xref: /freebsd/crypto/openssl/ssl/ssl_lib.c (revision 23090366f729c56cab62de74c7a51792357e98a9)
1 /*! \file ssl/ssl_lib.c
2  *  \brief Version independent SSL functions.
3  */
4 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5  * All rights reserved.
6  *
7  * This package is an SSL implementation written
8  * by Eric Young (eay@cryptsoft.com).
9  * The implementation was written so as to conform with Netscapes SSL.
10  *
11  * This library is free for commercial and non-commercial use as long as
12  * the following conditions are aheared to.  The following conditions
13  * apply to all code found in this distribution, be it the RC4, RSA,
14  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
15  * included with this distribution is covered by the same copyright terms
16  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17  *
18  * Copyright remains Eric Young's, and as such any Copyright notices in
19  * the code are not to be removed.
20  * If this package is used in a product, Eric Young should be given attribution
21  * as the author of the parts of the library used.
22  * This can be in the form of a textual message at program startup or
23  * in documentation (online or textual) provided with the package.
24  *
25  * Redistribution and use in source and binary forms, with or without
26  * modification, are permitted provided that the following conditions
27  * are met:
28  * 1. Redistributions of source code must retain the copyright
29  *    notice, this list of conditions and the following disclaimer.
30  * 2. Redistributions in binary form must reproduce the above copyright
31  *    notice, this list of conditions and the following disclaimer in the
32  *    documentation and/or other materials provided with the distribution.
33  * 3. All advertising materials mentioning features or use of this software
34  *    must display the following acknowledgement:
35  *    "This product includes cryptographic software written by
36  *     Eric Young (eay@cryptsoft.com)"
37  *    The word 'cryptographic' can be left out if the rouines from the library
38  *    being used are not cryptographic related :-).
39  * 4. If you include any Windows specific code (or a derivative thereof) from
40  *    the apps directory (application code) you must include an acknowledgement:
41  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42  *
43  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53  * SUCH DAMAGE.
54  *
55  * The licence and distribution terms for any publically available version or
56  * derivative of this code cannot be changed.  i.e. this code cannot simply be
57  * copied and put under another distribution licence
58  * [including the GNU Public Licence.]
59  */
60 /* ====================================================================
61  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
62  *
63  * Redistribution and use in source and binary forms, with or without
64  * modification, are permitted provided that the following conditions
65  * are met:
66  *
67  * 1. Redistributions of source code must retain the above copyright
68  *    notice, this list of conditions and the following disclaimer.
69  *
70  * 2. Redistributions in binary form must reproduce the above copyright
71  *    notice, this list of conditions and the following disclaimer in
72  *    the documentation and/or other materials provided with the
73  *    distribution.
74  *
75  * 3. All advertising materials mentioning features or use of this
76  *    software must display the following acknowledgment:
77  *    "This product includes software developed by the OpenSSL Project
78  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79  *
80  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81  *    endorse or promote products derived from this software without
82  *    prior written permission. For written permission, please contact
83  *    openssl-core@openssl.org.
84  *
85  * 5. Products derived from this software may not be called "OpenSSL"
86  *    nor may "OpenSSL" appear in their names without prior written
87  *    permission of the OpenSSL Project.
88  *
89  * 6. Redistributions of any form whatsoever must retain the following
90  *    acknowledgment:
91  *    "This product includes software developed by the OpenSSL Project
92  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93  *
94  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
98  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105  * OF THE POSSIBILITY OF SUCH DAMAGE.
106  * ====================================================================
107  *
108  * This product includes cryptographic software written by Eric Young
109  * (eay@cryptsoft.com).  This product includes software written by Tim
110  * Hudson (tjh@cryptsoft.com).
111  *
112  */
113 /* ====================================================================
114  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
115  * ECC cipher suite support in OpenSSL originally developed by
116  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117  */
118 /* ====================================================================
119  * Copyright 2005 Nokia. All rights reserved.
120  *
121  * The portions of the attached software ("Contribution") is developed by
122  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123  * license.
124  *
125  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
126  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
127  * support (see RFC 4279) to OpenSSL.
128  *
129  * No patent licenses or other rights except those expressly stated in
130  * the OpenSSL open source license shall be deemed granted or received
131  * expressly, by implication, estoppel, or otherwise.
132  *
133  * No assurances are provided by Nokia that the Contribution does not
134  * infringe the patent or other intellectual property rights of any third
135  * party or that the license provides you with all the necessary rights
136  * to make use of the Contribution.
137  *
138  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
139  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
140  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
141  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142  * OTHERWISE.
143  */
144 
145 #ifdef REF_CHECK
146 #  include <assert.h>
147 #endif
148 #include <stdio.h>
149 #include "ssl_locl.h"
150 #include "kssl_lcl.h"
151 #include <openssl/objects.h>
152 #include <openssl/lhash.h>
153 #include <openssl/x509v3.h>
154 #include <openssl/rand.h>
155 #include <openssl/ocsp.h>
156 #ifndef OPENSSL_NO_DH
157 #include <openssl/dh.h>
158 #endif
159 #ifndef OPENSSL_NO_ENGINE
160 #include <openssl/engine.h>
161 #endif
162 
163 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
164 
165 SSL3_ENC_METHOD ssl3_undef_enc_method={
166 	/* evil casts, but these functions are only called if there's a library bug */
167 	(int (*)(SSL *,int))ssl_undefined_function,
168 	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 	ssl_undefined_function,
170 	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
171 	(int (*)(SSL*, int))ssl_undefined_function,
172 	(int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
173 	0,	/* finish_mac_length */
174 	(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
175 	NULL,	/* client_finished_label */
176 	0,	/* client_finished_label_len */
177 	NULL,	/* server_finished_label */
178 	0,	/* server_finished_label_len */
179 	(int (*)(int))ssl_undefined_function,
180 	(int (*)(SSL *, unsigned char *, size_t, const char *,
181 		 size_t, const unsigned char *, size_t,
182 		 int use_context)) ssl_undefined_function,
183 	};
184 
185 int SSL_clear(SSL *s)
186 	{
187 
188 	if (s->method == NULL)
189 		{
190 		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
191 		return(0);
192 		}
193 
194 	if (ssl_clear_bad_session(s))
195 		{
196 		SSL_SESSION_free(s->session);
197 		s->session=NULL;
198 		}
199 
200 	s->error=0;
201 	s->hit=0;
202 	s->shutdown=0;
203 
204 #if 0 /* Disabled since version 1.10 of this file (early return not
205        * needed because SSL_clear is not called when doing renegotiation) */
206 	/* This is set if we are doing dynamic renegotiation so keep
207 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
208 	if (s->renegotiate) return(1);
209 #else
210 	if (s->renegotiate)
211 		{
212 		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
213 		return 0;
214 		}
215 #endif
216 
217 	s->type=0;
218 
219 	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
220 
221 	s->version=s->method->version;
222 	s->client_version=s->version;
223 	s->rwstate=SSL_NOTHING;
224 	s->rstate=SSL_ST_READ_HEADER;
225 #if 0
226 	s->read_ahead=s->ctx->read_ahead;
227 #endif
228 
229 	if (s->init_buf != NULL)
230 		{
231 		BUF_MEM_free(s->init_buf);
232 		s->init_buf=NULL;
233 		}
234 
235 	ssl_clear_cipher_ctx(s);
236 	ssl_clear_hash_ctx(&s->read_hash);
237 	ssl_clear_hash_ctx(&s->write_hash);
238 
239 	s->first_packet=0;
240 
241 #if 1
242 	/* Check to see if we were changed into a different method, if
243 	 * so, revert back if we are not doing session-id reuse. */
244 	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
245 		{
246 		s->method->ssl_free(s);
247 		s->method=s->ctx->method;
248 		if (!s->method->ssl_new(s))
249 			return(0);
250 		}
251 	else
252 #endif
253 		s->method->ssl_clear(s);
254 	return(1);
255 	}
256 
257 /** Used to change an SSL_CTXs default SSL method type */
258 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
259 	{
260 	STACK_OF(SSL_CIPHER) *sk;
261 
262 	ctx->method=meth;
263 
264 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
265 		&(ctx->cipher_list_by_id),
266 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
267 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
268 		{
269 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
270 		return(0);
271 		}
272 	return(1);
273 	}
274 
275 SSL *SSL_new(SSL_CTX *ctx)
276 	{
277 	SSL *s;
278 
279 	if (ctx == NULL)
280 		{
281 		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
282 		return(NULL);
283 		}
284 	if (ctx->method == NULL)
285 		{
286 		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
287 		return(NULL);
288 		}
289 
290 	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
291 	if (s == NULL) goto err;
292 	memset(s,0,sizeof(SSL));
293 
294 #ifndef	OPENSSL_NO_KRB5
295 	s->kssl_ctx = kssl_ctx_new();
296 #endif	/* OPENSSL_NO_KRB5 */
297 
298 	s->options=ctx->options;
299 	s->mode=ctx->mode;
300 	s->max_cert_list=ctx->max_cert_list;
301 
302 	if (ctx->cert != NULL)
303 		{
304 		/* Earlier library versions used to copy the pointer to
305 		 * the CERT, not its contents; only when setting new
306 		 * parameters for the per-SSL copy, ssl_cert_new would be
307 		 * called (and the direct reference to the per-SSL_CTX
308 		 * settings would be lost, but those still were indirectly
309 		 * accessed for various purposes, and for that reason they
310 		 * used to be known as s->ctx->default_cert).
311 		 * Now we don't look at the SSL_CTX's CERT after having
312 		 * duplicated it once. */
313 
314 		s->cert = ssl_cert_dup(ctx->cert);
315 		if (s->cert == NULL)
316 			goto err;
317 		}
318 	else
319 		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
320 
321 	s->read_ahead=ctx->read_ahead;
322 	s->msg_callback=ctx->msg_callback;
323 	s->msg_callback_arg=ctx->msg_callback_arg;
324 	s->verify_mode=ctx->verify_mode;
325 #if 0
326 	s->verify_depth=ctx->verify_depth;
327 #endif
328 	s->sid_ctx_length=ctx->sid_ctx_length;
329 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
330 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
331 	s->verify_callback=ctx->default_verify_callback;
332 	s->generate_session_id=ctx->generate_session_id;
333 
334 	s->param = X509_VERIFY_PARAM_new();
335 	if (!s->param)
336 		goto err;
337 	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
338 #if 0
339 	s->purpose = ctx->purpose;
340 	s->trust = ctx->trust;
341 #endif
342 	s->quiet_shutdown=ctx->quiet_shutdown;
343 	s->max_send_fragment = ctx->max_send_fragment;
344 
345 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
346 	s->ctx=ctx;
347 #ifndef OPENSSL_NO_TLSEXT
348 	s->tlsext_debug_cb = 0;
349 	s->tlsext_debug_arg = NULL;
350 	s->tlsext_ticket_expected = 0;
351 	s->tlsext_status_type = -1;
352 	s->tlsext_status_expected = 0;
353 	s->tlsext_ocsp_ids = NULL;
354 	s->tlsext_ocsp_exts = NULL;
355 	s->tlsext_ocsp_resp = NULL;
356 	s->tlsext_ocsp_resplen = -1;
357 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
358 	s->initial_ctx=ctx;
359 # ifndef OPENSSL_NO_NEXTPROTONEG
360 	s->next_proto_negotiated = NULL;
361 # endif
362 #endif
363 
364 	s->verify_result=X509_V_OK;
365 
366 	s->method=ctx->method;
367 
368 	if (!s->method->ssl_new(s))
369 		goto err;
370 
371 	s->references=1;
372 	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
373 
374 	SSL_clear(s);
375 
376 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
377 
378 #ifndef OPENSSL_NO_PSK
379 	s->psk_client_callback=ctx->psk_client_callback;
380 	s->psk_server_callback=ctx->psk_server_callback;
381 #endif
382 
383 	return(s);
384 err:
385 	if (s != NULL)
386 		{
387 		if (s->cert != NULL)
388 			ssl_cert_free(s->cert);
389 		if (s->ctx != NULL)
390 			SSL_CTX_free(s->ctx); /* decrement reference count */
391 		OPENSSL_free(s);
392 		}
393 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
394 	return(NULL);
395 	}
396 
397 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
398 				   unsigned int sid_ctx_len)
399     {
400     if(sid_ctx_len > sizeof ctx->sid_ctx)
401 	{
402 	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
403 	return 0;
404 	}
405     ctx->sid_ctx_length=sid_ctx_len;
406     memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
407 
408     return 1;
409     }
410 
411 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
412 			       unsigned int sid_ctx_len)
413     {
414     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
415 	{
416 	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
417 	return 0;
418 	}
419     ssl->sid_ctx_length=sid_ctx_len;
420     memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
421 
422     return 1;
423     }
424 
425 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
426 	{
427 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
428 	ctx->generate_session_id = cb;
429 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
430 	return 1;
431 	}
432 
433 int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
434 	{
435 	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
436 	ssl->generate_session_id = cb;
437 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
438 	return 1;
439 	}
440 
441 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
442 				unsigned int id_len)
443 	{
444 	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
445 	 * we can "construct" a session to give us the desired check - ie. to
446 	 * find if there's a session in the hash table that would conflict with
447 	 * any new session built out of this id/id_len and the ssl_version in
448 	 * use by this SSL. */
449 	SSL_SESSION r, *p;
450 
451 	if(id_len > sizeof r.session_id)
452 		return 0;
453 
454 	r.ssl_version = ssl->version;
455 	r.session_id_length = id_len;
456 	memcpy(r.session_id, id, id_len);
457 	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
458 	 * callback is calling us to check the uniqueness of a shorter ID, it
459 	 * must be compared as a padded-out ID because that is what it will be
460 	 * converted to when the callback has finished choosing it. */
461 	if((r.ssl_version == SSL2_VERSION) &&
462 			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
463 		{
464 		memset(r.session_id + id_len, 0,
465 			SSL2_SSL_SESSION_ID_LENGTH - id_len);
466 		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
467 		}
468 
469 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
470 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
471 	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
472 	return (p != NULL);
473 	}
474 
475 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
476 	{
477 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
478 	}
479 
480 int SSL_set_purpose(SSL *s, int purpose)
481 	{
482 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
483 	}
484 
485 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
486 	{
487 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
488 	}
489 
490 int SSL_set_trust(SSL *s, int trust)
491 	{
492 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
493 	}
494 
495 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
496 	{
497 	return X509_VERIFY_PARAM_set1(ctx->param, vpm);
498 	}
499 
500 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
501 	{
502 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
503 	}
504 
505 void SSL_free(SSL *s)
506 	{
507 	int i;
508 
509 	if(s == NULL)
510 	    return;
511 
512 	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
513 #ifdef REF_PRINT
514 	REF_PRINT("SSL",s);
515 #endif
516 	if (i > 0) return;
517 #ifdef REF_CHECK
518 	if (i < 0)
519 		{
520 		fprintf(stderr,"SSL_free, bad reference count\n");
521 		abort(); /* ok */
522 		}
523 #endif
524 
525 	if (s->param)
526 		X509_VERIFY_PARAM_free(s->param);
527 
528 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
529 
530 	if (s->bbio != NULL)
531 		{
532 		/* If the buffering BIO is in place, pop it off */
533 		if (s->bbio == s->wbio)
534 			{
535 			s->wbio=BIO_pop(s->wbio);
536 			}
537 		BIO_free(s->bbio);
538 		s->bbio=NULL;
539 		}
540 	if (s->rbio != NULL)
541 		BIO_free_all(s->rbio);
542 	if ((s->wbio != NULL) && (s->wbio != s->rbio))
543 		BIO_free_all(s->wbio);
544 
545 	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
546 
547 	/* add extra stuff */
548 	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
549 	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
550 
551 	/* Make the next call work :-) */
552 	if (s->session != NULL)
553 		{
554 		ssl_clear_bad_session(s);
555 		SSL_SESSION_free(s->session);
556 		}
557 
558 	ssl_clear_cipher_ctx(s);
559 	ssl_clear_hash_ctx(&s->read_hash);
560 	ssl_clear_hash_ctx(&s->write_hash);
561 
562 	if (s->cert != NULL) ssl_cert_free(s->cert);
563 	/* Free up if allocated */
564 
565 #ifndef OPENSSL_NO_TLSEXT
566 	if (s->tlsext_hostname)
567 		OPENSSL_free(s->tlsext_hostname);
568 	if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
569 #ifndef OPENSSL_NO_EC
570 	if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
571 	if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
572 #endif /* OPENSSL_NO_EC */
573 	if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
574 	if (s->tlsext_ocsp_exts)
575 		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
576 						X509_EXTENSION_free);
577 	if (s->tlsext_ocsp_ids)
578 		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
579 	if (s->tlsext_ocsp_resp)
580 		OPENSSL_free(s->tlsext_ocsp_resp);
581 #endif
582 
583 	if (s->client_CA != NULL)
584 		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
585 
586 	if (s->method != NULL) s->method->ssl_free(s);
587 
588 	if (s->ctx) SSL_CTX_free(s->ctx);
589 
590 #ifndef	OPENSSL_NO_KRB5
591 	if (s->kssl_ctx != NULL)
592 		kssl_ctx_free(s->kssl_ctx);
593 #endif	/* OPENSSL_NO_KRB5 */
594 
595 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
596 	if (s->next_proto_negotiated)
597 		OPENSSL_free(s->next_proto_negotiated);
598 #endif
599 
600         if (s->srtp_profiles)
601             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
602 
603 	OPENSSL_free(s);
604 	}
605 
606 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
607 	{
608 	/* If the output buffering BIO is still in place, remove it
609 	 */
610 	if (s->bbio != NULL)
611 		{
612 		if (s->wbio == s->bbio)
613 			{
614 			s->wbio=s->wbio->next_bio;
615 			s->bbio->next_bio=NULL;
616 			}
617 		}
618 	if ((s->rbio != NULL) && (s->rbio != rbio))
619 		BIO_free_all(s->rbio);
620 	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
621 		BIO_free_all(s->wbio);
622 	s->rbio=rbio;
623 	s->wbio=wbio;
624 	}
625 
626 BIO *SSL_get_rbio(const SSL *s)
627 	{ return(s->rbio); }
628 
629 BIO *SSL_get_wbio(const SSL *s)
630 	{ return(s->wbio); }
631 
632 int SSL_get_fd(const SSL *s)
633 	{
634 	return(SSL_get_rfd(s));
635 	}
636 
637 int SSL_get_rfd(const SSL *s)
638 	{
639 	int ret= -1;
640 	BIO *b,*r;
641 
642 	b=SSL_get_rbio(s);
643 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
644 	if (r != NULL)
645 		BIO_get_fd(r,&ret);
646 	return(ret);
647 	}
648 
649 int SSL_get_wfd(const SSL *s)
650 	{
651 	int ret= -1;
652 	BIO *b,*r;
653 
654 	b=SSL_get_wbio(s);
655 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
656 	if (r != NULL)
657 		BIO_get_fd(r,&ret);
658 	return(ret);
659 	}
660 
661 #ifndef OPENSSL_NO_SOCK
662 int SSL_set_fd(SSL *s,int fd)
663 	{
664 	int ret=0;
665 	BIO *bio=NULL;
666 
667 	bio=BIO_new(BIO_s_socket());
668 
669 	if (bio == NULL)
670 		{
671 		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
672 		goto err;
673 		}
674 	BIO_set_fd(bio,fd,BIO_NOCLOSE);
675 	SSL_set_bio(s,bio,bio);
676 	ret=1;
677 err:
678 	return(ret);
679 	}
680 
681 int SSL_set_wfd(SSL *s,int fd)
682 	{
683 	int ret=0;
684 	BIO *bio=NULL;
685 
686 	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
687 		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
688 		{
689 		bio=BIO_new(BIO_s_socket());
690 
691 		if (bio == NULL)
692 			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
693 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
694 		SSL_set_bio(s,SSL_get_rbio(s),bio);
695 		}
696 	else
697 		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
698 	ret=1;
699 err:
700 	return(ret);
701 	}
702 
703 int SSL_set_rfd(SSL *s,int fd)
704 	{
705 	int ret=0;
706 	BIO *bio=NULL;
707 
708 	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
709 		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
710 		{
711 		bio=BIO_new(BIO_s_socket());
712 
713 		if (bio == NULL)
714 			{
715 			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
716 			goto err;
717 			}
718 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
719 		SSL_set_bio(s,bio,SSL_get_wbio(s));
720 		}
721 	else
722 		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
723 	ret=1;
724 err:
725 	return(ret);
726 	}
727 #endif
728 
729 
730 /* return length of latest Finished message we sent, copy to 'buf' */
731 size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
732 	{
733 	size_t ret = 0;
734 
735 	if (s->s3 != NULL)
736 		{
737 		ret = s->s3->tmp.finish_md_len;
738 		if (count > ret)
739 			count = ret;
740 		memcpy(buf, s->s3->tmp.finish_md, count);
741 		}
742 	return ret;
743 	}
744 
745 /* return length of latest Finished message we expected, copy to 'buf' */
746 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
747 	{
748 	size_t ret = 0;
749 
750 	if (s->s3 != NULL)
751 		{
752 		ret = s->s3->tmp.peer_finish_md_len;
753 		if (count > ret)
754 			count = ret;
755 		memcpy(buf, s->s3->tmp.peer_finish_md, count);
756 		}
757 	return ret;
758 	}
759 
760 
761 int SSL_get_verify_mode(const SSL *s)
762 	{
763 	return(s->verify_mode);
764 	}
765 
766 int SSL_get_verify_depth(const SSL *s)
767 	{
768 	return X509_VERIFY_PARAM_get_depth(s->param);
769 	}
770 
771 int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
772 	{
773 	return(s->verify_callback);
774 	}
775 
776 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
777 	{
778 	return(ctx->verify_mode);
779 	}
780 
781 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
782 	{
783 	return X509_VERIFY_PARAM_get_depth(ctx->param);
784 	}
785 
786 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
787 	{
788 	return(ctx->default_verify_callback);
789 	}
790 
791 void SSL_set_verify(SSL *s,int mode,
792 		    int (*callback)(int ok,X509_STORE_CTX *ctx))
793 	{
794 	s->verify_mode=mode;
795 	if (callback != NULL)
796 		s->verify_callback=callback;
797 	}
798 
799 void SSL_set_verify_depth(SSL *s,int depth)
800 	{
801 	X509_VERIFY_PARAM_set_depth(s->param, depth);
802 	}
803 
804 void SSL_set_read_ahead(SSL *s,int yes)
805 	{
806 	s->read_ahead=yes;
807 	}
808 
809 int SSL_get_read_ahead(const SSL *s)
810 	{
811 	return(s->read_ahead);
812 	}
813 
814 int SSL_pending(const SSL *s)
815 	{
816 	/* SSL_pending cannot work properly if read-ahead is enabled
817 	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
818 	 * and it is impossible to fix since SSL_pending cannot report
819 	 * errors that may be observed while scanning the new data.
820 	 * (Note that SSL_pending() is often used as a boolean value,
821 	 * so we'd better not return -1.)
822 	 */
823 	return(s->method->ssl_pending(s));
824 	}
825 
826 X509 *SSL_get_peer_certificate(const SSL *s)
827 	{
828 	X509 *r;
829 
830 	if ((s == NULL) || (s->session == NULL))
831 		r=NULL;
832 	else
833 		r=s->session->peer;
834 
835 	if (r == NULL) return(r);
836 
837 	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
838 
839 	return(r);
840 	}
841 
842 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
843 	{
844 	STACK_OF(X509) *r;
845 
846 	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
847 		r=NULL;
848 	else
849 		r=s->session->sess_cert->cert_chain;
850 
851 	/* If we are a client, cert_chain includes the peer's own
852 	 * certificate; if we are a server, it does not. */
853 
854 	return(r);
855 	}
856 
857 /* Now in theory, since the calling process own 't' it should be safe to
858  * modify.  We need to be able to read f without being hassled */
859 void SSL_copy_session_id(SSL *t,const SSL *f)
860 	{
861 	CERT *tmp;
862 
863 	/* Do we need to to SSL locking? */
864 	SSL_set_session(t,SSL_get_session(f));
865 
866 	/* what if we are setup as SSLv2 but want to talk SSLv3 or
867 	 * vice-versa */
868 	if (t->method != f->method)
869 		{
870 		t->method->ssl_free(t);	/* cleanup current */
871 		t->method=f->method;	/* change method */
872 		t->method->ssl_new(t);	/* setup new */
873 		}
874 
875 	tmp=t->cert;
876 	if (f->cert != NULL)
877 		{
878 		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
879 		t->cert=f->cert;
880 		}
881 	else
882 		t->cert=NULL;
883 	if (tmp != NULL) ssl_cert_free(tmp);
884 	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
885 	}
886 
887 /* Fix this so it checks all the valid key/cert options */
888 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
889 	{
890 	if (	(ctx == NULL) ||
891 		(ctx->cert == NULL) ||
892 		(ctx->cert->key->x509 == NULL))
893 		{
894 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
895 		return(0);
896 		}
897 	if 	(ctx->cert->key->privatekey == NULL)
898 		{
899 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
900 		return(0);
901 		}
902 	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
903 	}
904 
905 /* Fix this function so that it takes an optional type parameter */
906 int SSL_check_private_key(const SSL *ssl)
907 	{
908 	if (ssl == NULL)
909 		{
910 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
911 		return(0);
912 		}
913 	if (ssl->cert == NULL)
914 		{
915 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
916 		return 0;
917 		}
918 	if (ssl->cert->key->x509 == NULL)
919 		{
920 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
921 		return(0);
922 		}
923 	if (ssl->cert->key->privatekey == NULL)
924 		{
925 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
926 		return(0);
927 		}
928 	return(X509_check_private_key(ssl->cert->key->x509,
929 		ssl->cert->key->privatekey));
930 	}
931 
932 int SSL_accept(SSL *s)
933 	{
934 	if (s->handshake_func == 0)
935 		/* Not properly initialized yet */
936 		SSL_set_accept_state(s);
937 
938 	return(s->method->ssl_accept(s));
939 	}
940 
941 int SSL_connect(SSL *s)
942 	{
943 	if (s->handshake_func == 0)
944 		/* Not properly initialized yet */
945 		SSL_set_connect_state(s);
946 
947 	return(s->method->ssl_connect(s));
948 	}
949 
950 long SSL_get_default_timeout(const SSL *s)
951 	{
952 	return(s->method->get_timeout());
953 	}
954 
955 int SSL_read(SSL *s,void *buf,int num)
956 	{
957 	if (s->handshake_func == 0)
958 		{
959 		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
960 		return -1;
961 		}
962 
963 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
964 		{
965 		s->rwstate=SSL_NOTHING;
966 		return(0);
967 		}
968 	return(s->method->ssl_read(s,buf,num));
969 	}
970 
971 int SSL_peek(SSL *s,void *buf,int num)
972 	{
973 	if (s->handshake_func == 0)
974 		{
975 		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
976 		return -1;
977 		}
978 
979 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
980 		{
981 		return(0);
982 		}
983 	return(s->method->ssl_peek(s,buf,num));
984 	}
985 
986 int SSL_write(SSL *s,const void *buf,int num)
987 	{
988 	if (s->handshake_func == 0)
989 		{
990 		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
991 		return -1;
992 		}
993 
994 	if (s->shutdown & SSL_SENT_SHUTDOWN)
995 		{
996 		s->rwstate=SSL_NOTHING;
997 		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
998 		return(-1);
999 		}
1000 	return(s->method->ssl_write(s,buf,num));
1001 	}
1002 
1003 int SSL_shutdown(SSL *s)
1004 	{
1005 	/* Note that this function behaves differently from what one might
1006 	 * expect.  Return values are 0 for no success (yet),
1007 	 * 1 for success; but calling it once is usually not enough,
1008 	 * even if blocking I/O is used (see ssl3_shutdown).
1009 	 */
1010 
1011 	if (s->handshake_func == 0)
1012 		{
1013 		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1014 		return -1;
1015 		}
1016 
1017 	if ((s != NULL) && !SSL_in_init(s))
1018 		return(s->method->ssl_shutdown(s));
1019 	else
1020 		return(1);
1021 	}
1022 
1023 int SSL_renegotiate(SSL *s)
1024 	{
1025 	if (s->renegotiate == 0)
1026 		s->renegotiate=1;
1027 
1028 	s->new_session=1;
1029 
1030 	return(s->method->ssl_renegotiate(s));
1031 	}
1032 
1033 int SSL_renegotiate_abbreviated(SSL *s)
1034 	{
1035 	if (s->renegotiate == 0)
1036 		s->renegotiate=1;
1037 
1038 	s->new_session=0;
1039 
1040 	return(s->method->ssl_renegotiate(s));
1041 	}
1042 
1043 int SSL_renegotiate_pending(SSL *s)
1044 	{
1045 	/* becomes true when negotiation is requested;
1046 	 * false again once a handshake has finished */
1047 	return (s->renegotiate != 0);
1048 	}
1049 
1050 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1051 	{
1052 	long l;
1053 
1054 	switch (cmd)
1055 		{
1056 	case SSL_CTRL_GET_READ_AHEAD:
1057 		return(s->read_ahead);
1058 	case SSL_CTRL_SET_READ_AHEAD:
1059 		l=s->read_ahead;
1060 		s->read_ahead=larg;
1061 		return(l);
1062 
1063 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1064 		s->msg_callback_arg = parg;
1065 		return 1;
1066 
1067 	case SSL_CTRL_OPTIONS:
1068 		return(s->options|=larg);
1069 	case SSL_CTRL_CLEAR_OPTIONS:
1070 		return(s->options&=~larg);
1071 	case SSL_CTRL_MODE:
1072 		return(s->mode|=larg);
1073 	case SSL_CTRL_CLEAR_MODE:
1074 		return(s->mode &=~larg);
1075 	case SSL_CTRL_GET_MAX_CERT_LIST:
1076 		return(s->max_cert_list);
1077 	case SSL_CTRL_SET_MAX_CERT_LIST:
1078 		l=s->max_cert_list;
1079 		s->max_cert_list=larg;
1080 		return(l);
1081 	case SSL_CTRL_SET_MTU:
1082 #ifndef OPENSSL_NO_DTLS1
1083 		if (larg < (long)dtls1_min_mtu())
1084 			return 0;
1085 #endif
1086 
1087 		if (SSL_version(s) == DTLS1_VERSION ||
1088 		    SSL_version(s) == DTLS1_BAD_VER)
1089 			{
1090 			s->d1->mtu = larg;
1091 			return larg;
1092 			}
1093 		return 0;
1094 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1095 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1096 			return 0;
1097 		s->max_send_fragment = larg;
1098 		return 1;
1099 	case SSL_CTRL_GET_RI_SUPPORT:
1100 		if (s->s3)
1101 			return s->s3->send_connection_binding;
1102 		else return 0;
1103 	default:
1104 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
1105 		}
1106 	}
1107 
1108 long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1109 	{
1110 	switch(cmd)
1111 		{
1112 	case SSL_CTRL_SET_MSG_CALLBACK:
1113 		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1114 		return 1;
1115 
1116 	default:
1117 		return(s->method->ssl_callback_ctrl(s,cmd,fp));
1118 		}
1119 	}
1120 
1121 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1122 	{
1123 	return ctx->sessions;
1124 	}
1125 
1126 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1127 	{
1128 	long l;
1129 
1130 	switch (cmd)
1131 		{
1132 	case SSL_CTRL_GET_READ_AHEAD:
1133 		return(ctx->read_ahead);
1134 	case SSL_CTRL_SET_READ_AHEAD:
1135 		l=ctx->read_ahead;
1136 		ctx->read_ahead=larg;
1137 		return(l);
1138 
1139 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1140 		ctx->msg_callback_arg = parg;
1141 		return 1;
1142 
1143 	case SSL_CTRL_GET_MAX_CERT_LIST:
1144 		return(ctx->max_cert_list);
1145 	case SSL_CTRL_SET_MAX_CERT_LIST:
1146 		l=ctx->max_cert_list;
1147 		ctx->max_cert_list=larg;
1148 		return(l);
1149 
1150 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
1151 		l=ctx->session_cache_size;
1152 		ctx->session_cache_size=larg;
1153 		return(l);
1154 	case SSL_CTRL_GET_SESS_CACHE_SIZE:
1155 		return(ctx->session_cache_size);
1156 	case SSL_CTRL_SET_SESS_CACHE_MODE:
1157 		l=ctx->session_cache_mode;
1158 		ctx->session_cache_mode=larg;
1159 		return(l);
1160 	case SSL_CTRL_GET_SESS_CACHE_MODE:
1161 		return(ctx->session_cache_mode);
1162 
1163 	case SSL_CTRL_SESS_NUMBER:
1164 		return(lh_SSL_SESSION_num_items(ctx->sessions));
1165 	case SSL_CTRL_SESS_CONNECT:
1166 		return(ctx->stats.sess_connect);
1167 	case SSL_CTRL_SESS_CONNECT_GOOD:
1168 		return(ctx->stats.sess_connect_good);
1169 	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1170 		return(ctx->stats.sess_connect_renegotiate);
1171 	case SSL_CTRL_SESS_ACCEPT:
1172 		return(ctx->stats.sess_accept);
1173 	case SSL_CTRL_SESS_ACCEPT_GOOD:
1174 		return(ctx->stats.sess_accept_good);
1175 	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1176 		return(ctx->stats.sess_accept_renegotiate);
1177 	case SSL_CTRL_SESS_HIT:
1178 		return(ctx->stats.sess_hit);
1179 	case SSL_CTRL_SESS_CB_HIT:
1180 		return(ctx->stats.sess_cb_hit);
1181 	case SSL_CTRL_SESS_MISSES:
1182 		return(ctx->stats.sess_miss);
1183 	case SSL_CTRL_SESS_TIMEOUTS:
1184 		return(ctx->stats.sess_timeout);
1185 	case SSL_CTRL_SESS_CACHE_FULL:
1186 		return(ctx->stats.sess_cache_full);
1187 	case SSL_CTRL_OPTIONS:
1188 		return(ctx->options|=larg);
1189 	case SSL_CTRL_CLEAR_OPTIONS:
1190 		return(ctx->options&=~larg);
1191 	case SSL_CTRL_MODE:
1192 		return(ctx->mode|=larg);
1193 	case SSL_CTRL_CLEAR_MODE:
1194 		return(ctx->mode&=~larg);
1195 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1196 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1197 			return 0;
1198 		ctx->max_send_fragment = larg;
1199 		return 1;
1200 	default:
1201 		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1202 		}
1203 	}
1204 
1205 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1206 	{
1207 	switch(cmd)
1208 		{
1209 	case SSL_CTRL_SET_MSG_CALLBACK:
1210 		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1211 		return 1;
1212 
1213 	default:
1214 		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1215 		}
1216 	}
1217 
1218 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1219 	{
1220 	long l;
1221 
1222 	l=a->id-b->id;
1223 	if (l == 0L)
1224 		return(0);
1225 	else
1226 		return((l > 0)?1:-1);
1227 	}
1228 
1229 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1230 			const SSL_CIPHER * const *bp)
1231 	{
1232 	long l;
1233 
1234 	l=(*ap)->id-(*bp)->id;
1235 	if (l == 0L)
1236 		return(0);
1237 	else
1238 		return((l > 0)?1:-1);
1239 	}
1240 
1241 /** return a STACK of the ciphers available for the SSL and in order of
1242  * preference */
1243 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1244 	{
1245 	if (s != NULL)
1246 		{
1247 		if (s->cipher_list != NULL)
1248 			{
1249 			return(s->cipher_list);
1250 			}
1251 		else if ((s->ctx != NULL) &&
1252 			(s->ctx->cipher_list != NULL))
1253 			{
1254 			return(s->ctx->cipher_list);
1255 			}
1256 		}
1257 	return(NULL);
1258 	}
1259 
1260 /** return a STACK of the ciphers available for the SSL and in order of
1261  * algorithm id */
1262 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1263 	{
1264 	if (s != NULL)
1265 		{
1266 		if (s->cipher_list_by_id != NULL)
1267 			{
1268 			return(s->cipher_list_by_id);
1269 			}
1270 		else if ((s->ctx != NULL) &&
1271 			(s->ctx->cipher_list_by_id != NULL))
1272 			{
1273 			return(s->ctx->cipher_list_by_id);
1274 			}
1275 		}
1276 	return(NULL);
1277 	}
1278 
1279 /** The old interface to get the same thing as SSL_get_ciphers() */
1280 const char *SSL_get_cipher_list(const SSL *s,int n)
1281 	{
1282 	SSL_CIPHER *c;
1283 	STACK_OF(SSL_CIPHER) *sk;
1284 
1285 	if (s == NULL) return(NULL);
1286 	sk=SSL_get_ciphers(s);
1287 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1288 		return(NULL);
1289 	c=sk_SSL_CIPHER_value(sk,n);
1290 	if (c == NULL) return(NULL);
1291 	return(c->name);
1292 	}
1293 
1294 /** specify the ciphers to be used by default by the SSL_CTX */
1295 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1296 	{
1297 	STACK_OF(SSL_CIPHER) *sk;
1298 
1299 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1300 		&ctx->cipher_list_by_id,str);
1301 	/* ssl_create_cipher_list may return an empty stack if it
1302 	 * was unable to find a cipher matching the given rule string
1303 	 * (for example if the rule string specifies a cipher which
1304 	 * has been disabled). This is not an error as far as
1305 	 * ssl_create_cipher_list is concerned, and hence
1306 	 * ctx->cipher_list and ctx->cipher_list_by_id has been
1307 	 * updated. */
1308 	if (sk == NULL)
1309 		return 0;
1310 	else if (sk_SSL_CIPHER_num(sk) == 0)
1311 		{
1312 		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1313 		return 0;
1314 		}
1315 	return 1;
1316 	}
1317 
1318 /** specify the ciphers to be used by the SSL */
1319 int SSL_set_cipher_list(SSL *s,const char *str)
1320 	{
1321 	STACK_OF(SSL_CIPHER) *sk;
1322 
1323 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1324 		&s->cipher_list_by_id,str);
1325 	/* see comment in SSL_CTX_set_cipher_list */
1326 	if (sk == NULL)
1327 		return 0;
1328 	else if (sk_SSL_CIPHER_num(sk) == 0)
1329 		{
1330 		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1331 		return 0;
1332 		}
1333 	return 1;
1334 	}
1335 
1336 /* works well for SSLv2, not so good for SSLv3 */
1337 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1338 	{
1339 	char *p;
1340 	STACK_OF(SSL_CIPHER) *sk;
1341 	SSL_CIPHER *c;
1342 	int i;
1343 
1344 	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1345 		(len < 2))
1346 		return(NULL);
1347 
1348 	p=buf;
1349 	sk=s->session->ciphers;
1350 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1351 		{
1352 		int n;
1353 
1354 		c=sk_SSL_CIPHER_value(sk,i);
1355 		n=strlen(c->name);
1356 		if (n+1 > len)
1357 			{
1358 			if (p != buf)
1359 				--p;
1360 			*p='\0';
1361 			return buf;
1362 			}
1363 		strcpy(p,c->name);
1364 		p+=n;
1365 		*(p++)=':';
1366 		len-=n+1;
1367 		}
1368 	p[-1]='\0';
1369 	return(buf);
1370 	}
1371 
1372 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1373 			     int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1374 	{
1375 	int i,j=0;
1376 	SSL_CIPHER *c;
1377 	unsigned char *q;
1378 #ifndef OPENSSL_NO_KRB5
1379 	int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1380 #endif /* OPENSSL_NO_KRB5 */
1381 
1382 	if (sk == NULL) return(0);
1383 	q=p;
1384 
1385 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1386 		{
1387 		c=sk_SSL_CIPHER_value(sk,i);
1388 		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1389 		if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1390 			(TLS1_get_client_version(s) < TLS1_2_VERSION))
1391 			continue;
1392 #ifndef OPENSSL_NO_KRB5
1393 		if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1394 		    nokrb5)
1395 		    continue;
1396 #endif /* OPENSSL_NO_KRB5 */
1397 #ifndef OPENSSL_NO_PSK
1398 		/* with PSK there must be client callback set */
1399 		if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1400 		    s->psk_client_callback == NULL)
1401 			continue;
1402 #endif /* OPENSSL_NO_PSK */
1403 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1404 		p+=j;
1405 		}
1406 	/* If p == q, no ciphers and caller indicates an error. Otherwise
1407 	 * add SCSV if not renegotiating.
1408 	 */
1409 	if (p != q && !s->renegotiate)
1410 		{
1411 		static SSL_CIPHER scsv =
1412 			{
1413 			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1414 			};
1415 		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1416 		p+=j;
1417 #ifdef OPENSSL_RI_DEBUG
1418 		fprintf(stderr, "SCSV sent by client\n");
1419 #endif
1420 		}
1421 
1422 	return(p-q);
1423 	}
1424 
1425 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1426 					       STACK_OF(SSL_CIPHER) **skp)
1427 	{
1428 	const SSL_CIPHER *c;
1429 	STACK_OF(SSL_CIPHER) *sk;
1430 	int i,n;
1431 	if (s->s3)
1432 		s->s3->send_connection_binding = 0;
1433 
1434 	n=ssl_put_cipher_by_char(s,NULL,NULL);
1435 	if ((num%n) != 0)
1436 		{
1437 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1438 		return(NULL);
1439 		}
1440 	if ((skp == NULL) || (*skp == NULL))
1441 		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1442 	else
1443 		{
1444 		sk= *skp;
1445 		sk_SSL_CIPHER_zero(sk);
1446 		}
1447 
1448 	for (i=0; i<num; i+=n)
1449 		{
1450 		/* Check for SCSV */
1451 		if (s->s3 && (n != 3 || !p[0]) &&
1452 			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1453 			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
1454 			{
1455 			/* SCSV fatal if renegotiating */
1456 			if (s->renegotiate)
1457 				{
1458 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1459 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1460 				goto err;
1461 				}
1462 			s->s3->send_connection_binding = 1;
1463 			p += n;
1464 #ifdef OPENSSL_RI_DEBUG
1465 			fprintf(stderr, "SCSV received by server\n");
1466 #endif
1467 			continue;
1468 			}
1469 
1470 		c=ssl_get_cipher_by_char(s,p);
1471 		p+=n;
1472 		if (c != NULL)
1473 			{
1474 			if (!sk_SSL_CIPHER_push(sk,c))
1475 				{
1476 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1477 				goto err;
1478 				}
1479 			}
1480 		}
1481 
1482 	if (skp != NULL)
1483 		*skp=sk;
1484 	return(sk);
1485 err:
1486 	if ((skp == NULL) || (*skp == NULL))
1487 		sk_SSL_CIPHER_free(sk);
1488 	return(NULL);
1489 	}
1490 
1491 
1492 #ifndef OPENSSL_NO_TLSEXT
1493 /** return a servername extension value if provided in Client Hello, or NULL.
1494  * So far, only host_name types are defined (RFC 3546).
1495  */
1496 
1497 const char *SSL_get_servername(const SSL *s, const int type)
1498 	{
1499 	if (type != TLSEXT_NAMETYPE_host_name)
1500 		return NULL;
1501 
1502 	return s->session && !s->tlsext_hostname ?
1503 		s->session->tlsext_hostname :
1504 		s->tlsext_hostname;
1505 	}
1506 
1507 int SSL_get_servername_type(const SSL *s)
1508 	{
1509 	if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1510 		return TLSEXT_NAMETYPE_host_name;
1511 	return -1;
1512 	}
1513 
1514 # ifndef OPENSSL_NO_NEXTPROTONEG
1515 /* SSL_select_next_proto implements the standard protocol selection. It is
1516  * expected that this function is called from the callback set by
1517  * SSL_CTX_set_next_proto_select_cb.
1518  *
1519  * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1520  * strings. The length byte itself is not included in the length. A byte
1521  * string of length 0 is invalid. No byte string may be truncated.
1522  *
1523  * The current, but experimental algorithm for selecting the protocol is:
1524  *
1525  * 1) If the server doesn't support NPN then this is indicated to the
1526  * callback. In this case, the client application has to abort the connection
1527  * or have a default application level protocol.
1528  *
1529  * 2) If the server supports NPN, but advertises an empty list then the
1530  * client selects the first protcol in its list, but indicates via the
1531  * API that this fallback case was enacted.
1532  *
1533  * 3) Otherwise, the client finds the first protocol in the server's list
1534  * that it supports and selects this protocol. This is because it's
1535  * assumed that the server has better information about which protocol
1536  * a client should use.
1537  *
1538  * 4) If the client doesn't support any of the server's advertised
1539  * protocols, then this is treated the same as case 2.
1540  *
1541  * It returns either
1542  * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1543  * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1544  */
1545 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
1546 	{
1547 	unsigned int i, j;
1548 	const unsigned char *result;
1549 	int status = OPENSSL_NPN_UNSUPPORTED;
1550 
1551 	/* For each protocol in server preference order, see if we support it. */
1552 	for (i = 0; i < server_len; )
1553 		{
1554 		for (j = 0; j < client_len; )
1555 			{
1556 			if (server[i] == client[j] &&
1557 			    memcmp(&server[i+1], &client[j+1], server[i]) == 0)
1558 				{
1559 				/* We found a match */
1560 				result = &server[i];
1561 				status = OPENSSL_NPN_NEGOTIATED;
1562 				goto found;
1563 				}
1564 			j += client[j];
1565 			j++;
1566 			}
1567 		i += server[i];
1568 		i++;
1569 		}
1570 
1571 	/* There's no overlap between our protocols and the server's list. */
1572 	result = client;
1573 	status = OPENSSL_NPN_NO_OVERLAP;
1574 
1575 	found:
1576 	*out = (unsigned char *) result + 1;
1577 	*outlen = result[0];
1578 	return status;
1579 	}
1580 
1581 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1582  * requested protocol for this connection and returns 0. If the client didn't
1583  * request any protocol, then *data is set to NULL.
1584  *
1585  * Note that the client can request any protocol it chooses. The value returned
1586  * from this function need not be a member of the list of supported protocols
1587  * provided by the callback.
1588  */
1589 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
1590 	{
1591 	*data = s->next_proto_negotiated;
1592 	if (!*data) {
1593 		*len = 0;
1594 	} else {
1595 		*len = s->next_proto_negotiated_len;
1596 	}
1597 }
1598 
1599 /* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1600  * TLS server needs a list of supported protocols for Next Protocol
1601  * Negotiation. The returned list must be in wire format.  The list is returned
1602  * by setting |out| to point to it and |outlen| to its length. This memory will
1603  * not be modified, but one should assume that the SSL* keeps a reference to
1604  * it.
1605  *
1606  * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
1607  * such extension will be included in the ServerHello. */
1608 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1609 	{
1610 	ctx->next_protos_advertised_cb = cb;
1611 	ctx->next_protos_advertised_cb_arg = arg;
1612 	}
1613 
1614 /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1615  * client needs to select a protocol from the server's provided list. |out|
1616  * must be set to point to the selected protocol (which may be within |in|).
1617  * The length of the protocol name must be written into |outlen|. The server's
1618  * advertised protocols are provided in |in| and |inlen|. The callback can
1619  * assume that |in| is syntactically valid.
1620  *
1621  * The client must select a protocol. It is fatal to the connection if this
1622  * callback returns a value other than SSL_TLSEXT_ERR_OK.
1623  */
1624 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1625 	{
1626 	ctx->next_proto_select_cb = cb;
1627 	ctx->next_proto_select_cb_arg = arg;
1628 	}
1629 # endif
1630 #endif
1631 
1632 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1633 	const char *label, size_t llen, const unsigned char *p, size_t plen,
1634 	int use_context)
1635 	{
1636 	if (s->version < TLS1_VERSION)
1637 		return -1;
1638 
1639 	return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
1640 							   llen, p, plen,
1641 							   use_context);
1642 	}
1643 
1644 static unsigned long ssl_session_hash(const SSL_SESSION *a)
1645 	{
1646 	unsigned long l;
1647 
1648 	l=(unsigned long)
1649 		((unsigned int) a->session_id[0]     )|
1650 		((unsigned int) a->session_id[1]<< 8L)|
1651 		((unsigned long)a->session_id[2]<<16L)|
1652 		((unsigned long)a->session_id[3]<<24L);
1653 	return(l);
1654 	}
1655 
1656 /* NB: If this function (or indeed the hash function which uses a sort of
1657  * coarser function than this one) is changed, ensure
1658  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1659  * able to construct an SSL_SESSION that will collide with any existing session
1660  * with a matching session ID. */
1661 static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1662 	{
1663 	if (a->ssl_version != b->ssl_version)
1664 		return(1);
1665 	if (a->session_id_length != b->session_id_length)
1666 		return(1);
1667 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
1668 	}
1669 
1670 /* These wrapper functions should remain rather than redeclaring
1671  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1672  * variable. The reason is that the functions aren't static, they're exposed via
1673  * ssl.h. */
1674 static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1675 static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1676 
1677 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1678 	{
1679 	SSL_CTX *ret=NULL;
1680 
1681 	if (meth == NULL)
1682 		{
1683 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1684 		return(NULL);
1685 		}
1686 
1687 #ifdef OPENSSL_FIPS
1688 	if (FIPS_mode() && (meth->version < TLS1_VERSION))
1689 		{
1690 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1691 		return NULL;
1692 		}
1693 #endif
1694 
1695 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1696 		{
1697 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1698 		goto err;
1699 		}
1700 	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1701 	if (ret == NULL)
1702 		goto err;
1703 
1704 	memset(ret,0,sizeof(SSL_CTX));
1705 
1706 	ret->method=meth;
1707 
1708 	ret->cert_store=NULL;
1709 	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1710 	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1711 	ret->session_cache_head=NULL;
1712 	ret->session_cache_tail=NULL;
1713 
1714 	/* We take the system default */
1715 	ret->session_timeout=meth->get_timeout();
1716 
1717 	ret->new_session_cb=0;
1718 	ret->remove_session_cb=0;
1719 	ret->get_session_cb=0;
1720 	ret->generate_session_id=0;
1721 
1722 	memset((char *)&ret->stats,0,sizeof(ret->stats));
1723 
1724 	ret->references=1;
1725 	ret->quiet_shutdown=0;
1726 
1727 /*	ret->cipher=NULL;*/
1728 /*	ret->s2->challenge=NULL;
1729 	ret->master_key=NULL;
1730 	ret->key_arg=NULL;
1731 	ret->s2->conn_id=NULL; */
1732 
1733 	ret->info_callback=NULL;
1734 
1735 	ret->app_verify_callback=0;
1736 	ret->app_verify_arg=NULL;
1737 
1738 	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1739 	ret->read_ahead=0;
1740 	ret->msg_callback=0;
1741 	ret->msg_callback_arg=NULL;
1742 	ret->verify_mode=SSL_VERIFY_NONE;
1743 #if 0
1744 	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1745 #endif
1746 	ret->sid_ctx_length=0;
1747 	ret->default_verify_callback=NULL;
1748 	if ((ret->cert=ssl_cert_new()) == NULL)
1749 		goto err;
1750 
1751 	ret->default_passwd_callback=0;
1752 	ret->default_passwd_callback_userdata=NULL;
1753 	ret->client_cert_cb=0;
1754 	ret->app_gen_cookie_cb=0;
1755 	ret->app_verify_cookie_cb=0;
1756 
1757 	ret->sessions=lh_SSL_SESSION_new();
1758 	if (ret->sessions == NULL) goto err;
1759 	ret->cert_store=X509_STORE_new();
1760 	if (ret->cert_store == NULL) goto err;
1761 
1762 	ssl_create_cipher_list(ret->method,
1763 		&ret->cipher_list,&ret->cipher_list_by_id,
1764 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1765 	if (ret->cipher_list == NULL
1766 	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1767 		{
1768 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1769 		goto err2;
1770 		}
1771 
1772 	ret->param = X509_VERIFY_PARAM_new();
1773 	if (!ret->param)
1774 		goto err;
1775 
1776 	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1777 		{
1778 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1779 		goto err2;
1780 		}
1781 	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1782 		{
1783 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1784 		goto err2;
1785 		}
1786 	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1787 		{
1788 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1789 		goto err2;
1790 		}
1791 
1792 	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1793 		goto err;
1794 
1795 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1796 
1797 	ret->extra_certs=NULL;
1798 	ret->comp_methods=SSL_COMP_get_compression_methods();
1799 
1800 	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1801 
1802 #ifndef OPENSSL_NO_TLSEXT
1803 	ret->tlsext_servername_callback = 0;
1804 	ret->tlsext_servername_arg = NULL;
1805 	/* Setup RFC4507 ticket keys */
1806 	if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1807 		|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1808 		|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1809 		ret->options |= SSL_OP_NO_TICKET;
1810 
1811 	ret->tlsext_status_cb = 0;
1812 	ret->tlsext_status_arg = NULL;
1813 
1814 # ifndef OPENSSL_NO_NEXTPROTONEG
1815 	ret->next_protos_advertised_cb = 0;
1816 	ret->next_proto_select_cb = 0;
1817 # endif
1818 #endif
1819 #ifndef OPENSSL_NO_PSK
1820 	ret->psk_identity_hint=NULL;
1821 	ret->psk_client_callback=NULL;
1822 	ret->psk_server_callback=NULL;
1823 #endif
1824 #ifndef OPENSSL_NO_SRP
1825 	SSL_CTX_SRP_CTX_init(ret);
1826 #endif
1827 #ifndef OPENSSL_NO_BUF_FREELISTS
1828 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1829 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1830 	if (!ret->rbuf_freelist)
1831 		goto err;
1832 	ret->rbuf_freelist->chunklen = 0;
1833 	ret->rbuf_freelist->len = 0;
1834 	ret->rbuf_freelist->head = NULL;
1835 	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1836 	if (!ret->wbuf_freelist)
1837 		{
1838 		OPENSSL_free(ret->rbuf_freelist);
1839 		goto err;
1840 		}
1841 	ret->wbuf_freelist->chunklen = 0;
1842 	ret->wbuf_freelist->len = 0;
1843 	ret->wbuf_freelist->head = NULL;
1844 #endif
1845 #ifndef OPENSSL_NO_ENGINE
1846 	ret->client_cert_engine = NULL;
1847 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1848 #define eng_strx(x)	#x
1849 #define eng_str(x)	eng_strx(x)
1850 	/* Use specific client engine automatically... ignore errors */
1851 	{
1852 	ENGINE *eng;
1853 	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1854 	if (!eng)
1855 		{
1856 		ERR_clear_error();
1857 		ENGINE_load_builtin_engines();
1858 		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1859 		}
1860 	if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1861 		ERR_clear_error();
1862 	}
1863 #endif
1864 #endif
1865 	/* Default is to connect to non-RI servers. When RI is more widely
1866 	 * deployed might change this.
1867 	 */
1868 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1869 
1870 	return(ret);
1871 err:
1872 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1873 err2:
1874 	if (ret != NULL) SSL_CTX_free(ret);
1875 	return(NULL);
1876 	}
1877 
1878 #if 0
1879 static void SSL_COMP_free(SSL_COMP *comp)
1880     { OPENSSL_free(comp); }
1881 #endif
1882 
1883 #ifndef OPENSSL_NO_BUF_FREELISTS
1884 static void
1885 ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1886 	{
1887 	SSL3_BUF_FREELIST_ENTRY *ent, *next;
1888 	for (ent = list->head; ent; ent = next)
1889 		{
1890 		next = ent->next;
1891 		OPENSSL_free(ent);
1892 		}
1893 	OPENSSL_free(list);
1894 	}
1895 #endif
1896 
1897 void SSL_CTX_free(SSL_CTX *a)
1898 	{
1899 	int i;
1900 
1901 	if (a == NULL) return;
1902 
1903 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1904 #ifdef REF_PRINT
1905 	REF_PRINT("SSL_CTX",a);
1906 #endif
1907 	if (i > 0) return;
1908 #ifdef REF_CHECK
1909 	if (i < 0)
1910 		{
1911 		fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1912 		abort(); /* ok */
1913 		}
1914 #endif
1915 
1916 	if (a->param)
1917 		X509_VERIFY_PARAM_free(a->param);
1918 
1919 	/*
1920 	 * Free internal session cache. However: the remove_cb() may reference
1921 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1922 	 * after the sessions were flushed.
1923 	 * As the ex_data handling routines might also touch the session cache,
1924 	 * the most secure solution seems to be: empty (flush) the cache, then
1925 	 * free ex_data, then finally free the cache.
1926 	 * (See ticket [openssl.org #212].)
1927 	 */
1928 	if (a->sessions != NULL)
1929 		SSL_CTX_flush_sessions(a,0);
1930 
1931 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1932 
1933 	if (a->sessions != NULL)
1934 		lh_SSL_SESSION_free(a->sessions);
1935 
1936 	if (a->cert_store != NULL)
1937 		X509_STORE_free(a->cert_store);
1938 	if (a->cipher_list != NULL)
1939 		sk_SSL_CIPHER_free(a->cipher_list);
1940 	if (a->cipher_list_by_id != NULL)
1941 		sk_SSL_CIPHER_free(a->cipher_list_by_id);
1942 	if (a->cert != NULL)
1943 		ssl_cert_free(a->cert);
1944 	if (a->client_CA != NULL)
1945 		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1946 	if (a->extra_certs != NULL)
1947 		sk_X509_pop_free(a->extra_certs,X509_free);
1948 #if 0 /* This should never be done, since it removes a global database */
1949 	if (a->comp_methods != NULL)
1950 		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1951 #else
1952 	a->comp_methods = NULL;
1953 #endif
1954 
1955         if (a->srtp_profiles)
1956                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1957 
1958 #ifndef OPENSSL_NO_PSK
1959 	if (a->psk_identity_hint)
1960 		OPENSSL_free(a->psk_identity_hint);
1961 #endif
1962 #ifndef OPENSSL_NO_SRP
1963 	SSL_CTX_SRP_CTX_free(a);
1964 #endif
1965 #ifndef OPENSSL_NO_ENGINE
1966 	if (a->client_cert_engine)
1967 		ENGINE_finish(a->client_cert_engine);
1968 #endif
1969 
1970 #ifndef OPENSSL_NO_BUF_FREELISTS
1971 	if (a->wbuf_freelist)
1972 		ssl_buf_freelist_free(a->wbuf_freelist);
1973 	if (a->rbuf_freelist)
1974 		ssl_buf_freelist_free(a->rbuf_freelist);
1975 #endif
1976 
1977 	OPENSSL_free(a);
1978 	}
1979 
1980 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1981 	{
1982 	ctx->default_passwd_callback=cb;
1983 	}
1984 
1985 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1986 	{
1987 	ctx->default_passwd_callback_userdata=u;
1988 	}
1989 
1990 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1991 	{
1992 	ctx->app_verify_callback=cb;
1993 	ctx->app_verify_arg=arg;
1994 	}
1995 
1996 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1997 	{
1998 	ctx->verify_mode=mode;
1999 	ctx->default_verify_callback=cb;
2000 	}
2001 
2002 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
2003 	{
2004 	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2005 	}
2006 
2007 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2008 	{
2009 	CERT_PKEY *cpk;
2010 	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
2011 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
2012 	int rsa_tmp_export,dh_tmp_export,kl;
2013 	unsigned long mask_k,mask_a,emask_k,emask_a;
2014 	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
2015 #ifndef OPENSSL_NO_ECDH
2016 	int have_ecdh_tmp;
2017 #endif
2018 	X509 *x = NULL;
2019 	EVP_PKEY *ecc_pkey = NULL;
2020 	int signature_nid = 0, pk_nid = 0, md_nid = 0;
2021 
2022 	if (c == NULL) return;
2023 
2024 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
2025 
2026 #ifndef OPENSSL_NO_RSA
2027 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
2028 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
2029 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
2030 #else
2031 	rsa_tmp=rsa_tmp_export=0;
2032 #endif
2033 #ifndef OPENSSL_NO_DH
2034 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
2035 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
2036 		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
2037 #else
2038 	dh_tmp=dh_tmp_export=0;
2039 #endif
2040 
2041 #ifndef OPENSSL_NO_ECDH
2042 	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
2043 #endif
2044 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
2045 	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
2046 	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2047 	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2048 	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
2049 	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2050 	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
2051 	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
2052 	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
2053 	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2054 	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
2055 /* FIX THIS EAY EAY EAY */
2056 	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
2057 	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2058 	cpk= &(c->pkeys[SSL_PKEY_ECC]);
2059 	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
2060 	mask_k=0;
2061 	mask_a=0;
2062 	emask_k=0;
2063 	emask_a=0;
2064 
2065 
2066 
2067 #ifdef CIPHER_DEBUG
2068 	printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2069 	        rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
2070 		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
2071 #endif
2072 
2073 	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2074 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2075 		mask_k |= SSL_kGOST;
2076 		mask_a |= SSL_aGOST01;
2077 	}
2078 	cpk = &(c->pkeys[SSL_PKEY_GOST94]);
2079 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2080 		mask_k |= SSL_kGOST;
2081 		mask_a |= SSL_aGOST94;
2082 	}
2083 
2084 	if (rsa_enc || (rsa_tmp && rsa_sign))
2085 		mask_k|=SSL_kRSA;
2086 	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
2087 		emask_k|=SSL_kRSA;
2088 
2089 #if 0
2090 	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
2091 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
2092 		(rsa_enc || rsa_sign || dsa_sign))
2093 		mask_k|=SSL_kEDH;
2094 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
2095 		(rsa_enc || rsa_sign || dsa_sign))
2096 		emask_k|=SSL_kEDH;
2097 #endif
2098 
2099 	if (dh_tmp_export)
2100 		emask_k|=SSL_kEDH;
2101 
2102 	if (dh_tmp)
2103 		mask_k|=SSL_kEDH;
2104 
2105 	if (dh_rsa) mask_k|=SSL_kDHr;
2106 	if (dh_rsa_export) emask_k|=SSL_kDHr;
2107 
2108 	if (dh_dsa) mask_k|=SSL_kDHd;
2109 	if (dh_dsa_export) emask_k|=SSL_kDHd;
2110 
2111 	if (rsa_enc || rsa_sign)
2112 		{
2113 		mask_a|=SSL_aRSA;
2114 		emask_a|=SSL_aRSA;
2115 		}
2116 
2117 	if (dsa_sign)
2118 		{
2119 		mask_a|=SSL_aDSS;
2120 		emask_a|=SSL_aDSS;
2121 		}
2122 
2123 	mask_a|=SSL_aNULL;
2124 	emask_a|=SSL_aNULL;
2125 
2126 #ifndef OPENSSL_NO_KRB5
2127 	mask_k|=SSL_kKRB5;
2128 	mask_a|=SSL_aKRB5;
2129 	emask_k|=SSL_kKRB5;
2130 	emask_a|=SSL_aKRB5;
2131 #endif
2132 
2133 	/* An ECC certificate may be usable for ECDH and/or
2134 	 * ECDSA cipher suites depending on the key usage extension.
2135 	 */
2136 	if (have_ecc_cert)
2137 		{
2138 		/* This call populates extension flags (ex_flags) */
2139 		x = (c->pkeys[SSL_PKEY_ECC]).x509;
2140 		X509_check_purpose(x, -1, 0);
2141 		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2142 		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2143 		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2144 		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2145 		ecc_pkey = X509_get_pubkey(x);
2146 		ecc_pkey_size = (ecc_pkey != NULL) ?
2147 		    EVP_PKEY_bits(ecc_pkey) : 0;
2148 		EVP_PKEY_free(ecc_pkey);
2149 		if ((x->sig_alg) && (x->sig_alg->algorithm))
2150 			{
2151 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2152 			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2153 			}
2154 #ifndef OPENSSL_NO_ECDH
2155 		if (ecdh_ok)
2156 			{
2157 
2158 			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
2159 				{
2160 				mask_k|=SSL_kECDHr;
2161 				mask_a|=SSL_aECDH;
2162 				if (ecc_pkey_size <= 163)
2163 					{
2164 					emask_k|=SSL_kECDHr;
2165 					emask_a|=SSL_aECDH;
2166 					}
2167 				}
2168 
2169 			if (pk_nid == NID_X9_62_id_ecPublicKey)
2170 				{
2171 				mask_k|=SSL_kECDHe;
2172 				mask_a|=SSL_aECDH;
2173 				if (ecc_pkey_size <= 163)
2174 					{
2175 					emask_k|=SSL_kECDHe;
2176 					emask_a|=SSL_aECDH;
2177 					}
2178 				}
2179 			}
2180 #endif
2181 #ifndef OPENSSL_NO_ECDSA
2182 		if (ecdsa_ok)
2183 			{
2184 			mask_a|=SSL_aECDSA;
2185 			emask_a|=SSL_aECDSA;
2186 			}
2187 #endif
2188 		}
2189 
2190 #ifndef OPENSSL_NO_ECDH
2191 	if (have_ecdh_tmp)
2192 		{
2193 		mask_k|=SSL_kEECDH;
2194 		emask_k|=SSL_kEECDH;
2195 		}
2196 #endif
2197 
2198 #ifndef OPENSSL_NO_PSK
2199 	mask_k |= SSL_kPSK;
2200 	mask_a |= SSL_aPSK;
2201 	emask_k |= SSL_kPSK;
2202 	emask_a |= SSL_aPSK;
2203 #endif
2204 
2205 	c->mask_k=mask_k;
2206 	c->mask_a=mask_a;
2207 	c->export_mask_k=emask_k;
2208 	c->export_mask_a=emask_a;
2209 	c->valid=1;
2210 	}
2211 
2212 /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2213 #define ku_reject(x, usage) \
2214 	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2215 
2216 #ifndef OPENSSL_NO_EC
2217 
2218 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2219 	{
2220 	unsigned long alg_k, alg_a;
2221 	EVP_PKEY *pkey = NULL;
2222 	int keysize = 0;
2223 	int signature_nid = 0, md_nid = 0, pk_nid = 0;
2224 	const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2225 
2226 	alg_k = cs->algorithm_mkey;
2227 	alg_a = cs->algorithm_auth;
2228 
2229 	if (SSL_C_IS_EXPORT(cs))
2230 		{
2231 		/* ECDH key length in export ciphers must be <= 163 bits */
2232 		pkey = X509_get_pubkey(x);
2233 		if (pkey == NULL) return 0;
2234 		keysize = EVP_PKEY_bits(pkey);
2235 		EVP_PKEY_free(pkey);
2236 		if (keysize > 163) return 0;
2237 		}
2238 
2239 	/* This call populates the ex_flags field correctly */
2240 	X509_check_purpose(x, -1, 0);
2241 	if ((x->sig_alg) && (x->sig_alg->algorithm))
2242 		{
2243 		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2244 		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2245 		}
2246 	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2247 		{
2248 		/* key usage, if present, must allow key agreement */
2249 		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
2250 			{
2251 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2252 			return 0;
2253 			}
2254 		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
2255 			{
2256 			/* signature alg must be ECDSA */
2257 			if (pk_nid != NID_X9_62_id_ecPublicKey)
2258 				{
2259 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2260 				return 0;
2261 				}
2262 			}
2263 		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
2264 			{
2265 			/* signature alg must be RSA */
2266 
2267 			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
2268 				{
2269 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2270 				return 0;
2271 				}
2272 			}
2273 		}
2274 	if (alg_a & SSL_aECDSA)
2275 		{
2276 		/* key usage, if present, must allow signing */
2277 		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
2278 			{
2279 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2280 			return 0;
2281 			}
2282 		}
2283 
2284 	return 1;  /* all checks are ok */
2285 	}
2286 
2287 #endif
2288 
2289 /* THIS NEEDS CLEANING UP */
2290 X509 *ssl_get_server_send_cert(SSL *s)
2291 	{
2292 	unsigned long alg_k,alg_a;
2293 	CERT *c;
2294 	int i;
2295 
2296 	c=s->cert;
2297 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2298 
2299 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2300 	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2301 
2302 	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2303 		{
2304 		/* we don't need to look at SSL_kEECDH
2305 		 * since no certificate is needed for
2306 		 * anon ECDH and for authenticated
2307 		 * EECDH, the check for the auth
2308 		 * algorithm will set i correctly
2309 		 * NOTE: For ECDH-RSA, we need an ECC
2310 		 * not an RSA cert but for EECDH-RSA
2311 		 * we need an RSA cert. Placing the
2312 		 * checks for SSL_kECDH before RSA
2313 		 * checks ensures the correct cert is chosen.
2314 		 */
2315 		i=SSL_PKEY_ECC;
2316 		}
2317 	else if (alg_a & SSL_aECDSA)
2318 		{
2319 		i=SSL_PKEY_ECC;
2320 		}
2321 	else if (alg_k & SSL_kDHr)
2322 		i=SSL_PKEY_DH_RSA;
2323 	else if (alg_k & SSL_kDHd)
2324 		i=SSL_PKEY_DH_DSA;
2325 	else if (alg_a & SSL_aDSS)
2326 		i=SSL_PKEY_DSA_SIGN;
2327 	else if (alg_a & SSL_aRSA)
2328 		{
2329 		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2330 			i=SSL_PKEY_RSA_SIGN;
2331 		else
2332 			i=SSL_PKEY_RSA_ENC;
2333 		}
2334 	else if (alg_a & SSL_aKRB5)
2335 		{
2336 		/* VRS something else here? */
2337 		return(NULL);
2338 		}
2339 	else if (alg_a & SSL_aGOST94)
2340 		i=SSL_PKEY_GOST94;
2341 	else if (alg_a & SSL_aGOST01)
2342 		i=SSL_PKEY_GOST01;
2343 	else /* if (alg_a & SSL_aNULL) */
2344 		{
2345 		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
2346 		return(NULL);
2347 		}
2348 	if (c->pkeys[i].x509 == NULL) return(NULL);
2349 
2350 	return(c->pkeys[i].x509);
2351 	}
2352 
2353 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
2354 	{
2355 	unsigned long alg_a;
2356 	CERT *c;
2357 	int idx = -1;
2358 
2359 	alg_a = cipher->algorithm_auth;
2360 	c=s->cert;
2361 
2362 	if ((alg_a & SSL_aDSS) &&
2363 		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2364 		idx = SSL_PKEY_DSA_SIGN;
2365 	else if (alg_a & SSL_aRSA)
2366 		{
2367 		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2368 			idx = SSL_PKEY_RSA_SIGN;
2369 		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2370 			idx = SSL_PKEY_RSA_ENC;
2371 		}
2372 	else if ((alg_a & SSL_aECDSA) &&
2373 	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2374 		idx = SSL_PKEY_ECC;
2375 	if (idx == -1)
2376 		{
2377 		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
2378 		return(NULL);
2379 		}
2380 	if (pmd)
2381 		*pmd = c->pkeys[idx].digest;
2382 	return c->pkeys[idx].privatekey;
2383 	}
2384 
2385 void ssl_update_cache(SSL *s,int mode)
2386 	{
2387 	int i;
2388 
2389 	/* If the session_id_length is 0, we are not supposed to cache it,
2390 	 * and it would be rather hard to do anyway :-) */
2391 	if (s->session->session_id_length == 0) return;
2392 
2393 	i=s->session_ctx->session_cache_mode;
2394 	if ((i & mode) && (!s->hit)
2395 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2396 		    || SSL_CTX_add_session(s->session_ctx,s->session))
2397 		&& (s->session_ctx->new_session_cb != NULL))
2398 		{
2399 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
2400 		if (!s->session_ctx->new_session_cb(s,s->session))
2401 			SSL_SESSION_free(s->session);
2402 		}
2403 
2404 	/* auto flush every 255 connections */
2405 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2406 		((i & mode) == mode))
2407 		{
2408 		if (  (((mode & SSL_SESS_CACHE_CLIENT)
2409 			?s->session_ctx->stats.sess_connect_good
2410 			:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2411 			{
2412 			SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2413 			}
2414 		}
2415 	}
2416 
2417 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2418 	{
2419 	return(s->method);
2420 	}
2421 
2422 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2423 	{
2424 	int conn= -1;
2425 	int ret=1;
2426 
2427 	if (s->method != meth)
2428 		{
2429 		if (s->handshake_func != NULL)
2430 			conn=(s->handshake_func == s->method->ssl_connect);
2431 
2432 		if (s->method->version == meth->version)
2433 			s->method=meth;
2434 		else
2435 			{
2436 			s->method->ssl_free(s);
2437 			s->method=meth;
2438 			ret=s->method->ssl_new(s);
2439 			}
2440 
2441 		if (conn == 1)
2442 			s->handshake_func=meth->ssl_connect;
2443 		else if (conn == 0)
2444 			s->handshake_func=meth->ssl_accept;
2445 		}
2446 	return(ret);
2447 	}
2448 
2449 int SSL_get_error(const SSL *s,int i)
2450 	{
2451 	int reason;
2452 	unsigned long l;
2453 	BIO *bio;
2454 
2455 	if (i > 0) return(SSL_ERROR_NONE);
2456 
2457 	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2458 	 * etc, where we do encode the error */
2459 	if ((l=ERR_peek_error()) != 0)
2460 		{
2461 		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2462 			return(SSL_ERROR_SYSCALL);
2463 		else
2464 			return(SSL_ERROR_SSL);
2465 		}
2466 
2467 	if ((i < 0) && SSL_want_read(s))
2468 		{
2469 		bio=SSL_get_rbio(s);
2470 		if (BIO_should_read(bio))
2471 			return(SSL_ERROR_WANT_READ);
2472 		else if (BIO_should_write(bio))
2473 			/* This one doesn't make too much sense ... We never try
2474 			 * to write to the rbio, and an application program where
2475 			 * rbio and wbio are separate couldn't even know what it
2476 			 * should wait for.
2477 			 * However if we ever set s->rwstate incorrectly
2478 			 * (so that we have SSL_want_read(s) instead of
2479 			 * SSL_want_write(s)) and rbio and wbio *are* the same,
2480 			 * this test works around that bug; so it might be safer
2481 			 * to keep it. */
2482 			return(SSL_ERROR_WANT_WRITE);
2483 		else if (BIO_should_io_special(bio))
2484 			{
2485 			reason=BIO_get_retry_reason(bio);
2486 			if (reason == BIO_RR_CONNECT)
2487 				return(SSL_ERROR_WANT_CONNECT);
2488 			else if (reason == BIO_RR_ACCEPT)
2489 				return(SSL_ERROR_WANT_ACCEPT);
2490 			else
2491 				return(SSL_ERROR_SYSCALL); /* unknown */
2492 			}
2493 		}
2494 
2495 	if ((i < 0) && SSL_want_write(s))
2496 		{
2497 		bio=SSL_get_wbio(s);
2498 		if (BIO_should_write(bio))
2499 			return(SSL_ERROR_WANT_WRITE);
2500 		else if (BIO_should_read(bio))
2501 			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2502 			return(SSL_ERROR_WANT_READ);
2503 		else if (BIO_should_io_special(bio))
2504 			{
2505 			reason=BIO_get_retry_reason(bio);
2506 			if (reason == BIO_RR_CONNECT)
2507 				return(SSL_ERROR_WANT_CONNECT);
2508 			else if (reason == BIO_RR_ACCEPT)
2509 				return(SSL_ERROR_WANT_ACCEPT);
2510 			else
2511 				return(SSL_ERROR_SYSCALL);
2512 			}
2513 		}
2514 	if ((i < 0) && SSL_want_x509_lookup(s))
2515 		{
2516 		return(SSL_ERROR_WANT_X509_LOOKUP);
2517 		}
2518 
2519 	if (i == 0)
2520 		{
2521 		if (s->version == SSL2_VERSION)
2522 			{
2523 			/* assume it is the socket being closed */
2524 			return(SSL_ERROR_ZERO_RETURN);
2525 			}
2526 		else
2527 			{
2528 			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2529 				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2530 				return(SSL_ERROR_ZERO_RETURN);
2531 			}
2532 		}
2533 	return(SSL_ERROR_SYSCALL);
2534 	}
2535 
2536 int SSL_do_handshake(SSL *s)
2537 	{
2538 	int ret=1;
2539 
2540 	if (s->handshake_func == NULL)
2541 		{
2542 		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
2543 		return(-1);
2544 		}
2545 
2546 	s->method->ssl_renegotiate_check(s);
2547 
2548 	if (SSL_in_init(s) || SSL_in_before(s))
2549 		{
2550 		ret=s->handshake_func(s);
2551 		}
2552 	return(ret);
2553 	}
2554 
2555 /* For the next 2 functions, SSL_clear() sets shutdown and so
2556  * one of these calls will reset it */
2557 void SSL_set_accept_state(SSL *s)
2558 	{
2559 	s->server=1;
2560 	s->shutdown=0;
2561 	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2562 	s->handshake_func=s->method->ssl_accept;
2563 	/* clear the current cipher */
2564 	ssl_clear_cipher_ctx(s);
2565 	ssl_clear_hash_ctx(&s->read_hash);
2566 	ssl_clear_hash_ctx(&s->write_hash);
2567 	}
2568 
2569 void SSL_set_connect_state(SSL *s)
2570 	{
2571 	s->server=0;
2572 	s->shutdown=0;
2573 	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2574 	s->handshake_func=s->method->ssl_connect;
2575 	/* clear the current cipher */
2576 	ssl_clear_cipher_ctx(s);
2577 	ssl_clear_hash_ctx(&s->read_hash);
2578 	ssl_clear_hash_ctx(&s->write_hash);
2579 	}
2580 
2581 int ssl_undefined_function(SSL *s)
2582 	{
2583 	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2584 	return(0);
2585 	}
2586 
2587 int ssl_undefined_void_function(void)
2588 	{
2589 	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2590 	return(0);
2591 	}
2592 
2593 int ssl_undefined_const_function(const SSL *s)
2594 	{
2595 	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2596 	return(0);
2597 	}
2598 
2599 SSL_METHOD *ssl_bad_method(int ver)
2600 	{
2601 	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602 	return(NULL);
2603 	}
2604 
2605 const char *SSL_get_version(const SSL *s)
2606 	{
2607 	if (s->version == TLS1_2_VERSION)
2608 		return("TLSv1.2");
2609 	else if (s->version == TLS1_1_VERSION)
2610 		return("TLSv1.1");
2611 	if (s->version == TLS1_VERSION)
2612 		return("TLSv1");
2613 	else if (s->version == SSL3_VERSION)
2614 		return("SSLv3");
2615 	else if (s->version == SSL2_VERSION)
2616 		return("SSLv2");
2617 	else
2618 		return("unknown");
2619 	}
2620 
2621 SSL *SSL_dup(SSL *s)
2622 	{
2623 	STACK_OF(X509_NAME) *sk;
2624 	X509_NAME *xn;
2625 	SSL *ret;
2626 	int i;
2627 
2628 	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2629 	    return(NULL);
2630 
2631 	ret->version = s->version;
2632 	ret->type = s->type;
2633 	ret->method = s->method;
2634 
2635 	if (s->session != NULL)
2636 		{
2637 		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2638 		SSL_copy_session_id(ret,s);
2639 		}
2640 	else
2641 		{
2642 		/* No session has been established yet, so we have to expect
2643 		 * that s->cert or ret->cert will be changed later --
2644 		 * they should not both point to the same object,
2645 		 * and thus we can't use SSL_copy_session_id. */
2646 
2647 		ret->method->ssl_free(ret);
2648 		ret->method = s->method;
2649 		ret->method->ssl_new(ret);
2650 
2651 		if (s->cert != NULL)
2652 			{
2653 			if (ret->cert != NULL)
2654 				{
2655 				ssl_cert_free(ret->cert);
2656 				}
2657 			ret->cert = ssl_cert_dup(s->cert);
2658 			if (ret->cert == NULL)
2659 				goto err;
2660 			}
2661 
2662 		SSL_set_session_id_context(ret,
2663 			s->sid_ctx, s->sid_ctx_length);
2664 		}
2665 
2666 	ret->options=s->options;
2667 	ret->mode=s->mode;
2668 	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
2669 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
2670 	ret->msg_callback = s->msg_callback;
2671 	ret->msg_callback_arg = s->msg_callback_arg;
2672 	SSL_set_verify(ret,SSL_get_verify_mode(s),
2673 		SSL_get_verify_callback(s));
2674 	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
2675 	ret->generate_session_id = s->generate_session_id;
2676 
2677 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
2678 
2679 	ret->debug=s->debug;
2680 
2681 	/* copy app data, a little dangerous perhaps */
2682 	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2683 		goto err;
2684 
2685 	/* setup rbio, and wbio */
2686 	if (s->rbio != NULL)
2687 		{
2688 		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2689 			goto err;
2690 		}
2691 	if (s->wbio != NULL)
2692 		{
2693 		if (s->wbio != s->rbio)
2694 			{
2695 			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2696 				goto err;
2697 			}
2698 		else
2699 			ret->wbio=ret->rbio;
2700 		}
2701 	ret->rwstate = s->rwstate;
2702 	ret->in_handshake = s->in_handshake;
2703 	ret->handshake_func = s->handshake_func;
2704 	ret->server = s->server;
2705 	ret->renegotiate = s->renegotiate;
2706 	ret->new_session = s->new_session;
2707 	ret->quiet_shutdown = s->quiet_shutdown;
2708 	ret->shutdown=s->shutdown;
2709 	ret->state=s->state; /* SSL_dup does not really work at any state, though */
2710 	ret->rstate=s->rstate;
2711 	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2712 	ret->hit=s->hit;
2713 
2714 	X509_VERIFY_PARAM_inherit(ret->param, s->param);
2715 
2716 	/* dup the cipher_list and cipher_list_by_id stacks */
2717 	if (s->cipher_list != NULL)
2718 		{
2719 		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2720 			goto err;
2721 		}
2722 	if (s->cipher_list_by_id != NULL)
2723 		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2724 			== NULL)
2725 			goto err;
2726 
2727 	/* Dup the client_CA list */
2728 	if (s->client_CA != NULL)
2729 		{
2730 		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2731 		ret->client_CA=sk;
2732 		for (i=0; i<sk_X509_NAME_num(sk); i++)
2733 			{
2734 			xn=sk_X509_NAME_value(sk,i);
2735 			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2736 				{
2737 				X509_NAME_free(xn);
2738 				goto err;
2739 				}
2740 			}
2741 		}
2742 
2743 	if (0)
2744 		{
2745 err:
2746 		if (ret != NULL) SSL_free(ret);
2747 		ret=NULL;
2748 		}
2749 	return(ret);
2750 	}
2751 
2752 void ssl_clear_cipher_ctx(SSL *s)
2753 	{
2754 	if (s->enc_read_ctx != NULL)
2755 		{
2756 		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2757 		OPENSSL_free(s->enc_read_ctx);
2758 		s->enc_read_ctx=NULL;
2759 		}
2760 	if (s->enc_write_ctx != NULL)
2761 		{
2762 		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2763 		OPENSSL_free(s->enc_write_ctx);
2764 		s->enc_write_ctx=NULL;
2765 		}
2766 #ifndef OPENSSL_NO_COMP
2767 	if (s->expand != NULL)
2768 		{
2769 		COMP_CTX_free(s->expand);
2770 		s->expand=NULL;
2771 		}
2772 	if (s->compress != NULL)
2773 		{
2774 		COMP_CTX_free(s->compress);
2775 		s->compress=NULL;
2776 		}
2777 #endif
2778 	}
2779 
2780 /* Fix this function so that it takes an optional type parameter */
2781 X509 *SSL_get_certificate(const SSL *s)
2782 	{
2783 	if (s->cert != NULL)
2784 		return(s->cert->key->x509);
2785 	else
2786 		return(NULL);
2787 	}
2788 
2789 /* Fix this function so that it takes an optional type parameter */
2790 EVP_PKEY *SSL_get_privatekey(SSL *s)
2791 	{
2792 	if (s->cert != NULL)
2793 		return(s->cert->key->privatekey);
2794 	else
2795 		return(NULL);
2796 	}
2797 
2798 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2799 	{
2800 	if ((s->session != NULL) && (s->session->cipher != NULL))
2801 		return(s->session->cipher);
2802 	return(NULL);
2803 	}
2804 #ifdef OPENSSL_NO_COMP
2805 const void *SSL_get_current_compression(SSL *s)
2806 	{
2807 	return NULL;
2808 	}
2809 const void *SSL_get_current_expansion(SSL *s)
2810 	{
2811 	return NULL;
2812 	}
2813 #else
2814 
2815 const COMP_METHOD *SSL_get_current_compression(SSL *s)
2816 	{
2817 	if (s->compress != NULL)
2818 		return(s->compress->meth);
2819 	return(NULL);
2820 	}
2821 
2822 const COMP_METHOD *SSL_get_current_expansion(SSL *s)
2823 	{
2824 	if (s->expand != NULL)
2825 		return(s->expand->meth);
2826 	return(NULL);
2827 	}
2828 #endif
2829 
2830 int ssl_init_wbio_buffer(SSL *s,int push)
2831 	{
2832 	BIO *bbio;
2833 
2834 	if (s->bbio == NULL)
2835 		{
2836 		bbio=BIO_new(BIO_f_buffer());
2837 		if (bbio == NULL) return(0);
2838 		s->bbio=bbio;
2839 		}
2840 	else
2841 		{
2842 		bbio=s->bbio;
2843 		if (s->bbio == s->wbio)
2844 			s->wbio=BIO_pop(s->wbio);
2845 		}
2846 	(void)BIO_reset(bbio);
2847 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2848 	if (!BIO_set_read_buffer_size(bbio,1))
2849 		{
2850 		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
2851 		return(0);
2852 		}
2853 	if (push)
2854 		{
2855 		if (s->wbio != bbio)
2856 			s->wbio=BIO_push(bbio,s->wbio);
2857 		}
2858 	else
2859 		{
2860 		if (s->wbio == bbio)
2861 			s->wbio=BIO_pop(bbio);
2862 		}
2863 	return(1);
2864 	}
2865 
2866 void ssl_free_wbio_buffer(SSL *s)
2867 	{
2868 	if (s->bbio == NULL) return;
2869 
2870 	if (s->bbio == s->wbio)
2871 		{
2872 		/* remove buffering */
2873 		s->wbio=BIO_pop(s->wbio);
2874 #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2875 		assert(s->wbio != NULL);
2876 #endif
2877 	}
2878 	BIO_free(s->bbio);
2879 	s->bbio=NULL;
2880 	}
2881 
2882 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2883 	{
2884 	ctx->quiet_shutdown=mode;
2885 	}
2886 
2887 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2888 	{
2889 	return(ctx->quiet_shutdown);
2890 	}
2891 
2892 void SSL_set_quiet_shutdown(SSL *s,int mode)
2893 	{
2894 	s->quiet_shutdown=mode;
2895 	}
2896 
2897 int SSL_get_quiet_shutdown(const SSL *s)
2898 	{
2899 	return(s->quiet_shutdown);
2900 	}
2901 
2902 void SSL_set_shutdown(SSL *s,int mode)
2903 	{
2904 	s->shutdown=mode;
2905 	}
2906 
2907 int SSL_get_shutdown(const SSL *s)
2908 	{
2909 	return(s->shutdown);
2910 	}
2911 
2912 int SSL_version(const SSL *s)
2913 	{
2914 	return(s->version);
2915 	}
2916 
2917 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
2918 	{
2919 	return(ssl->ctx);
2920 	}
2921 
2922 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2923 	{
2924 	if (ssl->ctx == ctx)
2925 		return ssl->ctx;
2926 #ifndef OPENSSL_NO_TLSEXT
2927 	if (ctx == NULL)
2928 		ctx = ssl->initial_ctx;
2929 #endif
2930 	if (ssl->cert != NULL)
2931 		ssl_cert_free(ssl->cert);
2932 	ssl->cert = ssl_cert_dup(ctx->cert);
2933 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
2934 	if (ssl->ctx != NULL)
2935 		SSL_CTX_free(ssl->ctx); /* decrement reference count */
2936 	ssl->ctx = ctx;
2937 	return(ssl->ctx);
2938 	}
2939 
2940 #ifndef OPENSSL_NO_STDIO
2941 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2942 	{
2943 	return(X509_STORE_set_default_paths(ctx->cert_store));
2944 	}
2945 
2946 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2947 		const char *CApath)
2948 	{
2949 	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
2950 	}
2951 #endif
2952 
2953 void SSL_set_info_callback(SSL *ssl,
2954 	void (*cb)(const SSL *ssl,int type,int val))
2955 	{
2956 	ssl->info_callback=cb;
2957 	}
2958 
2959 /* One compiler (Diab DCC) doesn't like argument names in returned
2960    function pointer.  */
2961 void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2962 	{
2963 	return ssl->info_callback;
2964 	}
2965 
2966 int SSL_state(const SSL *ssl)
2967 	{
2968 	return(ssl->state);
2969 	}
2970 
2971 void SSL_set_state(SSL *ssl, int state)
2972 	{
2973 	ssl->state = state;
2974 	}
2975 
2976 void SSL_set_verify_result(SSL *ssl,long arg)
2977 	{
2978 	ssl->verify_result=arg;
2979 	}
2980 
2981 long SSL_get_verify_result(const SSL *ssl)
2982 	{
2983 	return(ssl->verify_result);
2984 	}
2985 
2986 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2987 			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2988 	{
2989 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2990 				new_func, dup_func, free_func);
2991 	}
2992 
2993 int SSL_set_ex_data(SSL *s,int idx,void *arg)
2994 	{
2995 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2996 	}
2997 
2998 void *SSL_get_ex_data(const SSL *s,int idx)
2999 	{
3000 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
3001 	}
3002 
3003 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
3004 			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
3005 	{
3006 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3007 				new_func, dup_func, free_func);
3008 	}
3009 
3010 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
3011 	{
3012 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
3013 	}
3014 
3015 void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
3016 	{
3017 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
3018 	}
3019 
3020 int ssl_ok(SSL *s)
3021 	{
3022 	return(1);
3023 	}
3024 
3025 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3026 	{
3027 	return(ctx->cert_store);
3028 	}
3029 
3030 void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
3031 	{
3032 	if (ctx->cert_store != NULL)
3033 		X509_STORE_free(ctx->cert_store);
3034 	ctx->cert_store=store;
3035 	}
3036 
3037 int SSL_want(const SSL *s)
3038 	{
3039 	return(s->rwstate);
3040 	}
3041 
3042 /*!
3043  * \brief Set the callback for generating temporary RSA keys.
3044  * \param ctx the SSL context.
3045  * \param cb the callback
3046  */
3047 
3048 #ifndef OPENSSL_NO_RSA
3049 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
3050 							  int is_export,
3051 							  int keylength))
3052     {
3053     SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3054     }
3055 
3056 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
3057 						  int is_export,
3058 						  int keylength))
3059     {
3060     SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3061     }
3062 #endif
3063 
3064 #ifdef DOXYGEN
3065 /*!
3066  * \brief The RSA temporary key callback function.
3067  * \param ssl the SSL session.
3068  * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
3069  * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
3070  * of the required key in bits.
3071  * \return the temporary RSA key.
3072  * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
3073  */
3074 
3075 RSA *cb(SSL *ssl,int is_export,int keylength)
3076     {}
3077 #endif
3078 
3079 /*!
3080  * \brief Set the callback for generating temporary DH keys.
3081  * \param ctx the SSL context.
3082  * \param dh the callback
3083  */
3084 
3085 #ifndef OPENSSL_NO_DH
3086 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
3087                                                         int keylength))
3088 	{
3089 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3090 	}
3091 
3092 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
3093                                                 int keylength))
3094 	{
3095 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3096 	}
3097 #endif
3098 
3099 #ifndef OPENSSL_NO_ECDH
3100 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3101                                                                 int keylength))
3102 	{
3103 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3104 	}
3105 
3106 void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3107                                                         int keylength))
3108 	{
3109 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3110 	}
3111 #endif
3112 
3113 #ifndef OPENSSL_NO_PSK
3114 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3115 	{
3116 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3117 		{
3118 		SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3119 		return 0;
3120 		}
3121 	if (ctx->psk_identity_hint != NULL)
3122 		OPENSSL_free(ctx->psk_identity_hint);
3123 	if (identity_hint != NULL)
3124 		{
3125 		ctx->psk_identity_hint = BUF_strdup(identity_hint);
3126 		if (ctx->psk_identity_hint == NULL)
3127 			return 0;
3128 		}
3129 	else
3130 		ctx->psk_identity_hint = NULL;
3131 	return 1;
3132 	}
3133 
3134 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3135 	{
3136 	if (s == NULL)
3137 		return 0;
3138 
3139 	if (s->session == NULL)
3140 		return 1; /* session not created yet, ignored */
3141 
3142 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3143 		{
3144 		SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3145 		return 0;
3146 		}
3147 	if (s->session->psk_identity_hint != NULL)
3148 		OPENSSL_free(s->session->psk_identity_hint);
3149 	if (identity_hint != NULL)
3150 		{
3151 		s->session->psk_identity_hint = BUF_strdup(identity_hint);
3152 		if (s->session->psk_identity_hint == NULL)
3153 			return 0;
3154 		}
3155 	else
3156 		s->session->psk_identity_hint = NULL;
3157 	return 1;
3158 	}
3159 
3160 const char *SSL_get_psk_identity_hint(const SSL *s)
3161 	{
3162 	if (s == NULL || s->session == NULL)
3163 		return NULL;
3164 	return(s->session->psk_identity_hint);
3165 	}
3166 
3167 const char *SSL_get_psk_identity(const SSL *s)
3168 	{
3169 	if (s == NULL || s->session == NULL)
3170 		return NULL;
3171 	return(s->session->psk_identity);
3172 	}
3173 
3174 void SSL_set_psk_client_callback(SSL *s,
3175     unsigned int (*cb)(SSL *ssl, const char *hint,
3176                        char *identity, unsigned int max_identity_len, unsigned char *psk,
3177                        unsigned int max_psk_len))
3178 	{
3179 	s->psk_client_callback = cb;
3180 	}
3181 
3182 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3183     unsigned int (*cb)(SSL *ssl, const char *hint,
3184                        char *identity, unsigned int max_identity_len, unsigned char *psk,
3185                        unsigned int max_psk_len))
3186 	{
3187 	ctx->psk_client_callback = cb;
3188 	}
3189 
3190 void SSL_set_psk_server_callback(SSL *s,
3191     unsigned int (*cb)(SSL *ssl, const char *identity,
3192                        unsigned char *psk, unsigned int max_psk_len))
3193 	{
3194 	s->psk_server_callback = cb;
3195 	}
3196 
3197 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3198     unsigned int (*cb)(SSL *ssl, const char *identity,
3199                        unsigned char *psk, unsigned int max_psk_len))
3200 	{
3201 	ctx->psk_server_callback = cb;
3202 	}
3203 #endif
3204 
3205 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3206 	{
3207 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3208 	}
3209 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3210 	{
3211 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3212 	}
3213 
3214 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3215  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
3216  * any. If EVP_MD pointer is passed, initializes ctx with this md
3217  * Returns newly allocated ctx;
3218  */
3219 
3220 EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3221 {
3222 	ssl_clear_hash_ctx(hash);
3223 	*hash = EVP_MD_CTX_create();
3224 	if (md) EVP_DigestInit_ex(*hash,md,NULL);
3225 	return *hash;
3226 }
3227 void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3228 {
3229 
3230 	if (*hash) EVP_MD_CTX_destroy(*hash);
3231 	*hash=NULL;
3232 }
3233 
3234 void SSL_set_debug(SSL *s, int debug)
3235 	{
3236 	s->debug = debug;
3237 	}
3238 
3239 int SSL_cache_hit(SSL *s)
3240 	{
3241 	return s->hit;
3242 	}
3243 
3244 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
3245 #include "../crypto/bio/bss_file.c"
3246 #endif
3247 
3248 IMPLEMENT_STACK_OF(SSL_CIPHER)
3249 IMPLEMENT_STACK_OF(SSL_COMP)
3250 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3251 				    ssl_cipher_id);
3252