Home | History | Annotate | Download | only in ssl
      1 /*! \file ssl/ssl_lib.c
      2  *  \brief Version independent SSL functions.
      3  */
      4 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      5  * All rights reserved.
      6  *
      7  * This package is an SSL implementation written
      8  * by Eric Young (eay (at) cryptsoft.com).
      9  * The implementation was written so as to conform with Netscapes SSL.
     10  *
     11  * This library is free for commercial and non-commercial use as long as
     12  * the following conditions are aheared to.  The following conditions
     13  * apply to all code found in this distribution, be it the RC4, RSA,
     14  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     15  * included with this distribution is covered by the same copyright terms
     16  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     17  *
     18  * Copyright remains Eric Young's, and as such any Copyright notices in
     19  * the code are not to be removed.
     20  * If this package is used in a product, Eric Young should be given attribution
     21  * as the author of the parts of the library used.
     22  * This can be in the form of a textual message at program startup or
     23  * in documentation (online or textual) provided with the package.
     24  *
     25  * Redistribution and use in source and binary forms, with or without
     26  * modification, are permitted provided that the following conditions
     27  * are met:
     28  * 1. Redistributions of source code must retain the copyright
     29  *    notice, this list of conditions and the following disclaimer.
     30  * 2. Redistributions in binary form must reproduce the above copyright
     31  *    notice, this list of conditions and the following disclaimer in the
     32  *    documentation and/or other materials provided with the distribution.
     33  * 3. All advertising materials mentioning features or use of this software
     34  *    must display the following acknowledgement:
     35  *    "This product includes cryptographic software written by
     36  *     Eric Young (eay (at) cryptsoft.com)"
     37  *    The word 'cryptographic' can be left out if the rouines from the library
     38  *    being used are not cryptographic related :-).
     39  * 4. If you include any Windows specific code (or a derivative thereof) from
     40  *    the apps directory (application code) you must include an acknowledgement:
     41  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     42  *
     43  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     53  * SUCH DAMAGE.
     54  *
     55  * The licence and distribution terms for any publically available version or
     56  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     57  * copied and put under another distribution licence
     58  * [including the GNU Public Licence.]
     59  */
     60 /* ====================================================================
     61  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     62  *
     63  * Redistribution and use in source and binary forms, with or without
     64  * modification, are permitted provided that the following conditions
     65  * are met:
     66  *
     67  * 1. Redistributions of source code must retain the above copyright
     68  *    notice, this list of conditions and the following disclaimer.
     69  *
     70  * 2. Redistributions in binary form must reproduce the above copyright
     71  *    notice, this list of conditions and the following disclaimer in
     72  *    the documentation and/or other materials provided with the
     73  *    distribution.
     74  *
     75  * 3. All advertising materials mentioning features or use of this
     76  *    software must display the following acknowledgment:
     77  *    "This product includes software developed by the OpenSSL Project
     78  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     79  *
     80  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     81  *    endorse or promote products derived from this software without
     82  *    prior written permission. For written permission, please contact
     83  *    openssl-core (at) openssl.org.
     84  *
     85  * 5. Products derived from this software may not be called "OpenSSL"
     86  *    nor may "OpenSSL" appear in their names without prior written
     87  *    permission of the OpenSSL Project.
     88  *
     89  * 6. Redistributions of any form whatsoever must retain the following
     90  *    acknowledgment:
     91  *    "This product includes software developed by the OpenSSL Project
     92  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     93  *
     94  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     95  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     96  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     97  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     98  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     99  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    100  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    101  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    102  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    103  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    104  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    105  * OF THE POSSIBILITY OF SUCH DAMAGE.
    106  * ====================================================================
    107  *
    108  * This product includes cryptographic software written by Eric Young
    109  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    110  * Hudson (tjh (at) cryptsoft.com).
    111  *
    112  */
    113 /* ====================================================================
    114  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    115  * ECC cipher suite support in OpenSSL originally developed by
    116  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    117  */
    118 /* ====================================================================
    119  * Copyright 2005 Nokia. All rights reserved.
    120  *
    121  * The portions of the attached software ("Contribution") is developed by
    122  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    123  * license.
    124  *
    125  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    126  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    127  * support (see RFC 4279) to OpenSSL.
    128  *
    129  * No patent licenses or other rights except those expressly stated in
    130  * the OpenSSL open source license shall be deemed granted or received
    131  * expressly, by implication, estoppel, or otherwise.
    132  *
    133  * No assurances are provided by Nokia that the Contribution does not
    134  * infringe the patent or other intellectual property rights of any third
    135  * party or that the license provides you with all the necessary rights
    136  * to make use of the Contribution.
    137  *
    138  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    139  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    140  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    141  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    142  * OTHERWISE.
    143  */
    144 
    145 #ifdef REF_CHECK
    146 #  include <assert.h>
    147 #endif
    148 #include <stdio.h>
    149 #include "ssl_locl.h"
    150 #include "kssl_lcl.h"
    151 #include <openssl/objects.h>
    152 #include <openssl/lhash.h>
    153 #include <openssl/x509v3.h>
    154 #include <openssl/rand.h>
    155 #include <openssl/ocsp.h>
    156 #ifndef OPENSSL_NO_DH
    157 #include <openssl/dh.h>
    158 #endif
    159 #ifndef OPENSSL_NO_ENGINE
    160 #include <openssl/engine.h>
    161 #endif
    162 
    163 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
    164 
    165 SSL3_ENC_METHOD ssl3_undef_enc_method={
    166 	/* evil casts, but these functions are only called if there's a library bug */
    167 	(int (*)(SSL *,int))ssl_undefined_function,
    168 	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
    169 	ssl_undefined_function,
    170 	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
    171 	(int (*)(SSL*, int))ssl_undefined_function,
    172 	(int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
    173 	0,	/* finish_mac_length */
    174 	(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
    175 	NULL,	/* client_finished_label */
    176 	0,	/* client_finished_label_len */
    177 	NULL,	/* server_finished_label */
    178 	0,	/* server_finished_label_len */
    179 	(int (*)(int))ssl_undefined_function,
    180 	(int (*)(SSL *, unsigned char *, size_t, const char *,
    181 		 size_t, const unsigned char *, size_t,
    182 		 int use_context)) ssl_undefined_function,
    183 	};
    184 
    185 int SSL_clear(SSL *s)
    186 	{
    187 
    188 	if (s->method == NULL)
    189 		{
    190 		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
    191 		return(0);
    192 		}
    193 
    194 	if (ssl_clear_bad_session(s))
    195 		{
    196 		SSL_SESSION_free(s->session);
    197 		s->session=NULL;
    198 		}
    199 
    200 	s->error=0;
    201 	s->hit=0;
    202 	s->shutdown=0;
    203 
    204 #if 0 /* Disabled since version 1.10 of this file (early return not
    205        * needed because SSL_clear is not called when doing renegotiation) */
    206 	/* This is set if we are doing dynamic renegotiation so keep
    207 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
    208 	if (s->renegotiate) return(1);
    209 #else
    210 	if (s->renegotiate)
    211 		{
    212 		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
    213 		return 0;
    214 		}
    215 #endif
    216 
    217 	s->type=0;
    218 
    219 	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
    220 
    221 	s->version=s->method->version;
    222 	s->client_version=s->version;
    223 	s->rwstate=SSL_NOTHING;
    224 	s->rstate=SSL_ST_READ_HEADER;
    225 #if 0
    226 	s->read_ahead=s->ctx->read_ahead;
    227 #endif
    228 
    229 	if (s->init_buf != NULL)
    230 		{
    231 		BUF_MEM_free(s->init_buf);
    232 		s->init_buf=NULL;
    233 		}
    234 
    235 	ssl_clear_cipher_ctx(s);
    236 	ssl_clear_hash_ctx(&s->read_hash);
    237 	ssl_clear_hash_ctx(&s->write_hash);
    238 
    239 	s->first_packet=0;
    240 
    241 #if 1
    242 	/* Check to see if we were changed into a different method, if
    243 	 * so, revert back if we are not doing session-id reuse. */
    244 	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
    245 		{
    246 		s->method->ssl_free(s);
    247 		s->method=s->ctx->method;
    248 		if (!s->method->ssl_new(s))
    249 			return(0);
    250 		}
    251 	else
    252 #endif
    253 		s->method->ssl_clear(s);
    254 	return(1);
    255 	}
    256 
    257 /** Used to change an SSL_CTXs default SSL method type */
    258 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
    259 	{
    260 	STACK_OF(SSL_CIPHER) *sk;
    261 
    262 	ctx->method=meth;
    263 
    264 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
    265 		&(ctx->cipher_list_by_id),
    266 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
    267 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
    268 		{
    269 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
    270 		return(0);
    271 		}
    272 	return(1);
    273 	}
    274 
    275 SSL *SSL_new(SSL_CTX *ctx)
    276 	{
    277 	SSL *s;
    278 
    279 	if (ctx == NULL)
    280 		{
    281 		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
    282 		return(NULL);
    283 		}
    284 	if (ctx->method == NULL)
    285 		{
    286 		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
    287 		return(NULL);
    288 		}
    289 
    290 	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
    291 	if (s == NULL) goto err;
    292 	memset(s,0,sizeof(SSL));
    293 
    294 #ifndef	OPENSSL_NO_KRB5
    295 	s->kssl_ctx = kssl_ctx_new();
    296 #endif	/* OPENSSL_NO_KRB5 */
    297 
    298 	s->options=ctx->options;
    299 	s->mode=ctx->mode;
    300 	s->max_cert_list=ctx->max_cert_list;
    301 
    302 	if (ctx->cert != NULL)
    303 		{
    304 		/* Earlier library versions used to copy the pointer to
    305 		 * the CERT, not its contents; only when setting new
    306 		 * parameters for the per-SSL copy, ssl_cert_new would be
    307 		 * called (and the direct reference to the per-SSL_CTX
    308 		 * settings would be lost, but those still were indirectly
    309 		 * accessed for various purposes, and for that reason they
    310 		 * used to be known as s->ctx->default_cert).
    311 		 * Now we don't look at the SSL_CTX's CERT after having
    312 		 * duplicated it once. */
    313 
    314 		s->cert = ssl_cert_dup(ctx->cert);
    315 		if (s->cert == NULL)
    316 			goto err;
    317 		}
    318 	else
    319 		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
    320 
    321 	s->read_ahead=ctx->read_ahead;
    322 	s->msg_callback=ctx->msg_callback;
    323 	s->msg_callback_arg=ctx->msg_callback_arg;
    324 	s->verify_mode=ctx->verify_mode;
    325 #if 0
    326 	s->verify_depth=ctx->verify_depth;
    327 #endif
    328 	s->sid_ctx_length=ctx->sid_ctx_length;
    329 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
    330 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
    331 	s->verify_callback=ctx->default_verify_callback;
    332 	s->session_creation_enabled=1;
    333 	s->generate_session_id=ctx->generate_session_id;
    334 
    335 	s->param = X509_VERIFY_PARAM_new();
    336 	if (!s->param)
    337 		goto err;
    338 	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
    339 #if 0
    340 	s->purpose = ctx->purpose;
    341 	s->trust = ctx->trust;
    342 #endif
    343 	s->quiet_shutdown=ctx->quiet_shutdown;
    344 	s->max_send_fragment = ctx->max_send_fragment;
    345 
    346 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
    347 	s->ctx=ctx;
    348 #ifndef OPENSSL_NO_TLSEXT
    349 	s->tlsext_debug_cb = 0;
    350 	s->tlsext_debug_arg = NULL;
    351 	s->tlsext_ticket_expected = 0;
    352 	s->tlsext_status_type = -1;
    353 	s->tlsext_status_expected = 0;
    354 	s->tlsext_ocsp_ids = NULL;
    355 	s->tlsext_ocsp_exts = NULL;
    356 	s->tlsext_ocsp_resp = NULL;
    357 	s->tlsext_ocsp_resplen = -1;
    358 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
    359 	s->initial_ctx=ctx;
    360 # ifndef OPENSSL_NO_NEXTPROTONEG
    361 	s->next_proto_negotiated = NULL;
    362 # endif
    363 #endif
    364 
    365 	s->verify_result=X509_V_OK;
    366 
    367 	s->method=ctx->method;
    368 
    369 	if (!s->method->ssl_new(s))
    370 		goto err;
    371 
    372 	s->references=1;
    373 	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
    374 
    375 	SSL_clear(s);
    376 
    377 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
    378 
    379 #ifndef OPENSSL_NO_PSK
    380 	s->psk_client_callback=ctx->psk_client_callback;
    381 	s->psk_server_callback=ctx->psk_server_callback;
    382 #endif
    383 
    384 	return(s);
    385 err:
    386 	if (s != NULL)
    387 		{
    388 		if (s->cert != NULL)
    389 			ssl_cert_free(s->cert);
    390 		if (s->ctx != NULL)
    391 			SSL_CTX_free(s->ctx); /* decrement reference count */
    392 		OPENSSL_free(s);
    393 		}
    394 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
    395 	return(NULL);
    396 	}
    397 
    398 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
    399 				   unsigned int sid_ctx_len)
    400     {
    401     if(sid_ctx_len > sizeof ctx->sid_ctx)
    402 	{
    403 	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    404 	return 0;
    405 	}
    406     ctx->sid_ctx_length=sid_ctx_len;
    407     memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
    408 
    409     return 1;
    410     }
    411 
    412 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
    413 			       unsigned int sid_ctx_len)
    414     {
    415     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
    416 	{
    417 	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
    418 	return 0;
    419 	}
    420     ssl->sid_ctx_length=sid_ctx_len;
    421     memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
    422 
    423     return 1;
    424     }
    425 
    426 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
    427 	{
    428 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
    429 	ctx->generate_session_id = cb;
    430 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
    431 	return 1;
    432 	}
    433 
    434 int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
    435 	{
    436 	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
    437 	ssl->generate_session_id = cb;
    438 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
    439 	return 1;
    440 	}
    441 
    442 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
    443 				unsigned int id_len)
    444 	{
    445 	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
    446 	 * we can "construct" a session to give us the desired check - ie. to
    447 	 * find if there's a session in the hash table that would conflict with
    448 	 * any new session built out of this id/id_len and the ssl_version in
    449 	 * use by this SSL. */
    450 	SSL_SESSION r, *p;
    451 
    452 	if(id_len > sizeof r.session_id)
    453 		return 0;
    454 
    455 	r.ssl_version = ssl->version;
    456 	r.session_id_length = id_len;
    457 	memcpy(r.session_id, id, id_len);
    458 	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
    459 	 * callback is calling us to check the uniqueness of a shorter ID, it
    460 	 * must be compared as a padded-out ID because that is what it will be
    461 	 * converted to when the callback has finished choosing it. */
    462 	if((r.ssl_version == SSL2_VERSION) &&
    463 			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
    464 		{
    465 		memset(r.session_id + id_len, 0,
    466 			SSL2_SSL_SESSION_ID_LENGTH - id_len);
    467 		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
    468 		}
    469 
    470 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
    471 	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
    472 	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
    473 	return (p != NULL);
    474 	}
    475 
    476 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
    477 	{
    478 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    479 	}
    480 
    481 int SSL_set_purpose(SSL *s, int purpose)
    482 	{
    483 	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
    484 	}
    485 
    486 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
    487 	{
    488 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
    489 	}
    490 
    491 int SSL_set_trust(SSL *s, int trust)
    492 	{
    493 	return X509_VERIFY_PARAM_set_trust(s->param, trust);
    494 	}
    495 
    496 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
    497 	{
    498 	return X509_VERIFY_PARAM_set1(ctx->param, vpm);
    499 	}
    500 
    501 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
    502 	{
    503 	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
    504 	}
    505 
    506 void SSL_free(SSL *s)
    507 	{
    508 	int i;
    509 
    510 	if(s == NULL)
    511 	    return;
    512 
    513 	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
    514 #ifdef REF_PRINT
    515 	REF_PRINT("SSL",s);
    516 #endif
    517 	if (i > 0) return;
    518 #ifdef REF_CHECK
    519 	if (i < 0)
    520 		{
    521 		fprintf(stderr,"SSL_free, bad reference count\n");
    522 		abort(); /* ok */
    523 		}
    524 #endif
    525 
    526 	if (s->param)
    527 		X509_VERIFY_PARAM_free(s->param);
    528 
    529 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
    530 
    531 	if (s->bbio != NULL)
    532 		{
    533 		/* If the buffering BIO is in place, pop it off */
    534 		if (s->bbio == s->wbio)
    535 			{
    536 			s->wbio=BIO_pop(s->wbio);
    537 			}
    538 		BIO_free(s->bbio);
    539 		s->bbio=NULL;
    540 		}
    541 	if (s->rbio != NULL)
    542 		BIO_free_all(s->rbio);
    543 	if ((s->wbio != NULL) && (s->wbio != s->rbio))
    544 		BIO_free_all(s->wbio);
    545 
    546 	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
    547 
    548 	/* add extra stuff */
    549 	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
    550 	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
    551 
    552 	/* Make the next call work :-) */
    553 	if (s->session != NULL)
    554 		{
    555 		ssl_clear_bad_session(s);
    556 		SSL_SESSION_free(s->session);
    557 		}
    558 
    559 	ssl_clear_cipher_ctx(s);
    560 	ssl_clear_hash_ctx(&s->read_hash);
    561 	ssl_clear_hash_ctx(&s->write_hash);
    562 
    563 	if (s->cert != NULL) ssl_cert_free(s->cert);
    564 	/* Free up if allocated */
    565 
    566 #ifndef OPENSSL_NO_TLSEXT
    567 	if (s->tlsext_hostname)
    568 		OPENSSL_free(s->tlsext_hostname);
    569 	if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
    570 #ifndef OPENSSL_NO_EC
    571 	if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
    572 	if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
    573 #endif /* OPENSSL_NO_EC */
    574 	if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
    575 	if (s->tlsext_ocsp_exts)
    576 		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
    577 						X509_EXTENSION_free);
    578 	if (s->tlsext_ocsp_ids)
    579 		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
    580 	if (s->tlsext_ocsp_resp)
    581 		OPENSSL_free(s->tlsext_ocsp_resp);
    582 #endif
    583 
    584 	if (s->client_CA != NULL)
    585 		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
    586 
    587 	if (s->method != NULL) s->method->ssl_free(s);
    588 
    589 	if (s->ctx) SSL_CTX_free(s->ctx);
    590 
    591 #ifndef	OPENSSL_NO_KRB5
    592 	if (s->kssl_ctx != NULL)
    593 		kssl_ctx_free(s->kssl_ctx);
    594 #endif	/* OPENSSL_NO_KRB5 */
    595 
    596 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    597 	if (s->next_proto_negotiated)
    598 		OPENSSL_free(s->next_proto_negotiated);
    599 #endif
    600 
    601         if (s->srtp_profiles)
    602             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
    603 
    604 	OPENSSL_free(s);
    605 	}
    606 
    607 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
    608 	{
    609 	/* If the output buffering BIO is still in place, remove it
    610 	 */
    611 	if (s->bbio != NULL)
    612 		{
    613 		if (s->wbio == s->bbio)
    614 			{
    615 			s->wbio=s->wbio->next_bio;
    616 			s->bbio->next_bio=NULL;
    617 			}
    618 		}
    619 	if ((s->rbio != NULL) && (s->rbio != rbio))
    620 		BIO_free_all(s->rbio);
    621 	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
    622 		BIO_free_all(s->wbio);
    623 	s->rbio=rbio;
    624 	s->wbio=wbio;
    625 	}
    626 
    627 BIO *SSL_get_rbio(const SSL *s)
    628 	{ return(s->rbio); }
    629 
    630 BIO *SSL_get_wbio(const SSL *s)
    631 	{ return(s->wbio); }
    632 
    633 int SSL_get_fd(const SSL *s)
    634 	{
    635 	return(SSL_get_rfd(s));
    636 	}
    637 
    638 int SSL_get_rfd(const SSL *s)
    639 	{
    640 	int ret= -1;
    641 	BIO *b,*r;
    642 
    643 	b=SSL_get_rbio(s);
    644 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
    645 	if (r != NULL)
    646 		BIO_get_fd(r,&ret);
    647 	return(ret);
    648 	}
    649 
    650 int SSL_get_wfd(const SSL *s)
    651 	{
    652 	int ret= -1;
    653 	BIO *b,*r;
    654 
    655 	b=SSL_get_wbio(s);
    656 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
    657 	if (r != NULL)
    658 		BIO_get_fd(r,&ret);
    659 	return(ret);
    660 	}
    661 
    662 #ifndef OPENSSL_NO_SOCK
    663 int SSL_set_fd(SSL *s,int fd)
    664 	{
    665 	int ret=0;
    666 	BIO *bio=NULL;
    667 
    668 	bio=BIO_new(BIO_s_socket());
    669 
    670 	if (bio == NULL)
    671 		{
    672 		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
    673 		goto err;
    674 		}
    675 	BIO_set_fd(bio,fd,BIO_NOCLOSE);
    676 	SSL_set_bio(s,bio,bio);
    677 	ret=1;
    678 err:
    679 	return(ret);
    680 	}
    681 
    682 int SSL_set_wfd(SSL *s,int fd)
    683 	{
    684 	int ret=0;
    685 	BIO *bio=NULL;
    686 
    687 	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
    688 		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
    689 		{
    690 		bio=BIO_new(BIO_s_socket());
    691 
    692 		if (bio == NULL)
    693 			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
    694 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
    695 		SSL_set_bio(s,SSL_get_rbio(s),bio);
    696 		}
    697 	else
    698 		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
    699 	ret=1;
    700 err:
    701 	return(ret);
    702 	}
    703 
    704 int SSL_set_rfd(SSL *s,int fd)
    705 	{
    706 	int ret=0;
    707 	BIO *bio=NULL;
    708 
    709 	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
    710 		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
    711 		{
    712 		bio=BIO_new(BIO_s_socket());
    713 
    714 		if (bio == NULL)
    715 			{
    716 			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
    717 			goto err;
    718 			}
    719 		BIO_set_fd(bio,fd,BIO_NOCLOSE);
    720 		SSL_set_bio(s,bio,SSL_get_wbio(s));
    721 		}
    722 	else
    723 		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
    724 	ret=1;
    725 err:
    726 	return(ret);
    727 	}
    728 #endif
    729 
    730 
    731 /* return length of latest Finished message we sent, copy to 'buf' */
    732 size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
    733 	{
    734 	size_t ret = 0;
    735 
    736 	if (s->s3 != NULL)
    737 		{
    738 		ret = s->s3->tmp.finish_md_len;
    739 		if (count > ret)
    740 			count = ret;
    741 		memcpy(buf, s->s3->tmp.finish_md, count);
    742 		}
    743 	return ret;
    744 	}
    745 
    746 /* return length of latest Finished message we expected, copy to 'buf' */
    747 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
    748 	{
    749 	size_t ret = 0;
    750 
    751 	if (s->s3 != NULL)
    752 		{
    753 		ret = s->s3->tmp.peer_finish_md_len;
    754 		if (count > ret)
    755 			count = ret;
    756 		memcpy(buf, s->s3->tmp.peer_finish_md, count);
    757 		}
    758 	return ret;
    759 	}
    760 
    761 
    762 int SSL_get_verify_mode(const SSL *s)
    763 	{
    764 	return(s->verify_mode);
    765 	}
    766 
    767 int SSL_get_verify_depth(const SSL *s)
    768 	{
    769 	return X509_VERIFY_PARAM_get_depth(s->param);
    770 	}
    771 
    772 int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
    773 	{
    774 	return(s->verify_callback);
    775 	}
    776 
    777 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
    778 	{
    779 	return(ctx->verify_mode);
    780 	}
    781 
    782 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
    783 	{
    784 	return X509_VERIFY_PARAM_get_depth(ctx->param);
    785 	}
    786 
    787 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
    788 	{
    789 	return(ctx->default_verify_callback);
    790 	}
    791 
    792 void SSL_set_verify(SSL *s,int mode,
    793 		    int (*callback)(int ok,X509_STORE_CTX *ctx))
    794 	{
    795 	s->verify_mode=mode;
    796 	if (callback != NULL)
    797 		s->verify_callback=callback;
    798 	}
    799 
    800 void SSL_set_verify_depth(SSL *s,int depth)
    801 	{
    802 	X509_VERIFY_PARAM_set_depth(s->param, depth);
    803 	}
    804 
    805 void SSL_set_read_ahead(SSL *s,int yes)
    806 	{
    807 	s->read_ahead=yes;
    808 	}
    809 
    810 int SSL_get_read_ahead(const SSL *s)
    811 	{
    812 	return(s->read_ahead);
    813 	}
    814 
    815 int SSL_pending(const SSL *s)
    816 	{
    817 	/* SSL_pending cannot work properly if read-ahead is enabled
    818 	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
    819 	 * and it is impossible to fix since SSL_pending cannot report
    820 	 * errors that may be observed while scanning the new data.
    821 	 * (Note that SSL_pending() is often used as a boolean value,
    822 	 * so we'd better not return -1.)
    823 	 */
    824 	return(s->method->ssl_pending(s));
    825 	}
    826 
    827 X509 *SSL_get_peer_certificate(const SSL *s)
    828 	{
    829 	X509 *r;
    830 
    831 	if ((s == NULL) || (s->session == NULL))
    832 		r=NULL;
    833 	else
    834 		r=s->session->peer;
    835 
    836 	if (r == NULL) return(r);
    837 
    838 	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
    839 
    840 	return(r);
    841 	}
    842 
    843 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
    844 	{
    845 	STACK_OF(X509) *r;
    846 
    847 	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
    848 		r=NULL;
    849 	else
    850 		r=s->session->sess_cert->cert_chain;
    851 
    852 	/* If we are a client, cert_chain includes the peer's own
    853 	 * certificate; if we are a server, it does not. */
    854 
    855 	return(r);
    856 	}
    857 
    858 /* Now in theory, since the calling process own 't' it should be safe to
    859  * modify.  We need to be able to read f without being hassled */
    860 void SSL_copy_session_id(SSL *t,const SSL *f)
    861 	{
    862 	CERT *tmp;
    863 
    864 	/* Do we need to to SSL locking? */
    865 	SSL_set_session(t,SSL_get_session(f));
    866 
    867 	/* what if we are setup as SSLv2 but want to talk SSLv3 or
    868 	 * vice-versa */
    869 	if (t->method != f->method)
    870 		{
    871 		t->method->ssl_free(t);	/* cleanup current */
    872 		t->method=f->method;	/* change method */
    873 		t->method->ssl_new(t);	/* setup new */
    874 		}
    875 
    876 	tmp=t->cert;
    877 	if (f->cert != NULL)
    878 		{
    879 		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
    880 		t->cert=f->cert;
    881 		}
    882 	else
    883 		t->cert=NULL;
    884 	if (tmp != NULL) ssl_cert_free(tmp);
    885 	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
    886 	}
    887 
    888 /* Fix this so it checks all the valid key/cert options */
    889 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
    890 	{
    891 	if (	(ctx == NULL) ||
    892 		(ctx->cert == NULL) ||
    893 		(ctx->cert->key->x509 == NULL))
    894 		{
    895 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    896 		return(0);
    897 		}
    898 	if 	(ctx->cert->key->privatekey == NULL)
    899 		{
    900 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    901 		return(0);
    902 		}
    903 	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
    904 	}
    905 
    906 /* Fix this function so that it takes an optional type parameter */
    907 int SSL_check_private_key(const SSL *ssl)
    908 	{
    909 	if (ssl == NULL)
    910 		{
    911 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
    912 		return(0);
    913 		}
    914 	if (ssl->cert == NULL)
    915 		{
    916 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    917 		return 0;
    918 		}
    919 	if (ssl->cert->key->x509 == NULL)
    920 		{
    921 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
    922 		return(0);
    923 		}
    924 	if (ssl->cert->key->privatekey == NULL)
    925 		{
    926 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
    927 		return(0);
    928 		}
    929 	return(X509_check_private_key(ssl->cert->key->x509,
    930 		ssl->cert->key->privatekey));
    931 	}
    932 
    933 int SSL_accept(SSL *s)
    934 	{
    935 	if (s->handshake_func == 0)
    936 		/* Not properly initialized yet */
    937 		SSL_set_accept_state(s);
    938 
    939 	return(s->method->ssl_accept(s));
    940 	}
    941 
    942 int SSL_connect(SSL *s)
    943 	{
    944 	if (s->handshake_func == 0)
    945 		/* Not properly initialized yet */
    946 		SSL_set_connect_state(s);
    947 
    948 	return(s->method->ssl_connect(s));
    949 	}
    950 
    951 long SSL_get_default_timeout(const SSL *s)
    952 	{
    953 	return(s->method->get_timeout());
    954 	}
    955 
    956 int SSL_read(SSL *s,void *buf,int num)
    957 	{
    958 	if (s->handshake_func == 0)
    959 		{
    960 		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
    961 		return -1;
    962 		}
    963 
    964 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
    965 		{
    966 		s->rwstate=SSL_NOTHING;
    967 		return(0);
    968 		}
    969 	return(s->method->ssl_read(s,buf,num));
    970 	}
    971 
    972 int SSL_peek(SSL *s,void *buf,int num)
    973 	{
    974 	if (s->handshake_func == 0)
    975 		{
    976 		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
    977 		return -1;
    978 		}
    979 
    980 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
    981 		{
    982 		return(0);
    983 		}
    984 	return(s->method->ssl_peek(s,buf,num));
    985 	}
    986 
    987 int SSL_write(SSL *s,const void *buf,int num)
    988 	{
    989 	if (s->handshake_func == 0)
    990 		{
    991 		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
    992 		return -1;
    993 		}
    994 
    995 	if (s->shutdown & SSL_SENT_SHUTDOWN)
    996 		{
    997 		s->rwstate=SSL_NOTHING;
    998 		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
    999 		return(-1);
   1000 		}
   1001 	return(s->method->ssl_write(s,buf,num));
   1002 	}
   1003 
   1004 int SSL_shutdown(SSL *s)
   1005 	{
   1006 	/* Note that this function behaves differently from what one might
   1007 	 * expect.  Return values are 0 for no success (yet),
   1008 	 * 1 for success; but calling it once is usually not enough,
   1009 	 * even if blocking I/O is used (see ssl3_shutdown).
   1010 	 */
   1011 
   1012 	if (s->handshake_func == 0)
   1013 		{
   1014 		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
   1015 		return -1;
   1016 		}
   1017 
   1018 	if ((s != NULL) && !SSL_in_init(s))
   1019 		return(s->method->ssl_shutdown(s));
   1020 	else
   1021 		return(1);
   1022 	}
   1023 
   1024 int SSL_renegotiate(SSL *s)
   1025 	{
   1026 	if (s->renegotiate == 0)
   1027 		s->renegotiate=1;
   1028 
   1029 	s->new_session=1;
   1030 
   1031 	return(s->method->ssl_renegotiate(s));
   1032 	}
   1033 
   1034 int SSL_renegotiate_abbreviated(SSL *s)
   1035 	{
   1036 	if (s->renegotiate == 0)
   1037 		s->renegotiate=1;
   1038 
   1039 	s->new_session=0;
   1040 
   1041 	return(s->method->ssl_renegotiate(s));
   1042 	}
   1043 
   1044 int SSL_renegotiate_pending(SSL *s)
   1045 	{
   1046 	/* becomes true when negotiation is requested;
   1047 	 * false again once a handshake has finished */
   1048 	return (s->renegotiate != 0);
   1049 	}
   1050 
   1051 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
   1052 	{
   1053 	long l;
   1054 
   1055 	switch (cmd)
   1056 		{
   1057 	case SSL_CTRL_GET_READ_AHEAD:
   1058 		return(s->read_ahead);
   1059 	case SSL_CTRL_SET_READ_AHEAD:
   1060 		l=s->read_ahead;
   1061 		s->read_ahead=larg;
   1062 		return(l);
   1063 
   1064 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
   1065 		s->msg_callback_arg = parg;
   1066 		return 1;
   1067 
   1068 	case SSL_CTRL_OPTIONS:
   1069 		return(s->options|=larg);
   1070 	case SSL_CTRL_CLEAR_OPTIONS:
   1071 		return(s->options&=~larg);
   1072 	case SSL_CTRL_MODE:
   1073 		return(s->mode|=larg);
   1074 	case SSL_CTRL_CLEAR_MODE:
   1075 		return(s->mode &=~larg);
   1076 	case SSL_CTRL_GET_MAX_CERT_LIST:
   1077 		return(s->max_cert_list);
   1078 	case SSL_CTRL_SET_MAX_CERT_LIST:
   1079 		l=s->max_cert_list;
   1080 		s->max_cert_list=larg;
   1081 		return(l);
   1082 	case SSL_CTRL_SET_MTU:
   1083 #ifndef OPENSSL_NO_DTLS1
   1084 		if (larg < (long)dtls1_min_mtu())
   1085 			return 0;
   1086 #endif
   1087 
   1088 		if (SSL_version(s) == DTLS1_VERSION ||
   1089 		    SSL_version(s) == DTLS1_BAD_VER)
   1090 			{
   1091 			s->d1->mtu = larg;
   1092 			return larg;
   1093 			}
   1094 		return 0;
   1095 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
   1096 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
   1097 			return 0;
   1098 		s->max_send_fragment = larg;
   1099 		return 1;
   1100 	case SSL_CTRL_GET_RI_SUPPORT:
   1101 		if (s->s3)
   1102 			return s->s3->send_connection_binding;
   1103 		else return 0;
   1104 	default:
   1105 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
   1106 		}
   1107 	}
   1108 
   1109 long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
   1110 	{
   1111 	switch(cmd)
   1112 		{
   1113 	case SSL_CTRL_SET_MSG_CALLBACK:
   1114 		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
   1115 		return 1;
   1116 
   1117 	default:
   1118 		return(s->method->ssl_callback_ctrl(s,cmd,fp));
   1119 		}
   1120 	}
   1121 
   1122 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
   1123 	{
   1124 	return ctx->sessions;
   1125 	}
   1126 
   1127 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
   1128 	{
   1129 	long l;
   1130 
   1131 	switch (cmd)
   1132 		{
   1133 	case SSL_CTRL_GET_READ_AHEAD:
   1134 		return(ctx->read_ahead);
   1135 	case SSL_CTRL_SET_READ_AHEAD:
   1136 		l=ctx->read_ahead;
   1137 		ctx->read_ahead=larg;
   1138 		return(l);
   1139 
   1140 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
   1141 		ctx->msg_callback_arg = parg;
   1142 		return 1;
   1143 
   1144 	case SSL_CTRL_GET_MAX_CERT_LIST:
   1145 		return(ctx->max_cert_list);
   1146 	case SSL_CTRL_SET_MAX_CERT_LIST:
   1147 		l=ctx->max_cert_list;
   1148 		ctx->max_cert_list=larg;
   1149 		return(l);
   1150 
   1151 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
   1152 		l=ctx->session_cache_size;
   1153 		ctx->session_cache_size=larg;
   1154 		return(l);
   1155 	case SSL_CTRL_GET_SESS_CACHE_SIZE:
   1156 		return(ctx->session_cache_size);
   1157 	case SSL_CTRL_SET_SESS_CACHE_MODE:
   1158 		l=ctx->session_cache_mode;
   1159 		ctx->session_cache_mode=larg;
   1160 		return(l);
   1161 	case SSL_CTRL_GET_SESS_CACHE_MODE:
   1162 		return(ctx->session_cache_mode);
   1163 
   1164 	case SSL_CTRL_SESS_NUMBER:
   1165 		return(lh_SSL_SESSION_num_items(ctx->sessions));
   1166 	case SSL_CTRL_SESS_CONNECT:
   1167 		return(ctx->stats.sess_connect);
   1168 	case SSL_CTRL_SESS_CONNECT_GOOD:
   1169 		return(ctx->stats.sess_connect_good);
   1170 	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
   1171 		return(ctx->stats.sess_connect_renegotiate);
   1172 	case SSL_CTRL_SESS_ACCEPT:
   1173 		return(ctx->stats.sess_accept);
   1174 	case SSL_CTRL_SESS_ACCEPT_GOOD:
   1175 		return(ctx->stats.sess_accept_good);
   1176 	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
   1177 		return(ctx->stats.sess_accept_renegotiate);
   1178 	case SSL_CTRL_SESS_HIT:
   1179 		return(ctx->stats.sess_hit);
   1180 	case SSL_CTRL_SESS_CB_HIT:
   1181 		return(ctx->stats.sess_cb_hit);
   1182 	case SSL_CTRL_SESS_MISSES:
   1183 		return(ctx->stats.sess_miss);
   1184 	case SSL_CTRL_SESS_TIMEOUTS:
   1185 		return(ctx->stats.sess_timeout);
   1186 	case SSL_CTRL_SESS_CACHE_FULL:
   1187 		return(ctx->stats.sess_cache_full);
   1188 	case SSL_CTRL_OPTIONS:
   1189 		return(ctx->options|=larg);
   1190 	case SSL_CTRL_CLEAR_OPTIONS:
   1191 		return(ctx->options&=~larg);
   1192 	case SSL_CTRL_MODE:
   1193 		return(ctx->mode|=larg);
   1194 	case SSL_CTRL_CLEAR_MODE:
   1195 		return(ctx->mode&=~larg);
   1196 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
   1197 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
   1198 			return 0;
   1199 		ctx->max_send_fragment = larg;
   1200 		return 1;
   1201 	default:
   1202 		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
   1203 		}
   1204 	}
   1205 
   1206 long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
   1207 	{
   1208 	switch(cmd)
   1209 		{
   1210 	case SSL_CTRL_SET_MSG_CALLBACK:
   1211 		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
   1212 		return 1;
   1213 
   1214 	default:
   1215 		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
   1216 		}
   1217 	}
   1218 
   1219 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
   1220 	{
   1221 	long l;
   1222 
   1223 	l=a->id-b->id;
   1224 	if (l == 0L)
   1225 		return(0);
   1226 	else
   1227 		return((l > 0)?1:-1);
   1228 	}
   1229 
   1230 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
   1231 			const SSL_CIPHER * const *bp)
   1232 	{
   1233 	long l;
   1234 
   1235 	l=(*ap)->id-(*bp)->id;
   1236 	if (l == 0L)
   1237 		return(0);
   1238 	else
   1239 		return((l > 0)?1:-1);
   1240 	}
   1241 
   1242 /** return a STACK of the ciphers available for the SSL and in order of
   1243  * preference */
   1244 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
   1245 	{
   1246 	if (s != NULL)
   1247 		{
   1248 		if (s->cipher_list != NULL)
   1249 			{
   1250 			return(s->cipher_list);
   1251 			}
   1252 		else if ((s->ctx != NULL) &&
   1253 			(s->ctx->cipher_list != NULL))
   1254 			{
   1255 			return(s->ctx->cipher_list);
   1256 			}
   1257 		}
   1258 	return(NULL);
   1259 	}
   1260 
   1261 /** return a STACK of the ciphers available for the SSL and in order of
   1262  * algorithm id */
   1263 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
   1264 	{
   1265 	if (s != NULL)
   1266 		{
   1267 		if (s->cipher_list_by_id != NULL)
   1268 			{
   1269 			return(s->cipher_list_by_id);
   1270 			}
   1271 		else if ((s->ctx != NULL) &&
   1272 			(s->ctx->cipher_list_by_id != NULL))
   1273 			{
   1274 			return(s->ctx->cipher_list_by_id);
   1275 			}
   1276 		}
   1277 	return(NULL);
   1278 	}
   1279 
   1280 /** The old interface to get the same thing as SSL_get_ciphers() */
   1281 const char *SSL_get_cipher_list(const SSL *s,int n)
   1282 	{
   1283 	SSL_CIPHER *c;
   1284 	STACK_OF(SSL_CIPHER) *sk;
   1285 
   1286 	if (s == NULL) return(NULL);
   1287 	sk=SSL_get_ciphers(s);
   1288 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
   1289 		return(NULL);
   1290 	c=sk_SSL_CIPHER_value(sk,n);
   1291 	if (c == NULL) return(NULL);
   1292 	return(c->name);
   1293 	}
   1294 
   1295 /** specify the ciphers to be used by default by the SSL_CTX */
   1296 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
   1297 	{
   1298 	STACK_OF(SSL_CIPHER) *sk;
   1299 
   1300 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
   1301 		&ctx->cipher_list_by_id,str);
   1302 	/* ssl_create_cipher_list may return an empty stack if it
   1303 	 * was unable to find a cipher matching the given rule string
   1304 	 * (for example if the rule string specifies a cipher which
   1305 	 * has been disabled). This is not an error as far as
   1306 	 * ssl_create_cipher_list is concerned, and hence
   1307 	 * ctx->cipher_list and ctx->cipher_list_by_id has been
   1308 	 * updated. */
   1309 	if (sk == NULL)
   1310 		return 0;
   1311 	else if (sk_SSL_CIPHER_num(sk) == 0)
   1312 		{
   1313 		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
   1314 		return 0;
   1315 		}
   1316 	return 1;
   1317 	}
   1318 
   1319 /** specify the ciphers to be used by the SSL */
   1320 int SSL_set_cipher_list(SSL *s,const char *str)
   1321 	{
   1322 	STACK_OF(SSL_CIPHER) *sk;
   1323 
   1324 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
   1325 		&s->cipher_list_by_id,str);
   1326 	/* see comment in SSL_CTX_set_cipher_list */
   1327 	if (sk == NULL)
   1328 		return 0;
   1329 	else if (sk_SSL_CIPHER_num(sk) == 0)
   1330 		{
   1331 		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
   1332 		return 0;
   1333 		}
   1334 	return 1;
   1335 	}
   1336 
   1337 /** specify the ciphers to be used by the SSL */
   1338 int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
   1339 	{
   1340 	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
   1341 
   1342 	if (sk == NULL)
   1343 		return 0;
   1344 
   1345         /* Based on end of ssl_create_cipher_list */
   1346 	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
   1347 	if (tmp_cipher_list == NULL)
   1348 		{
   1349 		return 0;
   1350 		}
   1351 	if (s->cipher_list != NULL)
   1352 		sk_SSL_CIPHER_free(s->cipher_list);
   1353 	s->cipher_list = sk;
   1354 	if (s->cipher_list_by_id != NULL)
   1355 		sk_SSL_CIPHER_free(s->cipher_list_by_id);
   1356 	s->cipher_list_by_id = tmp_cipher_list;
   1357 	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
   1358 
   1359 	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
   1360 	return 1;
   1361 	}
   1362 
   1363 /* works well for SSLv2, not so good for SSLv3 */
   1364 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
   1365 	{
   1366 	char *p;
   1367 	STACK_OF(SSL_CIPHER) *sk;
   1368 	SSL_CIPHER *c;
   1369 	int i;
   1370 
   1371 	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
   1372 		(len < 2))
   1373 		return(NULL);
   1374 
   1375 	p=buf;
   1376 	sk=s->session->ciphers;
   1377 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
   1378 		{
   1379 		int n;
   1380 
   1381 		c=sk_SSL_CIPHER_value(sk,i);
   1382 		n=strlen(c->name);
   1383 		if (n+1 > len)
   1384 			{
   1385 			if (p != buf)
   1386 				--p;
   1387 			*p='\0';
   1388 			return buf;
   1389 			}
   1390 		strcpy(p,c->name);
   1391 		p+=n;
   1392 		*(p++)=':';
   1393 		len-=n+1;
   1394 		}
   1395 	p[-1]='\0';
   1396 	return(buf);
   1397 	}
   1398 
   1399 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
   1400 			     int (*put_cb)(const SSL_CIPHER *, unsigned char *))
   1401 	{
   1402 	int i,j=0;
   1403 	SSL_CIPHER *c;
   1404 	unsigned char *q;
   1405 #ifndef OPENSSL_NO_KRB5
   1406 	int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
   1407 #endif /* OPENSSL_NO_KRB5 */
   1408 
   1409 	if (sk == NULL) return(0);
   1410 	q=p;
   1411 
   1412 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
   1413 		{
   1414 		c=sk_SSL_CIPHER_value(sk,i);
   1415 		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
   1416 		if ((c->algorithm_ssl & SSL_TLSV1_2) &&
   1417 			(TLS1_get_client_version(s) < TLS1_2_VERSION))
   1418 			continue;
   1419 #ifndef OPENSSL_NO_KRB5
   1420 		if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
   1421 		    nokrb5)
   1422 		    continue;
   1423 #endif /* OPENSSL_NO_KRB5 */
   1424 #ifndef OPENSSL_NO_PSK
   1425 		/* with PSK there must be client callback set */
   1426 		if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
   1427 		    s->psk_client_callback == NULL)
   1428 			continue;
   1429 #endif /* OPENSSL_NO_PSK */
   1430 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
   1431 		p+=j;
   1432 		}
   1433 	/* If p == q, no ciphers and caller indicates an error. Otherwise
   1434 	 * add SCSV if not renegotiating.
   1435 	 */
   1436 	if (p != q && !s->renegotiate)
   1437 		{
   1438 		static SSL_CIPHER scsv =
   1439 			{
   1440 			0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
   1441 			};
   1442 		j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
   1443 		p+=j;
   1444 #ifdef OPENSSL_RI_DEBUG
   1445 		fprintf(stderr, "SCSV sent by client\n");
   1446 #endif
   1447 		}
   1448 
   1449 	return(p-q);
   1450 	}
   1451 
   1452 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
   1453 					       STACK_OF(SSL_CIPHER) **skp)
   1454 	{
   1455 	const SSL_CIPHER *c;
   1456 	STACK_OF(SSL_CIPHER) *sk;
   1457 	int i,n;
   1458 	if (s->s3)
   1459 		s->s3->send_connection_binding = 0;
   1460 
   1461 	n=ssl_put_cipher_by_char(s,NULL,NULL);
   1462 	if ((num%n) != 0)
   1463 		{
   1464 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
   1465 		return(NULL);
   1466 		}
   1467 	if ((skp == NULL) || (*skp == NULL))
   1468 		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
   1469 	else
   1470 		{
   1471 		sk= *skp;
   1472 		sk_SSL_CIPHER_zero(sk);
   1473 		}
   1474 
   1475 	for (i=0; i<num; i+=n)
   1476 		{
   1477 		/* Check for SCSV */
   1478 		if (s->s3 && (n != 3 || !p[0]) &&
   1479 			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
   1480 			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
   1481 			{
   1482 			/* SCSV fatal if renegotiating */
   1483 			if (s->renegotiate)
   1484 				{
   1485 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
   1486 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
   1487 				goto err;
   1488 				}
   1489 			s->s3->send_connection_binding = 1;
   1490 			p += n;
   1491 #ifdef OPENSSL_RI_DEBUG
   1492 			fprintf(stderr, "SCSV received by server\n");
   1493 #endif
   1494 			continue;
   1495 			}
   1496 
   1497 		c=ssl_get_cipher_by_char(s,p);
   1498 		p+=n;
   1499 		if (c != NULL)
   1500 			{
   1501 			if (!sk_SSL_CIPHER_push(sk,c))
   1502 				{
   1503 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1504 				goto err;
   1505 				}
   1506 			}
   1507 		}
   1508 
   1509 	if (skp != NULL)
   1510 		*skp=sk;
   1511 	return(sk);
   1512 err:
   1513 	if ((skp == NULL) || (*skp == NULL))
   1514 		sk_SSL_CIPHER_free(sk);
   1515 	return(NULL);
   1516 	}
   1517 
   1518 
   1519 #ifndef OPENSSL_NO_TLSEXT
   1520 /** return a servername extension value if provided in Client Hello, or NULL.
   1521  * So far, only host_name types are defined (RFC 3546).
   1522  */
   1523 
   1524 const char *SSL_get_servername(const SSL *s, const int type)
   1525 	{
   1526 	if (type != TLSEXT_NAMETYPE_host_name)
   1527 		return NULL;
   1528 
   1529 	return s->session && !s->tlsext_hostname ?
   1530 		s->session->tlsext_hostname :
   1531 		s->tlsext_hostname;
   1532 	}
   1533 
   1534 int SSL_get_servername_type(const SSL *s)
   1535 	{
   1536 	if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
   1537 		return TLSEXT_NAMETYPE_host_name;
   1538 	return -1;
   1539 	}
   1540 
   1541 # ifndef OPENSSL_NO_NEXTPROTONEG
   1542 /* SSL_select_next_proto implements the standard protocol selection. It is
   1543  * expected that this function is called from the callback set by
   1544  * SSL_CTX_set_next_proto_select_cb.
   1545  *
   1546  * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
   1547  * strings. The length byte itself is not included in the length. A byte
   1548  * string of length 0 is invalid. No byte string may be truncated.
   1549  *
   1550  * The current, but experimental algorithm for selecting the protocol is:
   1551  *
   1552  * 1) If the server doesn't support NPN then this is indicated to the
   1553  * callback. In this case, the client application has to abort the connection
   1554  * or have a default application level protocol.
   1555  *
   1556  * 2) If the server supports NPN, but advertises an empty list then the
   1557  * client selects the first protcol in its list, but indicates via the
   1558  * API that this fallback case was enacted.
   1559  *
   1560  * 3) Otherwise, the client finds the first protocol in the server's list
   1561  * that it supports and selects this protocol. This is because it's
   1562  * assumed that the server has better information about which protocol
   1563  * a client should use.
   1564  *
   1565  * 4) If the client doesn't support any of the server's advertised
   1566  * protocols, then this is treated the same as case 2.
   1567  *
   1568  * It returns either
   1569  * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
   1570  * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
   1571  */
   1572 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
   1573 	{
   1574 	unsigned int i, j;
   1575 	const unsigned char *result;
   1576 	int status = OPENSSL_NPN_UNSUPPORTED;
   1577 
   1578 	/* For each protocol in server preference order, see if we support it. */
   1579 	for (i = 0; i < server_len; )
   1580 		{
   1581 		for (j = 0; j < client_len; )
   1582 			{
   1583 			if (server[i] == client[j] &&
   1584 			    memcmp(&server[i+1], &client[j+1], server[i]) == 0)
   1585 				{
   1586 				/* We found a match */
   1587 				result = &server[i];
   1588 				status = OPENSSL_NPN_NEGOTIATED;
   1589 				goto found;
   1590 				}
   1591 			j += client[j];
   1592 			j++;
   1593 			}
   1594 		i += server[i];
   1595 		i++;
   1596 		}
   1597 
   1598 	/* There's no overlap between our protocols and the server's list. */
   1599 	result = client;
   1600 	status = OPENSSL_NPN_NO_OVERLAP;
   1601 
   1602 	found:
   1603 	*out = (unsigned char *) result + 1;
   1604 	*outlen = result[0];
   1605 	return status;
   1606 	}
   1607 
   1608 /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
   1609  * requested protocol for this connection and returns 0. If the client didn't
   1610  * request any protocol, then *data is set to NULL.
   1611  *
   1612  * Note that the client can request any protocol it chooses. The value returned
   1613  * from this function need not be a member of the list of supported protocols
   1614  * provided by the callback.
   1615  */
   1616 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
   1617 	{
   1618 	*data = s->next_proto_negotiated;
   1619 	if (!*data) {
   1620 		*len = 0;
   1621 	} else {
   1622 		*len = s->next_proto_negotiated_len;
   1623 	}
   1624 }
   1625 
   1626 /* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
   1627  * TLS server needs a list of supported protocols for Next Protocol
   1628  * Negotiation. The returned list must be in wire format.  The list is returned
   1629  * by setting |out| to point to it and |outlen| to its length. This memory will
   1630  * not be modified, but one should assume that the SSL* keeps a reference to
   1631  * it.
   1632  *
   1633  * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
   1634  * such extension will be included in the ServerHello. */
   1635 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
   1636 	{
   1637 	ctx->next_protos_advertised_cb = cb;
   1638 	ctx->next_protos_advertised_cb_arg = arg;
   1639 	}
   1640 
   1641 /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
   1642  * client needs to select a protocol from the server's provided list. |out|
   1643  * must be set to point to the selected protocol (which may be within |in|).
   1644  * The length of the protocol name must be written into |outlen|. The server's
   1645  * advertised protocols are provided in |in| and |inlen|. The callback can
   1646  * assume that |in| is syntactically valid.
   1647  *
   1648  * The client must select a protocol. It is fatal to the connection if this
   1649  * callback returns a value other than SSL_TLSEXT_ERR_OK.
   1650  */
   1651 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
   1652 	{
   1653 	ctx->next_proto_select_cb = cb;
   1654 	ctx->next_proto_select_cb_arg = arg;
   1655 	}
   1656 # endif
   1657 #endif
   1658 
   1659 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
   1660 	const char *label, size_t llen, const unsigned char *p, size_t plen,
   1661 	int use_context)
   1662 	{
   1663 	if (s->version < TLS1_VERSION)
   1664 		return -1;
   1665 
   1666 	return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
   1667 							   llen, p, plen,
   1668 							   use_context);
   1669 	}
   1670 
   1671 static unsigned long ssl_session_hash(const SSL_SESSION *a)
   1672 	{
   1673 	unsigned long l;
   1674 
   1675 	l=(unsigned long)
   1676 		((unsigned int) a->session_id[0]     )|
   1677 		((unsigned int) a->session_id[1]<< 8L)|
   1678 		((unsigned long)a->session_id[2]<<16L)|
   1679 		((unsigned long)a->session_id[3]<<24L);
   1680 	return(l);
   1681 	}
   1682 
   1683 /* NB: If this function (or indeed the hash function which uses a sort of
   1684  * coarser function than this one) is changed, ensure
   1685  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
   1686  * able to construct an SSL_SESSION that will collide with any existing session
   1687  * with a matching session ID. */
   1688 static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
   1689 	{
   1690 	if (a->ssl_version != b->ssl_version)
   1691 		return(1);
   1692 	if (a->session_id_length != b->session_id_length)
   1693 		return(1);
   1694 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
   1695 	}
   1696 
   1697 /* These wrapper functions should remain rather than redeclaring
   1698  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
   1699  * variable. The reason is that the functions aren't static, they're exposed via
   1700  * ssl.h. */
   1701 static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
   1702 static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
   1703 
   1704 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
   1705 	{
   1706 	SSL_CTX *ret=NULL;
   1707 
   1708 	if (meth == NULL)
   1709 		{
   1710 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
   1711 		return(NULL);
   1712 		}
   1713 
   1714 #ifdef OPENSSL_FIPS
   1715 	if (FIPS_mode() && (meth->version < TLS1_VERSION))
   1716 		{
   1717 		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
   1718 		return NULL;
   1719 		}
   1720 #endif
   1721 
   1722 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
   1723 		{
   1724 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
   1725 		goto err;
   1726 		}
   1727 	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
   1728 	if (ret == NULL)
   1729 		goto err;
   1730 
   1731 	memset(ret,0,sizeof(SSL_CTX));
   1732 
   1733 	ret->method=meth;
   1734 
   1735 	ret->cert_store=NULL;
   1736 	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
   1737 	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
   1738 	ret->session_cache_head=NULL;
   1739 	ret->session_cache_tail=NULL;
   1740 
   1741 	/* We take the system default */
   1742 	ret->session_timeout=meth->get_timeout();
   1743 
   1744 	ret->new_session_cb=0;
   1745 	ret->remove_session_cb=0;
   1746 	ret->get_session_cb=0;
   1747 	ret->generate_session_id=0;
   1748 
   1749 	memset((char *)&ret->stats,0,sizeof(ret->stats));
   1750 
   1751 	ret->references=1;
   1752 	ret->quiet_shutdown=0;
   1753 
   1754 /*	ret->cipher=NULL;*/
   1755 /*	ret->s2->challenge=NULL;
   1756 	ret->master_key=NULL;
   1757 	ret->key_arg=NULL;
   1758 	ret->s2->conn_id=NULL; */
   1759 
   1760 	ret->info_callback=NULL;
   1761 
   1762 	ret->app_verify_callback=0;
   1763 	ret->app_verify_arg=NULL;
   1764 
   1765 	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
   1766 	ret->read_ahead=0;
   1767 	ret->msg_callback=0;
   1768 	ret->msg_callback_arg=NULL;
   1769 	ret->verify_mode=SSL_VERIFY_NONE;
   1770 #if 0
   1771 	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
   1772 #endif
   1773 	ret->sid_ctx_length=0;
   1774 	ret->default_verify_callback=NULL;
   1775 	if ((ret->cert=ssl_cert_new()) == NULL)
   1776 		goto err;
   1777 
   1778 	ret->default_passwd_callback=0;
   1779 	ret->default_passwd_callback_userdata=NULL;
   1780 	ret->client_cert_cb=0;
   1781 	ret->app_gen_cookie_cb=0;
   1782 	ret->app_verify_cookie_cb=0;
   1783 
   1784 	ret->sessions=lh_SSL_SESSION_new();
   1785 	if (ret->sessions == NULL) goto err;
   1786 	ret->cert_store=X509_STORE_new();
   1787 	if (ret->cert_store == NULL) goto err;
   1788 
   1789 	ssl_create_cipher_list(ret->method,
   1790 		&ret->cipher_list,&ret->cipher_list_by_id,
   1791 		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
   1792 	if (ret->cipher_list == NULL
   1793 	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
   1794 		{
   1795 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
   1796 		goto err2;
   1797 		}
   1798 
   1799 	ret->param = X509_VERIFY_PARAM_new();
   1800 	if (!ret->param)
   1801 		goto err;
   1802 
   1803 	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
   1804 		{
   1805 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
   1806 		goto err2;
   1807 		}
   1808 	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
   1809 		{
   1810 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
   1811 		goto err2;
   1812 		}
   1813 	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
   1814 		{
   1815 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
   1816 		goto err2;
   1817 		}
   1818 
   1819 	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
   1820 		goto err;
   1821 
   1822 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
   1823 
   1824 	ret->extra_certs=NULL;
   1825 	ret->comp_methods=SSL_COMP_get_compression_methods();
   1826 
   1827 	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
   1828 
   1829 #ifndef OPENSSL_NO_TLSEXT
   1830 	ret->tlsext_servername_callback = 0;
   1831 	ret->tlsext_servername_arg = NULL;
   1832 	/* Setup RFC4507 ticket keys */
   1833 	if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
   1834 		|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
   1835 		|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
   1836 		ret->options |= SSL_OP_NO_TICKET;
   1837 
   1838 	ret->tlsext_status_cb = 0;
   1839 	ret->tlsext_status_arg = NULL;
   1840 
   1841 # ifndef OPENSSL_NO_NEXTPROTONEG
   1842 	ret->next_protos_advertised_cb = 0;
   1843 	ret->next_proto_select_cb = 0;
   1844 # endif
   1845 #endif
   1846 #ifndef OPENSSL_NO_PSK
   1847 	ret->psk_identity_hint=NULL;
   1848 	ret->psk_client_callback=NULL;
   1849 	ret->psk_server_callback=NULL;
   1850 #endif
   1851 #ifndef OPENSSL_NO_SRP
   1852 	SSL_CTX_SRP_CTX_init(ret);
   1853 #endif
   1854 #ifndef OPENSSL_NO_BUF_FREELISTS
   1855 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
   1856 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
   1857 	if (!ret->rbuf_freelist)
   1858 		goto err;
   1859 	ret->rbuf_freelist->chunklen = 0;
   1860 	ret->rbuf_freelist->len = 0;
   1861 	ret->rbuf_freelist->head = NULL;
   1862 	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
   1863 	if (!ret->wbuf_freelist)
   1864 		{
   1865 		OPENSSL_free(ret->rbuf_freelist);
   1866 		goto err;
   1867 		}
   1868 	ret->wbuf_freelist->chunklen = 0;
   1869 	ret->wbuf_freelist->len = 0;
   1870 	ret->wbuf_freelist->head = NULL;
   1871 #endif
   1872 #ifndef OPENSSL_NO_ENGINE
   1873 	ret->client_cert_engine = NULL;
   1874 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
   1875 #define eng_strx(x)	#x
   1876 #define eng_str(x)	eng_strx(x)
   1877 	/* Use specific client engine automatically... ignore errors */
   1878 	{
   1879 	ENGINE *eng;
   1880 	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
   1881 	if (!eng)
   1882 		{
   1883 		ERR_clear_error();
   1884 		ENGINE_load_builtin_engines();
   1885 		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
   1886 		}
   1887 	if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
   1888 		ERR_clear_error();
   1889 	}
   1890 #endif
   1891 #endif
   1892 	/* Default is to connect to non-RI servers. When RI is more widely
   1893 	 * deployed might change this.
   1894 	 */
   1895 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
   1896 
   1897 	return(ret);
   1898 err:
   1899 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
   1900 err2:
   1901 	if (ret != NULL) SSL_CTX_free(ret);
   1902 	return(NULL);
   1903 	}
   1904 
   1905 #if 0
   1906 static void SSL_COMP_free(SSL_COMP *comp)
   1907     { OPENSSL_free(comp); }
   1908 #endif
   1909 
   1910 #ifndef OPENSSL_NO_BUF_FREELISTS
   1911 static void
   1912 ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
   1913 	{
   1914 	SSL3_BUF_FREELIST_ENTRY *ent, *next;
   1915 	for (ent = list->head; ent; ent = next)
   1916 		{
   1917 		next = ent->next;
   1918 		OPENSSL_free(ent);
   1919 		}
   1920 	OPENSSL_free(list);
   1921 	}
   1922 #endif
   1923 
   1924 void SSL_CTX_free(SSL_CTX *a)
   1925 	{
   1926 	int i;
   1927 
   1928 	if (a == NULL) return;
   1929 
   1930 	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
   1931 #ifdef REF_PRINT
   1932 	REF_PRINT("SSL_CTX",a);
   1933 #endif
   1934 	if (i > 0) return;
   1935 #ifdef REF_CHECK
   1936 	if (i < 0)
   1937 		{
   1938 		fprintf(stderr,"SSL_CTX_free, bad reference count\n");
   1939 		abort(); /* ok */
   1940 		}
   1941 #endif
   1942 
   1943 	if (a->param)
   1944 		X509_VERIFY_PARAM_free(a->param);
   1945 
   1946 	/*
   1947 	 * Free internal session cache. However: the remove_cb() may reference
   1948 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
   1949 	 * after the sessions were flushed.
   1950 	 * As the ex_data handling routines might also touch the session cache,
   1951 	 * the most secure solution seems to be: empty (flush) the cache, then
   1952 	 * free ex_data, then finally free the cache.
   1953 	 * (See ticket [openssl.org #212].)
   1954 	 */
   1955 	if (a->sessions != NULL)
   1956 		SSL_CTX_flush_sessions(a,0);
   1957 
   1958 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
   1959 
   1960 	if (a->sessions != NULL)
   1961 		lh_SSL_SESSION_free(a->sessions);
   1962 
   1963 	if (a->cert_store != NULL)
   1964 		X509_STORE_free(a->cert_store);
   1965 	if (a->cipher_list != NULL)
   1966 		sk_SSL_CIPHER_free(a->cipher_list);
   1967 	if (a->cipher_list_by_id != NULL)
   1968 		sk_SSL_CIPHER_free(a->cipher_list_by_id);
   1969 	if (a->cert != NULL)
   1970 		ssl_cert_free(a->cert);
   1971 	if (a->client_CA != NULL)
   1972 		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
   1973 	if (a->extra_certs != NULL)
   1974 		sk_X509_pop_free(a->extra_certs,X509_free);
   1975 #if 0 /* This should never be done, since it removes a global database */
   1976 	if (a->comp_methods != NULL)
   1977 		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
   1978 #else
   1979 	a->comp_methods = NULL;
   1980 #endif
   1981 
   1982         if (a->srtp_profiles)
   1983                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
   1984 
   1985 #ifndef OPENSSL_NO_PSK
   1986 	if (a->psk_identity_hint)
   1987 		OPENSSL_free(a->psk_identity_hint);
   1988 #endif
   1989 #ifndef OPENSSL_NO_SRP
   1990 	SSL_CTX_SRP_CTX_free(a);
   1991 #endif
   1992 #ifndef OPENSSL_NO_ENGINE
   1993 	if (a->client_cert_engine)
   1994 		ENGINE_finish(a->client_cert_engine);
   1995 #endif
   1996 
   1997 #ifndef OPENSSL_NO_BUF_FREELISTS
   1998 	if (a->wbuf_freelist)
   1999 		ssl_buf_freelist_free(a->wbuf_freelist);
   2000 	if (a->rbuf_freelist)
   2001 		ssl_buf_freelist_free(a->rbuf_freelist);
   2002 #endif
   2003 
   2004 	OPENSSL_free(a);
   2005 	}
   2006 
   2007 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
   2008 	{
   2009 	ctx->default_passwd_callback=cb;
   2010 	}
   2011 
   2012 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
   2013 	{
   2014 	ctx->default_passwd_callback_userdata=u;
   2015 	}
   2016 
   2017 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
   2018 	{
   2019 	ctx->app_verify_callback=cb;
   2020 	ctx->app_verify_arg=arg;
   2021 	}
   2022 
   2023 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
   2024 	{
   2025 	ctx->verify_mode=mode;
   2026 	ctx->default_verify_callback=cb;
   2027 	}
   2028 
   2029 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
   2030 	{
   2031 	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
   2032 	}
   2033 
   2034 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
   2035 	{
   2036 	CERT_PKEY *cpk;
   2037 	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
   2038 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
   2039 	int rsa_tmp_export,dh_tmp_export,kl;
   2040 	unsigned long mask_k,mask_a,emask_k,emask_a;
   2041 	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
   2042 #ifndef OPENSSL_NO_ECDH
   2043 	int have_ecdh_tmp;
   2044 #endif
   2045 	X509 *x = NULL;
   2046 	EVP_PKEY *ecc_pkey = NULL;
   2047 	int signature_nid = 0, pk_nid = 0, md_nid = 0;
   2048 
   2049 	if (c == NULL) return;
   2050 
   2051 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
   2052 
   2053 #ifndef OPENSSL_NO_RSA
   2054 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
   2055 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
   2056 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
   2057 #else
   2058 	rsa_tmp=rsa_tmp_export=0;
   2059 #endif
   2060 #ifndef OPENSSL_NO_DH
   2061 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
   2062 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
   2063 		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
   2064 #else
   2065 	dh_tmp=dh_tmp_export=0;
   2066 #endif
   2067 
   2068 #ifndef OPENSSL_NO_ECDH
   2069 	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
   2070 #endif
   2071 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
   2072 	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
   2073 	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2074 	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
   2075 	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
   2076 	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
   2077 	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
   2078 	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
   2079 	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
   2080 	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2081 	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
   2082 /* FIX THIS EAY EAY EAY */
   2083 	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
   2084 	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
   2085 	cpk= &(c->pkeys[SSL_PKEY_ECC]);
   2086 	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
   2087 	mask_k=0;
   2088 	mask_a=0;
   2089 	emask_k=0;
   2090 	emask_a=0;
   2091 
   2092 
   2093 
   2094 #ifdef CIPHER_DEBUG
   2095 	printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
   2096 	        rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
   2097 		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
   2098 #endif
   2099 
   2100 	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
   2101 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
   2102 		mask_k |= SSL_kGOST;
   2103 		mask_a |= SSL_aGOST01;
   2104 	}
   2105 	cpk = &(c->pkeys[SSL_PKEY_GOST94]);
   2106 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
   2107 		mask_k |= SSL_kGOST;
   2108 		mask_a |= SSL_aGOST94;
   2109 	}
   2110 
   2111 	if (rsa_enc || (rsa_tmp && rsa_sign))
   2112 		mask_k|=SSL_kRSA;
   2113 	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
   2114 		emask_k|=SSL_kRSA;
   2115 
   2116 #if 0
   2117 	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
   2118 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
   2119 		(rsa_enc || rsa_sign || dsa_sign))
   2120 		mask_k|=SSL_kEDH;
   2121 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
   2122 		(rsa_enc || rsa_sign || dsa_sign))
   2123 		emask_k|=SSL_kEDH;
   2124 #endif
   2125 
   2126 	if (dh_tmp_export)
   2127 		emask_k|=SSL_kEDH;
   2128 
   2129 	if (dh_tmp)
   2130 		mask_k|=SSL_kEDH;
   2131 
   2132 	if (dh_rsa) mask_k|=SSL_kDHr;
   2133 	if (dh_rsa_export) emask_k|=SSL_kDHr;
   2134 
   2135 	if (dh_dsa) mask_k|=SSL_kDHd;
   2136 	if (dh_dsa_export) emask_k|=SSL_kDHd;
   2137 
   2138 	if (rsa_enc || rsa_sign)
   2139 		{
   2140 		mask_a|=SSL_aRSA;
   2141 		emask_a|=SSL_aRSA;
   2142 		}
   2143 
   2144 	if (dsa_sign)
   2145 		{
   2146 		mask_a|=SSL_aDSS;
   2147 		emask_a|=SSL_aDSS;
   2148 		}
   2149 
   2150 	mask_a|=SSL_aNULL;
   2151 	emask_a|=SSL_aNULL;
   2152 
   2153 #ifndef OPENSSL_NO_KRB5
   2154 	mask_k|=SSL_kKRB5;
   2155 	mask_a|=SSL_aKRB5;
   2156 	emask_k|=SSL_kKRB5;
   2157 	emask_a|=SSL_aKRB5;
   2158 #endif
   2159 
   2160 	/* An ECC certificate may be usable for ECDH and/or
   2161 	 * ECDSA cipher suites depending on the key usage extension.
   2162 	 */
   2163 	if (have_ecc_cert)
   2164 		{
   2165 		/* This call populates extension flags (ex_flags) */
   2166 		x = (c->pkeys[SSL_PKEY_ECC]).x509;
   2167 		X509_check_purpose(x, -1, 0);
   2168 		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
   2169 		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
   2170 		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
   2171 		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
   2172 		ecc_pkey = X509_get_pubkey(x);
   2173 		ecc_pkey_size = (ecc_pkey != NULL) ?
   2174 		    EVP_PKEY_bits(ecc_pkey) : 0;
   2175 		EVP_PKEY_free(ecc_pkey);
   2176 		if ((x->sig_alg) && (x->sig_alg->algorithm))
   2177 			{
   2178 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
   2179 			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
   2180 			}
   2181 #ifndef OPENSSL_NO_ECDH
   2182 		if (ecdh_ok)
   2183 			{
   2184 
   2185 			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
   2186 				{
   2187 				mask_k|=SSL_kECDHr;
   2188 				mask_a|=SSL_aECDH;
   2189 				if (ecc_pkey_size <= 163)
   2190 					{
   2191 					emask_k|=SSL_kECDHr;
   2192 					emask_a|=SSL_aECDH;
   2193 					}
   2194 				}
   2195 
   2196 			if (pk_nid == NID_X9_62_id_ecPublicKey)
   2197 				{
   2198 				mask_k|=SSL_kECDHe;
   2199 				mask_a|=SSL_aECDH;
   2200 				if (ecc_pkey_size <= 163)
   2201 					{
   2202 					emask_k|=SSL_kECDHe;
   2203 					emask_a|=SSL_aECDH;
   2204 					}
   2205 				}
   2206 			}
   2207 #endif
   2208 #ifndef OPENSSL_NO_ECDSA
   2209 		if (ecdsa_ok)
   2210 			{
   2211 			mask_a|=SSL_aECDSA;
   2212 			emask_a|=SSL_aECDSA;
   2213 			}
   2214 #endif
   2215 		}
   2216 
   2217 #ifndef OPENSSL_NO_ECDH
   2218 	if (have_ecdh_tmp)
   2219 		{
   2220 		mask_k|=SSL_kEECDH;
   2221 		emask_k|=SSL_kEECDH;
   2222 		}
   2223 #endif
   2224 
   2225 #ifndef OPENSSL_NO_PSK
   2226 	mask_k |= SSL_kPSK;
   2227 	mask_a |= SSL_aPSK;
   2228 	emask_k |= SSL_kPSK;
   2229 	emask_a |= SSL_aPSK;
   2230 #endif
   2231 
   2232 	c->mask_k=mask_k;
   2233 	c->mask_a=mask_a;
   2234 	c->export_mask_k=emask_k;
   2235 	c->export_mask_a=emask_a;
   2236 	c->valid=1;
   2237 	}
   2238 
   2239 /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
   2240 #define ku_reject(x, usage) \
   2241 	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
   2242 
   2243 #ifndef OPENSSL_NO_EC
   2244 
   2245 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
   2246 	{
   2247 	unsigned long alg_k, alg_a;
   2248 	EVP_PKEY *pkey = NULL;
   2249 	int keysize = 0;
   2250 	int signature_nid = 0, md_nid = 0, pk_nid = 0;
   2251 	const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
   2252 
   2253 	alg_k = cs->algorithm_mkey;
   2254 	alg_a = cs->algorithm_auth;
   2255 
   2256 	if (SSL_C_IS_EXPORT(cs))
   2257 		{
   2258 		/* ECDH key length in export ciphers must be <= 163 bits */
   2259 		pkey = X509_get_pubkey(x);
   2260 		if (pkey == NULL) return 0;
   2261 		keysize = EVP_PKEY_bits(pkey);
   2262 		EVP_PKEY_free(pkey);
   2263 		if (keysize > 163) return 0;
   2264 		}
   2265 
   2266 	/* This call populates the ex_flags field correctly */
   2267 	X509_check_purpose(x, -1, 0);
   2268 	if ((x->sig_alg) && (x->sig_alg->algorithm))
   2269 		{
   2270 		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
   2271 		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
   2272 		}
   2273 	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
   2274 		{
   2275 		/* key usage, if present, must allow key agreement */
   2276 		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
   2277 			{
   2278 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
   2279 			return 0;
   2280 			}
   2281 		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
   2282 			{
   2283 			/* signature alg must be ECDSA */
   2284 			if (pk_nid != NID_X9_62_id_ecPublicKey)
   2285 				{
   2286 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
   2287 				return 0;
   2288 				}
   2289 			}
   2290 		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
   2291 			{
   2292 			/* signature alg must be RSA */
   2293 
   2294 			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
   2295 				{
   2296 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
   2297 				return 0;
   2298 				}
   2299 			}
   2300 		}
   2301 	if (alg_a & SSL_aECDSA)
   2302 		{
   2303 		/* key usage, if present, must allow signing */
   2304 		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
   2305 			{
   2306 			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
   2307 			return 0;
   2308 			}
   2309 		}
   2310 
   2311 	return 1;  /* all checks are ok */
   2312 	}
   2313 
   2314 #endif
   2315 
   2316 /* THIS NEEDS CLEANING UP */
   2317 X509 *ssl_get_server_send_cert(SSL *s)
   2318 	{
   2319 	unsigned long alg_k,alg_a;
   2320 	CERT *c;
   2321 	int i;
   2322 
   2323 	c=s->cert;
   2324 	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
   2325 
   2326 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
   2327 	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
   2328 
   2329 	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
   2330 		{
   2331 		/* we don't need to look at SSL_kEECDH
   2332 		 * since no certificate is needed for
   2333 		 * anon ECDH and for authenticated
   2334 		 * EECDH, the check for the auth
   2335 		 * algorithm will set i correctly
   2336 		 * NOTE: For ECDH-RSA, we need an ECC
   2337 		 * not an RSA cert but for EECDH-RSA
   2338 		 * we need an RSA cert. Placing the
   2339 		 * checks for SSL_kECDH before RSA
   2340 		 * checks ensures the correct cert is chosen.
   2341 		 */
   2342 		i=SSL_PKEY_ECC;
   2343 		}
   2344 	else if (alg_a & SSL_aECDSA)
   2345 		{
   2346 		i=SSL_PKEY_ECC;
   2347 		}
   2348 	else if (alg_k & SSL_kDHr)
   2349 		i=SSL_PKEY_DH_RSA;
   2350 	else if (alg_k & SSL_kDHd)
   2351 		i=SSL_PKEY_DH_DSA;
   2352 	else if (alg_a & SSL_aDSS)
   2353 		i=SSL_PKEY_DSA_SIGN;
   2354 	else if (alg_a & SSL_aRSA)
   2355 		{
   2356 		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
   2357 			i=SSL_PKEY_RSA_SIGN;
   2358 		else
   2359 			i=SSL_PKEY_RSA_ENC;
   2360 		}
   2361 	else if (alg_a & SSL_aKRB5)
   2362 		{
   2363 		/* VRS something else here? */
   2364 		return(NULL);
   2365 		}
   2366 	else if (alg_a & SSL_aGOST94)
   2367 		i=SSL_PKEY_GOST94;
   2368 	else if (alg_a & SSL_aGOST01)
   2369 		i=SSL_PKEY_GOST01;
   2370 	else /* if (alg_a & SSL_aNULL) */
   2371 		{
   2372 		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
   2373 		return(NULL);
   2374 		}
   2375 	if (c->pkeys[i].x509 == NULL) return(NULL);
   2376 
   2377 	return(c->pkeys[i].x509);
   2378 	}
   2379 
   2380 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
   2381 	{
   2382 	unsigned long alg_a;
   2383 	CERT *c;
   2384 	int idx = -1;
   2385 
   2386 	alg_a = cipher->algorithm_auth;
   2387 	c=s->cert;
   2388 
   2389 	if ((alg_a & SSL_aDSS) &&
   2390 		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
   2391 		idx = SSL_PKEY_DSA_SIGN;
   2392 	else if (alg_a & SSL_aRSA)
   2393 		{
   2394 		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
   2395 			idx = SSL_PKEY_RSA_SIGN;
   2396 		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
   2397 			idx = SSL_PKEY_RSA_ENC;
   2398 		}
   2399 	else if ((alg_a & SSL_aECDSA) &&
   2400 	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
   2401 		idx = SSL_PKEY_ECC;
   2402 	if (idx == -1)
   2403 		{
   2404 		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
   2405 		return(NULL);
   2406 		}
   2407 	if (pmd)
   2408 		*pmd = c->pkeys[idx].digest;
   2409 	return c->pkeys[idx].privatekey;
   2410 	}
   2411 
   2412 void ssl_update_cache(SSL *s,int mode)
   2413 	{
   2414 	int i;
   2415 
   2416 	/* If the session_id_length is 0, we are not supposed to cache it,
   2417 	 * and it would be rather hard to do anyway :-) */
   2418 	if (s->session->session_id_length == 0) return;
   2419 
   2420 	i=s->session_ctx->session_cache_mode;
   2421 	if ((i & mode) && (!s->hit)
   2422 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
   2423 		    || SSL_CTX_add_session(s->session_ctx,s->session))
   2424 		&& (s->session_ctx->new_session_cb != NULL))
   2425 		{
   2426 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
   2427 		if (!s->session_ctx->new_session_cb(s,s->session))
   2428 			SSL_SESSION_free(s->session);
   2429 		}
   2430 
   2431 	/* auto flush every 255 connections */
   2432 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
   2433 		((i & mode) == mode))
   2434 		{
   2435 		if (  (((mode & SSL_SESS_CACHE_CLIENT)
   2436 			?s->session_ctx->stats.sess_connect_good
   2437 			:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
   2438 			{
   2439 			SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
   2440 			}
   2441 		}
   2442 	}
   2443 
   2444 const SSL_METHOD *SSL_get_ssl_method(SSL *s)
   2445 	{
   2446 	return(s->method);
   2447 	}
   2448 
   2449 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
   2450 	{
   2451 	int conn= -1;
   2452 	int ret=1;
   2453 
   2454 	if (s->method != meth)
   2455 		{
   2456 		if (s->handshake_func != NULL)
   2457 			conn=(s->handshake_func == s->method->ssl_connect);
   2458 
   2459 		if (s->method->version == meth->version)
   2460 			s->method=meth;
   2461 		else
   2462 			{
   2463 			s->method->ssl_free(s);
   2464 			s->method=meth;
   2465 			ret=s->method->ssl_new(s);
   2466 			}
   2467 
   2468 		if (conn == 1)
   2469 			s->handshake_func=meth->ssl_connect;
   2470 		else if (conn == 0)
   2471 			s->handshake_func=meth->ssl_accept;
   2472 		}
   2473 	return(ret);
   2474 	}
   2475 
   2476 int SSL_get_error(const SSL *s,int i)
   2477 	{
   2478 	int reason;
   2479 	unsigned long l;
   2480 	BIO *bio;
   2481 
   2482 	if (i > 0) return(SSL_ERROR_NONE);
   2483 
   2484 	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
   2485 	 * etc, where we do encode the error */
   2486 	if ((l=ERR_peek_error()) != 0)
   2487 		{
   2488 		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
   2489 			return(SSL_ERROR_SYSCALL);
   2490 		else
   2491 			return(SSL_ERROR_SSL);
   2492 		}
   2493 
   2494 	if ((i < 0) && SSL_want_read(s))
   2495 		{
   2496 		bio=SSL_get_rbio(s);
   2497 		if (BIO_should_read(bio))
   2498 			return(SSL_ERROR_WANT_READ);
   2499 		else if (BIO_should_write(bio))
   2500 			/* This one doesn't make too much sense ... We never try
   2501 			 * to write to the rbio, and an application program where
   2502 			 * rbio and wbio are separate couldn't even know what it
   2503 			 * should wait for.
   2504 			 * However if we ever set s->rwstate incorrectly
   2505 			 * (so that we have SSL_want_read(s) instead of
   2506 			 * SSL_want_write(s)) and rbio and wbio *are* the same,
   2507 			 * this test works around that bug; so it might be safer
   2508 			 * to keep it. */
   2509 			return(SSL_ERROR_WANT_WRITE);
   2510 		else if (BIO_should_io_special(bio))
   2511 			{
   2512 			reason=BIO_get_retry_reason(bio);
   2513 			if (reason == BIO_RR_CONNECT)
   2514 				return(SSL_ERROR_WANT_CONNECT);
   2515 			else if (reason == BIO_RR_ACCEPT)
   2516 				return(SSL_ERROR_WANT_ACCEPT);
   2517 			else
   2518 				return(SSL_ERROR_SYSCALL); /* unknown */
   2519 			}
   2520 		}
   2521 
   2522 	if ((i < 0) && SSL_want_write(s))
   2523 		{
   2524 		bio=SSL_get_wbio(s);
   2525 		if (BIO_should_write(bio))
   2526 			return(SSL_ERROR_WANT_WRITE);
   2527 		else if (BIO_should_read(bio))
   2528 			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
   2529 			return(SSL_ERROR_WANT_READ);
   2530 		else if (BIO_should_io_special(bio))
   2531 			{
   2532 			reason=BIO_get_retry_reason(bio);
   2533 			if (reason == BIO_RR_CONNECT)
   2534 				return(SSL_ERROR_WANT_CONNECT);
   2535 			else if (reason == BIO_RR_ACCEPT)
   2536 				return(SSL_ERROR_WANT_ACCEPT);
   2537 			else
   2538 				return(SSL_ERROR_SYSCALL);
   2539 			}
   2540 		}
   2541 	if ((i < 0) && SSL_want_x509_lookup(s))
   2542 		{
   2543 		return(SSL_ERROR_WANT_X509_LOOKUP);
   2544 		}
   2545 
   2546 	if (i == 0)
   2547 		{
   2548 		if (s->version == SSL2_VERSION)
   2549 			{
   2550 			/* assume it is the socket being closed */
   2551 			return(SSL_ERROR_ZERO_RETURN);
   2552 			}
   2553 		else
   2554 			{
   2555 			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
   2556 				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
   2557 				return(SSL_ERROR_ZERO_RETURN);
   2558 			}
   2559 		}
   2560 	return(SSL_ERROR_SYSCALL);
   2561 	}
   2562 
   2563 int SSL_do_handshake(SSL *s)
   2564 	{
   2565 	int ret=1;
   2566 
   2567 	if (s->handshake_func == NULL)
   2568 		{
   2569 		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
   2570 		return(-1);
   2571 		}
   2572 
   2573 	s->method->ssl_renegotiate_check(s);
   2574 
   2575 	if (SSL_in_init(s) || SSL_in_before(s))
   2576 		{
   2577 		ret=s->handshake_func(s);
   2578 		}
   2579 	return(ret);
   2580 	}
   2581 
   2582 /* For the next 2 functions, SSL_clear() sets shutdown and so
   2583  * one of these calls will reset it */
   2584 void SSL_set_accept_state(SSL *s)
   2585 	{
   2586 	s->server=1;
   2587 	s->shutdown=0;
   2588 	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
   2589 	s->handshake_func=s->method->ssl_accept;
   2590 	/* clear the current cipher */
   2591 	ssl_clear_cipher_ctx(s);
   2592 	ssl_clear_hash_ctx(&s->read_hash);
   2593 	ssl_clear_hash_ctx(&s->write_hash);
   2594 	}
   2595 
   2596 void SSL_set_connect_state(SSL *s)
   2597 	{
   2598 	s->server=0;
   2599 	s->shutdown=0;
   2600 	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
   2601 	s->handshake_func=s->method->ssl_connect;
   2602 	/* clear the current cipher */
   2603 	ssl_clear_cipher_ctx(s);
   2604 	ssl_clear_hash_ctx(&s->read_hash);
   2605 	ssl_clear_hash_ctx(&s->write_hash);
   2606 	}
   2607 
   2608 int ssl_undefined_function(SSL *s)
   2609 	{
   2610 	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2611 	return(0);
   2612 	}
   2613 
   2614 int ssl_undefined_void_function(void)
   2615 	{
   2616 	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2617 	return(0);
   2618 	}
   2619 
   2620 int ssl_undefined_const_function(const SSL *s)
   2621 	{
   2622 	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2623 	return(0);
   2624 	}
   2625 
   2626 SSL_METHOD *ssl_bad_method(int ver)
   2627 	{
   2628 	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
   2629 	return(NULL);
   2630 	}
   2631 
   2632 static const char *ssl_get_version(int version)
   2633 	{
   2634 	if (version == TLS1_2_VERSION)
   2635 		return("TLSv1.2");
   2636 	else if (version == TLS1_1_VERSION)
   2637 		return("TLSv1.1");
   2638 	if (version == TLS1_VERSION)
   2639 		return("TLSv1");
   2640 	else if (version == SSL3_VERSION)
   2641 		return("SSLv3");
   2642 	else if (version == SSL2_VERSION)
   2643 		return("SSLv2");
   2644 	else
   2645 		return("unknown");
   2646 	}
   2647 
   2648 const char *SSL_get_version(const SSL *s)
   2649 	{
   2650 		return ssl_get_version(s->version);
   2651 	}
   2652 
   2653 const char *SSL_SESSION_get_version(const SSL_SESSION *s)
   2654 	{
   2655 		return ssl_get_version(s->ssl_version);
   2656 	}
   2657 
   2658 const char* SSL_authentication_method(const SSL* ssl)
   2659 	{
   2660 	if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
   2661 		return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
   2662 	switch (ssl->version)
   2663 		{
   2664 	case SSL2_VERSION:
   2665 		return SSL_TXT_RSA;
   2666 	default:
   2667 		return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
   2668 		}
   2669 	}
   2670 
   2671 SSL *SSL_dup(SSL *s)
   2672 	{
   2673 	STACK_OF(X509_NAME) *sk;
   2674 	X509_NAME *xn;
   2675 	SSL *ret;
   2676 	int i;
   2677 
   2678 	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
   2679 	    return(NULL);
   2680 
   2681 	ret->version = s->version;
   2682 	ret->type = s->type;
   2683 	ret->method = s->method;
   2684 
   2685 	if (s->session != NULL)
   2686 		{
   2687 		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
   2688 		SSL_copy_session_id(ret,s);
   2689 		}
   2690 	else
   2691 		{
   2692 		/* No session has been established yet, so we have to expect
   2693 		 * that s->cert or ret->cert will be changed later --
   2694 		 * they should not both point to the same object,
   2695 		 * and thus we can't use SSL_copy_session_id. */
   2696 
   2697 		ret->method->ssl_free(ret);
   2698 		ret->method = s->method;
   2699 		ret->method->ssl_new(ret);
   2700 
   2701 		if (s->cert != NULL)
   2702 			{
   2703 			if (ret->cert != NULL)
   2704 				{
   2705 				ssl_cert_free(ret->cert);
   2706 				}
   2707 			ret->cert = ssl_cert_dup(s->cert);
   2708 			if (ret->cert == NULL)
   2709 				goto err;
   2710 			}
   2711 
   2712 		SSL_set_session_id_context(ret,
   2713 			s->sid_ctx, s->sid_ctx_length);
   2714 		}
   2715 
   2716 	ret->options=s->options;
   2717 	ret->mode=s->mode;
   2718 	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
   2719 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
   2720 	ret->msg_callback = s->msg_callback;
   2721 	ret->msg_callback_arg = s->msg_callback_arg;
   2722 	SSL_set_verify(ret,SSL_get_verify_mode(s),
   2723 		SSL_get_verify_callback(s));
   2724 	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
   2725 	ret->generate_session_id = s->generate_session_id;
   2726 
   2727 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
   2728 
   2729 	ret->debug=s->debug;
   2730 
   2731 	/* copy app data, a little dangerous perhaps */
   2732 	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
   2733 		goto err;
   2734 
   2735 	/* setup rbio, and wbio */
   2736 	if (s->rbio != NULL)
   2737 		{
   2738 		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
   2739 			goto err;
   2740 		}
   2741 	if (s->wbio != NULL)
   2742 		{
   2743 		if (s->wbio != s->rbio)
   2744 			{
   2745 			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
   2746 				goto err;
   2747 			}
   2748 		else
   2749 			ret->wbio=ret->rbio;
   2750 		}
   2751 	ret->rwstate = s->rwstate;
   2752 	ret->in_handshake = s->in_handshake;
   2753 	ret->handshake_func = s->handshake_func;
   2754 	ret->server = s->server;
   2755 	ret->renegotiate = s->renegotiate;
   2756 	ret->new_session = s->new_session;
   2757 	ret->quiet_shutdown = s->quiet_shutdown;
   2758 	ret->shutdown=s->shutdown;
   2759 	ret->state=s->state; /* SSL_dup does not really work at any state, though */
   2760 	ret->rstate=s->rstate;
   2761 	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
   2762 	ret->hit=s->hit;
   2763 
   2764 	X509_VERIFY_PARAM_inherit(ret->param, s->param);
   2765 
   2766 	/* dup the cipher_list and cipher_list_by_id stacks */
   2767 	if (s->cipher_list != NULL)
   2768 		{
   2769 		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
   2770 			goto err;
   2771 		}
   2772 	if (s->cipher_list_by_id != NULL)
   2773 		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
   2774 			== NULL)
   2775 			goto err;
   2776 
   2777 	/* Dup the client_CA list */
   2778 	if (s->client_CA != NULL)
   2779 		{
   2780 		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
   2781 		ret->client_CA=sk;
   2782 		for (i=0; i<sk_X509_NAME_num(sk); i++)
   2783 			{
   2784 			xn=sk_X509_NAME_value(sk,i);
   2785 			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
   2786 				{
   2787 				X509_NAME_free(xn);
   2788 				goto err;
   2789 				}
   2790 			}
   2791 		}
   2792 
   2793 	if (0)
   2794 		{
   2795 err:
   2796 		if (ret != NULL) SSL_free(ret);
   2797 		ret=NULL;
   2798 		}
   2799 	return(ret);
   2800 	}
   2801 
   2802 void ssl_clear_cipher_ctx(SSL *s)
   2803 	{
   2804 	if (s->enc_read_ctx != NULL)
   2805 		{
   2806 		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
   2807 		OPENSSL_free(s->enc_read_ctx);
   2808 		s->enc_read_ctx=NULL;
   2809 		}
   2810 	if (s->enc_write_ctx != NULL)
   2811 		{
   2812 		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
   2813 		OPENSSL_free(s->enc_write_ctx);
   2814 		s->enc_write_ctx=NULL;
   2815 		}
   2816 #ifndef OPENSSL_NO_COMP
   2817 	if (s->expand != NULL)
   2818 		{
   2819 		COMP_CTX_free(s->expand);
   2820 		s->expand=NULL;
   2821 		}
   2822 	if (s->compress != NULL)
   2823 		{
   2824 		COMP_CTX_free(s->compress);
   2825 		s->compress=NULL;
   2826 		}
   2827 #endif
   2828 	}
   2829 
   2830 /* Fix this function so that it takes an optional type parameter */
   2831 X509 *SSL_get_certificate(const SSL *s)
   2832 	{
   2833 	if (s->cert != NULL)
   2834 		return(s->cert->key->x509);
   2835 	else
   2836 		return(NULL);
   2837 	}
   2838 
   2839 /* Fix this function so that it takes an optional type parameter */
   2840 EVP_PKEY *SSL_get_privatekey(SSL *s)
   2841 	{
   2842 	if (s->cert != NULL)
   2843 		return(s->cert->key->privatekey);
   2844 	else
   2845 		return(NULL);
   2846 	}
   2847 
   2848 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
   2849 	{
   2850 	if ((s->session != NULL) && (s->session->cipher != NULL))
   2851 		return(s->session->cipher);
   2852 	return(NULL);
   2853 	}
   2854 #ifdef OPENSSL_NO_COMP
   2855 const void *SSL_get_current_compression(SSL *s)
   2856 	{
   2857 	return NULL;
   2858 	}
   2859 const void *SSL_get_current_expansion(SSL *s)
   2860 	{
   2861 	return NULL;
   2862 	}
   2863 #else
   2864 
   2865 const COMP_METHOD *SSL_get_current_compression(SSL *s)
   2866 	{
   2867 	if (s->compress != NULL)
   2868 		return(s->compress->meth);
   2869 	return(NULL);
   2870 	}
   2871 
   2872 const COMP_METHOD *SSL_get_current_expansion(SSL *s)
   2873 	{
   2874 	if (s->expand != NULL)
   2875 		return(s->expand->meth);
   2876 	return(NULL);
   2877 	}
   2878 #endif
   2879 
   2880 int ssl_init_wbio_buffer(SSL *s,int push)
   2881 	{
   2882 	BIO *bbio;
   2883 
   2884 	if (s->bbio == NULL)
   2885 		{
   2886 		bbio=BIO_new(BIO_f_buffer());
   2887 		if (bbio == NULL) return(0);
   2888 		s->bbio=bbio;
   2889 		}
   2890 	else
   2891 		{
   2892 		bbio=s->bbio;
   2893 		if (s->bbio == s->wbio)
   2894 			s->wbio=BIO_pop(s->wbio);
   2895 		}
   2896 	(void)BIO_reset(bbio);
   2897 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
   2898 	if (!BIO_set_read_buffer_size(bbio,1))
   2899 		{
   2900 		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
   2901 		return(0);
   2902 		}
   2903 	if (push)
   2904 		{
   2905 		if (s->wbio != bbio)
   2906 			s->wbio=BIO_push(bbio,s->wbio);
   2907 		}
   2908 	else
   2909 		{
   2910 		if (s->wbio == bbio)
   2911 			s->wbio=BIO_pop(bbio);
   2912 		}
   2913 	return(1);
   2914 	}
   2915 
   2916 void ssl_free_wbio_buffer(SSL *s)
   2917 	{
   2918 	if (s->bbio == NULL) return;
   2919 
   2920 	if (s->bbio == s->wbio)
   2921 		{
   2922 		/* remove buffering */
   2923 		s->wbio=BIO_pop(s->wbio);
   2924 #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
   2925 		assert(s->wbio != NULL);
   2926 #endif
   2927 	}
   2928 	BIO_free(s->bbio);
   2929 	s->bbio=NULL;
   2930 	}
   2931 
   2932 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
   2933 	{
   2934 	ctx->quiet_shutdown=mode;
   2935 	}
   2936 
   2937 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
   2938 	{
   2939 	return(ctx->quiet_shutdown);
   2940 	}
   2941 
   2942 void SSL_set_quiet_shutdown(SSL *s,int mode)
   2943 	{
   2944 	s->quiet_shutdown=mode;
   2945 	}
   2946 
   2947 int SSL_get_quiet_shutdown(const SSL *s)
   2948 	{
   2949 	return(s->quiet_shutdown);
   2950 	}
   2951 
   2952 void SSL_set_shutdown(SSL *s,int mode)
   2953 	{
   2954 	s->shutdown=mode;
   2955 	}
   2956 
   2957 int SSL_get_shutdown(const SSL *s)
   2958 	{
   2959 	return(s->shutdown);
   2960 	}
   2961 
   2962 int SSL_version(const SSL *s)
   2963 	{
   2964 	return(s->version);
   2965 	}
   2966 
   2967 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
   2968 	{
   2969 	return(ssl->ctx);
   2970 	}
   2971 
   2972 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
   2973 	{
   2974 	if (ssl->ctx == ctx)
   2975 		return ssl->ctx;
   2976 #ifndef OPENSSL_NO_TLSEXT
   2977 	if (ctx == NULL)
   2978 		ctx = ssl->initial_ctx;
   2979 #endif
   2980 	if (ssl->cert != NULL)
   2981 		ssl_cert_free(ssl->cert);
   2982 	ssl->cert = ssl_cert_dup(ctx->cert);
   2983 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
   2984 	if (ssl->ctx != NULL)
   2985 		SSL_CTX_free(ssl->ctx); /* decrement reference count */
   2986 	ssl->ctx = ctx;
   2987 	return(ssl->ctx);
   2988 	}
   2989 
   2990 #ifndef OPENSSL_NO_STDIO
   2991 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
   2992 	{
   2993 	return(X509_STORE_set_default_paths(ctx->cert_store));
   2994 	}
   2995 
   2996 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
   2997 		const char *CApath)
   2998 	{
   2999 	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
   3000 	}
   3001 #endif
   3002 
   3003 void SSL_set_info_callback(SSL *ssl,
   3004 	void (*cb)(const SSL *ssl,int type,int val))
   3005 	{
   3006 	ssl->info_callback=cb;
   3007 	}
   3008 
   3009 /* One compiler (Diab DCC) doesn't like argument names in returned
   3010    function pointer.  */
   3011 void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
   3012 	{
   3013 	return ssl->info_callback;
   3014 	}
   3015 
   3016 int SSL_state(const SSL *ssl)
   3017 	{
   3018 	return(ssl->state);
   3019 	}
   3020 
   3021 void SSL_set_state(SSL *ssl, int state)
   3022 	{
   3023 	ssl->state = state;
   3024 	}
   3025 
   3026 void SSL_set_verify_result(SSL *ssl,long arg)
   3027 	{
   3028 	ssl->verify_result=arg;
   3029 	}
   3030 
   3031 long SSL_get_verify_result(const SSL *ssl)
   3032 	{
   3033 	return(ssl->verify_result);
   3034 	}
   3035 
   3036 int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
   3037 			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
   3038 	{
   3039 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
   3040 				new_func, dup_func, free_func);
   3041 	}
   3042 
   3043 int SSL_set_ex_data(SSL *s,int idx,void *arg)
   3044 	{
   3045 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
   3046 	}
   3047 
   3048 void *SSL_get_ex_data(const SSL *s,int idx)
   3049 	{
   3050 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
   3051 	}
   3052 
   3053 int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
   3054 			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
   3055 	{
   3056 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
   3057 				new_func, dup_func, free_func);
   3058 	}
   3059 
   3060 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
   3061 	{
   3062 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
   3063 	}
   3064 
   3065 void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
   3066 	{
   3067 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
   3068 	}
   3069 
   3070 int ssl_ok(SSL *s)
   3071 	{
   3072 	return(1);
   3073 	}
   3074 
   3075 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
   3076 	{
   3077 	return(ctx->cert_store);
   3078 	}
   3079 
   3080 void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
   3081 	{
   3082 	if (ctx->cert_store != NULL)
   3083 		X509_STORE_free(ctx->cert_store);
   3084 	ctx->cert_store=store;
   3085 	}
   3086 
   3087 int SSL_want(const SSL *s)
   3088 	{
   3089 	return(s->rwstate);
   3090 	}
   3091 
   3092 /*!
   3093  * \brief Set the callback for generating temporary RSA keys.
   3094  * \param ctx the SSL context.
   3095  * \param cb the callback
   3096  */
   3097 
   3098 #ifndef OPENSSL_NO_RSA
   3099 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
   3100 							  int is_export,
   3101 							  int keylength))
   3102     {
   3103     SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
   3104     }
   3105 
   3106 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
   3107 						  int is_export,
   3108 						  int keylength))
   3109     {
   3110     SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
   3111     }
   3112 #endif
   3113 
   3114 #ifdef DOXYGEN
   3115 /*!
   3116  * \brief The RSA temporary key callback function.
   3117  * \param ssl the SSL session.
   3118  * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
   3119  * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
   3120  * of the required key in bits.
   3121  * \return the temporary RSA key.
   3122  * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
   3123  */
   3124 
   3125 RSA *cb(SSL *ssl,int is_export,int keylength)
   3126     {}
   3127 #endif
   3128 
   3129 /*!
   3130  * \brief Set the callback for generating temporary DH keys.
   3131  * \param ctx the SSL context.
   3132  * \param dh the callback
   3133  */
   3134 
   3135 #ifndef OPENSSL_NO_DH
   3136 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
   3137                                                         int keylength))
   3138 	{
   3139 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
   3140 	}
   3141 
   3142 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
   3143                                                 int keylength))
   3144 	{
   3145 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
   3146 	}
   3147 #endif
   3148 
   3149 #ifndef OPENSSL_NO_ECDH
   3150 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
   3151                                                                 int keylength))
   3152 	{
   3153 	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
   3154 	}
   3155 
   3156 void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
   3157                                                         int keylength))
   3158 	{
   3159 	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
   3160 	}
   3161 #endif
   3162 
   3163 #ifndef OPENSSL_NO_PSK
   3164 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
   3165 	{
   3166 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
   3167 		{
   3168 		SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
   3169 		return 0;
   3170 		}
   3171 	if (ctx->psk_identity_hint != NULL)
   3172 		OPENSSL_free(ctx->psk_identity_hint);
   3173 	if (identity_hint != NULL)
   3174 		{
   3175 		ctx->psk_identity_hint = BUF_strdup(identity_hint);
   3176 		if (ctx->psk_identity_hint == NULL)
   3177 			return 0;
   3178 		}
   3179 	else
   3180 		ctx->psk_identity_hint = NULL;
   3181 	return 1;
   3182 	}
   3183 
   3184 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
   3185 	{
   3186 	if (s == NULL)
   3187 		return 0;
   3188 
   3189 	if (s->session == NULL)
   3190 		return 1; /* session not created yet, ignored */
   3191 
   3192 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
   3193 		{
   3194 		SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
   3195 		return 0;
   3196 		}
   3197 	if (s->session->psk_identity_hint != NULL)
   3198 		OPENSSL_free(s->session->psk_identity_hint);
   3199 	if (identity_hint != NULL)
   3200 		{
   3201 		s->session->psk_identity_hint = BUF_strdup(identity_hint);
   3202 		if (s->session->psk_identity_hint == NULL)
   3203 			return 0;
   3204 		}
   3205 	else
   3206 		s->session->psk_identity_hint = NULL;
   3207 	return 1;
   3208 	}
   3209 
   3210 const char *SSL_get_psk_identity_hint(const SSL *s)
   3211 	{
   3212 	if (s == NULL || s->session == NULL)
   3213 		return NULL;
   3214 	return(s->session->psk_identity_hint);
   3215 	}
   3216 
   3217 const char *SSL_get_psk_identity(const SSL *s)
   3218 	{
   3219 	if (s == NULL || s->session == NULL)
   3220 		return NULL;
   3221 	return(s->session->psk_identity);
   3222 	}
   3223 
   3224 void SSL_set_psk_client_callback(SSL *s,
   3225     unsigned int (*cb)(SSL *ssl, const char *hint,
   3226                        char *identity, unsigned int max_identity_len, unsigned char *psk,
   3227                        unsigned int max_psk_len))
   3228 	{
   3229 	s->psk_client_callback = cb;
   3230 	}
   3231 
   3232 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
   3233     unsigned int (*cb)(SSL *ssl, const char *hint,
   3234                        char *identity, unsigned int max_identity_len, unsigned char *psk,
   3235                        unsigned int max_psk_len))
   3236 	{
   3237 	ctx->psk_client_callback = cb;
   3238 	}
   3239 
   3240 void SSL_set_psk_server_callback(SSL *s,
   3241     unsigned int (*cb)(SSL *ssl, const char *identity,
   3242                        unsigned char *psk, unsigned int max_psk_len))
   3243 	{
   3244 	s->psk_server_callback = cb;
   3245 	}
   3246 
   3247 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
   3248     unsigned int (*cb)(SSL *ssl, const char *identity,
   3249                        unsigned char *psk, unsigned int max_psk_len))
   3250 	{
   3251 	ctx->psk_server_callback = cb;
   3252 	}
   3253 #endif
   3254 
   3255 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
   3256 	{
   3257 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
   3258 	}
   3259 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
   3260 	{
   3261 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
   3262 	}
   3263 
   3264 int SSL_cutthrough_complete(const SSL *s)
   3265 	{
   3266 	return (!s->server &&                 /* cutthrough only applies to clients */
   3267 		!s->hit &&                        /* full-handshake */
   3268 		s->version >= SSL3_VERSION &&
   3269 		s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
   3270 		(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
   3271 		SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
   3272 		s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
   3273 		(s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
   3274 			s->state == SSL3_ST_CR_FINISHED_A));
   3275 	}
   3276 
   3277 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
   3278  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
   3279  * any. If EVP_MD pointer is passed, initializes ctx with this md
   3280  * Returns newly allocated ctx;
   3281  */
   3282 
   3283 EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
   3284 {
   3285 	ssl_clear_hash_ctx(hash);
   3286 	*hash = EVP_MD_CTX_create();
   3287 	if (md) EVP_DigestInit_ex(*hash,md,NULL);
   3288 	return *hash;
   3289 }
   3290 void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
   3291 {
   3292 
   3293 	if (*hash) EVP_MD_CTX_destroy(*hash);
   3294 	*hash=NULL;
   3295 }
   3296 
   3297 void SSL_set_debug(SSL *s, int debug)
   3298 	{
   3299 	s->debug = debug;
   3300 	}
   3301 
   3302 int SSL_cache_hit(SSL *s)
   3303 	{
   3304 	return s->hit;
   3305 	}
   3306 
   3307 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
   3308 #include "../crypto/bio/bss_file.c"
   3309 #endif
   3310 
   3311 IMPLEMENT_STACK_OF(SSL_CIPHER)
   3312 IMPLEMENT_STACK_OF(SSL_COMP)
   3313 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
   3314 				    ssl_cipher_id);
   3315