X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=d47f26865bf58f5f66e3f94c2c16aad7a200c535;hp=9f0040065466ceabb39fcb2908d87e6d199e49c6;hb=e91fb53b38a75953a693fadbc09177245bc7a05d;hpb=14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9f00400654..d47f26865b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -536,6 +536,16 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
 	}
 
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+	{
+	return ctx->param;
+	}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+	{
+	return ssl->param;
+	}
+
 void SSL_certs_clear(SSL *s)
 	{
 	ssl_cert_clear_certs(s->cert);
@@ -1596,7 +1606,6 @@ int SSL_get_servername_type(const SSL *s)
 	return -1;
 	}
 
-# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_select_next_proto implements the standard protocol selection. It is
  * expected that this function is called from the callback set by
  * SSL_CTX_set_next_proto_select_cb.
@@ -1663,6 +1672,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi
 	return status;
 	}
 
+# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
  * requested protocol for this connection and returns 0. If the client didn't
  * request any protocol, then *data is set to NULL.
@@ -1840,6 +1850,66 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 	else
 		*len = ssl->s3->alpn_selected_len;
 	}
+
+int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
+			      unsigned short supp_data_type,
+			      cli_supp_data_first_cb_fn fn1,
+			      cli_supp_data_second_cb_fn fn2, void* arg)
+	{
+	size_t i;
+	cli_supp_data_record* record;
+
+	/* Check for duplicates */
+	for (i=0; i < ctx->cli_supp_data_records_count; i++)
+		if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
+			return 0;
+
+	ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
+	  (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
+	if (!ctx->cli_supp_data_records)
+		{
+		ctx->cli_supp_data_records_count = 0;
+		return 0;
+		}
+	ctx->cli_supp_data_records_count++;
+	record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
+	record->supp_data_type = supp_data_type;
+	record->fn1 = fn1;
+	record->fn2 = fn2;
+	record->arg = arg;
+	return 1;
+	}
+
+int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
+			      unsigned short supp_data_type,
+			      srv_supp_data_first_cb_fn fn1,
+			      srv_supp_data_second_cb_fn fn2, void* arg)
+	{
+	size_t i;
+	srv_supp_data_record* record;
+
+	/* Check for duplicates */
+	for (i=0; i < ctx->srv_supp_data_records_count; i++)
+		if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
+			return 0;
+
+	ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
+	  (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
+	if (!ctx->srv_supp_data_records)
+		{
+		ctx->srv_supp_data_records_count = 0;
+		return 0;
+		}
+	ctx->srv_supp_data_records_count++;
+	record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
+	record->supp_data_type = supp_data_type;
+	record->fn1 = fn1;
+	record->fn2 = fn2;
+	record->arg = arg;
+
+	return 1;
+	}
+
 #endif /* !OPENSSL_NO_TLSEXT */
 
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -2043,6 +2113,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	ret->custom_cli_ext_records_count = 0;
 	ret->custom_srv_ext_records = NULL;
 	ret->custom_srv_ext_records_count = 0;
+	ret->cli_supp_data_records = NULL;
+	ret->cli_supp_data_records_count = 0;
+	ret->srv_supp_data_records = NULL;
+	ret->srv_supp_data_records_count = 0;
 #ifndef OPENSSL_NO_BUF_FREELISTS
 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -2184,6 +2258,8 @@ void SSL_CTX_free(SSL_CTX *a)
 #ifndef OPENSSL_NO_TLSEXT
 	OPENSSL_free(a->custom_cli_ext_records);
 	OPENSSL_free(a->custom_srv_ext_records);
+	OPENSSL_free(a->cli_supp_data_records);
+	OPENSSL_free(a->srv_supp_data_records);
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	if (a->client_cert_engine)
@@ -2335,20 +2411,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		emask_k|=SSL_kRSA;
 
 #if 0
-	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+	/* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 #endif
 
 	if (dh_tmp_export)
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 
 	if (dh_tmp)
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 
 	if (dh_rsa) mask_k|=SSL_kDHr;
 	if (dh_rsa_export) emask_k|=SSL_kDHr;
@@ -2446,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
 	if (have_ecdh_tmp)
 		{
-		mask_k|=SSL_kEECDH;
-		emask_k|=SSL_kEECDH;
+		mask_k|=SSL_kECDHE;
+		emask_k|=SSL_kECDHE;
 		}
 #endif
 
@@ -2621,25 +2697,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
 	}
 
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
-	{
-	CERT *c;
-	int i;
-
-	c = s->cert;
-	i = ssl_get_server_cert_index(s);
-
-	if (i == -1)
-		return NULL;
-
-	*authz_length = 0;
-	if (c->pkeys[i].authz == NULL)
-		return(NULL);
-	*authz_length = c->pkeys[i].authz_length;
-
-	return c->pkeys[i].authz;
-	}
-
 int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
 				   size_t *serverinfo_length)
 	{
@@ -2693,6 +2750,11 @@ void ssl_update_cache(SSL *s,int mode)
 		}
 	}
 
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx)
+	{
+	return ctx->method;
+	}
+
 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
 	{
 	return(s->method);
@@ -3056,7 +3118,6 @@ void ssl_clear_cipher_ctx(SSL *s)
 #endif
 	}
 
-/* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
 	{
 	if (s->cert != NULL)
@@ -3065,8 +3126,7 @@ X509 *SSL_get_certificate(const SSL *s)
 		return(NULL);
 	}
 
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->privatekey);
@@ -3074,6 +3134,22 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
 		return(NULL);
 	}
 
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->x509;
+	else
+		return NULL;
+	}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+	{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->privatekey;
+	else
+		return NULL ;
+	}
+
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
 	{
 	if ((s->session != NULL) && (s->session->cipher != NULL))