File Coverage

SSLeay.xs

Criterion	Covered	Total	%
statement	1168	1903	61.3
branch	623	1808	34.4
condition			n/a
subroutine			n/a
pod			n/a
total	1791	3711	48.2

line	stmt	bran	code
1			/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
2			*
3			* Copyright (c) 1996-2003 Sampo Kellomäki
4			* Copyright (c) 2005-2010 Florian Ragwitz
5			* Copyright (c) 2005-2018 Mike McCauley
6			* Copyright (c) 2018- Chris Novakovic
7			* Copyright (c) 2018- Tuure Vartiainen
8			* Copyright (c) 2018- Heikki Vatiainen
9			*
10			* All rights reserved.
11			*
12			* Change data removed. See Changes
13			*
14			* This module is released under the terms of the Artistic License 2.0. For
15			* details, see the LICENSE file.
16			*/
17
18			/* ####
19			* #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! ####
20			* ####
21			*
22			* Function naming conventions:
23			*
24			* 1/ never change the already existing function names (all calling convention) in a way
25			* that may cause backward incompatibility (e.g. add ALIAS with old name if necessary)
26			*
27			* 2/ it is recommended to keep the original openssl function names for functions that are:
28			*
29			* 1:1 wrappers to the original openssl functions
30			* see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert)
31			*
32			* nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling
33			* see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf)
34			*
35			* 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix
36			* (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without
37			* "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions
38			*
39			* 4/ The names of functions which do not fit rule 2/ (which means they implement some non
40			* trivial code around original openssl function or do more complex tasks) should be
41			* prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime
42			*
43			* 5/ Exceptions from rules above:
44			* functions that are part or wider set of already existing function not following this rule
45			* for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want
46			* to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_")
47			*
48			* Support for different Perl versions, libssl implementations, platforms, and compilers:
49			*
50			* 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the
51			* "Prerequisites" section in the README file). The test suite must pass when run on any
52			* of those version combinations.
53			*
54			* 2/ Fix all compiler warnings - we expect 100% clean build
55			*
56			* 3/ If you add a function which is available since certain openssl version
57			* use proper #ifdefs to assure that SSLeay.xs will compile also with older versions
58			* which are missing this function
59			*
60			* 4/ Even warnings arising from different use of "const" in different openssl versions
61			* needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt
62			*
63			* 5/ avoid using global C variables (it is very likely to break thread-safetyness)
64			* use rather global MY_CXT structure
65			*
66			* 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must
67			* compile also on non-UNIX platforms like MS Windows and others
68			*
69			* 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler)
70			* even if your compiler can handle them without warnings
71			*
72			* Passing test suite:
73			*
74			* 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite
75			*
76			* 2/ it is strongly recommended to create test(s) for newly added function(s), especially
77			* when the new function is not only a 1:1 wrapper but contains a complex code
78			*
79			* 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod
80			* otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into
81			* your patch)
82			*
83			* Preferred code layout:
84			*
85			* 1/ for simple 1:1 XS wrappers use:
86			*
87			* a/ functions with short "signature" (short list of args):
88			*
89			* long
90			* SSL_set_tmp_dh(SSL ssl,DH dh)
91			*
92			* b/ functions with long "signature" (long list of args):
93			* simply when approach a/ does not fit to 120 columns
94			*
95			* void
96			* SSL_any_functions(library_flag,function_name,reason,file_name,line)
97			* int library_flag
98			* int function_name
99			* int reason
100			* char *file_name
101			* int line
102			*
103			* 2/ for XS functions with full implementation use identation like this:
104			*
105			* int
106			* RAND_bytes(buf, num)
107			* SV *buf
108			* int num
109			* PREINIT:
110			* int rc;
111			* unsigned char *random;
112			* CODE:
113			* / * some code here * /
114			* RETVAL = rc;
115			* OUTPUT:
116			* RETVAL
117			*
118			*
119			* Runtime debugging:
120			*
121			* with TRACE(level,fmt,...) you can output debug messages.
122			* it behaves the same as
123			* warn sprintf($msg,...) if $Net::SSLeay::trace>=$level
124			* would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable)
125			*
126			*
127			* THE LAST RULE:
128			*
129			* The fact that some parts of SSLeay.xs do not follow the rules above is not
130			* a reason why any new code can also break these rules in the same way
131			*
132			*/
133
134			/* Prevent warnings about strncpy from Windows compilers */
135			#define _CRT_SECURE_NO_DEPRECATE
136
137			#ifdef __cplusplus
138			extern "C" {
139			#endif
140			#include "EXTERN.h"
141			#include "perl.h"
142			#include "XSUB.h"
143			#include
144			#define NEED_newRV_noinc
145			#define NEED_sv_2pv_flags
146			#define NEED_my_snprintf
147			#include "ppport.h"
148			#ifdef __cplusplus
149			}
150			#endif
151
152			/* OpenSSL-0.9.3a has some strange warning about this in
153			* openssl/des.h
154			*/
155			#undef _
156
157			/* Sigh: openssl 1.0 has
158			typedef void *BLOCK;
159			which conflicts with perls
160			typedef struct block BLOCK;
161			*/
162			#define BLOCK OPENSSL_BLOCK
163			#include
164			#include
165			#include
166			#include
167			#include
168			#include
169			#ifndef OPENSSL_NO_COMP
170			#include /* openssl-0.9.6a forgets to include this */
171			#endif
172			#ifndef OPENSSL_NO_MD2
173			#include
174			#endif
175			#ifndef OPENSSL_NO_MD4
176			#include
177			#endif
178			#ifndef OPENSSL_NO_MD5
179			#include /* openssl-SNAP-20020227 does not automatically include this */
180			#endif
181			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
182			#include
183			#endif
184			#include
185			#include
186			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
187			/* requires 0.9.7+ */
188			#ifndef OPENSSL_NO_ENGINE
189			#include
190			#endif
191			#endif
192			#ifdef OPENSSL_FIPS
193			#include
194			#endif
195			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
196			#include
197			#endif
198			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
199			#include
200			#endif
201			#undef BLOCK
202
203			/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and
204			* related functions return uint64_t instead of long. For this reason
205			* constant() in constant.c and Net::SSLeay must also be able to
206			* return 64bit constants. However, this creates a problem with Perls
207			* that have only 32 bit integers. The define below helps with
208			* handling this API change.
209			*/
210			#if (OPENSSL_VERSION_NUMBER < 0x30000000L) \|\| defined(NET_SSLEAY_32BIT_INT_PERL)
211			#define NET_SSLEAY_32BIT_CONSTANTS
212			#endif
213
214			/* Debugging output - to enable use:
215			*
216			* perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
217			* make
218			*
219			*/
220
221			#ifdef SHOW_XS_DEBUG
222			#define PR1(s) fprintf(stderr,s);
223			#define PR2(s,t) fprintf(stderr,s,t);
224			#define PR3(s,t,u) fprintf(stderr,s,t,u);
225			#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v);
226			#else
227			#define PR1(s)
228			#define PR2(s,t)
229			#define PR3(s,t,u)
230			#define PR4(s,t,u,v)
231			#endif
232
233	1		static void TRACE(int level,char *msg,...) {
234			va_list args;
235	1		SV *trace = get_sv("Net::SSLeay::trace",0);
236	1	50	if (trace && SvIOK(trace) && SvIV(trace)>=level) {
		50
		50
		50
237			char buf[4096];
238	0		va_start(args,msg);
239	0		vsnprintf(buf,4095,msg,args);
240	0		warn("%s",buf);
241	0		va_end(args);
242			}
243	1		}
244
245			#include "constants.c"
246
247			/* ============= thread-safety related stuff ============== */
248
249			#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION
250
251			typedef struct {
252			HV* global_cb_data;
253			UV tid;
254			} my_cxt_t;
255			START_MY_CXT
256
257			#ifdef USE_ITHREADS
258			static perl_mutex LIB_init_mutex;
259			#if OPENSSL_VERSION_NUMBER < 0x10100000L
260			static perl_mutex *GLOBAL_openssl_mutex = NULL;
261			#endif
262			#endif
263			static int LIB_initialized;
264
265	54		UV get_my_thread_id(void) /* returns threads->tid() value */
266			{
267	54		dSP;
268	54		UV tid = 0;
269			#ifdef USE_ITHREADS
270			int count = 0;
271
272			ENTER;
273			SAVETMPS;
274			PUSHMARK(SP);
275			XPUSHs(sv_2mortal(newSVpv("threads", 0)));
276			PUTBACK;
277			count = call_method("tid", G_SCALAR\|G_EVAL);
278			SPAGAIN;
279			/* Caution: recent perls do not appear support threads->tid() */
280			if (SvTRUE(ERRSV) \|\| count != 1)
281			{
282			/* if compatible threads not loaded or an error occurs return 0 */
283			tid = 0;
284			}
285			else
286			tid = (UV)POPi;
287			PUTBACK;
288			FREETMPS;
289			LEAVE;
290			#endif
291
292	54		return tid;
293			}
294
295			/* IMPORTANT NOTE:
296			* openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html
297			* we implement both static and dynamic locking as described on URL above
298			* locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer
299			* we intentionally do not implement cleanup of openssl's threading as it causes troubles
300			* with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay
301			*/
302			#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
303
304
305			#if OPENSSL_VERSION_NUMBER < 0x10100000L
306			static void openssl_locking_function(int mode, int type, const char *file, int line)
307			{
308			PR3("openssl_locking_function %d %d\n", mode, type);
309
310			if (!GLOBAL_openssl_mutex) return;
311			if (mode & CRYPTO_LOCK)
312			MUTEX_LOCK(&GLOBAL_openssl_mutex[type]);
313			else
314			MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]);
315			}
316
317			#if OPENSSL_VERSION_NUMBER < 0x10000000L
318			static unsigned long openssl_threadid_func(void)
319			{
320			dMY_CXT;
321			return (unsigned long)(MY_CXT.tid);
322			}
323			#else
324			void openssl_threadid_func(CRYPTO_THREADID *id)
325			{
326			dMY_CXT;
327			CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid));
328			}
329			#endif
330
331			struct CRYPTO_dynlock_value
332			{
333			perl_mutex mutex;
334			};
335
336			struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line)
337			{
338			struct CRYPTO_dynlock_value *retval;
339			New(0, retval, 1, struct CRYPTO_dynlock_value);
340			if (!retval) return NULL;
341			MUTEX_INIT(&retval->mutex);
342			return retval;
343			}
344
345			void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value l, const char file, int line)
346			{
347			if (!l) return;
348			if (mode & CRYPTO_LOCK)
349			MUTEX_LOCK(&l->mutex);
350			else
351			MUTEX_UNLOCK(&l->mutex);
352			}
353
354			void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value l, const char file, int line)
355			{
356			if (!l) return;
357			MUTEX_DESTROY(&l->mutex);
358			Safefree(l);
359			}
360			#endif
361
362			void openssl_threads_init(void)
363			{
364			int i;
365
366			PR1("STARTED: openssl_threads_init\n");
367
368			#if OPENSSL_VERSION_NUMBER < 0x10100000L
369			/* initialize static locking */
370			if ( !CRYPTO_get_locking_callback() ) {
371			#if OPENSSL_VERSION_NUMBER < 0x10000000L
372			if ( !CRYPTO_get_id_callback() ) {
373			#else
374			if ( !CRYPTO_THREADID_get_callback() ) {
375			#endif
376			PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks());
377			New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex);
378			if (!GLOBAL_openssl_mutex) return;
379			for (i=0; i
380			CRYPTO_set_locking_callback((void ()(int,int,const char ,int))openssl_locking_function);
381
382			#ifndef WIN32
383			/* no need for threadid_func() on Win32 */
384			#if OPENSSL_VERSION_NUMBER < 0x10000000L
385			CRYPTO_set_id_callback(openssl_threadid_func);
386			#else
387			CRYPTO_THREADID_set_callback(openssl_threadid_func);
388			#endif
389			#endif
390			}
391			}
392
393			/* initialize dynamic locking */
394			if ( !CRYPTO_get_dynlock_create_callback() &&
395			!CRYPTO_get_dynlock_lock_callback() &&
396			!CRYPTO_get_dynlock_destroy_callback() ) {
397			PR1("openssl_threads_init dynamic locking\n");
398			CRYPTO_set_dynlock_create_callback(openssl_dynlocking_create_function);
399			CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
400			CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
401			}
402			#endif
403			}
404
405			#endif
406
407			/* ============= typedefs to agument TYPEMAP ============== */
408
409			typedef void callback_no_ret(void);
410			typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
411			typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
412
413			typedef STACK_OF(X509_NAME) X509_NAME_STACK;
414
415			typedef int perl_filehandle_t;
416
417			/* ======= special handler used by EVP_MD_do_all_sorted ======= */
418
419			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
420	89		static void handler_list_md_fn(const EVP_MD m, const char from, const char to, void arg)
421			{
422			/* taken from apps/dgst.c */
423			const char *mname;
424	89	100	if (!m) return; /* Skip aliases */
425	39		mname = OBJ_nid2ln(EVP_MD_type(m));
426	39	100	if (strcmp(from, mname)) return; /* Skip shortnames */
427			#if OPENSSL_VERSION_NUMBER < 0x10100000L
428	21	100	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
429			#endif
430	16	50	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
431	16		av_push(arg, newSVpv(mname,0));
432			}
433			#endif
434
435			/* ============= callbacks - basic info =============
436			*
437			* PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!!
438			*
439			* There are basically 2 types of callbacks used in SSLeay:
440			*
441			* 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS.
442			* These callbacks use a special C structure simple_cb_data_t to pass necessary data.
443			* There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free()
444			* For example see implementation of these functions:
445			* - RSA_generate_key
446			* - PEM_read_bio_PrivateKey
447			*
448			* 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These
449			* callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time.
450			* There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating
451			* global hash MY_CXT.global_cb_data which work like this:
452			* cb_data_advanced_put(, "data_name", dataSV)
453			* >>>
454			* global_cb_data->{"ptr_"}->{"data_name"} = dataSV)
455			* or
456			* data = cb_data_advanced_get(, "data_name")
457			* >>>
458			* my $data = global_cb_data->{"ptr_"}->{"data_name"}
459			* For example see implementation of these functions:
460			* - SSL_CTX_set_verify
461			* - SSL_set_verify
462			* - SSL_CTX_set_cert_verify_callback
463			* - SSL_CTX_set_default_passwd_cb
464			* - SSL_CTX_set_default_passwd_cb_userdata
465			* - SSL_set_session_secret_cb
466			*
467			* If you want to add a new callback:
468			* - you very likely need a new function "your_callback_name_invoke()"
469			* - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions)
470			* - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before)
471			*
472			*/
473
474			/* ============= callback stuff - generic functions============== */
475
476			struct _ssleay_cb_t {
477			SV* func;
478			SV* data;
479			};
480			typedef struct _ssleay_cb_t simple_cb_data_t;
481
482	10		simple_cb_data_t* simple_cb_data_new(SV* func, SV* data)
483			{
484			simple_cb_data_t* cb;
485	10		New(0, cb, 1, simple_cb_data_t);
486	10	50	if (cb) {
487	10		SvREFCNT_inc(func);
488	10		SvREFCNT_inc(data);
489	10		cb->func = func;
490	10	100	cb->data = (data == &PL_sv_undef) ? NULL : data;
491			}
492	10		return cb;
493			}
494
495	9		void simple_cb_data_free(simple_cb_data_t* cb)
496			{
497	9	50	if (cb) {
498	9	50	if (cb->func) {
499	9		SvREFCNT_dec(cb->func);
500	9		cb->func = NULL;
501			}
502	9	100	if (cb->data) {
503	1		SvREFCNT_dec(cb->data);
504	1		cb->data = NULL;
505			}
506			}
507	9		Safefree(cb);
508	9		}
509
510	353		int cb_data_advanced_put(const void ptr, const char data_name, SV* data)
511			{
512			HV * L2HV;
513			SV ** svtmp;
514			int len;
515			char key_name[500];
516			dMY_CXT;
517
518	353	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
519	353	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
520
521			/* get or create level-2 hash */
522	353		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
523	353	100	if (svtmp == NULL) {
524	178		L2HV = newHV();
525	178		hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0);
526			}
527			else {
528	175	50	if (!SvOK(svtmp) \|\| !SvROK(svtmp)) return 0;
		0
		0
		50
529			#if defined(MUTABLE_PTR)
530	175		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
531			#else
532			L2HV = (HV)(SvRV(svtmp));
533			#endif
534			}
535
536			/* first delete already stored value */
537	353		hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD);
538	353	100	if (data!=NULL) {
539	344	100	if (SvOK(data))
		50
		50
540	194		hv_store(L2HV, data_name, strlen(data_name), data, 0);
541			else
542			/* we're not storing data so discard it */
543	150		SvREFCNT_dec(data);
544			}
545
546	353		return 1;
547			}
548
549	1113		SV* cb_data_advanced_get(const void ptr, const char data_name)
550			{
551			HV * L2HV;
552			SV ** svtmp;
553			int len;
554			char key_name[500];
555			dMY_CXT;
556
557	1113	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
558	1113	50	if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/
559
560			/* get level-2 hash */
561	1113		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
562	1113	100	if (svtmp == NULL) return &PL_sv_undef;
563	1110	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
564	1110	50	if (!SvROK(*svtmp)) return &PL_sv_undef;
565			#if defined(MUTABLE_PTR)
566	1110		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
567			#else
568			L2HV = (HV)(SvRV(svtmp));
569			#endif
570
571			/* get stored data */
572	1110		svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0);
573	1110	100	if (svtmp == NULL) return &PL_sv_undef;
574	630	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
575
576	1113		return *svtmp;
577			}
578
579	350		int cb_data_advanced_drop(const void *ptr)
580			{
581			int len;
582			char key_name[500];
583			dMY_CXT;
584
585	350	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
586	350	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
587
588	350		hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD);
589	350		return 1;
590			}
591
592			/* ============= callback stuff - invoke functions ============== */
593
594	21		static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store)
595			{
596	21		dSP;
597			SSL* ssl;
598	21		int count = -1, res;
599			SV *cb_func;
600
601			PR1("STARTED: ssleay_verify_callback_invoke\n");
602	21		ssl = X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx());
603	21		cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func");
604
605	21	100	if (!SvOK(cb_func)) {
		50
		50
606	3		SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
607	3		cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func");
608			}
609
610	21	50	if (!SvOK(cb_func))
		0
		0
611	0		croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n");
612
613	21		ENTER;
614	21		SAVETMPS;
615
616			PR2("verify callback glue ok=%d\n", ok);
617
618	21	50	PUSHMARK(sp);
619	21	50	EXTEND( sp, 2 );
620	21		PUSHs( sv_2mortal(newSViv(ok)) );
621	21		PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) );
622	21		PUTBACK;
623
624			PR1("About to call verify callback.\n");
625	21		count = call_sv(cb_func, G_SCALAR);
626			PR1("Returned from verify callback.\n");
627
628	21		SPAGAIN;
629
630	21	50	if (count != 1)
631	0		croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n");
632
633	21	50	res = POPi;
634
635	21		PUTBACK;
636	21	50	FREETMPS;
637	21		LEAVE;
638
639	21		return res;
640			}
641
642	5		static int ssleay_ctx_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
643			{
644	5		dSP;
645	5		int count = -1;
646			char *res;
647			SV cb_func, cb_data;
648
649			PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n");
650	5		cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func");
651	5		cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data");
652
653	5	50	if(!SvOK(cb_func))
		0
		0
654	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
655
656	5		ENTER;
657	5		SAVETMPS;
658
659	5	50	PUSHMARK(sp);
660	5	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
661	5	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
662	5		PUTBACK;
663
664	5		count = call_sv( cb_func, G_SCALAR );
665
666	5		SPAGAIN;
667
668	5	50	if (count != 1)
669	0		croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n");
670
671	5	50	res = POPp;
672
673	5	50	if (res == NULL) {
674	0		*buf = '\0';
675			} else {
676	5		strncpy(buf, res, size);
677	5		buf[size - 1] = '\0';
678			}
679
680	5		PUTBACK;
681	5	50	FREETMPS;
682	5		LEAVE;
683
684	5		return strlen(buf);
685			}
686
687			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */
688			#ifndef LIBRESSL_VERSION_NUMBER
689			#ifndef OPENSSL_IS_BORINGSSL
690			static int ssleay_ssl_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
691			{
692			dSP;
693			int count = -1;
694			char *res;
695			SV cb_func, cb_data;
696
697			PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n");
698			cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func");
699			cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data");
700
701			if(!SvOK(cb_func))
702			croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n");
703
704			ENTER;
705			SAVETMPS;
706
707			PUSHMARK(sp);
708			XPUSHs(sv_2mortal(newSViv(rwflag)));
709			XPUSHs(sv_2mortal(newSVsv(cb_data)));
710			PUTBACK;
711
712			count = call_sv( cb_func, G_SCALAR );
713
714			SPAGAIN;
715
716			if (count != 1)
717			croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n");
718
719			res = POPp;
720
721			if (res == NULL) {
722			*buf = '\0';
723			} else {
724			strncpy(buf, res, size);
725			buf[size - 1] = '\0';
726			}
727
728			PUTBACK;
729			FREETMPS;
730			LEAVE;
731
732			return strlen(buf);
733			}
734			#endif /* !BoringSSL */
735			#endif /* !LibreSSL */
736			#endif /* >= 1.1.0f */
737
738	1		int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data)
739			{
740	1		dSP;
741	1		int count = -1;
742			int res;
743			SV * cb_func, *cb_data;
744			void *ptr;
745			SSL *ssl;
746
747			PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n");
748			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
749			ssl = X509_STORE_CTX_get_ex_data(x509_store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
750			ptr = (void*) SSL_get_SSL_CTX(ssl);
751			#else
752	1		ssl = NULL;
753	1		ptr = (void*) data;
754			#endif
755
756	1		cb_func = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!func");
757	1		cb_data = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!data");
758
759	1	50	if(!SvOK(cb_func))
		0
		0
760	0		croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n");
761
762	1		ENTER;
763	1		SAVETMPS;
764
765	1	50	PUSHMARK(SP);
766	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx))));
767	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
768	1		PUTBACK;
769
770	1		count = call_sv(cb_func, G_SCALAR);
771
772	1		SPAGAIN;
773
774	1	50	if (count != 1)
775	0		croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n");
776
777	1	50	res = POPi;
778
779	1		PUTBACK;
780	1	50	FREETMPS;
781	1		LEAVE;
782
783	1		return res;
784			}
785
786			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
787
788	0		int tlsext_servername_callback_invoke(SSL ssl, int ad, void *arg)
789			{
790	0		dSP;
791	0		int count = -1;
792			int res;
793			SV * cb_func, *cb_data;
794
795			PR1("STARTED: tlsext_servername_callback_invoke\n");
796
797	0		cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func");
798	0		cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data");
799
800	0	0	if(!SvOK(cb_func))
		0
		0
801	0		croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n");
802
803	0		ENTER;
804	0		SAVETMPS;
805
806	0	0	PUSHMARK(SP);
807	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
808	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
809	0		PUTBACK;
810
811	0		count = call_sv(cb_func, G_SCALAR);
812
813	0		SPAGAIN;
814
815	0	0	if (count != 1)
816	0		croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n");
817
818	0	0	res = POPi;
819
820	0		PUTBACK;
821	0	0	FREETMPS;
822	0		LEAVE;
823
824	0		return res;
825			}
826
827			#endif
828
829			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT)
830
831	0		int tlsext_status_cb_invoke(SSL ssl, void arg)
832			{
833	0		dSP;
834			SV cb_func, cb_data;
835	0		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
836	0		int len,res,nres = -1;
837	0		const unsigned char *p = NULL;
838	0		OCSP_RESPONSE *ocsp_response = NULL;
839
840	0		cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func");
841	0		cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data");
842
843	0	0	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		0
844	0		croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n");
845
846	0		len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
847	0	0	if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len);
848
849	0		ENTER;
850	0		SAVETMPS;
851
852	0	0	PUSHMARK(SP);
853	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
854	0		PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) );
855	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
856	0		PUTBACK;
857
858	0		nres = call_sv(cb_func, G_SCALAR);
859	0	0	if (ocsp_response) OCSP_RESPONSE_free(ocsp_response);
860
861	0		SPAGAIN;
862
863	0	0	if (nres != 1)
864	0		croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n");
865
866	0	0	res = POPi;
867
868	0		PUTBACK;
869	0	0	FREETMPS;
870	0		LEAVE;
871
872	0		return res;
873			}
874
875	1		int session_ticket_ext_cb_invoke(SSL ssl, const unsigned char data, int len, void *arg)
876			{
877	1		dSP;
878			SV cb_func, cb_data;
879	1		int res,nres = -1;
880
881	1		cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func");
882	1		cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data");
883
884	1	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
885	0		croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n");
886
887	1		ENTER;
888	1		SAVETMPS;
889
890	1	50	PUSHMARK(SP);
891	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
892	1	50	XPUSHs(sv_2mortal(newSVpvn((const char *)data, len)));
893	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
894	1		PUTBACK;
895
896	1		nres = call_sv(cb_func, G_SCALAR);
897
898	1		SPAGAIN;
899
900	1	50	if (nres != 1)
901	0		croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n");
902
903	1	50	res = POPi;
904
905	1		PUTBACK;
906	1	50	FREETMPS;
907	1		LEAVE;
908
909	1		return res;
910			}
911
912			#endif
913
914			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) \|\| defined(SSL_F_SSL_SET_SESSION_TICKET_EXT)
915
916	0		int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
917			STACK_OF(SSL_CIPHER) *peer_ciphers,
918			const SSL_CIPHER *cipher, void arg)
919			{
920	0		dSP;
921	0		int count = -1, res, i;
922	0		AV *ciphers = newAV();
923	0		SV *pref_cipher = sv_newmortal();
924			SV * cb_func, *cb_data;
925			SV * secretsv;
926
927			PR1("STARTED: ssleay_session_secret_cb_invoke\n");
928	0		cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
929	0		cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data");
930
931	0	0	if(!SvOK(cb_func))
		0
		0
932	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
933
934	0		ENTER;
935	0		SAVETMPS;
936
937	0	0	PUSHMARK(SP);
938	0		secretsv = sv_2mortal( newSVpv(secret, *secret_len));
939	0	0	XPUSHs(secretsv);
940	0	0	for (i=0; i
941	0		const SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
942	0		av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
943			}
944	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)ciphers)));
945	0	0	XPUSHs(sv_2mortal(newRV_inc(pref_cipher)));
946	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
947
948	0		PUTBACK;
949
950	0		count = call_sv( cb_func, G_SCALAR );
951
952	0		SPAGAIN;
953
954	0	0	if (count != 1)
955	0		croak ("Net::SSLeay: ssleay_session_secret_cb_invoke perl function did not return a scalar.\n");
956
957	0	0	res = POPi;
958	0	0	if (res) {
959			/* See if there is a preferred cipher selected, if so it is an index into the stack */
960	0	0	if (SvIOK(pref_cipher))
961	0	0	*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
962
963			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
964			{
965			/* Use any new master secret set by the callback function in secret */
966			STRLEN newsecretlen;
967			char* newsecretdata = SvPV(secretsv, newsecretlen);
968			memcpy(secret, newsecretdata, newsecretlen);
969			}
970			#endif
971			}
972
973	0		PUTBACK;
974	0	0	FREETMPS;
975	0		LEAVE;
976
977	0		return res;
978			}
979
980			#endif
981
982			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK)
983			#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
984
985	0		unsigned int ssleay_set_psk_client_callback_invoke(SSL ssl, const char hint,
986			char *identity, unsigned int max_identity_len,
987			unsigned char *psk, unsigned int max_psk_len)
988			{
989	0		dSP;
990	0		int count = -1;
991			char identity_val, psk_val;
992	0		unsigned int psk_len = 0;
993	0		BIGNUM *psk_bn = NULL;
994			SV * cb_func;
995			SV * hintsv;
996			/* this n_a is required for building with old perls: */
997			STRLEN n_a;
998
999			PR1("STARTED: ssleay_set_psk_client_callback_invoke\n");
1000	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func");
1001
1002	0	0	if(!SvOK(cb_func))
		0
		0
1003	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1004
1005	0		ENTER;
1006	0		SAVETMPS;
1007
1008	0	0	PUSHMARK(SP);
1009	0	0	if (hint != NULL) {
1010	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1011	0	0	XPUSHs(hintsv);
1012			}
1013
1014	0		PUTBACK;
1015
1016	0		count = call_sv( cb_func, G_ARRAY );
1017
1018	0		SPAGAIN;
1019
1020	0	0	if (count != 2)
1021	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1022
1023	0	0	psk_val = POPpx;
1024	0	0	identity_val = POPpx;
1025
1026	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1027
1028	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1029	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1030	0		psk_len = BN_bn2bin(psk_bn, psk);
1031			}
1032	0		BN_free(psk_bn);
1033			}
1034
1035	0		PUTBACK;
1036	0	0	FREETMPS;
1037	0		LEAVE;
1038
1039	0		return psk_len;
1040			}
1041
1042	0		unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL ssl, const char hint,
1043			char *identity, unsigned int max_identity_len,
1044			unsigned char *psk, unsigned int max_psk_len)
1045			{
1046	0		dSP;
1047			SSL_CTX *ctx;
1048	0		int count = -1;
1049			char identity_val, psk_val;
1050	0		unsigned int psk_len = 0;
1051	0		BIGNUM *psk_bn = NULL;
1052			SV * cb_func;
1053			SV * hintsv;
1054			/* this n_a is required for building with old perls: */
1055			STRLEN n_a;
1056
1057	0		ctx = SSL_get_SSL_CTX(ssl);
1058
1059			PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n");
1060	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func");
1061
1062	0	0	if(!SvOK(cb_func))
		0
		0
1063	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1064
1065	0		ENTER;
1066	0		SAVETMPS;
1067
1068	0	0	PUSHMARK(SP);
1069	0	0	if (hint != NULL) {
1070	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1071	0	0	XPUSHs(hintsv);
1072			}
1073
1074	0		PUTBACK;
1075
1076	0		count = call_sv( cb_func, G_ARRAY );
1077
1078	0		SPAGAIN;
1079
1080	0	0	if (count != 2)
1081	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1082
1083	0	0	psk_val = POPpx;
1084	0	0	identity_val = POPpx;
1085
1086	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1087
1088	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1089	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1090	0		psk_len = BN_bn2bin(psk_bn, psk);
1091			}
1092	0		BN_free(psk_bn);
1093			}
1094
1095	0		PUTBACK;
1096	0	0	FREETMPS;
1097	0		LEAVE;
1098
1099	0		return psk_len;
1100			}
1101
1102			#endif
1103
1104			#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) \|\| (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT))
1105
1106	8		int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
1107			{
1108	8		int i, last_index, ptr = 0;
1109	8		last_index = av_len(list);
1110	8	50	if (last_index<0) return 0;
1111	24	100	for(i=0; i<=last_index; i++) {
1112	16	50	char p = SvPV_nolen(av_fetch(list, i, 0));
1113	16		size_t len = strlen(p);
1114	16	50	if (len>255) return 0;
1115	16	100	if (out) {
1116			/* if out == NULL we only calculate the length of output */
1117	8		out[ptr] = (unsigned char)len;
1118	8		strncpy((char*)out+ptr+1, p, len);
1119			}
1120	16		ptr += strlen(p) + 1;
1121			}
1122	8		return ptr;
1123			}
1124
1125	0		int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen)
1126			{
1127	0		unsigned int i = 0;
1128			unsigned char il;
1129	0	0	if (!list \|\| inlen<2) return 0;
		0
1130	0	0	while (i
1131	0		il = in[i++];
1132	0	0	if (i+il > inlen) return 0;
1133	0		av_push(list, newSVpv((const char*)in+i, il));
1134	0		i += il;
1135			}
1136	0		return 1;
1137			}
1138
1139			#endif
1140
1141			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
1142
1143	1		int next_proto_select_cb_invoke(SSL ssl, unsigned char out, unsigned char outlen,
1144			const unsigned char in, unsigned int inlen, void arg)
1145			{
1146			SV cb_func, cb_data;
1147			unsigned char *next_proto_data;
1148			size_t next_proto_len;
1149			int next_proto_status;
1150	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1151			/* this n_a is required for building with old perls: */
1152			STRLEN n_a;
1153
1154			PR1("STARTED: next_proto_select_cb_invoke\n");
1155	1		cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func");
1156	1		cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data");
1157			/* clear last_status value = store undef */
1158	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL);
1159	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL);
1160
1161	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1162	0		int count = -1;
1163	0		AV *list = newAV();
1164			SV *tmpsv;
1165	0		dSP;
1166
1167	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1168
1169	0		ENTER;
1170	0		SAVETMPS;
1171	0	0	PUSHMARK(SP);
1172	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1173	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1174	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1175	0		PUTBACK;
1176	0		count = call_sv( cb_func, G_ARRAY );
1177	0		SPAGAIN;
1178	0	0	if (count != 2)
1179	0		croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n");
1180	0	0	next_proto_data = (unsigned char*)POPpx;
1181	0	0	next_proto_status = POPi;
1182
1183	0		next_proto_len = strlen((const char*)next_proto_data);
1184	0	0	if (next_proto_len<=255) {
1185			/* store last_status + last_negotiated into global hash */
1186	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1187	0		tmpsv = newSVpv((const char*)next_proto_data, next_proto_len);
1188	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv);
1189	0		out = (unsigned char )SvPVX(tmpsv);
1190	0		*outlen = next_proto_len;
1191			}
1192
1193	0		PUTBACK;
1194	0	0	FREETMPS;
1195	0		LEAVE;
1196
1197	0	0	return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK;
1198			}
1199	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1200	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1201	1		Newx(next_proto_data, next_proto_len, unsigned char);
1202	1	50	if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1203	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data);
1204
1205	1		next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len);
1206	1		Safefree(next_proto_data);
1207	1	50	if (next_proto_status != OPENSSL_NPN_NEGOTIATED) {
1208	0		outlen = in;
1209	0		out = (unsigned char )in+1;
1210			}
1211
1212			/* store last_status + last_negotiated into global hash */
1213	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1214	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char)out, *outlen));
1215	1		return SSL_TLSEXT_ERR_OK;
1216			}
1217	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1218			}
1219
1220	1		int next_protos_advertised_cb_invoke(SSL ssl, const unsigned char out, unsigned int outlen, void *arg_unused)
1221			{
1222			SV cb_func, cb_data;
1223	1		unsigned char *protodata = NULL;
1224	1		unsigned short protodata_len = 0;
1225			SV *tmpsv;
1226			AV *tmpav;
1227	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1228
1229			PR1("STARTED: next_protos_advertised_cb_invoke");
1230	1		cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func");
1231	1		cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data");
1232
1233	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1234	0		int count = -1;
1235	0		dSP;
1236	0		ENTER;
1237	0		SAVETMPS;
1238	0	0	PUSHMARK(SP);
1239	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1240	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1241	0		PUTBACK;
1242	0		count = call_sv( cb_func, G_SCALAR );
1243	0		SPAGAIN;
1244	0	0	if (count != 1)
1245	0		croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n");
1246	0		tmpsv = POPs;
1247	0	0	if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) {
		0
		0
		0
		0
1248	0		tmpav = (AV*)SvRV(tmpsv);
1249	0		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1250	0		Newx(protodata, protodata_len, unsigned char);
1251	0	0	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1252			}
1253	0		PUTBACK;
1254	0	0	FREETMPS;
1255	0		LEAVE;
1256			}
1257	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1258	1		tmpav = (AV*)SvRV(cb_data);
1259	1		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1260	1		Newx(protodata, protodata_len, unsigned char);
1261	1	50	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1262			}
1263	1	50	if (protodata) {
1264	1		tmpsv = newSVpv((const char*)protodata, protodata_len);
1265	1		Safefree(protodata);
1266	1		cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv);
1267	1		out = (unsigned char )SvPVX(tmpsv);
1268	1		*outlen = protodata_len;
1269	1		return SSL_TLSEXT_ERR_OK;
1270			}
1271	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1272			}
1273
1274			#endif
1275
1276			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
1277
1278	1		int alpn_select_cb_invoke(SSL ssl, const unsigned char out, unsigned char outlen,
1279			const unsigned char in, unsigned int inlen, void arg)
1280			{
1281			SV cb_func, cb_data;
1282			unsigned char *alpn_data;
1283			size_t alpn_len;
1284	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1285
1286			PR1("STARTED: alpn_select_cb_invoke\n");
1287	1		cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func");
1288	1		cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data");
1289
1290	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1291	0		int count = -1;
1292	0		AV *list = newAV();
1293			SV *tmpsv;
1294			SV *alpn_data_sv;
1295	0		dSP;
1296
1297	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1298
1299	0		ENTER;
1300	0		SAVETMPS;
1301	0	0	PUSHMARK(SP);
1302	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1303	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1304	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1305	0		PUTBACK;
1306	0		count = call_sv( cb_func, G_ARRAY );
1307	0		SPAGAIN;
1308	0	0	if (count != 1)
1309	0		croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n");
1310	0		alpn_data_sv = POPs;
1311	0	0	if (SvOK(alpn_data_sv)) {
		0
		0
1312	0	0	alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv);
1313	0		alpn_len = strlen((const char*)alpn_data);
1314	0	0	if (alpn_len <= 255) {
1315	0		tmpsv = newSVpv((const char*)alpn_data, alpn_len);
1316	0		out = (unsigned char )SvPVX(tmpsv);
1317	0		*outlen = alpn_len;
1318			}
1319			} else {
1320	0		alpn_data = NULL;
1321	0		alpn_len = 0;
1322			}
1323	0		PUTBACK;
1324	0	0	FREETMPS;
1325	0		LEAVE;
1326
1327	0	0	if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL;
1328	0	0	return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1329			}
1330	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1331			int status;
1332
1333	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1334	1		Newx(alpn_data, alpn_len, unsigned char);
1335	1	50	if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1336	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data);
1337
1338			/* This is the same function that is used for NPN. */
1339	1		status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len);
1340	1		Safefree(alpn_data);
1341	1	50	if (status != OPENSSL_NPN_NEGOTIATED) {
1342	0		outlen = in;
1343	0		*out = in+1;
1344			}
1345	1	50	return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1346			}
1347	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1348			}
1349
1350			#endif
1351
1352	2		int pem_password_cb_invoke(char buf, int bufsize, int rwflag, void data) {
1353	2		dSP;
1354			char *str;
1355	2		int count = -1;
1356	2		size_t str_len = 0;
1357	2		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1358			/* this n_a is required for building with old perls: */
1359			STRLEN n_a;
1360
1361			PR1("STARTED: pem_password_cb_invoke\n");
1362	2	50	if (cb->func && SvOK(cb->func)) {
		50
		0
		0
1363	2		ENTER;
1364	2		SAVETMPS;
1365
1366	2	50	PUSHMARK(sp);
1367
1368	2	50	XPUSHs(sv_2mortal( newSViv(bufsize-1) ));
1369	2	50	XPUSHs(sv_2mortal( newSViv(rwflag) ));
1370	2	50	if (cb->data) XPUSHs( cb->data );
		0
1371
1372	2		PUTBACK;
1373
1374	2		count = call_sv( cb->func, G_SCALAR );
1375
1376	2		SPAGAIN;
1377
1378	2		buf[0] = 0; /* start with an empty password */
1379	2	50	if (count != 1) {
1380	0		croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n");
1381			}
1382			else {
1383	2	50	str = POPpx;
1384	2		str_len = strlen(str);
1385	2	50	if (str_len+1 < bufsize) {
1386	2		strcpy(buf, str);
1387			}
1388			else {
1389	0		str_len = 0;
1390	0		warn("Net::SSLeay: pem_password_cb_invoke password too long\n");
1391			}
1392			}
1393
1394	2		PUTBACK;
1395	2	50	FREETMPS;
1396	2		LEAVE;
1397			}
1398	2		return str_len;
1399			}
1400
1401	608		void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data)
1402			{
1403	608		dSP;
1404	608		int count = -1;
1405	608		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1406
1407			/* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */
1408	608	50	if (cb->func && SvOK(cb->func)) {
		100
		50
		50
1409	155		ENTER;
1410	155		SAVETMPS;
1411
1412	155	50	PUSHMARK(sp);
1413
1414	155	50	XPUSHs(sv_2mortal( newSViv(i) ));
1415	155	50	XPUSHs(sv_2mortal( newSViv(n) ));
1416	155	100	if (cb->data) XPUSHs( cb->data );
		50
1417
1418	155		PUTBACK;
1419
1420	155		count = call_sv( cb->func, G_VOID\|G_DISCARD );
1421
1422	154	50	if (count != 0)
1423	0		croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
1424			"perl function did return something in void context.\n");
1425
1426	154		SPAGAIN;
1427	154	50	FREETMPS;
1428	154		LEAVE;
1429			}
1430	607		}
1431
1432	16		void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret)
1433			{
1434	16		dSP;
1435			SV cb_func, cb_data;
1436
1437	16		cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func");
1438	16		cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data");
1439
1440	16	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1441	0		croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n");
1442
1443	16		ENTER;
1444	16		SAVETMPS;
1445
1446	16	50	PUSHMARK(SP);
1447	16	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1448	16	50	XPUSHs(sv_2mortal(newSViv(where)) );
1449	16	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1450	16	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1451	16		PUTBACK;
1452
1453	16		call_sv(cb_func, G_VOID);
1454
1455	16		SPAGAIN;
1456	16		PUTBACK;
1457	16	50	FREETMPS;
1458	16		LEAVE;
1459	16		}
1460
1461	457		void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
1462			{
1463	457		dSP;
1464			SV cb_func, cb_data;
1465	457		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1466
1467	457		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func");
1468	457		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data");
1469
1470	457	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1471	0		croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n");
1472
1473	457		ENTER;
1474	457		SAVETMPS;
1475
1476	457	50	PUSHMARK(SP);
1477	457	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1478	457	50	XPUSHs(sv_2mortal(newSViv(where)) );
1479	457	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1480	457	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1481	457		PUTBACK;
1482
1483	457		call_sv(cb_func, G_VOID);
1484
1485	457		SPAGAIN;
1486	457		PUTBACK;
1487	457	50	FREETMPS;
1488	457		LEAVE;
1489	457		}
1490
1491	24		void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1492			{
1493	24		dSP;
1494			SV cb_func, cb_data;
1495
1496	24		cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
1497	24		cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
1498
1499	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1500	0		croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
1501
1502	24		ENTER;
1503	24		SAVETMPS;
1504
1505	24	50	PUSHMARK(SP);
1506	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1507	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1508	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1509	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1510	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1511	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1512	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1513	24		PUTBACK;
1514
1515	24		call_sv(cb_func, G_VOID);
1516
1517	24		SPAGAIN;
1518	24		PUTBACK;
1519	24	50	FREETMPS;
1520	24		LEAVE;
1521	24		}
1522
1523	24		void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1524			{
1525	24		dSP;
1526			SV cb_func, cb_data;
1527	24		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1528
1529	24		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
1530	24		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
1531
1532	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1533	0		croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
1534
1535	24		ENTER;
1536	24		SAVETMPS;
1537
1538	24	50	PUSHMARK(SP);
1539	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1540	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1541	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1542	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1543	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1544	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1545	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1546	24		PUTBACK;
1547
1548	24		call_sv(cb_func, G_VOID);
1549
1550	24		SPAGAIN;
1551	24		PUTBACK;
1552	24	50	FREETMPS;
1553	24		LEAVE;
1554	24		}
1555
1556			/*
1557			* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
1558			* broken in various ways during the various 1.0.0* versions.
1559			* Better enable it only starting with 1.0.1.
1560			*/
1561			#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT)
1562			#define NET_SSLEAY_CAN_TICKET_KEY_CB
1563
1564	7		int tlsext_ticket_key_cb_invoke(
1565			SSL *ssl,
1566			unsigned char *key_name,
1567			unsigned char *iv,
1568			EVP_CIPHER_CTX *ectx,
1569			HMAC_CTX *hctx,
1570			int enc
1571			){
1572
1573	7		dSP;
1574	7		int count,usable_rv_count,hmac_key_len = 0;
1575			SV cb_func, cb_data;
1576			STRLEN svlen;
1577			unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */
1578			unsigned char name[16];
1579	7		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1580
1581			PR1("STARTED: tlsext_ticket_key_cb_invoke\n");
1582	7		cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func");
1583	7		cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data");
1584
1585	7	50	if (!SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1586	0		croak("callback must be a code reference");
1587
1588	7		ENTER;
1589	7		SAVETMPS;
1590	7	50	PUSHMARK(SP);
1591
1592	7	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1593
1594	7	100	if (!enc) {
1595			/* call as getkey(data,this_name) -> (key,current_name) */
1596	4	50	XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16)));
1597			} else {
1598			/* call as getkey(data) -> (key,current_name) */
1599			}
1600
1601	7		PUTBACK;
1602
1603	7		count = call_sv( cb_func, G_ARRAY );
1604
1605	7		SPAGAIN;
1606
1607	7	50	if (count>2)
1608	0		croak("too much return values - only (name,key) should be returned");
1609
1610	7		usable_rv_count = 0;
1611	7	100	if (count>0) {
1612	6		SV *sname = POPs;
1613	6	50	if (SvOK(sname)) {
		0
		0
1614	6	50	unsigned char pname = (unsigned char )SvPV(sname,svlen);
1615	6	50	if (svlen > 16)
1616	0		croak("name must be at at most 16 bytes, got %d",(int)svlen);
1617	6	50	if (svlen == 0)
1618	0		croak("name should not be empty");
1619	6		OPENSSL_cleanse(name, 16);
1620	6		memcpy(name,pname,svlen);
1621	6		usable_rv_count++;
1622			}
1623			}
1624	7	100	if (count>1) {
1625	6		SV *skey = POPs;
1626	6	50	if (SvOK(skey)) {
		0
		0
1627	6	50	unsigned char pkey = (unsigned char )SvPV(skey,svlen);
1628	6	50	if (svlen != 32 && svlen != 48)
		0
1629	0		croak("key must be 32 or 48 random bytes, got %d",(int)svlen);
1630	6		hmac_key_len = (int)svlen - 16;
1631	6		memcpy(key,pkey,(int)svlen);
1632	6		usable_rv_count++;
1633			}
1634			}
1635
1636	7		PUTBACK;
1637	7	50	FREETMPS;
1638	7		LEAVE;
1639
1640	7	100	if (!enc && usable_rv_count == 0) {
		100
1641	1		TRACE(2,"no key returned for ticket");
1642	1		return 0;
1643			}
1644	6	50	if (usable_rv_count != 2)
1645	0		croak("key functions needs to return (key,name)");
1646
1647	6	100	if (enc) {
1648			/* encrypt ticket information with given key */
1649	3		RAND_bytes(iv, 16);
1650	3		EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1651	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1652	3		memcpy(key_name,name,16);
1653	3		return 1;
1654
1655			} else {
1656	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1657	3		EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1658
1659	3	100	if (memcmp(name,key_name,16) == 0)
1660	2		return 1; /* current key was used */
1661			else
1662	7		return 2; /* different key was used, need to be renewed */
1663			}
1664			}
1665
1666			#endif
1667
1668	6		int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st ssl, SSL_SESSION sess)
1669			{
1670	6		dSP;
1671			int count, remove;
1672			SSL_CTX *ctx;
1673			SV *cb_func;
1674
1675			PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n");
1676	6		ctx = SSL_get_SSL_CTX(ssl);
1677	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func");
1678
1679	6	50	if(!SvOK(cb_func))
		0
		0
1680	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n");
1681
1682	6		ENTER;
1683	6		SAVETMPS;
1684
1685	6	50	PUSHMARK(sp);
1686	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1687	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1688	6		PUTBACK;
1689
1690	6		count = call_sv(cb_func, G_SCALAR);
1691
1692	6		SPAGAIN;
1693
1694	6	50	if (count != 1)
1695	0		croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n");
1696
1697	6	50	remove = POPi;
1698
1699	6		PUTBACK;
1700	6	50	FREETMPS;
1701	6		LEAVE;
1702
1703	6		return remove;
1704			}
1705
1706	6		void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX ctx, SSL_SESSION sess)
1707			{
1708	6		dSP;
1709			SV *cb_func;
1710
1711			PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n");
1712	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func");
1713
1714	6	50	if(!SvOK(cb_func))
		0
		0
1715	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n");
1716
1717	6		ENTER;
1718	6		SAVETMPS;
1719
1720	6	50	PUSHMARK(sp);
1721	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx))));
1722	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1723	6		PUTBACK;
1724
1725	6		call_sv(cb_func, G_VOID);
1726
1727	6		SPAGAIN;
1728
1729	6		PUTBACK;
1730	6	50	FREETMPS;
1731	6		LEAVE;
1732	6		}
1733
1734			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1735			int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER provider, void cbdata) {
1736			dSP;
1737			int ret = 1;
1738			int count = -1;
1739			simple_cb_data_t *cb = cbdata;
1740
1741			PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
1742			if (cb->func && SvOK(cb->func)) {
1743			ENTER;
1744			SAVETMPS;
1745
1746			PUSHMARK(SP);
1747			XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
1748			if (cb->data) XPUSHs(cb->data);
1749
1750			PUTBACK;
1751
1752			count = call_sv(cb->func, G_SCALAR);
1753
1754			SPAGAIN;
1755
1756			if (count != 1)
1757			croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
1758
1759			ret = POPi;
1760
1761			PUTBACK;
1762			FREETMPS;
1763			LEAVE;
1764			}
1765
1766			return ret;
1767			}
1768			#endif
1769
1770			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
1771			void ssl_ctx_keylog_cb_func_invoke(const SSL ssl, const char line)
1772			{
1773			dSP;
1774			SV cb_func, cb_data;
1775			SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1776
1777			PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n");
1778			cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
1779
1780			if(!SvOK(cb_func))
1781			croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n");
1782
1783			ENTER;
1784			SAVETMPS;
1785
1786			PUSHMARK(SP);
1787			XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1788			XPUSHs(sv_2mortal(newSVpv(line, 0)));
1789
1790			PUTBACK;
1791
1792			call_sv(cb_func, G_VOID);
1793
1794			SPAGAIN;
1795			PUTBACK;
1796			FREETMPS;
1797			LEAVE;
1798
1799			return;
1800			}
1801			#endif
1802
1803			/* ============= end of callback stuff, begin helper functions ============== */
1804
1805	0		time_t ASN1_TIME_timet(ASN1_TIME asn1t, time_t gmtoff) {
1806			struct tm t;
1807	0		const char p = (const char) asn1t->data;
1808	0		size_t msec = 0, tz = 0, i, l;
1809			time_t result;
1810	0		int adj = 0;
1811
1812	0	0	if (asn1t->type == V_ASN1_UTCTIME) {
1813	0	0	if (asn1t->length<12 \|\| asn1t->length>17) return 0;
		0
1814	0	0	if (asn1t->length>12) tz = 12;
1815			} else {
1816	0	0	if (asn1t->length<14) return 0;
1817	0	0	if (asn1t->length>14) {
1818	0	0	if (p[14] == '.') {
1819	0		msec = 14;
1820	0	0	for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ;
		0
		0
1821	0	0	if (ilength) tz = i;
1822			} else {
1823	0		tz = 14;
1824			}
1825			}
1826			}
1827
1828	0	0	l = msec ? msec : tz ? tz : asn1t->length;
		0
1829	0	0	for(i=0;i
1830	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1831			}
1832
1833			/* extract data and time */
1834	0		OPENSSL_cleanse(&t, sizeof(t));
1835	0	0	if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */
1836	0		t.tm_year = (p[0]-'0')*10 + (p[1]-'0');
1837	0	0	if (t.tm_year < 70) t.tm_year += 100;
1838	0		i=2;
1839			} else { /* YYYY */
1840	0		t.tm_year = (p[0]-'0')1000 + (p[1]-'0')100 + (p[2]-'0')*10 + p[3]-'0';
1841	0		t.tm_year -= 1900;
1842	0		i=4;
1843			}
1844	0		t.tm_mon = (p[i+0]-'0')10 + (p[i+1]-'0') -1; / MM, starts with 0 in tm */
1845	0		t.tm_mday = (p[i+2]-'0')10 + (p[i+3]-'0'); / DD */
1846	0		t.tm_hour = (p[i+4]-'0')10 + (p[i+5]-'0'); / hh */
1847	0		t.tm_min = (p[i+6]-'0')10 + (p[i+7]-'0'); / mm */
1848	0		t.tm_sec = (p[i+8]-'0')10 + (p[i+9]-'0'); / ss */
1849
1850			/* skip msec, because time_t does not support it */
1851
1852	0	0	if (tz) {
1853			/* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/
1854	0	0	if (p[tz] == 'Z') {
1855	0	0	if (asn1t->length>tz+1 ) return 0;
1856	0	0	} else if (asn1t->length
		0
		0
1857	0		return 0;
1858			} else {
1859	0	0	if (asn1t->length>tz+5 ) return 0;
1860	0	0	for(i=tz+1;i
1861	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1862			}
1863	0		adj = ((p[tz+1]-'0')10 + (p[tz+2]-'0'))3600
1864	0		+ ((p[tz+3]-'0')10 + (p[tz+4]-'0'))60;
1865	0	0	if (p[tz]=='+') adj= -1; / +0500: subtract 5 hours to get UTC */
1866			}
1867			}
1868
1869	0		result = mktime(&t);
1870	0	0	if (result == -1) return 0; /* broken time */
1871	0		result += adj;
1872	0	0	if (gmtoff && *gmtoff == -1) {
		0
1873	0		*gmtoff = result - mktime(gmtime(&result));
1874	0		result += *gmtoff;
1875			} else {
1876	0		result += result - mktime(gmtime(&result));
1877			}
1878	0		return result;
1879			}
1880
1881	0		X509 * find_issuer(X509 cert,X509_STORE store, STACK_OF(X509) *chain) {
1882			int i;
1883	0		X509 *issuer = NULL;
1884
1885			/* search first in the chain */
1886	0	0	if (chain) {
1887	0	0	for(i=0;i
1888	0	0	if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
1889	0		TRACE(2,"found issuer in chain");
1890	0		issuer = X509_dup(sk_X509_value(chain,i));
1891			}
1892			}
1893			}
1894			/* if not in the chain it might be in the store */
1895	0	0	if ( !issuer && store ) {
		0
1896	0		X509_STORE_CTX *stx = X509_STORE_CTX_new();
1897	0	0	if (stx && X509_STORE_CTX_init(stx,store,cert,NULL)) {
		0
1898	0		int ok = X509_STORE_CTX_get1_issuer(&issuer,stx,cert);
1899	0	0	if (ok<0) {
1900	0		int err = ERR_get_error();
1901	0	0	if(err) {
1902	0		TRACE(2,"failed to get issuer: %s",ERR_error_string(err,NULL));
1903			} else {
1904	0		TRACE(2,"failed to get issuer: unknown error");
1905			}
1906	0	0	} else if (ok == 0 ) {
1907	0		TRACE(2,"failed to get issuer(0)");
1908			} else {
1909	0		TRACE(2,"got issuer");
1910			}
1911			}
1912	0	0	if (stx) X509_STORE_CTX_free(stx);
1913			}
1914	0		return issuer;
1915			}
1916
1917	8		SV* bn2sv(BIGNUM* p_bn)
1918			{
1919	8		return p_bn != NULL
1920	8		? sv_2mortal(newSViv((IV) BN_dup(p_bn)))
1921	16	50	: &PL_sv_undef;
1922			}
1923
1924			/* ============= end of helper functions ============== */
1925
1926			MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
1927
1928			PROTOTYPES: ENABLE
1929
1930			BOOT:
1931			{
1932			MY_CXT_INIT;
1933	54		LIB_initialized = 0;
1934			#ifdef USE_ITHREADS
1935			MUTEX_INIT(&LIB_init_mutex);
1936			#ifdef OPENSSL_THREADS
1937			/* If we running under ModPerl, we dont need our own thread locking because
1938			* perl threads are not supported under mod-perl, and we can fall back to the thread
1939			* locking built in to mod-ssl
1940			*/
1941			if (!hv_fetch(get_hv("ENV", 1), "MOD_PERL", 8, 0))
1942			openssl_threads_init();
1943			#endif
1944			#endif
1945			/* initialize global shared callback data hash */
1946	54		MY_CXT.global_cb_data = newHV();
1947	54		MY_CXT.tid = get_my_thread_id();
1948			#ifdef USE_ITHREADS
1949			PR3("BOOT: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1950			#else
1951			PR1("BOOT:\n");
1952			#endif
1953			}
1954
1955			void
1956			CLONE(...)
1957			CODE:
1958			MY_CXT_CLONE;
1959			/* reset all callback related data as we want to prevent
1960			* cross-thread callbacks
1961			* TODO: later somebody can make the global hash MY_CXT.global_cb_data
1962			* somehow shared between threads
1963			*/
1964	0		MY_CXT.global_cb_data = newHV();
1965	0		MY_CXT.tid = get_my_thread_id();
1966			#ifdef USE_ITHREADS
1967			PR3("CLONE: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1968			#else
1969			PR1("CLONE: but USE_ITHREADS not defined\n");
1970			#endif
1971
1972			#ifdef NET_SSLEAY_32BIT_CONSTANTS
1973			double
1974			constant(name)
1975			char * name
1976			CODE:
1977	1070		errno = 0;
1978	1070		RETVAL = constant(name, strlen(name));
1979			OUTPUT:
1980			RETVAL
1981
1982			#else
1983
1984			uint64_t
1985			constant(name)
1986			char * name
1987			CODE:
1988			errno = 0;
1989			RETVAL = constant(name, strlen(name));
1990			OUTPUT:
1991			RETVAL
1992
1993			#endif
1994
1995			int
1996			hello()
1997			CODE:
1998			PR1("\tSSLeay Hello World!\n");
1999	1		RETVAL = 1;
2000			OUTPUT:
2001			RETVAL
2002
2003			#define REM0 "============= version related functions =============="
2004
2005			unsigned long
2006			SSLeay()
2007
2008			const char *
2009			SSLeay_version(type=SSLEAY_VERSION)
2010			int type
2011
2012			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2013
2014			unsigned long
2015			OpenSSL_version_num()
2016
2017			const char *
2018			OpenSSL_version(t=OPENSSL_VERSION)
2019			int t
2020
2021			#endif /* OpenSSL 1.1.0 */
2022
2023			#if (OPENSSL_VERSION_MAJOR >= 3)
2024
2025			unsigned int
2026			OPENSSL_version_major()
2027
2028			unsigned int
2029			OPENSSL_version_minor()
2030
2031			unsigned int
2032			OPENSSL_version_patch()
2033
2034			const char *
2035			OPENSSL_version_pre_release()
2036
2037			const char *
2038			OPENSSL_version_build_metadata()
2039
2040			const char *
2041			OPENSSL_info(int t)
2042
2043			#endif
2044
2045			#define REM1 "============= SSL CONTEXT functions =============="
2046
2047			SSL_CTX *
2048			SSL_CTX_new()
2049			CODE:
2050	12		RETVAL = SSL_CTX_new (SSLv23_method());
2051			OUTPUT:
2052			RETVAL
2053
2054
2055			#if OPENSSL_VERSION_NUMBER < 0x10100000L
2056			#ifndef OPENSSL_NO_SSL2
2057
2058			SSL_CTX *
2059			SSL_CTX_v2_new()
2060			CODE:
2061			RETVAL = SSL_CTX_new (SSLv2_method());
2062			OUTPUT:
2063			RETVAL
2064
2065			#endif
2066			#endif
2067			#ifndef OPENSSL_NO_SSL3
2068
2069			SSL_CTX *
2070			SSL_CTX_v3_new()
2071			CODE:
2072			RETVAL = SSL_CTX_new (SSLv3_method());
2073			OUTPUT:
2074			RETVAL
2075
2076			#endif
2077
2078			SSL_CTX *
2079			SSL_CTX_v23_new()
2080			CODE:
2081	1		RETVAL = SSL_CTX_new (SSLv23_method());
2082			OUTPUT:
2083			RETVAL
2084
2085			SSL_CTX *
2086			SSL_CTX_tlsv1_new()
2087			CODE:
2088	1		RETVAL = SSL_CTX_new (TLSv1_method());
2089			OUTPUT:
2090			RETVAL
2091
2092			#ifdef SSL_TXT_TLSV1_1
2093
2094			SSL_CTX *
2095			SSL_CTX_tlsv1_1_new()
2096			CODE:
2097	0		RETVAL = SSL_CTX_new (TLSv1_1_method());
2098			OUTPUT:
2099			RETVAL
2100
2101			#endif
2102
2103			#ifdef SSL_TXT_TLSV1_2
2104
2105			SSL_CTX *
2106			SSL_CTX_tlsv1_2_new()
2107			CODE:
2108	1		RETVAL = SSL_CTX_new (TLSv1_2_method());
2109			OUTPUT:
2110			RETVAL
2111
2112			#endif
2113
2114			SSL_CTX *
2115			SSL_CTX_new_with_method(meth)
2116			SSL_METHOD * meth
2117			CODE:
2118	204		RETVAL = SSL_CTX_new (meth);
2119			OUTPUT:
2120			RETVAL
2121
2122			void
2123			SSL_CTX_free(ctx)
2124			SSL_CTX * ctx
2125			CODE:
2126	163		SSL_CTX_free(ctx);
2127	163		cb_data_advanced_drop(ctx); /* clean callback related data from global hash */
2128
2129			int
2130			SSL_CTX_add_session(ctx,ses)
2131			SSL_CTX * ctx
2132			SSL_SESSION * ses
2133
2134			int
2135			SSL_CTX_remove_session(ctx,ses)
2136			SSL_CTX * ctx
2137			SSL_SESSION * ses
2138
2139			void
2140			SSL_CTX_flush_sessions(ctx,tm)
2141			SSL_CTX * ctx
2142			long tm
2143
2144			int
2145			SSL_CTX_set_default_verify_paths(ctx)
2146			SSL_CTX * ctx
2147
2148			int
2149			SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
2150			SSL_CTX * ctx
2151			char * CAfile
2152			char * CApath
2153			CODE:
2154	21	50	RETVAL = SSL_CTX_load_verify_locations (ctx,
		50
2155	7	50	CAfile?(*CAfile?CAfile:NULL):NULL,
2156	7	50	CApath?(*CApath?CApath:NULL):NULL
2157			);
2158			OUTPUT:
2159			RETVAL
2160
2161			void
2162			SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef)
2163			SSL_CTX * ctx
2164			int mode
2165			SV * callback
2166			CODE:
2167
2168			/* Former versions of SSLeay checked if the callback was a true boolean value
2169			* and didn't call it if it was false. Therefor some people set the callback
2170			* to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
2171			* we don't execute the callback if it's value isn't something true to retain
2172			* backwards compatibility.
2173			*/
2174
2175	1	50	if (callback==NULL \|\| !SvOK(callback) \|\| !SvTRUE(callback)) {
		50
		0
		0
		50
		50
		0
		50
		0
		0
		50
		0
		0
		0
		0
		0
		50
		0
		0
		0
		0
		0
		50
2176	0		SSL_CTX_set_verify(ctx, mode, NULL);
2177	0		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL);
2178			} else {
2179	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback));
2180	1		SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke);
2181			}
2182
2183			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
2184
2185			void
2186			SSL_CTX_set_security_level(SSL_CTX * ctx, int level)
2187
2188			int
2189			SSL_CTX_get_security_level(SSL_CTX * ctx)
2190
2191			#endif
2192
2193			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
2194
2195			int
2196			SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
2197
2198			size_t
2199			SSL_CTX_get_num_tickets(SSL_CTX *ctx)
2200
2201			#endif
2202
2203			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
2204
2205			int
2206			SSL_CTX_set_ciphersuites(SSL_CTX ctx, const char str)
2207
2208			#endif
2209
2210			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2211
2212			void
2213			SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
2214
2215			#endif
2216
2217			void
2218			SSL_CTX_sess_set_new_cb(ctx, callback)
2219			SSL_CTX * ctx
2220			SV * callback
2221			CODE:
2222	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2223	0		SSL_CTX_sess_set_new_cb(ctx, NULL);
2224	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL);
2225			}
2226			else {
2227	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback));
2228	6		SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke);
2229			}
2230
2231			void
2232			SSL_CTX_sess_set_remove_cb(ctx, callback)
2233			SSL_CTX * ctx
2234			SV * callback
2235			CODE:
2236	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2237	0		SSL_CTX_sess_set_remove_cb(ctx, NULL);
2238	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL);
2239			}
2240			else {
2241	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback));
2242	6		SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke);
2243			}
2244
2245			int
2246			SSL_get_error(s,ret)
2247			SSL * s
2248			int ret
2249
2250			#define REM10 "============= SSL functions =============="
2251
2252			SSL *
2253			SSL_new(ctx)
2254			SSL_CTX * ctx
2255
2256			void
2257			SSL_free(s)
2258			SSL * s
2259			CODE:
2260	187		SSL_free(s);
2261	187		cb_data_advanced_drop(s); /* clean callback related data from global hash */
2262
2263			#if 0 /* this seems to be gone in 0.9.0 */
2264			void
2265			SSL_debug(file)
2266			char * file
2267
2268			#endif
2269
2270			int
2271			SSL_accept(s)
2272			SSL * s
2273
2274			void
2275			SSL_clear(s)
2276			SSL * s
2277
2278			int
2279			SSL_connect(s)
2280			SSL * s
2281
2282
2283			#if defined(WIN32)
2284
2285			int
2286			SSL_set_fd(s,fd)
2287			SSL * s
2288			perl_filehandle_t fd
2289			CODE:
2290			RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
2291			OUTPUT:
2292			RETVAL
2293
2294			int
2295			SSL_set_rfd(s,fd)
2296			SSL * s
2297			perl_filehandle_t fd
2298			CODE:
2299			RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
2300			OUTPUT:
2301			RETVAL
2302
2303			int
2304			SSL_set_wfd(s,fd)
2305			SSL * s
2306			perl_filehandle_t fd
2307			CODE:
2308			RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
2309			OUTPUT:
2310			RETVAL
2311
2312			#else
2313
2314			int
2315			SSL_set_fd(s,fd)
2316			SSL * s
2317			perl_filehandle_t fd
2318
2319			int
2320			SSL_set_rfd(s,fd)
2321			SSL * s
2322			perl_filehandle_t fd
2323
2324			int
2325			SSL_set_wfd(s,fd)
2326			SSL * s
2327			perl_filehandle_t fd
2328
2329			#endif
2330
2331			int
2332			SSL_get_fd(s)
2333			SSL * s
2334
2335			void
2336			SSL_read(s,max=32768)
2337			SSL * s
2338			int max
2339			PREINIT:
2340			char *buf;
2341			int got;
2342	306		int succeeded = 1;
2343			PPCODE:
2344	306		New(0, buf, max, char);
2345
2346	306		got = SSL_read(s, buf, max);
2347	306	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		100
2348	6		succeeded = 0;
2349
2350			/* If in list context, return 2-item list:
2351			* first return value: data gotten, or undef on error (got<0)
2352			* second return value: result from SSL_read()
2353			*/
2354	306	50	if (GIMME_V==G_ARRAY) {
		100
2355	286	50	EXTEND(SP, 2);
2356	286	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2357	286		PUSHs(sv_2mortal(newSViv(got)));
2358
2359			/* If in scalar or void context, return data gotten, or undef on error. */
2360			} else {
2361	20	50	EXTEND(SP, 1);
2362	20	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2363			}
2364
2365	306		Safefree(buf);
2366
2367			void
2368			SSL_peek(s,max=32768)
2369			SSL * s
2370			int max
2371			PREINIT:
2372			char *buf;
2373			int got;
2374	5		int succeeded = 1;
2375			PPCODE:
2376	5		New(0, buf, max, char);
2377
2378	5		got = SSL_peek(s, buf, max);
2379	5	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		50
2380	2		succeeded = 0;
2381
2382			/* If in list context, return 2-item list:
2383			* first return value: data gotten, or undef on error (got<0)
2384			* second return value: result from SSL_peek()
2385			*/
2386	5	50	if (GIMME_V==G_ARRAY) {
		100
2387	2	50	EXTEND(SP, 2);
2388	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2389	2		PUSHs(sv_2mortal(newSViv(got)));
2390
2391			/* If in scalar or void context, return data gotten, or undef on error. */
2392			} else {
2393	3	50	EXTEND(SP, 1);
2394	3	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2395			}
2396	5		Safefree(buf);
2397
2398			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2399
2400			void
2401			SSL_read_ex(s,max=32768)
2402			SSL * s
2403			int max
2404			PREINIT:
2405			char *buf;
2406			size_t readbytes;
2407			int succeeded;
2408			PPCODE:
2409			Newx(buf, max, char);
2410
2411			succeeded = SSL_read_ex(s, buf, max, &readbytes);
2412
2413			/* Return 2-item list:
2414			* first return value: data gotten, or undef on error
2415			* second return value: result from SSL_read_ex()
2416			*/
2417			EXTEND(SP, 2);
2418			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2419			PUSHs(sv_2mortal(newSViv(succeeded)));
2420
2421			Safefree(buf);
2422
2423
2424			void
2425			SSL_peek_ex(s,max=32768)
2426			SSL * s
2427			int max
2428			PREINIT:
2429			char *buf;
2430			size_t readbytes;
2431			int succeeded;
2432			PPCODE:
2433			Newx(buf, max, char);
2434
2435			succeeded = SSL_peek_ex(s, buf, max, &readbytes);
2436
2437			/* Return 2-item list:
2438			* first return value: data gotten, or undef on error
2439			* second return value: result from SSL_peek_ex()
2440			*/
2441			EXTEND(SP, 2);
2442			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2443			PUSHs(sv_2mortal(newSViv(succeeded)));
2444
2445			Safefree(buf);
2446
2447			void
2448			SSL_write_ex(s,buf)
2449			SSL * s
2450			PREINIT:
2451			STRLEN len;
2452			size_t written;
2453			int succeeded;
2454			INPUT:
2455			char * buf = SvPV( ST(1), len);
2456			PPCODE:
2457			succeeded = SSL_write_ex(s, buf, len, &written);
2458
2459			/* Return 2-item list:
2460			* first return value: data gotten, or undef on error
2461			* second return value: result from SSL_read_ex()
2462			*/
2463			EXTEND(SP, 2);
2464			PUSHs(sv_2mortal(newSVuv(written)));
2465			PUSHs(sv_2mortal(newSViv(succeeded)));
2466
2467			#endif
2468
2469			int
2470			SSL_write(s,buf)
2471			SSL * s
2472			PREINIT:
2473			STRLEN len;
2474			INPUT:
2475			char * buf = SvPV( ST(1), len);
2476			CODE:
2477	20		RETVAL = SSL_write (s, buf, (int)len);
2478			OUTPUT:
2479			RETVAL
2480
2481			int
2482			SSL_write_partial(s,from,count,buf)
2483			SSL * s
2484			int from
2485			int count
2486			PREINIT:
2487			STRLEN ulen;
2488			IV len;
2489			INPUT:
2490			char * buf = SvPV( ST(3), ulen);
2491			CODE:
2492			/*
2493			if (SvROK( ST(3) )) {
2494			SV* t = SvRV( ST(3) );
2495			buf = SvPV( t, len);
2496			} else
2497			buf = SvPV( ST(3), len);
2498			*/
2499			PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen);
2500			/PR2("buf='%s'\n",&buf[from]); / too noisy */
2501	22		len = (IV)ulen;
2502	22		len -= from;
2503	22	50	if (len < 0) {
2504	0		croak("from beyound end of buffer");
2505			RETVAL = -1;
2506			} else
2507	22		RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
2508			OUTPUT:
2509			RETVAL
2510
2511			int
2512			SSL_use_RSAPrivateKey(s,rsa)
2513			SSL * s
2514			RSA * rsa
2515
2516			int
2517			SSL_use_RSAPrivateKey_ASN1(s,d,len)
2518			SSL * s
2519			unsigned char * d
2520			long len
2521
2522			int
2523			SSL_use_RSAPrivateKey_file(s,file,type)
2524			SSL * s
2525			char * file
2526			int type
2527
2528			int
2529			SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
2530			SSL_CTX * ctx
2531			char * file
2532			int type
2533
2534			int
2535			SSL_use_PrivateKey(s,pkey)
2536			SSL * s
2537			EVP_PKEY * pkey
2538
2539			int
2540			SSL_use_PrivateKey_ASN1(pk,s,d,len)
2541			int pk
2542			SSL * s
2543			unsigned char * d
2544			long len
2545
2546			int
2547			SSL_use_PrivateKey_file(s,file,type)
2548			SSL * s
2549			char * file
2550			int type
2551
2552			int
2553			SSL_CTX_use_PrivateKey_file(ctx,file,type)
2554			SSL_CTX * ctx
2555			char * file
2556			int type
2557
2558			int
2559			SSL_use_certificate(s,x)
2560			SSL * s
2561			X509 * x
2562
2563			int
2564			SSL_use_certificate_ASN1(s,d,len)
2565			SSL * s
2566			unsigned char * d
2567			long len
2568
2569			int
2570			SSL_use_certificate_file(s,file,type)
2571			SSL * s
2572			char * file
2573			int type
2574
2575			int
2576			SSL_CTX_use_certificate_file(ctx,file,type)
2577			SSL_CTX * ctx
2578			char * file
2579			int type
2580
2581			const char *
2582			SSL_state_string(s)
2583			SSL * s
2584
2585			const char *
2586			SSL_rstate_string(s)
2587			SSL * s
2588
2589			const char *
2590			SSL_state_string_long(s)
2591			SSL * s
2592
2593			const char *
2594			SSL_rstate_string_long(s)
2595			SSL * s
2596
2597
2598			long
2599			SSL_get_time(ses)
2600			SSL_SESSION * ses
2601
2602			long
2603			SSL_set_time(ses,t)
2604			SSL_SESSION * ses
2605			long t
2606
2607			long
2608			SSL_get_timeout(ses)
2609			SSL_SESSION * ses
2610
2611			long
2612			SSL_set_timeout(ses,t)
2613			SSL_SESSION * ses
2614			long t
2615
2616			void
2617			SSL_copy_session_id(to,from)
2618			SSL * to
2619			SSL * from
2620
2621			void
2622			SSL_set_read_ahead(s,yes=1)
2623			SSL * s
2624			int yes
2625
2626			int
2627			SSL_get_read_ahead(s)
2628			SSL * s
2629
2630			int
2631			SSL_pending(s)
2632			SSL * s
2633
2634			#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
2635
2636			int
2637			SSL_has_pending(s)
2638			SSL * s
2639
2640			#endif
2641
2642			int
2643			SSL_CTX_set_cipher_list(s,str)
2644			SSL_CTX * s
2645			char * str
2646
2647			void
2648			SSL_get_ciphers(s)
2649			SSL * s
2650			PREINIT:
2651	4		STACK_OF(SSL_CIPHER) *sk = NULL;
2652			const SSL_CIPHER *c;
2653			int i;
2654			PPCODE:
2655	4		sk = SSL_get_ciphers(s);
2656	4	100	if( sk == NULL ) {
2657	2		XSRETURN_EMPTY;
2658			}
2659	196	100	for (i=0; i
2660	194		c = sk_SSL_CIPHER_value(sk, i);
2661	194	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(c))));
2662			}
2663
2664			const char *
2665			SSL_get_cipher_list(s,n)
2666			SSL * s
2667			int n
2668
2669			int
2670			SSL_set_cipher_list(s,str)
2671			SSL * s
2672			char * str
2673
2674			const char *
2675			SSL_get_cipher(s)
2676			SSL * s
2677
2678			void
2679			SSL_get_shared_ciphers(s,ignored_param1=0,ignored_param2=0)
2680			SSL *s
2681			int ignored_param1
2682			int ignored_param2
2683			PREINIT:
2684			char buf[8192];
2685			CODE:
2686	7		ST(0) = sv_newmortal(); /* undef to start with */
2687	7	50	if(SSL_get_shared_ciphers(s, buf, sizeof(buf)))
2688	7		sv_setpvn(ST(0), buf, strlen(buf));
2689
2690			X509 *
2691			SSL_get_peer_certificate(s)
2692			SSL * s
2693
2694			void
2695			SSL_get_peer_cert_chain(s)
2696			SSL * s
2697			PREINIT:
2698	0		STACK_OF(X509) *chain = NULL;
2699			X509 *x;
2700			int i;
2701			PPCODE:
2702	0		chain = SSL_get_peer_cert_chain(s);
2703	0	0	if( chain == NULL ) {
2704	0		XSRETURN_EMPTY;
2705			}
2706	0	0	for (i=0; i
2707	0		x = sk_X509_value(chain, i);
2708	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
2709			}
2710
2711			void
2712			SSL_set_verify(s,mode,callback)
2713			SSL * s
2714			int mode
2715			SV * callback
2716			CODE:
2717	7	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2718	0		SSL_set_verify(s, mode, NULL);
2719	0		cb_data_advanced_put(s, "ssleay_verify_callback!!func", NULL);
2720			}
2721			else {
2722	7		cb_data_advanced_put(s, "ssleay_verify_callback!!func", newSVsv(callback));
2723	7		SSL_set_verify(s, mode, &ssleay_verify_callback_invoke);
2724			}
2725
2726			void
2727			SSL_set_bio(s,rbio,wbio)
2728			SSL * s
2729			BIO * rbio
2730			BIO * wbio
2731
2732			BIO *
2733			SSL_get_rbio(s)
2734			SSL * s
2735
2736			BIO *
2737			SSL_get_wbio(s)
2738			SSL * s
2739
2740
2741			SSL_SESSION *
2742			SSL_SESSION_new()
2743
2744			int
2745			SSL_SESSION_print(fp,ses)
2746			BIO * fp
2747			SSL_SESSION * ses
2748
2749			void
2750			SSL_SESSION_free(ses)
2751			SSL_SESSION * ses
2752
2753			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
2754
2755			int
2756			SSL_SESSION_is_resumable(ses)
2757			SSL_SESSION * ses
2758
2759			SSL_SESSION *
2760			SSL_SESSION_dup(sess)
2761			SSL_SESSION * sess
2762
2763			#endif
2764			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2765
2766			void
2767			SSL_set_post_handshake_auth(SSL *ssl, int val)
2768
2769			int
2770			SSL_verify_client_post_handshake(SSL *ssl)
2771
2772			#endif
2773
2774			void
2775			i2d_SSL_SESSION(sess)
2776			SSL_SESSION * sess
2777			PPCODE:
2778			STRLEN len;
2779			unsigned char pc,pi;
2780	3	50	if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION");
2781	3		Newx(pc,len,unsigned char);
2782	3	50	if (!pc) croak("out of memory");
2783	3		pi = pc;
2784	3		i2d_SSL_SESSION(sess,&pi);
2785	3	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
2786	3		Safefree(pc);
2787
2788
2789			SSL_SESSION *
2790			d2i_SSL_SESSION(pv)
2791			SV *pv
2792			CODE:
2793	7		RETVAL = NULL;
2794	7	50	if (SvPOK(pv)) {
2795			const unsigned char *p;
2796			STRLEN len;
2797	7	50	p = (unsigned char*)SvPV(pv,len);
2798	7		RETVAL = d2i_SSL_SESSION(NULL,&p,len);
2799			}
2800			OUTPUT:
2801			RETVAL
2802
2803			#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2804
2805			int
2806			SSL_SESSION_up_ref(sess)
2807			SSL_SESSION * sess
2808
2809			#endif
2810
2811			int
2812			SSL_set_session(to,ses)
2813			SSL * to
2814			SSL_SESSION * ses
2815
2816			#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
2817
2818			SSL_SESSION *
2819			SSL_get_session(s)
2820			SSL * s
2821			ALIAS:
2822			SSL_get0_session = 1
2823
2824			SSL_SESSION *
2825			SSL_get1_session(s)
2826			SSL * s
2827
2828			X509 *
2829			SSL_get_certificate(s)
2830			SSL * s
2831
2832			SSL_CTX *
2833			SSL_get_SSL_CTX(s)
2834			SSL * s
2835
2836			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
2837
2838			SSL_CTX *
2839			SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
2840
2841			#endif
2842
2843			long
2844			SSL_ctrl(ssl,cmd,larg,parg)
2845			SSL * ssl
2846			int cmd
2847			long larg
2848			char * parg
2849
2850			long
2851			SSL_CTX_ctrl(ctx,cmd,larg,parg)
2852			SSL_CTX * ctx
2853			int cmd
2854			long larg
2855			char * parg
2856
2857			#ifdef NET_SSLEAY_32BIT_CONSTANTS
2858
2859			long
2860			SSL_get_options(ssl)
2861			SSL * ssl
2862
2863			long
2864			SSL_set_options(ssl,op)
2865			SSL * ssl
2866			long op
2867
2868			long
2869			SSL_CTX_get_options(ctx)
2870			SSL_CTX * ctx
2871
2872			long
2873			SSL_CTX_set_options(ctx,op)
2874			SSL_CTX * ctx
2875			long op
2876
2877			#else
2878
2879			uint64_t
2880			SSL_get_options(ssl)
2881			SSL * ssl
2882
2883			uint64_t
2884			SSL_set_options(ssl,op)
2885			SSL * ssl
2886			uint64_t op
2887
2888			uint64_t
2889			SSL_CTX_get_options(ctx)
2890			SSL_CTX * ctx
2891
2892			uint64_t
2893			SSL_CTX_set_options(ctx,op)
2894			SSL_CTX * ctx
2895			uint64_t op
2896
2897			#endif
2898
2899			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
2900
2901			struct lhash_st_SSL_SESSION *
2902			SSL_CTX_sessions(ctx)
2903			SSL_CTX * ctx
2904
2905			#else
2906
2907			LHASH *
2908			SSL_CTX_sessions(ctx)
2909			SSL_CTX * ctx
2910			CODE:
2911			/* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
2912			if (ctx == NULL) croak("NULL SSL context passed as argument.");
2913			RETVAL = ctx -> sessions;
2914			OUTPUT:
2915			RETVAL
2916
2917			#endif
2918
2919			unsigned long
2920			SSL_CTX_sess_number(ctx)
2921			SSL_CTX * ctx
2922
2923			int
2924			SSL_CTX_sess_connect(ctx)
2925			SSL_CTX * ctx
2926
2927			int
2928			SSL_CTX_sess_connect_good(ctx)
2929			SSL_CTX * ctx
2930
2931			int
2932			SSL_CTX_sess_connect_renegotiate(ctx)
2933			SSL_CTX * ctx
2934
2935			int
2936			SSL_CTX_sess_accept(ctx)
2937			SSL_CTX * ctx
2938
2939			int
2940			SSL_CTX_sess_accept_renegotiate(ctx)
2941			SSL_CTX * ctx
2942
2943			int
2944			SSL_CTX_sess_accept_good(ctx)
2945			SSL_CTX * ctx
2946
2947			int
2948			SSL_CTX_sess_hits(ctx)
2949			SSL_CTX * ctx
2950
2951			int
2952			SSL_CTX_sess_cb_hits(ctx)
2953			SSL_CTX * ctx
2954
2955			int
2956			SSL_CTX_sess_misses(ctx)
2957			SSL_CTX * ctx
2958
2959			int
2960			SSL_CTX_sess_timeouts(ctx)
2961			SSL_CTX * ctx
2962
2963			int
2964			SSL_CTX_sess_cache_full(ctx)
2965			SSL_CTX * ctx
2966
2967			int
2968			SSL_CTX_sess_get_cache_size(ctx)
2969			SSL_CTX * ctx
2970
2971			long
2972			SSL_CTX_sess_set_cache_size(ctx,size)
2973			SSL_CTX * ctx
2974			int size
2975
2976			int
2977			SSL_want(s)
2978			SSL * s
2979
2980			# OpenSSL 1.1.1 documents SSL_in_init and the related functions as
2981			# returning 0 or 1. However, older versions and e.g. LibreSSL may
2982			# return other values than 1 which we fold to 1.
2983			int
2984			SSL_in_before(s)
2985			SSL * s
2986			CODE:
2987	7		RETVAL = SSL_in_before(s) == 0 ? 0 : 1;
2988			OUTPUT:
2989			RETVAL
2990
2991			int
2992			SSL_is_init_finished(s)
2993			SSL * s
2994			CODE:
2995	7		RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1;
2996			OUTPUT:
2997			RETVAL
2998
2999			int
3000			SSL_in_init(s)
3001			SSL * s
3002			CODE:
3003	7		RETVAL = SSL_in_init(s) == 0 ? 0 : 1;
3004			OUTPUT:
3005			RETVAL
3006
3007			int
3008			SSL_in_connect_init(s)
3009			SSL * s
3010			CODE:
3011	2		RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1;
3012			OUTPUT:
3013			RETVAL
3014
3015			int
3016			SSL_in_accept_init(s)
3017			SSL * s
3018			CODE:
3019	2		RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1;
3020			OUTPUT:
3021			RETVAL
3022
3023			#if OPENSSL_VERSION_NUMBER < 0x10100000L
3024			int
3025			SSL_state(s)
3026			SSL * s
3027
3028			int
3029			SSL_get_state(ssl)
3030			SSL * ssl
3031			CODE:
3032	0		RETVAL = SSL_state(ssl);
3033			OUTPUT:
3034			RETVAL
3035
3036
3037			#else
3038			int
3039			SSL_state(s)
3040			SSL * s
3041			CODE:
3042			RETVAL = SSL_get_state(s);
3043			OUTPUT:
3044			RETVAL
3045
3046
3047			int
3048			SSL_get_state(s)
3049			SSL * s
3050
3051			#endif
3052			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
3053
3054			long
3055			SSL_set_tlsext_host_name(SSL ssl, const char name)
3056
3057			const char *
3058			SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name)
3059
3060			int
3061			SSL_get_servername_type(const SSL *s)
3062
3063			void
3064			SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
3065			SSL_CTX * ctx
3066			SV * callback
3067			SV * data
3068			CODE:
3069	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
3070	0		SSL_CTX_set_tlsext_servername_callback(ctx, NULL);
3071	0		SSL_CTX_set_tlsext_servername_arg(ctx, NULL);
3072	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL);
3073	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL);
3074			} else {
3075	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data));
3076	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback));
3077	0		SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke);
3078	0		SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx);
3079			}
3080
3081			#endif
3082
3083			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */
3084			#ifndef LIBRESSL_VERSION_NUMBER
3085			#ifndef OPENSSL_IS_BORINGSSL
3086			void
3087			SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef)
3088			SSL * ssl
3089			SV * callback
3090			CODE:
3091			if (callback==NULL \|\| !SvOK(callback)) {
3092			SSL_set_default_passwd_cb(ssl, NULL);
3093			SSL_set_default_passwd_cb_userdata(ssl, NULL);
3094			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL);
3095			}
3096			else {
3097			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback));
3098			SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl);
3099			SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke);
3100			}
3101
3102			void
3103			SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef)
3104			SSL * ssl
3105			SV * data
3106			CODE:
3107			/* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */
3108			if (data==NULL \|\| !SvOK(data)) {
3109			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL);
3110			}
3111			else {
3112			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data));
3113			}
3114
3115			#endif /* !BoringSSL */
3116			#endif /* !LibreSSL */
3117			#endif /* >= 1.1.0f */
3118
3119			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
3120
3121			void
3122			SSL_set_security_level(SSL * ssl, int level)
3123
3124			int
3125			SSL_get_security_level(SSL * ssl)
3126
3127			#endif
3128
3129			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
3130
3131			int
3132			SSL_set_num_tickets(SSL *ssl, size_t num_tickets)
3133
3134			size_t
3135			SSL_get_num_tickets(SSL *ssl)
3136
3137			#endif
3138
3139			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
3140
3141			int
3142			SSL_set_ciphersuites(SSL ssl, const char str)
3143
3144			#endif
3145
3146			const BIO_METHOD *
3147			BIO_f_ssl()
3148
3149			const BIO_METHOD *
3150			BIO_s_mem()
3151
3152			unsigned long
3153			ERR_get_error()
3154
3155			unsigned long
3156			ERR_peek_error()
3157
3158			void
3159			ERR_put_error(lib,func,reason,file,line)
3160			int lib
3161			int func
3162			int reason
3163			char * file
3164			int line
3165
3166			void
3167			ERR_clear_error()
3168
3169			char *
3170			ERR_error_string(error,buf=NULL)
3171			unsigned long error
3172			char * buf
3173			CODE:
3174	4		RETVAL = ERR_error_string(error,buf);
3175			OUTPUT:
3176			RETVAL
3177
3178			void
3179			SSL_load_error_strings()
3180
3181			void
3182			ERR_load_crypto_strings()
3183
3184			int
3185			SSL_FIPS_mode_set(int onoff)
3186			CODE:
3187			#ifdef USE_ITHREADS
3188			MUTEX_LOCK(&LIB_init_mutex);
3189			#endif
3190			#ifdef OPENSSL_FIPS
3191			RETVAL = FIPS_mode_set(onoff);
3192			if (!RETVAL)
3193			{
3194			ERR_load_crypto_strings();
3195			ERR_print_errors_fp(stderr);
3196			}
3197			#else
3198	0		RETVAL = 1;
3199	0		fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n");
3200			#endif
3201			#ifdef USE_ITHREADS
3202			MUTEX_UNLOCK(&LIB_init_mutex);
3203			#endif
3204			OUTPUT:
3205			RETVAL
3206
3207
3208			int
3209			SSL_library_init()
3210			ALIAS:
3211			SSLeay_add_ssl_algorithms = 1
3212			OpenSSL_add_ssl_algorithms = 2
3213			add_ssl_algorithms = 3
3214			CODE:
3215			#ifdef USE_ITHREADS
3216			MUTEX_LOCK(&LIB_init_mutex);
3217			#endif
3218	44		RETVAL = 0;
3219	44	100	if (!LIB_initialized) {
3220	43		RETVAL = SSL_library_init();
3221	43		LIB_initialized = 1;
3222			}
3223			#ifdef USE_ITHREADS
3224			MUTEX_UNLOCK(&LIB_init_mutex);
3225			#endif
3226			OUTPUT:
3227			RETVAL
3228
3229			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3230			#define REM5 "NOTE: requires 0.9.7+"
3231			#ifndef OPENSSL_NO_ENGINE
3232
3233			void
3234			ENGINE_load_builtin_engines()
3235
3236			void
3237			ENGINE_register_all_complete()
3238
3239			ENGINE*
3240			ENGINE_by_id(id)
3241			char * id
3242
3243			int
3244			ENGINE_set_default(e, flags)
3245			ENGINE * e
3246			int flags
3247
3248			#endif /* OPENSSL_NO_ENGINE */
3249			#endif
3250
3251			void
3252			ERR_load_SSL_strings()
3253
3254			void
3255			ERR_load_RAND_strings()
3256
3257			int
3258			RAND_bytes(buf, num)
3259			SV *buf
3260			int num
3261			PREINIT:
3262			int rc;
3263			unsigned char *random;
3264			CODE:
3265	7		New(0, random, num, unsigned char);
3266	7		rc = RAND_bytes(random, num);
3267	7		sv_setpvn(buf, (const char*)random, num);
3268	7		Safefree(random);
3269	7		RETVAL = rc;
3270			OUTPUT:
3271			RETVAL
3272
3273			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3274
3275			int
3276			RAND_priv_bytes(buf, num)
3277			SV *buf
3278			int num
3279			PREINIT:
3280			int rc;
3281			unsigned char *random;
3282			CODE:
3283			New(0, random, num, unsigned char);
3284			rc = RAND_priv_bytes(random, num);
3285			sv_setpvn(buf, (const char*)random, num);
3286			Safefree(random);
3287			RETVAL = rc;
3288			OUTPUT:
3289			RETVAL
3290
3291			#endif
3292
3293			int
3294			RAND_pseudo_bytes(buf, num)
3295			SV *buf
3296			int num
3297			PREINIT:
3298			int rc;
3299			unsigned char *random;
3300			CODE:
3301	5		New(0, random, num, unsigned char);
3302	5		rc = RAND_pseudo_bytes(random, num);
3303	5		sv_setpvn(buf, (const char*)random, num);
3304	5		Safefree(random);
3305	5		RETVAL = rc;
3306			OUTPUT:
3307			RETVAL
3308
3309			void
3310			RAND_add(buf, num, entropy)
3311			SV *buf
3312			int num
3313			double entropy
3314			PREINIT:
3315			STRLEN len;
3316			CODE:
3317	0	0	RAND_add((const void *)SvPV(buf, len), num, entropy);
3318
3319			int
3320			RAND_poll()
3321
3322			int
3323			RAND_status()
3324
3325			SV *
3326			RAND_file_name(num)
3327			size_t num
3328			PREINIT:
3329			char *buf;
3330			CODE:
3331	3		Newxz(buf, num, char);
3332	3	50	if (!RAND_file_name(buf, num)) {
3333	0		Safefree(buf);
3334	0		XSRETURN_UNDEF;
3335			}
3336	3		RETVAL = newSVpv(buf, 0);
3337	3		Safefree(buf);
3338			OUTPUT:
3339			RETVAL
3340
3341			void
3342			RAND_seed(buf)
3343			PREINIT:
3344			STRLEN len;
3345			INPUT:
3346			char * buf = SvPV( ST(1), len);
3347			CODE:
3348	45		RAND_seed (buf, (int)len);
3349
3350			void
3351			RAND_cleanup()
3352
3353			int
3354			RAND_load_file(file_name, how_much)
3355			char * file_name
3356			int how_much
3357
3358			int
3359			RAND_write_file(file_name)
3360			char * file_name
3361
3362			#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
3363
3364			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2050000fL)
3365
3366			int
3367			X509_check_host(X509 cert, const char name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
3368			PREINIT:
3369	0		char *c_peername = NULL;
3370			CODE:
3371	0	0	RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
3372	0	0	if (items == 4)
3373	0		sv_setpv(peername, c_peername);
3374			OUTPUT:
3375			RETVAL
3376			CLEANUP:
3377	0	0	if (c_peername)
3378	0		OPENSSL_free(c_peername);
3379
3380			int
3381			X509_check_email(X509 cert, const char address, unsigned int flags = 0)
3382			CODE:
3383	0		RETVAL = X509_check_email(cert, address, 0, flags);
3384			OUTPUT:
3385			RETVAL
3386
3387			int
3388			X509_check_ip(X509 cert, SV address, unsigned int flags = 0)
3389			PREINIT:
3390			unsigned char *c_address;
3391			size_t addresslen;
3392			CODE:
3393	0	0	c_address = (unsigned char *)SvPV(address, addresslen);
3394	0		RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
3395			OUTPUT:
3396			RETVAL
3397
3398			int
3399			X509_check_ip_asc(X509 cert, const char address, unsigned int flags = 0)
3400
3401			#endif
3402
3403			X509_NAME*
3404			X509_get_issuer_name(cert)
3405			X509 * cert
3406
3407			X509_NAME*
3408			X509_get_subject_name(cert)
3409			X509 * cert
3410
3411			void *
3412			X509_get_ex_data(cert,idx)
3413			X509 * cert
3414			int idx
3415
3416			int
3417			X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3418			long argl
3419			void * argp
3420			CRYPTO_EX_new * new_func
3421			CRYPTO_EX_dup * dup_func
3422			CRYPTO_EX_free * free_func
3423
3424			void *
3425			X509_get_app_data(cert)
3426			X509 * cert
3427			CODE:
3428	0		RETVAL = X509_get_ex_data(cert,0);
3429			OUTPUT:
3430			RETVAL
3431
3432			int
3433			X509_set_ex_data(cert,idx,data)
3434			X509 * cert
3435			int idx
3436			void * data
3437
3438			int
3439			X509_set_app_data(cert,arg)
3440			X509 * cert
3441			char * arg
3442			CODE:
3443	0		RETVAL = X509_set_ex_data(cert,0,arg);
3444			OUTPUT:
3445			RETVAL
3446
3447			int
3448			X509_set_issuer_name(X509 x, X509_NAME name)
3449
3450			int
3451			X509_set_subject_name(X509 x, X509_NAME name)
3452
3453			int
3454			X509_set_version(X509 *x, long version)
3455
3456			int
3457			X509_set_pubkey(X509 x, EVP_PKEY pkey)
3458
3459			long
3460			X509_get_version(X509 *x)
3461
3462			EVP_PKEY *
3463			X509_get_pubkey(X509 *x)
3464
3465			ASN1_INTEGER *
3466			X509_get_serialNumber(X509 *x)
3467
3468			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2080100fL)
3469
3470			const ASN1_INTEGER *
3471			X509_get0_serialNumber(const X509 *x)
3472
3473			#endif
3474
3475			int
3476			X509_set_serialNumber(X509 x, ASN1_INTEGER serial)
3477
3478			int
3479			X509_certificate_type(X509 x, EVP_PKEY pubkey=NULL);
3480
3481			int
3482			X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
3483
3484			int
3485			X509_verify(X509 x, EVP_PKEY r)
3486
3487			X509_NAME *
3488			X509_NAME_new()
3489
3490			unsigned long
3491			X509_NAME_hash(X509_NAME *name)
3492
3493			void
3494			X509_NAME_oneline(name)
3495			X509_NAME * name
3496			PREINIT:
3497			char * buf;
3498			CODE:
3499	17		ST(0) = sv_newmortal(); /* Undefined to start with */
3500	17	50	if ((buf = X509_NAME_oneline(name, NULL, 0))) {
3501	17		sv_setpvn( ST(0), buf, strlen(buf));
3502	17		OPENSSL_free(buf); /* mem was allocated by openssl */
3503			}
3504
3505			void
3506			X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0)
3507			X509_NAME * name
3508			unsigned long flags
3509			int utf8_decode
3510			PREINIT:
3511			char * buf;
3512			BIO * bp;
3513	13		int n, i, ident=0;
3514			CODE:
3515	13		ST(0) = sv_newmortal(); /* undef to start with */
3516	13		bp = BIO_new(BIO_s_mem());
3517	13	50	if (bp) {
3518	13	50	if (X509_NAME_print_ex(bp, name, ident, flags)) {
3519	13		n = BIO_ctrl_pending(bp);
3520	13		New(0, buf, n, char);
3521	13	50	if (buf) {
3522	13		i = BIO_read(bp,buf,n);
3523	13	50	if (i>=0 && i<=n) {
		50
3524	13		sv_setpvn(ST(0), buf, i);
3525	13	50	if (utf8_decode) sv_utf8_decode(ST(0));
3526			}
3527	13		Safefree(buf);
3528			}
3529			}
3530	13		BIO_free(bp);
3531			}
3532
3533			void
3534			X509_NAME_get_text_by_NID(name,nid)
3535			X509_NAME * name
3536			int nid
3537			PREINIT:
3538			char* buf;
3539			int length;
3540			CODE:
3541	1		ST(0) = sv_newmortal(); /* Undefined to start with */
3542	1		length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
3543
3544	1	50	if (length>=0) {
3545	1		New(0, buf, length+1, char);
3546	1	50	if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0)
3547	1		sv_setpvn( ST(0), buf, length);
3548	1		Safefree(buf);
3549			}
3550
3551			#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
3552			#define REM17 "requires 0.9.5+"
3553
3554			int
3555			X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0)
3556			X509_NAME *name
3557			int nid
3558			int type
3559			int loc
3560			int set
3561			PREINIT:
3562			STRLEN len;
3563			INPUT:
3564			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3565			CODE:
3566	1		RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set);
3567			OUTPUT:
3568			RETVAL
3569
3570			int
3571			X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0)
3572			X509_NAME *name
3573			ASN1_OBJECT *obj
3574			int type
3575			int loc
3576			int set
3577			PREINIT:
3578			STRLEN len;
3579			INPUT:
3580			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3581			CODE:
3582	1		RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set);
3583			OUTPUT:
3584			RETVAL
3585
3586			int
3587			X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0)
3588			X509_NAME *name
3589			char *field
3590			int type
3591			int loc
3592			int set
3593			PREINIT:
3594			STRLEN len;
3595			INPUT:
3596			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3597			CODE:
3598	6		RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set);
3599			OUTPUT:
3600			RETVAL
3601
3602			#endif
3603
3604			int
3605			X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
3606
3607			int
3608			X509_NAME_entry_count(X509_NAME *name)
3609
3610			X509_NAME_ENTRY *
3611			X509_NAME_get_entry(X509_NAME *name, int loc)
3612
3613			ASN1_STRING *
3614			X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
3615
3616			ASN1_OBJECT *
3617			X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
3618
3619			void
3620			X509_CRL_free(X509_CRL *x)
3621
3622			X509_CRL *
3623			X509_CRL_new()
3624
3625			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3626			#define REM19 "requires 0.9.7+"
3627
3628			int
3629			X509_CRL_set_version(X509_CRL *x, long version)
3630
3631			int
3632			X509_CRL_set_issuer_name(X509_CRL x, X509_NAME name)
3633
3634			int
3635			X509_CRL_set_lastUpdate(X509_CRL x, ASN1_TIME tm)
3636
3637			int
3638			X509_CRL_set_nextUpdate(X509_CRL x, ASN1_TIME tm)
3639
3640			int
3641			X509_CRL_sort(X509_CRL *x)
3642
3643			#endif
3644
3645			long
3646			X509_CRL_get_version(X509_CRL *x)
3647
3648			X509_NAME *
3649			X509_CRL_get_issuer(X509_CRL *x)
3650
3651			ASN1_TIME *
3652			X509_CRL_get_lastUpdate(X509_CRL *x)
3653
3654			ASN1_TIME *
3655			X509_CRL_get_nextUpdate(X509_CRL *x)
3656
3657			int
3658			X509_CRL_verify(X509_CRL a, EVP_PKEY r)
3659
3660			int
3661			X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
3662
3663			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3664			#define REM20 "requires 0.9.7+"
3665
3666			int
3667			P_X509_CRL_set_serial(crl,crl_number)
3668			X509_CRL *crl
3669			ASN1_INTEGER * crl_number;
3670			CODE:
3671	1		RETVAL = 0;
3672	1	50	if (crl && crl_number)
		50
3673	1	50	if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1;
3674			OUTPUT:
3675			RETVAL
3676
3677			ASN1_INTEGER *
3678			P_X509_CRL_get_serial(crl)
3679			X509_CRL *crl
3680			INIT:
3681			int i;
3682			CODE:
3683	1		RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL);
3684	1	50	if (!RETVAL \|\| i==-1) XSRETURN_UNDEF;
		50
3685			OUTPUT:
3686			RETVAL
3687
3688			void
3689			P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL)
3690			X509_CRL *crl
3691			char * serial_hex
3692			ASN1_TIME *rev_time
3693			long reason_code
3694			ASN1_TIME *comp_time
3695			PREINIT:
3696	2		BIGNUM *bn = NULL;
3697			ASN1_INTEGER *sn;
3698			X509_REVOKED *rev;
3699	2		ASN1_ENUMERATED *rsn = NULL;
3700			int rv;
3701			PPCODE:
3702	2		rv=0;
3703	2		rev = X509_REVOKED_new();
3704	2	50	if (rev) {
3705	2	50	if (BN_hex2bn(&bn, serial_hex)) {
3706	2		sn = BN_to_ASN1_INTEGER(bn, NULL);
3707	2	50	if (sn) {
3708	2		X509_REVOKED_set_serialNumber(rev, sn);
3709	2		ASN1_INTEGER_free(sn);
3710	2		rv = 1;
3711			}
3712	2		BN_free(bn);
3713			}
3714			}
3715	2	50	if (!rv) XSRETURN_IV(0);
3716
3717	2	50	if (!rev_time) XSRETURN_IV(0);
3718	2	50	if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0);
3719
3720	2	50	if(reason_code) {
3721	2		rv = 0;
3722	2		rsn = ASN1_ENUMERATED_new();
3723	2	50	if (rsn) {
3724	2	50	if (ASN1_ENUMERATED_set(rsn, reason_code))
3725	2	50	if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0))
3726	2		rv=1;
3727	2		ASN1_ENUMERATED_free(rsn);
3728			}
3729	2	50	if (!rv) XSRETURN_IV(0);
3730			}
3731
3732	2	50	if(comp_time) {
3733	2		X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0);
3734			}
3735
3736	2	50	if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0);
3737	2		XSRETURN_IV(1);
3738
3739			#endif
3740
3741			X509_REQ *
3742			X509_REQ_new()
3743
3744			void
3745			X509_REQ_free(X509_REQ *x)
3746
3747			X509_NAME *
3748			X509_REQ_get_subject_name(X509_REQ *x)
3749
3750			int
3751			X509_REQ_set_subject_name(X509_REQ x, X509_NAME name)
3752
3753			int
3754			X509_REQ_set_pubkey(X509_REQ x, EVP_PKEY pkey)
3755
3756			EVP_PKEY *
3757			X509_REQ_get_pubkey(X509_REQ *x)
3758
3759			int
3760			X509_REQ_sign(X509_REQ x, EVP_PKEY pk, const EVP_MD *md)
3761
3762			int
3763			X509_REQ_verify(X509_REQ x, EVP_PKEY r)
3764
3765			int
3766			X509_REQ_set_version(X509_REQ *x, long version)
3767
3768			long
3769			X509_REQ_get_version(X509_REQ *x)
3770
3771			int
3772			X509_REQ_get_attr_count(const X509_REQ *req);
3773
3774			int
3775			X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1)
3776
3777			int
3778			X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj, int lastpos=-1)
3779
3780			int
3781			X509_REQ_add1_attr_by_NID(req,nid,type,bytes)
3782			X509_REQ *req
3783			int nid
3784			int type
3785			PREINIT:
3786			STRLEN len;
3787			INPUT:
3788			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3789			CODE:
3790	2		RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len);
3791			OUTPUT:
3792			RETVAL
3793
3794			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3795			#define REM21 "requires 0.9.7+"
3796
3797			void
3798			P_X509_REQ_get_attr(req,n)
3799			X509_REQ *req
3800			int n
3801			INIT:
3802			X509_ATTRIBUTE * att;
3803			int count, i;
3804			ASN1_STRING * s;
3805			ASN1_TYPE * t;
3806			PPCODE:
3807	1		att = X509_REQ_get_attr(req,n);
3808	1		count = X509_ATTRIBUTE_count(att);
3809	2	100	for (i=0; i
3810	1		t = X509_ATTRIBUTE_get0_type(att, i);
3811	1		s = t->value.asn1_string;
3812	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
3813			}
3814
3815			#endif
3816
3817			int
3818			P_X509_REQ_add_extensions(x,...)
3819			X509_REQ *x
3820			PREINIT:
3821	1		int i=1;
3822			int nid;
3823			char *data;
3824			X509_EXTENSION *ex;
3825			STACK_OF(X509_EXTENSION) *stack;
3826			CODE:
3827	1	50	if (items>1) {
3828	1		RETVAL = 1;
3829	1		stack = sk_X509_EXTENSION_new_null();
3830	7	100	while(i+1
3831	6	50	nid = SvIV(ST(i));
3832	6	50	data = SvPV_nolen(ST(i+1));
3833	6		i+=2;
3834	6		ex = X509V3_EXT_conf_nid(NULL, NULL, nid, data);
3835	6	50	if (ex)
3836	6		sk_X509_EXTENSION_push(stack, ex);
3837			else
3838	0		RETVAL = 0;
3839			}
3840	1		X509_REQ_add_extensions(x, stack);
3841	1		sk_X509_EXTENSION_pop_free(stack, X509_EXTENSION_free);
3842			}
3843			else
3844	0		RETVAL = 0;
3845			OUTPUT:
3846			RETVAL
3847
3848			int
3849			P_X509_add_extensions(x,ca_cert,...)
3850			X509 *x
3851			X509 *ca_cert
3852			PREINIT:
3853	1		int i=2;
3854			int nid;
3855			char *data;
3856			X509_EXTENSION *ex;
3857			X509V3_CTX ctx;
3858			CODE:
3859	1	50	if (items>1) {
3860	1		RETVAL = 1;
3861	7	100	while(i+1
3862	6	50	nid = SvIV(ST(i));
3863	6	50	data = SvPV_nolen(ST(i+1));
3864	6		i+=2;
3865	6		X509V3_set_ctx(&ctx, ca_cert, x, NULL, NULL, 0);
3866	6		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3867	6	50	if (ex) {
3868	6		X509_add_ext(x,ex,-1);
3869	6		X509_EXTENSION_free(ex);
3870			}
3871			else {
3872	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3873	0		ERR_print_errors_fp(stderr);
3874	0		RETVAL = 0;
3875			}
3876			}
3877			}
3878			else
3879	0		RETVAL = 0;
3880			OUTPUT:
3881			RETVAL
3882
3883			int
3884			P_X509_CRL_add_extensions(x,ca_cert,...)
3885			X509_CRL *x
3886			X509 *ca_cert
3887			PREINIT:
3888	1		int i=2;
3889			int nid;
3890			char *data;
3891			X509_EXTENSION *ex;
3892			X509V3_CTX ctx;
3893			CODE:
3894	1	50	if (items>1) {
3895	1		RETVAL = 1;
3896	2	100	while(i+1
3897	1	50	nid = SvIV(ST(i));
3898	1	50	data = SvPV_nolen(ST(i+1));
3899	1		i+=2;
3900	1		X509V3_set_ctx(&ctx, ca_cert, NULL, NULL, x, 0);
3901	1		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3902	1	50	if (ex) {
3903	1		X509_CRL_add_ext(x,ex,-1);
3904	1		X509_EXTENSION_free(ex);
3905			}
3906			else {
3907	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3908	0		ERR_print_errors_fp(stderr);
3909	0		RETVAL = 0;
3910			}
3911			}
3912			}
3913			else
3914	0		RETVAL = 0;
3915			OUTPUT:
3916			RETVAL
3917
3918			void
3919			P_X509_copy_extensions(x509_req,x509,override=1)
3920			X509_REQ *x509_req
3921			X509 *x509
3922			int override
3923			PREINIT:
3924	1		STACK_OF(X509_EXTENSION) *exts = NULL;
3925			X509_EXTENSION ext, tmpext;
3926			ASN1_OBJECT *obj;
3927	1		int i, idx, ret = 1;
3928			PPCODE:
3929	1	50	if (!x509 \|\| !x509_req) XSRETURN_IV(0);
		50
3930	1		exts = X509_REQ_get_extensions(x509_req);
3931	7	100	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
3932	6		ext = sk_X509_EXTENSION_value(exts, i);
3933	6		obj = X509_EXTENSION_get_object(ext);
3934	6		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3935			/* Does extension exist? */
3936	6	50	if (idx != -1) {
3937	0	0	if (override) continue; /* don't override existing extension */
3938			/* Delete all extensions of same type */
3939			do {
3940	0		tmpext = X509_get_ext(x509, idx);
3941	0		X509_delete_ext(x509, idx);
3942	0		X509_EXTENSION_free(tmpext);
3943	0		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3944	0	0	} while (idx != -1);
3945			}
3946	6	50	if (!X509_add_ext(x509, ext, -1)) ret = 0;
3947			}
3948	1		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
3949	1		XSRETURN_IV(ret);
3950
3951			X509 *
3952			X509_STORE_CTX_get_current_cert(x509_store_ctx)
3953			X509_STORE_CTX * x509_store_ctx
3954
3955			#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */
3956
3957			X509 *
3958			X509_STORE_CTX_get0_cert(x509_store_ctx)
3959			X509_STORE_CTX *x509_store_ctx
3960
3961			#endif
3962
3963			STACK_OF(X509) *
3964			X509_STORE_CTX_get1_chain(x509_store_ctx)
3965			X509_STORE_CTX *x509_store_ctx
3966
3967
3968			int
3969			X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3970			long argl
3971			void * argp
3972			CRYPTO_EX_new * new_func
3973			CRYPTO_EX_dup * dup_func
3974			CRYPTO_EX_free * free_func
3975
3976			void *
3977			X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
3978			X509_STORE_CTX * x509_store_ctx
3979			int idx
3980
3981			void *
3982			X509_STORE_CTX_get_app_data(x509_store_ctx)
3983			X509_STORE_CTX * x509_store_ctx
3984			CODE:
3985	0		RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0);
3986			OUTPUT:
3987			RETVAL
3988
3989			void
3990			X509_get_fingerprint(cert,type)
3991			X509 * cert
3992			char * type
3993			PREINIT:
3994	9		const EVP_MD *digest_tp = NULL;
3995			unsigned char digest[EVP_MAX_MD_SIZE];
3996	9		unsigned int dsz, k = 0;
3997			char text[EVP_MAX_MD_SIZE * 3 + 1];
3998			CODE:
3999			#ifndef OPENSSL_NO_MD5
4000	9	50	if (!k && !strcmp(type,"md5")) {
		100
4001	4		k = 1; digest_tp = EVP_md5();
4002			}
4003			#endif
4004	9	100	if (!k && !strcmp(type,"sha1")) {
		100
4005	4		k = 1; digest_tp = EVP_sha1();
4006			}
4007			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4008			#ifndef OPENSSL_NO_SHA256
4009	9	100	if (!k && !strcmp(type,"sha256")) {
		50
4010	0		k = 1; digest_tp = EVP_sha256();
4011			}
4012			#endif
4013			#endif
4014	9	100	if (!k && !strcmp(type,"ripemd160")) {
		50
4015	0		k = 1; digest_tp = EVP_ripemd160();
4016			}
4017	9	100	if (!k) /* Default digest */
4018	1		digest_tp = EVP_sha1();
4019	9	50	if ( digest_tp == NULL ) {
4020			/* Out of memory */
4021	0		XSRETURN_UNDEF;
4022			}
4023	9	50	if (!X509_digest(cert, digest_tp, digest, &dsz)) {
4024			/* Out of memory */
4025	0		XSRETURN_UNDEF;
4026			}
4027	9		text[0] = '\0';
4028	173	100	for(k=0; k
4029	164		sprintf(&text[strlen(text)], "%02X:", digest[k]);
4030			}
4031	9		text[strlen(text)-1] = '\0';
4032	9		ST(0) = sv_newmortal(); /* Undefined to start with */
4033	9		sv_setpvn( ST(0), text, strlen(text));
4034
4035			void
4036			X509_get_subjectAltNames(cert)
4037			X509 * cert
4038			PPCODE:
4039	5		int i, j, count = 0;
4040	5		X509_EXTENSION *subjAltNameExt = NULL;
4041	5		STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
4042	5		GENERAL_NAME *subjAltNameDN = NULL;
4043			int num_gnames;
4044	5	100	if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
4045	3	50	&& (subjAltNameExt = X509_get_ext(cert, i))
4046	3	50	&& (subjAltNameDNs = X509V3_EXT_d2i(subjAltNameExt)))
4047			{
4048	3		num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
4049
4050	19	100	for (j = 0; j < num_gnames; j++)
4051			{
4052	16		subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
4053
4054	16		switch (subjAltNameDN->type)
4055			{
4056			case GEN_OTHERNAME:
4057	2	50	EXTEND(SP, 2);
4058	2		count++;
4059	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4060	2		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4061	2		break;
4062
4063			case GEN_EMAIL:
4064			case GEN_DNS:
4065			case GEN_URI:
4066	8	50	EXTEND(SP, 2);
4067	8		count++;
4068	8		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4069	8		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4070	8		break;
4071
4072			case GEN_DIRNAME:
4073			{
4074	0		char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
4075	0	0	EXTEND(SP, 2);
4076	0		count++;
4077	0		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4078	0		PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
4079			}
4080	0		break;
4081
4082			case GEN_RID:
4083			{
4084			char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */
4085	2		int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1);
4086	2	50	if (len < 0 \|\| len > (int)((sizeof(buf) - 1)))
		50
4087			break; /* Skip bad or overly long RID */
4088	2	50	EXTEND(SP, 2);
4089	2		count++;
4090	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4091	2		PUSHs(sv_2mortal(newSVpv(buf, 0)));
4092			}
4093	2		break;
4094
4095			case GEN_IPADD:
4096	4	50	EXTEND(SP, 2);
4097	4		count++;
4098	4		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4099	4		PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
4100	4		break;
4101
4102			}
4103			}
4104	3		sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free);
4105			}
4106	5		XSRETURN(count * 2);
4107
4108			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4109
4110			void
4111			P_X509_get_crl_distribution_points(cert)
4112			X509 * cert
4113			INIT:
4114			GENERAL_NAMES *gnames;
4115			GENERAL_NAME *gn;
4116			STACK_OF(DIST_POINT) *points;
4117			DIST_POINT *p;
4118			int i, j;
4119			PPCODE:
4120	4		points = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
4121	4	100	if (points)
4122	3	100	for (i = 0; i < sk_DIST_POINT_num(points); i++) {
4123	2		p = sk_DIST_POINT_value(points, i);
4124	2	50	if (!p->distpoint)
4125	0		continue;
4126	2	50	if (p->distpoint->type == 0) {
4127			/* full name */
4128	2		gnames = p->distpoint->name.fullname;
4129	4	100	for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) {
4130	2		gn = sk_GENERAL_NAME_value(gnames, j);
4131
4132	2	50	if (gn->type == GEN_URI) {
4133	2	50	XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4134			}
4135			}
4136			}
4137			else {
4138			/* relative name - not supported */
4139			/* XXX-TODO: the code below is just an idea; do not enable it without proper test case
4140			BIO *bp;
4141			char *buf;
4142			int n;
4143			X509_NAME ntmp;
4144			ntmp.entries = p->distpoint->name.relativename;
4145			bp = BIO_new(BIO_s_mem());
4146			if (bp) {
4147			X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253);
4148			n = BIO_ctrl_pending(bp);
4149			New(0, buf, n, char);
4150			if (buf) {
4151			j = BIO_read(bp,buf,n);
4152			if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j)));
4153			Safefree(buf);
4154			}
4155			BIO_free(bp);
4156			}
4157			*/
4158			}
4159			}
4160
4161			void
4162			P_X509_get_ocsp_uri(cert)
4163			X509 * cert
4164			PPCODE:
4165			AUTHORITY_INFO_ACCESS *info;
4166			int i;
4167	0		info = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
4168	0	0	if (!info) XSRETURN_UNDEF;
4169
4170	0	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
4171	0		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
4172	0	0	if (OBJ_obj2nid(ad->method) == NID_ad_OCSP
4173	0	0	&& ad->location->type == GEN_URI) {
4174	0	0	XPUSHs(sv_2mortal(newSVpv(
4175			(char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier),
4176			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4177			)));
4178	0	0	if (GIMME == G_SCALAR) break; /* get only first */
		0
4179			}
4180			}
4181
4182
4183			void
4184			P_X509_get_ext_key_usage(cert,format=0)
4185			X509 * cert
4186			int format
4187			PREINIT:
4188			EXTENDED_KEY_USAGE *extusage;
4189			int i, nid;
4190			char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
4191			ASN1_OBJECT *o;
4192			PPCODE:
4193	16		extusage = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
4194	92	100	for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
4195	76		o = sk_ASN1_OBJECT_value(extusage,i);
4196	76		nid = OBJ_obj2nid(o);
4197	76		OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1);
4198	76	100	if(format==0)
4199	19	50	XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */
4200	57	100	else if(format==1 && nid>0)
		100
4201	16	50	XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */
4202	41	100	else if(format==2 && nid>0)
		100
4203	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */
4204	25	100	else if(format==3 && nid>0)
		100
4205	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */
4206			}
4207
4208			#endif
4209
4210			void
4211			P_X509_get_key_usage(cert)
4212			X509 * cert
4213			INIT:
4214			ASN1_BIT_STRING * u;
4215			PPCODE:
4216	4		u = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
4217	4	50	if (u) {
4218	4	50	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0)));
		50
4219	4	100	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0)));
		50
4220	4	50	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0)));
		50
4221	4	100	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0)));
		50
4222	4	100	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0)));
		50
4223	4	100	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0)));
		50
4224	4	100	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0)));
		50
4225	4	50	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0)));
		0
4226	4	100	if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0)));
		50
4227			}
4228
4229			void
4230			P_X509_get_netscape_cert_type(cert)
4231			X509 * cert
4232			INIT:
4233			ASN1_BIT_STRING * u;
4234			PPCODE:
4235	4		u = X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL);
4236	4	50	if (u) {
4237	0	0	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0)));
		0
4238	0	0	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0)));
		0
4239	0	0	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0)));
		0
4240	0	0	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0)));
		0
4241	0	0	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0)));
		0
4242	0	0	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0)));
		0
4243	0	0	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0)));
		0
4244	0	0	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0)));
		0
4245			}
4246
4247			int
4248			X509_get_ext_by_NID(x,nid,loc=-1)
4249			X509* x
4250			int nid
4251			int loc
4252
4253			X509_EXTENSION *
4254			X509_get_ext(x,loc)
4255			X509* x
4256			int loc
4257
4258			int
4259			X509_EXTENSION_get_critical(X509_EXTENSION *ex)
4260
4261			ASN1_OCTET_STRING *
4262			X509_EXTENSION_get_data(X509_EXTENSION *ne)
4263
4264			ASN1_OBJECT *
4265			X509_EXTENSION_get_object(X509_EXTENSION *ex)
4266
4267			int
4268			X509_get_ext_count(X509 *x)
4269
4270			int
4271			X509_CRL_get_ext_count(X509_CRL *x)
4272
4273			int
4274			X509_CRL_get_ext_by_NID(x,ni,loc=-1)
4275			X509_CRL* x
4276			int ni
4277			int loc
4278
4279			X509_EXTENSION *
4280			X509_CRL_get_ext(x,loc)
4281			X509_CRL* x
4282			int loc
4283
4284			void
4285			X509V3_EXT_print(ext,flags=0,utf8_decode=0)
4286			X509_EXTENSION * ext
4287			unsigned long flags
4288			int utf8_decode
4289			PREINIT:
4290			BIO * bp;
4291			char * buf;
4292			int i, n;
4293	21		int indent=0;
4294			CODE:
4295	21		ST(0) = sv_newmortal(); /* undef to start with */
4296	21		bp = BIO_new(BIO_s_mem());
4297	21	50	if (bp) {
4298	21	50	if(X509V3_EXT_print(bp,ext,flags,indent)) {
4299	21		n = BIO_ctrl_pending(bp);
4300	21		New(0, buf, n, char);
4301	21	50	if (buf) {
4302	21		i = BIO_read(bp,buf,n);
4303	21	50	if (i>=0 && i<=n) {
		50
4304	21		sv_setpvn(ST(0), buf, i);
4305	21	50	if (utf8_decode) sv_utf8_decode(ST(0));
4306			}
4307	21		Safefree(buf);
4308			}
4309			}
4310	21		BIO_free(bp);
4311			}
4312
4313			void *
4314			X509V3_EXT_d2i(ext)
4315			X509_EXTENSION *ext
4316
4317			X509_STORE_CTX *
4318			X509_STORE_CTX_new()
4319
4320			int
4321			X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
4322			X509_STORE_CTX * ctx
4323			X509_STORE * store
4324			X509 * x509
4325			STACK_OF(X509) * chain
4326
4327			void
4328			X509_STORE_CTX_free(ctx)
4329			X509_STORE_CTX * ctx
4330
4331			int
4332			X509_verify_cert(x509_store_ctx)
4333			X509_STORE_CTX * x509_store_ctx
4334
4335			int
4336			X509_STORE_CTX_get_error(x509_store_ctx)
4337			X509_STORE_CTX * x509_store_ctx
4338
4339			int
4340			X509_STORE_CTX_get_error_depth(x509_store_ctx)
4341			X509_STORE_CTX * x509_store_ctx
4342
4343			int
4344			X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
4345			X509_STORE_CTX * x509_store_ctx
4346			int idx
4347			void * data
4348
4349			int
4350			X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
4351			X509_STORE_CTX * x509_store_ctx
4352			char * arg
4353			CODE:
4354	0		RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg);
4355			OUTPUT:
4356			RETVAL
4357
4358			void
4359			X509_STORE_CTX_set_error(x509_store_ctx,s)
4360			X509_STORE_CTX * x509_store_ctx
4361			int s
4362
4363			void
4364			X509_STORE_CTX_set_cert(x509_store_ctx,x)
4365			X509_STORE_CTX * x509_store_ctx
4366			X509 * x
4367
4368			X509_STORE *
4369			X509_STORE_new()
4370
4371			void
4372			X509_STORE_free(store)
4373			X509_STORE * store
4374
4375			X509_LOOKUP *
4376			X509_STORE_add_lookup(store, method)
4377			X509_STORE * store
4378			X509_LOOKUP_METHOD * method
4379
4380			int
4381			X509_STORE_add_cert(ctx, x)
4382			X509_STORE *ctx
4383			X509 *x
4384
4385			int
4386			X509_STORE_add_crl(ctx, x)
4387			X509_STORE *ctx
4388			X509_CRL *x
4389
4390			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4391
4392			void
4393			X509_STORE_set_flags(ctx, flags)
4394			X509_STORE *ctx
4395			long flags
4396
4397			void
4398			X509_STORE_set_purpose(ctx, purpose)
4399			X509_STORE *ctx
4400			int purpose
4401
4402			void
4403			X509_STORE_set_trust(ctx, trust)
4404			X509_STORE *ctx
4405			int trust
4406
4407			int
4408			X509_STORE_set1_param(ctx, pm)
4409			X509_STORE *ctx
4410			X509_VERIFY_PARAM *pm
4411
4412			#endif
4413
4414			X509_LOOKUP_METHOD *
4415			X509_LOOKUP_hash_dir()
4416
4417			void
4418			X509_LOOKUP_add_dir(lookup, dir, type)
4419			X509_LOOKUP * lookup
4420			char * dir
4421			int type
4422
4423			int
4424			X509_load_cert_file(ctx, file, type)
4425			X509_LOOKUP *ctx
4426			char *file
4427			int type
4428
4429			int
4430			X509_load_crl_file(ctx, file, type)
4431			X509_LOOKUP *ctx
4432			char *file
4433			int type
4434
4435			int
4436			X509_load_cert_crl_file(ctx, file, type)
4437			X509_LOOKUP *ctx
4438			char *file
4439			int type
4440
4441			const char *
4442			X509_verify_cert_error_string(n)
4443			long n
4444
4445			ASN1_INTEGER *
4446			ASN1_INTEGER_new()
4447
4448			void
4449			ASN1_INTEGER_free(ASN1_INTEGER *i)
4450
4451			int
4452			ASN1_INTEGER_set(ASN1_INTEGER *i, long val)
4453
4454			long
4455			ASN1_INTEGER_get(ASN1_INTEGER *a)
4456
4457			void
4458			P_ASN1_INTEGER_set_hex(i,str)
4459			ASN1_INTEGER * i
4460			char * str
4461			INIT:
4462			BIGNUM *bn;
4463	3		int rv = 1;
4464			PPCODE:
4465	3		bn = BN_new();
4466	3	50	if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0);
4467	3	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4468	3		BN_free(bn);
4469	3		XSRETURN_IV(rv);
4470
4471			void
4472			P_ASN1_INTEGER_set_dec(i,str)
4473			ASN1_INTEGER * i
4474			char * str
4475			INIT:
4476			BIGNUM *bn;
4477	1		int rv = 1;
4478			PPCODE:
4479	1		bn = BN_new();
4480	1	50	if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0);
4481	1	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4482	1		BN_free(bn);
4483	1		XSRETURN_IV(rv);
4484
4485			void
4486			P_ASN1_INTEGER_get_hex(i)
4487			ASN1_INTEGER * i
4488			INIT:
4489			BIGNUM *bn;
4490			char *result;
4491			PPCODE:
4492	6		bn = BN_new();
4493	6	50	if (!bn) XSRETURN_UNDEF;
4494	6		ASN1_INTEGER_to_BN(i, bn);
4495	6		result = BN_bn2hex(bn);
4496	6		BN_free(bn);
4497	6	50	if (!result) XSRETURN_UNDEF;
4498	6	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4499	6		OPENSSL_free(result);
4500
4501			void
4502			P_ASN1_INTEGER_get_dec(i)
4503			ASN1_INTEGER * i
4504			INIT:
4505			BIGNUM *bn;
4506			char *result;
4507			PPCODE:
4508	5		bn = BN_new();
4509	5	50	if (!bn) XSRETURN_UNDEF;
4510	5		ASN1_INTEGER_to_BN(i, bn);
4511	5		result = BN_bn2dec(bn);
4512	5		BN_free(bn);
4513	5	50	if (!result) XSRETURN_UNDEF;
4514	5	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4515	5		OPENSSL_free(result);
4516
4517			void
4518			P_ASN1_STRING_get(s,utf8_decode=0)
4519			ASN1_STRING * s
4520			int utf8_decode
4521			PREINIT:
4522			SV * u8;
4523			PPCODE:
4524	87		u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s));
4525	87	100	if (utf8_decode) sv_utf8_decode(u8);
4526	87	50	XPUSHs(sv_2mortal(u8));
4527
4528			ASN1_TIME *
4529			X509_get_notBefore(cert)
4530			X509 * cert
4531
4532			ASN1_TIME *
4533			X509_get_notAfter(cert)
4534			X509 * cert
4535
4536			ASN1_TIME *
4537			X509_gmtime_adj(s, adj)
4538			ASN1_TIME * s
4539			long adj
4540
4541			ASN1_TIME *
4542			ASN1_TIME_set(s,t)
4543			ASN1_TIME *s
4544			time_t t
4545
4546			void
4547			ASN1_TIME_free(s)
4548			ASN1_TIME *s
4549
4550			time_t
4551			ASN1_TIME_timet(s)
4552			ASN1_TIME *s
4553			CODE:
4554	0		RETVAL = ASN1_TIME_timet(s,NULL);
4555			OUTPUT:
4556			RETVAL
4557
4558			ASN1_TIME *
4559			ASN1_TIME_new()
4560
4561			void
4562			P_ASN1_TIME_put2string(tm)
4563			ASN1_TIME * tm
4564			PREINIT:
4565	4		BIO *bp=NULL;
4566	4		int i=0;
4567			char buffer[256];
4568			ALIAS:
4569			P_ASN1_UTCTIME_put2string = 1
4570			CODE:
4571	4		ST(0) = sv_newmortal(); /* undef retval to start with */
4572	4	50	if (tm) {
4573	4		bp = BIO_new(BIO_s_mem());
4574	4	50	if (bp) {
4575	4		ASN1_TIME_print(bp,tm);
4576	4		i = BIO_read(bp,buffer,255);
4577	4		buffer[i] = '\0';
4578	4	50	if (i>0)
4579	4		sv_setpvn(ST(0), buffer, i);
4580	4		BIO_free(bp);
4581			}
4582			}
4583
4584			#if OPENSSL_VERSION_NUMBER >= 0x0090705f
4585			#define REM15 "NOTE: requires 0.9.7e+"
4586
4587			void
4588			P_ASN1_TIME_get_isotime(tm)
4589			ASN1_TIME *tm
4590			PREINIT:
4591	14		ASN1_GENERALIZEDTIME *tmp = NULL;
4592			char buf[256];
4593			CODE:
4594	14		buf[0] = '\0';
4595			/* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */
4596	14		ASN1_TIME_to_generalizedtime(tm,&tmp);
4597	14	50	if (tmp) {
4598	14	50	if (ASN1_GENERALIZEDTIME_check(tmp)) {
4599	14	50	if (strlen((char)tmp->data)>=14 && strlen((char)tmp->data)<200) {
		50
4600	14		strcpy (buf,"yyyy-mm-ddThh:mm:ss");
4601	14		strncpy(buf, (char*)tmp->data, 4);
4602	14		strncpy(buf+5, (char*)tmp->data+4, 2);
4603	14		strncpy(buf+8, (char*)tmp->data+6, 2);
4604	14		strncpy(buf+11,(char*)tmp->data+8, 2);
4605	14		strncpy(buf+14,(char*)tmp->data+10,2);
4606	14		strncpy(buf+17,(char*)tmp->data+12,2);
4607	14	50	if (strlen((char)tmp->data)>14) strcat(buf+19,(char)tmp->data+14);
4608			}
4609			}
4610	14		ASN1_GENERALIZEDTIME_free(tmp);
4611			}
4612	14		ST(0) = sv_newmortal();
4613	14		sv_setpv(ST(0), buf);
4614
4615			void
4616			P_ASN1_TIME_set_isotime(tm,str)
4617			ASN1_TIME *tm
4618			const char *str
4619			PREINIT:
4620			ASN1_TIME t;
4621			char buf[256];
4622			int i,rv;
4623			CODE:
4624	11	100	if (!tm) XSRETURN_UNDEF;
4625			/* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */
4626	10	50	if (strlen(str) < 19) XSRETURN_UNDEF;
4627	50	50	for (i=0; i<4; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4628	30	50	for (i=5; i<7; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4629	30	50	for (i=8; i<10; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4630	30	50	for (i=11; i<13; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4631	30	50	for (i=14; i<16; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4632	30	50	for (i=17; i<19; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4633	10		strncpy(buf, str, 4);
4634	10		strncpy(buf+4, str+5, 2);
4635	10		strncpy(buf+6, str+8, 2);
4636	10		strncpy(buf+8, str+11, 2);
4637	10		strncpy(buf+10, str+14, 2);
4638	10		strncpy(buf+12, str+17, 2);
4639	10		buf[14] = '\0';
4640	10	50	if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19);
		50
4641
4642			/* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/
4643			/* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */
4644	10		t.length = strlen(buf);
4645	10		t.data = (unsigned char *)buf;
4646	10		t.flags = 0;
4647	10		t.type = V_ASN1_UTCTIME;
4648	10	50	if (!ASN1_TIME_check(&t)) {
4649	10		t.type = V_ASN1_GENERALIZEDTIME;
4650	10	50	if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF;
4651			}
4652	10		tm->type = t.type;
4653	10		tm->flags = t.flags;
4654	10	50	if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF;
4655	10		rv = 1;
4656
4657			/* end of ASN1_TIME_set_string() reimplementation */
4658
4659	10		ST(0) = sv_newmortal();
4660	10		sv_setiv(ST(0), rv); /* 1 = success, undef = failure */
4661
4662			#endif
4663
4664			int
4665			EVP_PKEY_copy_parameters(to,from)
4666			EVP_PKEY * to
4667			EVP_PKEY * from
4668
4669			EVP_PKEY *
4670			EVP_PKEY_new()
4671
4672			void
4673			EVP_PKEY_free(EVP_PKEY *pkey)
4674
4675			int
4676			EVP_PKEY_assign_RSA(EVP_PKEY pkey, RSA key)
4677
4678			int
4679			EVP_PKEY_bits(EVP_PKEY *pkey)
4680
4681			int
4682			EVP_PKEY_size(EVP_PKEY *pkey)
4683
4684			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
4685
4686			int
4687			EVP_PKEY_id(const EVP_PKEY *pkey)
4688
4689			#endif
4690
4691			void
4692			PEM_get_string_X509(x509)
4693			X509 * x509
4694			PREINIT:
4695			BIO *bp;
4696			int i, n;
4697			char *buf;
4698			CODE:
4699	3		ST(0) = sv_newmortal(); /* undef to start with */
4700	3		bp = BIO_new(BIO_s_mem());
4701	3	50	if (bp && x509) {
		50
4702	3		PEM_write_bio_X509(bp,x509);
4703	3		n = BIO_ctrl_pending(bp);
4704	3		New(0, buf, n, char);
4705	3	50	if (buf) {
4706	3		i = BIO_read(bp,buf,n);
4707	3	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4708	3		Safefree(buf);
4709			}
4710	3		BIO_free(bp);
4711			}
4712
4713			void
4714			PEM_get_string_X509_REQ(x509_req)
4715			X509_REQ * x509_req
4716			PREINIT:
4717			BIO *bp;
4718			int i, n;
4719			char *buf;
4720			CODE:
4721	1		ST(0) = sv_newmortal(); /* undef to start with */
4722	1		bp = BIO_new(BIO_s_mem());
4723	1	50	if (bp && x509_req) {
		50
4724	1		PEM_write_bio_X509_REQ(bp,x509_req);
4725	1		n = BIO_ctrl_pending(bp);
4726	1		New(0, buf, n, char);
4727	1	50	if (buf) {
4728	1		i = BIO_read(bp,buf,n);
4729	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4730	1		Safefree(buf);
4731			}
4732	1		BIO_free(bp);
4733			}
4734
4735			void
4736			PEM_get_string_X509_CRL(x509_crl)
4737			X509_CRL * x509_crl
4738			PREINIT:
4739			BIO *bp;
4740			int i, n;
4741			char *buf;
4742			CODE:
4743	1		ST(0) = sv_newmortal(); /* undef to start with */
4744	1		bp = BIO_new(BIO_s_mem());
4745	1	50	if (bp && x509_crl) {
		50
4746	1		PEM_write_bio_X509_CRL(bp,x509_crl);
4747	1		n = BIO_ctrl_pending(bp);
4748	1		New(0, buf, n, char);
4749	1	50	if (buf) {
4750	1		i = BIO_read(bp,buf,n);
4751	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4752	1		Safefree(buf);
4753			}
4754	1		BIO_free(bp);
4755			}
4756
4757			void
4758			PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
4759			EVP_PKEY * pk
4760			char * passwd
4761			const EVP_CIPHER * enc_alg
4762			PREINIT:
4763			BIO *bp;
4764			int i, n;
4765			char *buf;
4766	6		size_t passwd_len = 0;
4767	6		pem_password_cb * cb = NULL;
4768	6		void * u = NULL;
4769			CODE:
4770	6		ST(0) = sv_newmortal(); /* undef to start with */
4771	6		bp = BIO_new(BIO_s_mem());
4772	6	50	if (bp && pk) {
		50
4773	6	100	if (passwd) passwd_len = strlen(passwd);
4774	6	100	if (passwd_len>0) {
4775			/* encrypted key */
4776	2	100	if (!enc_alg)
4777	1		PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
4778			else
4779	2		PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
4780			}
4781			else {
4782			/* unencrypted key */
4783	4		PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u);
4784			}
4785	6		n = BIO_ctrl_pending(bp);
4786	6		New(0, buf, n, char);
4787	6	50	if (buf) {
4788	6		i = BIO_read(bp,buf,n);
4789	6	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4790	6		Safefree(buf);
4791			}
4792	6		BIO_free(bp);
4793			}
4794
4795			int
4796			CTX_use_PKCS12_file(ctx, file, password=NULL)
4797			SSL_CTX *ctx
4798			char *file
4799			char *password
4800			PREINIT:
4801			PKCS12 *p12;
4802			EVP_PKEY *private_key;
4803			X509 *certificate;
4804			FILE *fp;
4805			CODE:
4806	0		RETVAL = 0;
4807	0	0	if ((fp = fopen (file, "rb"))) {
4808			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4809	0		OPENSSL_add_all_algorithms_noconf();
4810			#else
4811			OpenSSL_add_all_algorithms();
4812			#endif
4813	0	0	if ((p12 = d2i_PKCS12_fp(fp, NULL))) {
4814	0	0	if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) {
4815	0	0	if (private_key) {
4816	0	0	if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1;
4817	0		EVP_PKEY_free(private_key);
4818			}
4819	0	0	if (certificate) {
4820	0	0	if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1;
4821	0		X509_free(certificate);
4822			}
4823			}
4824	0		PKCS12_free(p12);
4825			}
4826	0	0	if (!RETVAL) ERR_print_errors_fp(stderr);
4827	0		fclose(fp);
4828			}
4829			OUTPUT:
4830			RETVAL
4831
4832			void
4833			P_PKCS12_load_file(file, load_chain=0, password=NULL)
4834			char *file
4835			int load_chain
4836			char *password
4837			PREINIT:
4838			PKCS12 *p12;
4839	4		EVP_PKEY *private_key = NULL;
4840	4		X509 *certificate = NULL;
4841	4		STACK_OF(X509) *cachain = NULL;
4842			X509 *x;
4843			FILE *fp;
4844			int i, result;
4845			PPCODE:
4846	4	50	if ((fp = fopen (file, "rb"))) {
4847			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4848	4		OPENSSL_add_all_algorithms_noconf();
4849			#else
4850			OpenSSL_add_all_algorithms();
4851			#endif
4852	4	50	if ((p12 = d2i_PKCS12_fp(fp, NULL))) {
4853	4	100	if(load_chain)
4854	3		result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain);
4855			else
4856	1		result= PKCS12_parse(p12, password, &private_key, &certificate, NULL);
4857	4	50	if (result) {
4858	4	50	if (private_key)
4859	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key))));
4860			else
4861	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4862	4	50	if (certificate)
4863	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate))));
4864			else
4865	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4866	4	100	if (cachain) {
4867	3	100	for (i=0; i
4868	2		x = sk_X509_value(cachain, i);
4869	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
4870			}
4871	1		sk_X509_free(cachain);
4872			}
4873			}
4874	4		PKCS12_free(p12);
4875			}
4876	4		fclose(fp);
4877			}
4878
4879			#ifndef OPENSSL_NO_MD2
4880
4881			void
4882			MD2(data)
4883			PREINIT:
4884			STRLEN len;
4885			unsigned char md[MD2_DIGEST_LENGTH];
4886			unsigned char * ret;
4887			INPUT:
4888			unsigned char* data = (unsigned char *) SvPV( ST(0), len);
4889			CODE:
4890			ret = MD2(data,len,md);
4891			if (ret!=NULL) {
4892			XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
4893			} else {
4894			XSRETURN_UNDEF;
4895			}
4896
4897			#endif
4898
4899			#ifndef OPENSSL_NO_MD4
4900
4901			void
4902			MD4(data)
4903			PREINIT:
4904			STRLEN len;
4905			unsigned char md[MD4_DIGEST_LENGTH];
4906			INPUT:
4907			unsigned char* data = (unsigned char *) SvPV( ST(0), len );
4908			CODE:
4909	9	50	if (MD4(data,len,md)) {
4910	9		XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
4911			} else {
4912	9		XSRETURN_UNDEF;
4913			}
4914
4915			#endif
4916
4917			#ifndef OPENSSL_NO_MD5
4918
4919			void
4920			MD5(data)
4921			PREINIT:
4922			STRLEN len;
4923			unsigned char md[MD5_DIGEST_LENGTH];
4924			INPUT:
4925			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
4926			CODE:
4927	9	50	if (MD5(data,len,md)) {
4928	9		XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
4929			} else {
4930	9		XSRETURN_UNDEF;
4931			}
4932
4933			#endif
4934
4935			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
4936
4937			void
4938			RIPEMD160(data)
4939			PREINIT:
4940			STRLEN len;
4941			unsigned char md[RIPEMD160_DIGEST_LENGTH];
4942			INPUT:
4943			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
4944			CODE:
4945	9	50	if (RIPEMD160(data,len,md)) {
4946	9		XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH);
4947			} else {
4948	9		XSRETURN_UNDEF;
4949			}
4950
4951			#endif
4952
4953			#if !defined(OPENSSL_NO_SHA)
4954
4955			void
4956			SHA1(data)
4957			PREINIT:
4958			STRLEN len;
4959			unsigned char md[SHA_DIGEST_LENGTH];
4960			INPUT:
4961			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
4962			CODE:
4963	8	50	if (SHA1(data,len,md)) {
4964	8		XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH);
4965			} else {
4966	8		XSRETURN_UNDEF;
4967			}
4968
4969			#endif
4970			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
4971
4972			void
4973			SHA256(data)
4974			PREINIT:
4975			STRLEN len;
4976			unsigned char md[SHA256_DIGEST_LENGTH];
4977			INPUT:
4978			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
4979			CODE:
4980	8	50	if (SHA256(data,len,md)) {
4981	8		XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH);
4982			} else {
4983	8		XSRETURN_UNDEF;
4984			}
4985
4986			#endif
4987			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
4988
4989			void
4990			SHA512(data)
4991			PREINIT:
4992			STRLEN len;
4993			unsigned char md[SHA512_DIGEST_LENGTH];
4994			INPUT:
4995			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
4996			CODE:
4997	8	50	if (SHA512(data,len,md)) {
4998	8		XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH);
4999			} else {
5000	8		XSRETURN_UNDEF;
5001			}
5002
5003			#endif
5004
5005			#ifndef OPENSSL_NO_SSL2
5006			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5007
5008			const SSL_METHOD *
5009			SSLv2_method()
5010
5011			#endif
5012			#endif
5013
5014			#ifndef OPENSSL_NO_SSL3
5015
5016			const SSL_METHOD *
5017			SSLv3_method()
5018
5019			#endif
5020
5021			const SSL_METHOD *
5022			SSLv23_method()
5023
5024			const SSL_METHOD *
5025			SSLv23_server_method()
5026
5027			const SSL_METHOD *
5028			SSLv23_client_method()
5029
5030			const SSL_METHOD *
5031			TLSv1_method()
5032
5033			const SSL_METHOD *
5034			TLSv1_server_method()
5035
5036			const SSL_METHOD *
5037			TLSv1_client_method()
5038
5039			#ifdef SSL_TXT_TLSV1_1
5040
5041			const SSL_METHOD *
5042			TLSv1_1_method()
5043
5044			const SSL_METHOD *
5045			TLSv1_1_server_method()
5046
5047			const SSL_METHOD *
5048			TLSv1_1_client_method()
5049
5050			#endif
5051
5052			#ifdef SSL_TXT_TLSV1_2
5053
5054			const SSL_METHOD *
5055			TLSv1_2_method()
5056
5057			const SSL_METHOD *
5058			TLSv1_2_server_method()
5059
5060			const SSL_METHOD *
5061			TLSv1_2_client_method()
5062
5063			#endif
5064
5065
5066			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
5067
5068			const SSL_METHOD *
5069			TLS_method()
5070
5071			const SSL_METHOD *
5072			TLS_server_method()
5073
5074			const SSL_METHOD *
5075			TLS_client_method()
5076
5077			#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */
5078
5079
5080			#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2060000fL)
5081
5082			int
5083			SSL_CTX_set_min_proto_version(ctx, version)
5084			SSL_CTX * ctx
5085			int version
5086
5087			int
5088			SSL_CTX_set_max_proto_version(ctx, version)
5089			SSL_CTX * ctx
5090			int version
5091
5092			int
5093			SSL_set_min_proto_version(ssl, version)
5094			SSL * ssl
5095			int version
5096
5097			int
5098			SSL_set_max_proto_version(ssl, version)
5099			SSL * ssl
5100			int version
5101
5102			#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
5103
5104
5105			#if OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)
5106
5107			int
5108			SSL_CTX_get_min_proto_version(ctx)
5109			SSL_CTX * ctx
5110
5111			int
5112			SSL_CTX_get_max_proto_version(ctx)
5113			SSL_CTX * ctx
5114
5115			int
5116			SSL_get_min_proto_version(ssl)
5117			SSL * ssl
5118
5119			int
5120			SSL_get_max_proto_version(ssl)
5121			SSL * ssl
5122
5123			#endif /* OpenSSL 1.1.0g */
5124
5125
5126			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5127
5128			int
5129			SSL_set_ssl_method(ssl, method)
5130			SSL * ssl
5131			SSL_METHOD * method
5132
5133			#else
5134
5135			int
5136			SSL_set_ssl_method(ssl, method)
5137			SSL * ssl
5138			const SSL_METHOD * method
5139
5140			#endif
5141
5142			const SSL_METHOD *
5143			SSL_get_ssl_method(ssl)
5144			SSL * ssl
5145
5146			#define REM_AUTOMATICALLY_GENERATED_1_09
5147
5148			BIO *
5149			BIO_new_buffer_ssl_connect(ctx)
5150			SSL_CTX * ctx
5151
5152			BIO *
5153			BIO_new_file(filename,mode)
5154			char * filename
5155			char * mode
5156
5157			BIO *
5158			BIO_new_ssl(ctx,client)
5159			SSL_CTX * ctx
5160			int client
5161
5162			BIO *
5163			BIO_new_ssl_connect(ctx)
5164			SSL_CTX * ctx
5165
5166			BIO *
5167			BIO_new(type)
5168			BIO_METHOD * type;
5169
5170			int
5171			BIO_free(bio)
5172			BIO * bio;
5173
5174			void
5175			BIO_read(s,max=32768)
5176			BIO * s
5177			int max
5178			PREINIT:
5179	138		char *buf = NULL;
5180			int got;
5181			CODE:
5182	138		New(0, buf, max, char);
5183	138		ST(0) = sv_newmortal(); /* Undefined to start with */
5184	138	100	if ((got = BIO_read(s, buf, max)) >= 0)
5185	55		sv_setpvn( ST(0), buf, got);
5186	138		Safefree(buf);
5187
5188			int
5189			BIO_write(s,buf)
5190			BIO * s
5191			PREINIT:
5192			STRLEN len;
5193			INPUT:
5194			char * buf = SvPV( ST(1), len);
5195			CODE:
5196	55		RETVAL = BIO_write (s, buf, (int)len);
5197			OUTPUT:
5198			RETVAL
5199
5200			int
5201			BIO_eof(s)
5202			BIO * s
5203
5204			int
5205			BIO_pending(s)
5206			BIO * s
5207
5208			int
5209			BIO_wpending(s)
5210			BIO * s
5211
5212			int
5213			BIO_ssl_copy_session_id(to,from)
5214			BIO * to
5215			BIO * from
5216
5217			void
5218			BIO_ssl_shutdown(ssl_bio)
5219			BIO * ssl_bio
5220
5221			int
5222			SSL_add_client_CA(ssl,x)
5223			SSL * ssl
5224			X509 * x
5225
5226			const char *
5227			SSL_alert_desc_string(value)
5228			int value
5229
5230			const char *
5231			SSL_alert_desc_string_long(value)
5232			int value
5233
5234			const char *
5235			SSL_alert_type_string(value)
5236			int value
5237
5238			const char *
5239			SSL_alert_type_string_long(value)
5240			int value
5241
5242			long
5243			SSL_callback_ctrl(ssl,i,fp)
5244			SSL * ssl
5245			int i
5246			callback_no_ret * fp
5247
5248			int
5249			SSL_check_private_key(ctx)
5250			SSL * ctx
5251
5252			# /* buf and size were required with Net::SSLeay 1.88 and earlier. */
5253			# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */
5254			void
5255			SSL_CIPHER_description(const SSL_CIPHER cipher, char unused_buf=NULL, int unused_size=0)
5256			PREINIT:
5257			char *description;
5258			char buf[512];
5259			PPCODE:
5260	194		description = SSL_CIPHER_description(cipher, buf, sizeof(buf));
5261	194	50	if(description == NULL) {
5262	0		XSRETURN_EMPTY;
5263			}
5264	194	50	XPUSHs(sv_2mortal(newSVpv(description, 0)));
5265
5266			const char *
5267			SSL_CIPHER_get_name(const SSL_CIPHER *c)
5268
5269			int
5270			SSL_CIPHER_get_bits(c, ...)
5271			const SSL_CIPHER * c
5272			CODE:
5273			int alg_bits;
5274	390		RETVAL = SSL_CIPHER_get_bits(c, &alg_bits);
5275	390	50	if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters");
5276	390	100	if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits)));
5277			OUTPUT:
5278			RETVAL
5279
5280			const char *
5281			SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
5282
5283			#ifndef OPENSSL_NO_COMP
5284
5285			int
5286			SSL_COMP_add_compression_method(id,cm)
5287			int id
5288			COMP_METHOD * cm
5289
5290			#endif
5291
5292			int
5293			SSL_CTX_add_client_CA(ctx,x)
5294			SSL_CTX * ctx
5295			X509 * x
5296
5297			long
5298			SSL_CTX_callback_ctrl(ctx,i,fp)
5299			SSL_CTX * ctx
5300			int i
5301			callback_no_ret * fp
5302
5303			int
5304			SSL_CTX_check_private_key(ctx)
5305			SSL_CTX * ctx
5306
5307			void *
5308			SSL_CTX_get_ex_data(ssl,idx)
5309			SSL_CTX * ssl
5310			int idx
5311
5312			int
5313			SSL_CTX_get_quiet_shutdown(ctx)
5314			SSL_CTX * ctx
5315
5316			long
5317			SSL_CTX_get_timeout(ctx)
5318			SSL_CTX * ctx
5319
5320			int
5321			SSL_CTX_get_verify_depth(ctx)
5322			SSL_CTX * ctx
5323
5324			int
5325			SSL_CTX_get_verify_mode(ctx)
5326			SSL_CTX * ctx
5327
5328			void
5329			SSL_CTX_set_cert_store(ctx,store)
5330			SSL_CTX * ctx
5331			X509_STORE * store
5332
5333			X509_STORE *
5334			SSL_CTX_get_cert_store(ctx)
5335			SSL_CTX * ctx
5336
5337			void
5338			SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef)
5339			SSL_CTX * ctx
5340			SV * callback
5341			SV * data
5342			CODE:
5343	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5344	0		SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
5345	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL);
5346	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL);
5347			}
5348			else {
5349	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback));
5350	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data));
5351			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
5352	1		SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx);
5353			#else
5354			SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, (char*)ctx);
5355			#endif
5356			}
5357
5358			X509_NAME_STACK *
5359			SSL_CTX_get_client_CA_list(ctx)
5360			SSL_CTX *ctx
5361
5362			void
5363			SSL_CTX_set_client_CA_list(ctx,list)
5364			SSL_CTX * ctx
5365			X509_NAME_STACK * list
5366
5367			void
5368			SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef)
5369			SSL_CTX * ctx
5370			SV * callback
5371			CODE:
5372	4	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5373	0		SSL_CTX_set_default_passwd_cb(ctx, NULL);
5374	0		SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
5375	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL);
5376			}
5377			else {
5378	4		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback));
5379	4		SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx);
5380	4		SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
5381			}
5382
5383			void
5384			SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef)
5385			SSL_CTX * ctx
5386			SV * data
5387			CODE:
5388			/* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */
5389	2	50	if (data==NULL \|\| !SvOK(data)) {
		50
		0
		0
5390	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL);
5391			}
5392			else {
5393	2		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data));
5394			}
5395
5396			int
5397			SSL_CTX_set_ex_data(ssl,idx,data)
5398			SSL_CTX * ssl
5399			int idx
5400			void * data
5401
5402			int
5403			SSL_CTX_set_purpose(s,purpose)
5404			SSL_CTX * s
5405			int purpose
5406
5407			void
5408			SSL_CTX_set_quiet_shutdown(ctx,mode)
5409			SSL_CTX * ctx
5410			int mode
5411
5412			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5413
5414			int
5415			SSL_CTX_set_ssl_version(ctx,meth)
5416			SSL_CTX * ctx
5417			SSL_METHOD * meth
5418
5419			#else
5420
5421			int
5422			SSL_CTX_set_ssl_version(ctx,meth)
5423			SSL_CTX * ctx
5424			const SSL_METHOD * meth
5425
5426			#endif
5427
5428			long
5429			SSL_CTX_set_timeout(ctx,t)
5430			SSL_CTX * ctx
5431			long t
5432
5433			int
5434			SSL_CTX_set_trust(s,trust)
5435			SSL_CTX * s
5436			int trust
5437
5438			void
5439			SSL_CTX_set_verify_depth(ctx,depth)
5440			SSL_CTX * ctx
5441			int depth
5442
5443			int
5444			SSL_CTX_use_certificate(ctx,x)
5445			SSL_CTX * ctx
5446			X509 * x
5447
5448			int
5449			SSL_CTX_use_certificate_chain_file(ctx,file)
5450			SSL_CTX * ctx
5451			const char * file
5452
5453
5454			#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
5455
5456			int
5457			SSL_use_certificate_chain_file(ssl,file)
5458			SSL * ssl
5459			const char * file
5460
5461			#endif /* OpenSSL 1.1.0 */
5462
5463			int
5464			SSL_CTX_use_PrivateKey(ctx,pkey)
5465			SSL_CTX * ctx
5466			EVP_PKEY * pkey
5467
5468			int
5469			SSL_CTX_use_RSAPrivateKey(ctx,rsa)
5470			SSL_CTX * ctx
5471			RSA * rsa
5472
5473			int
5474			SSL_do_handshake(s)
5475			SSL * s
5476
5477			SSL *
5478			SSL_dup(ssl)
5479			SSL * ssl
5480
5481			const SSL_CIPHER *
5482			SSL_get_current_cipher(s)
5483			SSL * s
5484
5485			long
5486			SSL_get_default_timeout(s)
5487			SSL * s
5488
5489			void *
5490			SSL_get_ex_data(ssl,idx)
5491			SSL * ssl
5492			int idx
5493
5494			size_t
5495			SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5496			SSL *ssl
5497			SV *buf
5498			size_t count
5499			PREINIT:
5500			unsigned char *finished;
5501			size_t finished_len;
5502			CODE:
5503	4		Newx(finished, count, unsigned char);
5504	4		finished_len = SSL_get_finished(ssl, finished, count);
5505	4	100	if (count > finished_len)
5506	3		count = finished_len;
5507	4		sv_setpvn(buf, (const char *)finished, count);
5508	4		Safefree(finished);
5509	4		RETVAL = finished_len;
5510			OUTPUT:
5511			RETVAL
5512
5513			size_t
5514			SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5515			SSL *ssl
5516			SV *buf
5517			size_t count
5518			PREINIT:
5519			unsigned char *finished;
5520			size_t finished_len;
5521			CODE:
5522	4		Newx(finished, count, unsigned char);
5523	4		finished_len = SSL_get_peer_finished(ssl, finished, count);
5524	4	100	if (count > finished_len)
5525	3		count = finished_len;
5526	4		sv_setpvn(buf, (const char *)finished, count);
5527	4		Safefree(finished);
5528	4		RETVAL = finished_len;
5529			OUTPUT:
5530			RETVAL
5531
5532			int
5533			SSL_get_quiet_shutdown(ssl)
5534			SSL * ssl
5535
5536			int
5537			SSL_get_shutdown(ssl)
5538			SSL * ssl
5539
5540			int
5541			SSL_get_verify_depth(s)
5542			SSL * s
5543
5544			int
5545			SSL_get_verify_mode(s)
5546			SSL * s
5547
5548			long
5549			SSL_get_verify_result(ssl)
5550			SSL * ssl
5551
5552			int
5553			SSL_renegotiate(s)
5554			SSL * s
5555
5556			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5557
5558			int
5559			SSL_SESSION_cmp(a,b)
5560			SSL_SESSION * a
5561			SSL_SESSION * b
5562
5563			#endif
5564
5565			void *
5566			SSL_SESSION_get_ex_data(ss,idx)
5567			SSL_SESSION * ss
5568			int idx
5569
5570			long
5571			SSL_SESSION_get_time(s)
5572			SSL_SESSION * s
5573
5574			long
5575			SSL_SESSION_get_timeout(s)
5576			SSL_SESSION * s
5577
5578			int
5579			SSL_SESSION_print_fp(fp,ses)
5580			FILE * fp
5581			SSL_SESSION * ses
5582
5583			int
5584			SSL_SESSION_set_ex_data(ss,idx,data)
5585			SSL_SESSION * ss
5586			int idx
5587			void * data
5588
5589			long
5590			SSL_SESSION_set_time(s,t)
5591			SSL_SESSION * s
5592			long t
5593
5594			long
5595			SSL_SESSION_set_timeout(s,t)
5596			SSL_SESSION * s
5597			long t
5598
5599			void
5600			SSL_set_accept_state(s)
5601			SSL * s
5602
5603			void
5604			sk_X509_NAME_free(sk)
5605			X509_NAME_STACK *sk
5606
5607			int
5608			sk_X509_NAME_num(sk)
5609			X509_NAME_STACK *sk
5610
5611			X509_NAME *
5612			sk_X509_NAME_value(sk,i)
5613			X509_NAME_STACK *sk
5614			int i
5615
5616			X509_NAME_STACK *
5617			SSL_get_client_CA_list(s)
5618			SSL * s
5619
5620			void
5621			SSL_set_client_CA_list(s,list)
5622			SSL * s
5623			X509_NAME_STACK * list
5624
5625			void
5626			SSL_set_connect_state(s)
5627			SSL * s
5628
5629			int
5630			SSL_set_ex_data(ssl,idx,data)
5631			SSL * ssl
5632			int idx
5633			void * data
5634
5635
5636			void
5637			SSL_set_info_callback(ssl,callback,data=&PL_sv_undef)
5638			SSL * ssl
5639			SV * callback
5640			SV * data
5641			CODE:
5642	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5643	0		SSL_set_info_callback(ssl, NULL);
5644	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL);
5645	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL);
5646			} else {
5647	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback));
5648	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data));
5649	1		SSL_set_info_callback(ssl, ssleay_info_cb_invoke);
5650			}
5651
5652			void
5653			SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
5654			SSL_CTX * ctx
5655			SV * callback
5656			SV * data
5657			CODE:
5658	148	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5659	0		SSL_CTX_set_info_callback(ctx, NULL);
5660	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL);
5661	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL);
5662			} else {
5663	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback));
5664	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data));
5665	148		SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
5666			}
5667
5668			void
5669			SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
5670			SSL * ssl
5671			SV * callback
5672			SV * data
5673			CODE:
5674	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5675	1		SSL_set_msg_callback(ssl, NULL);
5676	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
5677	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
5678			} else {
5679	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
5680	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
5681	1		SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
5682			}
5683
5684			void
5685			SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
5686			SSL_CTX * ctx
5687			SV * callback
5688			SV * data
5689			CODE:
5690	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5691	1		SSL_CTX_set_msg_callback(ctx, NULL);
5692	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
5693	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
5694			} else {
5695	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
5696	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
5697	1		SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
5698			}
5699
5700
5701			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
5702
5703			void
5704			SSL_CTX_set_keylog_callback(SSL_CTX ctx, SV callback)
5705			CODE:
5706			if (callback==NULL \|\| !SvOK(callback)) {
5707			SSL_CTX_set_keylog_callback(ctx, NULL);
5708			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL);
5709			} else {
5710			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback));
5711			SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke);
5712			}
5713
5714			SV *
5715			SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
5716			CODE:
5717			SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
5718			/* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */
5719			SvREFCNT_inc(func);
5720			RETVAL = func;
5721			OUTPUT:
5722			RETVAL
5723
5724			#endif
5725
5726
5727			int
5728			SSL_set_purpose(s,purpose)
5729			SSL * s
5730			int purpose
5731
5732			void
5733			SSL_set_quiet_shutdown(ssl,mode)
5734			SSL * ssl
5735			int mode
5736
5737			void
5738			SSL_set_shutdown(ssl,mode)
5739			SSL * ssl
5740			int mode
5741
5742			int
5743			SSL_set_trust(s,trust)
5744			SSL * s
5745			int trust
5746
5747			void
5748			SSL_set_verify_depth(s,depth)
5749			SSL * s
5750			int depth
5751
5752			void
5753			SSL_set_verify_result(ssl,v)
5754			SSL * ssl
5755			long v
5756
5757			int
5758			SSL_shutdown(s)
5759			SSL * s
5760
5761			const char *
5762			SSL_get_version(ssl)
5763			const SSL * ssl
5764
5765			int
5766			SSL_version(ssl)
5767			SSL * ssl
5768
5769			#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */
5770
5771			int
5772			SSL_client_version(ssl)
5773			const SSL * ssl
5774
5775			int
5776			SSL_is_dtls(ssl)
5777			const SSL * ssl
5778
5779			#endif
5780
5781			#define REM_MANUALLY_ADDED_1_09
5782
5783			X509_NAME_STACK *
5784			SSL_load_client_CA_file(file)
5785			const char * file
5786
5787			int
5788			SSL_add_file_cert_subjects_to_stack(stackCAs,file)
5789			X509_NAME_STACK * stackCAs
5790			const char * file
5791
5792			#ifndef WIN32
5793			#ifndef VMS
5794			#ifndef MAC_OS_pre_X
5795
5796			int
5797			SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
5798			X509_NAME_STACK * stackCAs
5799			const char * dir
5800
5801			#endif
5802			#endif
5803			#endif
5804
5805			int
5806			SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5807			long argl
5808			void * argp
5809			CRYPTO_EX_new * new_func
5810			CRYPTO_EX_dup * dup_func
5811			CRYPTO_EX_free * free_func
5812
5813			int
5814			SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
5815			SSL_CTX * ctx
5816			const unsigned char * sid_ctx
5817			unsigned int sid_ctx_len
5818
5819			int
5820			SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
5821			SSL * ssl
5822			const unsigned char * sid_ctx
5823			unsigned int sid_ctx_len
5824
5825			#if OPENSSL_VERSION_NUMBER < 0x10100000L
5826			void
5827			SSL_CTX_set_tmp_rsa_callback(ctx, cb)
5828			SSL_CTX * ctx
5829			cb_ssl_int_int_ret_RSA * cb
5830
5831			void
5832			SSL_set_tmp_rsa_callback(ssl, cb)
5833			SSL * ssl
5834			cb_ssl_int_int_ret_RSA * cb
5835
5836			#endif
5837
5838			void
5839			SSL_CTX_set_tmp_dh_callback(ctx, dh)
5840			SSL_CTX * ctx
5841			cb_ssl_int_int_ret_DH * dh
5842
5843			void
5844			SSL_set_tmp_dh_callback(ssl,dh)
5845			SSL * ssl
5846			cb_ssl_int_int_ret_DH * dh
5847
5848			int
5849			SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5850			long argl
5851			void * argp
5852			CRYPTO_EX_new * new_func
5853			CRYPTO_EX_dup * dup_func
5854			CRYPTO_EX_free * free_func
5855
5856			int
5857			SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5858			long argl
5859			void * argp
5860			CRYPTO_EX_new * new_func
5861			CRYPTO_EX_dup * dup_func
5862			CRYPTO_EX_free * free_func
5863
5864			#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
5865
5866			long
5867			SSL_clear_num_renegotiations(ssl)
5868			SSL * ssl
5869			CODE:
5870	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
5871			OUTPUT:
5872			RETVAL
5873
5874			long
5875			SSL_CTX_add_extra_chain_cert(ctx,x509)
5876			SSL_CTX * ctx
5877			X509 * x509
5878			CODE:
5879	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
5880			OUTPUT:
5881			RETVAL
5882
5883			void *
5884			SSL_CTX_get_app_data(ctx)
5885			SSL_CTX * ctx
5886			CODE:
5887	0		RETVAL = SSL_CTX_get_ex_data(ctx,0);
5888			OUTPUT:
5889			RETVAL
5890
5891			long
5892			SSL_CTX_get_mode(ctx)
5893			SSL_CTX * ctx
5894			CODE:
5895	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
5896			OUTPUT:
5897			RETVAL
5898
5899			long
5900			SSL_CTX_get_read_ahead(ctx)
5901			SSL_CTX * ctx
5902			CODE:
5903	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
5904			OUTPUT:
5905			RETVAL
5906
5907			long
5908			SSL_CTX_get_session_cache_mode(ctx)
5909			SSL_CTX * ctx
5910			CODE:
5911	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
5912			OUTPUT:
5913			RETVAL
5914
5915			#if OPENSSL_VERSION_NUMBER < 0x10100000L
5916			long
5917			SSL_CTX_need_tmp_RSA(ctx)
5918			SSL_CTX * ctx
5919			CODE:
5920	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
5921			OUTPUT:
5922			RETVAL
5923
5924			#endif
5925
5926			int
5927			SSL_CTX_set_app_data(ctx,arg)
5928			SSL_CTX * ctx
5929			char * arg
5930			CODE:
5931	0		RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
5932			OUTPUT:
5933			RETVAL
5934
5935			long
5936			SSL_CTX_set_mode(ctx,op)
5937			SSL_CTX * ctx
5938			long op
5939			CODE:
5940	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
5941			OUTPUT:
5942			RETVAL
5943
5944			long
5945			SSL_CTX_set_read_ahead(ctx,m)
5946			SSL_CTX * ctx
5947			long m
5948			CODE:
5949	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
5950			OUTPUT:
5951			RETVAL
5952
5953			long
5954			SSL_CTX_set_session_cache_mode(ctx,m)
5955			SSL_CTX * ctx
5956			long m
5957			CODE:
5958	6		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
5959			OUTPUT:
5960			RETVAL
5961
5962			long
5963			SSL_CTX_set_tmp_dh(ctx,dh)
5964			SSL_CTX * ctx
5965			DH * dh
5966
5967			#if OPENSSL_VERSION_NUMBER < 0x10100000L
5968			long
5969			SSL_CTX_set_tmp_rsa(ctx,rsa)
5970			SSL_CTX * ctx
5971			RSA * rsa
5972
5973			#endif
5974
5975			#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
5976
5977			EC_KEY *
5978			EC_KEY_new_by_curve_name(nid)
5979			int nid
5980
5981			void
5982			EC_KEY_free(key)
5983			EC_KEY * key
5984
5985			long
5986			SSL_CTX_set_tmp_ecdh(ctx,ecdh)
5987			SSL_CTX * ctx
5988			EC_KEY * ecdh
5989
5990			int
5991			EVP_PKEY_assign_EC_KEY(pkey,key)
5992			EVP_PKEY * pkey
5993			EC_KEY * key
5994
5995
5996			EC_KEY *
5997			EC_KEY_generate_key(curve)
5998			SV *curve;
5999			CODE:
6000	1		EC_GROUP *group = NULL;
6001	1		EC_KEY *eckey = NULL;
6002			int nid;
6003
6004	1		RETVAL = 0;
6005	1	50	if (SvIOK(curve)) {
6006	0	0	nid = SvIV(curve);
6007			} else {
6008	1	50	nid = OBJ_sn2nid(SvPV_nolen(curve));
6009			#if OPENSSL_VERSION_NUMBER > 0x10002000L
6010	1	50	if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
		0
6011			#endif
6012	1	50	if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
		0
6013			}
6014
6015	1		group = EC_GROUP_new_by_curve_name(nid);
6016	1	50	if (!group) croak("unknown curve nid=%d",nid);
6017	1		EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
6018
6019	1		eckey = EC_KEY_new();
6020	1	50	if ( eckey
6021	1	50	&& EC_KEY_set_group(eckey, group)
6022	1	50	&& EC_KEY_generate_key(eckey)) {
6023	1		RETVAL = eckey;
6024			} else {
6025	0	0	if (eckey) EC_KEY_free(eckey);
6026			}
6027	1	50	if (group) EC_GROUP_free(group);
6028
6029			OUTPUT:
6030			RETVAL
6031
6032
6033			#ifdef SSL_CTRL_SET_ECDH_AUTO
6034
6035			long
6036			SSL_CTX_set_ecdh_auto(ctx,onoff)
6037			SSL_CTX * ctx
6038			int onoff
6039
6040			long
6041			SSL_set_ecdh_auto(ssl,onoff)
6042			SSL * ssl
6043			int onoff
6044
6045			#endif
6046
6047			#ifdef SSL_CTRL_SET_CURVES_LIST
6048
6049			long
6050			SSL_CTX_set1_curves_list(ctx,list)
6051			SSL_CTX * ctx
6052			char * list
6053
6054			long
6055			SSL_set1_curves_list(ssl,list)
6056			SSL * ssl
6057			char * list
6058
6059			#endif
6060
6061			#if SSL_CTRL_SET_GROUPS_LIST
6062
6063			long
6064			SSL_CTX_set1_groups_list(ctx,list)
6065			SSL_CTX * ctx
6066			char * list
6067
6068			long
6069			SSL_set1_groups_list(ssl,list)
6070			SSL * ssl
6071			char * list
6072
6073			#endif
6074
6075
6076
6077			#endif
6078
6079			void *
6080			SSL_get_app_data(s)
6081			SSL * s
6082			CODE:
6083	0		RETVAL = SSL_get_ex_data(s,0);
6084			OUTPUT:
6085			RETVAL
6086
6087			int
6088			SSL_get_cipher_bits(s,np=NULL)
6089			SSL * s
6090			int * np
6091			CODE:
6092	0		RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
6093			OUTPUT:
6094			RETVAL
6095
6096			long
6097			SSL_get_mode(ssl)
6098			SSL * ssl
6099			CODE:
6100	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
6101			OUTPUT:
6102			RETVAL
6103
6104			void
6105			SSL_set_state(ssl,state)
6106			SSL * ssl
6107			int state
6108			CODE:
6109			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
6110			/* not available */
6111			#elif defined(OPENSSL_NO_SSL_INTERN)
6112			SSL_set_state(ssl,state);
6113			#else
6114	0		ssl->state = state;
6115			#endif
6116
6117			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6118			long
6119			SSL_need_tmp_RSA(ssl)
6120			SSL * ssl
6121			CODE:
6122	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6123			OUTPUT:
6124			RETVAL
6125
6126
6127			#endif
6128
6129			long
6130			SSL_num_renegotiations(ssl)
6131			SSL * ssl
6132			CODE:
6133	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
6134			OUTPUT:
6135			RETVAL
6136
6137			void *
6138			SSL_SESSION_get_app_data(ses)
6139			SSL_SESSION * ses
6140			CODE:
6141	0		RETVAL = SSL_SESSION_get_ex_data(ses,0);
6142			OUTPUT:
6143			RETVAL
6144
6145			long
6146			SSL_session_reused(ssl)
6147			SSL * ssl
6148
6149			int
6150			SSL_SESSION_set_app_data(s,a)
6151			SSL_SESSION * s
6152			void * a
6153			CODE:
6154	0		RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
6155			OUTPUT:
6156			RETVAL
6157
6158			int
6159			SSL_set_app_data(s,arg)
6160			SSL * s
6161			void * arg
6162			CODE:
6163	0		RETVAL = SSL_set_ex_data(s,0,(char *)arg);
6164			OUTPUT:
6165			RETVAL
6166
6167			long
6168			SSL_set_mode(ssl,op)
6169			SSL * ssl
6170			long op
6171			CODE:
6172	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
6173			OUTPUT:
6174			RETVAL
6175
6176			int
6177			SSL_set_pref_cipher(s,n)
6178			SSL * s
6179			const char * n
6180			CODE:
6181	0		RETVAL = SSL_set_cipher_list(s,n);
6182			OUTPUT:
6183			RETVAL
6184
6185			long
6186			SSL_set_tmp_dh(ssl,dh)
6187			SSL * ssl
6188			DH * dh
6189
6190			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6191			long
6192			SSL_set_tmp_rsa(ssl,rsa)
6193			SSL * ssl
6194			char * rsa
6195			CODE:
6196	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
6197			OUTPUT:
6198			RETVAL
6199
6200			#endif
6201
6202			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6203
6204			RSA *
6205			RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6206			int bits
6207			unsigned long ee
6208			SV* perl_cb
6209			SV* perl_data
6210			PREINIT:
6211	8		simple_cb_data_t* cb_data = NULL;
6212			CODE:
6213			/* openssl 0.9.8 deprecated RSA_generate_key. */
6214			/* This equivalent was contributed by Brian Fraser for Android, */
6215			/* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */
6216			/* It should now be more versatile. */
6217			/* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
6218			/* instead BN_EGNCB_new() has to be used. */
6219			int rc;
6220			RSA * ret;
6221			BIGNUM *e;
6222	8		e = BN_new();
6223	8	50	if(!e)
6224	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
6225	8		BN_set_word(e, ee);
6226	8		cb_data = simple_cb_data_new(perl_cb, perl_data);
6227
6228	8		ret = RSA_new();
6229	8	50	if(!ret) {
6230	0		simple_cb_data_free(cb_data);
6231	0		BN_free(e);
6232	0		croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
6233			}
6234			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6235			BN_GENCB *new_cb;
6236			new_cb = BN_GENCB_new();
6237			if(!new_cb) {
6238			simple_cb_data_free(cb_data);
6239			BN_free(e);
6240			RSA_free(ret);
6241			croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n");
6242			}
6243			BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6244			rc = RSA_generate_key_ex(ret, bits, e, new_cb);
6245			BN_GENCB_free(new_cb);
6246			#else
6247			BN_GENCB new_cb;
6248	8		BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6249	8		rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
6250			#endif
6251	7		simple_cb_data_free(cb_data);
6252	7		BN_free(e);
6253	7	50	if (rc == -1 \|\| ret == NULL) {
		50
6254	0	0	if (ret) RSA_free(ret);
6255	0		croak("Net::SSLeay: Couldn't generate RSA key");
6256			}
6257	7		e = NULL;
6258	7		RETVAL = ret;
6259			OUTPUT:
6260			RETVAL
6261
6262			#else
6263
6264			RSA *
6265			RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6266			int bits
6267			unsigned long e
6268			SV* perl_cb
6269			SV* perl_data
6270			PREINIT:
6271			simple_cb_data_t* cb = NULL;
6272			CODE:
6273			cb = simple_cb_data_new(perl_cb, perl_data);
6274			RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
6275			simple_cb_data_free(cb);
6276			OUTPUT:
6277			RETVAL
6278
6279			#endif
6280
6281			#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
6282
6283			void
6284			RSA_get_key_parameters(rsa)
6285			RSA * rsa
6286			PPCODE:
6287			{
6288			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6289	1	50	XPUSHs(bn2sv(rsa->n));
6290	1	50	XPUSHs(bn2sv(rsa->e));
6291	1	50	XPUSHs(bn2sv(rsa->d));
6292	1	50	XPUSHs(bn2sv(rsa->p));
6293	1	50	XPUSHs(bn2sv(rsa->q));
6294	1	50	XPUSHs(bn2sv(rsa->dmp1));
6295	1	50	XPUSHs(bn2sv(rsa->dmq1));
6296	1	50	XPUSHs(bn2sv(rsa->iqmp));
6297			}
6298
6299			#endif
6300
6301			void
6302			RSA_free(r)
6303			RSA * r
6304
6305			X509 *
6306			X509_new()
6307
6308			void
6309			X509_free(a)
6310			X509 * a
6311
6312			X509_CRL *
6313			d2i_X509_CRL_bio(BIO bp,void unused=NULL)
6314
6315			X509_REQ *
6316			d2i_X509_REQ_bio(BIO bp,void unused=NULL)
6317
6318			X509 *
6319			d2i_X509_bio(BIO bp,void unused=NULL)
6320
6321			DH *
6322			PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
6323			BIO * bio
6324			void * x
6325			pem_password_cb * cb
6326			void * u
6327
6328			X509_CRL *
6329			PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
6330			BIO * bio
6331			void * x
6332			pem_password_cb * cb
6333			void * u
6334
6335			X509 *
6336			PEM_read_bio_X509(BIO bio,void x=NULL,void cb=NULL,void u=NULL)
6337
6338			STACK_OF(X509_INFO) *
6339			PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL)
6340			BIO * bio
6341			STACK_OF(X509_INFO) * stack
6342			pem_password_cb * cb
6343			void * u
6344
6345			int
6346			sk_X509_INFO_num(stack)
6347			STACK_OF(X509_INFO) * stack
6348
6349			X509_INFO *
6350			sk_X509_INFO_value(stack, index)
6351			const STACK_OF(X509_INFO) * stack
6352			int index
6353
6354			void
6355			sk_X509_INFO_free(stack)
6356			STACK_OF(X509_INFO) * stack
6357
6358			STACK_OF(X509) *
6359			sk_X509_new_null()
6360
6361			void
6362			sk_X509_free(stack)
6363			STACK_OF(X509) * stack
6364
6365			int
6366			sk_X509_push(stack, data)
6367			STACK_OF(X509) * stack
6368			X509 * data
6369
6370			X509 *
6371			sk_X509_pop(stack)
6372			STACK_OF(X509) * stack
6373
6374			X509 *
6375			sk_X509_shift(stack)
6376			STACK_OF(X509) * stack
6377
6378			int
6379			sk_X509_unshift(stack,x509)
6380			STACK_OF(X509) * stack
6381			X509 * x509
6382
6383			int
6384			sk_X509_insert(stack,x509,index)
6385			STACK_OF(X509) * stack
6386			X509 * x509
6387			int index
6388
6389			X509 *
6390			sk_X509_delete(stack,index)
6391			STACK_OF(X509) * stack
6392			int index
6393
6394			X509 *
6395			sk_X509_value(stack,index)
6396			STACK_OF(X509) * stack
6397			int index
6398
6399			int
6400			sk_X509_num(stack)
6401			STACK_OF(X509) * stack
6402
6403			X509 *
6404			P_X509_INFO_get_x509(info)
6405			X509_INFO * info
6406			CODE:
6407	3		RETVAL = info->x509;
6408			OUTPUT:
6409			RETVAL
6410
6411			X509_REQ *
6412			PEM_read_bio_X509_REQ(BIO bio,void x=NULL,pem_password_cb cb=NULL,void u=NULL)
6413
6414			EVP_PKEY *
6415			PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6416			BIO *bio
6417			SV* perl_cb
6418			SV* perl_data
6419			PREINIT:
6420	8		simple_cb_data_t* cb = NULL;
6421			CODE:
6422	8		RETVAL = 0;
6423	8	100	if (SvOK(perl_cb)) {
		50
		50
6424			/* setup our callback */
6425	2		cb = simple_cb_data_new(perl_cb, perl_data);
6426	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb);
6427	2		simple_cb_data_free(cb);
6428			}
6429	6	50	else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) {
		50
		50
		100
		50
		50
		50
6430			/* use perl_data as the password */
6431	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data));
6432			}
6433	4	50	else if (!SvOK(perl_cb) && !SvOK(perl_data)) {
		50
		50
		50
		50
		50
6434			/* will trigger default password callback */
6435	4		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
6436			}
6437			OUTPUT:
6438			RETVAL
6439
6440			void
6441			DH_free(dh)
6442			DH * dh
6443
6444			long
6445			SSL_total_renegotiations(ssl)
6446			SSL * ssl
6447			CODE:
6448	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
6449			OUTPUT:
6450			RETVAL
6451
6452			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6453			void
6454			SSL_SESSION_get_master_key(s)
6455			SSL_SESSION * s
6456			PREINIT:
6457			size_t master_key_length;
6458			unsigned char* master_key;
6459			CODE:
6460			ST(0) = sv_newmortal(); /* Undefined to start with */
6461			master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
6462			New(0, master_key, master_key_length, unsigned char);
6463			SSL_SESSION_get_master_key(s, master_key, master_key_length);
6464			sv_setpvn(ST(0), (const char*)master_key, master_key_length);
6465			Safefree(master_key);
6466
6467			#else
6468			void
6469			SSL_SESSION_get_master_key(s)
6470			SSL_SESSION * s
6471			CODE:
6472	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6473	0		sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
6474
6475			#endif
6476
6477			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6478
6479			void
6480			SSL_SESSION_set_master_key(s,key)
6481			SSL_SESSION * s
6482			PREINIT:
6483			STRLEN len;
6484			INPUT:
6485			char * key = SvPV(ST(1), len);
6486			CODE:
6487	0		memcpy(s->master_key, key, len);
6488	0		s->master_key_length = len;
6489
6490			#endif
6491
6492			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6493
6494			void
6495			SSL_get_client_random(s)
6496			SSL * s
6497			PREINIT:
6498			size_t random_length;
6499			unsigned char* random_data;
6500			CODE:
6501			ST(0) = sv_newmortal(); /* Undefined to start with */
6502			random_length = SSL_get_client_random(s, 0, 0); /* get the length */
6503			New(0, random_data, random_length, unsigned char);
6504			SSL_get_client_random(s, random_data, random_length);
6505			sv_setpvn(ST(0), (const char*)random_data, random_length);
6506			Safefree(random_data);
6507
6508			#else
6509
6510			void
6511			SSL_get_client_random(s)
6512			SSL * s
6513			CODE:
6514	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6515	0		sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
6516
6517			#endif
6518
6519			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6520
6521			void
6522			SSL_get_server_random(s)
6523			SSL * s
6524			PREINIT:
6525			size_t random_length;
6526			unsigned char* random_data;
6527			CODE:
6528			ST(0) = sv_newmortal(); /* Undefined to start with */
6529			random_length = SSL_get_server_random(s, 0, 0); /* get the length */
6530			New(0, random_data, random_length, unsigned char);
6531			SSL_get_server_random(s, random_data, random_length);
6532			sv_setpvn(ST(0), (const char*)random_data, random_length);
6533			Safefree(random_data);
6534
6535			#else
6536
6537			void
6538			SSL_get_server_random(s)
6539			SSL * s
6540			CODE:
6541	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6542	0		sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
6543
6544			#endif
6545
6546			int
6547			SSL_get_keyblock_size(s)
6548			SSL * s
6549			CODE:
6550			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6551			const SSL_CIPHER *ssl_cipher;
6552			int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
6553			const EVP_CIPHER *c = NULL;
6554			const EVP_MD *h = NULL;
6555
6556			ssl_cipher = SSL_get_current_cipher(s);
6557			if (ssl_cipher)
6558			cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
6559			if (cipher != NID_undef)
6560			c = EVP_get_cipherbynid(cipher);
6561
6562			if (ssl_cipher)
6563			digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
6564			if (digest != NID_undef) /* No digest if e.g., AEAD cipher */
6565			h = EVP_get_digestbynid(digest);
6566			if (h)
6567			mac_secret_size = EVP_MD_size(h);
6568
6569			RETVAL = -1;
6570			if (c)
6571			RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size +
6572			EVP_CIPHER_iv_length(c));
6573			#else
6574	1	50	if (s == NULL \|\|
		50
6575	1	50	s->enc_read_ctx == NULL \|\|
6576	1	50	s->enc_read_ctx->cipher == NULL \|\|
6577	1		s->read_hash == NULL)
6578			{
6579	0		RETVAL = -1;
6580			}
6581			else
6582			{
6583			const EVP_CIPHER *c;
6584			const EVP_MD *h;
6585	1		int md_size = -1;
6586	1		c = s->enc_read_ctx->cipher;
6587			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
6588	1		h = NULL;
6589	1	50	if (s->s3)
6590	1		md_size = s->s3->tmp.new_mac_secret_size;
6591			#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
6592			h = EVP_MD_CTX_md(s->read_hash);
6593			md_size = EVP_MD_size(h);
6594			#else
6595			h = s->read_hash;
6596			md_size = EVP_MD_size(h);
6597			#endif
6598			/* No digest if e.g., AEAD cipher */
6599	2		RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) +
6600	1		md_size +
6601	1		EVP_CIPHER_iv_length(c)))
6602	2	50	: -1;
6603			}
6604			#endif
6605
6606			OUTPUT:
6607			RETVAL
6608
6609
6610
6611			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION)
6612			int
6613			SSL_set_hello_extension(s, type, data)
6614			SSL * s
6615			int type
6616			PREINIT:
6617			STRLEN len;
6618			INPUT:
6619			char * data = SvPV( ST(2), len);
6620			CODE:
6621			RETVAL = SSL_set_hello_extension(s, type, data, len);
6622			OUTPUT:
6623			RETVAL
6624
6625			#endif
6626
6627			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) \|\| defined(SSL_F_SSL_SET_SESSION_TICKET_EXT)
6628
6629			void
6630			SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef)
6631			SSL * s
6632			SV * callback
6633			SV * data
6634			CODE:
6635	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6636	0		SSL_set_session_secret_cb(s, NULL, NULL);
6637	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL);
6638	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL);
6639			}
6640			else {
6641	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
6642	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
6643	0		SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
6644			}
6645
6646			#endif
6647
6648			#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
6649
6650			void
6651			SSL_set_psk_client_callback(s,callback=&PL_sv_undef)
6652			SSL * s
6653			SV * callback
6654			CODE:
6655	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6656	0		SSL_set_psk_client_callback(s, NULL);
6657	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL);
6658			}
6659			else {
6660	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback));
6661	0		SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke);
6662			}
6663
6664			void
6665			SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef)
6666			SSL_CTX * ctx
6667			SV * callback
6668			CODE:
6669	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6670	0		SSL_CTX_set_psk_client_callback(ctx, NULL);
6671	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL);
6672			}
6673			else {
6674	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback));
6675	0		SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke);
6676			}
6677
6678			#endif
6679
6680			#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB
6681
6682			void
6683			SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
6684			SSL_CTX * ctx
6685			SV * callback
6686			SV * data
6687			CODE:
6688	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
6689	0		SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL);
6690	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL);
6691	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL);
6692			}
6693			else {
6694	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback));
6695	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data));
6696	3		SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke);
6697			}
6698
6699
6700			#endif
6701
6702
6703			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
6704			#define REM11 "NOTE: before 0.9.7"
6705
6706			int EVP_add_digest(EVP_MD *digest)
6707
6708			#else
6709
6710			int EVP_add_digest(const EVP_MD *digest)
6711
6712			#endif
6713
6714			#ifndef OPENSSL_NO_SHA
6715
6716			const EVP_MD *EVP_sha1()
6717
6718			#endif
6719			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6720
6721			const EVP_MD *EVP_sha256()
6722
6723			#endif
6724			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6725
6726			const EVP_MD *EVP_sha512()
6727
6728			#endif
6729			void OpenSSL_add_all_digests()
6730
6731			const EVP_MD * EVP_get_digestbyname(const char *name)
6732
6733			int EVP_MD_type(const EVP_MD *md)
6734
6735			int EVP_MD_size(const EVP_MD *md)
6736
6737			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
6738
6739			SV*
6740			P_EVP_MD_list_all()
6741			INIT:
6742			AV * results;
6743			CODE:
6744	2		results = (AV )sv_2mortal((SV )newAV());
6745	2		EVP_MD_do_all_sorted(handler_list_md_fn, results);
6746	2		RETVAL = newRV((SV *)results);
6747			OUTPUT:
6748			RETVAL
6749
6750			#endif
6751
6752			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6753			#define REM16 "NOTE: requires 0.9.7+"
6754
6755			const EVP_MD EVP_MD_CTX_md(const EVP_MD_CTX ctx)
6756
6757			EVP_MD_CTX *EVP_MD_CTX_create()
6758
6759			int EVP_DigestInit(EVP_MD_CTX ctx, const EVP_MD type)
6760
6761			int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
6762
6763			void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
6764
6765			void
6766			EVP_DigestUpdate(ctx,data)
6767			PREINIT:
6768			STRLEN len;
6769			INPUT:
6770			EVP_MD_CTX ctx = INT2PTR(EVP_MD_CTX , SvIV(ST(0)));
6771			unsigned char data = (unsigned char ) SvPV(ST(1), len);
6772			CODE:
6773	9138		XSRETURN_IV(EVP_DigestUpdate(ctx,data,len));
6774
6775			void
6776			EVP_DigestFinal(ctx)
6777			EVP_MD_CTX *ctx
6778			INIT:
6779			unsigned char md[EVP_MAX_MD_SIZE];
6780			unsigned int md_size;
6781			CODE:
6782	57	50	if (EVP_DigestFinal(ctx,md,&md_size))
6783	57		XSRETURN_PVN((char *)md, md_size);
6784			else
6785	57		XSRETURN_UNDEF;
6786
6787			void
6788			EVP_DigestFinal_ex(ctx)
6789			EVP_MD_CTX *ctx
6790			INIT:
6791			unsigned char md[EVP_MAX_MD_SIZE];
6792			unsigned int md_size;
6793			CODE:
6794	9	50	if (EVP_DigestFinal_ex(ctx,md,&md_size))
6795	9		XSRETURN_PVN((char *)md, md_size);
6796			else
6797	9		XSRETURN_UNDEF;
6798
6799			void
6800			EVP_Digest(...)
6801			PREINIT:
6802			STRLEN len;
6803			unsigned char md[EVP_MAX_MD_SIZE];
6804			unsigned int md_size;
6805			INPUT:
6806			unsigned char data = (unsigned char ) SvPV(ST(0), len);
6807			EVP_MD type = INT2PTR(EVP_MD , SvIV(ST(1)));
6808			ENGINE impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE , SvIV(ST(2))) : NULL;
6809			CODE:
6810	48	50	if (EVP_Digest(data,len,md,&md_size,type,impl))
6811	48		XSRETURN_PVN((char *)md, md_size);
6812			else
6813	48		XSRETURN_UNDEF;
6814
6815			#endif
6816
6817			const EVP_CIPHER *
6818			EVP_get_cipherbyname(const char *name)
6819
6820			void
6821			OpenSSL_add_all_algorithms()
6822
6823			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6824
6825			void
6826			OPENSSL_add_all_algorithms_noconf()
6827
6828			void
6829			OPENSSL_add_all_algorithms_conf()
6830
6831			#endif
6832
6833			#if OPENSSL_VERSION_NUMBER >= 0x10000003L
6834
6835			int
6836			SSL_CTX_set1_param(ctx, vpm)
6837			SSL_CTX * ctx
6838			X509_VERIFY_PARAM *vpm
6839
6840			int
6841			SSL_set1_param(ctx, vpm)
6842			SSL * ctx
6843			X509_VERIFY_PARAM *vpm
6844
6845			#endif
6846
6847			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6848
6849			X509_VERIFY_PARAM *
6850			X509_VERIFY_PARAM_new()
6851
6852			void
6853			X509_VERIFY_PARAM_free(param)
6854			X509_VERIFY_PARAM *param
6855
6856			int
6857			X509_VERIFY_PARAM_inherit(to, from)
6858			X509_VERIFY_PARAM *to
6859			X509_VERIFY_PARAM *from
6860
6861			int
6862			X509_VERIFY_PARAM_set1(to, from)
6863			X509_VERIFY_PARAM *to
6864			X509_VERIFY_PARAM *from
6865
6866			int
6867			X509_VERIFY_PARAM_set1_name(param, name)
6868			X509_VERIFY_PARAM *param
6869			const char *name
6870
6871			int
6872			X509_VERIFY_PARAM_set_flags(param, flags)
6873			X509_VERIFY_PARAM *param
6874			unsigned long flags
6875
6876			#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
6877			#define REM13 "NOTE: requires 0.9.8a+"
6878
6879			int
6880			X509_VERIFY_PARAM_clear_flags(param, flags)
6881			X509_VERIFY_PARAM *param
6882			unsigned long flags
6883
6884			unsigned long
6885			X509_VERIFY_PARAM_get_flags(param)
6886			X509_VERIFY_PARAM *param
6887
6888			#endif
6889
6890			int
6891			X509_VERIFY_PARAM_set_purpose(param, purpose)
6892			X509_VERIFY_PARAM *param
6893			int purpose
6894
6895			int
6896			X509_VERIFY_PARAM_set_trust(param, trust)
6897			X509_VERIFY_PARAM *param
6898			int trust
6899
6900			void
6901			X509_VERIFY_PARAM_set_depth(param, depth)
6902			X509_VERIFY_PARAM *param
6903			int depth
6904
6905			void
6906			X509_VERIFY_PARAM_set_time(param, t)
6907			X509_VERIFY_PARAM *param
6908			time_t t
6909
6910			int
6911			X509_VERIFY_PARAM_add0_policy(param, policy)
6912			X509_VERIFY_PARAM *param
6913			ASN1_OBJECT *policy
6914
6915			int
6916			X509_VERIFY_PARAM_set1_policies(param, policies)
6917			X509_VERIFY_PARAM *param
6918			STACK_OF(ASN1_OBJECT) *policies
6919
6920			int
6921			X509_VERIFY_PARAM_get_depth(param)
6922			X509_VERIFY_PARAM *param
6923
6924			int
6925			X509_VERIFY_PARAM_add0_table(param)
6926			X509_VERIFY_PARAM *param
6927
6928			const X509_VERIFY_PARAM *
6929			X509_VERIFY_PARAM_lookup(name)
6930			const char *name
6931
6932			void
6933			X509_VERIFY_PARAM_table_cleanup()
6934
6935			#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
6936
6937			X509_VERIFY_PARAM *
6938			SSL_CTX_get0_param(ctx)
6939			SSL_CTX * ctx
6940
6941			X509_VERIFY_PARAM *
6942			SSL_get0_param(ssl)
6943			SSL * ssl
6944
6945			int
6946			X509_VERIFY_PARAM_set1_host(param, name)
6947			X509_VERIFY_PARAM *param
6948			PREINIT:
6949			STRLEN namelen;
6950			INPUT:
6951			const char * name = SvPV(ST(1), namelen);
6952			CODE:
6953	2		RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen);
6954			OUTPUT:
6955			RETVAL
6956
6957			int
6958			X509_VERIFY_PARAM_set1_email(param, email)
6959			X509_VERIFY_PARAM *param
6960			PREINIT:
6961			STRLEN emaillen;
6962			INPUT:
6963			const char * email = SvPV(ST(1), emaillen);
6964			CODE:
6965	2		RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen);
6966			OUTPUT:
6967			RETVAL
6968
6969			int
6970			X509_VERIFY_PARAM_set1_ip(param, ip)
6971			X509_VERIFY_PARAM *param
6972			PREINIT:
6973			STRLEN iplen;
6974			INPUT:
6975			const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen);
6976			CODE:
6977	6		RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen);
6978			OUTPUT:
6979			RETVAL
6980
6981			int
6982			X509_VERIFY_PARAM_set1_ip_asc(param, ipasc)
6983			X509_VERIFY_PARAM *param
6984			const char *ipasc
6985
6986			#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
6987
6988			#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
6989
6990			int
6991			X509_VERIFY_PARAM_add1_host(param, name)
6992			X509_VERIFY_PARAM *param
6993			PREINIT:
6994			STRLEN namelen;
6995			INPUT:
6996			const char * name = SvPV(ST(1), namelen);
6997			CODE:
6998	1		RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen);
6999			OUTPUT:
7000			RETVAL
7001
7002			void
7003			X509_VERIFY_PARAM_set_hostflags(param, flags)
7004			X509_VERIFY_PARAM *param
7005			unsigned int flags
7006
7007			char *
7008			X509_VERIFY_PARAM_get0_peername(param)
7009			X509_VERIFY_PARAM *param
7010
7011			#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7012
7013			void
7014			X509_policy_tree_free(tree)
7015			X509_POLICY_TREE *tree
7016
7017			int
7018			X509_policy_tree_level_count(tree)
7019			X509_POLICY_TREE *tree
7020
7021			X509_POLICY_LEVEL *
7022			X509_policy_tree_get0_level(tree, i)
7023			X509_POLICY_TREE *tree
7024			int i
7025
7026			STACK_OF(X509_POLICY_NODE) *
7027			X509_policy_tree_get0_policies(tree)
7028			X509_POLICY_TREE *tree
7029
7030			STACK_OF(X509_POLICY_NODE) *
7031			X509_policy_tree_get0_user_policies(tree)
7032			X509_POLICY_TREE *tree
7033
7034			int
7035			X509_policy_level_node_count(level)
7036			X509_POLICY_LEVEL *level
7037
7038			X509_POLICY_NODE *
7039			X509_policy_level_get0_node(level, i)
7040			X509_POLICY_LEVEL *level
7041			int i
7042
7043			const ASN1_OBJECT *
7044			X509_policy_node_get0_policy(node)
7045			const X509_POLICY_NODE *node
7046
7047			STACK_OF(POLICYQUALINFO) *
7048			X509_policy_node_get0_qualifiers(node)
7049			X509_POLICY_NODE *node
7050
7051			const X509_POLICY_NODE *
7052			X509_policy_node_get0_parent(node)
7053			const X509_POLICY_NODE *node
7054
7055			#endif
7056
7057			ASN1_OBJECT *
7058			OBJ_dup(o)
7059			ASN1_OBJECT *o
7060
7061			ASN1_OBJECT *
7062			OBJ_nid2obj(n)
7063			int n
7064
7065			const char *
7066			OBJ_nid2ln(n)
7067			int n
7068
7069			const char *
7070			OBJ_nid2sn(n)
7071			int n
7072
7073			int
7074			OBJ_obj2nid(o)
7075			ASN1_OBJECT *o
7076
7077			ASN1_OBJECT *
7078			OBJ_txt2obj(s, no_name=0)
7079			const char *s
7080			int no_name
7081
7082			void
7083			OBJ_obj2txt(a, no_name=0)
7084			ASN1_OBJECT *a
7085			int no_name
7086			PREINIT:
7087			char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
7088			int len;
7089			CODE:
7090	73		len = OBJ_obj2txt(buf, sizeof(buf), a, no_name);
7091	73		ST(0) = sv_newmortal();
7092	73		sv_setpvn(ST(0), buf, len);
7093
7094			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
7095			#define REM14 "NOTE: before 0.9.7"
7096
7097			int
7098			OBJ_txt2nid(s)
7099			char *s
7100
7101			#else
7102
7103			int
7104			OBJ_txt2nid(s)
7105			const char *s
7106
7107			#endif
7108
7109			int
7110			OBJ_ln2nid(s)
7111			const char *s
7112
7113			int
7114			OBJ_sn2nid(s)
7115			const char *s
7116
7117			int
7118			OBJ_cmp(a, b)
7119			ASN1_OBJECT *a
7120			ASN1_OBJECT *b
7121
7122			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
7123
7124			void
7125			X509_pubkey_digest(data,type)
7126			const X509 *data
7127			const EVP_MD *type
7128			PREINIT:
7129			unsigned char md[EVP_MAX_MD_SIZE];
7130			unsigned int md_size;
7131			PPCODE:
7132	4	50	if (X509_pubkey_digest(data,type,md,&md_size))
7133	4		XSRETURN_PVN((char *)md, md_size);
7134			else
7135	4		XSRETURN_UNDEF;
7136
7137			#endif
7138
7139			void
7140			X509_digest(data,type)
7141			const X509 *data
7142			const EVP_MD *type
7143			PREINIT:
7144			unsigned char md[EVP_MAX_MD_SIZE];
7145			unsigned int md_size;
7146			PPCODE:
7147	4	50	if (X509_digest(data,type,md,&md_size))
7148	4		XSRETURN_PVN((char *)md, md_size);
7149	4		XSRETURN_UNDEF;
7150
7151			void
7152			X509_CRL_digest(data,type)
7153			const X509_CRL *data
7154			const EVP_MD *type
7155			PREINIT:
7156			unsigned char md[EVP_MAX_MD_SIZE];
7157			unsigned int md_size;
7158			PPCODE:
7159	1	50	if (X509_CRL_digest(data,type,md,&md_size))
7160	1		XSRETURN_PVN((char *)md, md_size);
7161	1		XSRETURN_UNDEF;
7162
7163			void
7164			X509_REQ_digest(data,type)
7165			const X509_REQ *data
7166			const EVP_MD *type
7167			PREINIT:
7168			unsigned char md[EVP_MAX_MD_SIZE];
7169			unsigned int md_size;
7170			PPCODE:
7171	1	50	if (X509_REQ_digest(data,type,md,&md_size))
7172	1		XSRETURN_PVN((char *)md, md_size);
7173	1		XSRETURN_UNDEF;
7174
7175			void
7176			X509_NAME_digest(data,type)
7177			const X509_NAME *data
7178			const EVP_MD *type
7179			PREINIT:
7180			unsigned char md[EVP_MAX_MD_SIZE];
7181			unsigned int md_size;
7182			PPCODE:
7183	0	0	if (X509_NAME_digest(data,type,md,&md_size))
7184	0		XSRETURN_PVN((char *)md, md_size);
7185	0		XSRETURN_UNDEF;
7186
7187			unsigned long
7188			X509_subject_name_hash(X509 *x)
7189
7190			unsigned long
7191			X509_issuer_name_hash(X509 *a)
7192
7193			unsigned long
7194			X509_issuer_and_serial_hash(X509 *a)
7195
7196			ASN1_OBJECT *
7197			P_X509_get_signature_alg(x)
7198			X509 * x
7199			CODE:
7200			#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
7201			RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
7202			#else
7203	4		RETVAL = (x->cert_info->signature->algorithm);
7204			#endif
7205			OUTPUT:
7206			RETVAL
7207
7208			ASN1_OBJECT *
7209			P_X509_get_pubkey_alg(x)
7210			X509 * x
7211			PREINIT:
7212			CODE:
7213			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7214			{
7215			X509_ALGOR * algor;
7216			X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
7217			RETVAL = (algor->algorithm);
7218			}
7219			#else
7220	4		RETVAL = (x->cert_info->key->algor->algorithm);
7221			#endif
7222			OUTPUT:
7223			RETVAL
7224
7225			void
7226			X509_get_X509_PUBKEY(x)
7227			const X509 *x
7228			PPCODE:
7229			X509_PUBKEY *pkey;
7230			STRLEN len;
7231			unsigned char pc, pi;
7232	1	50	if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate");
7233	1	50	if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key");
7234	1		Newx(pc,len,unsigned char);
7235	1	50	if (!pc) croak("out of memory");
7236	1		pi = pc;
7237	1		i2d_X509_PUBKEY(pkey, &pi);
7238	1	50	if (pi-pc != len) croak("invalid encoded length");
7239	1	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7240	1		Safefree(pc);
7241
7242			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
7243
7244			int
7245			SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef)
7246			SSL_CTX * ctx
7247			SV * callback
7248			SV * data
7249			CODE:
7250	1		RETVAL = 1;
7251	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7252	0		SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL);
7253	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7254	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL);
7255			PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n");
7256			}
7257	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7258			/* callback param array ref like ['proto1','proto2'] */
7259	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7260	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback));
7261	1		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7262			PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx);
7263			}
7264	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7265	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback));
7266	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data));
7267	0		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7268			PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx);
7269			}
7270			else {
7271	0		RETVAL = 0;
7272			}
7273			OUTPUT:
7274			RETVAL
7275
7276			int
7277			SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef)
7278			SSL_CTX * ctx
7279			SV * callback
7280			SV * data
7281			CODE:
7282	1		RETVAL = 1;
7283	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7284	0		SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL);
7285	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7286	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL);
7287			PR1("SSL_CTX_set_next_proto_select_cb - undef\n");
7288			}
7289	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7290			/* callback param array ref like ['proto1','proto2'] */
7291	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7292	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback));
7293	1		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7294			PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx);
7295			}
7296	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7297	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback));
7298	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data));
7299	0		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7300			PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx);
7301			}
7302			else {
7303	0		RETVAL = 0;
7304			}
7305			OUTPUT:
7306			RETVAL
7307
7308			void
7309			P_next_proto_negotiated(s)
7310			const SSL *s
7311			PREINIT:
7312			const unsigned char *data;
7313			unsigned int len;
7314			PPCODE:
7315	2		SSL_get0_next_proto_negotiated(s, &data, &len);
7316	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7317
7318			void
7319			P_next_proto_last_status(s)
7320			const SSL *s
7321			PPCODE:
7322	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status"))));
7323
7324			#endif
7325
7326			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
7327
7328			#if !defined(OPENSSL_NO_TLSEXT)
7329
7330			int
7331			SSL_set_tlsext_status_type(SSL *ssl,int cmd)
7332
7333			long
7334			SSL_set_tlsext_status_ocsp_resp(ssl,staple)
7335			SSL * ssl
7336			PREINIT:
7337			char * p;
7338			STRLEN staplelen;
7339			INPUT:
7340			char * staple = SvPV( ST(1), staplelen);
7341			CODE:
7342			/* OpenSSL will free the memory */
7343	0		New(0, p, staplelen, char);
7344	0		memcpy(p, staple, staplelen);
7345	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p);
7346			OUTPUT:
7347			RETVAL
7348
7349			int
7350			SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef)
7351			SSL_CTX * ctx
7352			SV * callback
7353			SV * data
7354			CODE:
7355	0		RETVAL = 1;
7356	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
7357	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL);
7358	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL);
7359	0		SSL_CTX_set_tlsext_status_cb(ctx, NULL);
7360	0	0	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7361	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback));
7362	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data));
7363	0		SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke);
7364			} else {
7365	0		croak("argument must be code reference");
7366			}
7367			OUTPUT:
7368			RETVAL
7369
7370			int
7371			SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef)
7372			SSL * ssl
7373			SV * callback
7374			SV * data
7375			CODE:
7376	1		RETVAL = 1;
7377	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7378	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL);
7379	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL);
7380	0		SSL_set_session_ticket_ext_cb(ssl, NULL, NULL);
7381	1	50	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		50
7382	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback));
7383	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data));
7384	1		SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl);
7385			} else {
7386	0		croak("argument must be code reference");
7387			}
7388			OUTPUT:
7389			RETVAL
7390
7391			int
7392			SSL_set_session_ticket_ext(ssl,ticket)
7393			SSL *ssl
7394			PREINIT:
7395			unsigned char * p;
7396			STRLEN ticketlen;
7397			INPUT:
7398			unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen);
7399			CODE:
7400	1		RETVAL = 0;
7401	1	50	if (ticketlen > 0) {
7402	1		Newx(p, ticketlen, unsigned char);
7403	1	50	if (!p)
7404	0		croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n");
7405	1		memcpy(p, ticket, ticketlen);
7406	1		RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen);
7407	1		Safefree(p);
7408			}
7409			OUTPUT:
7410			RETVAL
7411
7412			#endif
7413
7414			OCSP_RESPONSE *
7415			d2i_OCSP_RESPONSE(pv)
7416			SV *pv
7417			CODE:
7418	0		RETVAL = NULL;
7419	0	0	if (SvPOK(pv)) {
7420			const unsigned char *p;
7421			STRLEN len;
7422	0	0	p = (unsigned char*)SvPV(pv,len);
7423	0		RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len);
7424			}
7425			OUTPUT:
7426			RETVAL
7427
7428			void
7429			i2d_OCSP_RESPONSE(r)
7430			OCSP_RESPONSE * r
7431			PPCODE:
7432			STRLEN len;
7433			unsigned char pc,pi;
7434	0	0	if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response");
7435	0		Newx(pc,len,unsigned char);
7436	0	0	if (!pc) croak("out of memory");
7437	0		pi = pc;
7438	0		i2d_OCSP_RESPONSE(r,&pi);
7439	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7440	0		Safefree(pc);
7441
7442			void
7443			OCSP_RESPONSE_free(r)
7444			OCSP_RESPONSE * r
7445
7446
7447			OCSP_REQUEST *
7448			d2i_OCSP_REQUEST(pv)
7449			SV *pv
7450			CODE:
7451	0		RETVAL = NULL;
7452	0	0	if (SvPOK(pv)) {
7453			const unsigned char *p;
7454			STRLEN len;
7455	0	0	p = (unsigned char*)SvPV(pv,len);
7456	0		RETVAL = d2i_OCSP_REQUEST(NULL,&p,len);
7457			}
7458			OUTPUT:
7459			RETVAL
7460
7461			void
7462			i2d_OCSP_REQUEST(r)
7463			OCSP_REQUEST * r
7464			PPCODE:
7465			STRLEN len;
7466			unsigned char pc,pi;
7467	0	0	if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request");
7468	0		Newx(pc,len,unsigned char);
7469	0	0	if (!pc) croak("out of memory");
7470	0		pi = pc;
7471	0		i2d_OCSP_REQUEST(r,&pi);
7472	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7473	0		Safefree(pc);
7474
7475
7476			void
7477			OCSP_REQUEST_free(r)
7478			OCSP_REQUEST * r
7479
7480
7481			const char *
7482			OCSP_response_status_str(long status)
7483
7484			long
7485			OCSP_response_status(OCSP_RESPONSE *r)
7486
7487			void
7488			SSL_OCSP_cert2ids(ssl,...)
7489			SSL *ssl
7490			PPCODE:
7491			SSL_CTX *ctx;
7492			X509_STORE *store;
7493			STACK_OF(X509) *chain;
7494			X509 cert,issuer;
7495			OCSP_CERTID *id;
7496			int i;
7497			STRLEN len;
7498			unsigned char *pi;
7499
7500	0	0	if (!ssl) croak("not a SSL object");
7501	0		ctx = SSL_get_SSL_CTX(ssl);
7502	0	0	if (!ctx) croak("invalid SSL object - no context");
7503	0		store = SSL_CTX_get_cert_store(ctx);
7504	0		chain = SSL_get_peer_cert_chain(ssl);
7505
7506	0	0	for(i=0;i
7507	0	0	cert = INT2PTR(X509*,SvIV(ST(i+1)));
7508	0	0	if (X509_check_issued(cert,cert) == X509_V_OK)
7509	0		croak("no OCSP request for self-signed certificate");
7510	0	0	if (!(issuer = find_issuer(cert,store,chain)))
7511	0		croak("cannot find issuer certificate");
7512	0		id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
7513	0		X509_free(issuer);
7514	0	0	if (!id)
7515	0		croak("out of memory for generating OCSP certid");
7516
7517	0		pi = NULL;
7518	0	0	if (!(len = i2d_OCSP_CERTID(id,&pi)))
7519	0		croak("OCSP certid has no length");
7520	0	0	XPUSHs(sv_2mortal(newSVpvn((char *)pi, len)));
7521
7522	0		OPENSSL_free(pi);
7523	0		OCSP_CERTID_free(id);
7524			}
7525
7526
7527			OCSP_REQUEST *
7528			OCSP_ids2req(...)
7529			CODE:
7530			OCSP_REQUEST *req;
7531			OCSP_CERTID *id;
7532			int i;
7533
7534	0		req = OCSP_REQUEST_new();
7535	0	0	if (!req) croak("out of memory");
7536	0		OCSP_request_add1_nonce(req,NULL,-1);
7537
7538	0	0	for(i=0;i
7539			STRLEN len;
7540	0	0	const unsigned char p = (unsigned char)SvPV(ST(i),len);
7541	0		id = d2i_OCSP_CERTID(NULL,&p,len);
7542	0	0	if (!id) {
7543	0		OCSP_REQUEST_free(req);
7544	0		croak("failed to get OCSP certid from string");
7545			}
7546	0		OCSP_request_add0_id(req,id);
7547			}
7548	0		RETVAL = req;
7549			OUTPUT:
7550			RETVAL
7551
7552
7553
7554			int
7555			SSL_OCSP_response_verify(ssl,rsp,svreq=NULL,flags=0)
7556			SSL *ssl
7557			OCSP_RESPONSE *rsp
7558			SV *svreq
7559			unsigned long flags
7560			PREINIT:
7561			SSL_CTX *ctx;
7562			X509_STORE *store;
7563			OCSP_BASICRESP *bsr;
7564	0		OCSP_REQUEST *req = NULL;
7565			int i;
7566			CODE:
7567	0	0	if (!ssl) croak("not a SSL object");
7568	0		ctx = SSL_get_SSL_CTX(ssl);
7569	0	0	if (!ctx) croak("invalid SSL object - no context");
7570
7571	0		bsr = OCSP_response_get1_basic(rsp);
7572	0	0	if (!bsr) croak("invalid OCSP response");
7573
7574			/* if we get a nonce it should match our nonce, if we get no nonce
7575			* it was probably pre-signed */
7576	0	0	if (svreq && SvOK(svreq) &&
		0
		0
		0
		0
7577	0	0	(req = INT2PTR(OCSP_REQUEST*,SvIV(svreq)))) {
7578	0		i = OCSP_check_nonce(req,bsr);
7579	0	0	if ( i <= 0 ) {
7580	0	0	if (i == -1) {
7581	0		TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
7582			} else {
7583	0		OCSP_BASICRESP_free(bsr);
7584	0		croak("nonce in OCSP response does not match request");
7585			}
7586			}
7587			}
7588
7589	0		RETVAL = 0;
7590	0	0	if ((store = SSL_CTX_get_cert_store(ctx))) {
7591			/* add the SSL uchain to the uchain of the OCSP basic response, this
7592			* looks like the easiest way to handle the case where the OCSP
7593			* response does not contain the chain up to the trusted root */
7594	0		STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
7595	0	0	for(i=0;i
7596	0		OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
7597			}
7598	0		TRACE(1,"run basic verify");
7599	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7600	0	0	if (chain && !RETVAL) {
		0
7601			/* some CAs don't add a certificate to their OCSP responses and
7602			* openssl does not include the trusted CA which signed the
7603			* lowest chain certificate when looking for the signer.
7604			* So find this CA ourself and retry verification. */
7605			X509 *issuer;
7606	0		X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
7607	0		ERR_clear_error(); /* clear error from last OCSP_basic_verify */
7608	0	0	if (last && (issuer = find_issuer(last,store,chain))) {
		0
7609	0		OCSP_basic_add1_cert(bsr, issuer);
7610	0		X509_free(issuer);
7611	0		TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
7612	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7613			}
7614			}
7615			}
7616	0		OCSP_BASICRESP_free(bsr);
7617			OUTPUT:
7618			RETVAL
7619
7620
7621			void
7622			OCSP_response_results(rsp,...)
7623			OCSP_RESPONSE *rsp
7624			PPCODE:
7625			OCSP_BASICRESP *bsr;
7626			int i,want_array;
7627	0		time_t nextupd = 0;
7628	0		time_t gmtoff = -1;
7629			int getall,sksn;
7630
7631	0		bsr = OCSP_response_get1_basic(rsp);
7632	0	0	if (!bsr) croak("invalid OCSP response");
7633
7634	0	0	want_array = (GIMME == G_ARRAY);
7635	0		getall = (items <= 1);
7636	0		sksn = OCSP_resp_count(bsr);
7637
7638	0	0	for(i=0; i < (getall ? sksn : items-1); i++) {
		0
7639	0		const char *error = NULL;
7640	0		OCSP_SINGLERESP *sir = NULL;
7641	0		OCSP_CERTID *certid = NULL;
7642	0		SV *idsv = NULL;
7643			int first, status, revocationReason;
7644			ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
7645
7646	0	0	if(getall) {
7647	0		sir = OCSP_resp_get0(bsr,i);
7648			} else {
7649			STRLEN len;
7650			const unsigned char *p;
7651
7652	0		idsv = ST(i+1);
7653	0	0	if (!SvOK(idsv)) croak("undefined certid in arguments");
		0
		0
7654	0	0	p = (unsigned char*)SvPV(idsv,len);
7655	0	0	if (!(certid = d2i_OCSP_CERTID(NULL,&p,len))) {
7656	0		error = "failed to get OCSP certid from string";
7657	0		goto end;
7658			}
7659	0		first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
7660	0	0	if (first >= 0)
7661	0		sir = OCSP_resp_get0(bsr,first);
7662			}
7663
7664	0	0	if (sir)
7665			{
7666			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7667			status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
7668			#else
7669	0		status = sir->certStatus->type;
7670	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED)
7671	0		revocationTime = sir->certStatus->value.revoked->revocationTime;
7672	0		thisupdate = sir->thisUpdate;
7673	0		nextupdate = sir->nextUpdate;
7674			#endif
7675	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7676	0		error = "certificate status is revoked";
7677	0	0	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
7678	0		error = "certificate status is unknown";
7679			}
7680	0	0	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
7681	0		error = "response not yet valid or expired";
7682			}
7683			} else {
7684	0		error = "cannot find entry for certificate in OCSP response";
7685			}
7686
7687			end:
7688	0	0	if (want_array) {
7689	0		AV *idav = newAV();
7690	0	0	if (!idsv) {
7691			/* getall: create new SV with OCSP_CERTID */
7692			unsigned char pi,pc;
7693			#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
7694			int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
7695			#else
7696	0		int len = i2d_OCSP_CERTID(sir->certId,NULL);
7697			#endif
7698	0	0	if(!len) continue;
7699	0		Newx(pc,len,unsigned char);
7700	0	0	if (!pc) croak("out of memory");
7701	0		pi = pc;
7702			#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
7703			i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
7704			#else
7705	0		i2d_OCSP_CERTID(sir->certId,&pi);
7706			#endif
7707	0		idsv = newSVpv((char*)pc,len);
7708	0		Safefree(pc);
7709			} else {
7710			/* reuse idsv from ST(..), but increment refcount */
7711	0		idsv = SvREFCNT_inc(idsv);
7712			}
7713	0		av_push(idav, idsv);
7714	0	0	av_push(idav, error ? newSVpv(error,0) : newSV(0));
7715	0	0	if (sir) {
7716	0		HV *details = newHV();
7717	0		av_push(idav,newRV_noinc((SV*)details));
7718	0		hv_store(details,"statusType",10,
7719			newSViv(status),0);
7720	0	0	if (nextupdate) hv_store(details,"nextUpdate",10,
7721			newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
7722	0	0	if (thisupdate) hv_store(details,"thisUpdate",10,
7723			newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
7724	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7725			#if OPENSSL_VERSION_NUMBER < 0x10100000L
7726	0		OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
7727	0		revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
7728			#endif
7729	0		hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
7730	0		hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
7731	0		hv_store(details,"revocationReason_str",20,newSVpv(
7732			OCSP_crl_reason_str(revocationReason),0),0);
7733			}
7734			}
7735	0	0	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
7736	0	0	} else if (!error) {
7737			/* compute lowest nextUpdate */
7738	0		time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
7739	0	0	if (!nextupd \|\| nextupd>nu) nextupd = nu;
		0
7740			}
7741
7742	0	0	if (certid) OCSP_CERTID_free(certid);
7743	0	0	if (error && !want_array) {
		0
7744	0		OCSP_BASICRESP_free(bsr);
7745	0		croak("%s", error);
7746			}
7747			}
7748	0		OCSP_BASICRESP_free(bsr);
7749	0	0	if (!want_array)
7750	0	0	XPUSHs(sv_2mortal(newSViv(nextupd)));
7751
7752
7753
7754			#endif
7755
7756			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
7757
7758			int
7759			SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
7760			SSL_CTX * ctx
7761			SV * callback
7762			SV * data
7763			CODE:
7764	1		RETVAL = 1;
7765	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7766	0		SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
7767	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7768	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL);
7769			PR1("SSL_CTX_set_alpn_select_cb - undef\n");
7770			}
7771	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7772			/* callback param array ref like ['proto1','proto2'] */
7773	1		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7774	1		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback));
7775	1		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7776			PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx);
7777			}
7778	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7779	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback));
7780	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data));
7781	0		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7782			PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx);
7783			}
7784			else {
7785	0		RETVAL = 0;
7786			}
7787			OUTPUT:
7788			RETVAL
7789
7790			int
7791			SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef)
7792			SSL_CTX * ctx
7793			SV * data
7794			PREINIT:
7795			unsigned char *alpn_data;
7796			unsigned char alpn_len;
7797
7798			CODE:
7799	1		RETVAL = -1;
7800
7801	1	50	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		50
7802	0		croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n");
7803	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7804	1		Newx(alpn_data, alpn_len, unsigned char);
7805	1	50	if (!alpn_data)
7806	0		croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n");
7807	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7808	1		RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len);
7809	1		Safefree(alpn_data);
7810
7811			OUTPUT:
7812			RETVAL
7813
7814			int
7815			SSL_set_alpn_protos(ssl,data=&PL_sv_undef)
7816			SSL * ssl
7817			SV * data
7818			PREINIT:
7819			unsigned char *alpn_data;
7820			unsigned char alpn_len;
7821
7822			CODE:
7823	0		RETVAL = -1;
7824
7825	0	0	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		0
7826	0		croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n");
7827	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7828	0		Newx(alpn_data, alpn_len, unsigned char);
7829	0	0	if (!alpn_data)
7830	0		croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n");
7831	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7832	0		RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len);
7833	0		Safefree(alpn_data);
7834
7835			OUTPUT:
7836			RETVAL
7837
7838			void
7839			P_alpn_selected(s)
7840			const SSL *s
7841			PREINIT:
7842			const unsigned char *data;
7843			unsigned int len;
7844			PPCODE:
7845	2		SSL_get0_alpn_selected(s, &data, &len);
7846	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7847
7848			#endif
7849
7850			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
7851
7852			void
7853			SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
7854			SSL * ssl
7855			int outlen
7856			SV * context
7857			PREINIT:
7858			unsigned char * out;
7859			STRLEN llen;
7860	15		STRLEN contextlen = 0;
7861	15		char *context_arg = NULL;
7862	15		int use_context = 0;
7863			int ret;
7864			INPUT:
7865			char * label = SvPV( ST(2), llen);
7866			PPCODE:
7867	15		Newx(out, outlen, unsigned char);
7868
7869	15	100	if (context != &PL_sv_undef) {
7870	9		use_context = 1;
7871	9	50	context_arg = SvPV( ST(3), contextlen);
7872			}
7873	15		ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context);
7874	15	50	PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0)));
7875	15	50	EXTEND(SP, 1);
7876	15		Safefree(out);
7877
7878			#endif
7879
7880			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
7881
7882			OSSL_LIB_CTX *
7883			OSSL_LIB_CTX_get0_global_default()
7884
7885
7886			OSSL_PROVIDER *
7887			OSSL_PROVIDER_load(SV libctx, const char name)
7888			CODE:
7889			OSSL_LIB_CTX *ctx = NULL;
7890			if (libctx != &PL_sv_undef)
7891			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
7892			RETVAL = OSSL_PROVIDER_load(ctx, name);
7893			if (RETVAL == NULL)
7894			XSRETURN_UNDEF;
7895			OUTPUT:
7896			RETVAL
7897
7898			OSSL_PROVIDER *
7899			OSSL_PROVIDER_try_load(SV libctx, const char name, int retain_fallbacks)
7900			CODE:
7901			OSSL_LIB_CTX *ctx = NULL;
7902			if (libctx != &PL_sv_undef)
7903			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
7904			RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
7905			if (RETVAL == NULL)
7906			XSRETURN_UNDEF;
7907			OUTPUT:
7908			RETVAL
7909
7910			int
7911			OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
7912
7913			int
7914			OSSL_PROVIDER_available(SV libctx, const char name)
7915			CODE:
7916			OSSL_LIB_CTX *ctx = NULL;
7917			if (libctx != &PL_sv_undef)
7918			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
7919			RETVAL = OSSL_PROVIDER_available(ctx, name);
7920			OUTPUT:
7921			RETVAL
7922
7923			int
7924			OSSL_PROVIDER_do_all(SV libctx, SV perl_cb, SV *perl_cbdata = &PL_sv_undef)
7925			PREINIT:
7926			simple_cb_data_t* cbdata = NULL;
7927			CODE:
7928			OSSL_LIB_CTX *ctx = NULL;
7929			if (libctx != &PL_sv_undef)
7930			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
7931
7932			/* setup our callback */
7933			cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
7934			RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
7935			simple_cb_data_free(cbdata);
7936			OUTPUT:
7937			RETVAL
7938
7939			const char *
7940			OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
7941
7942			int
7943			OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
7944
7945			#endif
7946
7947			#define REM_EOF "/* EOF - SSLeay.xs */"