STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i,n;
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
{
SSL_CTX *ret=NULL;
-
+
if (meth == NULL)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
ret->psk_client_callback=NULL;
ret->psk_server_callback=NULL;
#endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+ ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
+ ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+ if (!ret->rbuf_freelist)
+ goto err;
+ ret->rbuf_freelist->chunklen = 0;
+ ret->rbuf_freelist->len = 0;
+ ret->rbuf_freelist->head = NULL;
+ ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+ if (!ret->wbuf_freelist)
+ {
+ OPENSSL_free(ret->rbuf_freelist);
+ goto err;
+ }
+ ret->wbuf_freelist->chunklen = 0;
+ ret->wbuf_freelist->len = 0;
+ ret->wbuf_freelist->head = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ ret->client_cert_engine = NULL;
+#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#define eng_strx(x) #x
+#define eng_str(x) eng_strx(x)
+ /* Use specific client engine automatically... ignore errors */
+ {
+ ENGINE *eng;
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ if (!eng)
+ {
+ ERR_clear_error();
+ ENGINE_load_builtin_engines();
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ }
+ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+ ERR_clear_error();
+ }
+#endif
+#endif
+
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
{ OPENSSL_free(comp); }
#endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+static void
+ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
+ {
+ SSL3_BUF_FREELIST_ENTRY *ent, *next;
+ for (ent = list->head; ent; ent = next)
+ {
+ next = ent->next;
+ OPENSSL_free(ent);
+ }
+ OPENSSL_free(list);
+ }
+#endif
+
void SSL_CTX_free(SSL_CTX *a)
{
int i;
if (a->client_cert_engine)
ENGINE_finish(a->client_cert_engine);
#endif
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+ if (a->wbuf_freelist)
+ ssl_buf_freelist_free(a->wbuf_freelist);
+ if (a->rbuf_freelist)
+ ssl_buf_freelist_free(a->rbuf_freelist);
+#endif
+
OPENSSL_free(a);
}
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
{
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
return(c->pkeys[i].x509);
}
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
{
unsigned long alg_a;
CERT *c;
return(NULL);
}
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
if ((s->session != NULL) && (s->session->cipher != NULL))
return(s->session->cipher);
* vairable, freeing EVP_MD_CTX previously stored in that variable, if
* any. If EVP_MD pointer is passed, initializes ctx with this md
* Returns newly allocated ctx;
- */
+ */
EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
{