+/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings).
+ *
+ * Returns 0 on success. */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
+ unsigned protos_len)
+ {
+ if (ctx->alpn_client_proto_list)
+ OPENSSL_free(ctx->alpn_client_proto_list);
+
+ ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+ if (!ctx->alpn_client_proto_list)
+ return 1;
+ memcpy(ctx->alpn_client_proto_list, protos, protos_len);
+ ctx->alpn_client_proto_list_len = protos_len;
+
+ return 0;
+ }
+
+/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings).
+ *
+ * Returns 0 on success. */
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
+ unsigned protos_len)
+ {
+ if (ssl->alpn_client_proto_list)
+ OPENSSL_free(ssl->alpn_client_proto_list);
+
+ ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+ if (!ssl->alpn_client_proto_list)
+ return 1;
+ memcpy(ssl->alpn_client_proto_list, protos, protos_len);
+ ssl->alpn_client_proto_list_len = protos_len;
+
+ return 0;
+ }
+
+/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
+ * during ClientHello processing in order to select an ALPN protocol from the
+ * client's list of offered protocols. */
+void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
+ int (*cb) (SSL *ssl,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg),
+ void *arg)
+ {
+ ctx->alpn_select_cb = cb;
+ ctx->alpn_select_cb_arg = arg;
+ }
+
+/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name (not
+ * including the leading length-prefix byte). If the server didn't respond with
+ * a negotiated protocol then |*len| will be zero. */
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+ unsigned *len)
+ {
+ *data = NULL;
+ if (ssl->s3)
+ *data = ssl->s3->alpn_selected;
+ if (*data == NULL)
+ *len = 0;
+ else
+ *len = ssl->s3->alpn_selected_len;
+ }
+
+int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ cli_supp_data_first_cb_fn fn1,
+ cli_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ cli_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->cli_supp_data_records_count; i++)
+ if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
+ (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
+ if (!ctx->cli_supp_data_records)
+ {
+ ctx->cli_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->cli_supp_data_records_count++;
+ record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+ return 1;
+ }
+
+int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ srv_supp_data_first_cb_fn fn1,
+ srv_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ srv_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->srv_supp_data_records_count; i++)
+ if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
+ (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
+ if (!ctx->srv_supp_data_records)
+ {
+ ctx->srv_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->srv_supp_data_records_count++;
+ record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+
+ return 1;
+ }
+
+#endif /* !OPENSSL_NO_TLSEXT */
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen, const unsigned char *p, size_t plen,
+ int use_context)
+ {
+ if (s->version < TLS1_VERSION)
+ return -1;
+
+ return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+ llen, p, plen,
+ use_context);
+ }
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+ {
+ unsigned long l;
+
+ l=(unsigned long)
+ ((unsigned int) a->session_id[0] )|
+ ((unsigned int) a->session_id[1]<< 8L)|
+ ((unsigned long)a->session_id[2]<<16L)|
+ ((unsigned long)a->session_id[3]<<24L);
+ return(l);
+ }
+
+/* NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
+ * able to construct an SSL_SESSION that will collide with any existing session
+ * with a matching session ID. */
+static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+ {
+ if (a->ssl_version != b->ssl_version)
+ return(1);
+ if (a->session_id_length != b->session_id_length)
+ return(1);
+ return(memcmp(a->session_id,b->session_id,a->session_id_length));
+ }
+
+/* These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed via
+ * ssl.h. */
+static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
+static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+ {
+ SSL_CTX *ret=NULL;
+
+ if (meth == NULL)
+ {
+ SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+ return(NULL);
+ }
+
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && (meth->version < TLS1_VERSION))
+ {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return NULL;
+ }
+#endif
+
+ if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
+ {
+ SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+ goto err;
+ }
+ ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
+ if (ret == NULL)
+ goto err;
+
+ memset(ret,0,sizeof(SSL_CTX));
+
+ ret->method=meth;
+
+ ret->cert_store=NULL;
+ ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+ ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+ ret->session_cache_head=NULL;
+ ret->session_cache_tail=NULL;
+
+ /* We take the system default */
+ ret->session_timeout=meth->get_timeout();
+
+ ret->new_session_cb=0;
+ ret->remove_session_cb=0;
+ ret->get_session_cb=0;
+ ret->generate_session_id=0;
+
+ memset((char *)&ret->stats,0,sizeof(ret->stats));
+
+ ret->references=1;
+ ret->quiet_shutdown=0;
+
+/* ret->cipher=NULL;*/
+/* ret->s2->challenge=NULL;
+ ret->master_key=NULL;
+ ret->key_arg=NULL;
+ ret->s2->conn_id=NULL; */
+
+ ret->info_callback=NULL;
+
+ ret->app_verify_callback=0;
+ ret->app_verify_arg=NULL;
+
+ ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;