*/
-#include <assert.h>
+#ifdef REF_CHECK
+# include <assert.h>
+#endif
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#include "ssl_locl.h"
+#include "kssl_lcl.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
#else
if (s->new_session)
{
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
return 0;
}
#endif
return 1;
}
-int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id,
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
unsigned int id_len)
{
/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
* we can "construct" a session to give us the desired check - ie. to
* find if there's a session in the hash table that would conflict with
* any new session built out of this id/id_len and the ssl_version in
- * use by this SSL_CTX. */
+ * use by this SSL. */
SSL_SESSION r, *p;
- r.ssl_version = ctx->method->version;
+ r.ssl_version = ssl->version;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
+ /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+ * callback is calling us to check the uniqueness of a shorter ID, it
+ * must be compared as a padded-out ID because that is what it will be
+ * converted to when the callback has finished choosing it. */
+ if((r.ssl_version == SSL2_VERSION) &&
+ (id_len < SSL2_SSL_SESSION_ID_LENGTH))
+ {
+ memset(r.session_id + id_len, 0,
+ SSL2_SSL_SESSION_ID_LENGTH - id_len);
+ r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+ }
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r);
+ p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
return (p != NULL);
}
int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
int SSL_set_purpose(SSL *s, int purpose)
{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
- return 0;
- }
- s->purpose = purpose;
- return 1;
+ return X509_PURPOSE_set(&s->purpose, purpose);
}
-
+
int SSL_CTX_set_trust(SSL_CTX *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
int SSL_set_trust(SSL *s, int trust)
{
- if(X509_TRUST_get_by_id(trust) == -1) {
- SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
- return 0;
- }
- s->trust = trust;
- return 1;
+ return X509_TRUST_set(&s->trust, trust);
}
void SSL_free(SSL *s)
{ return(s->wbio); }
int SSL_get_fd(SSL *s)
+ {
+ return(SSL_get_rfc(s));
+ }
+
+int SSL_get_rfd(SSL *s)
{
int ret= -1;
BIO *b,*r;
return(ret);
}
+int SSL_get_wfd(SSL *s)
+ {
+ int ret= -1;
+ BIO *b,*r;
+
+ b=SSL_get_wbio(s);
+ r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r,&ret);
+ return(ret);
+ }
+
#ifndef OPENSSL_NO_SOCK
int SSL_set_fd(SSL *s,int fd)
{
return(s->method->get_timeout());
}
-int SSL_read(SSL *s,char *buf,int num)
+int SSL_read(SSL *s,void *buf,int num)
{
if (s->handshake_func == 0)
{
return(s->method->ssl_read(s,buf,num));
}
-int SSL_peek(SSL *s,char *buf,int num)
+int SSL_peek(SSL *s,void *buf,int num)
{
+ if (s->handshake_func == 0)
+ {
+ SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
{
return(0);
return(s->method->ssl_peek(s,buf,num));
}
-int SSL_write(SSL *s,const char *buf,int num)
+int SSL_write(SSL *s,const void *buf,int num)
{
if (s->handshake_func == 0)
{
int i,j=0;
SSL_CIPHER *c;
unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+ int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
if (sk == NULL) return(0);
q=p;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
c=sk_SSL_CIPHER_value(sk,i);
+#ifndef OPENSSL_NO_KRB5
+ if ((c->algorithms & SSL_KRB5) && nokrb5)
+ continue;
+#endif /* OPENSSL_NO_KRB5 */
j=ssl_put_cipher_by_char(s,c,p);
p+=j;
}
}
else /* if (kalg & SSL_aNULL) */
{
- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
return(NULL);
}
if (c->pkeys[i].x509 == NULL) return(NULL);
}
else /* if (alg & SSL_aNULL) */
{
- SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
return(NULL);
}
}