Fix version stuff:
[openssl.git] / ssl / ssl_lib.c
1 /* ssl/ssl_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include "objects.h"
61 #include "lhash.h"
62 #include "ssl_locl.h"
63
64 char *SSL_version_str="OpenSSL 0.9.2 31-Dec-1998";
65
66 static STACK *ssl_meth=NULL;
67 static STACK *ssl_ctx_meth=NULL;
68 static int ssl_meth_num=0;
69 static int ssl_ctx_meth_num=0;
70
71 SSL3_ENC_METHOD ssl3_undef_enc_method={
72         ssl_undefined_function,
73         ssl_undefined_function,
74         ssl_undefined_function,
75         ssl_undefined_function,
76         ssl_undefined_function,
77         ssl_undefined_function,
78         };
79
80 void SSL_clear(s)
81 SSL *s;
82         {
83         int state;
84
85         if (s->method == NULL) return;
86
87         s->error=0;
88         s->hit=0;
89
90         /* This is set if we are doing dynamic renegotiation so keep
91          * the old cipher.  It is sort of a SSL_clear_lite :-) */
92         if (s->new_session) return;
93
94         state=s->state; /* Keep to check if we throw away the session-id */
95         s->type=0;
96
97         s->version=s->method->version;
98         s->rwstate=SSL_NOTHING;
99         s->state=SSL_ST_BEFORE;
100         s->rstate=SSL_ST_READ_HEADER;
101         s->read_ahead=s->ctx->default_read_ahead;
102
103 /*      s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
104
105         if (s->init_buf != NULL)
106                 {
107                 BUF_MEM_free(s->init_buf);
108                 s->init_buf=NULL;
109                 }
110
111         ssl_clear_cipher_ctx(s);
112
113         if (ssl_clear_bad_session(s))
114                 {
115                 SSL_SESSION_free(s->session);
116                 s->session=NULL;
117                 }
118
119         s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
120         s->first_packet=0;
121
122         s->method->ssl_clear(s);
123         }
124
125 /* Used to change an SSL_CTXs default SSL method type */
126 int SSL_CTX_set_ssl_version(ctx,meth)
127 SSL_CTX *ctx;
128 SSL_METHOD *meth;
129         {
130         STACK *sk;
131
132         ctx->method=meth;
133
134         sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
135                 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
136         if ((sk == NULL) || (sk_num(sk) <= 0))
137                 {
138                 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
139                 return(0);
140                 }
141         return(1);
142         }
143
144 SSL *SSL_new(ctx)
145 SSL_CTX *ctx;
146         {
147         SSL *s;
148
149         if (ctx == NULL)
150                 {
151                 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
152                 return(NULL);
153                 }
154         if (ctx->method == NULL)
155                 {
156                 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
157                 return(NULL);
158                 }
159
160         s=(SSL *)Malloc(sizeof(SSL));
161         if (s == NULL) goto err;
162         memset(s,0,sizeof(SSL));
163
164         if (ctx->default_cert != NULL)
165                 {
166                 CRYPTO_add(&ctx->default_cert->references,1,
167                         CRYPTO_LOCK_SSL_CERT);
168                 s->cert=ctx->default_cert;
169                 }
170         else
171                 s->cert=NULL;
172         s->verify_mode=ctx->default_verify_mode;
173         s->verify_callback=ctx->default_verify_callback;
174         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
175         s->ctx=ctx;
176
177         s->verify_result=X509_V_OK;
178
179         s->method=ctx->method;
180
181         if (!s->method->ssl_new(s))
182                 {
183                 SSL_CTX_free(ctx);
184                 Free(s);
185                 goto err;
186                 }
187
188         s->quiet_shutdown=ctx->quiet_shutdown;
189         s->references=1;
190         s->options=ctx->options;
191         SSL_clear(s);
192
193         CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
194
195         return(s);
196 err:
197         SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
198         return(NULL);
199         }
200
201 void SSL_free(s)
202 SSL *s;
203         {
204         int i;
205
206         i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
207 #ifdef REF_PRINT
208         REF_PRINT("SSL",s);
209 #endif
210         if (i > 0) return;
211 #ifdef REF_CHECK
212         if (i < 0)
213                 {
214                 fprintf(stderr,"SSL_free, bad reference count\n");
215                 abort(); /* ok */
216                 }
217 #endif
218
219         CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
220
221         if (s->bbio != NULL)
222                 {
223                 /* If the buffering BIO is in place, pop it off */
224                 if (s->bbio == s->wbio)
225                         {
226                         s->wbio=BIO_pop(s->wbio);
227                         }
228                 BIO_free(s->bbio);
229                 s->bbio=NULL;
230                 }
231         if (s->rbio != NULL)
232                 BIO_free_all(s->rbio);
233         if ((s->wbio != NULL) && (s->wbio != s->rbio))
234                 BIO_free_all(s->wbio);
235
236         if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
237
238         /* add extra stuff */
239         if (s->cipher_list != NULL) sk_free(s->cipher_list);
240         if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id);
241
242         /* Make the next call work :-) */
243         if (s->session != NULL)
244                 {
245                 ssl_clear_bad_session(s);
246                 SSL_SESSION_free(s->session);
247                 }
248
249         ssl_clear_cipher_ctx(s);
250
251         if (s->expand != NULL)
252                 COMP_CTX_free(s->expand);
253         if (s->compress != NULL)
254                 COMP_CTX_free(s->compress);
255
256         if (s->cert != NULL) ssl_cert_free(s->cert);
257         /* Free up if allocated */
258
259         if (s->ctx) SSL_CTX_free(s->ctx);
260
261         if (s->client_CA != NULL)
262                 sk_pop_free(s->client_CA,X509_NAME_free);
263
264         if (s->method != NULL) s->method->ssl_free(s);
265
266         Free((char *)s);
267         }
268
269 void SSL_set_bio(s, rbio,wbio)
270 SSL *s;
271 BIO *rbio;
272 BIO *wbio;
273         {
274         /* If the output buffering BIO is still in place, remove it
275          */
276         if (s->bbio != NULL)
277                 {
278                 if (s->wbio == s->bbio)
279                         {
280                         s->wbio=s->wbio->next_bio;
281                         s->bbio->next_bio=NULL;
282                         }
283                 }
284         if ((s->rbio != NULL) && (s->rbio != rbio))
285                 BIO_free_all(s->rbio);
286         if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
287                 BIO_free_all(s->wbio);
288         s->rbio=rbio;
289         s->wbio=wbio;
290         }
291
292 BIO *SSL_get_rbio(s)
293 SSL *s;
294         { return(s->rbio); }
295
296 BIO *SSL_get_wbio(s)
297 SSL *s;
298         { return(s->wbio); }
299
300 int SSL_get_fd(s)
301 SSL *s;
302         {
303         int ret= -1;
304         BIO *b,*r;
305
306         b=SSL_get_rbio(s);
307         r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
308         if (r != NULL)
309                 BIO_get_fd(r,&ret);
310         return(ret);
311         }
312
313 #ifndef NO_SOCK
314 int SSL_set_fd(s, fd)
315 SSL *s;
316 int fd;
317         {
318         int ret=0;
319         BIO *bio=NULL;
320
321         bio=BIO_new(BIO_s_socket());
322
323         if (bio == NULL)
324                 {
325                 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
326                 goto err;
327                 }
328         BIO_set_fd(bio,fd,BIO_NOCLOSE);
329         SSL_set_bio(s,bio,bio);
330         ret=1;
331 err:
332         return(ret);
333         }
334
335 int SSL_set_wfd(s, fd)
336 SSL *s;
337 int fd;
338         {
339         int ret=0;
340         BIO *bio=NULL;
341
342         if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
343                 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
344                 {
345                 bio=BIO_new(BIO_s_socket());
346
347                 if (bio == NULL)
348                         { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
349                 BIO_set_fd(bio,fd,BIO_NOCLOSE);
350                 SSL_set_bio(s,SSL_get_rbio(s),bio);
351                 }
352         else
353                 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
354         ret=1;
355 err:
356         return(ret);
357         }
358
359 int SSL_set_rfd(s, fd)
360 SSL *s;
361 int fd;
362         {
363         int ret=0;
364         BIO *bio=NULL;
365
366         if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
367                 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
368                 {
369                 bio=BIO_new(BIO_s_socket());
370
371                 if (bio == NULL)
372                         {
373                         SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
374                         goto err;
375                         }
376                 BIO_set_fd(bio,fd,BIO_NOCLOSE);
377                 SSL_set_bio(s,bio,SSL_get_wbio(s));
378                 }
379         else
380                 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
381         ret=1;
382 err:
383         return(ret);
384         }
385 #endif
386
387 int SSL_get_verify_mode(s)
388 SSL *s;
389         {
390         return(s->verify_mode);
391         }
392
393 int (*SSL_get_verify_callback(s))()
394 SSL *s;
395         {
396         return(s->verify_callback);
397         }
398
399 int SSL_CTX_get_verify_mode(ctx)
400 SSL_CTX *ctx;
401         {
402         return(ctx->default_verify_mode);
403         }
404
405 int (*SSL_CTX_get_verify_callback(ctx))()
406 SSL_CTX *ctx;
407         {
408         return(ctx->default_verify_callback);
409         }
410
411 void SSL_set_verify(s, mode, callback)
412 SSL *s;
413 int mode;
414 int (*callback)();
415         {
416         s->verify_mode=mode;
417         if (callback != NULL)
418                 s->verify_callback=callback;
419         }
420
421 void SSL_set_read_ahead(s, yes)
422 SSL *s;
423 int yes;
424         {
425         s->read_ahead=yes;
426         }
427
428 int SSL_get_read_ahead(s)
429 SSL *s;
430         {
431         return(s->read_ahead);
432         }
433
434 int SSL_pending(s)
435 SSL *s;
436         {
437         return(s->method->ssl_pending(s));
438         }
439
440 X509 *SSL_get_peer_certificate(s)
441 SSL *s;
442         {
443         X509 *r;
444         
445         if ((s == NULL) || (s->session == NULL))
446                 r=NULL;
447         else
448                 r=s->session->peer;
449
450         if (r == NULL) return(r);
451
452         CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
453
454         return(r);
455         }
456
457 STACK *SSL_get_peer_cert_chain(s)
458 SSL *s;
459         {
460         STACK *r;
461         
462         if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL))
463                 r=NULL;
464         else
465                 r=s->session->cert->cert_chain;
466
467         return(r);
468         }
469
470 /* Now in theory, since the calling process own 't' it should be safe to
471  * modify.  We need to be able to read f without being hassled */
472 void SSL_copy_session_id(t,f)
473 SSL *t,*f;
474         {
475         CERT *tmp;
476
477         /* Do we need to to SSL locking? */
478         SSL_set_session(t,SSL_get_session(f));
479
480         /* what if we are setup as SSLv2 but want to talk SSLv3 or
481          * vice-versa */
482         if (t->method != f->method)
483                 {
484                 t->method->ssl_free(t); /* cleanup current */
485                 t->method=f->method;    /* change method */
486                 t->method->ssl_new(t);  /* setup new */
487                 }
488
489         tmp=t->cert;
490         if (f->cert != NULL)
491                 {
492                 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
493                 t->cert=f->cert;
494                 }
495         else
496                 t->cert=NULL;
497         if (tmp != NULL) ssl_cert_free(tmp);
498         }
499
500 /* Fix this so it checks all the valid key/cert options */
501 int SSL_CTX_check_private_key(ctx)
502 SSL_CTX *ctx;
503         {
504         if (    (ctx == NULL) ||
505                 (ctx->default_cert == NULL) ||
506                 (ctx->default_cert->key->x509 == NULL))
507                 {
508                 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
509                 return(0);
510                 }
511         if      (ctx->default_cert->key->privatekey == NULL)
512                 {
513                 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
514                 return(0);
515                 }
516         return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
517         }
518
519 /* Fix this function so that it takes an optional type parameter */
520 int SSL_check_private_key(ssl)
521 SSL *ssl;
522         {
523         if (ssl == NULL)
524                 {
525                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
526                 return(0);
527                 }
528         if (ssl->cert == NULL)
529                 return(SSL_CTX_check_private_key(ssl->ctx));
530         if (ssl->cert->key->x509 == NULL)
531                 {
532                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
533                 return(0);
534                 }
535         if (ssl->cert->key->privatekey == NULL)
536                 {
537                 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
538                 return(0);
539                 }
540         return(X509_check_private_key(ssl->cert->key->x509,
541                 ssl->cert->key->privatekey));
542         }
543
544 int SSL_accept(s)
545 SSL *s;
546         {
547         return(s->method->ssl_accept(s));
548         }
549
550 int SSL_connect(s)
551 SSL *s;
552         {
553         return(s->method->ssl_connect(s));
554         }
555
556 long SSL_get_default_timeout(s)
557 SSL *s;
558         {
559         return(s->method->get_timeout());
560         }
561
562 int SSL_read(s,buf,num)
563 SSL *s;
564 char *buf;
565 int num;
566         {
567         if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
568                 {
569                 s->rwstate=SSL_NOTHING;
570                 return(0);
571                 }
572         return(s->method->ssl_read(s,buf,num));
573         }
574
575 int SSL_peek(s,buf,num)
576 SSL *s;
577 char *buf;
578 int num;
579         {
580         if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
581                 {
582                 return(0);
583                 }
584         return(s->method->ssl_peek(s,buf,num));
585         }
586
587 int SSL_write(s,buf,num)
588 SSL *s;
589 char *buf;
590 int num;
591         {
592         if (s->shutdown & SSL_SENT_SHUTDOWN)
593                 {
594                 s->rwstate=SSL_NOTHING;
595                 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
596                 return(-1);
597                 }
598         return(s->method->ssl_write(s,buf,num));
599         }
600
601 int SSL_shutdown(s)
602 SSL *s;
603         {
604         if ((s != NULL) && !SSL_in_init(s))
605                 return(s->method->ssl_shutdown(s));
606         else
607                 return(1);
608         }
609
610 int SSL_renegotiate(s)
611 SSL *s;
612         {
613         s->new_session=1;
614         return(s->method->ssl_renegotiate(s));
615         }
616
617 long SSL_ctrl(s,cmd,larg,parg)
618 SSL *s;
619 int cmd;
620 long larg;
621 char *parg;
622         {
623         return(s->method->ssl_ctrl(s,cmd,larg,parg));
624         }
625
626 long SSL_CTX_ctrl(ctx,cmd,larg,parg)
627 SSL_CTX *ctx;
628 int cmd;
629 long larg;
630 char *parg;
631         {
632         return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
633         }
634
635 int ssl_cipher_id_cmp(a,b)
636 SSL_CIPHER *a,*b;
637         {
638         long l;
639
640         l=a->id-b->id;
641         if (l == 0L)
642                 return(0);
643         else
644                 return((l > 0)?1:-1);
645         }
646
647 int ssl_cipher_ptr_id_cmp(ap,bp)
648 SSL_CIPHER **ap,**bp;
649         {
650         long l;
651
652         l=(*ap)->id-(*bp)->id;
653         if (l == 0L)
654                 return(0);
655         else
656                 return((l > 0)?1:-1);
657         }
658
659 /* return a STACK of the ciphers available for the SSL and in order of
660  * preference */
661 STACK *SSL_get_ciphers(s)
662 SSL *s;
663         {
664         if ((s != NULL) && (s->cipher_list != NULL))
665                 {
666                 return(s->cipher_list);
667                 }
668         else if ((s->ctx != NULL) &&
669                 (s->ctx->cipher_list != NULL))
670                 {
671                 return(s->ctx->cipher_list);
672                 }
673         return(NULL);
674         }
675
676 /* return a STACK of the ciphers available for the SSL and in order of
677  * algorithm id */
678 STACK *ssl_get_ciphers_by_id(s)
679 SSL *s;
680         {
681         if ((s != NULL) && (s->cipher_list_by_id != NULL))
682                 {
683                 return(s->cipher_list_by_id);
684                 }
685         else if ((s != NULL) && (s->ctx != NULL) &&
686                 (s->ctx->cipher_list_by_id != NULL))
687                 {
688                 return(s->ctx->cipher_list_by_id);
689                 }
690         return(NULL);
691         }
692
693 /* The old interface to get the same thing as SSL_get_ciphers() */
694 char *SSL_get_cipher_list(s,n)
695 SSL *s;
696 int n;
697         {
698         SSL_CIPHER *c;
699         STACK *sk;
700
701         if (s == NULL) return(NULL);
702         sk=SSL_get_ciphers(s);
703         if ((sk == NULL) || (sk_num(sk) <= n))
704                 return(NULL);
705         c=(SSL_CIPHER *)sk_value(sk,n);
706         if (c == NULL) return(NULL);
707         return(c->name);
708         }
709
710 /* specify the ciphers to be used by defaut by the SSL_CTX */
711 int SSL_CTX_set_cipher_list(ctx,str)
712 SSL_CTX *ctx;
713 char *str;
714         {
715         STACK *sk;
716         
717         sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
718                 &ctx->cipher_list_by_id,str);
719 /* XXXX */
720         return((sk == NULL)?0:1);
721         }
722
723 /* specify the ciphers to be used by the SSL */
724 int SSL_set_cipher_list(s, str)
725 SSL *s;
726 char *str;
727         {
728         STACK *sk;
729         
730         sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
731                 &s->cipher_list_by_id,str);
732 /* XXXX */
733         return((sk == NULL)?0:1);
734         }
735
736 /* works well for SSLv2, not so good for SSLv3 */
737 char *SSL_get_shared_ciphers(s,buf,len)
738 SSL *s;
739 char *buf;
740 int len;
741         {
742         char *p,*cp;
743         STACK *sk;
744         SSL_CIPHER *c;
745         int i;
746
747         if ((s->session == NULL) || (s->session->ciphers == NULL) ||
748                 (len < 2))
749                 return(NULL);
750
751         p=buf;
752         sk=s->session->ciphers;
753         for (i=0; i<sk_num(sk); i++)
754                 {
755                 /* Decrement for either the ':' or a '\0' */
756                 len--;
757                 c=(SSL_CIPHER *)sk_value(sk,i);
758                 for (cp=c->name; *cp; )
759                         {
760                         if (len-- == 0)
761                                 {
762                                 *p='\0';
763                                 return(buf);
764                                 }
765                         else
766                                 *(p++)= *(cp++);
767                         }
768                 *(p++)=':';
769                 }
770         p[-1]='\0';
771         return(buf);
772         }
773
774 int ssl_cipher_list_to_bytes(s,sk,p)
775 SSL *s;
776 STACK *sk;
777 unsigned char *p;
778         {
779         int i,j=0;
780         SSL_CIPHER *c;
781         unsigned char *q;
782
783         if (sk == NULL) return(0);
784         q=p;
785
786         for (i=0; i<sk_num(sk); i++)
787                 {
788                 c=(SSL_CIPHER *)sk_value(sk,i);
789                 j=ssl_put_cipher_by_char(s,c,p);
790                 p+=j;
791                 }
792         return(p-q);
793         }
794
795 STACK *ssl_bytes_to_cipher_list(s,p,num,skp)
796 SSL *s;
797 unsigned char *p;
798 int num;
799 STACK **skp;
800         {
801         SSL_CIPHER *c;
802         STACK *sk;
803         int i,n;
804
805         n=ssl_put_cipher_by_char(s,NULL,NULL);
806         if ((num%n) != 0)
807                 {
808                 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
809                 return(NULL);
810                 }
811         if ((skp == NULL) || (*skp == NULL))
812                 sk=sk_new(NULL); /* change perhaps later */
813         else
814                 {
815                 sk= *skp;
816                 sk_zero(sk);
817                 }
818
819         for (i=0; i<num; i+=n)
820                 {
821                 c=ssl_get_cipher_by_char(s,p);
822                 p+=n;
823                 if (c != NULL)
824                         {
825                         if (!sk_push(sk,(char *)c))
826                                 {
827                                 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
828                                 goto err;
829                                 }
830                         }
831                 }
832
833         if (skp != NULL)
834                 *skp=sk;
835         return(sk);
836 err:
837         if ((skp == NULL) || (*skp == NULL))
838                 sk_free(sk);
839         return(NULL);
840         }
841
842 unsigned long SSL_SESSION_hash(a)
843 SSL_SESSION *a;
844         {
845         unsigned long l;
846
847         l=(unsigned long)
848                 ((unsigned int) a->session_id[0]     )|
849                 ((unsigned int) a->session_id[1]<< 8L)|
850                 ((unsigned long)a->session_id[2]<<16L)|
851                 ((unsigned long)a->session_id[3]<<24L);
852         return(l);
853         }
854
855 int SSL_SESSION_cmp(a, b)
856 SSL_SESSION *a;
857 SSL_SESSION *b;
858         {
859         if (a->ssl_version != b->ssl_version)
860                 return(1);
861         if (a->session_id_length != b->session_id_length)
862                 return(1);
863         return(memcmp(a->session_id,b->session_id,a->session_id_length));
864         }
865
866 SSL_CTX *SSL_CTX_new(meth)
867 SSL_METHOD *meth;
868         {
869         SSL_CTX *ret=NULL;
870         
871         if (meth == NULL)
872                 {
873                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
874                 return(NULL);
875                 }
876
877         if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
878                 {
879                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
880                 goto err;
881                 }
882         ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
883         if (ret == NULL)
884                 goto err;
885
886         memset(ret,0,sizeof(SSL_CTX));
887
888         ret->method=meth;
889
890         ret->cert_store=NULL;
891         ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
892         ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
893         ret->session_cache_head=NULL;
894         ret->session_cache_tail=NULL;
895
896         /* We take the system default */
897         ret->session_timeout=meth->get_timeout();
898
899         ret->new_session_cb=NULL;
900         ret->remove_session_cb=NULL;
901         ret->get_session_cb=NULL;
902
903         ret->sess_connect=0;
904         ret->sess_connect_good=0;
905         ret->sess_accept=0;
906         ret->sess_accept_renegotiate=0;
907         ret->sess_connect_renegotiate=0;
908         ret->sess_accept_good=0;
909         ret->sess_miss=0;
910         ret->sess_timeout=0;
911         ret->sess_cache_full=0;
912         ret->sess_hit=0;
913         ret->sess_cb_hit=0;
914
915         ret->references=1;
916         ret->quiet_shutdown=0;
917
918 /*      ret->cipher=NULL;*/
919 /*      ret->s2->challenge=NULL;
920         ret->master_key=NULL;
921         ret->key_arg=NULL;
922         ret->s2->conn_id=NULL; */
923
924         ret->info_callback=NULL;
925
926         ret->app_verify_callback=NULL;
927         ret->app_verify_arg=NULL;
928
929         ret->default_read_ahead=0;
930         ret->default_verify_mode=SSL_VERIFY_NONE;
931         ret->default_verify_callback=NULL;
932         if ((ret->default_cert=ssl_cert_new()) == NULL)
933                 goto err;
934
935         ret->default_passwd_callback=NULL;
936         ret->client_cert_cb=NULL;
937
938         ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
939         if (ret->sessions == NULL) goto err;
940         ret->cert_store=X509_STORE_new();
941         if (ret->cert_store == NULL) goto err;
942
943         ssl_create_cipher_list(ret->method,
944                 &ret->cipher_list,&ret->cipher_list_by_id,
945                 SSL_DEFAULT_CIPHER_LIST);
946         if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0))
947                 {
948                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
949                 goto err2;
950                 }
951
952         if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
953                 {
954                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
955                 goto err2;
956                 }
957         if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
958                 {
959                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
960                 goto err2;
961                 }
962         if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
963                 {
964                 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
965                 goto err2;
966                 }
967
968         if ((ret->client_CA=sk_new_null()) == NULL)
969                 goto err;
970
971         CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
972
973         ret->extra_certs=NULL;
974
975         return(ret);
976 err:
977         SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
978 err2:
979         if (ret != NULL) SSL_CTX_free(ret);
980         return(NULL);
981         }
982
983 void SSL_CTX_free(a)
984 SSL_CTX *a;
985         {
986         int i;
987
988         if (a == NULL) return;
989
990         i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
991 #ifdef REF_PRINT
992         REF_PRINT("SSL_CTX",a);
993 #endif
994         if (i > 0) return;
995 #ifdef REF_CHECK
996         if (i < 0)
997                 {
998                 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
999                 abort(); /* ok */
1000                 }
1001 #endif
1002         CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
1003
1004         if (a->sessions != NULL)
1005                 {
1006                 SSL_CTX_flush_sessions(a,0);
1007                 lh_free(a->sessions);
1008                 }
1009         if (a->cert_store != NULL)
1010                 X509_STORE_free(a->cert_store);
1011         if (a->cipher_list != NULL)
1012                 sk_free(a->cipher_list);
1013         if (a->cipher_list_by_id != NULL)
1014                 sk_free(a->cipher_list_by_id);
1015         if (a->default_cert != NULL)
1016                 ssl_cert_free(a->default_cert);
1017         if (a->client_CA != NULL)
1018                 sk_pop_free(a->client_CA,X509_NAME_free);
1019         if (a->extra_certs != NULL)
1020                 sk_pop_free(a->extra_certs,X509_free);
1021         Free((char *)a);
1022         }
1023
1024 void SSL_CTX_set_default_passwd_cb(ctx,cb)
1025 SSL_CTX *ctx;
1026 int (*cb)();
1027         {
1028         ctx->default_passwd_callback=cb;
1029         }
1030
1031 void SSL_CTX_set_cert_verify_cb(ctx,cb,arg)
1032 SSL_CTX *ctx;
1033 int (*cb)();
1034 char *arg;
1035         {
1036         ctx->app_verify_callback=cb;
1037         ctx->app_verify_arg=arg;
1038         }
1039
1040 void SSL_CTX_set_verify(ctx,mode,cb)
1041 SSL_CTX *ctx;
1042 int mode;
1043 int (*cb)();
1044         {
1045         ctx->default_verify_mode=mode;
1046         ctx->default_verify_callback=cb;
1047         /* This needs cleaning up EAY EAY EAY */
1048         X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1049         }
1050
1051 void ssl_set_cert_masks(c)
1052 CERT *c;
1053         {
1054         CERT_PKEY *cpk;
1055         int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1056         int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1057         int rsa_tmp_export,dh_tmp_export;
1058         unsigned long mask,emask;
1059
1060         if ((c == NULL) || (c->valid)) return;
1061
1062 #ifndef NO_RSA
1063         rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
1064         rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
1065                 (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
1066 #else
1067         rsa_tmp=rsa_tmp_export=0;
1068 #endif
1069 #ifndef NO_DH
1070         dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
1071         dh_tmp_export=((c->dh_tmp_cb != NULL) ||
1072                 (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
1073 #else
1074         dh_tmp=dh_tmp_export=0;
1075 #endif
1076
1077         cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1078         rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1079         rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1080         cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1081         rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1082         cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1083         dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1084         cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1085         dh_rsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1086         dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1087         cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1088 /* FIX THIS EAY EAY EAY */
1089         dh_dsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
1090         dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
1091
1092         mask=0;
1093         emask=0;
1094
1095 #ifdef CIPHER_DEBUG
1096         printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1097                 rsa_tmp,dh_tmp,
1098                 rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1099 #endif
1100
1101         if (rsa_enc || (rsa_tmp && rsa_sign))
1102                 mask|=SSL_kRSA;
1103         if (rsa_enc_export || (rsa_tmp_export && rsa_sign))
1104                 emask|=SSL_kRSA;
1105
1106 #if 0
1107         /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1108         if (    (dh_tmp || dh_rsa || dh_dsa) && 
1109                 (rsa_enc || rsa_sign || dsa_sign))
1110                 mask|=SSL_kEDH;
1111         if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1112                 (rsa_enc || rsa_sign || dsa_sign))
1113                 emask|=SSL_kEDH;
1114 #endif
1115
1116         if (dh_tmp_export) 
1117                 emask|=SSL_kEDH;
1118
1119         if (dh_tmp)
1120                 mask|=SSL_kEDH;
1121
1122         if (dh_rsa) mask|=SSL_kDHr;
1123         if (dh_rsa_export) emask|=SSL_kDHr;
1124
1125         if (dh_dsa) mask|=SSL_kDHd;
1126         if (dh_dsa_export) emask|=SSL_kDHd;
1127
1128         if (rsa_enc || rsa_sign)
1129                 {
1130                 mask|=SSL_aRSA;
1131                 emask|=SSL_aRSA;
1132                 }
1133
1134         if (dsa_sign)
1135                 {
1136                 mask|=SSL_aDSS;
1137                 emask|=SSL_aDSS;
1138                 }
1139
1140 #ifdef SSL_ALLOW_ADH
1141         mask|=SSL_aNULL;
1142         emask|=SSL_aNULL;
1143 #endif
1144
1145         c->mask=mask;
1146         c->export_mask=emask;
1147         c->valid=1;
1148         }
1149
1150 /* THIS NEEDS CLEANING UP */
1151 X509 *ssl_get_server_send_cert(s)
1152 SSL *s;
1153         {
1154         unsigned long alg,mask,kalg;
1155         CERT *c;
1156         int i,export;
1157
1158         c=s->cert;
1159         ssl_set_cert_masks(c);
1160         alg=s->s3->tmp.new_cipher->algorithms;
1161         export=(alg & SSL_EXPORT)?1:0;
1162         mask=(export)?c->export_mask:c->mask;
1163         kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1164
1165         if      (kalg & SSL_kDHr)
1166                 i=SSL_PKEY_DH_RSA;
1167         else if (kalg & SSL_kDHd)
1168                 i=SSL_PKEY_DH_DSA;
1169         else if (kalg & SSL_aDSS)
1170                 i=SSL_PKEY_DSA_SIGN;
1171         else if (kalg & SSL_aRSA)
1172                 {
1173                 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1174                         i=SSL_PKEY_RSA_SIGN;
1175                 else
1176                         i=SSL_PKEY_RSA_ENC;
1177                 }
1178         else /* if (kalg & SSL_aNULL) */
1179                 {
1180                 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
1181                 return(NULL);
1182                 }
1183         if (c->pkeys[i].x509 == NULL) return(NULL);
1184         return(c->pkeys[i].x509);
1185         }
1186
1187 EVP_PKEY *ssl_get_sign_pkey(s,cipher)
1188 SSL *s;
1189 SSL_CIPHER *cipher;
1190         {
1191         unsigned long alg;
1192         CERT *c;
1193
1194         alg=cipher->algorithms;
1195         c=s->cert;
1196
1197         if ((alg & SSL_aDSS) &&
1198                 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1199                 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1200         else if (alg & SSL_aRSA)
1201                 {
1202                 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1203                         return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1204                 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1205                         return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1206                 else
1207                         return(NULL);
1208                 }
1209         else /* if (alg & SSL_aNULL) */
1210                 {
1211                 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
1212                 return(NULL);
1213                 }
1214         }
1215
1216 void ssl_update_cache(s,mode)
1217 SSL *s;
1218 int mode;
1219         {
1220         int i;
1221
1222         /* If the session_id_length is 0, we are not supposed to cache it,
1223          * and it would be rather hard to do anyway :-) */
1224         if (s->session->session_id_length == 0) return;
1225
1226         if ((s->ctx->session_cache_mode & mode)
1227                 && (!s->hit)
1228                 && SSL_CTX_add_session(s->ctx,s->session)
1229                 && (s->ctx->new_session_cb != NULL))
1230                 {
1231                 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1232                 if (!s->ctx->new_session_cb(s,s->session))
1233                         SSL_SESSION_free(s->session);
1234                 }
1235
1236         /* auto flush every 255 connections */
1237         i=s->ctx->session_cache_mode;
1238         if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1239                 ((i & mode) == mode))
1240                 {
1241                 if (  (((mode & SSL_SESS_CACHE_CLIENT)
1242                         ?s->ctx->sess_connect_good
1243                         :s->ctx->sess_accept_good) & 0xff) == 0xff)
1244                         {
1245                         SSL_CTX_flush_sessions(s->ctx,time(NULL));
1246                         }
1247                 }
1248         }
1249
1250 SSL_METHOD *SSL_get_ssl_method(s)
1251 SSL *s;
1252         {
1253         return(s->method);
1254         }
1255
1256 int SSL_set_ssl_method(s,meth)
1257 SSL *s;
1258 SSL_METHOD *meth;
1259         {
1260         int conn= -1;
1261         int ret=1;
1262
1263         if (s->method != meth)
1264                 {
1265                 if (s->handshake_func != NULL)
1266                         conn=(s->handshake_func == s->method->ssl_connect);
1267
1268                 if (s->method->version == meth->version)
1269                         s->method=meth;
1270                 else
1271                         {
1272                         s->method->ssl_free(s);
1273                         s->method=meth;
1274                         ret=s->method->ssl_new(s);
1275                         }
1276
1277                 if (conn == 1)
1278                         s->handshake_func=meth->ssl_connect;
1279                 else if (conn == 0)
1280                         s->handshake_func=meth->ssl_accept;
1281                 }
1282         return(ret);
1283         }
1284
1285 int SSL_get_error(s,i)
1286 SSL *s;
1287 int i;
1288         {
1289         int reason;
1290         BIO *bio;
1291
1292         if (i > 0) return(SSL_ERROR_NONE);
1293
1294         if (ERR_peek_error() != 0)
1295                 return(SSL_ERROR_SSL);
1296
1297         if ((i < 0) && SSL_want_read(s))
1298                 {
1299                 bio=SSL_get_rbio(s);
1300                 if (BIO_should_read(bio))
1301                         return(SSL_ERROR_WANT_READ);
1302                 else if (BIO_should_write(bio))
1303                         return(SSL_ERROR_WANT_WRITE);
1304                 else if (BIO_should_io_special(bio))
1305                         {
1306                         reason=BIO_get_retry_reason(bio);
1307                         if (reason == BIO_RR_CONNECT)
1308                                 return(SSL_ERROR_WANT_CONNECT);
1309                         else
1310                                 return(SSL_ERROR_SYSCALL); /* unknown */
1311                         }
1312                 }
1313
1314         if ((i < 0) && SSL_want_write(s))
1315                 {
1316                 bio=SSL_get_wbio(s);
1317                 if (BIO_should_write(bio))
1318                         return(SSL_ERROR_WANT_WRITE);
1319                 else if (BIO_should_read(bio))
1320                         return(SSL_ERROR_WANT_READ);
1321                 else if (BIO_should_io_special(bio))
1322                         {
1323                         reason=BIO_get_retry_reason(bio);
1324                         if (reason == BIO_RR_CONNECT)
1325                                 return(SSL_ERROR_WANT_CONNECT);
1326                         else
1327                                 return(SSL_ERROR_SYSCALL);
1328                         }
1329                 }
1330         if ((i < 0) && SSL_want_x509_lookup(s))
1331                 {
1332                 return(SSL_ERROR_WANT_X509_LOOKUP);
1333                 }
1334
1335         if (i == 0)
1336                 {
1337                 if (s->version == SSL2_VERSION)
1338                         {
1339                         /* assume it is the socket being closed */
1340                         return(SSL_ERROR_ZERO_RETURN);
1341                         }
1342                 else
1343                         {
1344                         if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1345                                 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
1346                                 return(SSL_ERROR_ZERO_RETURN);
1347                         }
1348                 }
1349         return(SSL_ERROR_SYSCALL);
1350         }
1351
1352 int SSL_do_handshake(s)
1353 SSL *s;
1354         {
1355         int ret=1;
1356
1357         if (s->handshake_func == NULL)
1358                 {
1359                 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1360                 return(-1);
1361                 }
1362
1363         s->method->ssl_renegotiate_check(s);
1364
1365         if (SSL_in_init(s) || SSL_in_before(s))
1366                 {
1367                 ret=s->handshake_func(s);
1368                 }
1369         return(ret);
1370         }
1371
1372 /* For the next 2 functions, SSL_clear() sets shutdown and so
1373  * one of these calls will reset it */
1374 void SSL_set_accept_state(s)
1375 SSL *s;
1376         {
1377         s->shutdown=0;
1378         s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1379         s->handshake_func=s->method->ssl_accept;
1380         /* clear the current cipher */
1381         ssl_clear_cipher_ctx(s);
1382         }
1383
1384 void SSL_set_connect_state(s)
1385 SSL *s;
1386         {
1387         s->shutdown=0;
1388         s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1389         s->handshake_func=s->method->ssl_connect;
1390         /* clear the current cipher */
1391         ssl_clear_cipher_ctx(s);
1392         }
1393
1394 int ssl_undefined_function(s)
1395 SSL *s;
1396         {
1397         SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1398         return(0);
1399         }
1400
1401 SSL_METHOD *ssl_bad_method(ver)
1402 int ver;
1403         {
1404         SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1405         return(NULL);
1406         }
1407
1408 char *SSL_get_version(s)
1409 SSL *s;
1410         {
1411         if (s->version == TLS1_VERSION)
1412                 return("TLSv1");
1413         else if (s->version == SSL3_VERSION)
1414                 return("SSLv3");
1415         else if (s->version == SSL2_VERSION)
1416                 return("SSLv2");
1417         else
1418                 return("unknown");
1419         }
1420
1421 SSL *SSL_dup(s)
1422 SSL *s;
1423         {
1424         STACK *sk;
1425         X509_NAME *xn;
1426         SSL *ret;
1427         int i;
1428                  
1429         if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
1430                           
1431         /* This copies version, session-id, SSL_METHOD and 'cert' */
1432         SSL_copy_session_id(ret,s);
1433
1434         SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1435         SSL_set_verify(ret,SSL_get_verify_mode(s),
1436                 SSL_get_verify_callback(s));
1437
1438         SSL_set_info_callback(ret,SSL_get_info_callback(s));
1439         
1440         ret->debug=s->debug;
1441         ret->options=s->options;
1442
1443         /* copy app data, a little dangerous perhaps */
1444         if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
1445                 goto err;
1446
1447         /* setup rbio, and wbio */
1448         if (s->rbio != NULL)
1449                 {
1450                 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
1451                         goto err;
1452                 }
1453         if (s->wbio != NULL)
1454                 {
1455                 if (s->wbio != s->rbio)
1456                         {
1457                         if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
1458                                 goto err;
1459                         }
1460                 else
1461                         ret->wbio=ret->rbio;
1462                 }
1463
1464         /* dup the cipher_list and cipher_list_by_id stacks */
1465         if (s->cipher_list != NULL)
1466                 {
1467                 if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL)
1468                         goto err;
1469                 }
1470         if (s->cipher_list_by_id != NULL)
1471                 if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id))
1472                         == NULL)
1473                         goto err;
1474
1475         /* Dup the client_CA list */
1476         if (s->client_CA != NULL)
1477                 {
1478                 if ((sk=sk_dup(s->client_CA)) == NULL) goto err;
1479                 ret->client_CA=sk;
1480                 for (i=0; i<sk_num(sk); i++)
1481                         {
1482                         xn=(X509_NAME *)sk_value(sk,i);
1483                         if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL)
1484                                 {
1485                                 X509_NAME_free(xn);
1486                                 goto err;
1487                                 }
1488                         }
1489                 }
1490
1491         ret->shutdown=s->shutdown;
1492         ret->state=s->state;
1493         ret->handshake_func=s->handshake_func;
1494
1495         if (0)
1496                 {
1497 err:
1498                 if (ret != NULL) SSL_free(ret);
1499                 ret=NULL;
1500                 }
1501         return(ret);
1502         }
1503
1504 void ssl_clear_cipher_ctx(s)
1505 SSL *s;
1506         {
1507         if (s->enc_read_ctx != NULL)
1508                 {
1509                 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1510                 Free(s->enc_read_ctx);
1511                 s->enc_read_ctx=NULL;
1512                 }
1513         if (s->enc_write_ctx != NULL)
1514                 {
1515                 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1516                 Free(s->enc_write_ctx);
1517                 s->enc_write_ctx=NULL;
1518                 }
1519         }
1520
1521 /* Fix this function so that it takes an optional type parameter */
1522 X509 *SSL_get_certificate(s)
1523 SSL *s;
1524         {
1525         if (s->cert != NULL)
1526                 return(s->cert->key->x509);
1527         else
1528                 return(NULL);
1529         }
1530
1531 /* Fix this function so that it takes an optional type parameter */
1532 EVP_PKEY *SSL_get_privatekey(s)
1533 SSL *s;
1534         {
1535         if (s->cert != NULL)
1536                 return(s->cert->key->privatekey);
1537         else
1538                 return(NULL);
1539         }
1540
1541 SSL_CIPHER *SSL_get_current_cipher(s)
1542 SSL *s;
1543         {
1544         if ((s->session != NULL) && (s->session->cipher != NULL))
1545                 return(s->session->cipher);
1546         return(NULL);
1547         }
1548
1549 int ssl_init_wbio_buffer(s,push)
1550 SSL *s;
1551 int push;
1552         {
1553         BIO *bbio;
1554
1555         if (s->bbio == NULL)
1556                 {
1557                 bbio=BIO_new(BIO_f_buffer());
1558                 if (bbio == NULL) return(0);
1559                 s->bbio=bbio;
1560                 }
1561         else
1562                 {
1563                 bbio=s->bbio;
1564                 if (s->bbio == s->wbio)
1565                         s->wbio=BIO_pop(s->wbio);
1566                 }
1567         BIO_reset(bbio);
1568 /*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1569         if (!BIO_set_read_buffer_size(bbio,1))
1570                 {
1571                 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
1572                 return(0);
1573                 }
1574         if (push)
1575                 {
1576                 if (s->wbio != bbio)
1577                         s->wbio=BIO_push(bbio,s->wbio);
1578                 }
1579         else
1580                 {
1581                 if (s->wbio == bbio)
1582                         s->wbio=BIO_pop(bbio);
1583                 }
1584         return(1);
1585         }
1586         
1587 void SSL_CTX_set_quiet_shutdown(ctx,mode)
1588 SSL_CTX *ctx;
1589 int mode;
1590         {
1591         ctx->quiet_shutdown=mode;
1592         }
1593
1594 int SSL_CTX_get_quiet_shutdown(ctx)
1595 SSL_CTX *ctx;
1596         {
1597         return(ctx->quiet_shutdown);
1598         }
1599
1600 void SSL_set_quiet_shutdown(s,mode)
1601 SSL *s;
1602 int mode;
1603         {
1604         s->quiet_shutdown=mode;
1605         }
1606
1607 int SSL_get_quiet_shutdown(s)
1608 SSL *s;
1609         {
1610         return(s->quiet_shutdown);
1611         }
1612
1613 void SSL_set_shutdown(s,mode)
1614 SSL *s;
1615 int mode;
1616         {
1617         s->shutdown=mode;
1618         }
1619
1620 int SSL_get_shutdown(s)
1621 SSL *s;
1622         {
1623         return(s->shutdown);
1624         }
1625
1626 int SSL_version(s)
1627 SSL *s;
1628         {
1629         return(s->version);
1630         }
1631
1632 SSL_CTX *SSL_get_SSL_CTX(ssl)
1633 SSL *ssl;
1634         {
1635         return(ssl->ctx);
1636         }
1637
1638 #ifndef NO_STDIO
1639 int SSL_CTX_set_default_verify_paths(ctx)
1640 SSL_CTX *ctx;
1641         {
1642         return(X509_STORE_set_default_paths(ctx->cert_store));
1643         }
1644
1645 int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
1646 SSL_CTX *ctx;
1647 char *CAfile;
1648 char *CApath;
1649         {
1650         return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1651         }
1652 #endif
1653
1654 void SSL_set_info_callback(ssl,cb)
1655 SSL *ssl;
1656 void (*cb)();
1657         {
1658         ssl->info_callback=cb;
1659         }
1660
1661 void (*SSL_get_info_callback(ssl))()
1662 SSL *ssl;
1663         {
1664         return((void (*)())ssl->info_callback);
1665         }
1666
1667 int SSL_state(ssl)
1668 SSL *ssl;
1669         {
1670         return(ssl->state);
1671         }
1672
1673 void SSL_set_verify_result(ssl,arg)
1674 SSL *ssl;
1675 long arg;
1676         {
1677         ssl->verify_result=arg;
1678         }
1679
1680 long SSL_get_verify_result(ssl)
1681 SSL *ssl;
1682         {
1683         return(ssl->verify_result);
1684         }
1685
1686 int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
1687 long argl;
1688 char *argp;
1689 int (*new_func)();
1690 int (*dup_func)();
1691 void (*free_func)();
1692         {
1693         ssl_meth_num++;
1694         return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1695                 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1696         }
1697
1698 int SSL_set_ex_data(s,idx,arg)
1699 SSL *s;
1700 int idx;
1701 char *arg;
1702         {
1703         return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1704         }
1705
1706 char *SSL_get_ex_data(s,idx)
1707 SSL *s;
1708 int idx;
1709         {
1710         return(CRYPTO_get_ex_data(&s->ex_data,idx));
1711         }
1712
1713 int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
1714 long argl;
1715 char *argp;
1716 int (*new_func)();
1717 int (*dup_func)();
1718 void (*free_func)();
1719         {
1720         ssl_ctx_meth_num++;
1721         return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1722                 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1723         }
1724
1725 int SSL_CTX_set_ex_data(s,idx,arg)
1726 SSL_CTX *s;
1727 int idx;
1728 char *arg;
1729         {
1730         return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1731         }
1732
1733 char *SSL_CTX_get_ex_data(s,idx)
1734 SSL_CTX *s;
1735 int idx;
1736         {
1737         return(CRYPTO_get_ex_data(&s->ex_data,idx));
1738         }
1739
1740 int ssl_ok(s)
1741 SSL *s;
1742         {
1743         return(1);
1744         }
1745
1746 #if defined(_WINDLL) && defined(WIN16)
1747 #include "../crypto/bio/bss_file.c"
1748 #endif
1749