xref: /openbsd-src/lib/libssl/ssl_lib.c (revision 7350f337b9e3eb4461d99580e625c7ef148d107c)
1 /* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142 
143 #include <stdio.h>
144 
145 #include "ssl_locl.h"
146 
147 #include <openssl/bn.h>
148 #include <openssl/dh.h>
149 #include <openssl/lhash.h>
150 #include <openssl/objects.h>
151 #include <openssl/ocsp.h>
152 #include <openssl/x509v3.h>
153 
154 #ifndef OPENSSL_NO_ENGINE
155 #include <openssl/engine.h>
156 #endif
157 
158 #include "bytestring.h"
159 #include "ssl_sigalgs.h"
160 
161 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
162 
163 int
164 SSL_clear(SSL *s)
165 {
166 	if (s->method == NULL) {
167 		SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
168 		return (0);
169 	}
170 
171 	if (ssl_clear_bad_session(s)) {
172 		SSL_SESSION_free(s->session);
173 		s->session = NULL;
174 	}
175 
176 	s->error = 0;
177 	s->internal->hit = 0;
178 	s->internal->shutdown = 0;
179 
180 	if (s->internal->renegotiate) {
181 		SSLerror(s, ERR_R_INTERNAL_ERROR);
182 		return (0);
183 	}
184 
185 	s->internal->type = 0;
186 
187 	s->version = s->method->internal->version;
188 	s->client_version = s->version;
189 	s->internal->rwstate = SSL_NOTHING;
190 	s->internal->rstate = SSL_ST_READ_HEADER;
191 
192 	BUF_MEM_free(s->internal->init_buf);
193 	s->internal->init_buf = NULL;
194 
195 	ssl_clear_cipher_state(s);
196 
197 	s->internal->first_packet = 0;
198 
199 	/*
200 	 * Check to see if we were changed into a different method, if
201 	 * so, revert back if we are not doing session-id reuse.
202 	 */
203 	if (!s->internal->in_handshake && (s->session == NULL) &&
204 	    (s->method != s->ctx->method)) {
205 		s->method->internal->ssl_free(s);
206 		s->method = s->ctx->method;
207 		if (!s->method->internal->ssl_new(s))
208 			return (0);
209 	} else
210 		s->method->internal->ssl_clear(s);
211 
212 	S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
213 
214 	return (1);
215 }
216 
217 /* Used to change an SSL_CTXs default SSL method type */
218 int
219 SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
220 {
221 	STACK_OF(SSL_CIPHER)	*sk;
222 
223 	ctx->method = meth;
224 
225 	sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
226 	    &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
227 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
228 		SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
229 		return (0);
230 	}
231 	return (1);
232 }
233 
234 SSL *
235 SSL_new(SSL_CTX *ctx)
236 {
237 	SSL	*s;
238 
239 	if (ctx == NULL) {
240 		SSLerrorx(SSL_R_NULL_SSL_CTX);
241 		return (NULL);
242 	}
243 	if (ctx->method == NULL) {
244 		SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
245 		return (NULL);
246 	}
247 
248 	if ((s = calloc(1, sizeof(*s))) == NULL) {
249 		SSLerrorx(ERR_R_MALLOC_FAILURE);
250 		return (NULL);
251 	}
252 	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) {
253 		free(s);
254 		SSLerrorx(ERR_R_MALLOC_FAILURE);
255 		return (NULL);
256 	}
257 
258 	s->internal->min_version = ctx->internal->min_version;
259 	s->internal->max_version = ctx->internal->max_version;
260 
261 	s->internal->options = ctx->internal->options;
262 	s->internal->mode = ctx->internal->mode;
263 	s->internal->max_cert_list = ctx->internal->max_cert_list;
264 
265 	if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
266 		goto err;
267 
268 	s->internal->read_ahead = ctx->internal->read_ahead;
269 	s->internal->msg_callback = ctx->internal->msg_callback;
270 	s->internal->msg_callback_arg = ctx->internal->msg_callback_arg;
271 	s->verify_mode = ctx->verify_mode;
272 	s->sid_ctx_length = ctx->sid_ctx_length;
273 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
274 	memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
275 	s->internal->verify_callback = ctx->internal->default_verify_callback;
276 	s->internal->generate_session_id = ctx->internal->generate_session_id;
277 
278 	s->param = X509_VERIFY_PARAM_new();
279 	if (!s->param)
280 		goto err;
281 	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
282 	s->internal->quiet_shutdown = ctx->internal->quiet_shutdown;
283 	s->max_send_fragment = ctx->internal->max_send_fragment;
284 
285 	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
286 	s->ctx = ctx;
287 	s->internal->tlsext_debug_cb = 0;
288 	s->internal->tlsext_debug_arg = NULL;
289 	s->internal->tlsext_ticket_expected = 0;
290 	s->tlsext_status_type = -1;
291 	s->internal->tlsext_status_expected = 0;
292 	s->internal->tlsext_ocsp_ids = NULL;
293 	s->internal->tlsext_ocsp_exts = NULL;
294 	s->internal->tlsext_ocsp_resp = NULL;
295 	s->internal->tlsext_ocsp_resplen = -1;
296 	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
297 	s->initial_ctx = ctx;
298 
299 	if (ctx->internal->tlsext_ecpointformatlist != NULL) {
300 		s->internal->tlsext_ecpointformatlist =
301 		    calloc(ctx->internal->tlsext_ecpointformatlist_length,
302 			sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
303 		if (s->internal->tlsext_ecpointformatlist == NULL)
304 			goto err;
305 		memcpy(s->internal->tlsext_ecpointformatlist,
306 		    ctx->internal->tlsext_ecpointformatlist,
307 		    ctx->internal->tlsext_ecpointformatlist_length *
308 		    sizeof(ctx->internal->tlsext_ecpointformatlist[0]));
309 		s->internal->tlsext_ecpointformatlist_length =
310 		    ctx->internal->tlsext_ecpointformatlist_length;
311 	}
312 	if (ctx->internal->tlsext_supportedgroups != NULL) {
313 		s->internal->tlsext_supportedgroups =
314 		    calloc(ctx->internal->tlsext_supportedgroups_length,
315 			sizeof(ctx->internal->tlsext_supportedgroups[0]));
316 		if (s->internal->tlsext_supportedgroups == NULL)
317 			goto err;
318 		memcpy(s->internal->tlsext_supportedgroups,
319 		    ctx->internal->tlsext_supportedgroups,
320 		    ctx->internal->tlsext_supportedgroups_length *
321 		    sizeof(ctx->internal->tlsext_supportedgroups[0]));
322 		s->internal->tlsext_supportedgroups_length =
323 		    ctx->internal->tlsext_supportedgroups_length;
324 	}
325 
326 	if (s->ctx->internal->alpn_client_proto_list != NULL) {
327 		s->internal->alpn_client_proto_list =
328 		    malloc(s->ctx->internal->alpn_client_proto_list_len);
329 		if (s->internal->alpn_client_proto_list == NULL)
330 			goto err;
331 		memcpy(s->internal->alpn_client_proto_list,
332 		    s->ctx->internal->alpn_client_proto_list,
333 		    s->ctx->internal->alpn_client_proto_list_len);
334 		s->internal->alpn_client_proto_list_len =
335 		    s->ctx->internal->alpn_client_proto_list_len;
336 	}
337 
338 	s->verify_result = X509_V_OK;
339 
340 	s->method = ctx->method;
341 
342 	if (!s->method->internal->ssl_new(s))
343 		goto err;
344 
345 	s->references = 1;
346 	s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
347 
348 	SSL_clear(s);
349 
350 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);
351 
352 	return (s);
353 
354  err:
355 	SSL_free(s);
356 	SSLerrorx(ERR_R_MALLOC_FAILURE);
357 	return (NULL);
358 }
359 
360 int
361 SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
362     unsigned int sid_ctx_len)
363 {
364 	if (sid_ctx_len > sizeof ctx->sid_ctx) {
365 		SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
366 		return (0);
367 	}
368 	ctx->sid_ctx_length = sid_ctx_len;
369 	memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
370 
371 	return (1);
372 }
373 
374 int
375 SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
376     unsigned int sid_ctx_len)
377 {
378 	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
379 		SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
380 		return (0);
381 	}
382 	ssl->sid_ctx_length = sid_ctx_len;
383 	memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
384 
385 	return (1);
386 }
387 
388 int
389 SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
390 {
391 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
392 	ctx->internal->generate_session_id = cb;
393 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
394 	return (1);
395 }
396 
397 int
398 SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
399 {
400 	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
401 	ssl->internal->generate_session_id = cb;
402 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
403 	return (1);
404 }
405 
406 int
407 SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
408     unsigned int id_len)
409 {
410 	/*
411 	 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
412 	 * shows how we can "construct" a session to give us the desired
413 	 * check - ie. to find if there's a session in the hash table
414 	 * that would conflict with any new session built out of this
415 	 * id/id_len and the ssl_version in use by this SSL.
416 	 */
417 	SSL_SESSION r, *p;
418 
419 	if (id_len > sizeof r.session_id)
420 		return (0);
421 
422 	r.ssl_version = ssl->version;
423 	r.session_id_length = id_len;
424 	memcpy(r.session_id, id, id_len);
425 
426 	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
427 	p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r);
428 	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
429 	return (p != NULL);
430 }
431 
432 int
433 SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
434 {
435 	return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
436 }
437 
438 int
439 SSL_set_purpose(SSL *s, int purpose)
440 {
441 	return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
442 }
443 
444 int
445 SSL_CTX_set_trust(SSL_CTX *s, int trust)
446 {
447 	return (X509_VERIFY_PARAM_set_trust(s->param, trust));
448 }
449 
450 int
451 SSL_set_trust(SSL *s, int trust)
452 {
453 	return (X509_VERIFY_PARAM_set_trust(s->param, trust));
454 }
455 
456 int
457 SSL_set1_host(SSL *s, const char *hostname)
458 {
459 	return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
460 }
461 
462 X509_VERIFY_PARAM *
463 SSL_CTX_get0_param(SSL_CTX *ctx)
464 {
465 	return (ctx->param);
466 }
467 
468 int
469 SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
470 {
471 	return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
472 }
473 
474 X509_VERIFY_PARAM *
475 SSL_get0_param(SSL *ssl)
476 {
477 	return (ssl->param);
478 }
479 
480 int
481 SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
482 {
483 	return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
484 }
485 
486 void
487 SSL_free(SSL *s)
488 {
489 	int	i;
490 
491 	if (s == NULL)
492 		return;
493 
494 	i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
495 	if (i > 0)
496 		return;
497 
498 	X509_VERIFY_PARAM_free(s->param);
499 
500 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data);
501 
502 	if (s->bbio != NULL) {
503 		/* If the buffering BIO is in place, pop it off */
504 		if (s->bbio == s->wbio) {
505 			s->wbio = BIO_pop(s->wbio);
506 		}
507 		BIO_free(s->bbio);
508 		s->bbio = NULL;
509 	}
510 
511 	if (s->rbio != s->wbio)
512 		BIO_free_all(s->rbio);
513 	BIO_free_all(s->wbio);
514 
515 	BUF_MEM_free(s->internal->init_buf);
516 
517 	/* add extra stuff */
518 	sk_SSL_CIPHER_free(s->cipher_list);
519 	sk_SSL_CIPHER_free(s->internal->cipher_list_by_id);
520 
521 	/* Make the next call work :-) */
522 	if (s->session != NULL) {
523 		ssl_clear_bad_session(s);
524 		SSL_SESSION_free(s->session);
525 	}
526 
527 	ssl_clear_cipher_state(s);
528 
529 	ssl_cert_free(s->cert);
530 
531 	free(s->tlsext_hostname);
532 	SSL_CTX_free(s->initial_ctx);
533 
534 	free(s->internal->tlsext_ecpointformatlist);
535 	free(s->internal->tlsext_supportedgroups);
536 
537 	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
538 	    X509_EXTENSION_free);
539 	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
540 	free(s->internal->tlsext_ocsp_resp);
541 
542 	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
543 
544 	if (s->method != NULL)
545 		s->method->internal->ssl_free(s);
546 
547 	SSL_CTX_free(s->ctx);
548 
549 	free(s->internal->alpn_client_proto_list);
550 
551 #ifndef OPENSSL_NO_SRTP
552 	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
553 #endif
554 
555 	free(s->internal);
556 	free(s);
557 }
558 
559 int
560 SSL_up_ref(SSL *s)
561 {
562 	int refs = CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
563 	return (refs > 1) ? 1 : 0;
564 }
565 
566 void
567 SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
568 {
569 	/* If the output buffering BIO is still in place, remove it */
570 	if (s->bbio != NULL) {
571 		if (s->wbio == s->bbio) {
572 			s->wbio = s->wbio->next_bio;
573 			s->bbio->next_bio = NULL;
574 		}
575 	}
576 
577 	if (s->rbio != rbio && s->rbio != s->wbio)
578 		BIO_free_all(s->rbio);
579 	if (s->wbio != wbio)
580 		BIO_free_all(s->wbio);
581 	s->rbio = rbio;
582 	s->wbio = wbio;
583 }
584 
585 BIO *
586 SSL_get_rbio(const SSL *s)
587 {
588 	return (s->rbio);
589 }
590 
591 BIO *
592 SSL_get_wbio(const SSL *s)
593 {
594 	return (s->wbio);
595 }
596 
597 int
598 SSL_get_fd(const SSL *s)
599 {
600 	return (SSL_get_rfd(s));
601 }
602 
603 int
604 SSL_get_rfd(const SSL *s)
605 {
606 	int	 ret = -1;
607 	BIO	*b, *r;
608 
609 	b = SSL_get_rbio(s);
610 	r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
611 	if (r != NULL)
612 		BIO_get_fd(r, &ret);
613 	return (ret);
614 }
615 
616 int
617 SSL_get_wfd(const SSL *s)
618 {
619 	int	 ret = -1;
620 	BIO	*b, *r;
621 
622 	b = SSL_get_wbio(s);
623 	r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
624 	if (r != NULL)
625 		BIO_get_fd(r, &ret);
626 	return (ret);
627 }
628 
629 int
630 SSL_set_fd(SSL *s, int fd)
631 {
632 	int	 ret = 0;
633 	BIO	*bio = NULL;
634 
635 	bio = BIO_new(BIO_s_socket());
636 
637 	if (bio == NULL) {
638 		SSLerror(s, ERR_R_BUF_LIB);
639 		goto err;
640 	}
641 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
642 	SSL_set_bio(s, bio, bio);
643 	ret = 1;
644 err:
645 	return (ret);
646 }
647 
648 int
649 SSL_set_wfd(SSL *s, int fd)
650 {
651 	int	 ret = 0;
652 	BIO	*bio = NULL;
653 
654 	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
655 	    || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
656 		bio = BIO_new(BIO_s_socket());
657 
658 		if (bio == NULL) {
659 			SSLerror(s, ERR_R_BUF_LIB);
660 			goto err;
661 		}
662 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
663 		SSL_set_bio(s, SSL_get_rbio(s), bio);
664 	} else
665 		SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
666 	ret = 1;
667 err:
668 	return (ret);
669 }
670 
671 int
672 SSL_set_rfd(SSL *s, int fd)
673 {
674 	int	 ret = 0;
675 	BIO	*bio = NULL;
676 
677 	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
678 	    || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
679 		bio = BIO_new(BIO_s_socket());
680 
681 		if (bio == NULL) {
682 			SSLerror(s, ERR_R_BUF_LIB);
683 			goto err;
684 		}
685 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
686 		SSL_set_bio(s, bio, SSL_get_wbio(s));
687 	} else
688 		SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
689 	ret = 1;
690 err:
691 	return (ret);
692 }
693 
694 
695 /* return length of latest Finished message we sent, copy to 'buf' */
696 size_t
697 SSL_get_finished(const SSL *s, void *buf, size_t count)
698 {
699 	size_t	ret;
700 
701 	ret = S3I(s)->tmp.finish_md_len;
702 	if (count > ret)
703 		count = ret;
704 	memcpy(buf, S3I(s)->tmp.finish_md, count);
705 	return (ret);
706 }
707 
708 /* return length of latest Finished message we expected, copy to 'buf' */
709 size_t
710 SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
711 {
712 	size_t	ret;
713 
714 	ret = S3I(s)->tmp.peer_finish_md_len;
715 	if (count > ret)
716 		count = ret;
717 	memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
718 	return (ret);
719 }
720 
721 
722 int
723 SSL_get_verify_mode(const SSL *s)
724 {
725 	return (s->verify_mode);
726 }
727 
728 int
729 SSL_get_verify_depth(const SSL *s)
730 {
731 	return (X509_VERIFY_PARAM_get_depth(s->param));
732 }
733 
734 int
735 (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
736 {
737 	return (s->internal->verify_callback);
738 }
739 
740 int
741 SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
742 {
743 	return (ctx->verify_mode);
744 }
745 
746 int
747 SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
748 {
749 	return (X509_VERIFY_PARAM_get_depth(ctx->param));
750 }
751 
752 int
753 (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
754 {
755 	return (ctx->internal->default_verify_callback);
756 }
757 
758 void
759 SSL_set_verify(SSL *s, int mode,
760     int (*callback)(int ok, X509_STORE_CTX *ctx))
761 {
762 	s->verify_mode = mode;
763 	if (callback != NULL)
764 		s->internal->verify_callback = callback;
765 }
766 
767 void
768 SSL_set_verify_depth(SSL *s, int depth)
769 {
770 	X509_VERIFY_PARAM_set_depth(s->param, depth);
771 }
772 
773 void
774 SSL_set_read_ahead(SSL *s, int yes)
775 {
776 	s->internal->read_ahead = yes;
777 }
778 
779 int
780 SSL_get_read_ahead(const SSL *s)
781 {
782 	return (s->internal->read_ahead);
783 }
784 
785 int
786 SSL_pending(const SSL *s)
787 {
788 	/*
789 	 * SSL_pending cannot work properly if read-ahead is enabled
790 	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
791 	 * and it is impossible to fix since SSL_pending cannot report
792 	 * errors that may be observed while scanning the new data.
793 	 * (Note that SSL_pending() is often used as a boolean value,
794 	 * so we'd better not return -1.)
795 	 */
796 	return (ssl3_pending(s));
797 }
798 
799 X509 *
800 SSL_get_peer_certificate(const SSL *s)
801 {
802 	X509	*r;
803 
804 	if ((s == NULL) || (s->session == NULL))
805 		r = NULL;
806 	else
807 		r = s->session->peer;
808 
809 	if (r == NULL)
810 		return (r);
811 
812 	CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
813 
814 	return (r);
815 }
816 
817 STACK_OF(X509) *
818 SSL_get_peer_cert_chain(const SSL *s)
819 {
820 	STACK_OF(X509)	*r;
821 
822 	if ((s == NULL) || (s->session == NULL) ||
823 	    (SSI(s)->sess_cert == NULL))
824 		r = NULL;
825 	else
826 		r = SSI(s)->sess_cert->cert_chain;
827 
828 	/*
829 	 * If we are a client, cert_chain includes the peer's own
830 	 * certificate;
831 	 * if we are a server, it does not.
832 	 */
833 	return (r);
834 }
835 
836 /*
837  * Now in theory, since the calling process own 't' it should be safe to
838  * modify.  We need to be able to read f without being hassled
839  */
840 int
841 SSL_copy_session_id(SSL *t, const SSL *f)
842 {
843 	CERT	*tmp;
844 
845 	/* Do we need to do SSL locking? */
846 	if (!SSL_set_session(t, SSL_get_session(f)))
847 		return 0;
848 
849 	/* What if we are set up for one protocol but want to talk another? */
850 	if (t->method != f->method) {
851 		t->method->internal->ssl_free(t);
852 		t->method = f->method;
853 		if (!t->method->internal->ssl_new(t))
854 			return 0;
855 	}
856 
857 	tmp = t->cert;
858 	if (f->cert != NULL) {
859 		CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
860 		t->cert = f->cert;
861 	} else
862 		t->cert = NULL;
863 	ssl_cert_free(tmp);
864 
865 	if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
866 		return 0;
867 
868 	return 1;
869 }
870 
871 /* Fix this so it checks all the valid key/cert options */
872 int
873 SSL_CTX_check_private_key(const SSL_CTX *ctx)
874 {
875 	if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
876 	    (ctx->internal->cert->key->x509 == NULL)) {
877 		SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
878 		return (0);
879 	}
880 	if (ctx->internal->cert->key->privatekey == NULL) {
881 		SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
882 		return (0);
883 	}
884 	return (X509_check_private_key(ctx->internal->cert->key->x509,
885 	    ctx->internal->cert->key->privatekey));
886 }
887 
888 /* Fix this function so that it takes an optional type parameter */
889 int
890 SSL_check_private_key(const SSL *ssl)
891 {
892 	if (ssl == NULL) {
893 		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
894 		return (0);
895 	}
896 	if (ssl->cert == NULL) {
897 		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
898 		return (0);
899 	}
900 	if (ssl->cert->key->x509 == NULL) {
901 		SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
902 		return (0);
903 	}
904 	if (ssl->cert->key->privatekey == NULL) {
905 		SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
906 		return (0);
907 	}
908 	return (X509_check_private_key(ssl->cert->key->x509,
909 	    ssl->cert->key->privatekey));
910 }
911 
912 int
913 SSL_accept(SSL *s)
914 {
915 	if (s->internal->handshake_func == NULL)
916 		SSL_set_accept_state(s); /* Not properly initialized yet */
917 
918 	return (s->method->internal->ssl_accept(s));
919 }
920 
921 int
922 SSL_connect(SSL *s)
923 {
924 	if (s->internal->handshake_func == NULL)
925 		SSL_set_connect_state(s); /* Not properly initialized yet */
926 
927 	return (s->method->internal->ssl_connect(s));
928 }
929 
930 int
931 SSL_is_server(const SSL *s)
932 {
933 	return s->server;
934 }
935 
936 long
937 SSL_get_default_timeout(const SSL *s)
938 {
939 	return (s->method->internal->get_timeout());
940 }
941 
942 int
943 SSL_read(SSL *s, void *buf, int num)
944 {
945 	if (s->internal->handshake_func == NULL) {
946 		SSLerror(s, SSL_R_UNINITIALIZED);
947 		return (-1);
948 	}
949 
950 	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
951 		s->internal->rwstate = SSL_NOTHING;
952 		return (0);
953 	}
954 	return ssl3_read(s, buf, num);
955 }
956 
957 int
958 SSL_peek(SSL *s, void *buf, int num)
959 {
960 	if (s->internal->handshake_func == NULL) {
961 		SSLerror(s, SSL_R_UNINITIALIZED);
962 		return (-1);
963 	}
964 
965 	if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) {
966 		return (0);
967 	}
968 	return ssl3_peek(s, buf, num);
969 }
970 
971 int
972 SSL_write(SSL *s, const void *buf, int num)
973 {
974 	if (s->internal->handshake_func == NULL) {
975 		SSLerror(s, SSL_R_UNINITIALIZED);
976 		return (-1);
977 	}
978 
979 	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
980 		s->internal->rwstate = SSL_NOTHING;
981 		SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
982 		return (-1);
983 	}
984 	return ssl3_write(s, buf, num);
985 }
986 
987 int
988 SSL_shutdown(SSL *s)
989 {
990 	/*
991 	 * Note that this function behaves differently from what one might
992 	 * expect.  Return values are 0 for no success (yet),
993 	 * 1 for success; but calling it once is usually not enough,
994 	 * even if blocking I/O is used (see ssl3_shutdown).
995 	 */
996 
997 	if (s->internal->handshake_func == NULL) {
998 		SSLerror(s, SSL_R_UNINITIALIZED);
999 		return (-1);
1000 	}
1001 
1002 	if (s != NULL && !SSL_in_init(s))
1003 		return (ssl3_shutdown(s));
1004 
1005 	return (1);
1006 }
1007 
1008 int
1009 SSL_renegotiate(SSL *s)
1010 {
1011 	if (s->internal->renegotiate == 0)
1012 		s->internal->renegotiate = 1;
1013 
1014 	s->internal->new_session = 1;
1015 
1016 	return (s->method->internal->ssl_renegotiate(s));
1017 }
1018 
1019 int
1020 SSL_renegotiate_abbreviated(SSL *s)
1021 {
1022 	if (s->internal->renegotiate == 0)
1023 		s->internal->renegotiate = 1;
1024 
1025 	s->internal->new_session = 0;
1026 
1027 	return (s->method->internal->ssl_renegotiate(s));
1028 }
1029 
1030 int
1031 SSL_renegotiate_pending(SSL *s)
1032 {
1033 	/*
1034 	 * Becomes true when negotiation is requested;
1035 	 * false again once a handshake has finished.
1036 	 */
1037 	return (s->internal->renegotiate != 0);
1038 }
1039 
1040 long
1041 SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1042 {
1043 	long	l;
1044 
1045 	switch (cmd) {
1046 	case SSL_CTRL_GET_READ_AHEAD:
1047 		return (s->internal->read_ahead);
1048 	case SSL_CTRL_SET_READ_AHEAD:
1049 		l = s->internal->read_ahead;
1050 		s->internal->read_ahead = larg;
1051 		return (l);
1052 
1053 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1054 		s->internal->msg_callback_arg = parg;
1055 		return (1);
1056 
1057 	case SSL_CTRL_OPTIONS:
1058 		return (s->internal->options|=larg);
1059 	case SSL_CTRL_CLEAR_OPTIONS:
1060 		return (s->internal->options&=~larg);
1061 	case SSL_CTRL_MODE:
1062 		return (s->internal->mode|=larg);
1063 	case SSL_CTRL_CLEAR_MODE:
1064 		return (s->internal->mode &=~larg);
1065 	case SSL_CTRL_GET_MAX_CERT_LIST:
1066 		return (s->internal->max_cert_list);
1067 	case SSL_CTRL_SET_MAX_CERT_LIST:
1068 		l = s->internal->max_cert_list;
1069 		s->internal->max_cert_list = larg;
1070 		return (l);
1071 	case SSL_CTRL_SET_MTU:
1072 #ifndef OPENSSL_NO_DTLS1
1073 		if (larg < (long)dtls1_min_mtu())
1074 			return (0);
1075 #endif
1076 		if (SSL_IS_DTLS(s)) {
1077 			D1I(s)->mtu = larg;
1078 			return (larg);
1079 		}
1080 		return (0);
1081 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1082 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1083 			return (0);
1084 		s->max_send_fragment = larg;
1085 		return (1);
1086 	case SSL_CTRL_GET_RI_SUPPORT:
1087 		if (s->s3)
1088 			return (S3I(s)->send_connection_binding);
1089 		else return (0);
1090 	default:
1091 		if (SSL_IS_DTLS(s))
1092 			return dtls1_ctrl(s, cmd, larg, parg);
1093 		return ssl3_ctrl(s, cmd, larg, parg);
1094 	}
1095 }
1096 
1097 long
1098 SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1099 {
1100 	switch (cmd) {
1101 	case SSL_CTRL_SET_MSG_CALLBACK:
1102 		s->internal->msg_callback = (void (*)(int write_p, int version,
1103 		    int content_type, const void *buf, size_t len,
1104 		    SSL *ssl, void *arg))(fp);
1105 		return (1);
1106 
1107 	default:
1108 		return (ssl3_callback_ctrl(s, cmd, fp));
1109 	}
1110 }
1111 
1112 struct lhash_st_SSL_SESSION *
1113 SSL_CTX_sessions(SSL_CTX *ctx)
1114 {
1115 	return (ctx->internal->sessions);
1116 }
1117 
1118 long
1119 SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1120 {
1121 	long	l;
1122 
1123 	switch (cmd) {
1124 	case SSL_CTRL_GET_READ_AHEAD:
1125 		return (ctx->internal->read_ahead);
1126 	case SSL_CTRL_SET_READ_AHEAD:
1127 		l = ctx->internal->read_ahead;
1128 		ctx->internal->read_ahead = larg;
1129 		return (l);
1130 
1131 	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1132 		ctx->internal->msg_callback_arg = parg;
1133 		return (1);
1134 
1135 	case SSL_CTRL_GET_MAX_CERT_LIST:
1136 		return (ctx->internal->max_cert_list);
1137 	case SSL_CTRL_SET_MAX_CERT_LIST:
1138 		l = ctx->internal->max_cert_list;
1139 		ctx->internal->max_cert_list = larg;
1140 		return (l);
1141 
1142 	case SSL_CTRL_SET_SESS_CACHE_SIZE:
1143 		l = ctx->internal->session_cache_size;
1144 		ctx->internal->session_cache_size = larg;
1145 		return (l);
1146 	case SSL_CTRL_GET_SESS_CACHE_SIZE:
1147 		return (ctx->internal->session_cache_size);
1148 	case SSL_CTRL_SET_SESS_CACHE_MODE:
1149 		l = ctx->internal->session_cache_mode;
1150 		ctx->internal->session_cache_mode = larg;
1151 		return (l);
1152 	case SSL_CTRL_GET_SESS_CACHE_MODE:
1153 		return (ctx->internal->session_cache_mode);
1154 
1155 	case SSL_CTRL_SESS_NUMBER:
1156 		return (lh_SSL_SESSION_num_items(ctx->internal->sessions));
1157 	case SSL_CTRL_SESS_CONNECT:
1158 		return (ctx->internal->stats.sess_connect);
1159 	case SSL_CTRL_SESS_CONNECT_GOOD:
1160 		return (ctx->internal->stats.sess_connect_good);
1161 	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1162 		return (ctx->internal->stats.sess_connect_renegotiate);
1163 	case SSL_CTRL_SESS_ACCEPT:
1164 		return (ctx->internal->stats.sess_accept);
1165 	case SSL_CTRL_SESS_ACCEPT_GOOD:
1166 		return (ctx->internal->stats.sess_accept_good);
1167 	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1168 		return (ctx->internal->stats.sess_accept_renegotiate);
1169 	case SSL_CTRL_SESS_HIT:
1170 		return (ctx->internal->stats.sess_hit);
1171 	case SSL_CTRL_SESS_CB_HIT:
1172 		return (ctx->internal->stats.sess_cb_hit);
1173 	case SSL_CTRL_SESS_MISSES:
1174 		return (ctx->internal->stats.sess_miss);
1175 	case SSL_CTRL_SESS_TIMEOUTS:
1176 		return (ctx->internal->stats.sess_timeout);
1177 	case SSL_CTRL_SESS_CACHE_FULL:
1178 		return (ctx->internal->stats.sess_cache_full);
1179 	case SSL_CTRL_OPTIONS:
1180 		return (ctx->internal->options|=larg);
1181 	case SSL_CTRL_CLEAR_OPTIONS:
1182 		return (ctx->internal->options&=~larg);
1183 	case SSL_CTRL_MODE:
1184 		return (ctx->internal->mode|=larg);
1185 	case SSL_CTRL_CLEAR_MODE:
1186 		return (ctx->internal->mode&=~larg);
1187 	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1188 		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1189 			return (0);
1190 		ctx->internal->max_send_fragment = larg;
1191 		return (1);
1192 	default:
1193 		return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
1194 	}
1195 }
1196 
1197 long
1198 SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1199 {
1200 	switch (cmd) {
1201 	case SSL_CTRL_SET_MSG_CALLBACK:
1202 		ctx->internal->msg_callback = (void (*)(int write_p, int version,
1203 		    int content_type, const void *buf, size_t len, SSL *ssl,
1204 		    void *arg))(fp);
1205 		return (1);
1206 
1207 	default:
1208 		return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
1209 	}
1210 }
1211 
1212 int
1213 ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1214 {
1215 	long	l;
1216 
1217 	l = a->id - b->id;
1218 	if (l == 0L)
1219 		return (0);
1220 	else
1221 		return ((l > 0) ? 1:-1);
1222 }
1223 
1224 int
1225 ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1226     const SSL_CIPHER * const *bp)
1227 {
1228 	long	l;
1229 
1230 	l = (*ap)->id - (*bp)->id;
1231 	if (l == 0L)
1232 		return (0);
1233 	else
1234 		return ((l > 0) ? 1:-1);
1235 }
1236 
1237 /*
1238  * Return a STACK of the ciphers available for the SSL and in order of
1239  * preference.
1240  */
1241 STACK_OF(SSL_CIPHER) *
1242 SSL_get_ciphers(const SSL *s)
1243 {
1244 	if (s != NULL) {
1245 		if (s->cipher_list != NULL) {
1246 			return (s->cipher_list);
1247 		} else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1248 			return (s->ctx->cipher_list);
1249 		}
1250 	}
1251 	return (NULL);
1252 }
1253 
1254 STACK_OF(SSL_CIPHER) *
1255 SSL_get_client_ciphers(const SSL *s)
1256 {
1257 	if (s == NULL || s->session == NULL || !s->server)
1258 		return NULL;
1259 	return s->session->ciphers;
1260 }
1261 
1262 STACK_OF(SSL_CIPHER) *
1263 SSL_get1_supported_ciphers(SSL *s)
1264 {
1265 	STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
1266 	const SSL_CIPHER *cipher;
1267 	uint16_t min_vers, max_vers;
1268 	int i;
1269 
1270 	if (s == NULL)
1271 		return NULL;
1272 	if (!ssl_supported_version_range(s, &min_vers, &max_vers))
1273 		return NULL;
1274 	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1275 		return NULL;
1276 	if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
1277 		return NULL;
1278 
1279 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1280 		if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1281 			goto err;
1282 		if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers))
1283 			continue;
1284 		if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
1285 			goto err;
1286 	}
1287 
1288 	if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
1289 		return supported_ciphers;
1290 
1291  err:
1292 	sk_SSL_CIPHER_free(supported_ciphers);
1293 	return NULL;
1294 }
1295 
1296 /*
1297  * Return a STACK of the ciphers available for the SSL and in order of
1298  * algorithm id.
1299  */
1300 STACK_OF(SSL_CIPHER) *
1301 ssl_get_ciphers_by_id(SSL *s)
1302 {
1303 	if (s != NULL) {
1304 		if (s->internal->cipher_list_by_id != NULL) {
1305 			return (s->internal->cipher_list_by_id);
1306 		} else if ((s->ctx != NULL) &&
1307 		    (s->ctx->internal->cipher_list_by_id != NULL)) {
1308 			return (s->ctx->internal->cipher_list_by_id);
1309 		}
1310 	}
1311 	return (NULL);
1312 }
1313 
1314 /* See if we have any ECC cipher suites. */
1315 int
1316 ssl_has_ecc_ciphers(SSL *s)
1317 {
1318 	STACK_OF(SSL_CIPHER) *ciphers;
1319 	unsigned long alg_k, alg_a;
1320 	SSL_CIPHER *cipher;
1321 	int i;
1322 
1323 	if (s->version == DTLS1_VERSION)
1324 		return 0;
1325 	if ((ciphers = SSL_get_ciphers(s)) == NULL)
1326 		return 0;
1327 
1328 	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1329 		cipher = sk_SSL_CIPHER_value(ciphers, i);
1330 
1331 		alg_k = cipher->algorithm_mkey;
1332 		alg_a = cipher->algorithm_auth;
1333 
1334 		if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
1335 			return 1;
1336 	}
1337 
1338 	return 0;
1339 }
1340 
1341 /* The old interface to get the same thing as SSL_get_ciphers(). */
1342 const char *
1343 SSL_get_cipher_list(const SSL *s, int n)
1344 {
1345 	SSL_CIPHER		*c;
1346 	STACK_OF(SSL_CIPHER)	*sk;
1347 
1348 	if (s == NULL)
1349 		return (NULL);
1350 	sk = SSL_get_ciphers(s);
1351 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1352 		return (NULL);
1353 	c = sk_SSL_CIPHER_value(sk, n);
1354 	if (c == NULL)
1355 		return (NULL);
1356 	return (c->name);
1357 }
1358 
1359 STACK_OF(SSL_CIPHER) *
1360 SSL_CTX_get_ciphers(const SSL_CTX *ctx)
1361 {
1362 	return ctx->cipher_list;
1363 }
1364 
1365 /* Specify the ciphers to be used by default by the SSL_CTX. */
1366 int
1367 SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1368 {
1369 	STACK_OF(SSL_CIPHER)	*sk;
1370 
1371 	sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1372 	    &ctx->internal->cipher_list_by_id, str);
1373 	/*
1374 	 * ssl_create_cipher_list may return an empty stack if it
1375 	 * was unable to find a cipher matching the given rule string
1376 	 * (for example if the rule string specifies a cipher which
1377 	 * has been disabled). This is not an error as far as
1378 	 * ssl_create_cipher_list is concerned, and hence
1379 	 * ctx->cipher_list and ctx->internal->cipher_list_by_id has been
1380 	 * updated.
1381 	 */
1382 	if (sk == NULL)
1383 		return (0);
1384 	else if (sk_SSL_CIPHER_num(sk) == 0) {
1385 		SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1386 		return (0);
1387 	}
1388 	return (1);
1389 }
1390 
1391 /* Specify the ciphers to be used by the SSL. */
1392 int
1393 SSL_set_cipher_list(SSL *s, const char *str)
1394 {
1395 	STACK_OF(SSL_CIPHER)	*sk;
1396 
1397 	sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1398 	&s->internal->cipher_list_by_id, str);
1399 	/* see comment in SSL_CTX_set_cipher_list */
1400 	if (sk == NULL)
1401 		return (0);
1402 	else if (sk_SSL_CIPHER_num(sk) == 0) {
1403 		SSLerror(s, SSL_R_NO_CIPHER_MATCH);
1404 		return (0);
1405 	}
1406 	return (1);
1407 }
1408 
1409 /* works well for SSLv2, not so good for SSLv3 */
1410 char *
1411 SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1412 {
1413 	char			*end;
1414 	STACK_OF(SSL_CIPHER)	*sk;
1415 	SSL_CIPHER		*c;
1416 	size_t			 curlen = 0;
1417 	int			 i;
1418 
1419 	if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1420 		return (NULL);
1421 
1422 	sk = s->session->ciphers;
1423 	if (sk_SSL_CIPHER_num(sk) == 0)
1424 		return (NULL);
1425 
1426 	buf[0] = '\0';
1427 	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1428 		c = sk_SSL_CIPHER_value(sk, i);
1429 		end = buf + curlen;
1430 		if (strlcat(buf, c->name, len) >= len ||
1431 		    (curlen = strlcat(buf, ":", len)) >= len) {
1432 			/* remove truncated cipher from list */
1433 			*end = '\0';
1434 			break;
1435 		}
1436 	}
1437 	/* remove trailing colon */
1438 	if ((end = strrchr(buf, ':')) != NULL)
1439 		*end = '\0';
1440 	return (buf);
1441 }
1442 
1443 /*
1444  * Return a servername extension value if provided in Client Hello, or NULL.
1445  * So far, only host_name types are defined (RFC 3546).
1446  */
1447 const char *
1448 SSL_get_servername(const SSL *s, const int type)
1449 {
1450 	if (type != TLSEXT_NAMETYPE_host_name)
1451 		return (NULL);
1452 
1453 	return (s->session && !s->tlsext_hostname ?
1454 	    s->session->tlsext_hostname :
1455 	    s->tlsext_hostname);
1456 }
1457 
1458 int
1459 SSL_get_servername_type(const SSL *s)
1460 {
1461 	if (s->session &&
1462 	    (!s->tlsext_hostname ?
1463 	    s->session->tlsext_hostname : s->tlsext_hostname))
1464 		return (TLSEXT_NAMETYPE_host_name);
1465 	return (-1);
1466 }
1467 
1468 /*
1469  * SSL_select_next_proto implements standard protocol selection. It is
1470  * expected that this function is called from the callback set by
1471  * SSL_CTX_set_alpn_select_cb.
1472  *
1473  * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1474  * strings. The length byte itself is not included in the length. A byte
1475  * string of length 0 is invalid. No byte string may be truncated.
1476  *
1477  * It returns either:
1478  * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1479  * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1480  */
1481 int
1482 SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1483     const unsigned char *server, unsigned int server_len,
1484     const unsigned char *client, unsigned int client_len)
1485 {
1486 	unsigned int		 i, j;
1487 	const unsigned char	*result;
1488 	int			 status = OPENSSL_NPN_UNSUPPORTED;
1489 
1490 	/*
1491 	 * For each protocol in server preference order,
1492 	 * see if we support it.
1493 	 */
1494 	for (i = 0; i < server_len; ) {
1495 		for (j = 0; j < client_len; ) {
1496 			if (server[i] == client[j] &&
1497 			    memcmp(&server[i + 1],
1498 			    &client[j + 1], server[i]) == 0) {
1499 				/* We found a match */
1500 				result = &server[i];
1501 				status = OPENSSL_NPN_NEGOTIATED;
1502 				goto found;
1503 			}
1504 			j += client[j];
1505 			j++;
1506 		}
1507 		i += server[i];
1508 		i++;
1509 	}
1510 
1511 	/* There's no overlap between our protocols and the server's list. */
1512 	result = client;
1513 	status = OPENSSL_NPN_NO_OVERLAP;
1514 
1515 found:
1516 	*out = (unsigned char *) result + 1;
1517 	*outlen = result[0];
1518 	return (status);
1519 }
1520 
1521 /* SSL_get0_next_proto_negotiated is deprecated. */
1522 void
1523 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1524     unsigned *len)
1525 {
1526 	*data = NULL;
1527 	*len = 0;
1528 }
1529 
1530 /* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
1531 void
1532 SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1533     const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1534 {
1535 }
1536 
1537 /* SSL_CTX_set_next_proto_select_cb is deprecated. */
1538 void
1539 SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1540     unsigned char **out, unsigned char *outlen, const unsigned char *in,
1541     unsigned int inlen, void *arg), void *arg)
1542 {
1543 }
1544 
1545 /*
1546  * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1547  * protocols, which must be in wire-format (i.e. a series of non-empty,
1548  * 8-bit length-prefixed strings). Returns 0 on success.
1549  */
1550 int
1551 SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1552     unsigned int protos_len)
1553 {
1554 	int failed = 1;
1555 
1556 	if (protos == NULL || protos_len == 0)
1557 		goto err;
1558 
1559 	free(ctx->internal->alpn_client_proto_list);
1560 	ctx->internal->alpn_client_proto_list = NULL;
1561 	ctx->internal->alpn_client_proto_list_len = 0;
1562 
1563 	if ((ctx->internal->alpn_client_proto_list = malloc(protos_len))
1564 	    == NULL)
1565 		goto err;
1566 	ctx->internal->alpn_client_proto_list_len = protos_len;
1567 
1568 	memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len);
1569 
1570 	failed = 0;
1571 
1572  err:
1573 	/* NOTE: Return values are the reverse of what you expect. */
1574 	return (failed);
1575 }
1576 
1577 /*
1578  * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1579  * protocols, which must be in wire-format (i.e. a series of non-empty,
1580  * 8-bit length-prefixed strings). Returns 0 on success.
1581  */
1582 int
1583 SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1584     unsigned int protos_len)
1585 {
1586 	int failed = 1;
1587 
1588 	if (protos == NULL || protos_len == 0)
1589 		goto err;
1590 
1591 	free(ssl->internal->alpn_client_proto_list);
1592 	ssl->internal->alpn_client_proto_list = NULL;
1593 	ssl->internal->alpn_client_proto_list_len = 0;
1594 
1595 	if ((ssl->internal->alpn_client_proto_list = malloc(protos_len))
1596 	    == NULL)
1597 		goto err;
1598 	ssl->internal->alpn_client_proto_list_len = protos_len;
1599 
1600 	memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len);
1601 
1602 	failed = 0;
1603 
1604  err:
1605 	/* NOTE: Return values are the reverse of what you expect. */
1606 	return (failed);
1607 }
1608 
1609 /*
1610  * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1611  * ClientHello processing in order to select an ALPN protocol from the
1612  * client's list of offered protocols.
1613  */
1614 void
1615 SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1616     int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1617     const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1618 {
1619 	ctx->internal->alpn_select_cb = cb;
1620 	ctx->internal->alpn_select_cb_arg = arg;
1621 }
1622 
1623 /*
1624  * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1625  * it sets data to point to len bytes of protocol name (not including the
1626  * leading length-prefix byte). If the server didn't respond with* a negotiated
1627  * protocol then len will be zero.
1628  */
1629 void
1630 SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1631     unsigned *len)
1632 {
1633 	*data = NULL;
1634 	*len = 0;
1635 
1636 	*data = ssl->s3->internal->alpn_selected;
1637 	*len = ssl->s3->internal->alpn_selected_len;
1638 }
1639 
1640 int
1641 SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1642     const char *label, size_t llen, const unsigned char *p, size_t plen,
1643     int use_context)
1644 {
1645 	return (tls1_export_keying_material(s, out, olen,
1646 	    label, llen, p, plen, use_context));
1647 }
1648 
1649 static unsigned long
1650 ssl_session_hash(const SSL_SESSION *a)
1651 {
1652 	unsigned long	l;
1653 
1654 	l = (unsigned long)
1655 	    ((unsigned int) a->session_id[0]     )|
1656 	    ((unsigned int) a->session_id[1]<< 8L)|
1657 	    ((unsigned long)a->session_id[2]<<16L)|
1658 	    ((unsigned long)a->session_id[3]<<24L);
1659 	return (l);
1660 }
1661 
1662 /*
1663  * NB: If this function (or indeed the hash function which uses a sort of
1664  * coarser function than this one) is changed, ensure
1665  * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1666  * able to construct an SSL_SESSION that will collide with any existing session
1667  * with a matching session ID.
1668  */
1669 static int
1670 ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1671 {
1672 	if (a->ssl_version != b->ssl_version)
1673 		return (1);
1674 	if (a->session_id_length != b->session_id_length)
1675 		return (1);
1676 	if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1677 		return (1);
1678 	return (0);
1679 }
1680 
1681 /*
1682  * These wrapper functions should remain rather than redeclaring
1683  * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1684  * variable. The reason is that the functions aren't static, they're exposed via
1685  * ssl.h.
1686  */
1687 static unsigned long
1688 ssl_session_LHASH_HASH(const void *arg)
1689 {
1690 	const SSL_SESSION *a = arg;
1691 
1692 	return ssl_session_hash(a);
1693 }
1694 
1695 static int
1696 ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
1697 {
1698 	const SSL_SESSION *a = arg1;
1699 	const SSL_SESSION *b = arg2;
1700 
1701 	return ssl_session_cmp(a, b);
1702 }
1703 
1704 SSL_CTX *
1705 SSL_CTX_new(const SSL_METHOD *meth)
1706 {
1707 	SSL_CTX	*ret;
1708 
1709 	if (!OPENSSL_init_ssl(0, NULL)) {
1710 		SSLerrorx(SSL_R_LIBRARY_BUG);
1711 		return (NULL);
1712 	}
1713 
1714 	if (meth == NULL) {
1715 		SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
1716 		return (NULL);
1717 	}
1718 
1719 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
1720 		SSLerrorx(ERR_R_MALLOC_FAILURE);
1721 		return (NULL);
1722 	}
1723 	if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
1724 		free(ret);
1725 		SSLerrorx(ERR_R_MALLOC_FAILURE);
1726 		return (NULL);
1727 	}
1728 
1729 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1730 		SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1731 		goto err;
1732 	}
1733 
1734 	ret->method = meth;
1735 	ret->internal->min_version = meth->internal->min_version;
1736 	ret->internal->max_version = meth->internal->max_version;
1737 
1738 	ret->cert_store = NULL;
1739 	ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER;
1740 	ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1741 	ret->internal->session_cache_head = NULL;
1742 	ret->internal->session_cache_tail = NULL;
1743 
1744 	/* We take the system default */
1745 	ret->session_timeout = meth->internal->get_timeout();
1746 
1747 	ret->internal->new_session_cb = 0;
1748 	ret->internal->remove_session_cb = 0;
1749 	ret->internal->get_session_cb = 0;
1750 	ret->internal->generate_session_id = 0;
1751 
1752 	memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats));
1753 
1754 	ret->references = 1;
1755 	ret->internal->quiet_shutdown = 0;
1756 
1757 	ret->internal->info_callback = NULL;
1758 
1759 	ret->internal->app_verify_callback = 0;
1760 	ret->internal->app_verify_arg = NULL;
1761 
1762 	ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1763 	ret->internal->read_ahead = 0;
1764 	ret->internal->msg_callback = 0;
1765 	ret->internal->msg_callback_arg = NULL;
1766 	ret->verify_mode = SSL_VERIFY_NONE;
1767 	ret->sid_ctx_length = 0;
1768 	ret->internal->default_verify_callback = NULL;
1769 
1770 	if ((ret->internal->cert = ssl_cert_new()) == NULL)
1771 		goto err;
1772 
1773 	ret->default_passwd_callback = 0;
1774 	ret->default_passwd_callback_userdata = NULL;
1775 	ret->internal->client_cert_cb = 0;
1776 	ret->internal->app_gen_cookie_cb = 0;
1777 	ret->internal->app_verify_cookie_cb = 0;
1778 
1779 	ret->internal->sessions = lh_SSL_SESSION_new();
1780 	if (ret->internal->sessions == NULL)
1781 		goto err;
1782 	ret->cert_store = X509_STORE_new();
1783 	if (ret->cert_store == NULL)
1784 		goto err;
1785 
1786 	ssl_create_cipher_list(ret->method, &ret->cipher_list,
1787 	    &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1788 	if (ret->cipher_list == NULL ||
1789 	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1790 		SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
1791 		goto err2;
1792 	}
1793 
1794 	ret->param = X509_VERIFY_PARAM_new();
1795 	if (!ret->param)
1796 		goto err;
1797 
1798 	if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL)
1799 		goto err;
1800 
1801 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data);
1802 
1803 	ret->extra_certs = NULL;
1804 
1805 	ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1806 
1807 	ret->internal->tlsext_servername_callback = 0;
1808 	ret->internal->tlsext_servername_arg = NULL;
1809 
1810 	/* Setup RFC4507 ticket keys */
1811 	arc4random_buf(ret->internal->tlsext_tick_key_name, 16);
1812 	arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16);
1813 	arc4random_buf(ret->internal->tlsext_tick_aes_key, 16);
1814 
1815 	ret->internal->tlsext_status_cb = 0;
1816 	ret->internal->tlsext_status_arg = NULL;
1817 
1818 #ifndef OPENSSL_NO_ENGINE
1819 	ret->internal->client_cert_engine = NULL;
1820 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1821 #define eng_strx(x)	#x
1822 #define eng_str(x)	eng_strx(x)
1823 	/* Use specific client engine automatically... ignore errors */
1824 	{
1825 		ENGINE *eng;
1826 		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1827 		if (!eng) {
1828 			ERR_clear_error();
1829 			ENGINE_load_builtin_engines();
1830 			eng = ENGINE_by_id(eng_str(
1831 			    OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1832 		}
1833 		if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1834 			ERR_clear_error();
1835 	}
1836 #endif
1837 #endif
1838 	/*
1839 	 * Default is to connect to non-RI servers. When RI is more widely
1840 	 * deployed might change this.
1841 	 */
1842 	ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1843 
1844 	return (ret);
1845 err:
1846 	SSLerrorx(ERR_R_MALLOC_FAILURE);
1847 err2:
1848 	SSL_CTX_free(ret);
1849 	return (NULL);
1850 }
1851 
1852 void
1853 SSL_CTX_free(SSL_CTX *ctx)
1854 {
1855 	int	i;
1856 
1857 	if (ctx == NULL)
1858 		return;
1859 
1860 	i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
1861 	if (i > 0)
1862 		return;
1863 
1864 	X509_VERIFY_PARAM_free(ctx->param);
1865 
1866 	/*
1867 	 * Free internal session cache. However: the remove_cb() may reference
1868 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1869 	 * after the sessions were flushed.
1870 	 * As the ex_data handling routines might also touch the session cache,
1871 	 * the most secure solution seems to be: empty (flush) the cache, then
1872 	 * free ex_data, then finally free the cache.
1873 	 * (See ticket [openssl.org #212].)
1874 	 */
1875 	if (ctx->internal->sessions != NULL)
1876 		SSL_CTX_flush_sessions(ctx, 0);
1877 
1878 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data);
1879 
1880 	lh_SSL_SESSION_free(ctx->internal->sessions);
1881 
1882 	X509_STORE_free(ctx->cert_store);
1883 	sk_SSL_CIPHER_free(ctx->cipher_list);
1884 	sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);
1885 	ssl_cert_free(ctx->internal->cert);
1886 	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
1887 	sk_X509_pop_free(ctx->extra_certs, X509_free);
1888 
1889 #ifndef OPENSSL_NO_SRTP
1890 	if (ctx->internal->srtp_profiles)
1891 		sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles);
1892 #endif
1893 
1894 #ifndef OPENSSL_NO_ENGINE
1895 	ENGINE_finish(ctx->internal->client_cert_engine);
1896 #endif
1897 
1898 	free(ctx->internal->tlsext_ecpointformatlist);
1899 	free(ctx->internal->tlsext_supportedgroups);
1900 
1901 	free(ctx->internal->alpn_client_proto_list);
1902 
1903 	free(ctx->internal);
1904 	free(ctx);
1905 }
1906 
1907 int
1908 SSL_CTX_up_ref(SSL_CTX *ctx)
1909 {
1910 	int refs = CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
1911 	return ((refs > 1) ? 1 : 0);
1912 }
1913 
1914 pem_password_cb *
1915 SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
1916 {
1917 	return (ctx->default_passwd_callback);
1918 }
1919 
1920 void
1921 SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1922 {
1923 	ctx->default_passwd_callback = cb;
1924 }
1925 
1926 void *
1927 SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
1928 {
1929 	return ctx->default_passwd_callback_userdata;
1930 }
1931 
1932 void
1933 SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1934 {
1935 	ctx->default_passwd_callback_userdata = u;
1936 }
1937 
1938 void
1939 SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
1940     void *), void *arg)
1941 {
1942 	ctx->internal->app_verify_callback = cb;
1943 	ctx->internal->app_verify_arg = arg;
1944 }
1945 
1946 void
1947 SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
1948 {
1949 	ctx->verify_mode = mode;
1950 	ctx->internal->default_verify_callback = cb;
1951 }
1952 
1953 void
1954 SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
1955 {
1956 	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1957 }
1958 
1959 void
1960 ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1961 {
1962 	int		 rsa_enc, rsa_sign, dh_tmp;
1963 	int		 have_ecc_cert;
1964 	unsigned long	 mask_k, mask_a;
1965 	X509		*x = NULL;
1966 	CERT_PKEY	*cpk;
1967 
1968 	if (c == NULL)
1969 		return;
1970 
1971 	dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
1972 	    c->dh_tmp_auto != 0);
1973 
1974 	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
1975 	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
1976 	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1977 	rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1978 	cpk = &(c->pkeys[SSL_PKEY_ECC]);
1979 	have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
1980 
1981 	mask_k = 0;
1982 	mask_a = 0;
1983 
1984 	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
1985 	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1986 		mask_k |= SSL_kGOST;
1987 		mask_a |= SSL_aGOST01;
1988 	}
1989 
1990 	if (rsa_enc)
1991 		mask_k |= SSL_kRSA;
1992 
1993 	if (dh_tmp)
1994 		mask_k |= SSL_kDHE;
1995 
1996 	if (rsa_enc || rsa_sign)
1997 		mask_a |= SSL_aRSA;
1998 
1999 	mask_a |= SSL_aNULL;
2000 
2001 	/*
2002 	 * An ECC certificate may be usable for ECDH and/or
2003 	 * ECDSA cipher suites depending on the key usage extension.
2004 	 */
2005 	if (have_ecc_cert) {
2006 		x = (c->pkeys[SSL_PKEY_ECC]).x509;
2007 
2008 		/* This call populates extension flags (ex_flags). */
2009 		X509_check_purpose(x, -1, 0);
2010 
2011 		/* Key usage, if present, must allow signing. */
2012 		if ((x->ex_flags & EXFLAG_KUSAGE) == 0 ||
2013 		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE))
2014 			mask_a |= SSL_aECDSA;
2015 	}
2016 
2017 	mask_k |= SSL_kECDHE;
2018 
2019 	c->mask_k = mask_k;
2020 	c->mask_a = mask_a;
2021 	c->valid = 1;
2022 }
2023 
2024 /* See if this handshake is using an ECC cipher suite. */
2025 int
2026 ssl_using_ecc_cipher(SSL *s)
2027 {
2028 	unsigned long alg_a, alg_k;
2029 
2030 	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2031 	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
2032 
2033 	return SSI(s)->tlsext_ecpointformatlist != NULL &&
2034 	    SSI(s)->tlsext_ecpointformatlist_length > 0 &&
2035 	    ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
2036 }
2037 
2038 int
2039 ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2040 {
2041 	const SSL_CIPHER	*cs = S3I(s)->hs.new_cipher;
2042 	unsigned long		 alg_a;
2043 
2044 	alg_a = cs->algorithm_auth;
2045 
2046 	if (alg_a & SSL_aECDSA) {
2047 		/* This call populates extension flags (ex_flags). */
2048 		X509_check_purpose(x, -1, 0);
2049 
2050 		/* Key usage, if present, must allow signing. */
2051 		if ((x->ex_flags & EXFLAG_KUSAGE) &&
2052 		    ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
2053 			SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2054 			return (0);
2055 		}
2056 	}
2057 
2058 	return (1);
2059 }
2060 
2061 CERT_PKEY *
2062 ssl_get_server_send_pkey(const SSL *s)
2063 {
2064 	unsigned long	 alg_a;
2065 	CERT		*c;
2066 	int		 i;
2067 
2068 	c = s->cert;
2069 	ssl_set_cert_masks(c, S3I(s)->hs.new_cipher);
2070 
2071 	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
2072 
2073 	if (alg_a & SSL_aECDSA) {
2074 		i = SSL_PKEY_ECC;
2075 	} else if (alg_a & SSL_aRSA) {
2076 		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2077 			i = SSL_PKEY_RSA_SIGN;
2078 		else
2079 			i = SSL_PKEY_RSA_ENC;
2080 	} else if (alg_a & SSL_aGOST01) {
2081 		i = SSL_PKEY_GOST01;
2082 	} else { /* if (alg_a & SSL_aNULL) */
2083 		SSLerror(s, ERR_R_INTERNAL_ERROR);
2084 		return (NULL);
2085 	}
2086 
2087 	return (c->pkeys + i);
2088 }
2089 
2090 EVP_PKEY *
2091 ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2092     const struct ssl_sigalg **sap)
2093 {
2094 	const struct ssl_sigalg *sigalg = NULL;
2095 	EVP_PKEY *pkey = NULL;
2096 	unsigned long	 alg_a;
2097 	CERT		*c;
2098 	int		 idx = -1;
2099 
2100 	alg_a = cipher->algorithm_auth;
2101 	c = s->cert;
2102 
2103 	if (alg_a & SSL_aRSA) {
2104 		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2105 			idx = SSL_PKEY_RSA_SIGN;
2106 		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2107 			idx = SSL_PKEY_RSA_ENC;
2108 	} else if ((alg_a & SSL_aECDSA) &&
2109 	    (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2110 		idx = SSL_PKEY_ECC;
2111 	if (idx == -1) {
2112 		SSLerror(s, ERR_R_INTERNAL_ERROR);
2113 		return (NULL);
2114 	}
2115 
2116 	pkey = c->pkeys[idx].privatekey;
2117 	if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
2118 		SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2119 		return (NULL);
2120 	}
2121 	*pmd = sigalg->md();
2122 	*sap = sigalg;
2123 
2124 	return (pkey);
2125 }
2126 
2127 DH *
2128 ssl_get_auto_dh(SSL *s)
2129 {
2130 	CERT_PKEY *cpk;
2131 	int keylen;
2132 	DH *dhp;
2133 
2134 	if (s->cert->dh_tmp_auto == 2) {
2135 		keylen = 1024;
2136 	} else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
2137 		keylen = 1024;
2138 		if (S3I(s)->hs.new_cipher->strength_bits == 256)
2139 			keylen = 3072;
2140 	} else {
2141 		if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2142 			return (NULL);
2143 		if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2144 			return (NULL);
2145 		keylen = EVP_PKEY_bits(cpk->privatekey);
2146 	}
2147 
2148 	if ((dhp = DH_new()) == NULL)
2149 		return (NULL);
2150 
2151 	dhp->g = BN_new();
2152 	if (dhp->g != NULL)
2153 		BN_set_word(dhp->g, 2);
2154 
2155 	if (keylen >= 8192)
2156 		dhp->p = get_rfc3526_prime_8192(NULL);
2157 	else if (keylen >= 4096)
2158 		dhp->p = get_rfc3526_prime_4096(NULL);
2159 	else if (keylen >= 3072)
2160 		dhp->p = get_rfc3526_prime_3072(NULL);
2161 	else if (keylen >= 2048)
2162 		dhp->p = get_rfc3526_prime_2048(NULL);
2163 	else if (keylen >= 1536)
2164 		dhp->p = get_rfc3526_prime_1536(NULL);
2165 	else
2166 		dhp->p = get_rfc2409_prime_1024(NULL);
2167 
2168 	if (dhp->p == NULL || dhp->g == NULL) {
2169 		DH_free(dhp);
2170 		return (NULL);
2171 	}
2172 	return (dhp);
2173 }
2174 
2175 void
2176 ssl_update_cache(SSL *s, int mode)
2177 {
2178 	int	i;
2179 
2180 	/*
2181 	 * If the session_id_length is 0, we are not supposed to cache it,
2182 	 * and it would be rather hard to do anyway :-)
2183 	 */
2184 	if (s->session->session_id_length == 0)
2185 		return;
2186 
2187 	i = s->session_ctx->internal->session_cache_mode;
2188 	if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2189 	    || SSL_CTX_add_session(s->session_ctx, s->session))
2190 	    && (s->session_ctx->internal->new_session_cb != NULL)) {
2191 		CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2192 		if (!s->session_ctx->internal->new_session_cb(s, s->session))
2193 			SSL_SESSION_free(s->session);
2194 	}
2195 
2196 	/* auto flush every 255 connections */
2197 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2198 	    ((i & mode) == mode)) {
2199 		if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2200 		    s->session_ctx->internal->stats.sess_connect_good :
2201 		    s->session_ctx->internal->stats.sess_accept_good) & 0xff) == 0xff) {
2202 			SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2203 		}
2204 	}
2205 }
2206 
2207 const SSL_METHOD *
2208 SSL_get_ssl_method(SSL *s)
2209 {
2210 	return (s->method);
2211 }
2212 
2213 int
2214 SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2215 {
2216 	int	conn = -1;
2217 	int	ret = 1;
2218 
2219 	if (s->method != meth) {
2220 		if (s->internal->handshake_func != NULL)
2221 			conn = (s->internal->handshake_func == s->method->internal->ssl_connect);
2222 
2223 		if (s->method->internal->version == meth->internal->version)
2224 			s->method = meth;
2225 		else {
2226 			s->method->internal->ssl_free(s);
2227 			s->method = meth;
2228 			ret = s->method->internal->ssl_new(s);
2229 		}
2230 
2231 		if (conn == 1)
2232 			s->internal->handshake_func = meth->internal->ssl_connect;
2233 		else if (conn == 0)
2234 			s->internal->handshake_func = meth->internal->ssl_accept;
2235 	}
2236 	return (ret);
2237 }
2238 
2239 int
2240 SSL_get_error(const SSL *s, int i)
2241 {
2242 	int		 reason;
2243 	unsigned long	 l;
2244 	BIO		*bio;
2245 
2246 	if (i > 0)
2247 		return (SSL_ERROR_NONE);
2248 
2249 	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2250 	 * etc, where we do encode the error */
2251 	if ((l = ERR_peek_error()) != 0) {
2252 		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2253 			return (SSL_ERROR_SYSCALL);
2254 		else
2255 			return (SSL_ERROR_SSL);
2256 	}
2257 
2258 	if ((i < 0) && SSL_want_read(s)) {
2259 		bio = SSL_get_rbio(s);
2260 		if (BIO_should_read(bio)) {
2261 			return (SSL_ERROR_WANT_READ);
2262 		} else if (BIO_should_write(bio)) {
2263 			/*
2264 			 * This one doesn't make too much sense...  We never
2265 			 * try to write to the rbio, and an application
2266 			 * program where rbio and wbio are separate couldn't
2267 			 * even know what it should wait for.  However if we
2268 			 * ever set s->internal->rwstate incorrectly (so that we have
2269 			 * SSL_want_read(s) instead of SSL_want_write(s))
2270 			 * and rbio and wbio *are* the same, this test works
2271 			 * around that bug; so it might be safer to keep it.
2272 			 */
2273 			return (SSL_ERROR_WANT_WRITE);
2274 		} else if (BIO_should_io_special(bio)) {
2275 			reason = BIO_get_retry_reason(bio);
2276 			if (reason == BIO_RR_CONNECT)
2277 				return (SSL_ERROR_WANT_CONNECT);
2278 			else if (reason == BIO_RR_ACCEPT)
2279 				return (SSL_ERROR_WANT_ACCEPT);
2280 			else
2281 				return (SSL_ERROR_SYSCALL); /* unknown */
2282 		}
2283 	}
2284 
2285 	if ((i < 0) && SSL_want_write(s)) {
2286 		bio = SSL_get_wbio(s);
2287 		if (BIO_should_write(bio)) {
2288 			return (SSL_ERROR_WANT_WRITE);
2289 		} else if (BIO_should_read(bio)) {
2290 			/*
2291 			 * See above (SSL_want_read(s) with
2292 			 * BIO_should_write(bio))
2293 			 */
2294 			return (SSL_ERROR_WANT_READ);
2295 		} else if (BIO_should_io_special(bio)) {
2296 			reason = BIO_get_retry_reason(bio);
2297 			if (reason == BIO_RR_CONNECT)
2298 				return (SSL_ERROR_WANT_CONNECT);
2299 			else if (reason == BIO_RR_ACCEPT)
2300 				return (SSL_ERROR_WANT_ACCEPT);
2301 			else
2302 				return (SSL_ERROR_SYSCALL);
2303 		}
2304 	}
2305 	if ((i < 0) && SSL_want_x509_lookup(s)) {
2306 		return (SSL_ERROR_WANT_X509_LOOKUP);
2307 	}
2308 
2309 	if (i == 0) {
2310 		if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2311 		    (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
2312 		return (SSL_ERROR_ZERO_RETURN);
2313 	}
2314 	return (SSL_ERROR_SYSCALL);
2315 }
2316 
2317 int
2318 SSL_do_handshake(SSL *s)
2319 {
2320 	int	ret = 1;
2321 
2322 	if (s->internal->handshake_func == NULL) {
2323 		SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2324 		return (-1);
2325 	}
2326 
2327 	s->method->internal->ssl_renegotiate_check(s);
2328 
2329 	if (SSL_in_init(s) || SSL_in_before(s)) {
2330 		ret = s->internal->handshake_func(s);
2331 	}
2332 	return (ret);
2333 }
2334 
2335 /*
2336  * For the next 2 functions, SSL_clear() sets shutdown and so
2337  * one of these calls will reset it
2338  */
2339 void
2340 SSL_set_accept_state(SSL *s)
2341 {
2342 	s->server = 1;
2343 	s->internal->shutdown = 0;
2344 	S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2345 	s->internal->handshake_func = s->method->internal->ssl_accept;
2346 	ssl_clear_cipher_state(s);
2347 }
2348 
2349 void
2350 SSL_set_connect_state(SSL *s)
2351 {
2352 	s->server = 0;
2353 	s->internal->shutdown = 0;
2354 	S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2355 	s->internal->handshake_func = s->method->internal->ssl_connect;
2356 	ssl_clear_cipher_state(s);
2357 }
2358 
2359 int
2360 ssl_undefined_function(SSL *s)
2361 {
2362 	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2363 	return (0);
2364 }
2365 
2366 int
2367 ssl_undefined_void_function(void)
2368 {
2369 	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2370 	return (0);
2371 }
2372 
2373 int
2374 ssl_undefined_const_function(const SSL *s)
2375 {
2376 	SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2377 	return (0);
2378 }
2379 
2380 const char *
2381 ssl_version_string(int ver)
2382 {
2383 	switch (ver) {
2384 	case DTLS1_VERSION:
2385 		return (SSL_TXT_DTLS1);
2386 	case TLS1_VERSION:
2387 		return (SSL_TXT_TLSV1);
2388 	case TLS1_1_VERSION:
2389 		return (SSL_TXT_TLSV1_1);
2390 	case TLS1_2_VERSION:
2391 		return (SSL_TXT_TLSV1_2);
2392 	case TLS1_3_VERSION:
2393 		return (SSL_TXT_TLSV1_3);
2394 	default:
2395 		return ("unknown");
2396 	}
2397 }
2398 
2399 const char *
2400 SSL_get_version(const SSL *s)
2401 {
2402 	return ssl_version_string(s->version);
2403 }
2404 
2405 SSL *
2406 SSL_dup(SSL *s)
2407 {
2408 	STACK_OF(X509_NAME) *sk;
2409 	X509_NAME *xn;
2410 	SSL *ret;
2411 	int i;
2412 
2413 	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2414 		goto err;
2415 
2416 	ret->version = s->version;
2417 	ret->internal->type = s->internal->type;
2418 	ret->method = s->method;
2419 
2420 	if (s->session != NULL) {
2421 		if (!SSL_copy_session_id(ret, s))
2422 			goto err;
2423 	} else {
2424 		/*
2425 		 * No session has been established yet, so we have to expect
2426 		 * that s->cert or ret->cert will be changed later --
2427 		 * they should not both point to the same object,
2428 		 * and thus we can't use SSL_copy_session_id.
2429 		 */
2430 
2431 		ret->method->internal->ssl_free(ret);
2432 		ret->method = s->method;
2433 		ret->method->internal->ssl_new(ret);
2434 
2435 		ssl_cert_free(ret->cert);
2436 		if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
2437 			goto err;
2438 
2439 		if (!SSL_set_session_id_context(ret, s->sid_ctx,
2440 		    s->sid_ctx_length))
2441 			goto err;
2442 	}
2443 
2444 	ret->internal->options = s->internal->options;
2445 	ret->internal->mode = s->internal->mode;
2446 	SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2447 	SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2448 	ret->internal->msg_callback = s->internal->msg_callback;
2449 	ret->internal->msg_callback_arg = s->internal->msg_callback_arg;
2450 	SSL_set_verify(ret, SSL_get_verify_mode(s),
2451 	SSL_get_verify_callback(s));
2452 	SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2453 	ret->internal->generate_session_id = s->internal->generate_session_id;
2454 
2455 	SSL_set_info_callback(ret, SSL_get_info_callback(s));
2456 
2457 	ret->internal->debug = s->internal->debug;
2458 
2459 	/* copy app data, a little dangerous perhaps */
2460 	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2461 	    &ret->internal->ex_data, &s->internal->ex_data))
2462 		goto err;
2463 
2464 	/* setup rbio, and wbio */
2465 	if (s->rbio != NULL) {
2466 		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2467 			goto err;
2468 	}
2469 	if (s->wbio != NULL) {
2470 		if (s->wbio != s->rbio) {
2471 			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2472 				goto err;
2473 		} else
2474 			ret->wbio = ret->rbio;
2475 	}
2476 	ret->internal->rwstate = s->internal->rwstate;
2477 	ret->internal->in_handshake = s->internal->in_handshake;
2478 	ret->internal->handshake_func = s->internal->handshake_func;
2479 	ret->server = s->server;
2480 	ret->internal->renegotiate = s->internal->renegotiate;
2481 	ret->internal->new_session = s->internal->new_session;
2482 	ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
2483 	ret->internal->shutdown = s->internal->shutdown;
2484 	/* SSL_dup does not really work at any state, though */
2485 	S3I(ret)->hs.state = S3I(s)->hs.state;
2486 	ret->internal->rstate = s->internal->rstate;
2487 
2488 	/*
2489 	 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2490 	 * ret->init_off
2491 	 */
2492 	ret->internal->init_num = 0;
2493 
2494 	ret->internal->hit = s->internal->hit;
2495 
2496 	X509_VERIFY_PARAM_inherit(ret->param, s->param);
2497 
2498 	/* dup the cipher_list and cipher_list_by_id stacks */
2499 	if (s->cipher_list != NULL) {
2500 		if ((ret->cipher_list =
2501 		    sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2502 			goto err;
2503 	}
2504 	if (s->internal->cipher_list_by_id != NULL) {
2505 		if ((ret->internal->cipher_list_by_id =
2506 		    sk_SSL_CIPHER_dup(s->internal->cipher_list_by_id)) == NULL)
2507 			goto err;
2508 	}
2509 
2510 	/* Dup the client_CA list */
2511 	if (s->internal->client_CA != NULL) {
2512 		if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err;
2513 			ret->internal->client_CA = sk;
2514 		for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2515 			xn = sk_X509_NAME_value(sk, i);
2516 			if (sk_X509_NAME_set(sk, i,
2517 			    X509_NAME_dup(xn)) == NULL) {
2518 				X509_NAME_free(xn);
2519 				goto err;
2520 			}
2521 		}
2522 	}
2523 
2524 	return ret;
2525  err:
2526 	SSL_free(ret);
2527 	return NULL;
2528 }
2529 
2530 void
2531 ssl_clear_cipher_state(SSL *s)
2532 {
2533 	ssl_clear_cipher_read_state(s);
2534 	ssl_clear_cipher_write_state(s);
2535 }
2536 
2537 void
2538 ssl_clear_cipher_read_state(SSL *s)
2539 {
2540 	EVP_CIPHER_CTX_free(s->enc_read_ctx);
2541 	s->enc_read_ctx = NULL;
2542 	EVP_MD_CTX_free(s->read_hash);
2543 	s->read_hash = NULL;
2544 
2545 	if (s->internal->aead_read_ctx != NULL) {
2546 		EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx);
2547 		free(s->internal->aead_read_ctx);
2548 		s->internal->aead_read_ctx = NULL;
2549 	}
2550 }
2551 
2552 void
2553 ssl_clear_cipher_write_state(SSL *s)
2554 {
2555 	EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
2556 	s->internal->enc_write_ctx = NULL;
2557 	EVP_MD_CTX_free(s->internal->write_hash);
2558 	s->internal->write_hash = NULL;
2559 
2560 	if (s->internal->aead_write_ctx != NULL) {
2561 		EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx);
2562 		free(s->internal->aead_write_ctx);
2563 		s->internal->aead_write_ctx = NULL;
2564 	}
2565 }
2566 
2567 /* Fix this function so that it takes an optional type parameter */
2568 X509 *
2569 SSL_get_certificate(const SSL *s)
2570 {
2571 	return (s->cert->key->x509);
2572 }
2573 
2574 /* Fix this function so that it takes an optional type parameter */
2575 EVP_PKEY *
2576 SSL_get_privatekey(const SSL *s)
2577 {
2578 	return (s->cert->key->privatekey);
2579 }
2580 
2581 const SSL_CIPHER *
2582 SSL_get_current_cipher(const SSL *s)
2583 {
2584 	if ((s->session != NULL) && (s->session->cipher != NULL))
2585 		return (s->session->cipher);
2586 	return (NULL);
2587 }
2588 const void *
2589 SSL_get_current_compression(SSL *s)
2590 {
2591 	return (NULL);
2592 }
2593 
2594 const void *
2595 SSL_get_current_expansion(SSL *s)
2596 {
2597 	return (NULL);
2598 }
2599 
2600 size_t
2601 SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
2602 {
2603 	size_t len = sizeof(s->s3->client_random);
2604 
2605 	if (out == NULL)
2606 		return len;
2607 
2608 	if (len > max_out)
2609 		len = max_out;
2610 
2611 	memcpy(out, s->s3->client_random, len);
2612 
2613 	return len;
2614 }
2615 
2616 size_t
2617 SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
2618 {
2619 	size_t len = sizeof(s->s3->server_random);
2620 
2621 	if (out == NULL)
2622 		return len;
2623 
2624 	if (len > max_out)
2625 		len = max_out;
2626 
2627 	memcpy(out, s->s3->server_random, len);
2628 
2629 	return len;
2630 }
2631 
2632 int
2633 ssl_init_wbio_buffer(SSL *s, int push)
2634 {
2635 	BIO	*bbio;
2636 
2637 	if (s->bbio == NULL) {
2638 		bbio = BIO_new(BIO_f_buffer());
2639 		if (bbio == NULL)
2640 			return (0);
2641 		s->bbio = bbio;
2642 	} else {
2643 		bbio = s->bbio;
2644 		if (s->bbio == s->wbio)
2645 			s->wbio = BIO_pop(s->wbio);
2646 	}
2647 	(void)BIO_reset(bbio);
2648 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2649 	if (!BIO_set_read_buffer_size(bbio, 1)) {
2650 		SSLerror(s, ERR_R_BUF_LIB);
2651 		return (0);
2652 	}
2653 	if (push) {
2654 		if (s->wbio != bbio)
2655 			s->wbio = BIO_push(bbio, s->wbio);
2656 	} else {
2657 		if (s->wbio == bbio)
2658 			s->wbio = BIO_pop(bbio);
2659 	}
2660 	return (1);
2661 }
2662 
2663 void
2664 ssl_free_wbio_buffer(SSL *s)
2665 {
2666 	if (s == NULL)
2667 		return;
2668 
2669 	if (s->bbio == NULL)
2670 		return;
2671 
2672 	if (s->bbio == s->wbio) {
2673 		/* remove buffering */
2674 		s->wbio = BIO_pop(s->wbio);
2675 	}
2676 	BIO_free(s->bbio);
2677 	s->bbio = NULL;
2678 }
2679 
2680 void
2681 SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2682 {
2683 	ctx->internal->quiet_shutdown = mode;
2684 }
2685 
2686 int
2687 SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2688 {
2689 	return (ctx->internal->quiet_shutdown);
2690 }
2691 
2692 void
2693 SSL_set_quiet_shutdown(SSL *s, int mode)
2694 {
2695 	s->internal->quiet_shutdown = mode;
2696 }
2697 
2698 int
2699 SSL_get_quiet_shutdown(const SSL *s)
2700 {
2701 	return (s->internal->quiet_shutdown);
2702 }
2703 
2704 void
2705 SSL_set_shutdown(SSL *s, int mode)
2706 {
2707 	s->internal->shutdown = mode;
2708 }
2709 
2710 int
2711 SSL_get_shutdown(const SSL *s)
2712 {
2713 	return (s->internal->shutdown);
2714 }
2715 
2716 int
2717 SSL_version(const SSL *s)
2718 {
2719 	return (s->version);
2720 }
2721 
2722 SSL_CTX *
2723 SSL_get_SSL_CTX(const SSL *ssl)
2724 {
2725 	return (ssl->ctx);
2726 }
2727 
2728 SSL_CTX *
2729 SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2730 {
2731 	if (ssl->ctx == ctx)
2732 		return (ssl->ctx);
2733 	if (ctx == NULL)
2734 		ctx = ssl->initial_ctx;
2735 
2736 	ssl_cert_free(ssl->cert);
2737 	ssl->cert = ssl_cert_dup(ctx->internal->cert);
2738 
2739 	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2740 	SSL_CTX_free(ssl->ctx); /* decrement reference count */
2741 	ssl->ctx = ctx;
2742 	return (ssl->ctx);
2743 }
2744 
2745 int
2746 SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2747 {
2748 	return (X509_STORE_set_default_paths(ctx->cert_store));
2749 }
2750 
2751 int
2752 SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2753     const char *CApath)
2754 {
2755 	return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2756 }
2757 
2758 int
2759 SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2760 {
2761 	return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2762 }
2763 
2764 void
2765 SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2766 {
2767 	ssl->internal->info_callback = cb;
2768 }
2769 
2770 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2771 {
2772 	return (ssl->internal->info_callback);
2773 }
2774 
2775 int
2776 SSL_state(const SSL *ssl)
2777 {
2778 	return (S3I(ssl)->hs.state);
2779 }
2780 
2781 void
2782 SSL_set_state(SSL *ssl, int state)
2783 {
2784 	S3I(ssl)->hs.state = state;
2785 }
2786 
2787 void
2788 SSL_set_verify_result(SSL *ssl, long arg)
2789 {
2790 	ssl->verify_result = arg;
2791 }
2792 
2793 long
2794 SSL_get_verify_result(const SSL *ssl)
2795 {
2796 	return (ssl->verify_result);
2797 }
2798 
2799 int
2800 SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2801     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2802 {
2803 	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2804 	    new_func, dup_func, free_func));
2805 }
2806 
2807 int
2808 SSL_set_ex_data(SSL *s, int idx, void *arg)
2809 {
2810 	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
2811 }
2812 
2813 void *
2814 SSL_get_ex_data(const SSL *s, int idx)
2815 {
2816 	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
2817 }
2818 
2819 int
2820 SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2821     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2822 {
2823 	return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2824 	    new_func, dup_func, free_func));
2825 }
2826 
2827 int
2828 SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2829 {
2830 	return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg));
2831 }
2832 
2833 void *
2834 SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2835 {
2836 	return (CRYPTO_get_ex_data(&s->internal->ex_data, idx));
2837 }
2838 
2839 int
2840 ssl_ok(SSL *s)
2841 {
2842 	return (1);
2843 }
2844 
2845 X509_STORE *
2846 SSL_CTX_get_cert_store(const SSL_CTX *ctx)
2847 {
2848 	return (ctx->cert_store);
2849 }
2850 
2851 void
2852 SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
2853 {
2854 	X509_STORE_free(ctx->cert_store);
2855 	ctx->cert_store = store;
2856 }
2857 
2858 X509 *
2859 SSL_CTX_get0_certificate(const SSL_CTX *ctx)
2860 {
2861 	if (ctx->internal->cert == NULL)
2862 		return NULL;
2863 
2864 	return ctx->internal->cert->key->x509;
2865 }
2866 
2867 int
2868 SSL_want(const SSL *s)
2869 {
2870 	return (s->internal->rwstate);
2871 }
2872 
2873 void
2874 SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
2875     int keylength))
2876 {
2877 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2878 }
2879 
2880 void
2881 SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
2882     int keylength))
2883 {
2884 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
2885 }
2886 
2887 void
2888 SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
2889     int keylength))
2890 {
2891 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2892 }
2893 
2894 void
2895 SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
2896     int keylength))
2897 {
2898 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2899 }
2900 
2901 void
2902 SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
2903     int is_export, int keylength))
2904 {
2905 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
2906 	    (void (*)(void))ecdh);
2907 }
2908 
2909 void
2910 SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
2911     int keylength))
2912 {
2913 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2914 }
2915 
2916 
2917 void
2918 SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
2919     int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2920 {
2921 	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
2922 	    (void (*)(void))cb);
2923 }
2924 
2925 void
2926 SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
2927     int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2928 {
2929 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
2930 }
2931 
2932 void
2933 SSL_set_debug(SSL *s, int debug)
2934 {
2935 	s->internal->debug = debug;
2936 }
2937 
2938 int
2939 SSL_cache_hit(SSL *s)
2940 {
2941 	return (s->internal->hit);
2942 }
2943 
2944 int
2945 SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
2946 {
2947 	return ctx->internal->min_version;
2948 }
2949 
2950 int
2951 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
2952 {
2953 	return ssl_version_set_min(ctx->method, version,
2954 	    ctx->internal->max_version, &ctx->internal->min_version);
2955 }
2956 
2957 int
2958 SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
2959 {
2960 	return ctx->internal->max_version;
2961 }
2962 
2963 int
2964 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
2965 {
2966 	return ssl_version_set_max(ctx->method, version,
2967 	    ctx->internal->min_version, &ctx->internal->max_version);
2968 }
2969 
2970 int
2971 SSL_get_min_proto_version(SSL *ssl)
2972 {
2973 	return ssl->internal->min_version;
2974 }
2975 
2976 int
2977 SSL_set_min_proto_version(SSL *ssl, uint16_t version)
2978 {
2979 	return ssl_version_set_min(ssl->method, version,
2980 	    ssl->internal->max_version, &ssl->internal->min_version);
2981 }
2982 int
2983 SSL_get_max_proto_version(SSL *ssl)
2984 {
2985 	return ssl->internal->max_version;
2986 }
2987 
2988 int
2989 SSL_set_max_proto_version(SSL *ssl, uint16_t version)
2990 {
2991 	return ssl_version_set_max(ssl->method, version,
2992 	    ssl->internal->min_version, &ssl->internal->max_version);
2993 }
2994 
2995 static int
2996 ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
2997 {
2998 	SSL_CIPHER const *a = a_;
2999 	SSL_CIPHER const *b = b_;
3000 	return ssl_cipher_id_cmp(a, b);
3001 }
3002 
3003 SSL_CIPHER *
3004 OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
3005 {
3006 	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
3007 	    ssl_cipher_id_cmp_BSEARCH_CMP_FN);
3008 }
3009