projects / openssl.git / blob
? search:


88ff03b3ac52c0e175f32d7edfc9ae5d54d07c93
[openssl.git] / ssl / ssl_lib.c
1 /*! \file ssl/ssl_lib.c
2  *  \brief Version independent SSL functions.
3  */
4 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5  * All rights reserved.
6  *
7  * This package is an SSL implementation written
8  * by Eric Young (eay@cryptsoft.com).
9  * The implementation was written so as to conform with Netscapes SSL.
10  * 
11  * This library is free for commercial and non-commercial use as long as
12  * the following conditions are aheared to.  The following conditions
13  * apply to all code found in this distribution, be it the RC4, RSA,
14  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
15  * included with this distribution is covered by the same copyright terms
16  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17  * 
18  * Copyright remains Eric Young's, and as such any Copyright notices in
19  * the code are not to be removed.
20  * If this package is used in a product, Eric Young should be given attribution
21  * as the author of the parts of the library used.
22  * This can be in the form of a textual message at program startup or
23  * in documentation (online or textual) provided with the package.
24  * 
25  * Redistribution and use in source and binary forms, with or without
26  * modification, are permitted provided that the following conditions
27  * are met:
28  * 1. Redistributions of source code must retain the copyright
29  *    notice, this list of conditions and the following disclaimer.
30  * 2. Redistributions in binary form must reproduce the above copyright
31  *    notice, this list of conditions and the following disclaimer in the
32  *    documentation and/or other materials provided with the distribution.
33  * 3. All advertising materials mentioning features or use of this software
34  *    must display the following acknowledgement:
35  *    "This product includes cryptographic software written by
36  *     Eric Young (eay@cryptsoft.com)"
37  *    The word 'cryptographic' can be left out if the rouines from the library
38  *    being used are not cryptographic related :-).
39  * 4. If you include any Windows specific code (or a derivative thereof) from 
40  *    the apps directory (application code) you must include an acknowledgement:
41  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42  * 
43  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53  * SUCH DAMAGE.
54  * 
55  * The licence and distribution terms for any publically available version or
56  * derivative of this code cannot be changed.  i.e. this code cannot simply be
57  * copied and put under another distribution licence
58  * [including the GNU Public Licence.]
59  */
60
61 #include <stdio.h>
62 #include <openssl/objects.h>
63 #include <openssl/lhash.h>
64 #include <openssl/x509v3.h>
65 #include "ssl_locl.h"
66
67 char *SSL_version_str=OPENSSL_VERSION_TEXT;
68
69 static STACK *ssl_meth=NULL;
70 static STACK *ssl_ctx_meth=NULL;
71 static int ssl_meth_num=0;
72 static int ssl_ctx_meth_num=0;
73
74 OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
75         /* evil casts, but these functions are only called if there's a libraryr bug */
76         (int (*)(SSL *,int))ssl_undefined_function,
77         (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
78         ssl_undefined_function,
79         (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
80         (int (*)(SSL*, int))ssl_undefined_function,
81         (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
82         };
83
84 int SSL_clear(SSL *s)
85         {
86         int state;
87
88         if (s->method == NULL)
89                 {
90                 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
91                 return(0);
92                 }
93
94         s->error=0;
95         s->hit=0;
96         s->shutdown=0;
97
98 #if 0
99         /* This is set if we are doing dynamic renegotiation so keep
100          * the old cipher.  It is sort of a SSL_clear_lite :-) */
101         if (s->new_session) return(1);
102 #endif
103
104         state=s->state; /* Keep to check if we throw away the session-id */
105         s->type=0;
106
107         s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
108
109         s->version=s->method->version;
110         s->client_version=s->version;
111         s->rwstate=SSL_NOTHING;
112         s->rstate=SSL_ST_READ_HEADER;
113         s->read_ahead=s->ctx->read_ahead;
114
115         if (s->init_buf != NULL)
116                 {
117                 BUF_MEM_free(s->init_buf);
118                 s->init_buf=NULL;
119                 }
120
121         ssl_clear_cipher_ctx(s);
122
123         if (ssl_clear_bad_session(s))
124                 {
125                 SSL_SESSION_free(s->session);
126                 s->session=NULL;
127                 }
128
129         s->first_packet=0;
130
131 #if 1
132         /* Check to see if we were changed into a different method, if
133          * so, revert back if we are not doing session-id reuse. */
134         if ((s->session == NULL) && (s->method != s->ctx->method))
135                 {
136                 s->method->ssl_free(s);
137                 s->method=s->ctx->method;
138                 if (!s->method->ssl_new(s))
139                         return(0);
140                 }
141         else
142 #endif
143                 s->method->ssl_clear(s);
144         return(1);
145         }
146
147 /** Used to change an SSL_CTXs default SSL method type */
148 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
149         {
150         STACK_OF(SSL_CIPHER) *sk;
151
152         ctx->method=meth;
153
154         sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
155                 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
156         if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
157                 {
158                 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
159                 return(0);
160                 }
161         return(1);
162         }
163
164 SSL *SSL_new(SSL_CTX *ctx)
165         {
166         SSL *s;
167
168         if (ctx == NULL)
169                 {
170                 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
171                 return(NULL);
172                 }
173         if (ctx->method == NULL)
174                 {
175                 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
176                 return(NULL);
177                 }
178
179         s=(SSL *)Malloc(sizeof(SSL));
180         if (s == NULL) goto err;
181         memset(s,0,sizeof(SSL));
182
183         if (ctx->cert != NULL)
184                 {
185                 /* Earlier library versions used to copy the pointer to
186                  * the CERT, not its contents; only when setting new
187                  * parameters for the per-SSL copy, ssl_cert_new would be
188                  * called (and the direct reference to the per-SSL_CTX
189                  * settings would be lost, but those still were indirectly
190                  * accessed for various purposes, and for that reason they
191                  * used to be known as s->ctx->default_cert).
192                  * Now we don't look at the SSL_CTX's CERT after having
193                  * duplicated it once. */
194
195                 s->cert = ssl_cert_dup(ctx->cert);
196                 if (s->cert == NULL)
197                         goto err;
198                 }
199         else
200                 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
201         s->sid_ctx_length=ctx->sid_ctx_length;
202         memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
203         s->verify_mode=ctx->verify_mode;
204         s->verify_depth=ctx->verify_depth;
205         s->verify_callback=ctx->default_verify_callback;
206         s->purpose = ctx->purpose;
207         s->trust = ctx->trust;
208         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
209         s->ctx=ctx;
210
211         s->verify_result=X509_V_OK;
212
213         s->method=ctx->method;
214
215         if (!s->method->ssl_new(s))
216                 goto err;
217
218         s->quiet_shutdown=ctx->quiet_shutdown;
219         s->references=1;
220         s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
221         s->options=ctx->options;
222         s->mode=ctx->mode;
223         SSL_clear(s);
224
225         CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
226
227         return(s);
228 err:
229         if (s != NULL)
230                 {
231                 if (s->cert != NULL)
232                         ssl_cert_free(s->cert);
233                 if (s->ctx != NULL)
234                         SSL_CTX_free(s->ctx); /* decrement reference count */
235                 Free(s);
236                 }
237         SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
238         return(NULL);
239         }
240
241 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
242                                    unsigned int sid_ctx_len)
243     {
244     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
245         {
246         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
247         return 0;
248         }
249     ctx->sid_ctx_length=sid_ctx_len;
250     memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
251
252     return 1;
253     }
254
255 int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
256                                unsigned int sid_ctx_len)
257     {
258     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
259         {
260         SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
261         return 0;
262         }
263     ssl->sid_ctx_length=sid_ctx_len;
264     memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
265
266     return 1;
267     }
268
269 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
270 {
271         if(X509_PURPOSE_get_by_id(purpose) == -1) {
272                 SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
273                 return 0;
274         }
275         s->purpose = purpose;
276         return 1;
277 }
278
279 int SSL_set_purpose(SSL *s, int purpose)
280 {
281         if(X509_PURPOSE_get_by_id(purpose) == -1) {
282                 SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
283                 return 0;
284         }
285         s->purpose = purpose;
286         return 1;
287 }
288         
289 int SSL_CTX_set_trust(SSL_CTX *s, int trust)
290 {
291         if(X509_TRUST_get_by_id(trust) == -1) {
292                 SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
293                 return 0;
294         }
295         s->trust = trust;
296         return 1;
297 }
298
299 int SSL_set_trust(SSL *s, int trust)
300 {
301         if(X509_TRUST_get_by_id(trust) == -1) {
302                 SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
303                 return 0;
304         }
305         s->trust = trust;
306         return 1;
307 }
308
309 void SSL_free(SSL *s)
310         {
311         int i;
312
313         if(s == NULL)
314             return;
315
316         i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
317 #ifdef REF_PRINT
318         REF_PRINT("SSL",s);
319 #endif
320         if (i > 0) return;
321 #ifdef REF_CHECK
322         if (i < 0)
323                 {
324                 fprintf(stderr,"SSL_free, bad reference count\n");
325                 abort(); /* ok */
326                 }
327 #endif
328
329         CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
330
331         if (s->bbio != NULL)
332                 {
333                 /* If the buffering BIO is in place, pop it off */
334                 if (s->bbio == s->wbio)
335                         {
336                         s->wbio=BIO_pop(s->wbio);
337                         }
338                 BIO_free(s->bbio);
339                 s->bbio=NULL;
340                 }
341         if (s->rbio != NULL)
342                 BIO_free_all(s->rbio);
343         if ((s->wbio != NULL) && (s->wbio != s->rbio))
344                 BIO_free_all(s->wbio);
345
346         if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
347
348         /* add extra stuff */
349         if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
350         if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
351
352         /* Make the next call work :-) */
353         if (s->session != NULL)
354                 {
355                 ssl_clear_bad_session(s);
356                 SSL_SESSION_free(s->session);
357                 }
358
359         ssl_clear_cipher_ctx(s);
360
361         if (s->cert != NULL) ssl_cert_free(s->cert);
362         /* Free up if allocated */
363
364         if (s->ctx) SSL_CTX_free(s->ctx);
365
366         if (s->client_CA != NULL)
367                 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
368
369         if (s->method != NULL) s->method->ssl_free(s);
370
371         Free((char *)s);
372         }
373
374 void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
375         {
376         /* If the output buffering BIO is still in place, remove it
377          */
378         if (s->bbio != NULL)
379                 {
380                 if (s->wbio == s->bbio)
381                         {
382                         s->wbio=s->wbio->next_bio;
383                         s->bbio->next_bio=NULL;
384                         }
385                 }
386         if ((s->rbio != NULL) && (s->rbio != rbio))
387                 BIO_free_all(s->rbio);
388         if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
389                 BIO_free_all(s->wbio);
390         s->rbio=rbio;
391         s->wbio=wbio;
392         }
393
394 BIO *SSL_get_rbio(SSL *s)
395         { return(s->rbio); }
396
397 BIO *SSL_get_wbio(SSL *s)
398         { return(s->wbio); }
399
400 int SSL_get_fd(SSL *s)
401         {
402         int ret= -1;
403         BIO *b,*r;
404
405         b=SSL_get_rbio(s);
406         r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
407         if (r != NULL)
408                 BIO_get_fd(r,&ret);
409         return(ret);
410         }
411
412 #ifndef NO_SOCK
413 int SSL_set_fd(SSL *s,int fd)
414         {
415         int ret=0;
416         BIO *bio=NULL;
417
418         bio=BIO_new(BIO_s_socket());
419
420         if (bio == NULL)
421                 {
422                 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
423                 goto err;
424                 }
425         BIO_set_fd(bio,fd,BIO_NOCLOSE);
426         SSL_set_bio(s,bio,bio);
427         ret=1;
428 err:
429         return(ret);
430         }
431
432 int SSL_set_wfd(SSL *s,int fd)
433         {
434         int ret=0;
435         BIO *bio=NULL;
436
437         if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
438                 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
439                 {
440                 bio=BIO_new(BIO_s_socket());
441
442                 if (bio == NULL)
443                         { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
444                 BIO_set_fd(bio,fd,BIO_NOCLOSE);
445                 SSL_set_bio(s,SSL_get_rbio(s),bio);
446                 }
447         else
448                 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
449         ret=1;
450 err:
451         return(ret);
452         }
453
454 int SSL_set_rfd(SSL *s,int fd)
455         {
456         int ret=0;
457         BIO *bio=NULL;
458
459         if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
460                 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
461                 {
462                 bio=BIO_new(BIO_s_socket());
463
464                 if (bio == NULL)
465                         {
466                         SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
467                         goto err;
468                         }
469                 BIO_set_fd(bio,fd,BIO_NOCLOSE);
470                 SSL_set_bio(s,bio,SSL_get_wbio(s));
471                 }
472         else
473                 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
474         ret=1;
475 err:
476         return(ret);
477         }
478 #endif
479
480 int SSL_get_verify_mode(SSL *s)
481         {
482         return(s->verify_mode);
483         }
484
485 int SSL_get_verify_depth(SSL *s)
486         {
487         return(s->verify_depth);
488         }
489
490 int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
491         {
492         return(s->verify_callback);
493         }
494
495 int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
496         {
497         return(ctx->verify_mode);
498         }
499
500 int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
501         {
502         return(ctx->verify_depth);
503         }
504
505 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
506         {
507         return(ctx->default_verify_callback);
508         }
509
510 void SSL_set_verify(SSL *s,int mode,
511                     int (*callback)(int ok,X509_STORE_CTX *ctx))
512         {
513         s->verify_mode=mode;
514         if (callback != NULL)
515                 s->verify_callback=callback;
516         }
517
518 void SSL_set_verify_depth(SSL *s,int depth)
519         {
520         s->verify_depth=depth;
521         }
522
523 void SSL_set_read_ahead(SSL *s,int yes)
524         {
525         s->read_ahead=yes;
526         }
527
528 int SSL_get_read_ahead(SSL *s)
529         {
530         return(s->read_ahead);
531         }
532
533 int SSL_pending(SSL *s)
534         {
535         return(s->method->ssl_pending(s));
536         }
537
538 X509 *SSL_get_peer_certificate(SSL *s)
539         {
540         X509 *r;
541         
542         if ((s == NULL) || (s->session == NULL))
543                 r=NULL;
544         else
545                 r=s->session->peer;
546
547         if (r == NULL) return(r);
548
549         CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
550
551         return(r);
552         }
553
554 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
555         {
556         STACK_OF(X509) *r;
557         
558         if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
559                 r=NULL;
560         else
561                 r=s->session->sess_cert->cert_chain;
562
563         return(r);
564         }
565
566 /* Now in theory, since the calling process own 't' it should be safe to
567  * modify.  We need to be able to read f without being hassled */
568 void SSL_copy_session_id(SSL *t,SSL *f)
569         {
570         CERT *tmp;
571
572         /* Do we need to to SSL locking? */
573         SSL_set_session(t,SSL_get_session(f));
574
575         /* what if we are setup as SSLv2 but want to talk SSLv3 or
576          * vice-versa */
577         if (t->method != f->method)
578                 {
579                 t->method->ssl_free(t); /* cleanup current */
580                 t->method=f->method;    /* change method */
581                 t->method->ssl_new(t);  /* setup new */
582                 }
583
584         tmp=t->cert;
585         if (f->cert != NULL)
586                 {
587                 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
588                 t->cert=f->cert;
589                 }
590         else
591                 t->cert=NULL;
592         if (tmp != NULL) ssl_cert_free(tmp);
593         SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
594         }
595
596 /* Fix this so it checks all the valid key/cert options */
597 int SSL_CTX_check_private_key(SSL_CTX *ctx)
598         {
599         if (    (ctx == NULL) ||
600                 (ctx->cert == NULL) ||
601                 (ctx->cert->key->x509 == NULL))
602                 {
603                 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
604                 return(0);
605                 }
606         if      (ctx->cert->key->privatekey == NULL)
607                 {
608                 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
609                 return(0);
610                 }
611         return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
612         }
613
614 /* Fix this function so that it takes an optional type parameter */
615 int SSL_check_private_key(SSL *ssl)
616         {
617         if (ssl == NULL)
618                 {
619                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
620                 return(0);
621                 }
622         if (ssl->cert == NULL)
623                 {
624                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
625                 return 0;
626                 }
627         if (ssl->cert->key->x509 == NULL)
628                 {
629                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
630                 return(0);
631                 }
632         if (ssl->cert->key->privatekey == NULL)
633                 {
634                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
635                 return(0);
636                 }
637         return(X509_check_private_key(ssl->cert->key->x509,
638                 ssl->cert->key->privatekey));
639         }
640
641 int SSL_accept(SSL *s)
642         {
643         if (s->handshake_func == 0)
644                 /* Not properly initialized yet */
645                 SSL_set_accept_state(s);
646
647         return(s->method->ssl_accept(s));
648         }
649
650 int SSL_connect(SSL *s)
651         {
652         if (s->handshake_func == 0)
653                 /* Not properly initialized yet */
654                 SSL_set_connect_state(s);
655
656         return(s->method->ssl_connect(s));
657         }
658
659 long SSL_get_default_timeout(SSL *s)
660         {
661         return(s->method->get_timeout());
662         }
663
664 int SSL_read(SSL *s,char *buf,int num)
665         {
666         if (s->handshake_func == 0)
667                 {
668                 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
669                 return -1;
670                 }
671
672         if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
673                 {
674                 s->rwstate=SSL_NOTHING;
675                 return(0);
676                 }
677         return(s->method->ssl_read(s,buf,num));
678         }
679
680 int SSL_peek(SSL *s,char *buf,int num)
681         {
682         if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
683                 {
684                 return(0);
685                 }
686         return(s->method->ssl_peek(s,buf,num));
687         }
688
689 int SSL_write(SSL *s,const char *buf,int num)
690         {
691         if (s->handshake_func == 0)
692                 {
693                 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
694                 return -1;
695                 }
696
697         if (s->shutdown & SSL_SENT_SHUTDOWN)
698                 {
699                 s->rwstate=SSL_NOTHING;
700                 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
701                 return(-1);
702                 }
703         return(s->method->ssl_write(s,buf,num));
704         }
705
706 int SSL_shutdown(SSL *s)
707         {
708         /* Note that this function behaves differently from what one might
709          * expect.  Return values are 0 for no success (yet),
710          * 1 for success; but calling it once is usually not enough,
711          * even if blocking I/O is used (see ssl3_shutdown).
712          */
713
714         if (s->handshake_func == 0)
715                 {
716                 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
717                 return -1;
718                 }
719
720         if ((s != NULL) && !SSL_in_init(s))
721                 return(s->method->ssl_shutdown(s));
722         else
723                 return(1);
724         }
725
726 int SSL_renegotiate(SSL *s)
727         {
728         s->new_session=1;
729         return(s->method->ssl_renegotiate(s));
730         }
731
732 long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
733         {
734         long l;
735
736         switch (cmd)
737                 {
738         case SSL_CTRL_GET_READ_AHEAD:
739                 return(s->read_ahead);
740         case SSL_CTRL_SET_READ_AHEAD:
741                 l=s->read_ahead;
742                 s->read_ahead=larg;
743                 return(l);
744         case SSL_CTRL_OPTIONS:
745                 return(s->options|=larg);
746         case SSL_CTRL_MODE:
747                 return(s->mode|=larg);
748         default:
749                 return(s->method->ssl_ctrl(s,cmd,larg,parg));
750                 }
751         }
752
753 long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
754         {
755         long l;
756
757         switch (cmd)
758                 {
759         case SSL_CTRL_GET_READ_AHEAD:
760                 return(ctx->read_ahead);
761         case SSL_CTRL_SET_READ_AHEAD:
762                 l=ctx->read_ahead;
763                 ctx->read_ahead=larg;
764                 return(l);
765
766         case SSL_CTRL_SET_SESS_CACHE_SIZE:
767                 l=ctx->session_cache_size;
768                 ctx->session_cache_size=larg;
769                 return(l);
770         case SSL_CTRL_GET_SESS_CACHE_SIZE:
771                 return(ctx->session_cache_size);
772         case SSL_CTRL_SET_SESS_CACHE_MODE:
773                 l=ctx->session_cache_mode;
774                 ctx->session_cache_mode=larg;
775                 return(l);
776         case SSL_CTRL_GET_SESS_CACHE_MODE:
777                 return(ctx->session_cache_mode);
778
779         case SSL_CTRL_SESS_NUMBER:
780                 return(ctx->sessions->num_items);
781         case SSL_CTRL_SESS_CONNECT:
782                 return(ctx->stats.sess_connect);
783         case SSL_CTRL_SESS_CONNECT_GOOD:
784                 return(ctx->stats.sess_connect_good);
785         case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
786                 return(ctx->stats.sess_connect_renegotiate);
787         case SSL_CTRL_SESS_ACCEPT:
788                 return(ctx->stats.sess_accept);
789         case SSL_CTRL_SESS_ACCEPT_GOOD:
790                 return(ctx->stats.sess_accept_good);
791         case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
792                 return(ctx->stats.sess_accept_renegotiate);
793         case SSL_CTRL_SESS_HIT:
794                 return(ctx->stats.sess_hit);
795         case SSL_CTRL_SESS_CB_HIT:
796                 return(ctx->stats.sess_cb_hit);
797         case SSL_CTRL_SESS_MISSES:
798                 return(ctx->stats.sess_miss);
799         case SSL_CTRL_SESS_TIMEOUTS:
800                 return(ctx->stats.sess_timeout);
801         case SSL_CTRL_SESS_CACHE_FULL:
802                 return(ctx->stats.sess_cache_full);
803         case SSL_CTRL_OPTIONS:
804                 return(ctx->options|=larg);
805         case SSL_CTRL_MODE:
806                 return(ctx->mode|=larg);
807         default:
808                 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
809                 }
810         }
811
812 int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
813         {
814         long l;
815
816         l=a->id-b->id;
817         if (l == 0L)
818                 return(0);
819         else
820                 return((l > 0)?1:-1);
821         }
822
823 int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
824         {
825         long l;
826
827         l=(*ap)->id-(*bp)->id;
828         if (l == 0L)
829                 return(0);
830         else
831                 return((l > 0)?1:-1);
832         }
833
834 /** return a STACK of the ciphers available for the SSL and in order of
835  * preference */
836 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
837         {
838         if ((s != NULL) && (s->cipher_list != NULL))
839                 {
840                 return(s->cipher_list);
841                 }
842         else if ((s->ctx != NULL) &&
843                 (s->ctx->cipher_list != NULL))
844                 {
845                 return(s->ctx->cipher_list);
846                 }
847         return(NULL);
848         }
849
850 /** return a STACK of the ciphers available for the SSL and in order of
851  * algorithm id */
852 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
853         {
854         if ((s != NULL) && (s->cipher_list_by_id != NULL))
855                 {
856                 return(s->cipher_list_by_id);
857                 }
858         else if ((s != NULL) && (s->ctx != NULL) &&
859                 (s->ctx->cipher_list_by_id != NULL))
860                 {
861                 return(s->ctx->cipher_list_by_id);
862                 }
863         return(NULL);
864         }
865
866 /** The old interface to get the same thing as SSL_get_ciphers() */
867 const char *SSL_get_cipher_list(SSL *s,int n)
868         {
869         SSL_CIPHER *c;
870         STACK_OF(SSL_CIPHER) *sk;
871
872         if (s == NULL) return(NULL);
873         sk=SSL_get_ciphers(s);
874         if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
875                 return(NULL);
876         c=sk_SSL_CIPHER_value(sk,n);
877         if (c == NULL) return(NULL);
878         return(c->name);
879         }
880
881 /** specify the ciphers to be used by defaut by the SSL_CTX */
882 int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
883         {
884         STACK_OF(SSL_CIPHER) *sk;
885         
886         sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
887                 &ctx->cipher_list_by_id,str);
888 /* XXXX */
889         return((sk == NULL)?0:1);
890         }
891
892 /** specify the ciphers to be used by the SSL */
893 int SSL_set_cipher_list(SSL *s,char *str)
894         {
895         STACK_OF(SSL_CIPHER) *sk;
896         
897         sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
898                 &s->cipher_list_by_id,str);
899 /* XXXX */
900         return((sk == NULL)?0:1);
901         }
902
903 /* works well for SSLv2, not so good for SSLv3 */
904 char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
905         {
906         char *p;
907         const char *cp;
908         STACK_OF(SSL_CIPHER) *sk;
909         SSL_CIPHER *c;
910         int i;
911
912         if ((s->session == NULL) || (s->session->ciphers == NULL) ||
913                 (len < 2))
914                 return(NULL);
915
916         p=buf;
917         sk=s->session->ciphers;
918         for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
919                 {
920                 /* Decrement for either the ':' or a '\0' */
921                 len--;
922                 c=sk_SSL_CIPHER_value(sk,i);
923                 for (cp=c->name; *cp; )
924                         {
925                         if (len-- == 0)
926                                 {
927                                 *p='\0';
928                                 return(buf);
929                                 }
930                         else
931                                 *(p++)= *(cp++);
932                         }
933                 *(p++)=':';
934                 }
935         p[-1]='\0';
936         return(buf);
937         }
938
939 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
940         {
941         int i,j=0;
942         SSL_CIPHER *c;
943         unsigned char *q;
944
945         if (sk == NULL) return(0);
946         q=p;
947
948         for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
949                 {
950                 c=sk_SSL_CIPHER_value(sk,i);
951                 j=ssl_put_cipher_by_char(s,c,p);
952                 p+=j;
953                 }
954         return(p-q);
955         }
956
957 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
958                                                STACK_OF(SSL_CIPHER) **skp)
959         {
960         SSL_CIPHER *c;
961         STACK_OF(SSL_CIPHER) *sk;
962         int i,n;
963
964         n=ssl_put_cipher_by_char(s,NULL,NULL);
965         if ((num%n) != 0)
966                 {
967                 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
968                 return(NULL);
969                 }
970         if ((skp == NULL) || (*skp == NULL))
971                 sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
972         else
973                 {
974                 sk= *skp;
975                 sk_SSL_CIPHER_zero(sk);
976                 }
977
978         for (i=0; i<num; i+=n)
979                 {
980                 c=ssl_get_cipher_by_char(s,p);
981                 p+=n;
982                 if (c != NULL)
983                         {
984                         if (!sk_SSL_CIPHER_push(sk,c))
985                                 {
986                                 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
987                                 goto err;
988                                 }
989                         }
990                 }
991
992         if (skp != NULL)
993                 *skp=sk;
994         return(sk);
995 err:
996         if ((skp == NULL) || (*skp == NULL))
997                 sk_SSL_CIPHER_free(sk);
998         return(NULL);
999         }
1000
1001 unsigned long SSL_SESSION_hash(SSL_SESSION *a)
1002         {
1003         unsigned long l;
1004
1005         l=(unsigned long)
1006                 ((unsigned int) a->session_id[0]     )|
1007                 ((unsigned int) a->session_id[1]<< 8L)|
1008                 ((unsigned long)a->session_id[2]<<16L)|
1009                 ((unsigned long)a->session_id[3]<<24L);
1010         return(l);
1011         }
1012
1013 int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
1014         {
1015         if (a->ssl_version != b->ssl_version)
1016                 return(1);
1017         if (a->session_id_length != b->session_id_length)
1018                 return(1);
1019         return(memcmp(a->session_id,b->session_id,a->session_id_length));
1020         }
1021
1022 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1023         {
1024         SSL_CTX *ret=NULL;
1025         
1026         if (meth == NULL)
1027                 {
1028                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1029                 return(NULL);
1030                 }
1031
1032         if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1033                 {
1034                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1035                 goto err;
1036                 }
1037         ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
1038         if (ret == NULL)
1039                 goto err;
1040
1041         memset(ret,0,sizeof(SSL_CTX));
1042
1043         ret->method=meth;
1044
1045         ret->cert_store=NULL;
1046         ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1047         ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1048         ret->session_cache_head=NULL;
1049         ret->session_cache_tail=NULL;
1050
1051         /* We take the system default */
1052         ret->session_timeout=meth->get_timeout();
1053
1054         ret->new_session_cb=NULL;
1055         ret->remove_session_cb=NULL;
1056         ret->get_session_cb=NULL;
1057
1058         memset((char *)&ret->stats,0,sizeof(ret->stats));
1059
1060         ret->references=1;
1061         ret->quiet_shutdown=0;
1062
1063 /*      ret->cipher=NULL;*/
1064 /*      ret->s2->challenge=NULL;
1065         ret->master_key=NULL;
1066         ret->key_arg=NULL;
1067         ret->s2->conn_id=NULL; */
1068
1069         ret->info_callback=NULL;
1070
1071         ret->app_verify_callback=NULL;
1072         ret->app_verify_arg=NULL;
1073
1074         ret->read_ahead=0;
1075         ret->verify_mode=SSL_VERIFY_NONE;
1076         ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1077         ret->default_verify_callback=NULL;
1078         if ((ret->cert=ssl_cert_new()) == NULL)
1079                 goto err;
1080
1081         ret->default_passwd_callback=NULL;
1082         ret->default_passwd_callback_userdata=NULL;
1083         ret->client_cert_cb=NULL;
1084
1085         ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
1086         if (ret->sessions == NULL) goto err;
1087         ret->cert_store=X509_STORE_new();
1088         if (ret->cert_store == NULL) goto err;
1089
1090         ssl_create_cipher_list(ret->method,
1091                 &ret->cipher_list,&ret->cipher_list_by_id,
1092                 SSL_DEFAULT_CIPHER_LIST);
1093         if (ret->cipher_list == NULL
1094             || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1095                 {
1096                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1097                 goto err2;
1098                 }
1099
1100         if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1101                 {
1102                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1103                 goto err2;
1104                 }
1105         if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1106                 {
1107                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1108                 goto err2;
1109                 }
1110         if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1111                 {
1112                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1113                 goto err2;
1114                 }
1115
1116         if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1117                 goto err;
1118
1119         CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
1120
1121         ret->extra_certs=NULL;
1122         ret->comp_methods=SSL_COMP_get_compression_methods();
1123
1124         return(ret);
1125 err:
1126         SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1127 err2:
1128         if (ret != NULL) SSL_CTX_free(ret);
1129         return(NULL);
1130         }
1131
1132 static void SSL_COMP_free(SSL_COMP *comp)
1133     { Free(comp); }
1134
1135 void SSL_CTX_free(SSL_CTX *a)
1136         {
1137         int i;
1138
1139         if (a == NULL) return;
1140
1141         i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1142 #ifdef REF_PRINT
1143         REF_PRINT("SSL_CTX",a);
1144 #endif
1145         if (i > 0) return;
1146 #ifdef REF_CHECK
1147         if (i < 0)
1148                 {
1149                 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1150                 abort(); /* ok */
1151                 }
1152 #endif
1153         CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
1154
1155         if (a->sessions != NULL)
1156                 {
1157                 SSL_CTX_flush_sessions(a,0);
1158                 lh_free(a->sessions);
1159                 }
1160         if (a->cert_store != NULL)
1161                 X509_STORE_free(a->cert_store);
1162         if (a->cipher_list != NULL)
1163                 sk_SSL_CIPHER_free(a->cipher_list);
1164         if (a->cipher_list_by_id != NULL)
1165                 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1166         if (a->cert != NULL)
1167                 ssl_cert_free(a->cert);
1168         if (a->client_CA != NULL)
1169                 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1170         if (a->extra_certs != NULL)
1171                 sk_X509_pop_free(a->extra_certs,X509_free);
1172         if (a->comp_methods != NULL)
1173                 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1174         Free((char *)a);
1175         }
1176
1177 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1178         {
1179         ctx->default_passwd_callback=cb;
1180         }
1181
1182 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1183         {
1184         ctx->default_passwd_callback_userdata=u;
1185         }
1186
1187 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
1188         {
1189         /* now
1190          *     int (*cb)(X509_STORE_CTX *),
1191          * but should be
1192          *     int (*cb)(X509_STORE_CTX *, void *arg)
1193          */
1194         ctx->app_verify_callback=cb;
1195         ctx->app_verify_arg=arg; /* never used */
1196         }
1197
1198 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1199         {
1200         ctx->verify_mode=mode;
1201         ctx->default_verify_callback=cb;
1202         /* This needs cleaning up EAY EAY EAY */
1203         X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1204         }
1205
1206 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1207         {
1208         ctx->verify_depth=depth;
1209         }
1210
1211 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1212         {
1213         CERT_PKEY *cpk;
1214         int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1215         int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1216         int rsa_tmp_export,dh_tmp_export,kl;
1217         unsigned long mask,emask;
1218
1219         if (c == NULL) return;
1220
1221         kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1222
1223 #ifndef NO_RSA
1224         rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1225         rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1226                 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1227 #else
1228         rsa_tmp=rsa_tmp_export=0;
1229 #endif
1230 #ifndef NO_DH
1231         dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1232         dh_tmp_export=(c->dh_tmp_cb != NULL ||
1233                 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1234 #else
1235         dh_tmp=dh_tmp_export=0;
1236 #endif
1237
1238         cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1239         rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1240         rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1241         cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1242         rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1243         cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1244         dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1245         cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1246         dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
1247         dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1248         cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1249 /* FIX THIS EAY EAY EAY */
1250         dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
1251         dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1252
1253         mask=0;
1254         emask=0;
1255
1256 #ifdef CIPHER_DEBUG
1257         printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1258                 rsa_tmp,rsa_tmp_export,dh_tmp,
1259                 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1260 #endif
1261
1262         if (rsa_enc || (rsa_tmp && rsa_sign))
1263                 mask|=SSL_kRSA;
1264         if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1265                 emask|=SSL_kRSA;
1266
1267 #if 0
1268         /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1269         if (    (dh_tmp || dh_rsa || dh_dsa) && 
1270                 (rsa_enc || rsa_sign || dsa_sign))
1271                 mask|=SSL_kEDH;
1272         if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1273                 (rsa_enc || rsa_sign || dsa_sign))
1274                 emask|=SSL_kEDH;
1275 #endif
1276
1277         if (dh_tmp_export) 
1278                 emask|=SSL_kEDH;
1279
1280         if (dh_tmp)
1281                 mask|=SSL_kEDH;
1282
1283         if (dh_rsa) mask|=SSL_kDHr;
1284         if (dh_rsa_export) emask|=SSL_kDHr;
1285
1286         if (dh_dsa) mask|=SSL_kDHd;
1287         if (dh_dsa_export) emask|=SSL_kDHd;
1288
1289         if (rsa_enc || rsa_sign)
1290                 {
1291                 mask|=SSL_aRSA;
1292                 emask|=SSL_aRSA;
1293                 }
1294
1295         if (dsa_sign)
1296                 {
1297                 mask|=SSL_aDSS;
1298                 emask|=SSL_aDSS;
1299                 }
1300
1301 #ifdef SSL_ALLOW_ADH
1302         mask|=SSL_aNULL;
1303         emask|=SSL_aNULL;
1304 #endif
1305
1306         c->mask=mask;
1307         c->export_mask=emask;
1308         c->valid=1;
1309         }
1310
1311 /* THIS NEEDS CLEANING UP */
1312 X509 *ssl_get_server_send_cert(SSL *s)
1313         {
1314         unsigned long alg,mask,kalg;
1315         CERT *c;
1316         int i,is_export;
1317
1318         c=s->cert;
1319         ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1320         alg=s->s3->tmp.new_cipher->algorithms;
1321         is_export=SSL_IS_EXPORT(alg);
1322         mask=is_export?c->export_mask:c->mask;
1323         kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1324
1325         if      (kalg & SSL_kDHr)
1326                 i=SSL_PKEY_DH_RSA;
1327         else if (kalg & SSL_kDHd)
1328                 i=SSL_PKEY_DH_DSA;
1329         else if (kalg & SSL_aDSS)
1330                 i=SSL_PKEY_DSA_SIGN;
1331         else if (kalg & SSL_aRSA)
1332                 {
1333                 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1334                         i=SSL_PKEY_RSA_SIGN;
1335                 else
1336                         i=SSL_PKEY_RSA_ENC;
1337                 }
1338         else /* if (kalg & SSL_aNULL) */
1339                 {
1340                 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
1341                 return(NULL);
1342                 }
1343         if (c->pkeys[i].x509 == NULL) return(NULL);
1344         return(c->pkeys[i].x509);
1345         }
1346
1347 EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1348         {
1349         unsigned long alg;
1350         CERT *c;
1351
1352         alg=cipher->algorithms;
1353         c=s->cert;
1354
1355         if ((alg & SSL_aDSS) &&
1356                 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1357                 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1358         else if (alg & SSL_aRSA)
1359                 {
1360                 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1361                         return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1362                 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1363                         return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1364                 else
1365                         return(NULL);
1366                 }
1367         else /* if (alg & SSL_aNULL) */
1368                 {
1369                 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
1370                 return(NULL);
1371                 }
1372         }
1373
1374 void ssl_update_cache(SSL *s,int mode)
1375         {
1376         int i;
1377
1378         /* If the session_id_length is 0, we are not supposed to cache it,
1379          * and it would be rather hard to do anyway :-) */
1380         if (s->session->session_id_length == 0) return;
1381
1382         if ((s->ctx->session_cache_mode & mode)
1383                 && (!s->hit)
1384                 && SSL_CTX_add_session(s->ctx,s->session)
1385                 && (s->ctx->new_session_cb != NULL))
1386                 {
1387                 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1388                 if (!s->ctx->new_session_cb(s,s->session))
1389                         SSL_SESSION_free(s->session);
1390                 }
1391
1392         /* auto flush every 255 connections */
1393         i=s->ctx->session_cache_mode;
1394         if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1395                 ((i & mode) == mode))
1396                 {
1397                 if (  (((mode & SSL_SESS_CACHE_CLIENT)
1398                         ?s->ctx->stats.sess_connect_good
1399                         :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1400                         {
1401                         SSL_CTX_flush_sessions(s->ctx,time(NULL));
1402                         }
1403                 }
1404         }
1405
1406 SSL_METHOD *SSL_get_ssl_method(SSL *s)
1407         {
1408         return(s->method);
1409         }
1410
1411 int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
1412         {
1413         int conn= -1;
1414         int ret=1;
1415
1416         if (s->method != meth)
1417                 {
1418                 if (s->handshake_func != NULL)
1419                         conn=(s->handshake_func == s->method->ssl_connect);
1420
1421                 if (s->method->version == meth->version)
1422                         s->method=meth;
1423                 else
1424                         {
1425                         s->method->ssl_free(s);
1426                         s->method=meth;
1427                         ret=s->method->ssl_new(s);
1428                         }
1429
1430                 if (conn == 1)
1431                         s->handshake_func=meth->ssl_connect;
1432                 else if (conn == 0)
1433                         s->handshake_func=meth->ssl_accept;
1434                 }
1435         return(ret);
1436         }
1437
1438 int SSL_get_error(SSL *s,int i)
1439         {
1440         int reason;
1441         unsigned long l;
1442         BIO *bio;
1443
1444         if (i > 0) return(SSL_ERROR_NONE);
1445
1446         /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
1447          * etc, where we do encode the error */
1448         if ((l=ERR_peek_error()) != 0)
1449                 {
1450                 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
1451                         return(SSL_ERROR_SYSCALL);
1452                 else
1453                         return(SSL_ERROR_SSL);
1454                 }
1455
1456         if ((i < 0) && SSL_want_read(s))
1457                 {
1458                 bio=SSL_get_rbio(s);
1459                 if (BIO_should_read(bio))
1460                         return(SSL_ERROR_WANT_READ);
1461                 else if (BIO_should_write(bio))
1462                         /* This one doesn't make too much sense ... We never try
1463                          * to write to the rbio, and an application program where
1464                          * rbio and wbio are separate couldn't even know what it
1465                          * should wait for.
1466                          * However if we ever set s->rwstate incorrectly
1467                          * (so that we have SSL_want_read(s) instead of
1468                          * SSL_want_write(s)) and rbio and wbio *are* the same,
1469                          * this test works around that bug; so it might be safer
1470                          * to keep it. */
1471                         return(SSL_ERROR_WANT_WRITE);
1472                 else if (BIO_should_io_special(bio))
1473                         {
1474                         reason=BIO_get_retry_reason(bio);
1475                         if (reason == BIO_RR_CONNECT)
1476                                 return(SSL_ERROR_WANT_CONNECT);
1477                         else
1478                                 return(SSL_ERROR_SYSCALL); /* unknown */
1479                         }
1480                 }
1481
1482         if ((i < 0) && SSL_want_write(s))
1483                 {
1484                 bio=SSL_get_wbio(s);
1485                 if (BIO_should_write(bio))
1486                         return(SSL_ERROR_WANT_WRITE);
1487                 else if (BIO_should_read(bio))
1488                         /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
1489                         return(SSL_ERROR_WANT_READ);
1490                 else if (BIO_should_io_special(bio))
1491                         {
1492                         reason=BIO_get_retry_reason(bio);
1493                         if (reason == BIO_RR_CONNECT)
1494                                 return(SSL_ERROR_WANT_CONNECT);
1495                         else
1496                                 return(SSL_ERROR_SYSCALL);
1497                         }
1498                 }
1499         if ((i < 0) && SSL_want_x509_lookup(s))
1500                 {
1501                 return(SSL_ERROR_WANT_X509_LOOKUP);
1502                 }
1503
1504         if (i == 0)
1505                 {
1506                 if (s->version == SSL2_VERSION)
1507                         {
1508                         /* assume it is the socket being closed */
1509                         return(SSL_ERROR_ZERO_RETURN);
1510                         }
1511                 else
1512                         {
1513                         if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1514                                 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
1515                                 return(SSL_ERROR_ZERO_RETURN);
1516                         }
1517                 }
1518         return(SSL_ERROR_SYSCALL);
1519         }
1520
1521 int SSL_do_handshake(SSL *s)
1522         {
1523         int ret=1;
1524
1525         if (s->handshake_func == NULL)
1526                 {
1527                 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1528                 return(-1);
1529                 }
1530
1531         s->method->ssl_renegotiate_check(s);
1532
1533         if (SSL_in_init(s) || SSL_in_before(s))
1534                 {
1535                 ret=s->handshake_func(s);
1536                 }
1537         return(ret);
1538         }
1539
1540 /* For the next 2 functions, SSL_clear() sets shutdown and so
1541  * one of these calls will reset it */
1542 void SSL_set_accept_state(SSL *s)
1543         {
1544         s->server=1;
1545         s->shutdown=0;
1546         s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1547         s->handshake_func=s->method->ssl_accept;
1548         /* clear the current cipher */
1549         ssl_clear_cipher_ctx(s);
1550         }
1551
1552 void SSL_set_connect_state(SSL *s)
1553         {
1554         s->server=0;
1555         s->shutdown=0;
1556         s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1557         s->handshake_func=s->method->ssl_connect;
1558         /* clear the current cipher */
1559         ssl_clear_cipher_ctx(s);
1560         }
1561
1562 int ssl_undefined_function(SSL *s)
1563         {
1564         SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1565         return(0);
1566         }
1567
1568 SSL_METHOD *ssl_bad_method(int ver)
1569         {
1570         SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1571         return(NULL);
1572         }
1573
1574 char *SSL_get_version(SSL *s)
1575         {
1576         if (s->version == TLS1_VERSION)
1577                 return("TLSv1");
1578         else if (s->version == SSL3_VERSION)
1579                 return("SSLv3");
1580         else if (s->version == SSL2_VERSION)
1581                 return("SSLv2");
1582         else
1583                 return("unknown");
1584         }
1585
1586 SSL *SSL_dup(SSL *s)
1587         {
1588         STACK_OF(X509_NAME) *sk;
1589         X509_NAME *xn;
1590         SSL *ret;
1591         int i;
1592                  
1593         if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
1594             return(NULL);
1595                           
1596         if (s->session != NULL)
1597                 {
1598                 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
1599                 SSL_copy_session_id(ret,s);
1600                 }
1601         else
1602                 {
1603                 /* No session has been established yet, so we have to expect
1604                  * that s->cert or ret->cert will be changed later --
1605                  * they should not both point to the same object,
1606                  * and thus we can't use SSL_copy_session_id. */
1607
1608                 ret->method = s->method;
1609                 ret->method->ssl_new(ret);
1610
1611                 if (s->cert != NULL)
1612                         {
1613                         ret->cert = ssl_cert_dup(s->cert);
1614                         if (ret->cert == NULL)
1615                                 goto err;
1616                         }
1617                                 
1618                 SSL_set_session_id_context(ret,
1619                         s->sid_ctx, s->sid_ctx_length);
1620                 }
1621
1622         SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1623         SSL_set_verify(ret,SSL_get_verify_mode(s),
1624                 SSL_get_verify_callback(s));
1625         SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
1626
1627         SSL_set_info_callback(ret,SSL_get_info_callback(s));
1628         
1629         ret->debug=s->debug;
1630         ret->options=s->options;
1631
1632         /* copy app data, a little dangerous perhaps */
1633         if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
1634                 goto err;
1635
1636         /* setup rbio, and wbio */
1637         if (s->rbio != NULL)
1638                 {
1639                 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
1640                         goto err;
1641                 }
1642         if (s->wbio != NULL)
1643                 {
1644                 if (s->wbio != s->rbio)
1645                         {
1646                         if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
1647                                 goto err;
1648                         }
1649                 else
1650                         ret->wbio=ret->rbio;
1651                 }
1652
1653         /* dup the cipher_list and cipher_list_by_id stacks */
1654         if (s->cipher_list != NULL)
1655                 {
1656                 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
1657                         goto err;
1658                 }
1659         if (s->cipher_list_by_id != NULL)
1660                 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
1661                         == NULL)
1662                         goto err;
1663
1664         /* Dup the client_CA list */
1665         if (s->client_CA != NULL)
1666                 {
1667                 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
1668                 ret->client_CA=sk;
1669                 for (i=0; i<sk_X509_NAME_num(sk); i++)
1670                         {
1671                         xn=sk_X509_NAME_value(sk,i);
1672                         if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
1673                                 {
1674                                 X509_NAME_free(xn);
1675                                 goto err;
1676                                 }
1677                         }
1678                 }
1679
1680         ret->shutdown=s->shutdown;
1681         ret->state=s->state;
1682         ret->handshake_func=s->handshake_func;
1683         ret->server=s->server;
1684
1685         if (0)
1686                 {
1687 err:
1688                 if (ret != NULL) SSL_free(ret);
1689                 ret=NULL;
1690                 }
1691         return(ret);
1692         }
1693
1694 void ssl_clear_cipher_ctx(SSL *s)
1695         {
1696         if (s->enc_read_ctx != NULL)
1697                 {
1698                 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1699                 Free(s->enc_read_ctx);
1700                 s->enc_read_ctx=NULL;
1701                 }
1702         if (s->enc_write_ctx != NULL)
1703                 {
1704                 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1705                 Free(s->enc_write_ctx);
1706                 s->enc_write_ctx=NULL;
1707                 }
1708         if (s->expand != NULL)
1709                 {
1710                 COMP_CTX_free(s->expand);
1711                 s->expand=NULL;
1712                 }
1713         if (s->compress != NULL)
1714                 {
1715                 COMP_CTX_free(s->compress);
1716                 s->compress=NULL;
1717                 }
1718         }
1719
1720 /* Fix this function so that it takes an optional type parameter */
1721 X509 *SSL_get_certificate(SSL *s)
1722         {
1723         if (s->cert != NULL)
1724                 return(s->cert->key->x509);
1725         else
1726                 return(NULL);
1727         }
1728
1729 /* Fix this function so that it takes an optional type parameter */
1730 EVP_PKEY *SSL_get_privatekey(SSL *s)
1731         {
1732         if (s->cert != NULL)
1733                 return(s->cert->key->privatekey);
1734         else
1735                 return(NULL);
1736         }
1737
1738 SSL_CIPHER *SSL_get_current_cipher(SSL *s)
1739         {
1740         if ((s->session != NULL) && (s->session->cipher != NULL))
1741                 return(s->session->cipher);
1742         return(NULL);
1743         }
1744
1745 int ssl_init_wbio_buffer(SSL *s,int push)
1746         {
1747         BIO *bbio;
1748
1749         if (s->bbio == NULL)
1750                 {
1751                 bbio=BIO_new(BIO_f_buffer());
1752                 if (bbio == NULL) return(0);
1753                 s->bbio=bbio;
1754                 }
1755         else
1756                 {
1757                 bbio=s->bbio;
1758                 if (s->bbio == s->wbio)
1759                         s->wbio=BIO_pop(s->wbio);
1760                 }
1761         (void)BIO_reset(bbio);
1762 /*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1763         if (!BIO_set_read_buffer_size(bbio,1))
1764                 {
1765                 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
1766                 return(0);
1767                 }
1768         if (push)
1769                 {
1770                 if (s->wbio != bbio)
1771                         s->wbio=BIO_push(bbio,s->wbio);
1772                 }
1773         else
1774                 {
1775                 if (s->wbio == bbio)
1776                         s->wbio=BIO_pop(bbio);
1777                 }
1778         return(1);
1779         }
1780
1781 void ssl_free_wbio_buffer(SSL *s)
1782         {
1783         BIO *under;
1784
1785         if (s->bbio == NULL) return;
1786
1787         if (s->bbio == s->wbio)
1788                 {
1789                 /* remove buffering */
1790                 under=BIO_pop(s->wbio);
1791                 if (under != NULL)
1792                         s->wbio=under;
1793                 else
1794                         abort(); /* ok */
1795                 }
1796         BIO_free(s->bbio);
1797         s->bbio=NULL;
1798         }
1799         
1800 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
1801         {
1802         ctx->quiet_shutdown=mode;
1803         }
1804
1805 int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
1806         {
1807         return(ctx->quiet_shutdown);
1808         }
1809
1810 void SSL_set_quiet_shutdown(SSL *s,int mode)
1811         {
1812         s->quiet_shutdown=mode;
1813         }
1814
1815 int SSL_get_quiet_shutdown(SSL *s)
1816         {
1817         return(s->quiet_shutdown);
1818         }
1819
1820 void SSL_set_shutdown(SSL *s,int mode)
1821         {
1822         s->shutdown=mode;
1823         }
1824
1825 int SSL_get_shutdown(SSL *s)
1826         {
1827         return(s->shutdown);
1828         }
1829
1830 int SSL_version(SSL *s)
1831         {
1832         return(s->version);
1833         }
1834
1835 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
1836         {
1837         return(ssl->ctx);
1838         }
1839
1840 #ifndef NO_STDIO
1841 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
1842         {
1843         return(X509_STORE_set_default_paths(ctx->cert_store));
1844         }
1845
1846 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1847                 const char *CApath)
1848         {
1849         return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1850         }
1851 #endif
1852
1853 void SSL_set_info_callback(SSL *ssl,void (*cb)())
1854         {
1855         ssl->info_callback=cb;
1856         }
1857
1858 void (*SSL_get_info_callback(SSL *ssl))(void)
1859         {
1860         return((void (*)())ssl->info_callback);
1861         }
1862
1863 int SSL_state(SSL *ssl)
1864         {
1865         return(ssl->state);
1866         }
1867
1868 void SSL_set_verify_result(SSL *ssl,long arg)
1869         {
1870         ssl->verify_result=arg;
1871         }
1872
1873 long SSL_get_verify_result(SSL *ssl)
1874         {
1875         return(ssl->verify_result);
1876         }
1877
1878 int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1879                          int (*dup_func)(),void (*free_func)())
1880         {
1881         ssl_meth_num++;
1882         return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1883                 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1884         }
1885
1886 int SSL_set_ex_data(SSL *s,int idx,void *arg)
1887         {
1888         return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1889         }
1890
1891 void *SSL_get_ex_data(SSL *s,int idx)
1892         {
1893         return(CRYPTO_get_ex_data(&s->ex_data,idx));
1894         }
1895
1896 int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
1897                              int (*dup_func)(),void (*free_func)())
1898         {
1899         ssl_ctx_meth_num++;
1900         return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1901                 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1902         }
1903
1904 int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
1905         {
1906         return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1907         }
1908
1909 void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
1910         {
1911         return(CRYPTO_get_ex_data(&s->ex_data,idx));
1912         }
1913
1914 int ssl_ok(SSL *s)
1915         {
1916         return(1);
1917         }
1918
1919 X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
1920         {
1921         return(ctx->cert_store);
1922         }
1923
1924 void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
1925         {
1926         if (ctx->cert_store != NULL)
1927                 X509_STORE_free(ctx->cert_store);
1928         ctx->cert_store=store;
1929         }
1930
1931 int SSL_want(SSL *s)
1932         {
1933         return(s->rwstate);
1934         }
1935
1936 /*!
1937  * \brief Set the callback for generating temporary RSA keys.
1938  * \param ctx the SSL context.
1939  * \param cb the callback
1940  */
1941
1942 #ifndef NO_RSA
1943 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
1944                                                           int is_export,
1945                                                           int keylength))
1946     { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1947 #endif
1948
1949 #ifndef NO_RSA
1950 void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
1951                                                           int keylength))
1952     { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
1953 #endif
1954
1955 #ifdef DOXYGEN
1956 /*!
1957  * \brief The RSA temporary key callback function.
1958  * \param ssl the SSL session.
1959  * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
1960  * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
1961  * of the required key in bits.
1962  * \return the temporary RSA key.
1963  * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
1964  */
1965
1966 RSA *cb(SSL *ssl,int is_export,int keylength)
1967     {}
1968 #endif
1969
1970 /*!
1971  * \brief Set the callback for generating temporary DH keys.
1972  * \param ctx the SSL context.
1973  * \param dh the callback
1974  */
1975
1976 #ifndef NO_DH
1977 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
1978                                                         int keylength))
1979     { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1980
1981 void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
1982                                                         int keylength))
1983     { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
1984 #endif
1985
1986 #if defined(_WINDLL) && defined(WIN16)
1987 #include "../crypto/bio/bss_file.c"
1988 #endif
1989
1990 IMPLEMENT_STACK_OF(SSL_CIPHER)
1991 IMPLEMENT_STACK_OF(SSL_COMP)
Unnamed repository; edit this file 'description' to name the repository.