ctx->cipher_list_by_id);
+ return s->ctx->cipher_list_by_id;
}
}
- return (NULL);
+ return NULL;
}
/** The old interface to get the same thing as SSL_get_ciphers() */
STACK_OF(SSL_CIPHER) *sk;
if (s == NULL)
- return (NULL);
+ return NULL;
sk = SSL_get_ciphers(s);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
- return (NULL);
+ return NULL;
c = sk_SSL_CIPHER_value(sk, n);
if (c == NULL)
- return (NULL);
- return (c->name);
+ return NULL;
+ return c->name;
}
/** return a STACK of the ciphers available for the SSL_CTX and in order of
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
- return (NULL);
+ return NULL;
p = buf;
sk = s->session->ciphers;
len -= n + 1;
}
p[-1] = '\0';
- return (buf);
+ return buf;
}
/** return a servername extension value if provided in Client Hello, or NULL.
((unsigned long)session_id[1] << 8L) |
((unsigned long)session_id[2] << 16L) |
((unsigned long)session_id[3] << 24L);
- return (l);
+ return l;
}
/*
static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
{
if (a->ssl_version != b->ssl_version)
- return (1);
+ return 1;
if (a->session_id_length != b->session_id_length)
- return (1);
- return (memcmp(a->session_id, b->session_id, a->session_id_length));
+ return 1;
+ return memcmp(a->session_id, b->session_id, a->session_id_length);
}
/*
if (meth == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
- return (NULL);
+ return NULL;
}
if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
sizeof(ret->ext.tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
+ if (RAND_bytes(ret->ext.cookie_hmac_key,
+ sizeof(ret->ext.cookie_hmac_key)) <= 0)
+ goto err;
+
#ifndef OPENSSL_NO_SRP
if (!SSL_CTX_SRP_CTX_init(ret))
goto err;
* Disable compression by default to prevent CRIME. Applications can
* re-enable compression by configuring
* SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
- * or by using the SSL_CONF library.
+ * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
+ * middlebox compatibility by default. This may be disabled by default in
+ * a later OpenSSL version.
*/
- ret->options |= SSL_OP_NO_COMPRESSION;
+ ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
/* auto flush every 255 connections */
if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
- if ((((mode & SSL_SESS_CACHE_CLIENT)
- ? s->session_ctx->stats.sess_connect_good
- : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+ int *stat, val;
+ if (mode & SSL_SESS_CACHE_CLIENT)
+ stat = &s->session_ctx->stats.sess_connect_good;
+ else
+ stat = &s->session_ctx->stats.sess_accept_good;
+ if (CRYPTO_atomic_read(stat, &val, s->session_ctx->lock)
+ && (val & 0xff) == 0xff)
SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
- }
}
}
const SSL_METHOD *SSL_get_ssl_method(SSL *s)
{
- return (s->method);
+ return s->method;
}
int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
else if (hf == sm->ssl_accept)
s->handshake_func = meth->ssl_accept;
}
- return (ret);
+ return ret;
}
int SSL_get_error(const SSL *s, int i)
BIO *bio;
if (i > 0)
- return (SSL_ERROR_NONE);
+ return SSL_ERROR_NONE;
/*
* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
*/
if ((l = ERR_peek_error()) != 0) {
if (ERR_GET_LIB(l) == ERR_LIB_SYS)
- return (SSL_ERROR_SYSCALL);
+ return SSL_ERROR_SYSCALL;
else
- return (SSL_ERROR_SSL);
+ return SSL_ERROR_SSL;
}
if (SSL_want_read(s)) {
bio = SSL_get_rbio(s);
if (BIO_should_read(bio))
- return (SSL_ERROR_WANT_READ);
+ return SSL_ERROR_WANT_READ;
else if (BIO_should_write(bio))
/*
* This one doesn't make too much sense ... We never try to write
* wbio *are* the same, this test works around that bug; so it
* might be safer to keep it.
*/
- return (SSL_ERROR_WANT_WRITE);
+ return SSL_ERROR_WANT_WRITE;
else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
if (reason == BIO_RR_CONNECT)
- return (SSL_ERROR_WANT_CONNECT);
+ return SSL_ERROR_WANT_CONNECT;
else if (reason == BIO_RR_ACCEPT)
- return (SSL_ERROR_WANT_ACCEPT);
+ return SSL_ERROR_WANT_ACCEPT;
else
- return (SSL_ERROR_SYSCALL); /* unknown */
+ return SSL_ERROR_SYSCALL; /* unknown */
}
}
/* Access wbio directly - in order to use the buffered bio if present */
bio = s->wbio;
if (BIO_should_write(bio))
- return (SSL_ERROR_WANT_WRITE);
+ return SSL_ERROR_WANT_WRITE;
else if (BIO_should_read(bio))
/*
* See above (SSL_want_read(s) with BIO_should_write(bio))
*/
- return (SSL_ERROR_WANT_READ);
+ return SSL_ERROR_WANT_READ;
else if (BIO_should_io_special(bio)) {
reason = BIO_get_retry_reason(bio);
if (reason == BIO_RR_CONNECT)
- return (SSL_ERROR_WANT_CONNECT);
+ return SSL_ERROR_WANT_CONNECT;
else if (reason == BIO_RR_ACCEPT)
- return (SSL_ERROR_WANT_ACCEPT);
+ return SSL_ERROR_WANT_ACCEPT;
else
- return (SSL_ERROR_SYSCALL);
+ return SSL_ERROR_SYSCALL;
}
}
if (SSL_want_x509_lookup(s))
- return (SSL_ERROR_WANT_X509_LOOKUP);
+ return SSL_ERROR_WANT_X509_LOOKUP;
if (SSL_want_async(s))
return SSL_ERROR_WANT_ASYNC;
if (SSL_want_async_job(s))
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return (SSL_ERROR_ZERO_RETURN);
+ return SSL_ERROR_ZERO_RETURN;
- return (SSL_ERROR_SYSCALL);
+ return SSL_ERROR_SYSCALL;
}
static int ssl_do_handshake_intern(void *vargs)
int ssl_undefined_function(SSL *s)
{
SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ return 0;
}
int ssl_undefined_void_function(void)
{
SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ return 0;
}
int ssl_undefined_const_function(const SSL *s)
{
- return (0);
+ return 0;
}
const SSL_METHOD *ssl_bad_method(int ver)
{
SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (NULL);
+ return NULL;
}
const char *ssl_protocol_to_string(int version)
* Otherwise, copy configuration state, and session if set.
*/
if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
- return (NULL);
+ return NULL;
if (s->session != NULL) {
/*
X509 *SSL_get_certificate(const SSL *s)
{
if (s->cert != NULL)
- return (s->cert->key->x509);
+ return s->cert->key->x509;
else
- return (NULL);
+ return NULL;
}
EVP_PKEY *SSL_get_privatekey(const SSL *s)
{
if (s->cert != NULL)
- return (s->cert->key->privatekey);
+ return s->cert->key->privatekey;
else
- return (NULL);
+ return NULL;
}
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))
- return (s->session->cipher);
- return (NULL);
+ return s->session->cipher;
+ return NULL;
}
const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
{
- return (ctx->quiet_shutdown);
+ return ctx->quiet_shutdown;
}
void SSL_set_quiet_shutdown(SSL *s, int mode)
int SSL_get_quiet_shutdown(const SSL *s)
{
- return (s->quiet_shutdown);
+ return s->quiet_shutdown;
}
void SSL_set_shutdown(SSL *s, int mode)
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
{
- return (X509_STORE_set_default_paths(ctx->cert_store));
+ return X509_STORE_set_default_paths(ctx->cert_store);
}
int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath)
{
- return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
+ return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
}
void SSL_set_info_callback(SSL *ssl,
long SSL_get_verify_result(const SSL *ssl)
{
- return (ssl->verify_result);
+ return ssl->verify_result;
}
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
int SSL_set_ex_data(SSL *s, int idx, void *arg)
{
- return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+ return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
}
void *SSL_get_ex_data(const SSL *s, int idx)
{
- return (CRYPTO_get_ex_data(&s->ex_data, idx));
+ return CRYPTO_get_ex_data(&s->ex_data, idx);
}
int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
{
- return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+ return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
}
void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
{
- return (CRYPTO_get_ex_data(&s->ex_data, idx));
+ return CRYPTO_get_ex_data(&s->ex_data, idx);
}
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
{
- return (ctx->cert_store);
+ return ctx->cert_store;
}
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
int SSL_want(const SSL *s)
{
- return (s->rwstate);
+ return s->rwstate;
}
/**
{
if (s == NULL || s->session == NULL)
return NULL;
- return (s->session->psk_identity_hint);
+ return s->session->psk_identity_hint;
}
const char *SSL_get_psk_identity(const SSL *s)
{
if (s == NULL || s->session == NULL)
return NULL;
- return (s->session->psk_identity);
+ return s->session->psk_identity;
}
void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
int hashleni = EVP_MD_CTX_size(hdgst);
int ret = 0;
- if (hashleni < 0 || (size_t)hashleni > outlen)
+ if (hashleni < 0 || (size_t)hashleni > outlen) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
goto err;
+ }
ctx = EVP_MD_CTX_new();
if (ctx == NULL)
goto err;
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
- || EVP_DigestFinal_ex(ctx, out, NULL) <= 0)
+ || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
goto err;
+ }
*hashlen = hashleni;
ctx = CT_POLICY_EVAL_CTX_new();
if (ctx == NULL) {
- SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
+ ERR_R_MALLOC_FAILURE);
goto end;
}
* ought to correspond to an inability to carry out its duties.
*/
if (SCT_LIST_validate(scts, ctx) < 0) {
- SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED);
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+ SSL_R_SCT_VERIFICATION_FAILED);
goto end;
}
ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
if (ret < 0)
ret = 0; /* This function returns 0 on failure */
+ if (!ret)
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+ SSL_R_CALLBACK_FAILED);
end:
CT_POLICY_EVAL_CTX_free(ctx);
prefix_len = strlen(prefix);
out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
- SSLerr(SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE);
+ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
+ ERR_R_MALLOC_FAILURE);
return 0;
}
size_t premaster_len)
{
if (encrypted_premaster_len < 8) {
- SSLerr(SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
return 0;
}
#define SSLV2_CIPHER_LEN 3
-int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format,
- int *al)
+int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
{
int n;
n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
if (PACKET_remaining(cipher_suites) == 0) {
- SSLerr(SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_NO_CIPHERS_SPECIFIED);
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_NO_CIPHERS_SPECIFIED);
return 0;
}
if (PACKET_remaining(cipher_suites) % n != 0) {
- SSLerr(SSL_F_SSL_CACHE_CIPHERLIST,
- SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- *al = SSL_AD_DECODE_ERROR;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return 0;
}
raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
s->s3->tmp.ciphers_raw = raw;
if (raw == NULL) {
- *al = SSL_AD_INTERNAL_ERROR;
- goto err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
}
for (s->s3->tmp.ciphers_rawlen = 0;
PACKET_remaining(&sslv2ciphers) > 0;
TLS_CIPHER_LEN))
|| (leadbyte != 0
&& !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
- *al = SSL_AD_DECODE_ERROR;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_BAD_PACKET);
OPENSSL_free(s->s3->tmp.ciphers_raw);
s->s3->tmp.ciphers_raw = NULL;
s->s3->tmp.ciphers_rawlen = 0;
- goto err;
+ return 0;
}
if (leadbyte == 0)
s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
}
} else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
&s->s3->tmp.ciphers_rawlen)) {
- *al = SSL_AD_INTERNAL_ERROR;
- goto err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
}
return 1;
- err:
- return 0;
}
int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
int isv2format, STACK_OF(SSL_CIPHER) **sk,
STACK_OF(SSL_CIPHER) **scsvs)
{
- int alert;
PACKET pkt;
if (!PACKET_buf_init(&pkt, bytes, len))
return 0;
- return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, &alert);
+ return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
}
int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
STACK_OF(SSL_CIPHER) **scsvs_out,
- int sslv2format, int *al)
+ int sslv2format, int fatal)
{
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk = NULL;
n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
if (PACKET_remaining(cipher_suites) == 0) {
- SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
- *al = SSL_AD_ILLEGAL_PARAMETER;
+ if (fatal)
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_NO_CIPHERS_SPECIFIED);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
return 0;
}
if (PACKET_remaining(cipher_suites) % n != 0) {
- SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
- SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- *al = SSL_AD_DECODE_ERROR;
+ if (fatal)
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return 0;
}
sk = sk_SSL_CIPHER_new_null();
scsvs = sk_SSL_CIPHER_new_null();
if (sk == NULL || scsvs == NULL) {
- SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- *al = SSL_AD_INTERNAL_ERROR;
+ if (fatal)
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ ERR_R_MALLOC_FAILURE);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
goto err;
}
if (c != NULL) {
if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
(!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
- SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- *al = SSL_AD_INTERNAL_ERROR;
+ if (fatal)
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
goto err;
}
}
}
if (PACKET_remaining(cipher_suites) > 0) {
- *al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
+ if (fatal)
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_BAD_LENGTH);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
goto err;
}
int ssl_randbytes(SSL *s, unsigned char *rnd, size_t size)
{
- if (s->drbg != NULL)
- return RAND_DRBG_generate(s->drbg, rnd, size, 0, NULL, 0);
- return RAND_bytes(rnd, (int)size);
+ if (s->drbg != NULL) {
+ /*
+ * Currently, it's the duty of the caller to serialize the generate
+ * requests to the DRBG. So formally we have to check whether
+ * s->drbg->lock != NULL and take the lock if this is the case.
+ * However, this DRBG is unique to a given SSL object, and we already
+ * require that SSL objects are only accessed by a single thread at
+ * a given time. Also, SSL DRBGs have no child DRBG, so there is
+ * no risk that this DRBG is accessed by a child DRBG in parallel
+ * for reseeding. As such, we can rely on the application's
+ * serialization of SSL accesses for the needed concurrency protection
+ * here.
+ */
+ return RAND_DRBG_bytes(s->drbg, rnd, size);
+ }
+ if (size > INT_MAX)
+ return 0;
+ return RAND_bytes(rnd, size);
+}
+
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
+{
+ /* Return any active Max Fragment Len extension */
+ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
+ return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+ /* return current SSL connection setting */
+ return ssl->max_send_fragment;
+}
+
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
+{
+ /* Return a value regarding an active Max Fragment Len extension */
+ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
+ && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
+ return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+ /* else limit |split_send_fragment| to current |max_send_fragment| */
+ if (ssl->split_send_fragment > ssl->max_send_fragment)
+ return ssl->max_send_fragment;
+
+ /* return current SSL connection setting */
+ return ssl->split_send_fragment;
+}
+
+int SSL_stateless(SSL *s)
+{
+ int ret;
+
+ /* Ensure there is no state left over from a previous invocation */
+ if (!SSL_clear(s))
+ return 0;
+
+ ERR_clear_error();
+
+ s->s3->flags |= TLS1_FLAGS_STATELESS;
+ ret = SSL_accept(s);
+ s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+ if (ret > 0 && s->ext.cookieok)
+ return 1;
+
+ return 0;
+}
+
+void SSL_force_post_handshake_auth(SSL *ssl)
+{
+ ssl->pha_forced = 1;
+}
+
+int SSL_verify_client_post_handshake(SSL *ssl)
+{
+ if (!SSL_IS_TLS13(ssl)) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+ if (!ssl->server) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
+ return 0;
+ }
+
+ if (!SSL_is_init_finished(ssl)) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
+ return 0;
+ }
+
+ switch (ssl->post_handshake_auth) {
+ case SSL_PHA_NONE:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
+ return 0;
+ default:
+ case SSL_PHA_EXT_SENT:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ case SSL_PHA_EXT_RECEIVED:
+ break;
+ case SSL_PHA_REQUEST_PENDING:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
+ return 0;
+ case SSL_PHA_REQUESTED:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
+ return 0;
+ }
+
+ ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
+
+ /* checks verify_mode and algorithm_auth */
+ if (!send_certificate_request(ssl)) {
+ ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
+ return 0;
+ }
+
+ ossl_statem_set_in_init(ssl, 1);
+ return 1;
}
projects / openssl.git / blobdiff