ssl_lib.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
* \brief Version independent SSL functions.
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifdef REF_CHECK
# include <assert.h>
#endif
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
/* evil casts, but these functions are only called if there's a library bug */
(int (*)(SSL *,int))ssl_undefined_function,
(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
(int (*)(SSL*, int))ssl_undefined_function,
(int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
};
{
{
return(0);
}
if (ssl_clear_bad_session(s))
{
SSL_SESSION_free(s->session);
}
s->error=0;
s->hit=0;
s->shutdown=0;
#if 0 /* Disabled since version 1.10 of this file (early return not
* needed because SSL_clear is not called when doing renegotiation) */
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
if (s->new_session) return(1);
#else
if (s->new_session)
{
return 0;
}
#endif
s->type=0;
s->client_version=s->version;
s->rwstate=SSL_NOTHING;
#if 0
#endif
{
BUF_MEM_free(s->init_buf);
}
s->first_packet=0;
#if 1
/* Check to see if we were changed into a different method, if
* so, revert back if we are not doing session-id reuse. */
{
return(0);
}
else
#endif
return(1);
}
/** Used to change an SSL_CTXs default SSL method type */
{
{
return(0);
}
return(1);
}
{
SSL *s;
{
return(NULL);
}
{
return(NULL);
}
#ifndef OPENSSL_NO_KRB5
s->kssl_ctx = kssl_ctx_new();
#endif /* OPENSSL_NO_KRB5 */
{
/* Earlier library versions used to copy the pointer to
* the CERT, not its contents; only when setting new
* parameters for the per-SSL copy, ssl_cert_new would be
* called (and the direct reference to the per-SSL_CTX
* settings would be lost, but those still were indirectly
* accessed for various purposes, and for that reason they
* used to be known as s->ctx->default_cert).
* Now we don't look at the SSL_CTX's CERT after having
* duplicated it once. */
goto err;
}
else
goto err;
s->references=1;
SSL_clear(s);
return(s);
err:
if (s != NULL)
{
ssl_cert_free(s->cert);
OPENSSL_free(s);
}
return(NULL);
}
unsigned int sid_ctx_len)
{
{
return 0;
}
return 1;
}
unsigned int sid_ctx_len)
{
{
return 0;
}
return 1;
}
{
return 1;
}
{
return 1;
}
unsigned int id_len)
{
/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
* we can "construct" a session to give us the desired check - ie. to
* find if there's a session in the hash table that would conflict with
* use by this SSL. */
SSL_SESSION r, *p;
if(id_len > sizeof r.session_id)
return 0;
r.session_id_length = id_len;
/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
* callback is calling us to check the uniqueness of a shorter ID, it
* must be compared as a padded-out ID because that is what it will be
* converted to when the callback has finished choosing it. */
if((r.ssl_version == SSL2_VERSION) &&
{
}
return (p != NULL);
}
{
}
{
}
{
}
{
}
{
int i;
if(s == NULL)
return;
#ifdef REF_PRINT
REF_PRINT("SSL",s);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
abort(); /* ok */
}
#endif
{
/* If the buffering BIO is in place, pop it off */
{
}
}
BIO_free_all(s->rbio);
BIO_free_all(s->wbio);
/* add extra stuff */
/* Make the next call work :-) */
{
SSL_SESSION_free(s->session);
}
/* Free up if allocated */
#ifndef OPENSSL_NO_KRB5
kssl_ctx_free(s->kssl_ctx);
#endif /* OPENSSL_NO_KRB5 */
OPENSSL_free(s);
}
{
/* If the output buffering BIO is still in place, remove it
*/
{
{
}
}
BIO_free_all(s->rbio);
BIO_free_all(s->wbio);
}
{ return(s->rbio); }
{ return(s->wbio); }
int SSL_get_fd(SSL *s)
{
return(SSL_get_rfd(s));
}
int SSL_get_rfd(SSL *s)
{
int ret= -1;
BIO *b,*r;
b=SSL_get_rbio(s);
if (r != NULL)
BIO_get_fd(r,&ret);
return(ret);
}
int SSL_get_wfd(SSL *s)
{
int ret= -1;
BIO *b,*r;
b=SSL_get_wbio(s);
if (r != NULL)
BIO_get_fd(r,&ret);
return(ret);
}
#ifndef OPENSSL_NO_SOCK
{
int ret=0;
{
goto err;
}
ret=1;
err:
return(ret);
}
{
int ret=0;
{
}
else
ret=1;
err:
return(ret);
}
{
int ret=0;
{
{
goto err;
}
}
else
ret=1;
err:
return(ret);
}
#endif
/* return length of latest Finished message we sent, copy to 'buf' */
{
{
}
return ret;
}
/* return length of latest Finished message we expected, copy to 'buf' */
{
{
}
return ret;
}
int SSL_get_verify_mode(SSL *s)
{
return(s->verify_mode);
}
int SSL_get_verify_depth(SSL *s)
{
return(s->verify_depth);
}
{
return(s->verify_callback);
}
{
return(ctx->verify_mode);
}
{
return(ctx->verify_depth);
}
{
return(ctx->default_verify_callback);
}
{
s->verify_mode=mode;
}
{
s->verify_depth=depth;
}
{
s->read_ahead=yes;
}
int SSL_get_read_ahead(SSL *s)
{
return(s->read_ahead);
}
int SSL_pending(SSL *s)
{
/* SSL_pending cannot work properly if read-ahead is enabled
* (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
* and it is impossible to fix since SSL_pending cannot report
* errors that may be observed while scanning the new data.
* (Note that SSL_pending() is often used as a boolean value,
* so we'd better not return -1.)
*/
return(s->method->ssl_pending(s));
}
{
X509 *r;
r=NULL;
else
if (r == NULL) return(r);
return(r);
}
{
r=NULL;
else
/* If we are a client, cert_chain includes the peer's own
* certificate; if we are a server, it does not. */
return(r);
}
/* Now in theory, since the calling process own 't' it should be safe to
* modify. We need to be able to read f without being hassled */
{
/* Do we need to to SSL locking? */
SSL_set_session(t,SSL_get_session(f));
/* what if we are setup as SSLv2 but want to talk SSLv3 or
* vice-versa */
{
}
{
}
else
}
{
{
return(0);
}
{
return(0);
}
}
/* Fix this function so that it takes an optional type parameter */
{
{
return(0);
}
{
return 0;
}
{
return(0);
}
{
return(0);
}
}
int SSL_accept(SSL *s)
{
if (s->handshake_func == 0)
/* Not properly initialized yet */
return(s->method->ssl_accept(s));
}
int SSL_connect(SSL *s)
{
if (s->handshake_func == 0)
/* Not properly initialized yet */
return(s->method->ssl_connect(s));
}
long SSL_get_default_timeout(SSL *s)
{
return(s->method->get_timeout());
}
{
if (s->handshake_func == 0)
{
return -1;
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
{
s->rwstate=SSL_NOTHING;
return(0);
}
}
{
if (s->handshake_func == 0)
{
return -1;
}
if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
{
return(0);
}
}
{
if (s->handshake_func == 0)
{
return -1;
}
if (s->shutdown & SSL_SENT_SHUTDOWN)
{
s->rwstate=SSL_NOTHING;
return(-1);
}
}
int SSL_shutdown(SSL *s)
{
/* Note that this function behaves differently from what one might
* expect. Return values are 0 for no success (yet),
* 1 for success; but calling it once is usually not enough,
* even if blocking I/O is used (see ssl3_shutdown).
*/
if (s->handshake_func == 0)
{
return -1;
}
if ((s != NULL) && !SSL_in_init(s))
return(s->method->ssl_shutdown(s));
else
return(1);
}
int SSL_renegotiate(SSL *s)
{
if (s->new_session == 0)
{
s->new_session=1;
}
return(s->method->ssl_renegotiate(s));
}
int SSL_renegotiate_pending(SSL *s)
{
/* becomes true when negotiation is requested;
* false again once a handshake has finished */
return (s->new_session != 0);
}
{
long l;
switch (cmd)
{
case SSL_CTRL_GET_READ_AHEAD:
return(s->read_ahead);
case SSL_CTRL_SET_READ_AHEAD:
l=s->read_ahead;
s->read_ahead=larg;
return(l);
s->msg_callback_arg = parg;
return 1;
case SSL_CTRL_OPTIONS:
case SSL_CTRL_MODE:
return(s->max_cert_list);
l=s->max_cert_list;
s->max_cert_list=larg;
return(l);
default:
}
}
{
switch(cmd)
{
s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
return 1;
default:
}
}
{
}
{
long l;
switch (cmd)
{
case SSL_CTRL_GET_READ_AHEAD:
return(ctx->read_ahead);
case SSL_CTRL_SET_READ_AHEAD:
l=ctx->read_ahead;
return(l);
return 1;
return(ctx->max_cert_list);
l=ctx->max_cert_list;
return(l);
return(l);
return(ctx->session_cache_size);
return(l);
return(ctx->session_cache_mode);
case SSL_CTRL_SESS_NUMBER:
case SSL_CTRL_SESS_CONNECT:
case SSL_CTRL_SESS_ACCEPT:
case SSL_CTRL_SESS_HIT:
case SSL_CTRL_SESS_CB_HIT:
case SSL_CTRL_SESS_MISSES:
case SSL_CTRL_SESS_TIMEOUTS:
case SSL_CTRL_SESS_CACHE_FULL:
case SSL_CTRL_OPTIONS:
case SSL_CTRL_MODE:
default:
}
}
{
switch(cmd)
{
ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
return 1;
default:
}
}
{
long l;
if (l == 0L)
return(0);
else
return((l > 0)?1:-1);
}
const SSL_CIPHER * const *bp)
{
long l;
if (l == 0L)
return(0);
else
return((l > 0)?1:-1);
}
/** return a STACK of the ciphers available for the SSL and in order of
* preference */
{
if (s != NULL)
{
if (s->cipher_list != NULL)
{
return(s->cipher_list);
}
{
return(s->ctx->cipher_list);
}
}
return(NULL);
}
/** return a STACK of the ciphers available for the SSL and in order of
* algorithm id */
{
if (s != NULL)
{
if (s->cipher_list_by_id != NULL)
{
return(s->cipher_list_by_id);
}
{
return(s->ctx->cipher_list_by_id);
}
}
return(NULL);
}
/** The old interface to get the same thing as SSL_get_ciphers() */
const char *SSL_get_cipher_list(SSL *s,int n)
{
SSL_CIPHER *c;
sk=SSL_get_ciphers(s);
return(NULL);
c=sk_SSL_CIPHER_value(sk,n);
return(c->name);
}
/** specify the ciphers to be used by default by the SSL_CTX */
{
/* XXXX */
}
/** specify the ciphers to be used by the SSL */
{
&s->cipher_list_by_id,str);
/* XXXX */
}
/* works well for SSLv2, not so good for SSLv3 */
{
char *p;
const char *cp;
SSL_CIPHER *c;
int i;
(len < 2))
return(NULL);
p=buf;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
/* Decrement for either the ':' or a '\0' */
len--;
c=sk_SSL_CIPHER_value(sk,i);
{
if (len-- == 0)
{
*p='\0';
return(buf);
}
else
*(p++)= *(cp++);
}
*(p++)=':';
}
p[-1]='\0';
return(buf);
}
{
int i,j=0;
SSL_CIPHER *c;
unsigned char *q;
#ifndef OPENSSL_NO_KRB5
#endif /* OPENSSL_NO_KRB5 */
q=p;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
c=sk_SSL_CIPHER_value(sk,i);
#ifndef OPENSSL_NO_KRB5
continue;
#endif /* OPENSSL_NO_KRB5 */
j=ssl_put_cipher_by_char(s,c,p);
p+=j;
}
return(p-q);
}
{
SSL_CIPHER *c;
int i,n;
if ((num%n) != 0)
{
return(NULL);
}
else
{
}
for (i=0; i<num; i+=n)
{
c=ssl_get_cipher_by_char(s,p);
p+=n;
if (c != NULL)
{
if (!sk_SSL_CIPHER_push(sk,c))
{
goto err;
}
}
}
return(sk);
err:
return(NULL);
}
unsigned long SSL_SESSION_hash(SSL_SESSION *a)
{
unsigned long l;
l=(unsigned long)
((unsigned int) a->session_id[0] )|
return(l);
}
/* NB: If this function (or indeed the hash function which uses a sort of
* coarser function than this one) is changed, ensure
* SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
* able to construct an SSL_SESSION that will collide with any existing session
* with a matching session ID. */
{
if (a->ssl_version != b->ssl_version)
return(1);
if (a->session_id_length != b->session_id_length)
return(1);
}
/* These wrapper functions should remain rather than redeclaring
* SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
* variable. The reason is that the functions aren't static, they're exposed via
* ssl.h. */
{
{
return(NULL);
}
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
{
goto err;
}
goto err;
/* We take the system default */
ret->new_session_cb=0;
ret->remove_session_cb=0;
ret->get_session_cb=0;
ret->quiet_shutdown=0;
/* ret->cipher=NULL;*/
/* ret->s2->challenge=NULL;
ret->master_key=NULL;
ret->key_arg=NULL;
ret->s2->conn_id=NULL; */
ret->read_ahead=0;
ret->msg_callback=0;
ret->sid_ctx_length=0;
goto err;
ret->client_cert_cb=0;
{
goto err2;
}
{
goto err2;
}
{
goto err2;
}
{
goto err2;
}
goto err;
return(ret);
err:
err2:
return(NULL);
}
#if 0
{ OPENSSL_free(comp); }
#endif
void SSL_CTX_free(SSL_CTX *a)
{
int i;
if (a == NULL) return;
#ifdef REF_PRINT
REF_PRINT("SSL_CTX",a);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
abort(); /* ok */
}
#endif
/*
* Free internal session cache. However: the remove_cb() may reference
* the ex_data of SSL_CTX, thus the ex_data store can only be removed
* after the sessions were flushed.
* As the ex_data handling routines might also touch the session cache,
* the most secure solution seems to be: empty (flush) the cache, then
* free ex_data, then finally free the cache.
* (See ticket [openssl.org #212].)
*/
SSL_CTX_flush_sessions(a,0);
if (a->cert_store != NULL)
if (a->cipher_list != NULL)
if (a->cipher_list_by_id != NULL)
ssl_cert_free(a->cert);
if (a->extra_certs != NULL)
#if 0 /* This should never be done, since it removes a global database */
if (a->comp_methods != NULL)
#else
a->comp_methods = NULL;
#endif
OPENSSL_free(a);
}
{
}
{
}
{
}
{
}
{
}
{
if (c == NULL) return;
#ifndef OPENSSL_NO_RSA
#else
#endif
#ifndef OPENSSL_NO_DH
#else
#endif
/* FIX THIS EAY EAY EAY */
mask=0;
emask=0;
#ifdef CIPHER_DEBUG
printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
#endif
#if 0
/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
#endif
if (dh_tmp_export)
if (dh_tmp)
{
}
if (dsa_sign)
{
}
#ifndef OPENSSL_NO_KRB5
#endif
c->export_mask=emask;
c->valid=1;
}
/* THIS NEEDS CLEANING UP */
{
CERT *c;
int i,is_export;
c=s->cert;
{
else
}
{
/* VRS something else here? */
return(NULL);
}
else /* if (kalg & SSL_aNULL) */
{
return(NULL);
}
}
{
unsigned long alg;
CERT *c;
c=s->cert;
{
else
return(NULL);
}
else /* if (alg & SSL_aNULL) */
{
return(NULL);
}
}
{
int i;
/* If the session_id_length is 0, we are not supposed to cache it,
* and it would be rather hard to do anyway :-) */
if (s->session->session_id_length == 0) return;
i=s->ctx->session_cache_mode;
&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
{
SSL_SESSION_free(s->session);
}
/* auto flush every 255 connections */
if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
{
if ( (((mode & SSL_SESS_CACHE_CLIENT)
{
}
}
}
{
return(s->method);
}
{
int conn= -1;
int ret=1;
{
if (s->handshake_func != NULL)
else
{
}
if (conn == 1)
else if (conn == 0)
}
return(ret);
}
int SSL_get_error(SSL *s,int i)
{
int reason;
unsigned long l;
if (i > 0) return(SSL_ERROR_NONE);
/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
* etc, where we do encode the error */
if ((l=ERR_peek_error()) != 0)
{
if (ERR_GET_LIB(l) == ERR_LIB_SYS)
return(SSL_ERROR_SYSCALL);
else
return(SSL_ERROR_SSL);
}
if ((i < 0) && SSL_want_read(s))
{
bio=SSL_get_rbio(s);
if (BIO_should_read(bio))
return(SSL_ERROR_WANT_READ);
else if (BIO_should_write(bio))
/* This one doesn't make too much sense ... We never try
* to write to the rbio, and an application program where
* rbio and wbio are separate couldn't even know what it
* should wait for.
* However if we ever set s->rwstate incorrectly
* (so that we have SSL_want_read(s) instead of
* SSL_want_write(s)) and rbio and wbio *are* the same,
* this test works around that bug; so it might be safer
* to keep it. */
return(SSL_ERROR_WANT_WRITE);
else if (BIO_should_io_special(bio))
{
if (reason == BIO_RR_CONNECT)
return(SSL_ERROR_WANT_CONNECT);
else if (reason == BIO_RR_ACCEPT)
return(SSL_ERROR_WANT_ACCEPT);
else
return(SSL_ERROR_SYSCALL); /* unknown */
}
}
if ((i < 0) && SSL_want_write(s))
{
bio=SSL_get_wbio(s);
if (BIO_should_write(bio))
return(SSL_ERROR_WANT_WRITE);
else if (BIO_should_read(bio))
/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
return(SSL_ERROR_WANT_READ);
else if (BIO_should_io_special(bio))
{
if (reason == BIO_RR_CONNECT)
return(SSL_ERROR_WANT_CONNECT);
else if (reason == BIO_RR_ACCEPT)
return(SSL_ERROR_WANT_ACCEPT);
else
return(SSL_ERROR_SYSCALL);
}
}
if ((i < 0) && SSL_want_x509_lookup(s))
{
return(SSL_ERROR_WANT_X509_LOOKUP);
}
if (i == 0)
{
if (s->version == SSL2_VERSION)
{
/* assume it is the socket being closed */
return(SSL_ERROR_ZERO_RETURN);
}
else
{
if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
return(SSL_ERROR_ZERO_RETURN);
}
}
return(SSL_ERROR_SYSCALL);
}
int SSL_do_handshake(SSL *s)
{
int ret=1;
if (s->handshake_func == NULL)
{
return(-1);
}
s->method->ssl_renegotiate_check(s);
if (SSL_in_init(s) || SSL_in_before(s))
{
ret=s->handshake_func(s);
}
return(ret);
}
/* For the next 2 functions, SSL_clear() sets shutdown and so
* one of these calls will reset it */
void SSL_set_accept_state(SSL *s)
{
s->server=1;
s->shutdown=0;
/* clear the current cipher */
}
void SSL_set_connect_state(SSL *s)
{
s->server=0;
s->shutdown=0;
/* clear the current cipher */
}
int ssl_undefined_function(SSL *s)
{
return(0);
}
{
return(NULL);
}
const char *SSL_get_version(SSL *s)
{
if (s->version == TLS1_VERSION)
return("TLSv1");
else if (s->version == SSL3_VERSION)
return("SSLv3");
else if (s->version == SSL2_VERSION)
return("SSLv2");
else
return("unknown");
}
{
int i;
return(NULL);
{
/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
}
else
{
/* No session has been established yet, so we have to expect
* that s->cert or ret->cert will be changed later --
* they should not both point to the same object,
* and thus we can't use SSL_copy_session_id. */
{
{
}
goto err;
}
s->sid_ctx, s->sid_ctx_length);
}
/* copy app data, a little dangerous perhaps */
goto err;
/* setup rbio, and wbio */
{
goto err;
}
{
{
goto err;
}
else
}
ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL)
{
goto err;
}
if (s->cipher_list_by_id != NULL)
== NULL)
goto err;
/* Dup the client_CA list */
{
for (i=0; i<sk_X509_NAME_num(sk); i++)
{
{
goto err;
}
}
}
if (0)
{
err:
}
return(ret);
}
void ssl_clear_cipher_ctx(SSL *s)
{
if (s->enc_read_ctx != NULL)
{
OPENSSL_free(s->enc_read_ctx);
s->enc_read_ctx=NULL;
}
if (s->enc_write_ctx != NULL)
{
s->enc_write_ctx=NULL;
}
{
COMP_CTX_free(s->expand);
}
{
COMP_CTX_free(s->compress);
}
}
/* Fix this function so that it takes an optional type parameter */
{
else
return(NULL);
}
/* Fix this function so that it takes an optional type parameter */
{
else
return(NULL);
}
{
return(NULL);
}
{
{
}
else
{
}
/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
{
return(0);
}
if (push)
{
}
else
{
}
return(1);
}
void ssl_free_wbio_buffer(SSL *s)
{
{
/* remove buffering */
#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
#endif
}
}
{
}
{
return(ctx->quiet_shutdown);
}
{
s->quiet_shutdown=mode;
}
int SSL_get_quiet_shutdown(SSL *s)
{
return(s->quiet_shutdown);
}
{
}
int SSL_get_shutdown(SSL *s)
{
return(s->shutdown);
}
int SSL_version(SSL *s)
{
return(s->version);
}
{
}
#ifndef OPENSSL_NO_STDIO
{
}
const char *CApath)
{
}
#endif
{
}
{
return ssl->info_callback;
}
{
}
{
}
{
return(ssl->verify_result);
}
{
}
{
}
{
}
{
}
{
}
{
}
{
return(1);
}
{
return(ctx->cert_store);
}
{
}
{
return(s->rwstate);
}
/*!
* \brief Set the callback for generating temporary RSA keys.
* \param ctx the SSL context.
* \param cb the callback
*/
#ifndef OPENSSL_NO_RSA
int is_export,
int keylength))
{
}
int is_export,
int keylength))
{
}
#endif
#ifdef DOXYGEN
/*!
* \brief The RSA temporary key callback function.
* \param ssl the SSL session.
* \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
* \param keylength if \c is_export is \c TRUE, then \c keylength is the size
* of the required key in bits.
* \return the temporary RSA key.
* \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
*/
{}
#endif
/*!
* \brief Set the callback for generating temporary DH keys.
* \param ctx the SSL context.
* \param dh the callback
*/
#ifndef OPENSSL_NO_DH
int keylength))
{
}
int keylength))
{
}
#endif
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
{
}
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
{
}
#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
#include "../crypto/bio/bss_file.c"
#endif