File Coverage

SSLeay.xs

Criterion	Covered	Total	%
statement	1174	1913	61.3
branch	620	1806	34.3
condition			n/a
subroutine			n/a
pod			n/a
total	1794	3719	48.2

line	stmt	bran	code
1			/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
2			*
3			* Copyright (c) 1996-2003 Sampo Kellomäki
4			* Copyright (c) 2005-2010 Florian Ragwitz
5			* Copyright (c) 2005-2018 Mike McCauley
6			* Copyright (c) 2018- Chris Novakovic
7			* Copyright (c) 2018- Tuure Vartiainen
8			* Copyright (c) 2018- Heikki Vatiainen
9			*
10			* All rights reserved.
11			*
12			* Change data removed. See Changes
13			*
14			* This module is released under the terms of the Artistic License 2.0. For
15			* details, see the LICENSE file.
16			*/
17
18			/* ####
19			* #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! ####
20			* ####
21			*
22			* Function naming conventions:
23			*
24			* 1/ never change the already existing function names (all calling convention) in a way
25			* that may cause backward incompatibility (e.g. add ALIAS with old name if necessary)
26			*
27			* 2/ it is recommended to keep the original openssl function names for functions that are:
28			*
29			* 1:1 wrappers to the original openssl functions
30			* see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert)
31			*
32			* nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling
33			* see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf)
34			*
35			* 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix
36			* (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without
37			* "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions
38			*
39			* 4/ The names of functions which do not fit rule 2/ (which means they implement some non
40			* trivial code around original openssl function or do more complex tasks) should be
41			* prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime
42			*
43			* 5/ Exceptions from rules above:
44			* functions that are part or wider set of already existing function not following this rule
45			* for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want
46			* to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_")
47			*
48			* Support for different Perl versions, libssl implementations, platforms, and compilers:
49			*
50			* 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the
51			* "Prerequisites" section in the README file). The test suite must pass when run on any
52			* of those version combinations.
53			*
54			* 2/ Fix all compiler warnings - we expect 100% clean build
55			*
56			* 3/ If you add a function which is available since certain openssl version
57			* use proper #ifdefs to assure that SSLeay.xs will compile also with older versions
58			* which are missing this function
59			*
60			* 4/ Even warnings arising from different use of "const" in different openssl versions
61			* needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt
62			*
63			* 5/ avoid using global C variables (it is very likely to break thread-safetyness)
64			* use rather global MY_CXT structure
65			*
66			* 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must
67			* compile also on non-UNIX platforms like MS Windows and others
68			*
69			* 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler)
70			* even if your compiler can handle them without warnings
71			*
72			* Passing test suite:
73			*
74			* 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite
75			*
76			* 2/ it is strongly recommended to create test(s) for newly added function(s), especially
77			* when the new function is not only a 1:1 wrapper but contains a complex code
78			*
79			* 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod
80			* otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into
81			* your patch)
82			*
83			* Preferred code layout:
84			*
85			* 1/ for simple 1:1 XS wrappers use:
86			*
87			* a/ functions with short "signature" (short list of args):
88			*
89			* long
90			* SSL_set_tmp_dh(SSL ssl,DH dh)
91			*
92			* b/ functions with long "signature" (long list of args):
93			* simply when approach a/ does not fit to 120 columns
94			*
95			* void
96			* SSL_any_functions(library_flag,function_name,reason,file_name,line)
97			* int library_flag
98			* int function_name
99			* int reason
100			* char *file_name
101			* int line
102			*
103			* 2/ for XS functions with full implementation use identation like this:
104			*
105			* int
106			* RAND_bytes(buf, num)
107			* SV *buf
108			* int num
109			* PREINIT:
110			* int rc;
111			* unsigned char *random;
112			* CODE:
113			* / * some code here * /
114			* RETVAL = rc;
115			* OUTPUT:
116			* RETVAL
117			*
118			*
119			* Runtime debugging:
120			*
121			* with TRACE(level,fmt,...) you can output debug messages.
122			* it behaves the same as
123			* warn sprintf($msg,...) if $Net::SSLeay::trace>=$level
124			* would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable)
125			*
126			*
127			* THE LAST RULE:
128			*
129			* The fact that some parts of SSLeay.xs do not follow the rules above is not
130			* a reason why any new code can also break these rules in the same way
131			*
132			*/
133
134			/* Prevent warnings about strncpy from Windows compilers */
135			#define _CRT_SECURE_NO_DEPRECATE
136
137			/* Silence compound-token-split-by-macro warnings from perl.h when building for
138			* Perl < 5.35.2 with Clang >= 12 - see GH-383
139			*/
140			#if NET_SSLEAY_PERL_VERSION < 5035002 && defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 12
141			#pragma clang diagnostic ignored "-Wunknown-warning-option"
142			#pragma clang diagnostic ignored "-Wcompound-token-split-by-macro"
143			#pragma clang diagnostic warning "-Wunknown-warning-option"
144			#endif
145
146			#ifdef __cplusplus
147			extern "C" {
148			#endif
149			#include "EXTERN.h"
150			#include "perl.h"
151			#include "XSUB.h"
152			#include
153			#define NEED_my_snprintf
154			#include "ppport.h"
155			#ifdef __cplusplus
156			}
157			#endif
158
159			/* OpenSSL-0.9.3a has some strange warning about this in
160			* openssl/des.h
161			*/
162			#undef _
163
164			/* Sigh: openssl 1.0 has
165			typedef void *BLOCK;
166			which conflicts with perls
167			typedef struct block BLOCK;
168			*/
169			#define BLOCK OPENSSL_BLOCK
170			#include
171			#include
172			#include
173			#include
174			#include
175			#include
176			#ifndef OPENSSL_NO_COMP
177			#include /* openssl-0.9.6a forgets to include this */
178			#endif
179			#ifndef OPENSSL_NO_MD2
180			#include
181			#endif
182			#ifndef OPENSSL_NO_MD4
183			#include
184			#endif
185			#ifndef OPENSSL_NO_MD5
186			#include /* openssl-SNAP-20020227 does not automatically include this */
187			#endif
188			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
189			#include
190			#endif
191			#include
192			#include
193			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
194			/* requires 0.9.7+ */
195			#ifndef OPENSSL_NO_ENGINE
196			#include
197			#endif
198			#endif
199			#ifdef OPENSSL_FIPS
200			#include
201			#endif
202			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
203			#include
204			#endif
205			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
206			#include
207			#endif
208			#undef BLOCK
209
210			/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and
211			* related functions return uint64_t instead of long. For this reason
212			* constant() in constant.c and Net::SSLeay must also be able to
213			* return 64bit constants. However, this creates a problem with Perls
214			* that have only 32 bit integers. The define below helps with
215			* handling this API change.
216			*/
217			#if (OPENSSL_VERSION_NUMBER < 0x30000000L) \|\| defined(NET_SSLEAY_32BIT_INT_PERL)
218			#define NET_SSLEAY_32BIT_CONSTANTS
219			#endif
220
221			/* Debugging output - to enable use:
222			*
223			* perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
224			* make
225			*
226			*/
227
228			#ifdef SHOW_XS_DEBUG
229			#define PR1(s) fprintf(stderr,s);
230			#define PR2(s,t) fprintf(stderr,s,t);
231			#define PR3(s,t,u) fprintf(stderr,s,t,u);
232			#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v);
233			#else
234			#define PR1(s)
235			#define PR2(s,t)
236			#define PR3(s,t,u)
237			#define PR4(s,t,u,v)
238			#endif
239
240	1		static void TRACE(int level,char *msg,...) {
241			va_list args;
242	1		SV *trace = get_sv("Net::SSLeay::trace",0);
243	1	50	if (trace && SvIOK(trace) && SvIV(trace)>=level) {
		50
		50
		50
244			char buf[4096];
245	0		va_start(args,msg);
246	0		vsnprintf(buf,4095,msg,args);
247	0		warn("%s",buf);
248	0		va_end(args);
249			}
250	1		}
251
252			#include "constants.c"
253
254			/* ============= thread-safety related stuff ============== */
255
256			#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION
257
258			typedef struct {
259			HV* global_cb_data;
260			UV tid;
261			} my_cxt_t;
262			START_MY_CXT
263
264			#ifdef USE_ITHREADS
265			static perl_mutex LIB_init_mutex;
266			#if OPENSSL_VERSION_NUMBER < 0x10100000L
267			static perl_mutex *GLOBAL_openssl_mutex = NULL;
268			#endif
269			#endif
270			static int LIB_initialized;
271
272	54		UV get_my_thread_id(void) /* returns threads->tid() value */
273			{
274	54		dSP;
275	54		UV tid = 0;
276			#ifdef USE_ITHREADS
277			int count = 0;
278
279			ENTER;
280			SAVETMPS;
281			PUSHMARK(SP);
282			XPUSHs(sv_2mortal(newSVpv("threads", 0)));
283			PUTBACK;
284			count = call_method("tid", G_SCALAR\|G_EVAL);
285			SPAGAIN;
286			/* Caution: recent perls do not appear support threads->tid() */
287			if (SvTRUE(ERRSV) \|\| count != 1)
288			{
289			/* if compatible threads not loaded or an error occurs return 0 */
290			tid = 0;
291			}
292			else
293			tid = (UV)POPi;
294			PUTBACK;
295			FREETMPS;
296			LEAVE;
297			#endif
298
299	54		return tid;
300			}
301
302			/* IMPORTANT NOTE:
303			* openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html
304			* we implement both static and dynamic locking as described on URL above
305			* locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer
306			* we intentionally do not implement cleanup of openssl's threading as it causes troubles
307			* with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay
308			*/
309			#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
310
311
312			#if OPENSSL_VERSION_NUMBER < 0x10100000L
313			static void openssl_locking_function(int mode, int type, const char *file, int line)
314			{
315			PR3("openssl_locking_function %d %d\n", mode, type);
316
317			if (!GLOBAL_openssl_mutex) return;
318			if (mode & CRYPTO_LOCK)
319			MUTEX_LOCK(&GLOBAL_openssl_mutex[type]);
320			else
321			MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]);
322			}
323
324			#if OPENSSL_VERSION_NUMBER < 0x10000000L
325			static unsigned long openssl_threadid_func(void)
326			{
327			dMY_CXT;
328			return (unsigned long)(MY_CXT.tid);
329			}
330			#else
331			void openssl_threadid_func(CRYPTO_THREADID *id)
332			{
333			dMY_CXT;
334			CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid));
335			}
336			#endif
337
338			struct CRYPTO_dynlock_value
339			{
340			perl_mutex mutex;
341			};
342
343			struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line)
344			{
345			struct CRYPTO_dynlock_value *retval;
346			New(0, retval, 1, struct CRYPTO_dynlock_value);
347			if (!retval) return NULL;
348			MUTEX_INIT(&retval->mutex);
349			return retval;
350			}
351
352			void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value l, const char file, int line)
353			{
354			if (!l) return;
355			if (mode & CRYPTO_LOCK)
356			MUTEX_LOCK(&l->mutex);
357			else
358			MUTEX_UNLOCK(&l->mutex);
359			}
360
361			void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value l, const char file, int line)
362			{
363			if (!l) return;
364			MUTEX_DESTROY(&l->mutex);
365			Safefree(l);
366			}
367			#endif
368
369			void openssl_threads_init(void)
370			{
371			int i;
372
373			PR1("STARTED: openssl_threads_init\n");
374
375			#if OPENSSL_VERSION_NUMBER < 0x10100000L
376			/* initialize static locking */
377			if ( !CRYPTO_get_locking_callback() ) {
378			#if OPENSSL_VERSION_NUMBER < 0x10000000L
379			if ( !CRYPTO_get_id_callback() ) {
380			#else
381			if ( !CRYPTO_THREADID_get_callback() ) {
382			#endif
383			PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks());
384			New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex);
385			if (!GLOBAL_openssl_mutex) return;
386			for (i=0; i
387			CRYPTO_set_locking_callback((void ()(int,int,const char ,int))openssl_locking_function);
388
389			#ifndef WIN32
390			/* no need for threadid_func() on Win32 */
391			#if OPENSSL_VERSION_NUMBER < 0x10000000L
392			CRYPTO_set_id_callback(openssl_threadid_func);
393			#else
394			CRYPTO_THREADID_set_callback(openssl_threadid_func);
395			#endif
396			#endif
397			}
398			}
399
400			/* initialize dynamic locking */
401			if ( !CRYPTO_get_dynlock_create_callback() &&
402			!CRYPTO_get_dynlock_lock_callback() &&
403			!CRYPTO_get_dynlock_destroy_callback() ) {
404			PR1("openssl_threads_init dynamic locking\n");
405			CRYPTO_set_dynlock_create_callback(openssl_dynlocking_create_function);
406			CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
407			CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
408			}
409			#endif
410			}
411
412			#endif
413
414			/* ============= typedefs to agument TYPEMAP ============== */
415
416			typedef void callback_no_ret(void);
417			typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
418			typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
419
420			typedef STACK_OF(X509_NAME) X509_NAME_STACK;
421
422			typedef int perl_filehandle_t;
423
424			/* ======= special handler used by EVP_MD_do_all_sorted ======= */
425
426			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
427	89		static void handler_list_md_fn(const EVP_MD m, const char from, const char to, void arg)
428			{
429			/* taken from apps/dgst.c */
430			const char *mname;
431	89	100	if (!m) return; /* Skip aliases */
432	39		mname = OBJ_nid2ln(EVP_MD_type(m));
433	39	100	if (strcmp(from, mname)) return; /* Skip shortnames */
434			#if OPENSSL_VERSION_NUMBER < 0x10100000L
435	21	100	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
436			#endif
437	16	50	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
438	16		av_push(arg, newSVpv(mname,0));
439			}
440			#endif
441
442			/* ============= callbacks - basic info =============
443			*
444			* PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!!
445			*
446			* There are basically 2 types of callbacks used in SSLeay:
447			*
448			* 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS.
449			* These callbacks use a special C structure simple_cb_data_t to pass necessary data.
450			* There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free()
451			* For example see implementation of these functions:
452			* - RSA_generate_key
453			* - PEM_read_bio_PrivateKey
454			*
455			* 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These
456			* callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time.
457			* There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating
458			* global hash MY_CXT.global_cb_data which work like this:
459			* cb_data_advanced_put(, "data_name", dataSV)
460			* >>>
461			* global_cb_data->{"ptr_"}->{"data_name"} = dataSV)
462			* or
463			* data = cb_data_advanced_get(, "data_name")
464			* >>>
465			* my $data = global_cb_data->{"ptr_"}->{"data_name"}
466			* For example see implementation of these functions:
467			* - SSL_CTX_set_verify
468			* - SSL_set_verify
469			* - SSL_CTX_set_cert_verify_callback
470			* - SSL_CTX_set_default_passwd_cb
471			* - SSL_CTX_set_default_passwd_cb_userdata
472			* - SSL_set_session_secret_cb
473			*
474			* If you want to add a new callback:
475			* - you very likely need a new function "your_callback_name_invoke()"
476			* - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions)
477			* - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before)
478			*
479			*/
480
481			/* ============= callback stuff - generic functions============== */
482
483			struct _ssleay_cb_t {
484			SV* func;
485			SV* data;
486			};
487			typedef struct _ssleay_cb_t simple_cb_data_t;
488
489	10		simple_cb_data_t* simple_cb_data_new(SV* func, SV* data)
490			{
491			simple_cb_data_t* cb;
492	10		New(0, cb, 1, simple_cb_data_t);
493	10	50	if (cb) {
494	10		SvREFCNT_inc(func);
495	10		SvREFCNT_inc(data);
496	10		cb->func = func;
497	10	100	cb->data = (data == &PL_sv_undef) ? NULL : data;
498			}
499	10		return cb;
500			}
501
502	9		void simple_cb_data_free(simple_cb_data_t* cb)
503			{
504	9	50	if (cb) {
505	9	50	if (cb->func) {
506	9		SvREFCNT_dec(cb->func);
507	9		cb->func = NULL;
508			}
509	9	100	if (cb->data) {
510	1		SvREFCNT_dec(cb->data);
511	1		cb->data = NULL;
512			}
513			}
514	9		Safefree(cb);
515	9		}
516
517	353		int cb_data_advanced_put(const void ptr, const char data_name, SV* data)
518			{
519			HV * L2HV;
520			SV ** svtmp;
521			int len;
522			char key_name[500];
523			dMY_CXT;
524
525	353	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
526	353	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
527
528			/* get or create level-2 hash */
529	353		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
530	353	100	if (svtmp == NULL) {
531	178		L2HV = newHV();
532	178		hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0);
533			}
534			else {
535	175	50	if (!SvOK(svtmp) \|\| !SvROK(svtmp)) return 0;
		0
		0
		50
536			#if defined(MUTABLE_PTR)
537	175		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
538			#else
539			L2HV = (HV)(SvRV(svtmp));
540			#endif
541			}
542
543			/* first delete already stored value */
544	353		hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD);
545	353	100	if (data!=NULL) {
546	344	100	if (SvOK(data))
		50
		50
547	194		hv_store(L2HV, data_name, strlen(data_name), data, 0);
548			else
549			/* we're not storing data so discard it */
550	150		SvREFCNT_dec(data);
551			}
552
553	353		return 1;
554			}
555
556	1113		SV* cb_data_advanced_get(const void ptr, const char data_name)
557			{
558			HV * L2HV;
559			SV ** svtmp;
560			int len;
561			char key_name[500];
562			dMY_CXT;
563
564	1113	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
565	1113	50	if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/
566
567			/* get level-2 hash */
568	1113		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
569	1113	100	if (svtmp == NULL) return &PL_sv_undef;
570	1110	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
571	1110	50	if (!SvROK(*svtmp)) return &PL_sv_undef;
572			#if defined(MUTABLE_PTR)
573	1110		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
574			#else
575			L2HV = (HV)(SvRV(svtmp));
576			#endif
577
578			/* get stored data */
579	1110		svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0);
580	1110	100	if (svtmp == NULL) return &PL_sv_undef;
581	630	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
582
583	1113		return *svtmp;
584			}
585
586	350		int cb_data_advanced_drop(const void *ptr)
587			{
588			int len;
589			char key_name[500];
590			dMY_CXT;
591
592	350	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
593	350	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
594
595	350		hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD);
596	350		return 1;
597			}
598
599			/* ============= callback stuff - invoke functions ============== */
600
601	21		static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store)
602			{
603	21		dSP;
604			SSL* ssl;
605	21		int count = -1, res;
606			SV *cb_func;
607
608			PR1("STARTED: ssleay_verify_callback_invoke\n");
609	21		ssl = X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx());
610	21		cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func");
611
612	21	100	if (!SvOK(cb_func)) {
		50
		50
613	3		SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
614	3		cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func");
615			}
616
617	21	50	if (!SvOK(cb_func))
		0
		0
618	0		croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n");
619
620	21		ENTER;
621	21		SAVETMPS;
622
623			PR2("verify callback glue ok=%d\n", ok);
624
625	21	50	PUSHMARK(sp);
626	21	50	EXTEND( sp, 2 );
627	21		PUSHs( sv_2mortal(newSViv(ok)) );
628	21		PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) );
629	21		PUTBACK;
630
631			PR1("About to call verify callback.\n");
632	21		count = call_sv(cb_func, G_SCALAR);
633			PR1("Returned from verify callback.\n");
634
635	21		SPAGAIN;
636
637	21	50	if (count != 1)
638	0		croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n");
639
640	21	50	res = POPi;
641
642	21		PUTBACK;
643	21	50	FREETMPS;
644	21		LEAVE;
645
646	21		return res;
647			}
648
649	5		static int ssleay_ctx_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
650			{
651	5		dSP;
652	5		int count = -1;
653			char *res;
654			SV cb_func, cb_data;
655
656			PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n");
657	5		cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func");
658	5		cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data");
659
660	5	50	if(!SvOK(cb_func))
		0
		0
661	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
662
663	5		ENTER;
664	5		SAVETMPS;
665
666	5	50	PUSHMARK(sp);
667	5	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
668	5	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
669	5		PUTBACK;
670
671	5		count = call_sv( cb_func, G_SCALAR );
672
673	5		SPAGAIN;
674
675	5	50	if (count != 1)
676	0		croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n");
677
678	5	50	res = POPp;
679
680	5	50	if (res == NULL) {
681	0		*buf = '\0';
682			} else {
683	5		strncpy(buf, res, size);
684	5		buf[size - 1] = '\0';
685			}
686
687	5		PUTBACK;
688	5	50	FREETMPS;
689	5		LEAVE;
690
691	5		return strlen(buf);
692			}
693
694			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */
695			#ifndef LIBRESSL_VERSION_NUMBER
696			#ifndef OPENSSL_IS_BORINGSSL
697			static int ssleay_ssl_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
698			{
699			dSP;
700			int count = -1;
701			char *res;
702			SV cb_func, cb_data;
703
704			PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n");
705			cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func");
706			cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data");
707
708			if(!SvOK(cb_func))
709			croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n");
710
711			ENTER;
712			SAVETMPS;
713
714			PUSHMARK(sp);
715			XPUSHs(sv_2mortal(newSViv(rwflag)));
716			XPUSHs(sv_2mortal(newSVsv(cb_data)));
717			PUTBACK;
718
719			count = call_sv( cb_func, G_SCALAR );
720
721			SPAGAIN;
722
723			if (count != 1)
724			croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n");
725
726			res = POPp;
727
728			if (res == NULL) {
729			*buf = '\0';
730			} else {
731			strncpy(buf, res, size);
732			buf[size - 1] = '\0';
733			}
734
735			PUTBACK;
736			FREETMPS;
737			LEAVE;
738
739			return strlen(buf);
740			}
741			#endif /* !BoringSSL */
742			#endif /* !LibreSSL */
743			#endif /* >= 1.1.0f */
744
745	1		int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data)
746			{
747	1		dSP;
748	1		int count = -1;
749			int res;
750			SV * cb_func, *cb_data;
751			void *ptr;
752			SSL *ssl;
753
754			PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n");
755			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
756			ssl = X509_STORE_CTX_get_ex_data(x509_store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
757			ptr = (void*) SSL_get_SSL_CTX(ssl);
758			#else
759	1		ssl = NULL;
760	1		ptr = (void*) data;
761			#endif
762
763	1		cb_func = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!func");
764	1		cb_data = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!data");
765
766	1	50	if(!SvOK(cb_func))
		0
		0
767	0		croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n");
768
769	1		ENTER;
770	1		SAVETMPS;
771
772	1	50	PUSHMARK(SP);
773	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx))));
774	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
775	1		PUTBACK;
776
777	1		count = call_sv(cb_func, G_SCALAR);
778
779	1		SPAGAIN;
780
781	1	50	if (count != 1)
782	0		croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n");
783
784	1	50	res = POPi;
785
786	1		PUTBACK;
787	1	50	FREETMPS;
788	1		LEAVE;
789
790	1		return res;
791			}
792
793			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
794
795	0		int tlsext_servername_callback_invoke(SSL ssl, int ad, void *arg)
796			{
797	0		dSP;
798	0		int count = -1;
799			int res;
800			SV * cb_func, *cb_data;
801
802			PR1("STARTED: tlsext_servername_callback_invoke\n");
803
804	0		cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func");
805	0		cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data");
806
807	0	0	if(!SvOK(cb_func))
		0
		0
808	0		croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n");
809
810	0		ENTER;
811	0		SAVETMPS;
812
813	0	0	PUSHMARK(SP);
814	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
815	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
816	0		PUTBACK;
817
818	0		count = call_sv(cb_func, G_SCALAR);
819
820	0		SPAGAIN;
821
822	0	0	if (count != 1)
823	0		croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n");
824
825	0	0	res = POPi;
826
827	0		PUTBACK;
828	0	0	FREETMPS;
829	0		LEAVE;
830
831	0		return res;
832			}
833
834			#endif
835
836			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT)
837
838	0		int tlsext_status_cb_invoke(SSL ssl, void arg)
839			{
840	0		dSP;
841			SV cb_func, cb_data;
842	0		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
843	0		int len,res,nres = -1;
844	0		const unsigned char *p = NULL;
845	0		OCSP_RESPONSE *ocsp_response = NULL;
846
847	0		cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func");
848	0		cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data");
849
850	0	0	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		0
851	0		croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n");
852
853	0		len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
854	0	0	if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len);
855
856	0		ENTER;
857	0		SAVETMPS;
858
859	0	0	PUSHMARK(SP);
860	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
861	0		PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) );
862	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
863	0		PUTBACK;
864
865	0		nres = call_sv(cb_func, G_SCALAR);
866	0	0	if (ocsp_response) OCSP_RESPONSE_free(ocsp_response);
867
868	0		SPAGAIN;
869
870	0	0	if (nres != 1)
871	0		croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n");
872
873	0	0	res = POPi;
874
875	0		PUTBACK;
876	0	0	FREETMPS;
877	0		LEAVE;
878
879	0		return res;
880			}
881
882	1		int session_ticket_ext_cb_invoke(SSL ssl, const unsigned char data, int len, void *arg)
883			{
884	1		dSP;
885			SV cb_func, cb_data;
886	1		int res,nres = -1;
887
888	1		cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func");
889	1		cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data");
890
891	1	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
892	0		croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n");
893
894	1		ENTER;
895	1		SAVETMPS;
896
897	1	50	PUSHMARK(SP);
898	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
899	1	50	XPUSHs(sv_2mortal(newSVpvn((const char *)data, len)));
900	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
901	1		PUTBACK;
902
903	1		nres = call_sv(cb_func, G_SCALAR);
904
905	1		SPAGAIN;
906
907	1	50	if (nres != 1)
908	0		croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n");
909
910	1	50	res = POPi;
911
912	1		PUTBACK;
913	1	50	FREETMPS;
914	1		LEAVE;
915
916	1		return res;
917			}
918
919			#endif
920
921			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
922
923	0		int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
924			STACK_OF(SSL_CIPHER) *peer_ciphers,
925			const SSL_CIPHER *cipher, void arg)
926			{
927	0		dSP;
928	0		int count = -1, res, i;
929	0		AV *ciphers = newAV();
930	0		SV *pref_cipher = sv_newmortal();
931			SV * cb_func, *cb_data;
932			SV * secretsv;
933
934			PR1("STARTED: ssleay_session_secret_cb_invoke\n");
935	0		cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
936	0		cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data");
937
938	0	0	if(!SvOK(cb_func))
		0
		0
939	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
940
941	0		ENTER;
942	0		SAVETMPS;
943
944	0	0	PUSHMARK(SP);
945	0		secretsv = sv_2mortal( newSVpv(secret, *secret_len));
946	0	0	XPUSHs(secretsv);
947	0	0	for (i=0; i
948	0		const SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
949	0		av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
950			}
951	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)ciphers)));
952	0	0	XPUSHs(sv_2mortal(newRV_inc(pref_cipher)));
953	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
954
955	0		PUTBACK;
956
957	0		count = call_sv( cb_func, G_SCALAR );
958
959	0		SPAGAIN;
960
961	0	0	if (count != 1)
962	0		croak ("Net::SSLeay: ssleay_session_secret_cb_invoke perl function did not return a scalar.\n");
963
964	0	0	res = POPi;
965	0	0	if (res) {
966			/* See if there is a preferred cipher selected, if so it is an index into the stack */
967	0	0	if (SvIOK(pref_cipher))
968	0	0	*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
969
970			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
971			{
972			/* Use any new master secret set by the callback function in secret */
973			STRLEN newsecretlen;
974			char* newsecretdata = SvPV(secretsv, newsecretlen);
975			if (secret_len < 0 \|\| newsecretlen > (STRLEN)secret_len)
976			croak("Net::SSLeay: ssleay_session_secret_cb_invoke perl function returned too long secret: %ld > %ld.\n", (long)newsecretlen, (long)*secret_len);
977			memcpy(secret, newsecretdata, newsecretlen);
978			*secret_len = newsecretlen;
979			}
980			#endif
981			}
982
983	0		PUTBACK;
984	0	0	FREETMPS;
985	0		LEAVE;
986
987	0		return res;
988			}
989
990			#endif
991
992			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK)
993			#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
994
995	0		unsigned int ssleay_set_psk_client_callback_invoke(SSL ssl, const char hint,
996			char *identity, unsigned int max_identity_len,
997			unsigned char *psk, unsigned int max_psk_len)
998			{
999	0		dSP;
1000	0		int count = -1;
1001			char identity_val, psk_val;
1002	0		unsigned int psk_len = 0;
1003	0		BIGNUM *psk_bn = NULL;
1004			SV * cb_func;
1005			SV * hintsv;
1006			/* this n_a is required for building with old perls: */
1007			STRLEN n_a;
1008
1009			PR1("STARTED: ssleay_set_psk_client_callback_invoke\n");
1010	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func");
1011
1012	0	0	if(!SvOK(cb_func))
		0
		0
1013	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1014
1015	0		ENTER;
1016	0		SAVETMPS;
1017
1018	0	0	PUSHMARK(SP);
1019	0	0	if (hint != NULL) {
1020	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1021	0	0	XPUSHs(hintsv);
1022			}
1023
1024	0		PUTBACK;
1025
1026	0		count = call_sv( cb_func, G_LIST );
1027
1028	0		SPAGAIN;
1029
1030	0	0	if (count != 2)
1031	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1032
1033	0	0	psk_val = POPpx;
1034	0	0	identity_val = POPpx;
1035
1036	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1037
1038	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1039	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1040	0		psk_len = BN_bn2bin(psk_bn, psk);
1041			}
1042	0		BN_free(psk_bn);
1043			}
1044
1045	0		PUTBACK;
1046	0	0	FREETMPS;
1047	0		LEAVE;
1048
1049	0		return psk_len;
1050			}
1051
1052	0		unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL ssl, const char hint,
1053			char *identity, unsigned int max_identity_len,
1054			unsigned char *psk, unsigned int max_psk_len)
1055			{
1056	0		dSP;
1057			SSL_CTX *ctx;
1058	0		int count = -1;
1059			char identity_val, psk_val;
1060	0		unsigned int psk_len = 0;
1061	0		BIGNUM *psk_bn = NULL;
1062			SV * cb_func;
1063			SV * hintsv;
1064			/* this n_a is required for building with old perls: */
1065			STRLEN n_a;
1066
1067	0		ctx = SSL_get_SSL_CTX(ssl);
1068
1069			PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n");
1070	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func");
1071
1072	0	0	if(!SvOK(cb_func))
		0
		0
1073	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1074
1075	0		ENTER;
1076	0		SAVETMPS;
1077
1078	0	0	PUSHMARK(SP);
1079	0	0	if (hint != NULL) {
1080	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1081	0	0	XPUSHs(hintsv);
1082			}
1083
1084	0		PUTBACK;
1085
1086	0		count = call_sv( cb_func, G_LIST );
1087
1088	0		SPAGAIN;
1089
1090	0	0	if (count != 2)
1091	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1092
1093	0	0	psk_val = POPpx;
1094	0	0	identity_val = POPpx;
1095
1096	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1097
1098	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1099	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1100	0		psk_len = BN_bn2bin(psk_bn, psk);
1101			}
1102	0		BN_free(psk_bn);
1103			}
1104
1105	0		PUTBACK;
1106	0	0	FREETMPS;
1107	0		LEAVE;
1108
1109	0		return psk_len;
1110			}
1111
1112			#endif
1113
1114			#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) \|\| (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT))
1115
1116	8		int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
1117			{
1118	8		int i, last_index, ptr = 0;
1119	8		last_index = av_len(list);
1120	8	50	if (last_index<0) return 0;
1121	24	100	for(i=0; i<=last_index; i++) {
1122	16	50	char p = SvPV_nolen(av_fetch(list, i, 0));
1123	16		size_t len = strlen(p);
1124	16	50	if (len>255) return 0;
1125	16	100	if (out) {
1126			/* if out == NULL we only calculate the length of output */
1127	8		out[ptr] = (unsigned char)len;
1128	8		strncpy((char*)out+ptr+1, p, len);
1129			}
1130	16		ptr += strlen(p) + 1;
1131			}
1132	8		return ptr;
1133			}
1134
1135	0		int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen)
1136			{
1137	0		unsigned int i = 0;
1138			unsigned char il;
1139	0	0	if (!list \|\| inlen<2) return 0;
		0
1140	0	0	while (i
1141	0		il = in[i++];
1142	0	0	if (i+il > inlen) return 0;
1143	0		av_push(list, newSVpv((const char*)in+i, il));
1144	0		i += il;
1145			}
1146	0		return 1;
1147			}
1148
1149			#endif
1150
1151			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
1152
1153	1		int next_proto_select_cb_invoke(SSL ssl, unsigned char out, unsigned char outlen,
1154			const unsigned char in, unsigned int inlen, void arg)
1155			{
1156			SV cb_func, cb_data;
1157			unsigned char *next_proto_data;
1158			size_t next_proto_len;
1159			int next_proto_status;
1160	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1161			/* this n_a is required for building with old perls: */
1162			STRLEN n_a;
1163
1164			PR1("STARTED: next_proto_select_cb_invoke\n");
1165	1		cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func");
1166	1		cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data");
1167			/* clear last_status value = store undef */
1168	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL);
1169	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL);
1170
1171	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1172	0		int count = -1;
1173	0		AV *list = newAV();
1174			SV *tmpsv;
1175	0		dSP;
1176
1177	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1178
1179	0		ENTER;
1180	0		SAVETMPS;
1181	0	0	PUSHMARK(SP);
1182	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1183	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1184	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1185	0		PUTBACK;
1186	0		count = call_sv( cb_func, G_LIST );
1187	0		SPAGAIN;
1188	0	0	if (count != 2)
1189	0		croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n");
1190	0	0	next_proto_data = (unsigned char*)POPpx;
1191	0	0	next_proto_status = POPi;
1192
1193	0		next_proto_len = strlen((const char*)next_proto_data);
1194	0	0	if (next_proto_len<=255) {
1195			/* store last_status + last_negotiated into global hash */
1196	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1197	0		tmpsv = newSVpv((const char*)next_proto_data, next_proto_len);
1198	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv);
1199	0		out = (unsigned char )SvPVX(tmpsv);
1200	0		*outlen = next_proto_len;
1201			}
1202
1203	0		PUTBACK;
1204	0	0	FREETMPS;
1205	0		LEAVE;
1206
1207	0	0	return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK;
1208			}
1209	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1210	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1211	1		Newx(next_proto_data, next_proto_len, unsigned char);
1212	1	50	if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1213	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data);
1214
1215	1		next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len);
1216	1		Safefree(next_proto_data);
1217	1	50	if (next_proto_status != OPENSSL_NPN_NEGOTIATED) {
1218	0		outlen = in;
1219	0		out = (unsigned char )in+1;
1220			}
1221
1222			/* store last_status + last_negotiated into global hash */
1223	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1224	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char)out, *outlen));
1225	1		return SSL_TLSEXT_ERR_OK;
1226			}
1227	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1228			}
1229
1230	1		int next_protos_advertised_cb_invoke(SSL ssl, const unsigned char out, unsigned int outlen, void *arg_unused)
1231			{
1232			SV cb_func, cb_data;
1233	1		unsigned char *protodata = NULL;
1234	1		unsigned short protodata_len = 0;
1235			SV *tmpsv;
1236			AV *tmpav;
1237	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1238
1239			PR1("STARTED: next_protos_advertised_cb_invoke");
1240	1		cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func");
1241	1		cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data");
1242
1243	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1244	0		int count = -1;
1245	0		dSP;
1246	0		ENTER;
1247	0		SAVETMPS;
1248	0	0	PUSHMARK(SP);
1249	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1250	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1251	0		PUTBACK;
1252	0		count = call_sv( cb_func, G_SCALAR );
1253	0		SPAGAIN;
1254	0	0	if (count != 1)
1255	0		croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n");
1256	0		tmpsv = POPs;
1257	0	0	if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) {
		0
		0
		0
		0
1258	0		tmpav = (AV*)SvRV(tmpsv);
1259	0		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1260	0		Newx(protodata, protodata_len, unsigned char);
1261	0	0	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1262			}
1263	0		PUTBACK;
1264	0	0	FREETMPS;
1265	0		LEAVE;
1266			}
1267	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1268	1		tmpav = (AV*)SvRV(cb_data);
1269	1		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1270	1		Newx(protodata, protodata_len, unsigned char);
1271	1	50	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1272			}
1273	1	50	if (protodata) {
1274	1		tmpsv = newSVpv((const char*)protodata, protodata_len);
1275	1		Safefree(protodata);
1276	1		cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv);
1277	1		out = (unsigned char )SvPVX(tmpsv);
1278	1		*outlen = protodata_len;
1279	1		return SSL_TLSEXT_ERR_OK;
1280			}
1281	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1282			}
1283
1284			#endif
1285
1286			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
1287
1288	1		int alpn_select_cb_invoke(SSL ssl, const unsigned char out, unsigned char outlen,
1289			const unsigned char in, unsigned int inlen, void arg)
1290			{
1291			SV cb_func, cb_data;
1292			unsigned char *alpn_data;
1293			size_t alpn_len;
1294	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1295
1296			PR1("STARTED: alpn_select_cb_invoke\n");
1297	1		cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func");
1298	1		cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data");
1299
1300	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1301	0		int count = -1;
1302	0		AV *list = newAV();
1303			SV *tmpsv;
1304			SV *alpn_data_sv;
1305	0		dSP;
1306
1307	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1308
1309	0		ENTER;
1310	0		SAVETMPS;
1311	0	0	PUSHMARK(SP);
1312	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1313	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1314	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1315	0		PUTBACK;
1316	0		count = call_sv( cb_func, G_LIST );
1317	0		SPAGAIN;
1318	0	0	if (count != 1)
1319	0		croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n");
1320	0		alpn_data_sv = POPs;
1321	0	0	if (SvOK(alpn_data_sv)) {
		0
		0
1322	0	0	alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv);
1323	0		alpn_len = strlen((const char*)alpn_data);
1324	0	0	if (alpn_len <= 255) {
1325	0		tmpsv = newSVpv((const char*)alpn_data, alpn_len);
1326	0		out = (unsigned char )SvPVX(tmpsv);
1327	0		*outlen = alpn_len;
1328			}
1329			} else {
1330	0		alpn_data = NULL;
1331	0		alpn_len = 0;
1332			}
1333	0		PUTBACK;
1334	0	0	FREETMPS;
1335	0		LEAVE;
1336
1337	0	0	if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL;
1338	0	0	return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1339			}
1340	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1341			int status;
1342
1343	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1344	1		Newx(alpn_data, alpn_len, unsigned char);
1345	1	50	if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1346	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data);
1347
1348			/* This is the same function that is used for NPN. */
1349	1		status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len);
1350	1		Safefree(alpn_data);
1351	1	50	if (status != OPENSSL_NPN_NEGOTIATED) {
1352	0		outlen = in;
1353	0		*out = in+1;
1354			}
1355	1	50	return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1356			}
1357	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1358			}
1359
1360			#endif
1361
1362	2		int pem_password_cb_invoke(char buf, int bufsize, int rwflag, void data) {
1363	2		dSP;
1364			char *str;
1365	2		int count = -1;
1366	2		size_t str_len = 0;
1367	2		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1368			/* this n_a is required for building with old perls: */
1369			STRLEN n_a;
1370
1371			PR1("STARTED: pem_password_cb_invoke\n");
1372	2	50	if (cb->func && SvOK(cb->func)) {
		50
		0
		0
1373	2		ENTER;
1374	2		SAVETMPS;
1375
1376	2	50	PUSHMARK(sp);
1377
1378	2	50	XPUSHs(sv_2mortal( newSViv(bufsize-1) ));
1379	2	50	XPUSHs(sv_2mortal( newSViv(rwflag) ));
1380	2	50	if (cb->data) XPUSHs( cb->data );
		0
1381
1382	2		PUTBACK;
1383
1384	2		count = call_sv( cb->func, G_SCALAR );
1385
1386	2		SPAGAIN;
1387
1388	2		buf[0] = 0; /* start with an empty password */
1389	2	50	if (count != 1) {
1390	0		croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n");
1391			}
1392			else {
1393	2	50	str = POPpx;
1394	2		str_len = strlen(str);
1395	2	50	if (str_len+1 < bufsize) {
1396	2		strcpy(buf, str);
1397			}
1398			else {
1399	0		str_len = 0;
1400	0		warn("Net::SSLeay: pem_password_cb_invoke password too long\n");
1401			}
1402			}
1403
1404	2		PUTBACK;
1405	2	50	FREETMPS;
1406	2		LEAVE;
1407			}
1408	2		return str_len;
1409			}
1410
1411	641		void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data)
1412			{
1413	641		dSP;
1414	641		int count = -1;
1415	641		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1416
1417			/* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */
1418	641	50	if (cb->func && SvOK(cb->func)) {
		100
		50
		50
1419	194		ENTER;
1420	194		SAVETMPS;
1421
1422	194	50	PUSHMARK(sp);
1423
1424	194	50	XPUSHs(sv_2mortal( newSViv(i) ));
1425	194	50	XPUSHs(sv_2mortal( newSViv(n) ));
1426	194	100	if (cb->data) XPUSHs( cb->data );
		50
1427
1428	194		PUTBACK;
1429
1430	194		count = call_sv( cb->func, G_VOID\|G_DISCARD );
1431
1432	193	50	if (count != 0)
1433	0		croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
1434			"perl function did return something in void context.\n");
1435
1436	193		SPAGAIN;
1437	193	50	FREETMPS;
1438	193		LEAVE;
1439			}
1440	640		}
1441
1442	16		void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret)
1443			{
1444	16		dSP;
1445			SV cb_func, cb_data;
1446
1447	16		cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func");
1448	16		cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data");
1449
1450	16	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1451	0		croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n");
1452
1453	16		ENTER;
1454	16		SAVETMPS;
1455
1456	16	50	PUSHMARK(SP);
1457	16	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1458	16	50	XPUSHs(sv_2mortal(newSViv(where)) );
1459	16	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1460	16	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1461	16		PUTBACK;
1462
1463	16		call_sv(cb_func, G_VOID);
1464
1465	16		SPAGAIN;
1466	16		PUTBACK;
1467	16	50	FREETMPS;
1468	16		LEAVE;
1469	16		}
1470
1471	457		void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
1472			{
1473	457		dSP;
1474			SV cb_func, cb_data;
1475	457		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1476
1477	457		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func");
1478	457		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data");
1479
1480	457	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1481	0		croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n");
1482
1483	457		ENTER;
1484	457		SAVETMPS;
1485
1486	457	50	PUSHMARK(SP);
1487	457	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1488	457	50	XPUSHs(sv_2mortal(newSViv(where)) );
1489	457	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1490	457	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1491	457		PUTBACK;
1492
1493	457		call_sv(cb_func, G_VOID);
1494
1495	457		SPAGAIN;
1496	457		PUTBACK;
1497	457	50	FREETMPS;
1498	457		LEAVE;
1499	457		}
1500
1501	24		void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1502			{
1503	24		dSP;
1504			SV cb_func, cb_data;
1505
1506	24		cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
1507	24		cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
1508
1509	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1510	0		croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
1511
1512	24		ENTER;
1513	24		SAVETMPS;
1514
1515	24	50	PUSHMARK(SP);
1516	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1517	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1518	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1519	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1520	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1521	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1522	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1523	24		PUTBACK;
1524
1525	24		call_sv(cb_func, G_VOID);
1526
1527	24		SPAGAIN;
1528	24		PUTBACK;
1529	24	50	FREETMPS;
1530	24		LEAVE;
1531	24		}
1532
1533	24		void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1534			{
1535	24		dSP;
1536			SV cb_func, cb_data;
1537	24		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1538
1539	24		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
1540	24		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
1541
1542	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1543	0		croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
1544
1545	24		ENTER;
1546	24		SAVETMPS;
1547
1548	24	50	PUSHMARK(SP);
1549	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1550	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1551	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1552	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1553	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1554	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1555	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1556	24		PUTBACK;
1557
1558	24		call_sv(cb_func, G_VOID);
1559
1560	24		SPAGAIN;
1561	24		PUTBACK;
1562	24	50	FREETMPS;
1563	24		LEAVE;
1564	24		}
1565
1566			/*
1567			* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
1568			* broken in various ways during the various 1.0.0* versions.
1569			* Better enable it only starting with 1.0.1.
1570			*/
1571			#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT)
1572			#define NET_SSLEAY_CAN_TICKET_KEY_CB
1573
1574	7		int tlsext_ticket_key_cb_invoke(
1575			SSL *ssl,
1576			unsigned char *key_name,
1577			unsigned char *iv,
1578			EVP_CIPHER_CTX *ectx,
1579			HMAC_CTX *hctx,
1580			int enc
1581			){
1582
1583	7		dSP;
1584	7		int count,usable_rv_count,hmac_key_len = 0;
1585			SV cb_func, cb_data;
1586			STRLEN svlen;
1587			unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */
1588			unsigned char name[16];
1589	7		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1590
1591			PR1("STARTED: tlsext_ticket_key_cb_invoke\n");
1592	7		cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func");
1593	7		cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data");
1594
1595	7	50	if (!SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1596	0		croak("callback must be a code reference");
1597
1598	7		ENTER;
1599	7		SAVETMPS;
1600	7	50	PUSHMARK(SP);
1601
1602	7	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1603
1604	7	100	if (!enc) {
1605			/* call as getkey(data,this_name) -> (key,current_name) */
1606	4	50	XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16)));
1607			} else {
1608			/* call as getkey(data) -> (key,current_name) */
1609			}
1610
1611	7		PUTBACK;
1612
1613	7		count = call_sv( cb_func, G_LIST );
1614
1615	7		SPAGAIN;
1616
1617	7	50	if (count>2)
1618	0		croak("too much return values - only (name,key) should be returned");
1619
1620	7		usable_rv_count = 0;
1621	7	100	if (count>0) {
1622	6		SV *sname = POPs;
1623	6	50	if (SvOK(sname)) {
		0
		0
1624	6	50	unsigned char pname = (unsigned char )SvPV(sname,svlen);
1625	6	50	if (svlen > 16)
1626	0		croak("name must be at at most 16 bytes, got %d",(int)svlen);
1627	6	50	if (svlen == 0)
1628	0		croak("name should not be empty");
1629	6		OPENSSL_cleanse(name, 16);
1630	6		memcpy(name,pname,svlen);
1631	6		usable_rv_count++;
1632			}
1633			}
1634	7	100	if (count>1) {
1635	6		SV *skey = POPs;
1636	6	50	if (SvOK(skey)) {
		0
		0
1637	6	50	unsigned char pkey = (unsigned char )SvPV(skey,svlen);
1638	6	50	if (svlen != 32 && svlen != 48)
		0
1639	0		croak("key must be 32 or 48 random bytes, got %d",(int)svlen);
1640	6		hmac_key_len = (int)svlen - 16;
1641	6		memcpy(key,pkey,(int)svlen);
1642	6		usable_rv_count++;
1643			}
1644			}
1645
1646	7		PUTBACK;
1647	7	50	FREETMPS;
1648	7		LEAVE;
1649
1650	7	100	if (!enc && usable_rv_count == 0) {
		100
1651	1		TRACE(2,"no key returned for ticket");
1652	1		return 0;
1653			}
1654	6	50	if (usable_rv_count != 2)
1655	0		croak("key functions needs to return (key,name)");
1656
1657	6	100	if (enc) {
1658			/* encrypt ticket information with given key */
1659	3		RAND_bytes(iv, 16);
1660	3		EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1661	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1662	3		memcpy(key_name,name,16);
1663	3		return 1;
1664
1665			} else {
1666	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1667	3		EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1668
1669	3	100	if (memcmp(name,key_name,16) == 0)
1670	2		return 1; /* current key was used */
1671			else
1672	7		return 2; /* different key was used, need to be renewed */
1673			}
1674			}
1675
1676			#endif
1677
1678	6		int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st ssl, SSL_SESSION sess)
1679			{
1680	6		dSP;
1681			int count, remove;
1682			SSL_CTX *ctx;
1683			SV *cb_func;
1684
1685			PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n");
1686	6		ctx = SSL_get_SSL_CTX(ssl);
1687	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func");
1688
1689	6	50	if(!SvOK(cb_func))
		0
		0
1690	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n");
1691
1692	6		ENTER;
1693	6		SAVETMPS;
1694
1695	6	50	PUSHMARK(sp);
1696	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1697	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1698	6		PUTBACK;
1699
1700	6		count = call_sv(cb_func, G_SCALAR);
1701
1702	6		SPAGAIN;
1703
1704	6	50	if (count != 1)
1705	0		croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n");
1706
1707	6	50	remove = POPi;
1708
1709	6		PUTBACK;
1710	6	50	FREETMPS;
1711	6		LEAVE;
1712
1713	6		return remove;
1714			}
1715
1716	6		void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX ctx, SSL_SESSION sess)
1717			{
1718	6		dSP;
1719			SV *cb_func;
1720
1721			PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n");
1722	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func");
1723
1724	6	50	if(!SvOK(cb_func))
		0
		0
1725	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n");
1726
1727	6		ENTER;
1728	6		SAVETMPS;
1729
1730	6	50	PUSHMARK(sp);
1731	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx))));
1732	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1733	6		PUTBACK;
1734
1735	6		call_sv(cb_func, G_VOID);
1736
1737	6		SPAGAIN;
1738
1739	6		PUTBACK;
1740	6	50	FREETMPS;
1741	6		LEAVE;
1742	6		}
1743
1744			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1745			int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER provider, void cbdata) {
1746			dSP;
1747			int ret = 1;
1748			int count = -1;
1749			simple_cb_data_t *cb = cbdata;
1750
1751			PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
1752			if (cb->func && SvOK(cb->func)) {
1753			ENTER;
1754			SAVETMPS;
1755
1756			PUSHMARK(SP);
1757			XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
1758			if (cb->data) XPUSHs(cb->data);
1759
1760			PUTBACK;
1761
1762			count = call_sv(cb->func, G_SCALAR);
1763
1764			SPAGAIN;
1765
1766			if (count != 1)
1767			croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
1768
1769			ret = POPi;
1770
1771			PUTBACK;
1772			FREETMPS;
1773			LEAVE;
1774			}
1775
1776			return ret;
1777			}
1778			#endif
1779
1780			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
1781			void ssl_ctx_keylog_cb_func_invoke(const SSL ssl, const char line)
1782			{
1783			dSP;
1784			SV *cb_func;
1785			SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1786
1787			PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n");
1788			cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
1789
1790			if(!SvOK(cb_func))
1791			croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n");
1792
1793			ENTER;
1794			SAVETMPS;
1795
1796			PUSHMARK(SP);
1797			XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1798			XPUSHs(sv_2mortal(newSVpv(line, 0)));
1799
1800			PUTBACK;
1801
1802			call_sv(cb_func, G_VOID);
1803
1804			SPAGAIN;
1805			PUTBACK;
1806			FREETMPS;
1807			LEAVE;
1808
1809			return;
1810			}
1811			#endif
1812
1813			/* ============= end of callback stuff, begin helper functions ============== */
1814
1815	0		time_t ASN1_TIME_timet(ASN1_TIME asn1t, time_t gmtoff) {
1816			struct tm t;
1817	0		const char p = (const char) asn1t->data;
1818	0		size_t msec = 0, tz = 0, i, l;
1819			time_t result;
1820	0		int adj = 0;
1821
1822	0	0	if (asn1t->type == V_ASN1_UTCTIME) {
1823	0	0	if (asn1t->length<12 \|\| asn1t->length>17) return 0;
		0
1824	0	0	if (asn1t->length>12) tz = 12;
1825			} else {
1826	0	0	if (asn1t->length<14) return 0;
1827	0	0	if (asn1t->length>14) {
1828	0	0	if (p[14] == '.') {
1829	0		msec = 14;
1830	0	0	for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ;
		0
		0
1831	0	0	if (ilength) tz = i;
1832			} else {
1833	0		tz = 14;
1834			}
1835			}
1836			}
1837
1838	0	0	l = msec ? msec : tz ? tz : asn1t->length;
		0
1839	0	0	for(i=0;i
1840	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1841			}
1842
1843			/* extract data and time */
1844	0		OPENSSL_cleanse(&t, sizeof(t));
1845	0	0	if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */
1846	0		t.tm_year = (p[0]-'0')*10 + (p[1]-'0');
1847	0	0	if (t.tm_year < 70) t.tm_year += 100;
1848	0		i=2;
1849			} else { /* YYYY */
1850	0		t.tm_year = (p[0]-'0')1000 + (p[1]-'0')100 + (p[2]-'0')*10 + p[3]-'0';
1851	0		t.tm_year -= 1900;
1852	0		i=4;
1853			}
1854	0		t.tm_mon = (p[i+0]-'0')10 + (p[i+1]-'0') -1; / MM, starts with 0 in tm */
1855	0		t.tm_mday = (p[i+2]-'0')10 + (p[i+3]-'0'); / DD */
1856	0		t.tm_hour = (p[i+4]-'0')10 + (p[i+5]-'0'); / hh */
1857	0		t.tm_min = (p[i+6]-'0')10 + (p[i+7]-'0'); / mm */
1858	0		t.tm_sec = (p[i+8]-'0')10 + (p[i+9]-'0'); / ss */
1859
1860			/* skip msec, because time_t does not support it */
1861
1862	0	0	if (tz) {
1863			/* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/
1864	0	0	if (p[tz] == 'Z') {
1865	0	0	if (asn1t->length>tz+1 ) return 0;
1866	0	0	} else if (asn1t->length
		0
		0
1867	0		return 0;
1868			} else {
1869	0	0	if (asn1t->length>tz+5 ) return 0;
1870	0	0	for(i=tz+1;i
1871	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1872			}
1873	0		adj = ((p[tz+1]-'0')10 + (p[tz+2]-'0'))3600
1874	0		+ ((p[tz+3]-'0')10 + (p[tz+4]-'0'))60;
1875	0	0	if (p[tz]=='+') adj= -1; / +0500: subtract 5 hours to get UTC */
1876			}
1877			}
1878
1879	0		result = mktime(&t);
1880	0	0	if (result == -1) return 0; /* broken time */
1881	0		result += adj;
1882	0	0	if (gmtoff && *gmtoff == -1) {
		0
1883	0		*gmtoff = result - mktime(gmtime(&result));
1884	0		result += *gmtoff;
1885			} else {
1886	0		result += result - mktime(gmtime(&result));
1887			}
1888	0		return result;
1889			}
1890
1891	0		X509 * find_issuer(X509 cert,X509_STORE store, STACK_OF(X509) *chain) {
1892			int i;
1893	0		X509 *issuer = NULL;
1894
1895			/* search first in the chain */
1896	0	0	if (chain) {
1897	0	0	for(i=0;i
1898	0	0	if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
1899	0		TRACE(2,"found issuer in chain");
1900	0		issuer = X509_dup(sk_X509_value(chain,i));
1901			}
1902			}
1903			}
1904			/* if not in the chain it might be in the store */
1905	0	0	if ( !issuer && store ) {
		0
1906	0		X509_STORE_CTX *stx = X509_STORE_CTX_new();
1907	0	0	if (stx && X509_STORE_CTX_init(stx,store,cert,NULL)) {
		0
1908	0		int ok = X509_STORE_CTX_get1_issuer(&issuer,stx,cert);
1909	0	0	if (ok<0) {
1910	0		int err = ERR_get_error();
1911	0	0	if(err) {
1912	0		TRACE(2,"failed to get issuer: %s",ERR_error_string(err,NULL));
1913			} else {
1914	0		TRACE(2,"failed to get issuer: unknown error");
1915			}
1916	0	0	} else if (ok == 0 ) {
1917	0		TRACE(2,"failed to get issuer(0)");
1918			} else {
1919	0		TRACE(2,"got issuer");
1920			}
1921			}
1922	0	0	if (stx) X509_STORE_CTX_free(stx);
1923			}
1924	0		return issuer;
1925			}
1926
1927	8		static SV bn2sv(const BIGNUM p_bn)
1928			{
1929	8		return p_bn != NULL
1930	8		? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
1931	16	50	: &PL_sv_undef;
1932			}
1933
1934			/* ============= end of helper functions ============== */
1935
1936			MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
1937
1938			PROTOTYPES: ENABLE
1939
1940			BOOT:
1941			{
1942			MY_CXT_INIT;
1943	54		LIB_initialized = 0;
1944			#ifdef USE_ITHREADS
1945			MUTEX_INIT(&LIB_init_mutex);
1946			#ifdef OPENSSL_THREADS
1947			/* If we running under ModPerl, we dont need our own thread locking because
1948			* perl threads are not supported under mod-perl, and we can fall back to the thread
1949			* locking built in to mod-ssl
1950			*/
1951			if (!hv_fetch(get_hv("ENV", 1), "MOD_PERL", 8, 0))
1952			openssl_threads_init();
1953			#endif
1954			#endif
1955			/* initialize global shared callback data hash */
1956	54		MY_CXT.global_cb_data = newHV();
1957	54		MY_CXT.tid = get_my_thread_id();
1958			#ifdef USE_ITHREADS
1959			PR3("BOOT: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1960			#else
1961			PR1("BOOT:\n");
1962			#endif
1963			}
1964
1965			void
1966			CLONE(...)
1967			CODE:
1968			MY_CXT_CLONE;
1969			/* reset all callback related data as we want to prevent
1970			* cross-thread callbacks
1971			* TODO: later somebody can make the global hash MY_CXT.global_cb_data
1972			* somehow shared between threads
1973			*/
1974	0		MY_CXT.global_cb_data = newHV();
1975	0		MY_CXT.tid = get_my_thread_id();
1976			#ifdef USE_ITHREADS
1977			PR3("CLONE: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1978			#else
1979			PR1("CLONE: but USE_ITHREADS not defined\n");
1980			#endif
1981
1982			#ifdef NET_SSLEAY_32BIT_CONSTANTS
1983			double
1984			constant(name)
1985			char * name
1986			CODE:
1987	1107		errno = 0;
1988	1107		RETVAL = constant(name, strlen(name));
1989			OUTPUT:
1990			RETVAL
1991
1992			#else
1993
1994			uint64_t
1995			constant(name)
1996			char * name
1997			CODE:
1998			errno = 0;
1999			RETVAL = constant(name, strlen(name));
2000			OUTPUT:
2001			RETVAL
2002
2003			#endif
2004
2005			int
2006			hello()
2007			CODE:
2008			PR1("\tSSLeay Hello World!\n");
2009	1		RETVAL = 1;
2010			OUTPUT:
2011			RETVAL
2012
2013			#define REM0 "============= version related functions =============="
2014
2015			unsigned long
2016			SSLeay()
2017
2018			const char *
2019			SSLeay_version(type=SSLEAY_VERSION)
2020			int type
2021
2022			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2023
2024			unsigned long
2025			OpenSSL_version_num()
2026
2027			const char *
2028			OpenSSL_version(t=OPENSSL_VERSION)
2029			int t
2030
2031			#endif /* OpenSSL 1.1.0 */
2032
2033			#if (OPENSSL_VERSION_MAJOR >= 3)
2034
2035			unsigned int
2036			OPENSSL_version_major()
2037
2038			unsigned int
2039			OPENSSL_version_minor()
2040
2041			unsigned int
2042			OPENSSL_version_patch()
2043
2044			const char *
2045			OPENSSL_version_pre_release()
2046
2047			const char *
2048			OPENSSL_version_build_metadata()
2049
2050			const char *
2051			OPENSSL_info(int t)
2052
2053			#endif
2054
2055			#define REM1 "============= SSL CONTEXT functions =============="
2056
2057			SSL_CTX *
2058			SSL_CTX_new()
2059			CODE:
2060	12		RETVAL = SSL_CTX_new (SSLv23_method());
2061			OUTPUT:
2062			RETVAL
2063
2064
2065			#if OPENSSL_VERSION_NUMBER < 0x10100000L
2066			#ifndef OPENSSL_NO_SSL2
2067
2068			SSL_CTX *
2069			SSL_CTX_v2_new()
2070			CODE:
2071			RETVAL = SSL_CTX_new (SSLv2_method());
2072			OUTPUT:
2073			RETVAL
2074
2075			#endif
2076			#endif
2077			#ifndef OPENSSL_NO_SSL3
2078
2079			SSL_CTX *
2080			SSL_CTX_v3_new()
2081			CODE:
2082			RETVAL = SSL_CTX_new (SSLv3_method());
2083			OUTPUT:
2084			RETVAL
2085
2086			#endif
2087
2088			SSL_CTX *
2089			SSL_CTX_v23_new()
2090			CODE:
2091	1		RETVAL = SSL_CTX_new (SSLv23_method());
2092			OUTPUT:
2093			RETVAL
2094
2095			#if !defined(OPENSSL_NO_TLS1_METHOD)
2096
2097			SSL_CTX *
2098			SSL_CTX_tlsv1_new()
2099			CODE:
2100	1		RETVAL = SSL_CTX_new (TLSv1_method());
2101			OUTPUT:
2102			RETVAL
2103
2104			#endif
2105
2106			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
2107
2108			SSL_CTX *
2109			SSL_CTX_tlsv1_1_new()
2110			CODE:
2111	0		RETVAL = SSL_CTX_new (TLSv1_1_method());
2112			OUTPUT:
2113			RETVAL
2114
2115			#endif
2116
2117			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
2118
2119			SSL_CTX *
2120			SSL_CTX_tlsv1_2_new()
2121			CODE:
2122	1		RETVAL = SSL_CTX_new (TLSv1_2_method());
2123			OUTPUT:
2124			RETVAL
2125
2126			#endif
2127
2128			SSL_CTX *
2129			SSL_CTX_new_with_method(meth)
2130			SSL_METHOD * meth
2131			CODE:
2132	204		RETVAL = SSL_CTX_new (meth);
2133			OUTPUT:
2134			RETVAL
2135
2136			void
2137			SSL_CTX_free(ctx)
2138			SSL_CTX * ctx
2139			CODE:
2140	163		SSL_CTX_free(ctx);
2141	163		cb_data_advanced_drop(ctx); /* clean callback related data from global hash */
2142
2143			int
2144			SSL_CTX_add_session(ctx,ses)
2145			SSL_CTX * ctx
2146			SSL_SESSION * ses
2147
2148			int
2149			SSL_CTX_remove_session(ctx,ses)
2150			SSL_CTX * ctx
2151			SSL_SESSION * ses
2152
2153			void
2154			SSL_CTX_flush_sessions(ctx,tm)
2155			SSL_CTX * ctx
2156			long tm
2157
2158			int
2159			SSL_CTX_set_default_verify_paths(ctx)
2160			SSL_CTX * ctx
2161
2162			int
2163			SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
2164			SSL_CTX * ctx
2165			char * CAfile
2166			char * CApath
2167			CODE:
2168	21	50	RETVAL = SSL_CTX_load_verify_locations (ctx,
		50
2169	7	50	CAfile?(*CAfile?CAfile:NULL):NULL,
2170	7	50	CApath?(*CApath?CApath:NULL):NULL
2171			);
2172			OUTPUT:
2173			RETVAL
2174
2175			void
2176			SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef)
2177			SSL_CTX * ctx
2178			int mode
2179			SV * callback
2180			CODE:
2181
2182			/* Former versions of SSLeay checked if the callback was a true boolean value
2183			* and didn't call it if it was false. Therefor some people set the callback
2184			* to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
2185			* we don't execute the callback if it's value isn't something true to retain
2186			* backwards compatibility.
2187			*/
2188
2189	1	50	if (callback==NULL \|\| !SvOK(callback) \|\| !SvTRUE(callback)) {
		50
		0
		0
		50
		50
		0
		50
		0
		0
		50
		0
		0
		0
		0
		0
		50
		0
		0
		0
		0
		0
		50
2190	0		SSL_CTX_set_verify(ctx, mode, NULL);
2191	0		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL);
2192			} else {
2193	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback));
2194	1		SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke);
2195			}
2196
2197			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
2198
2199			void
2200			SSL_CTX_set_security_level(SSL_CTX * ctx, int level)
2201
2202			int
2203			SSL_CTX_get_security_level(SSL_CTX * ctx)
2204
2205			#endif
2206
2207			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
2208
2209			int
2210			SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
2211
2212			size_t
2213			SSL_CTX_get_num_tickets(SSL_CTX *ctx)
2214
2215			#endif
2216
2217			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
2218
2219			int
2220			SSL_CTX_set_ciphersuites(SSL_CTX ctx, const char str)
2221
2222			#endif
2223
2224			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2225
2226			void
2227			SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
2228
2229			#endif
2230
2231			void
2232			SSL_CTX_sess_set_new_cb(ctx, callback)
2233			SSL_CTX * ctx
2234			SV * callback
2235			CODE:
2236	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2237	0		SSL_CTX_sess_set_new_cb(ctx, NULL);
2238	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL);
2239			}
2240			else {
2241	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback));
2242	6		SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke);
2243			}
2244
2245			void
2246			SSL_CTX_sess_set_remove_cb(ctx, callback)
2247			SSL_CTX * ctx
2248			SV * callback
2249			CODE:
2250	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2251	0		SSL_CTX_sess_set_remove_cb(ctx, NULL);
2252	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL);
2253			}
2254			else {
2255	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback));
2256	6		SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke);
2257			}
2258
2259			int
2260			SSL_get_error(s,ret)
2261			SSL * s
2262			int ret
2263
2264			#define REM10 "============= SSL functions =============="
2265
2266			SSL *
2267			SSL_new(ctx)
2268			SSL_CTX * ctx
2269
2270			void
2271			SSL_free(s)
2272			SSL * s
2273			CODE:
2274	187		SSL_free(s);
2275	187		cb_data_advanced_drop(s); /* clean callback related data from global hash */
2276
2277			#if 0 /* this seems to be gone in 0.9.0 */
2278			void
2279			SSL_debug(file)
2280			char * file
2281
2282			#endif
2283
2284			int
2285			SSL_accept(s)
2286			SSL * s
2287
2288			void
2289			SSL_clear(s)
2290			SSL * s
2291
2292			int
2293			SSL_connect(s)
2294			SSL * s
2295
2296
2297			#if defined(WIN32)
2298
2299			int
2300			SSL_set_fd(s,fd)
2301			SSL * s
2302			perl_filehandle_t fd
2303			CODE:
2304			RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
2305			OUTPUT:
2306			RETVAL
2307
2308			int
2309			SSL_set_rfd(s,fd)
2310			SSL * s
2311			perl_filehandle_t fd
2312			CODE:
2313			RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
2314			OUTPUT:
2315			RETVAL
2316
2317			int
2318			SSL_set_wfd(s,fd)
2319			SSL * s
2320			perl_filehandle_t fd
2321			CODE:
2322			RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
2323			OUTPUT:
2324			RETVAL
2325
2326			#else
2327
2328			int
2329			SSL_set_fd(s,fd)
2330			SSL * s
2331			perl_filehandle_t fd
2332
2333			int
2334			SSL_set_rfd(s,fd)
2335			SSL * s
2336			perl_filehandle_t fd
2337
2338			int
2339			SSL_set_wfd(s,fd)
2340			SSL * s
2341			perl_filehandle_t fd
2342
2343			#endif
2344
2345			int
2346			SSL_get_fd(s)
2347			SSL * s
2348
2349			void
2350			SSL_read(s,max=32768)
2351			SSL * s
2352			int max
2353			PREINIT:
2354			char *buf;
2355			int got;
2356	306		int succeeded = 1;
2357			PPCODE:
2358	306		New(0, buf, max, char);
2359
2360	306		got = SSL_read(s, buf, max);
2361	306	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		100
2362	6		succeeded = 0;
2363
2364			/* If in list context, return 2-item list:
2365			* first return value: data gotten, or undef on error (got<0)
2366			* second return value: result from SSL_read()
2367			*/
2368	306	50	if (GIMME_V==G_LIST) {
		100
2369	286	50	EXTEND(SP, 2);
2370	286	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2371	286		PUSHs(sv_2mortal(newSViv(got)));
2372
2373			/* If in scalar or void context, return data gotten, or undef on error. */
2374			} else {
2375	20	50	EXTEND(SP, 1);
2376	20	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2377			}
2378
2379	306		Safefree(buf);
2380
2381			void
2382			SSL_peek(s,max=32768)
2383			SSL * s
2384			int max
2385			PREINIT:
2386			char *buf;
2387			int got;
2388	5		int succeeded = 1;
2389			PPCODE:
2390	5		New(0, buf, max, char);
2391
2392	5		got = SSL_peek(s, buf, max);
2393	5	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		50
2394	2		succeeded = 0;
2395
2396			/* If in list context, return 2-item list:
2397			* first return value: data gotten, or undef on error (got<0)
2398			* second return value: result from SSL_peek()
2399			*/
2400	5	50	if (GIMME_V==G_LIST) {
		100
2401	2	50	EXTEND(SP, 2);
2402	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2403	2		PUSHs(sv_2mortal(newSViv(got)));
2404
2405			/* If in scalar or void context, return data gotten, or undef on error. */
2406			} else {
2407	3	50	EXTEND(SP, 1);
2408	3	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2409			}
2410	5		Safefree(buf);
2411
2412			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2413
2414			void
2415			SSL_read_ex(s,max=32768)
2416			SSL * s
2417			int max
2418			PREINIT:
2419			char *buf;
2420			size_t readbytes;
2421			int succeeded;
2422			PPCODE:
2423			Newx(buf, max, char);
2424
2425			succeeded = SSL_read_ex(s, buf, max, &readbytes);
2426
2427			/* Return 2-item list:
2428			* first return value: data gotten, or undef on error
2429			* second return value: result from SSL_read_ex()
2430			*/
2431			EXTEND(SP, 2);
2432			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2433			PUSHs(sv_2mortal(newSViv(succeeded)));
2434
2435			Safefree(buf);
2436
2437
2438			void
2439			SSL_peek_ex(s,max=32768)
2440			SSL * s
2441			int max
2442			PREINIT:
2443			char *buf;
2444			size_t readbytes;
2445			int succeeded;
2446			PPCODE:
2447			Newx(buf, max, char);
2448
2449			succeeded = SSL_peek_ex(s, buf, max, &readbytes);
2450
2451			/* Return 2-item list:
2452			* first return value: data gotten, or undef on error
2453			* second return value: result from SSL_peek_ex()
2454			*/
2455			EXTEND(SP, 2);
2456			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2457			PUSHs(sv_2mortal(newSViv(succeeded)));
2458
2459			Safefree(buf);
2460
2461			void
2462			SSL_write_ex(s,buf)
2463			SSL * s
2464			PREINIT:
2465			STRLEN len;
2466			size_t written;
2467			int succeeded;
2468			INPUT:
2469			char * buf = SvPV( ST(1), len);
2470			PPCODE:
2471			succeeded = SSL_write_ex(s, buf, len, &written);
2472
2473			/* Return 2-item list:
2474			* first return value: data gotten, or undef on error
2475			* second return value: result from SSL_read_ex()
2476			*/
2477			EXTEND(SP, 2);
2478			PUSHs(sv_2mortal(newSVuv(written)));
2479			PUSHs(sv_2mortal(newSViv(succeeded)));
2480
2481			#endif
2482
2483			int
2484			SSL_write(s,buf)
2485			SSL * s
2486			PREINIT:
2487			STRLEN len;
2488			INPUT:
2489			char * buf = SvPV( ST(1), len);
2490			CODE:
2491	20		RETVAL = SSL_write (s, buf, (int)len);
2492			OUTPUT:
2493			RETVAL
2494
2495			int
2496			SSL_write_partial(s,from,count,buf)
2497			SSL * s
2498			int from
2499			int count
2500			PREINIT:
2501			STRLEN ulen;
2502			IV len;
2503			INPUT:
2504			char * buf = SvPV( ST(3), ulen);
2505			CODE:
2506			/*
2507			if (SvROK( ST(3) )) {
2508			SV* t = SvRV( ST(3) );
2509			buf = SvPV( t, len);
2510			} else
2511			buf = SvPV( ST(3), len);
2512			*/
2513			PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen);
2514			/PR2("buf='%s'\n",&buf[from]); / too noisy */
2515	22		len = (IV)ulen;
2516	22		len -= from;
2517	22	50	if (len < 0) {
2518	0		croak("from beyound end of buffer");
2519			RETVAL = -1;
2520			} else
2521	22		RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
2522			OUTPUT:
2523			RETVAL
2524
2525			int
2526			SSL_use_RSAPrivateKey(s,rsa)
2527			SSL * s
2528			RSA * rsa
2529
2530			int
2531			SSL_use_RSAPrivateKey_ASN1(s,d,len)
2532			SSL * s
2533			unsigned char * d
2534			long len
2535
2536			int
2537			SSL_use_RSAPrivateKey_file(s,file,type)
2538			SSL * s
2539			char * file
2540			int type
2541
2542			int
2543			SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
2544			SSL_CTX * ctx
2545			char * file
2546			int type
2547
2548			int
2549			SSL_use_PrivateKey(s,pkey)
2550			SSL * s
2551			EVP_PKEY * pkey
2552
2553			int
2554			SSL_use_PrivateKey_ASN1(pk,s,d,len)
2555			int pk
2556			SSL * s
2557			unsigned char * d
2558			long len
2559
2560			int
2561			SSL_use_PrivateKey_file(s,file,type)
2562			SSL * s
2563			char * file
2564			int type
2565
2566			int
2567			SSL_CTX_use_PrivateKey_file(ctx,file,type)
2568			SSL_CTX * ctx
2569			char * file
2570			int type
2571
2572			int
2573			SSL_use_certificate(s,x)
2574			SSL * s
2575			X509 * x
2576
2577			int
2578			SSL_use_certificate_ASN1(s,d,len)
2579			SSL * s
2580			unsigned char * d
2581			long len
2582
2583			int
2584			SSL_use_certificate_file(s,file,type)
2585			SSL * s
2586			char * file
2587			int type
2588
2589			int
2590			SSL_CTX_use_certificate_file(ctx,file,type)
2591			SSL_CTX * ctx
2592			char * file
2593			int type
2594
2595			const char *
2596			SSL_state_string(s)
2597			SSL * s
2598
2599			const char *
2600			SSL_rstate_string(s)
2601			SSL * s
2602
2603			const char *
2604			SSL_state_string_long(s)
2605			SSL * s
2606
2607			const char *
2608			SSL_rstate_string_long(s)
2609			SSL * s
2610
2611
2612			long
2613			SSL_get_time(ses)
2614			SSL_SESSION * ses
2615
2616			long
2617			SSL_set_time(ses,t)
2618			SSL_SESSION * ses
2619			long t
2620
2621			long
2622			SSL_get_timeout(ses)
2623			SSL_SESSION * ses
2624
2625			long
2626			SSL_set_timeout(ses,t)
2627			SSL_SESSION * ses
2628			long t
2629
2630			void
2631			SSL_copy_session_id(to,from)
2632			SSL * to
2633			SSL * from
2634
2635			void
2636			SSL_set_read_ahead(s,yes=1)
2637			SSL * s
2638			int yes
2639
2640			int
2641			SSL_get_read_ahead(s)
2642			SSL * s
2643
2644			int
2645			SSL_pending(s)
2646			SSL * s
2647
2648			#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
2649
2650			int
2651			SSL_has_pending(s)
2652			SSL * s
2653
2654			#endif
2655
2656			int
2657			SSL_CTX_set_cipher_list(s,str)
2658			SSL_CTX * s
2659			char * str
2660
2661			void
2662			SSL_get_ciphers(s)
2663			SSL * s
2664			PREINIT:
2665	4		STACK_OF(SSL_CIPHER) *sk = NULL;
2666			const SSL_CIPHER *c;
2667			int i;
2668			PPCODE:
2669	4		sk = SSL_get_ciphers(s);
2670	4	100	if( sk == NULL ) {
2671	2		XSRETURN_EMPTY;
2672			}
2673	196	100	for (i=0; i
2674	194		c = sk_SSL_CIPHER_value(sk, i);
2675	194	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(c))));
2676			}
2677
2678			const char *
2679			SSL_get_cipher_list(s,n)
2680			SSL * s
2681			int n
2682
2683			int
2684			SSL_set_cipher_list(s,str)
2685			SSL * s
2686			char * str
2687
2688			const char *
2689			SSL_get_cipher(s)
2690			SSL * s
2691
2692			void
2693			SSL_get_shared_ciphers(s,ignored_param1=0,ignored_param2=0)
2694			SSL *s
2695			int ignored_param1
2696			int ignored_param2
2697			PREINIT:
2698			char buf[8192];
2699			CODE:
2700	7		ST(0) = sv_newmortal(); /* undef to start with */
2701	7	50	if(SSL_get_shared_ciphers(s, buf, sizeof(buf)))
2702	7		sv_setpvn(ST(0), buf, strlen(buf));
2703
2704			X509 *
2705			SSL_get_peer_certificate(s)
2706			SSL * s
2707
2708			void
2709			SSL_get_peer_cert_chain(s)
2710			SSL * s
2711			PREINIT:
2712	0		STACK_OF(X509) *chain = NULL;
2713			X509 *x;
2714			int i;
2715			PPCODE:
2716	0		chain = SSL_get_peer_cert_chain(s);
2717	0	0	if( chain == NULL ) {
2718	0		XSRETURN_EMPTY;
2719			}
2720	0	0	for (i=0; i
2721	0		x = sk_X509_value(chain, i);
2722	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
2723			}
2724
2725			void
2726			SSL_set_verify(s,mode,callback)
2727			SSL * s
2728			int mode
2729			SV * callback
2730			CODE:
2731	7	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2732	0		SSL_set_verify(s, mode, NULL);
2733	0		cb_data_advanced_put(s, "ssleay_verify_callback!!func", NULL);
2734			}
2735			else {
2736	7		cb_data_advanced_put(s, "ssleay_verify_callback!!func", newSVsv(callback));
2737	7		SSL_set_verify(s, mode, &ssleay_verify_callback_invoke);
2738			}
2739
2740			void
2741			SSL_set_bio(s,rbio,wbio)
2742			SSL * s
2743			BIO * rbio
2744			BIO * wbio
2745
2746			BIO *
2747			SSL_get_rbio(s)
2748			SSL * s
2749
2750			BIO *
2751			SSL_get_wbio(s)
2752			SSL * s
2753
2754
2755			SSL_SESSION *
2756			SSL_SESSION_new()
2757
2758			int
2759			SSL_SESSION_print(fp,ses)
2760			BIO * fp
2761			SSL_SESSION * ses
2762
2763			void
2764			SSL_SESSION_free(ses)
2765			SSL_SESSION * ses
2766
2767			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
2768
2769			int
2770			SSL_SESSION_is_resumable(ses)
2771			SSL_SESSION * ses
2772
2773			SSL_SESSION *
2774			SSL_SESSION_dup(sess)
2775			SSL_SESSION * sess
2776
2777			#endif
2778			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2779
2780			void
2781			SSL_set_post_handshake_auth(SSL *ssl, int val)
2782
2783			int
2784			SSL_verify_client_post_handshake(SSL *ssl)
2785
2786			#endif
2787
2788			void
2789			i2d_SSL_SESSION(sess)
2790			SSL_SESSION * sess
2791			PPCODE:
2792			STRLEN len;
2793			unsigned char pc,pi;
2794	3	50	if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION");
2795	3		Newx(pc,len,unsigned char);
2796	3	50	if (!pc) croak("out of memory");
2797	3		pi = pc;
2798	3		i2d_SSL_SESSION(sess,&pi);
2799	3	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
2800	3		Safefree(pc);
2801
2802
2803			SSL_SESSION *
2804			d2i_SSL_SESSION(pv)
2805			SV *pv
2806			CODE:
2807	7		RETVAL = NULL;
2808	7	50	if (SvPOK(pv)) {
2809			const unsigned char *p;
2810			STRLEN len;
2811	7	50	p = (unsigned char*)SvPV(pv,len);
2812	7		RETVAL = d2i_SSL_SESSION(NULL,&p,len);
2813			}
2814			OUTPUT:
2815			RETVAL
2816
2817			#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2818
2819			int
2820			SSL_SESSION_up_ref(sess)
2821			SSL_SESSION * sess
2822
2823			#endif
2824
2825			int
2826			SSL_set_session(to,ses)
2827			SSL * to
2828			SSL_SESSION * ses
2829
2830			#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
2831
2832			SSL_SESSION *
2833			SSL_get_session(s)
2834			SSL * s
2835			ALIAS:
2836			SSL_get0_session = 1
2837
2838			SSL_SESSION *
2839			SSL_get1_session(s)
2840			SSL * s
2841
2842			X509 *
2843			SSL_get_certificate(s)
2844			SSL * s
2845
2846			SSL_CTX *
2847			SSL_get_SSL_CTX(s)
2848			SSL * s
2849
2850			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
2851
2852			SSL_CTX *
2853			SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
2854
2855			#endif
2856
2857			long
2858			SSL_ctrl(ssl,cmd,larg,parg)
2859			SSL * ssl
2860			int cmd
2861			long larg
2862			char * parg
2863
2864			long
2865			SSL_CTX_ctrl(ctx,cmd,larg,parg)
2866			SSL_CTX * ctx
2867			int cmd
2868			long larg
2869			char * parg
2870
2871			#ifdef NET_SSLEAY_32BIT_CONSTANTS
2872
2873			long
2874			SSL_get_options(ssl)
2875			SSL * ssl
2876
2877			long
2878			SSL_set_options(ssl,op)
2879			SSL * ssl
2880			long op
2881
2882			long
2883			SSL_CTX_get_options(ctx)
2884			SSL_CTX * ctx
2885
2886			long
2887			SSL_CTX_set_options(ctx,op)
2888			SSL_CTX * ctx
2889			long op
2890
2891			#else
2892
2893			uint64_t
2894			SSL_get_options(ssl)
2895			SSL * ssl
2896
2897			uint64_t
2898			SSL_set_options(ssl,op)
2899			SSL * ssl
2900			uint64_t op
2901
2902			uint64_t
2903			SSL_CTX_get_options(ctx)
2904			SSL_CTX * ctx
2905
2906			uint64_t
2907			SSL_CTX_set_options(ctx,op)
2908			SSL_CTX * ctx
2909			uint64_t op
2910
2911			#endif
2912
2913			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
2914
2915			struct lhash_st_SSL_SESSION *
2916			SSL_CTX_sessions(ctx)
2917			SSL_CTX * ctx
2918
2919			#else
2920
2921			LHASH *
2922			SSL_CTX_sessions(ctx)
2923			SSL_CTX * ctx
2924			CODE:
2925			/* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
2926			if (ctx == NULL) croak("NULL SSL context passed as argument.");
2927			RETVAL = ctx -> sessions;
2928			OUTPUT:
2929			RETVAL
2930
2931			#endif
2932
2933			unsigned long
2934			SSL_CTX_sess_number(ctx)
2935			SSL_CTX * ctx
2936
2937			int
2938			SSL_CTX_sess_connect(ctx)
2939			SSL_CTX * ctx
2940
2941			int
2942			SSL_CTX_sess_connect_good(ctx)
2943			SSL_CTX * ctx
2944
2945			int
2946			SSL_CTX_sess_connect_renegotiate(ctx)
2947			SSL_CTX * ctx
2948
2949			int
2950			SSL_CTX_sess_accept(ctx)
2951			SSL_CTX * ctx
2952
2953			int
2954			SSL_CTX_sess_accept_renegotiate(ctx)
2955			SSL_CTX * ctx
2956
2957			int
2958			SSL_CTX_sess_accept_good(ctx)
2959			SSL_CTX * ctx
2960
2961			int
2962			SSL_CTX_sess_hits(ctx)
2963			SSL_CTX * ctx
2964
2965			int
2966			SSL_CTX_sess_cb_hits(ctx)
2967			SSL_CTX * ctx
2968
2969			int
2970			SSL_CTX_sess_misses(ctx)
2971			SSL_CTX * ctx
2972
2973			int
2974			SSL_CTX_sess_timeouts(ctx)
2975			SSL_CTX * ctx
2976
2977			int
2978			SSL_CTX_sess_cache_full(ctx)
2979			SSL_CTX * ctx
2980
2981			int
2982			SSL_CTX_sess_get_cache_size(ctx)
2983			SSL_CTX * ctx
2984
2985			long
2986			SSL_CTX_sess_set_cache_size(ctx,size)
2987			SSL_CTX * ctx
2988			int size
2989
2990			int
2991			SSL_want(s)
2992			SSL * s
2993
2994			# OpenSSL 1.1.1 documents SSL_in_init and the related functions as
2995			# returning 0 or 1. However, older versions and e.g. LibreSSL may
2996			# return other values than 1 which we fold to 1.
2997			int
2998			SSL_in_before(s)
2999			SSL * s
3000			CODE:
3001	7		RETVAL = SSL_in_before(s) == 0 ? 0 : 1;
3002			OUTPUT:
3003			RETVAL
3004
3005			int
3006			SSL_is_init_finished(s)
3007			SSL * s
3008			CODE:
3009	7		RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1;
3010			OUTPUT:
3011			RETVAL
3012
3013			int
3014			SSL_in_init(s)
3015			SSL * s
3016			CODE:
3017	7		RETVAL = SSL_in_init(s) == 0 ? 0 : 1;
3018			OUTPUT:
3019			RETVAL
3020
3021			int
3022			SSL_in_connect_init(s)
3023			SSL * s
3024			CODE:
3025	2		RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1;
3026			OUTPUT:
3027			RETVAL
3028
3029			int
3030			SSL_in_accept_init(s)
3031			SSL * s
3032			CODE:
3033	2		RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1;
3034			OUTPUT:
3035			RETVAL
3036
3037			#if OPENSSL_VERSION_NUMBER < 0x10100000L
3038			int
3039			SSL_state(s)
3040			SSL * s
3041
3042			int
3043			SSL_get_state(ssl)
3044			SSL * ssl
3045			CODE:
3046	0		RETVAL = SSL_state(ssl);
3047			OUTPUT:
3048			RETVAL
3049
3050
3051			#else
3052			int
3053			SSL_state(s)
3054			SSL * s
3055			CODE:
3056			RETVAL = SSL_get_state(s);
3057			OUTPUT:
3058			RETVAL
3059
3060
3061			int
3062			SSL_get_state(s)
3063			SSL * s
3064
3065			#endif
3066			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
3067
3068			long
3069			SSL_set_tlsext_host_name(SSL ssl, const char name)
3070
3071			const char *
3072			SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name)
3073
3074			int
3075			SSL_get_servername_type(const SSL *s)
3076
3077			void
3078			SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
3079			SSL_CTX * ctx
3080			SV * callback
3081			SV * data
3082			CODE:
3083	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
3084	0		SSL_CTX_set_tlsext_servername_callback(ctx, NULL);
3085	0		SSL_CTX_set_tlsext_servername_arg(ctx, NULL);
3086	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL);
3087	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL);
3088			} else {
3089	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data));
3090	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback));
3091	0		SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke);
3092	0		SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx);
3093			}
3094
3095			#endif
3096
3097			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */
3098			#ifndef LIBRESSL_VERSION_NUMBER
3099			#ifndef OPENSSL_IS_BORINGSSL
3100			void
3101			SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef)
3102			SSL * ssl
3103			SV * callback
3104			CODE:
3105			if (callback==NULL \|\| !SvOK(callback)) {
3106			SSL_set_default_passwd_cb(ssl, NULL);
3107			SSL_set_default_passwd_cb_userdata(ssl, NULL);
3108			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL);
3109			}
3110			else {
3111			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback));
3112			SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl);
3113			SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke);
3114			}
3115
3116			void
3117			SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef)
3118			SSL * ssl
3119			SV * data
3120			CODE:
3121			/* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */
3122			if (data==NULL \|\| !SvOK(data)) {
3123			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL);
3124			}
3125			else {
3126			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data));
3127			}
3128
3129			#endif /* !BoringSSL */
3130			#endif /* !LibreSSL */
3131			#endif /* >= 1.1.0f */
3132
3133			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
3134
3135			void
3136			SSL_set_security_level(SSL * ssl, int level)
3137
3138			int
3139			SSL_get_security_level(SSL * ssl)
3140
3141			#endif
3142
3143			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
3144
3145			int
3146			SSL_set_num_tickets(SSL *ssl, size_t num_tickets)
3147
3148			size_t
3149			SSL_get_num_tickets(SSL *ssl)
3150
3151			#endif
3152
3153			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
3154
3155			int
3156			SSL_set_ciphersuites(SSL ssl, const char str)
3157
3158			#endif
3159
3160			const BIO_METHOD *
3161			BIO_f_ssl()
3162
3163			const BIO_METHOD *
3164			BIO_s_mem()
3165
3166			unsigned long
3167			ERR_get_error()
3168
3169			unsigned long
3170			ERR_peek_error()
3171
3172			void
3173			ERR_put_error(lib,func,reason,file,line)
3174			int lib
3175			int func
3176			int reason
3177			char * file
3178			int line
3179
3180			void
3181			ERR_clear_error()
3182
3183			char *
3184			ERR_error_string(error,buf=NULL)
3185			unsigned long error
3186			char * buf
3187			CODE:
3188	4		RETVAL = ERR_error_string(error,buf);
3189			OUTPUT:
3190			RETVAL
3191
3192			void
3193			SSL_load_error_strings()
3194
3195			void
3196			ERR_load_crypto_strings()
3197
3198			int
3199			SSL_FIPS_mode_set(int onoff)
3200			CODE:
3201			#ifdef USE_ITHREADS
3202			MUTEX_LOCK(&LIB_init_mutex);
3203			#endif
3204			#ifdef OPENSSL_FIPS
3205			RETVAL = FIPS_mode_set(onoff);
3206			if (!RETVAL)
3207			{
3208			ERR_load_crypto_strings();
3209			ERR_print_errors_fp(stderr);
3210			}
3211			#else
3212	0		RETVAL = 1;
3213	0		fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n");
3214			#endif
3215			#ifdef USE_ITHREADS
3216			MUTEX_UNLOCK(&LIB_init_mutex);
3217			#endif
3218			OUTPUT:
3219			RETVAL
3220
3221
3222			int
3223			SSL_library_init()
3224			ALIAS:
3225			SSLeay_add_ssl_algorithms = 1
3226			OpenSSL_add_ssl_algorithms = 2
3227			add_ssl_algorithms = 3
3228			CODE:
3229			#ifdef USE_ITHREADS
3230			MUTEX_LOCK(&LIB_init_mutex);
3231			#endif
3232	44		RETVAL = 0;
3233	44	100	if (!LIB_initialized) {
3234	43		RETVAL = SSL_library_init();
3235	43		LIB_initialized = 1;
3236			}
3237			#ifdef USE_ITHREADS
3238			MUTEX_UNLOCK(&LIB_init_mutex);
3239			#endif
3240			OUTPUT:
3241			RETVAL
3242
3243			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3244			#define REM5 "NOTE: requires 0.9.7+"
3245			#ifndef OPENSSL_NO_ENGINE
3246
3247			void
3248			ENGINE_load_builtin_engines()
3249
3250			void
3251			ENGINE_register_all_complete()
3252
3253			ENGINE*
3254			ENGINE_by_id(id)
3255			char * id
3256
3257			int
3258			ENGINE_set_default(e, flags)
3259			ENGINE * e
3260			int flags
3261
3262			#endif /* OPENSSL_NO_ENGINE */
3263			#endif
3264
3265			void
3266			ERR_load_SSL_strings()
3267
3268			void
3269			ERR_load_RAND_strings()
3270
3271			int
3272			RAND_bytes(buf, num)
3273			SV *buf
3274			int num
3275			PREINIT:
3276			int rc;
3277			unsigned char *random;
3278			CODE:
3279	7		New(0, random, num, unsigned char);
3280	7		rc = RAND_bytes(random, num);
3281	7		sv_setpvn(buf, (const char*)random, num);
3282	7		Safefree(random);
3283	7		RETVAL = rc;
3284			OUTPUT:
3285			RETVAL
3286
3287			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3288
3289			int
3290			RAND_priv_bytes(buf, num)
3291			SV *buf
3292			int num
3293			PREINIT:
3294			int rc;
3295			unsigned char *random;
3296			CODE:
3297			New(0, random, num, unsigned char);
3298			rc = RAND_priv_bytes(random, num);
3299			sv_setpvn(buf, (const char*)random, num);
3300			Safefree(random);
3301			RETVAL = rc;
3302			OUTPUT:
3303			RETVAL
3304
3305			#endif
3306
3307			int
3308			RAND_pseudo_bytes(buf, num)
3309			SV *buf
3310			int num
3311			PREINIT:
3312			int rc;
3313			unsigned char *random;
3314			CODE:
3315	5		New(0, random, num, unsigned char);
3316	5		rc = RAND_pseudo_bytes(random, num);
3317	5		sv_setpvn(buf, (const char*)random, num);
3318	5		Safefree(random);
3319	5		RETVAL = rc;
3320			OUTPUT:
3321			RETVAL
3322
3323			void
3324			RAND_add(buf, num, entropy)
3325			SV *buf
3326			int num
3327			double entropy
3328			PREINIT:
3329			STRLEN len;
3330			CODE:
3331	0	0	RAND_add((const void *)SvPV(buf, len), num, entropy);
3332
3333			int
3334			RAND_poll()
3335
3336			int
3337			RAND_status()
3338
3339			SV *
3340			RAND_file_name(num)
3341			size_t num
3342			PREINIT:
3343			char *buf;
3344			CODE:
3345	3		Newxz(buf, num, char);
3346	3	50	if (!RAND_file_name(buf, num)) {
3347	0		Safefree(buf);
3348	0		XSRETURN_UNDEF;
3349			}
3350	3		RETVAL = newSVpv(buf, 0);
3351	3		Safefree(buf);
3352			OUTPUT:
3353			RETVAL
3354
3355			void
3356			RAND_seed(buf)
3357			PREINIT:
3358			STRLEN len;
3359			INPUT:
3360			char * buf = SvPV( ST(1), len);
3361			CODE:
3362	45		RAND_seed (buf, (int)len);
3363
3364			void
3365			RAND_cleanup()
3366
3367			int
3368			RAND_load_file(file_name, how_much)
3369			char * file_name
3370			int how_much
3371
3372			int
3373			RAND_write_file(file_name)
3374			char * file_name
3375
3376			#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
3377
3378			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2050000fL)
3379
3380			int
3381			X509_check_host(X509 cert, const char name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
3382			PREINIT:
3383	0		char *c_peername = NULL;
3384			CODE:
3385	0	0	RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
3386	0	0	if (items == 4)
3387	0		sv_setpv(peername, c_peername);
3388			OUTPUT:
3389			RETVAL
3390			CLEANUP:
3391	0	0	if (c_peername)
3392	0		OPENSSL_free(c_peername);
3393
3394			int
3395			X509_check_email(X509 cert, const char address, unsigned int flags = 0)
3396			CODE:
3397	0		RETVAL = X509_check_email(cert, address, 0, flags);
3398			OUTPUT:
3399			RETVAL
3400
3401			int
3402			X509_check_ip(X509 cert, SV address, unsigned int flags = 0)
3403			PREINIT:
3404			unsigned char *c_address;
3405			size_t addresslen;
3406			CODE:
3407	0	0	c_address = (unsigned char *)SvPV(address, addresslen);
3408	0		RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
3409			OUTPUT:
3410			RETVAL
3411
3412			int
3413			X509_check_ip_asc(X509 cert, const char address, unsigned int flags = 0)
3414
3415			#endif
3416
3417			X509_NAME*
3418			X509_get_issuer_name(cert)
3419			X509 * cert
3420
3421			X509_NAME*
3422			X509_get_subject_name(cert)
3423			X509 * cert
3424
3425			void *
3426			X509_get_ex_data(cert,idx)
3427			X509 * cert
3428			int idx
3429
3430			int
3431			X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3432			long argl
3433			void * argp
3434			CRYPTO_EX_new * new_func
3435			CRYPTO_EX_dup * dup_func
3436			CRYPTO_EX_free * free_func
3437
3438			void *
3439			X509_get_app_data(cert)
3440			X509 * cert
3441			CODE:
3442	0		RETVAL = X509_get_ex_data(cert,0);
3443			OUTPUT:
3444			RETVAL
3445
3446			int
3447			X509_set_ex_data(cert,idx,data)
3448			X509 * cert
3449			int idx
3450			void * data
3451
3452			int
3453			X509_set_app_data(cert,arg)
3454			X509 * cert
3455			char * arg
3456			CODE:
3457	0		RETVAL = X509_set_ex_data(cert,0,arg);
3458			OUTPUT:
3459			RETVAL
3460
3461			int
3462			X509_set_issuer_name(X509 x, X509_NAME name)
3463
3464			int
3465			X509_set_subject_name(X509 x, X509_NAME name)
3466
3467			int
3468			X509_set_version(X509 *x, long version)
3469
3470			int
3471			X509_set_pubkey(X509 x, EVP_PKEY pkey)
3472
3473			long
3474			X509_get_version(X509 *x)
3475
3476			EVP_PKEY *
3477			X509_get_pubkey(X509 *x)
3478
3479			ASN1_INTEGER *
3480			X509_get_serialNumber(X509 *x)
3481
3482			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2080100fL)
3483
3484			const ASN1_INTEGER *
3485			X509_get0_serialNumber(const X509 *x)
3486
3487			#endif
3488
3489			int
3490			X509_set_serialNumber(X509 x, ASN1_INTEGER serial)
3491
3492			int
3493			X509_certificate_type(X509 x, EVP_PKEY pubkey=NULL);
3494
3495			int
3496			X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
3497
3498			int
3499			X509_verify(X509 x, EVP_PKEY r)
3500
3501			X509_NAME *
3502			X509_NAME_new()
3503
3504			unsigned long
3505			X509_NAME_hash(X509_NAME *name)
3506
3507			void
3508			X509_NAME_oneline(name)
3509			X509_NAME * name
3510			PREINIT:
3511			char * buf;
3512			CODE:
3513	17		ST(0) = sv_newmortal(); /* Undefined to start with */
3514	17	50	if ((buf = X509_NAME_oneline(name, NULL, 0))) {
3515	17		sv_setpvn( ST(0), buf, strlen(buf));
3516	17		OPENSSL_free(buf); /* mem was allocated by openssl */
3517			}
3518
3519			void
3520			X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0)
3521			X509_NAME * name
3522			unsigned long flags
3523			int utf8_decode
3524			PREINIT:
3525			char * buf;
3526			BIO * bp;
3527	13		int n, i, ident=0;
3528			CODE:
3529	13		ST(0) = sv_newmortal(); /* undef to start with */
3530	13		bp = BIO_new(BIO_s_mem());
3531	13	50	if (bp) {
3532	13	50	if (X509_NAME_print_ex(bp, name, ident, flags)) {
3533	13		n = BIO_ctrl_pending(bp);
3534	13		New(0, buf, n, char);
3535	13	50	if (buf) {
3536	13		i = BIO_read(bp,buf,n);
3537	13	50	if (i>=0 && i<=n) {
		50
3538	13		sv_setpvn(ST(0), buf, i);
3539	13	50	if (utf8_decode) sv_utf8_decode(ST(0));
3540			}
3541	13		Safefree(buf);
3542			}
3543			}
3544	13		BIO_free(bp);
3545			}
3546
3547			void
3548			X509_NAME_get_text_by_NID(name,nid)
3549			X509_NAME * name
3550			int nid
3551			PREINIT:
3552			char* buf;
3553			int length;
3554			CODE:
3555	1		ST(0) = sv_newmortal(); /* Undefined to start with */
3556	1		length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
3557
3558	1	50	if (length>=0) {
3559	1		New(0, buf, length+1, char);
3560	1	50	if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0)
3561	1		sv_setpvn( ST(0), buf, length);
3562	1		Safefree(buf);
3563			}
3564
3565			#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
3566			#define REM17 "requires 0.9.5+"
3567
3568			int
3569			X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0)
3570			X509_NAME *name
3571			int nid
3572			int type
3573			int loc
3574			int set
3575			PREINIT:
3576			STRLEN len;
3577			INPUT:
3578			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3579			CODE:
3580	1		RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set);
3581			OUTPUT:
3582			RETVAL
3583
3584			int
3585			X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0)
3586			X509_NAME *name
3587			ASN1_OBJECT *obj
3588			int type
3589			int loc
3590			int set
3591			PREINIT:
3592			STRLEN len;
3593			INPUT:
3594			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3595			CODE:
3596	1		RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set);
3597			OUTPUT:
3598			RETVAL
3599
3600			int
3601			X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0)
3602			X509_NAME *name
3603			char *field
3604			int type
3605			int loc
3606			int set
3607			PREINIT:
3608			STRLEN len;
3609			INPUT:
3610			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3611			CODE:
3612	6		RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set);
3613			OUTPUT:
3614			RETVAL
3615
3616			#endif
3617
3618			int
3619			X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
3620
3621			int
3622			X509_NAME_entry_count(X509_NAME *name)
3623
3624			X509_NAME_ENTRY *
3625			X509_NAME_get_entry(X509_NAME *name, int loc)
3626
3627			ASN1_STRING *
3628			X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
3629
3630			ASN1_OBJECT *
3631			X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
3632
3633			void
3634			X509_CRL_free(X509_CRL *x)
3635
3636			X509_CRL *
3637			X509_CRL_new()
3638
3639			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3640			#define REM19 "requires 0.9.7+"
3641
3642			int
3643			X509_CRL_set_version(X509_CRL *x, long version)
3644
3645			int
3646			X509_CRL_set_issuer_name(X509_CRL x, X509_NAME name)
3647
3648			int
3649			X509_CRL_sort(X509_CRL *x)
3650
3651			#endif
3652
3653			long
3654			X509_CRL_get_version(X509_CRL *x)
3655
3656			X509_NAME *
3657			X509_CRL_get_issuer(X509_CRL *x)
3658
3659			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
3660
3661			const ASN1_TIME *
3662			X509_CRL_get0_lastUpdate(const X509_CRL *crl)
3663			ALIAS:
3664			X509_CRL_get_lastUpdate = 1
3665
3666			const ASN1_TIME *
3667			X509_CRL_get0_nextUpdate(const X509_CRL *crl)
3668			ALIAS:
3669			X509_CRL_get_nextUpdate = 1
3670
3671			int
3672			X509_CRL_set1_lastUpdate(X509_CRL x, ASN1_TIME tm)
3673			ALIAS:
3674			X509_CRL_set_lastUpdate = 1
3675
3676			int
3677			X509_CRL_set1_nextUpdate(X509_CRL x, ASN1_TIME tm)
3678			ALIAS:
3679			X509_CRL_set_nextUpdate = 1
3680
3681			#else /* plain get/set is deprecated */
3682
3683			ASN1_TIME *
3684			X509_CRL_get_lastUpdate(X509_CRL *x)
3685			ALIAS:
3686			X509_CRL_get0_lastUpdate = 1
3687
3688			ASN1_TIME *
3689			X509_CRL_get_nextUpdate(X509_CRL *x)
3690			ALIAS:
3691			X509_CRL_get0_nextUpdate = 1
3692
3693			int
3694			X509_CRL_set_lastUpdate(X509_CRL x, ASN1_TIME tm)
3695			ALIAS:
3696			X509_CRL_set1_lastUpdate = 1
3697
3698			int
3699			X509_CRL_set_nextUpdate(X509_CRL x, ASN1_TIME tm)
3700			ALIAS:
3701			X509_CRL_set1_nextUpdate = 1
3702
3703			#endif
3704
3705			int
3706			X509_CRL_verify(X509_CRL a, EVP_PKEY r)
3707
3708			int
3709			X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
3710
3711			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3712			#define REM20 "requires 0.9.7+"
3713
3714			int
3715			P_X509_CRL_set_serial(crl,crl_number)
3716			X509_CRL *crl
3717			ASN1_INTEGER * crl_number;
3718			CODE:
3719	1		RETVAL = 0;
3720	1	50	if (crl && crl_number)
		50
3721	1	50	if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1;
3722			OUTPUT:
3723			RETVAL
3724
3725			ASN1_INTEGER *
3726			P_X509_CRL_get_serial(crl)
3727			X509_CRL *crl
3728			INIT:
3729			int i;
3730			CODE:
3731	1		RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL);
3732	1	50	if (!RETVAL \|\| i==-1) XSRETURN_UNDEF;
		50
3733			OUTPUT:
3734			RETVAL
3735
3736			void
3737			P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL)
3738			X509_CRL *crl
3739			char * serial_hex
3740			ASN1_TIME *rev_time
3741			long reason_code
3742			ASN1_TIME *comp_time
3743			PREINIT:
3744	2		BIGNUM *bn = NULL;
3745			ASN1_INTEGER *sn;
3746			X509_REVOKED *rev;
3747	2		ASN1_ENUMERATED *rsn = NULL;
3748			int rv;
3749			PPCODE:
3750	2		rv=0;
3751	2		rev = X509_REVOKED_new();
3752	2	50	if (rev) {
3753	2	50	if (BN_hex2bn(&bn, serial_hex)) {
3754	2		sn = BN_to_ASN1_INTEGER(bn, NULL);
3755	2	50	if (sn) {
3756	2		X509_REVOKED_set_serialNumber(rev, sn);
3757	2		ASN1_INTEGER_free(sn);
3758	2		rv = 1;
3759			}
3760	2		BN_free(bn);
3761			}
3762			}
3763	2	50	if (!rv) XSRETURN_IV(0);
3764
3765	2	50	if (!rev_time) XSRETURN_IV(0);
3766	2	50	if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0);
3767
3768	2	50	if(reason_code) {
3769	2		rv = 0;
3770	2		rsn = ASN1_ENUMERATED_new();
3771	2	50	if (rsn) {
3772	2	50	if (ASN1_ENUMERATED_set(rsn, reason_code))
3773	2	50	if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0))
3774	2		rv=1;
3775	2		ASN1_ENUMERATED_free(rsn);
3776			}
3777	2	50	if (!rv) XSRETURN_IV(0);
3778			}
3779
3780	2	50	if(comp_time) {
3781	2		X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0);
3782			}
3783
3784	2	50	if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0);
3785	2		XSRETURN_IV(1);
3786
3787			#endif
3788
3789			X509_REQ *
3790			X509_REQ_new()
3791
3792			void
3793			X509_REQ_free(X509_REQ *x)
3794
3795			X509_NAME *
3796			X509_REQ_get_subject_name(X509_REQ *x)
3797
3798			int
3799			X509_REQ_set_subject_name(X509_REQ x, X509_NAME name)
3800
3801			int
3802			X509_REQ_set_pubkey(X509_REQ x, EVP_PKEY pkey)
3803
3804			EVP_PKEY *
3805			X509_REQ_get_pubkey(X509_REQ *x)
3806
3807			int
3808			X509_REQ_sign(X509_REQ x, EVP_PKEY pk, const EVP_MD *md)
3809
3810			int
3811			X509_REQ_verify(X509_REQ x, EVP_PKEY r)
3812
3813			int
3814			X509_REQ_set_version(X509_REQ *x, long version)
3815
3816			long
3817			X509_REQ_get_version(X509_REQ *x)
3818
3819			int
3820			X509_REQ_get_attr_count(const X509_REQ *req);
3821
3822			int
3823			X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1)
3824
3825			int
3826			X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj, int lastpos=-1)
3827
3828			int
3829			X509_REQ_add1_attr_by_NID(req,nid,type,bytes)
3830			X509_REQ *req
3831			int nid
3832			int type
3833			PREINIT:
3834			STRLEN len;
3835			INPUT:
3836			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3837			CODE:
3838	2		RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len);
3839			OUTPUT:
3840			RETVAL
3841
3842			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3843			#define REM21 "requires 0.9.7+"
3844
3845			void
3846			P_X509_REQ_get_attr(req,n)
3847			X509_REQ *req
3848			int n
3849			INIT:
3850			X509_ATTRIBUTE * att;
3851			int count, i;
3852			ASN1_STRING * s;
3853			ASN1_TYPE * t;
3854			PPCODE:
3855	1		att = X509_REQ_get_attr(req,n);
3856	1		count = X509_ATTRIBUTE_count(att);
3857	2	100	for (i=0; i
3858	1		t = X509_ATTRIBUTE_get0_type(att, i);
3859	1		s = t->value.asn1_string;
3860	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
3861			}
3862
3863			#endif
3864
3865			int
3866			P_X509_REQ_add_extensions(x,...)
3867			X509_REQ *x
3868			PREINIT:
3869	1		int i=1;
3870			int nid;
3871			char *data;
3872			X509_EXTENSION *ex;
3873			STACK_OF(X509_EXTENSION) *stack;
3874			CODE:
3875	1	50	if (items>1) {
3876	1		RETVAL = 1;
3877	1		stack = sk_X509_EXTENSION_new_null();
3878	7	100	while(i+1
3879	6	50	nid = SvIV(ST(i));
3880	6	50	data = SvPV_nolen(ST(i+1));
3881	6		i+=2;
3882	6		ex = X509V3_EXT_conf_nid(NULL, NULL, nid, data);
3883	6	50	if (ex)
3884	6		sk_X509_EXTENSION_push(stack, ex);
3885			else
3886	0		RETVAL = 0;
3887			}
3888	1		X509_REQ_add_extensions(x, stack);
3889	1		sk_X509_EXTENSION_pop_free(stack, X509_EXTENSION_free);
3890			}
3891			else
3892	0		RETVAL = 0;
3893			OUTPUT:
3894			RETVAL
3895
3896			int
3897			P_X509_add_extensions(x,ca_cert,...)
3898			X509 *x
3899			X509 *ca_cert
3900			PREINIT:
3901	1		int i=2;
3902			int nid;
3903			char *data;
3904			X509_EXTENSION *ex;
3905			X509V3_CTX ctx;
3906			CODE:
3907	1	50	if (items>1) {
3908	1		RETVAL = 1;
3909	7	100	while(i+1
3910	6	50	nid = SvIV(ST(i));
3911	6	50	data = SvPV_nolen(ST(i+1));
3912	6		i+=2;
3913	6		X509V3_set_ctx(&ctx, ca_cert, x, NULL, NULL, 0);
3914	6		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3915	6	50	if (ex) {
3916	6		X509_add_ext(x,ex,-1);
3917	6		X509_EXTENSION_free(ex);
3918			}
3919			else {
3920	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3921	0		ERR_print_errors_fp(stderr);
3922	0		RETVAL = 0;
3923			}
3924			}
3925			}
3926			else
3927	0		RETVAL = 0;
3928			OUTPUT:
3929			RETVAL
3930
3931			int
3932			P_X509_CRL_add_extensions(x,ca_cert,...)
3933			X509_CRL *x
3934			X509 *ca_cert
3935			PREINIT:
3936	1		int i=2;
3937			int nid;
3938			char *data;
3939			X509_EXTENSION *ex;
3940			X509V3_CTX ctx;
3941			CODE:
3942	1	50	if (items>1) {
3943	1		RETVAL = 1;
3944	2	100	while(i+1
3945	1	50	nid = SvIV(ST(i));
3946	1	50	data = SvPV_nolen(ST(i+1));
3947	1		i+=2;
3948	1		X509V3_set_ctx(&ctx, ca_cert, NULL, NULL, x, 0);
3949	1		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3950	1	50	if (ex) {
3951	1		X509_CRL_add_ext(x,ex,-1);
3952	1		X509_EXTENSION_free(ex);
3953			}
3954			else {
3955	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3956	0		ERR_print_errors_fp(stderr);
3957	0		RETVAL = 0;
3958			}
3959			}
3960			}
3961			else
3962	0		RETVAL = 0;
3963			OUTPUT:
3964			RETVAL
3965
3966			void
3967			P_X509_copy_extensions(x509_req,x509,override=1)
3968			X509_REQ *x509_req
3969			X509 *x509
3970			int override
3971			PREINIT:
3972	1		STACK_OF(X509_EXTENSION) *exts = NULL;
3973			X509_EXTENSION ext, tmpext;
3974			ASN1_OBJECT *obj;
3975	1		int i, idx, ret = 1;
3976			PPCODE:
3977	1	50	if (!x509 \|\| !x509_req) XSRETURN_IV(0);
		50
3978	1		exts = X509_REQ_get_extensions(x509_req);
3979	7	100	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
3980	6		ext = sk_X509_EXTENSION_value(exts, i);
3981	6		obj = X509_EXTENSION_get_object(ext);
3982	6		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3983			/* Does extension exist? */
3984	6	50	if (idx != -1) {
3985	0	0	if (override) continue; /* don't override existing extension */
3986			/* Delete all extensions of same type */
3987			do {
3988	0		tmpext = X509_get_ext(x509, idx);
3989	0		X509_delete_ext(x509, idx);
3990	0		X509_EXTENSION_free(tmpext);
3991	0		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3992	0	0	} while (idx != -1);
3993			}
3994	6	50	if (!X509_add_ext(x509, ext, -1)) ret = 0;
3995			}
3996	1		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
3997	1		XSRETURN_IV(ret);
3998
3999			X509 *
4000			X509_STORE_CTX_get_current_cert(x509_store_ctx)
4001			X509_STORE_CTX * x509_store_ctx
4002
4003			#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */
4004
4005			X509 *
4006			X509_STORE_CTX_get0_cert(x509_store_ctx)
4007			X509_STORE_CTX *x509_store_ctx
4008
4009			#endif
4010
4011			STACK_OF(X509) *
4012			X509_STORE_CTX_get1_chain(x509_store_ctx)
4013			X509_STORE_CTX *x509_store_ctx
4014
4015
4016			int
4017			X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
4018			long argl
4019			void * argp
4020			CRYPTO_EX_new * new_func
4021			CRYPTO_EX_dup * dup_func
4022			CRYPTO_EX_free * free_func
4023
4024			void *
4025			X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
4026			X509_STORE_CTX * x509_store_ctx
4027			int idx
4028
4029			void *
4030			X509_STORE_CTX_get_app_data(x509_store_ctx)
4031			X509_STORE_CTX * x509_store_ctx
4032			CODE:
4033	0		RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0);
4034			OUTPUT:
4035			RETVAL
4036
4037			void
4038			X509_get_fingerprint(cert,type)
4039			X509 * cert
4040			char * type
4041			PREINIT:
4042	9		const EVP_MD *digest_tp = NULL;
4043			unsigned char digest[EVP_MAX_MD_SIZE];
4044	9		unsigned int dsz, k = 0;
4045			char text[EVP_MAX_MD_SIZE * 3 + 1];
4046			CODE:
4047			#ifndef OPENSSL_NO_MD5
4048	9	50	if (!k && !strcmp(type,"md5")) {
		100
4049	4		k = 1; digest_tp = EVP_md5();
4050			}
4051			#endif
4052	9	100	if (!k && !strcmp(type,"sha1")) {
		100
4053	4		k = 1; digest_tp = EVP_sha1();
4054			}
4055			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4056			#ifndef OPENSSL_NO_SHA256
4057	9	100	if (!k && !strcmp(type,"sha256")) {
		50
4058	0		k = 1; digest_tp = EVP_sha256();
4059			}
4060			#endif
4061			#endif
4062	9	100	if (!k && !strcmp(type,"ripemd160")) {
		50
4063	0		k = 1; digest_tp = EVP_ripemd160();
4064			}
4065	9	100	if (!k) /* Default digest */
4066	1		digest_tp = EVP_sha1();
4067	9	50	if ( digest_tp == NULL ) {
4068			/* Out of memory */
4069	0		XSRETURN_UNDEF;
4070			}
4071	9	50	if (!X509_digest(cert, digest_tp, digest, &dsz)) {
4072			/* Out of memory */
4073	0		XSRETURN_UNDEF;
4074			}
4075	9		text[0] = '\0';
4076	173	100	for(k=0; k
4077	164		sprintf(&text[strlen(text)], "%02X:", digest[k]);
4078			}
4079	9		text[strlen(text)-1] = '\0';
4080	9		ST(0) = sv_newmortal(); /* Undefined to start with */
4081	9		sv_setpvn( ST(0), text, strlen(text));
4082
4083			void
4084			X509_get_subjectAltNames(cert)
4085			X509 * cert
4086			PPCODE:
4087	5		int i, j, count = 0;
4088	5		X509_EXTENSION *subjAltNameExt = NULL;
4089	5		STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
4090	5		GENERAL_NAME *subjAltNameDN = NULL;
4091			int num_gnames;
4092	5	100	if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
4093	3	50	&& (subjAltNameExt = X509_get_ext(cert, i))
4094	3	50	&& (subjAltNameDNs = X509V3_EXT_d2i(subjAltNameExt)))
4095			{
4096	3		num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
4097
4098	19	100	for (j = 0; j < num_gnames; j++)
4099			{
4100	16		subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
4101
4102	16		switch (subjAltNameDN->type)
4103			{
4104			case GEN_OTHERNAME:
4105	2	50	EXTEND(SP, 2);
4106	2		count++;
4107	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4108			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4109			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4110			#else
4111	2		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4112			#endif
4113	2		break;
4114
4115			case GEN_EMAIL:
4116			case GEN_DNS:
4117			case GEN_URI:
4118	8	50	EXTEND(SP, 2);
4119	8		count++;
4120	8		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4121			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4122			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4123			#else
4124	8		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4125			#endif
4126	8		break;
4127
4128			case GEN_DIRNAME:
4129			{
4130	0		char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
4131	0	0	EXTEND(SP, 2);
4132	0		count++;
4133	0		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4134	0		PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
4135			}
4136	0		break;
4137
4138			case GEN_RID:
4139			{
4140			char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */
4141	2		int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1);
4142	2	50	if (len < 0 \|\| len > (int)((sizeof(buf) - 1)))
		50
4143			break; /* Skip bad or overly long RID */
4144	2	50	EXTEND(SP, 2);
4145	2		count++;
4146	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4147	2		PUSHs(sv_2mortal(newSVpv(buf, 0)));
4148			}
4149	2		break;
4150
4151			case GEN_IPADD:
4152	4	50	EXTEND(SP, 2);
4153	4		count++;
4154	4		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4155	4		PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
4156	4		break;
4157
4158			}
4159			}
4160	3		sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free);
4161			}
4162	5		XSRETURN(count * 2);
4163
4164			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4165
4166			void
4167			P_X509_get_crl_distribution_points(cert)
4168			X509 * cert
4169			INIT:
4170			GENERAL_NAMES *gnames;
4171			GENERAL_NAME *gn;
4172			STACK_OF(DIST_POINT) *points;
4173			DIST_POINT *p;
4174			int i, j;
4175			PPCODE:
4176	4		points = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
4177	6	100	for (i = 0; i < sk_DIST_POINT_num(points); i++) {
4178	2		p = sk_DIST_POINT_value(points, i);
4179	2	50	if (!p->distpoint)
4180	0		continue;
4181	2	50	if (p->distpoint->type == 0) {
4182			/* full name */
4183	2		gnames = p->distpoint->name.fullname;
4184	4	100	for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) {
4185	2		gn = sk_GENERAL_NAME_value(gnames, j);
4186
4187	2	50	if (gn->type == GEN_URI) {
4188			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4189			XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_get0_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4190			#else
4191	2	50	XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4192			#endif
4193			}
4194			}
4195			}
4196			else {
4197			/* relative name - not supported */
4198			/* XXX-TODO: the code below is just an idea; do not enable it without proper test case
4199			BIO *bp;
4200			char *buf;
4201			int n;
4202			X509_NAME ntmp;
4203			ntmp.entries = p->distpoint->name.relativename;
4204			bp = BIO_new(BIO_s_mem());
4205			if (bp) {
4206			X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253);
4207			n = BIO_ctrl_pending(bp);
4208			New(0, buf, n, char);
4209			if (buf) {
4210			j = BIO_read(bp,buf,n);
4211			if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j)));
4212			Safefree(buf);
4213			}
4214			BIO_free(bp);
4215			}
4216			*/
4217			}
4218			}
4219	4		sk_DIST_POINT_pop_free(points, DIST_POINT_free);
4220
4221			void
4222			P_X509_get_ocsp_uri(cert)
4223			X509 * cert
4224			PPCODE:
4225			AUTHORITY_INFO_ACCESS *info;
4226			int i;
4227	0		info = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
4228	0	0	if (!info) XSRETURN_UNDEF;
4229
4230	0	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
4231	0		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
4232	0	0	if (OBJ_obj2nid(ad->method) == NID_ad_OCSP
4233	0	0	&& ad->location->type == GEN_URI) {
4234			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4235			XPUSHs(sv_2mortal(newSVpv(
4236			(char*)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier),
4237			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4238			)));
4239			#else
4240	0	0	XPUSHs(sv_2mortal(newSVpv(
4241			(char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier),
4242			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4243			)));
4244			#endif
4245	0	0	if (GIMME == G_SCALAR) break; /* get only first */
		0
4246			}
4247			}
4248	0		AUTHORITY_INFO_ACCESS_free(info);
4249
4250
4251			void
4252			P_X509_get_ext_key_usage(cert,format=0)
4253			X509 * cert
4254			int format
4255			PREINIT:
4256			EXTENDED_KEY_USAGE *extusage;
4257			int i, nid;
4258			char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
4259			ASN1_OBJECT *o;
4260			PPCODE:
4261	16		extusage = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
4262	92	100	for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
4263	76		o = sk_ASN1_OBJECT_value(extusage,i);
4264	76		nid = OBJ_obj2nid(o);
4265	76		OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1);
4266	76	100	if(format==0)
4267	19	50	XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */
4268	57	100	else if(format==1 && nid>0)
		100
4269	16	50	XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */
4270	41	100	else if(format==2 && nid>0)
		100
4271	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */
4272	25	100	else if(format==3 && nid>0)
		100
4273	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */
4274			}
4275	16		EXTENDED_KEY_USAGE_free(extusage);
4276
4277			#endif
4278
4279			void
4280			P_X509_get_key_usage(cert)
4281			X509 * cert
4282			INIT:
4283			ASN1_BIT_STRING * u;
4284			PPCODE:
4285	4		u = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
4286	4	50	if (u) {
4287	4	50	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0)));
		50
4288	4	100	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0)));
		50
4289	4	50	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0)));
		50
4290	4	100	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0)));
		50
4291	4	100	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0)));
		50
4292	4	100	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0)));
		50
4293	4	100	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0)));
		50
4294	4	50	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0)));
		0
4295	4	100	if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0)));
		50
4296	4		ASN1_BIT_STRING_free(u);
4297			}
4298
4299			void
4300			P_X509_get_netscape_cert_type(cert)
4301			X509 * cert
4302			INIT:
4303			ASN1_BIT_STRING * u;
4304			PPCODE:
4305	4		u = X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL);
4306	4	50	if (u) {
4307	0	0	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0)));
		0
4308	0	0	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0)));
		0
4309	0	0	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0)));
		0
4310	0	0	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0)));
		0
4311	0	0	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0)));
		0
4312	0	0	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0)));
		0
4313	0	0	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0)));
		0
4314	0	0	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0)));
		0
4315	0		ASN1_BIT_STRING_free(u);
4316			}
4317
4318			int
4319			X509_get_ext_by_NID(x,nid,loc=-1)
4320			X509* x
4321			int nid
4322			int loc
4323
4324			X509_EXTENSION *
4325			X509_get_ext(x,loc)
4326			X509* x
4327			int loc
4328
4329			int
4330			X509_EXTENSION_get_critical(X509_EXTENSION *ex)
4331
4332			ASN1_OCTET_STRING *
4333			X509_EXTENSION_get_data(X509_EXTENSION *ne)
4334
4335			ASN1_OBJECT *
4336			X509_EXTENSION_get_object(X509_EXTENSION *ex)
4337
4338			int
4339			X509_get_ext_count(X509 *x)
4340
4341			int
4342			X509_CRL_get_ext_count(X509_CRL *x)
4343
4344			int
4345			X509_CRL_get_ext_by_NID(x,ni,loc=-1)
4346			X509_CRL* x
4347			int ni
4348			int loc
4349
4350			X509_EXTENSION *
4351			X509_CRL_get_ext(x,loc)
4352			X509_CRL* x
4353			int loc
4354
4355			void
4356			X509V3_EXT_print(ext,flags=0,utf8_decode=0)
4357			X509_EXTENSION * ext
4358			unsigned long flags
4359			int utf8_decode
4360			PREINIT:
4361			BIO * bp;
4362			char * buf;
4363			int i, n;
4364	21		int indent=0;
4365			CODE:
4366	21		ST(0) = sv_newmortal(); /* undef to start with */
4367	21		bp = BIO_new(BIO_s_mem());
4368	21	50	if (bp) {
4369	21	50	if(X509V3_EXT_print(bp,ext,flags,indent)) {
4370	21		n = BIO_ctrl_pending(bp);
4371	21		New(0, buf, n, char);
4372	21	50	if (buf) {
4373	21		i = BIO_read(bp,buf,n);
4374	21	50	if (i>=0 && i<=n) {
		50
4375	21		sv_setpvn(ST(0), buf, i);
4376	21	50	if (utf8_decode) sv_utf8_decode(ST(0));
4377			}
4378	21		Safefree(buf);
4379			}
4380			}
4381	21		BIO_free(bp);
4382			}
4383
4384			void *
4385			X509V3_EXT_d2i(ext)
4386			X509_EXTENSION *ext
4387
4388			X509_STORE_CTX *
4389			X509_STORE_CTX_new()
4390
4391			int
4392			X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
4393			X509_STORE_CTX * ctx
4394			X509_STORE * store
4395			X509 * x509
4396			STACK_OF(X509) * chain
4397
4398			void
4399			X509_STORE_CTX_free(ctx)
4400			X509_STORE_CTX * ctx
4401
4402			int
4403			X509_verify_cert(x509_store_ctx)
4404			X509_STORE_CTX * x509_store_ctx
4405
4406			int
4407			X509_STORE_CTX_get_error(x509_store_ctx)
4408			X509_STORE_CTX * x509_store_ctx
4409
4410			int
4411			X509_STORE_CTX_get_error_depth(x509_store_ctx)
4412			X509_STORE_CTX * x509_store_ctx
4413
4414			int
4415			X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
4416			X509_STORE_CTX * x509_store_ctx
4417			int idx
4418			void * data
4419
4420			int
4421			X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
4422			X509_STORE_CTX * x509_store_ctx
4423			char * arg
4424			CODE:
4425	0		RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg);
4426			OUTPUT:
4427			RETVAL
4428
4429			void
4430			X509_STORE_CTX_set_error(x509_store_ctx,s)
4431			X509_STORE_CTX * x509_store_ctx
4432			int s
4433
4434			void
4435			X509_STORE_CTX_set_cert(x509_store_ctx,x)
4436			X509_STORE_CTX * x509_store_ctx
4437			X509 * x
4438
4439			X509_STORE *
4440			X509_STORE_new()
4441
4442			void
4443			X509_STORE_free(store)
4444			X509_STORE * store
4445
4446			X509_LOOKUP *
4447			X509_STORE_add_lookup(store, method)
4448			X509_STORE * store
4449			X509_LOOKUP_METHOD * method
4450
4451			int
4452			X509_STORE_add_cert(ctx, x)
4453			X509_STORE *ctx
4454			X509 *x
4455
4456			int
4457			X509_STORE_add_crl(ctx, x)
4458			X509_STORE *ctx
4459			X509_CRL *x
4460
4461			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4462
4463			void
4464			X509_STORE_set_flags(ctx, flags)
4465			X509_STORE *ctx
4466			long flags
4467
4468			void
4469			X509_STORE_set_purpose(ctx, purpose)
4470			X509_STORE *ctx
4471			int purpose
4472
4473			void
4474			X509_STORE_set_trust(ctx, trust)
4475			X509_STORE *ctx
4476			int trust
4477
4478			int
4479			X509_STORE_set1_param(ctx, pm)
4480			X509_STORE *ctx
4481			X509_VERIFY_PARAM *pm
4482
4483			#endif
4484
4485			X509_LOOKUP_METHOD *
4486			X509_LOOKUP_hash_dir()
4487
4488			void
4489			X509_LOOKUP_add_dir(lookup, dir, type)
4490			X509_LOOKUP * lookup
4491			char * dir
4492			int type
4493
4494			int
4495			X509_load_cert_file(ctx, file, type)
4496			X509_LOOKUP *ctx
4497			char *file
4498			int type
4499
4500			int
4501			X509_load_crl_file(ctx, file, type)
4502			X509_LOOKUP *ctx
4503			char *file
4504			int type
4505
4506			int
4507			X509_load_cert_crl_file(ctx, file, type)
4508			X509_LOOKUP *ctx
4509			char *file
4510			int type
4511
4512			const char *
4513			X509_verify_cert_error_string(n)
4514			long n
4515
4516			ASN1_INTEGER *
4517			ASN1_INTEGER_new()
4518
4519			void
4520			ASN1_INTEGER_free(ASN1_INTEGER *i)
4521
4522			int
4523			ASN1_INTEGER_set(ASN1_INTEGER *i, long val)
4524
4525			long
4526			ASN1_INTEGER_get(ASN1_INTEGER *a)
4527
4528			void
4529			P_ASN1_INTEGER_set_hex(i,str)
4530			ASN1_INTEGER * i
4531			char * str
4532			INIT:
4533			BIGNUM *bn;
4534	3		int rv = 1;
4535			PPCODE:
4536	3		bn = BN_new();
4537	3	50	if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0);
4538	3	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4539	3		BN_free(bn);
4540	3		XSRETURN_IV(rv);
4541
4542			void
4543			P_ASN1_INTEGER_set_dec(i,str)
4544			ASN1_INTEGER * i
4545			char * str
4546			INIT:
4547			BIGNUM *bn;
4548	1		int rv = 1;
4549			PPCODE:
4550	1		bn = BN_new();
4551	1	50	if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0);
4552	1	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4553	1		BN_free(bn);
4554	1		XSRETURN_IV(rv);
4555
4556			void
4557			P_ASN1_INTEGER_get_hex(i)
4558			ASN1_INTEGER * i
4559			INIT:
4560			BIGNUM *bn;
4561			char *result;
4562			PPCODE:
4563	6		bn = BN_new();
4564	6	50	if (!bn) XSRETURN_UNDEF;
4565	6		ASN1_INTEGER_to_BN(i, bn);
4566	6		result = BN_bn2hex(bn);
4567	6		BN_free(bn);
4568	6	50	if (!result) XSRETURN_UNDEF;
4569	6	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4570	6		OPENSSL_free(result);
4571
4572			void
4573			P_ASN1_INTEGER_get_dec(i)
4574			ASN1_INTEGER * i
4575			INIT:
4576			BIGNUM *bn;
4577			char *result;
4578			PPCODE:
4579	5		bn = BN_new();
4580	5	50	if (!bn) XSRETURN_UNDEF;
4581	5		ASN1_INTEGER_to_BN(i, bn);
4582	5		result = BN_bn2dec(bn);
4583	5		BN_free(bn);
4584	5	50	if (!result) XSRETURN_UNDEF;
4585	5	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4586	5		OPENSSL_free(result);
4587
4588			void
4589			P_ASN1_STRING_get(s,utf8_decode=0)
4590			ASN1_STRING * s
4591			int utf8_decode
4592			PREINIT:
4593			SV * u8;
4594			PPCODE:
4595			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4596			u8 = newSVpv((const char*)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
4597			#else
4598	87		u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s));
4599			#endif
4600	87	100	if (utf8_decode) sv_utf8_decode(u8);
4601	87	50	XPUSHs(sv_2mortal(u8));
4602
4603			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4604
4605			const ASN1_TIME *
4606			X509_get0_notBefore(const X509 *cert)
4607
4608			const ASN1_TIME *
4609			X509_get0_notAfter(const X509 *cert)
4610
4611			ASN1_TIME *
4612			X509_getm_notBefore(const X509 *cert)
4613			ALIAS:
4614			X509_get_notBefore = 1
4615
4616			ASN1_TIME *
4617			X509_getm_notAfter(const X509 *cert)
4618			ALIAS:
4619			X509_get_notAfter = 1
4620
4621			#else /* plain get_ is deprecated */
4622
4623			ASN1_TIME *
4624			X509_get_notBefore(X509 *cert)
4625			ALIAS:
4626			X509_get0_notBefore = 1
4627			X509_getm_notBefore = 2
4628
4629			ASN1_TIME *
4630			X509_get_notAfter(X509 *cert)
4631			ALIAS:
4632			X509_get0_notAfter = 1
4633			X509_getm_notAfter = 2
4634
4635			#endif
4636
4637			ASN1_TIME *
4638			X509_gmtime_adj(s, adj)
4639			ASN1_TIME * s
4640			long adj
4641
4642			ASN1_TIME *
4643			ASN1_TIME_set(s,t)
4644			ASN1_TIME *s
4645			time_t t
4646
4647			void
4648			ASN1_TIME_free(s)
4649			ASN1_TIME *s
4650
4651			time_t
4652			ASN1_TIME_timet(s)
4653			ASN1_TIME *s
4654			CODE:
4655	0		RETVAL = ASN1_TIME_timet(s,NULL);
4656			OUTPUT:
4657			RETVAL
4658
4659			ASN1_TIME *
4660			ASN1_TIME_new()
4661
4662			void
4663			P_ASN1_TIME_put2string(tm)
4664			ASN1_TIME * tm
4665			PREINIT:
4666	4		BIO *bp=NULL;
4667	4		int i=0;
4668			char buffer[256];
4669			ALIAS:
4670			P_ASN1_UTCTIME_put2string = 1
4671			CODE:
4672	4		ST(0) = sv_newmortal(); /* undef retval to start with */
4673	4	50	if (tm) {
4674	4		bp = BIO_new(BIO_s_mem());
4675	4	50	if (bp) {
4676	4		ASN1_TIME_print(bp,tm);
4677	4		i = BIO_read(bp,buffer,255);
4678	4		buffer[i] = '\0';
4679	4	50	if (i>0)
4680	4		sv_setpvn(ST(0), buffer, i);
4681	4		BIO_free(bp);
4682			}
4683			}
4684
4685			#if OPENSSL_VERSION_NUMBER >= 0x0090705f
4686			#define REM15 "NOTE: requires 0.9.7e+"
4687
4688			void
4689			P_ASN1_TIME_get_isotime(tm)
4690			ASN1_TIME *tm
4691			PREINIT:
4692	34		ASN1_GENERALIZEDTIME *tmp = NULL;
4693			char buf[256];
4694			CODE:
4695	34		buf[0] = '\0';
4696			/* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */
4697	34		ASN1_TIME_to_generalizedtime(tm,&tmp);
4698	34	50	if (tmp) {
4699	34	50	if (ASN1_GENERALIZEDTIME_check(tmp)) {
4700	34	50	if (strlen((char)tmp->data)>=14 && strlen((char)tmp->data)<200) {
		50
4701	34		strcpy (buf,"yyyy-mm-ddThh:mm:ss");
4702	34		strncpy(buf, (char*)tmp->data, 4);
4703	34		strncpy(buf+5, (char*)tmp->data+4, 2);
4704	34		strncpy(buf+8, (char*)tmp->data+6, 2);
4705	34		strncpy(buf+11,(char*)tmp->data+8, 2);
4706	34		strncpy(buf+14,(char*)tmp->data+10,2);
4707	34		strncpy(buf+17,(char*)tmp->data+12,2);
4708	34	50	if (strlen((char)tmp->data)>14) strcat(buf+19,(char)tmp->data+14);
4709			}
4710			}
4711	34		ASN1_GENERALIZEDTIME_free(tmp);
4712			}
4713	34		ST(0) = sv_newmortal();
4714	34		sv_setpv(ST(0), buf);
4715
4716			void
4717			P_ASN1_TIME_set_isotime(tm,str)
4718			ASN1_TIME *tm
4719			const char *str
4720			PREINIT:
4721			ASN1_TIME t;
4722			char buf[256];
4723			int i,rv;
4724			CODE:
4725	13	50	if (!tm) XSRETURN_UNDEF;
4726			/* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */
4727	13	50	if (strlen(str) < 19) XSRETURN_UNDEF;
4728	65	50	for (i=0; i<4; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4729	39	50	for (i=5; i<7; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4730	39	50	for (i=8; i<10; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4731	39	50	for (i=11; i<13; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4732	39	50	for (i=14; i<16; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4733	39	50	for (i=17; i<19; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4734	13		strncpy(buf, str, 4);
4735	13		strncpy(buf+4, str+5, 2);
4736	13		strncpy(buf+6, str+8, 2);
4737	13		strncpy(buf+8, str+11, 2);
4738	13		strncpy(buf+10, str+14, 2);
4739	13		strncpy(buf+12, str+17, 2);
4740	13		buf[14] = '\0';
4741	13	50	if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19);
		50
4742
4743			/* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/
4744			/* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */
4745	13		t.length = strlen(buf);
4746	13		t.data = (unsigned char *)buf;
4747	13		t.flags = 0;
4748	13		t.type = V_ASN1_UTCTIME;
4749	13	50	if (!ASN1_TIME_check(&t)) {
4750	13		t.type = V_ASN1_GENERALIZEDTIME;
4751	13	50	if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF;
4752			}
4753	13		tm->type = t.type;
4754	13		tm->flags = t.flags;
4755	13	50	if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF;
4756	13		rv = 1;
4757
4758			/* end of ASN1_TIME_set_string() reimplementation */
4759
4760	13		ST(0) = sv_newmortal();
4761	13		sv_setiv(ST(0), rv); /* 1 = success, undef = failure */
4762
4763			#endif
4764
4765			int
4766			EVP_PKEY_copy_parameters(to,from)
4767			EVP_PKEY * to
4768			EVP_PKEY * from
4769
4770			EVP_PKEY *
4771			EVP_PKEY_new()
4772
4773			void
4774			EVP_PKEY_free(EVP_PKEY *pkey)
4775
4776			int
4777			EVP_PKEY_assign_RSA(EVP_PKEY pkey, RSA key)
4778
4779			int
4780			EVP_PKEY_bits(EVP_PKEY *pkey)
4781
4782			#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
4783
4784			int
4785			EVP_PKEY_security_bits(EVP_PKEY *pkey)
4786
4787			#endif
4788
4789			int
4790			EVP_PKEY_size(EVP_PKEY *pkey)
4791
4792			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
4793
4794			int
4795			EVP_PKEY_id(const EVP_PKEY *pkey)
4796
4797			#endif
4798
4799			void
4800			PEM_get_string_X509(x509)
4801			X509 * x509
4802			PREINIT:
4803			BIO *bp;
4804			int i, n;
4805			char *buf;
4806			CODE:
4807	3		ST(0) = sv_newmortal(); /* undef to start with */
4808	3		bp = BIO_new(BIO_s_mem());
4809	3	50	if (bp && x509) {
		50
4810	3		PEM_write_bio_X509(bp,x509);
4811	3		n = BIO_ctrl_pending(bp);
4812	3		New(0, buf, n, char);
4813	3	50	if (buf) {
4814	3		i = BIO_read(bp,buf,n);
4815	3	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4816	3		Safefree(buf);
4817			}
4818	3		BIO_free(bp);
4819			}
4820
4821			void
4822			PEM_get_string_X509_REQ(x509_req)
4823			X509_REQ * x509_req
4824			PREINIT:
4825			BIO *bp;
4826			int i, n;
4827			char *buf;
4828			CODE:
4829	1		ST(0) = sv_newmortal(); /* undef to start with */
4830	1		bp = BIO_new(BIO_s_mem());
4831	1	50	if (bp && x509_req) {
		50
4832	1		PEM_write_bio_X509_REQ(bp,x509_req);
4833	1		n = BIO_ctrl_pending(bp);
4834	1		New(0, buf, n, char);
4835	1	50	if (buf) {
4836	1		i = BIO_read(bp,buf,n);
4837	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4838	1		Safefree(buf);
4839			}
4840	1		BIO_free(bp);
4841			}
4842
4843			void
4844			PEM_get_string_X509_CRL(x509_crl)
4845			X509_CRL * x509_crl
4846			PREINIT:
4847			BIO *bp;
4848			int i, n;
4849			char *buf;
4850			CODE:
4851	1		ST(0) = sv_newmortal(); /* undef to start with */
4852	1		bp = BIO_new(BIO_s_mem());
4853	1	50	if (bp && x509_crl) {
		50
4854	1		PEM_write_bio_X509_CRL(bp,x509_crl);
4855	1		n = BIO_ctrl_pending(bp);
4856	1		New(0, buf, n, char);
4857	1	50	if (buf) {
4858	1		i = BIO_read(bp,buf,n);
4859	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4860	1		Safefree(buf);
4861			}
4862	1		BIO_free(bp);
4863			}
4864
4865			void
4866			PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
4867			EVP_PKEY * pk
4868			char * passwd
4869			const EVP_CIPHER * enc_alg
4870			PREINIT:
4871			BIO *bp;
4872			int i, n;
4873			char *buf;
4874	6		size_t passwd_len = 0;
4875	6		pem_password_cb * cb = NULL;
4876	6		void * u = NULL;
4877			CODE:
4878	6		ST(0) = sv_newmortal(); /* undef to start with */
4879	6		bp = BIO_new(BIO_s_mem());
4880	6	50	if (bp && pk) {
		50
4881	6	100	if (passwd) passwd_len = strlen(passwd);
4882	6	100	if (passwd_len>0) {
4883			/* encrypted key */
4884	2	100	if (!enc_alg)
4885	1		PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
4886			else
4887	2		PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
4888			}
4889			else {
4890			/* unencrypted key */
4891	4		PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u);
4892			}
4893	6		n = BIO_ctrl_pending(bp);
4894	6		New(0, buf, n, char);
4895	6	50	if (buf) {
4896	6		i = BIO_read(bp,buf,n);
4897	6	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4898	6		Safefree(buf);
4899			}
4900	6		BIO_free(bp);
4901			}
4902
4903			int
4904			CTX_use_PKCS12_file(ctx, file, password=NULL)
4905			SSL_CTX *ctx
4906			char *file
4907			char *password
4908			PREINIT:
4909			PKCS12 *p12;
4910			EVP_PKEY *private_key;
4911			X509 *certificate;
4912			BIO *bio;
4913			CODE:
4914	0		RETVAL = 0;
4915	0		bio = BIO_new_file(file, "rb");
4916	0	0	if (bio) {
4917			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4918	0		OPENSSL_add_all_algorithms_noconf();
4919			#else
4920			OpenSSL_add_all_algorithms();
4921			#endif
4922	0	0	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
4923	0	0	if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) {
4924	0	0	if (private_key) {
4925	0	0	if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1;
4926	0		EVP_PKEY_free(private_key);
4927			}
4928	0	0	if (certificate) {
4929	0	0	if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1;
4930	0		X509_free(certificate);
4931			}
4932			}
4933	0		PKCS12_free(p12);
4934			}
4935	0	0	if (!RETVAL) ERR_print_errors_fp(stderr);
4936	0		BIO_free(bio);
4937			}
4938			OUTPUT:
4939			RETVAL
4940
4941			void
4942			P_PKCS12_load_file(file, load_chain=0, password=NULL)
4943			char *file
4944			int load_chain
4945			char *password
4946			PREINIT:
4947			PKCS12 *p12;
4948	4		EVP_PKEY *private_key = NULL;
4949	4		X509 *certificate = NULL;
4950	4		STACK_OF(X509) *cachain = NULL;
4951			X509 *x;
4952			BIO *bio;
4953			int i, result;
4954			PPCODE:
4955	4		bio = BIO_new_file(file, "rb");
4956	4	50	if (bio) {
4957			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4958	4		OPENSSL_add_all_algorithms_noconf();
4959			#else
4960			OpenSSL_add_all_algorithms();
4961			#endif
4962	4	50	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
4963	4	100	if(load_chain)
4964	3		result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain);
4965			else
4966	1		result= PKCS12_parse(p12, password, &private_key, &certificate, NULL);
4967	4	50	if (result) {
4968	4	50	if (private_key)
4969	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key))));
4970			else
4971	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4972	4	50	if (certificate)
4973	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate))));
4974			else
4975	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4976	4	100	if (cachain) {
4977	3	100	for (i=0; i
4978	2		x = sk_X509_value(cachain, i);
4979	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
4980			}
4981	1		sk_X509_free(cachain);
4982			}
4983			}
4984	4		PKCS12_free(p12);
4985			}
4986	4		BIO_free(bio);
4987			}
4988
4989			#ifndef OPENSSL_NO_MD2
4990
4991			void
4992			MD2(data)
4993			PREINIT:
4994			STRLEN len;
4995			unsigned char md[MD2_DIGEST_LENGTH];
4996			unsigned char * ret;
4997			INPUT:
4998			unsigned char* data = (unsigned char *) SvPV( ST(0), len);
4999			CODE:
5000			ret = MD2(data,len,md);
5001			if (ret!=NULL) {
5002			XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
5003			} else {
5004			XSRETURN_UNDEF;
5005			}
5006
5007			#endif
5008
5009			#ifndef OPENSSL_NO_MD4
5010
5011			void
5012			MD4(data)
5013			PREINIT:
5014			STRLEN len;
5015			unsigned char md[MD4_DIGEST_LENGTH];
5016			INPUT:
5017			unsigned char* data = (unsigned char *) SvPV( ST(0), len );
5018			CODE:
5019	9	50	if (MD4(data,len,md)) {
5020	9		XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
5021			} else {
5022	9		XSRETURN_UNDEF;
5023			}
5024
5025			#endif
5026
5027			#ifndef OPENSSL_NO_MD5
5028
5029			void
5030			MD5(data)
5031			PREINIT:
5032			STRLEN len;
5033			unsigned char md[MD5_DIGEST_LENGTH];
5034			INPUT:
5035			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5036			CODE:
5037	9	50	if (MD5(data,len,md)) {
5038	9		XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
5039			} else {
5040	9		XSRETURN_UNDEF;
5041			}
5042
5043			#endif
5044
5045			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
5046
5047			void
5048			RIPEMD160(data)
5049			PREINIT:
5050			STRLEN len;
5051			unsigned char md[RIPEMD160_DIGEST_LENGTH];
5052			INPUT:
5053			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5054			CODE:
5055	9	50	if (RIPEMD160(data,len,md)) {
5056	9		XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH);
5057			} else {
5058	9		XSRETURN_UNDEF;
5059			}
5060
5061			#endif
5062
5063			#if !defined(OPENSSL_NO_SHA)
5064
5065			void
5066			SHA1(data)
5067			PREINIT:
5068			STRLEN len;
5069			unsigned char md[SHA_DIGEST_LENGTH];
5070			INPUT:
5071			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5072			CODE:
5073	8	50	if (SHA1(data,len,md)) {
5074	8		XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH);
5075			} else {
5076	8		XSRETURN_UNDEF;
5077			}
5078
5079			#endif
5080			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5081
5082			void
5083			SHA256(data)
5084			PREINIT:
5085			STRLEN len;
5086			unsigned char md[SHA256_DIGEST_LENGTH];
5087			INPUT:
5088			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5089			CODE:
5090	8	50	if (SHA256(data,len,md)) {
5091	8		XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH);
5092			} else {
5093	8		XSRETURN_UNDEF;
5094			}
5095
5096			#endif
5097			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5098
5099			void
5100			SHA512(data)
5101			PREINIT:
5102			STRLEN len;
5103			unsigned char md[SHA512_DIGEST_LENGTH];
5104			INPUT:
5105			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5106			CODE:
5107	8	50	if (SHA512(data,len,md)) {
5108	8		XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH);
5109			} else {
5110	8		XSRETURN_UNDEF;
5111			}
5112
5113			#endif
5114
5115			#ifndef OPENSSL_NO_SSL2
5116			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5117
5118			const SSL_METHOD *
5119			SSLv2_method()
5120
5121			#endif
5122			#endif
5123
5124			#ifndef OPENSSL_NO_SSL3
5125
5126			const SSL_METHOD *
5127			SSLv3_method()
5128
5129			#endif
5130
5131			const SSL_METHOD *
5132			SSLv23_method()
5133
5134			const SSL_METHOD *
5135			SSLv23_server_method()
5136
5137			const SSL_METHOD *
5138			SSLv23_client_method()
5139
5140			#if !defined(OPENSSL_NO_TLS1_METHOD)
5141
5142			const SSL_METHOD *
5143			TLSv1_method()
5144
5145			const SSL_METHOD *
5146			TLSv1_server_method()
5147
5148			const SSL_METHOD *
5149			TLSv1_client_method()
5150
5151			#endif
5152
5153			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
5154
5155			const SSL_METHOD *
5156			TLSv1_1_method()
5157
5158			const SSL_METHOD *
5159			TLSv1_1_server_method()
5160
5161			const SSL_METHOD *
5162			TLSv1_1_client_method()
5163
5164			#endif
5165
5166			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
5167
5168			const SSL_METHOD *
5169			TLSv1_2_method()
5170
5171			const SSL_METHOD *
5172			TLSv1_2_server_method()
5173
5174			const SSL_METHOD *
5175			TLSv1_2_client_method()
5176
5177			#endif
5178
5179
5180			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
5181
5182			const SSL_METHOD *
5183			TLS_method()
5184
5185			const SSL_METHOD *
5186			TLS_server_method()
5187
5188			const SSL_METHOD *
5189			TLS_client_method()
5190
5191			#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */
5192
5193
5194			#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2060000fL)
5195
5196			int
5197			SSL_CTX_set_min_proto_version(ctx, version)
5198			SSL_CTX * ctx
5199			int version
5200
5201			int
5202			SSL_CTX_set_max_proto_version(ctx, version)
5203			SSL_CTX * ctx
5204			int version
5205
5206			int
5207			SSL_set_min_proto_version(ssl, version)
5208			SSL * ssl
5209			int version
5210
5211			int
5212			SSL_set_max_proto_version(ssl, version)
5213			SSL * ssl
5214			int version
5215
5216			#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
5217
5218
5219			#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
5220
5221			int
5222			SSL_CTX_get_min_proto_version(ctx)
5223			SSL_CTX * ctx
5224
5225			int
5226			SSL_CTX_get_max_proto_version(ctx)
5227			SSL_CTX * ctx
5228
5229			int
5230			SSL_get_min_proto_version(ssl)
5231			SSL * ssl
5232
5233			int
5234			SSL_get_max_proto_version(ssl)
5235			SSL * ssl
5236
5237			#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
5238
5239
5240			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5241
5242			int
5243			SSL_set_ssl_method(ssl, method)
5244			SSL * ssl
5245			SSL_METHOD * method
5246
5247			#else
5248
5249			int
5250			SSL_set_ssl_method(ssl, method)
5251			SSL * ssl
5252			const SSL_METHOD * method
5253
5254			#endif
5255
5256			const SSL_METHOD *
5257			SSL_get_ssl_method(ssl)
5258			SSL * ssl
5259
5260			#define REM_AUTOMATICALLY_GENERATED_1_09
5261
5262			BIO *
5263			BIO_new_buffer_ssl_connect(ctx)
5264			SSL_CTX * ctx
5265
5266			BIO *
5267			BIO_new_file(filename,mode)
5268			char * filename
5269			char * mode
5270
5271			BIO *
5272			BIO_new_ssl(ctx,client)
5273			SSL_CTX * ctx
5274			int client
5275
5276			BIO *
5277			BIO_new_ssl_connect(ctx)
5278			SSL_CTX * ctx
5279
5280			BIO *
5281			BIO_new(type)
5282			BIO_METHOD * type;
5283
5284			int
5285			BIO_free(bio)
5286			BIO * bio;
5287
5288			void
5289			BIO_read(s,max=32768)
5290			BIO * s
5291			int max
5292			PREINIT:
5293	138		char *buf = NULL;
5294			int got;
5295			CODE:
5296	138		New(0, buf, max, char);
5297	138		ST(0) = sv_newmortal(); /* Undefined to start with */
5298	138	100	if ((got = BIO_read(s, buf, max)) >= 0)
5299	55		sv_setpvn( ST(0), buf, got);
5300	138		Safefree(buf);
5301
5302			int
5303			BIO_write(s,buf)
5304			BIO * s
5305			PREINIT:
5306			STRLEN len;
5307			INPUT:
5308			char * buf = SvPV( ST(1), len);
5309			CODE:
5310	55		RETVAL = BIO_write (s, buf, (int)len);
5311			OUTPUT:
5312			RETVAL
5313
5314			int
5315			BIO_eof(s)
5316			BIO * s
5317
5318			int
5319			BIO_pending(s)
5320			BIO * s
5321
5322			int
5323			BIO_wpending(s)
5324			BIO * s
5325
5326			int
5327			BIO_ssl_copy_session_id(to,from)
5328			BIO * to
5329			BIO * from
5330
5331			void
5332			BIO_ssl_shutdown(ssl_bio)
5333			BIO * ssl_bio
5334
5335			int
5336			SSL_add_client_CA(ssl,x)
5337			SSL * ssl
5338			X509 * x
5339
5340			const char *
5341			SSL_alert_desc_string(value)
5342			int value
5343
5344			const char *
5345			SSL_alert_desc_string_long(value)
5346			int value
5347
5348			const char *
5349			SSL_alert_type_string(value)
5350			int value
5351
5352			const char *
5353			SSL_alert_type_string_long(value)
5354			int value
5355
5356			long
5357			SSL_callback_ctrl(ssl,i,fp)
5358			SSL * ssl
5359			int i
5360			callback_no_ret * fp
5361
5362			int
5363			SSL_check_private_key(ctx)
5364			SSL * ctx
5365
5366			# /* buf and size were required with Net::SSLeay 1.88 and earlier. */
5367			# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */
5368			void
5369			SSL_CIPHER_description(const SSL_CIPHER cipher, char unused_buf=NULL, int unused_size=0)
5370			PREINIT:
5371			char *description;
5372			char buf[512];
5373			PPCODE:
5374	194		description = SSL_CIPHER_description(cipher, buf, sizeof(buf));
5375	194	50	if(description == NULL) {
5376	0		XSRETURN_EMPTY;
5377			}
5378	194	50	XPUSHs(sv_2mortal(newSVpv(description, 0)));
5379
5380			const char *
5381			SSL_CIPHER_get_name(const SSL_CIPHER *c)
5382
5383			int
5384			SSL_CIPHER_get_bits(c, ...)
5385			const SSL_CIPHER * c
5386			CODE:
5387			int alg_bits;
5388	390		RETVAL = SSL_CIPHER_get_bits(c, &alg_bits);
5389	390	50	if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters");
5390	390	100	if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits)));
5391			OUTPUT:
5392			RETVAL
5393
5394			const char *
5395			SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
5396
5397			#ifndef OPENSSL_NO_COMP
5398
5399			int
5400			SSL_COMP_add_compression_method(id,cm)
5401			int id
5402			COMP_METHOD * cm
5403
5404			#endif
5405
5406			int
5407			SSL_CTX_add_client_CA(ctx,x)
5408			SSL_CTX * ctx
5409			X509 * x
5410
5411			long
5412			SSL_CTX_callback_ctrl(ctx,i,fp)
5413			SSL_CTX * ctx
5414			int i
5415			callback_no_ret * fp
5416
5417			int
5418			SSL_CTX_check_private_key(ctx)
5419			SSL_CTX * ctx
5420
5421			void *
5422			SSL_CTX_get_ex_data(ssl,idx)
5423			SSL_CTX * ssl
5424			int idx
5425
5426			int
5427			SSL_CTX_get_quiet_shutdown(ctx)
5428			SSL_CTX * ctx
5429
5430			long
5431			SSL_CTX_get_timeout(ctx)
5432			SSL_CTX * ctx
5433
5434			int
5435			SSL_CTX_get_verify_depth(ctx)
5436			SSL_CTX * ctx
5437
5438			int
5439			SSL_CTX_get_verify_mode(ctx)
5440			SSL_CTX * ctx
5441
5442			void
5443			SSL_CTX_set_cert_store(ctx,store)
5444			SSL_CTX * ctx
5445			X509_STORE * store
5446
5447			X509_STORE *
5448			SSL_CTX_get_cert_store(ctx)
5449			SSL_CTX * ctx
5450
5451			void
5452			SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef)
5453			SSL_CTX * ctx
5454			SV * callback
5455			SV * data
5456			CODE:
5457	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5458	0		SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
5459	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL);
5460	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL);
5461			}
5462			else {
5463	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback));
5464	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data));
5465			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
5466	1		SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx);
5467			#else
5468			SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, (char*)ctx);
5469			#endif
5470			}
5471
5472			X509_NAME_STACK *
5473			SSL_CTX_get_client_CA_list(ctx)
5474			SSL_CTX *ctx
5475
5476			void
5477			SSL_CTX_set_client_CA_list(ctx,list)
5478			SSL_CTX * ctx
5479			X509_NAME_STACK * list
5480
5481			void
5482			SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef)
5483			SSL_CTX * ctx
5484			SV * callback
5485			CODE:
5486	4	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5487	0		SSL_CTX_set_default_passwd_cb(ctx, NULL);
5488	0		SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
5489	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL);
5490			}
5491			else {
5492	4		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback));
5493	4		SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx);
5494	4		SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
5495			}
5496
5497			void
5498			SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef)
5499			SSL_CTX * ctx
5500			SV * data
5501			CODE:
5502			/* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */
5503	2	50	if (data==NULL \|\| !SvOK(data)) {
		50
		0
		0
5504	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL);
5505			}
5506			else {
5507	2		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data));
5508			}
5509
5510			int
5511			SSL_CTX_set_ex_data(ssl,idx,data)
5512			SSL_CTX * ssl
5513			int idx
5514			void * data
5515
5516			int
5517			SSL_CTX_set_purpose(s,purpose)
5518			SSL_CTX * s
5519			int purpose
5520
5521			void
5522			SSL_CTX_set_quiet_shutdown(ctx,mode)
5523			SSL_CTX * ctx
5524			int mode
5525
5526			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5527
5528			int
5529			SSL_CTX_set_ssl_version(ctx,meth)
5530			SSL_CTX * ctx
5531			SSL_METHOD * meth
5532
5533			#else
5534
5535			int
5536			SSL_CTX_set_ssl_version(ctx,meth)
5537			SSL_CTX * ctx
5538			const SSL_METHOD * meth
5539
5540			#endif
5541
5542			long
5543			SSL_CTX_set_timeout(ctx,t)
5544			SSL_CTX * ctx
5545			long t
5546
5547			int
5548			SSL_CTX_set_trust(s,trust)
5549			SSL_CTX * s
5550			int trust
5551
5552			void
5553			SSL_CTX_set_verify_depth(ctx,depth)
5554			SSL_CTX * ctx
5555			int depth
5556
5557			int
5558			SSL_CTX_use_certificate(ctx,x)
5559			SSL_CTX * ctx
5560			X509 * x
5561
5562			int
5563			SSL_CTX_use_certificate_chain_file(ctx,file)
5564			SSL_CTX * ctx
5565			const char * file
5566
5567
5568			#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
5569
5570			int
5571			SSL_use_certificate_chain_file(ssl,file)
5572			SSL * ssl
5573			const char * file
5574
5575			#endif /* OpenSSL 1.1.0 */
5576
5577			int
5578			SSL_CTX_use_PrivateKey(ctx,pkey)
5579			SSL_CTX * ctx
5580			EVP_PKEY * pkey
5581
5582			int
5583			SSL_CTX_use_RSAPrivateKey(ctx,rsa)
5584			SSL_CTX * ctx
5585			RSA * rsa
5586
5587			int
5588			SSL_do_handshake(s)
5589			SSL * s
5590
5591			SSL *
5592			SSL_dup(ssl)
5593			SSL * ssl
5594
5595			const SSL_CIPHER *
5596			SSL_get_current_cipher(s)
5597			SSL * s
5598
5599			long
5600			SSL_get_default_timeout(s)
5601			SSL * s
5602
5603			void *
5604			SSL_get_ex_data(ssl,idx)
5605			SSL * ssl
5606			int idx
5607
5608			size_t
5609			SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5610			SSL *ssl
5611			SV *buf
5612			size_t count
5613			PREINIT:
5614			unsigned char *finished;
5615			size_t finished_len;
5616			CODE:
5617	4		Newx(finished, count, unsigned char);
5618	4		finished_len = SSL_get_finished(ssl, finished, count);
5619	4	100	if (count > finished_len)
5620	3		count = finished_len;
5621	4		sv_setpvn(buf, (const char *)finished, count);
5622	4		Safefree(finished);
5623	4		RETVAL = finished_len;
5624			OUTPUT:
5625			RETVAL
5626
5627			size_t
5628			SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5629			SSL *ssl
5630			SV *buf
5631			size_t count
5632			PREINIT:
5633			unsigned char *finished;
5634			size_t finished_len;
5635			CODE:
5636	4		Newx(finished, count, unsigned char);
5637	4		finished_len = SSL_get_peer_finished(ssl, finished, count);
5638	4	100	if (count > finished_len)
5639	3		count = finished_len;
5640	4		sv_setpvn(buf, (const char *)finished, count);
5641	4		Safefree(finished);
5642	4		RETVAL = finished_len;
5643			OUTPUT:
5644			RETVAL
5645
5646			int
5647			SSL_get_quiet_shutdown(ssl)
5648			SSL * ssl
5649
5650			int
5651			SSL_get_shutdown(ssl)
5652			SSL * ssl
5653
5654			int
5655			SSL_get_verify_depth(s)
5656			SSL * s
5657
5658			int
5659			SSL_get_verify_mode(s)
5660			SSL * s
5661
5662			long
5663			SSL_get_verify_result(ssl)
5664			SSL * ssl
5665
5666			int
5667			SSL_renegotiate(s)
5668			SSL * s
5669
5670			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5671
5672			int
5673			SSL_SESSION_cmp(a,b)
5674			SSL_SESSION * a
5675			SSL_SESSION * b
5676
5677			#endif
5678
5679			void *
5680			SSL_SESSION_get_ex_data(ss,idx)
5681			SSL_SESSION * ss
5682			int idx
5683
5684			long
5685			SSL_SESSION_get_time(s)
5686			SSL_SESSION * s
5687
5688			long
5689			SSL_SESSION_get_timeout(s)
5690			SSL_SESSION * s
5691
5692			int
5693			SSL_SESSION_print_fp(fp,ses)
5694			FILE * fp
5695			SSL_SESSION * ses
5696
5697			int
5698			SSL_SESSION_set_ex_data(ss,idx,data)
5699			SSL_SESSION * ss
5700			int idx
5701			void * data
5702
5703			long
5704			SSL_SESSION_set_time(s,t)
5705			SSL_SESSION * s
5706			long t
5707
5708			long
5709			SSL_SESSION_set_timeout(s,t)
5710			SSL_SESSION * s
5711			long t
5712
5713			void
5714			SSL_set_accept_state(s)
5715			SSL * s
5716
5717			void
5718			sk_X509_NAME_free(sk)
5719			X509_NAME_STACK *sk
5720
5721			int
5722			sk_X509_NAME_num(sk)
5723			X509_NAME_STACK *sk
5724
5725			X509_NAME *
5726			sk_X509_NAME_value(sk,i)
5727			X509_NAME_STACK *sk
5728			int i
5729
5730			X509_NAME_STACK *
5731			SSL_get_client_CA_list(s)
5732			SSL * s
5733
5734			void
5735			SSL_set_client_CA_list(s,list)
5736			SSL * s
5737			X509_NAME_STACK * list
5738
5739			void
5740			SSL_set_connect_state(s)
5741			SSL * s
5742
5743			int
5744			SSL_set_ex_data(ssl,idx,data)
5745			SSL * ssl
5746			int idx
5747			void * data
5748
5749
5750			void
5751			SSL_set_info_callback(ssl,callback,data=&PL_sv_undef)
5752			SSL * ssl
5753			SV * callback
5754			SV * data
5755			CODE:
5756	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5757	0		SSL_set_info_callback(ssl, NULL);
5758	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL);
5759	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL);
5760			} else {
5761	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback));
5762	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data));
5763	1		SSL_set_info_callback(ssl, ssleay_info_cb_invoke);
5764			}
5765
5766			void
5767			SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
5768			SSL_CTX * ctx
5769			SV * callback
5770			SV * data
5771			CODE:
5772	148	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5773	0		SSL_CTX_set_info_callback(ctx, NULL);
5774	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL);
5775	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL);
5776			} else {
5777	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback));
5778	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data));
5779	148		SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
5780			}
5781
5782			void
5783			SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
5784			SSL * ssl
5785			SV * callback
5786			SV * data
5787			CODE:
5788	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5789	1		SSL_set_msg_callback(ssl, NULL);
5790	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
5791	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
5792			} else {
5793	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
5794	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
5795	1		SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
5796			}
5797
5798			void
5799			SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
5800			SSL_CTX * ctx
5801			SV * callback
5802			SV * data
5803			CODE:
5804	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5805	1		SSL_CTX_set_msg_callback(ctx, NULL);
5806	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
5807	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
5808			} else {
5809	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
5810	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
5811	1		SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
5812			}
5813
5814
5815			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
5816
5817			void
5818			SSL_CTX_set_keylog_callback(SSL_CTX ctx, SV callback)
5819			CODE:
5820			if (callback==NULL \|\| !SvOK(callback)) {
5821			SSL_CTX_set_keylog_callback(ctx, NULL);
5822			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL);
5823			} else {
5824			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback));
5825			SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke);
5826			}
5827
5828			SV *
5829			SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
5830			CODE:
5831			SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
5832			/* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */
5833			SvREFCNT_inc(func);
5834			RETVAL = func;
5835			OUTPUT:
5836			RETVAL
5837
5838			#endif
5839
5840
5841			int
5842			SSL_set_purpose(s,purpose)
5843			SSL * s
5844			int purpose
5845
5846			void
5847			SSL_set_quiet_shutdown(ssl,mode)
5848			SSL * ssl
5849			int mode
5850
5851			void
5852			SSL_set_shutdown(ssl,mode)
5853			SSL * ssl
5854			int mode
5855
5856			int
5857			SSL_set_trust(s,trust)
5858			SSL * s
5859			int trust
5860
5861			void
5862			SSL_set_verify_depth(s,depth)
5863			SSL * s
5864			int depth
5865
5866			void
5867			SSL_set_verify_result(ssl,v)
5868			SSL * ssl
5869			long v
5870
5871			int
5872			SSL_shutdown(s)
5873			SSL * s
5874
5875			const char *
5876			SSL_get_version(ssl)
5877			const SSL * ssl
5878
5879			int
5880			SSL_version(ssl)
5881			SSL * ssl
5882
5883			#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */
5884
5885			int
5886			SSL_client_version(ssl)
5887			const SSL * ssl
5888
5889			int
5890			SSL_is_dtls(ssl)
5891			const SSL * ssl
5892
5893			#endif
5894
5895			#define REM_MANUALLY_ADDED_1_09
5896
5897			X509_NAME_STACK *
5898			SSL_load_client_CA_file(file)
5899			const char * file
5900
5901			int
5902			SSL_add_file_cert_subjects_to_stack(stackCAs,file)
5903			X509_NAME_STACK * stackCAs
5904			const char * file
5905
5906			#ifndef WIN32
5907			#ifndef VMS
5908			#ifndef MAC_OS_pre_X
5909
5910			int
5911			SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
5912			X509_NAME_STACK * stackCAs
5913			const char * dir
5914
5915			#endif
5916			#endif
5917			#endif
5918
5919			int
5920			SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5921			long argl
5922			void * argp
5923			CRYPTO_EX_new * new_func
5924			CRYPTO_EX_dup * dup_func
5925			CRYPTO_EX_free * free_func
5926
5927			int
5928			SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
5929			SSL_CTX * ctx
5930			const unsigned char * sid_ctx
5931			unsigned int sid_ctx_len
5932
5933			int
5934			SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
5935			SSL * ssl
5936			const unsigned char * sid_ctx
5937			unsigned int sid_ctx_len
5938
5939			#if OPENSSL_VERSION_NUMBER < 0x10100000L
5940			void
5941			SSL_CTX_set_tmp_rsa_callback(ctx, cb)
5942			SSL_CTX * ctx
5943			cb_ssl_int_int_ret_RSA * cb
5944
5945			void
5946			SSL_set_tmp_rsa_callback(ssl, cb)
5947			SSL * ssl
5948			cb_ssl_int_int_ret_RSA * cb
5949
5950			#endif
5951
5952			void
5953			SSL_CTX_set_tmp_dh_callback(ctx, dh)
5954			SSL_CTX * ctx
5955			cb_ssl_int_int_ret_DH * dh
5956
5957			void
5958			SSL_set_tmp_dh_callback(ssl,dh)
5959			SSL * ssl
5960			cb_ssl_int_int_ret_DH * dh
5961
5962			int
5963			SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5964			long argl
5965			void * argp
5966			CRYPTO_EX_new * new_func
5967			CRYPTO_EX_dup * dup_func
5968			CRYPTO_EX_free * free_func
5969
5970			int
5971			SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5972			long argl
5973			void * argp
5974			CRYPTO_EX_new * new_func
5975			CRYPTO_EX_dup * dup_func
5976			CRYPTO_EX_free * free_func
5977
5978			#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
5979
5980			long
5981			SSL_clear_num_renegotiations(ssl)
5982			SSL * ssl
5983			CODE:
5984	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
5985			OUTPUT:
5986			RETVAL
5987
5988			long
5989			SSL_CTX_add_extra_chain_cert(ctx,x509)
5990			SSL_CTX * ctx
5991			X509 * x509
5992			CODE:
5993	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
5994			OUTPUT:
5995			RETVAL
5996
5997			void *
5998			SSL_CTX_get_app_data(ctx)
5999			SSL_CTX * ctx
6000			CODE:
6001	0		RETVAL = SSL_CTX_get_ex_data(ctx,0);
6002			OUTPUT:
6003			RETVAL
6004
6005			long
6006			SSL_CTX_get_mode(ctx)
6007			SSL_CTX * ctx
6008			CODE:
6009	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
6010			OUTPUT:
6011			RETVAL
6012
6013			long
6014			SSL_CTX_get_read_ahead(ctx)
6015			SSL_CTX * ctx
6016			CODE:
6017	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
6018			OUTPUT:
6019			RETVAL
6020
6021			long
6022			SSL_CTX_get_session_cache_mode(ctx)
6023			SSL_CTX * ctx
6024			CODE:
6025	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
6026			OUTPUT:
6027			RETVAL
6028
6029			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6030			long
6031			SSL_CTX_need_tmp_RSA(ctx)
6032			SSL_CTX * ctx
6033			CODE:
6034	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6035			OUTPUT:
6036			RETVAL
6037
6038			#endif
6039
6040			int
6041			SSL_CTX_set_app_data(ctx,arg)
6042			SSL_CTX * ctx
6043			char * arg
6044			CODE:
6045	0		RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
6046			OUTPUT:
6047			RETVAL
6048
6049			long
6050			SSL_CTX_set_mode(ctx,op)
6051			SSL_CTX * ctx
6052			long op
6053			CODE:
6054	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
6055			OUTPUT:
6056			RETVAL
6057
6058			long
6059			SSL_CTX_set_read_ahead(ctx,m)
6060			SSL_CTX * ctx
6061			long m
6062			CODE:
6063	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
6064			OUTPUT:
6065			RETVAL
6066
6067			long
6068			SSL_CTX_set_session_cache_mode(ctx,m)
6069			SSL_CTX * ctx
6070			long m
6071			CODE:
6072	6		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
6073			OUTPUT:
6074			RETVAL
6075
6076			long
6077			SSL_CTX_set_tmp_dh(ctx,dh)
6078			SSL_CTX * ctx
6079			DH * dh
6080
6081			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6082			long
6083			SSL_CTX_set_tmp_rsa(ctx,rsa)
6084			SSL_CTX * ctx
6085			RSA * rsa
6086
6087			#endif
6088
6089			#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
6090
6091			EC_KEY *
6092			EC_KEY_new_by_curve_name(nid)
6093			int nid
6094
6095			void
6096			EC_KEY_free(key)
6097			EC_KEY * key
6098
6099			long
6100			SSL_CTX_set_tmp_ecdh(ctx,ecdh)
6101			SSL_CTX * ctx
6102			EC_KEY * ecdh
6103
6104			int
6105			EVP_PKEY_assign_EC_KEY(pkey,key)
6106			EVP_PKEY * pkey
6107			EC_KEY * key
6108
6109
6110			EC_KEY *
6111			EC_KEY_generate_key(curve)
6112			SV *curve;
6113			CODE:
6114	1		EC_GROUP *group = NULL;
6115	1		EC_KEY *eckey = NULL;
6116			int nid;
6117
6118	1		RETVAL = 0;
6119	1	50	if (SvIOK(curve)) {
6120	0	0	nid = SvIV(curve);
6121			} else {
6122	1	50	nid = OBJ_sn2nid(SvPV_nolen(curve));
6123			#if OPENSSL_VERSION_NUMBER > 0x10002000L
6124	1	50	if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
		0
6125			#endif
6126	1	50	if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
		0
6127			}
6128
6129	1		group = EC_GROUP_new_by_curve_name(nid);
6130	1	50	if (!group) croak("unknown curve nid=%d",nid);
6131	1		EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
6132
6133	1		eckey = EC_KEY_new();
6134	1	50	if ( eckey
6135	1	50	&& EC_KEY_set_group(eckey, group)
6136	1	50	&& EC_KEY_generate_key(eckey)) {
6137	1		RETVAL = eckey;
6138			} else {
6139	0	0	if (eckey) EC_KEY_free(eckey);
6140			}
6141	1	50	if (group) EC_GROUP_free(group);
6142
6143			OUTPUT:
6144			RETVAL
6145
6146
6147			#ifdef SSL_CTRL_SET_ECDH_AUTO
6148
6149			long
6150			SSL_CTX_set_ecdh_auto(ctx,onoff)
6151			SSL_CTX * ctx
6152			int onoff
6153
6154			long
6155			SSL_set_ecdh_auto(ssl,onoff)
6156			SSL * ssl
6157			int onoff
6158
6159			#endif
6160
6161			#ifdef SSL_CTRL_SET_CURVES_LIST
6162
6163			long
6164			SSL_CTX_set1_curves_list(ctx,list)
6165			SSL_CTX * ctx
6166			char * list
6167
6168			long
6169			SSL_set1_curves_list(ssl,list)
6170			SSL * ssl
6171			char * list
6172
6173			#endif
6174
6175			#if SSL_CTRL_SET_GROUPS_LIST
6176
6177			long
6178			SSL_CTX_set1_groups_list(ctx,list)
6179			SSL_CTX * ctx
6180			char * list
6181
6182			long
6183			SSL_set1_groups_list(ssl,list)
6184			SSL * ssl
6185			char * list
6186
6187			#endif
6188
6189
6190
6191			#endif
6192
6193			void *
6194			SSL_get_app_data(s)
6195			SSL * s
6196			CODE:
6197	0		RETVAL = SSL_get_ex_data(s,0);
6198			OUTPUT:
6199			RETVAL
6200
6201			int
6202			SSL_get_cipher_bits(s,np=NULL)
6203			SSL * s
6204			int * np
6205			CODE:
6206	0		RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
6207			OUTPUT:
6208			RETVAL
6209
6210			long
6211			SSL_get_mode(ssl)
6212			SSL * ssl
6213			CODE:
6214	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
6215			OUTPUT:
6216			RETVAL
6217
6218			void
6219			SSL_set_state(ssl,state)
6220			SSL * ssl
6221			int state
6222			CODE:
6223			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
6224			/* not available */
6225			#elif defined(OPENSSL_NO_SSL_INTERN)
6226			SSL_set_state(ssl,state);
6227			#else
6228	0		ssl->state = state;
6229			#endif
6230
6231			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6232			long
6233			SSL_need_tmp_RSA(ssl)
6234			SSL * ssl
6235			CODE:
6236	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6237			OUTPUT:
6238			RETVAL
6239
6240
6241			#endif
6242
6243			long
6244			SSL_num_renegotiations(ssl)
6245			SSL * ssl
6246			CODE:
6247	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
6248			OUTPUT:
6249			RETVAL
6250
6251			void *
6252			SSL_SESSION_get_app_data(ses)
6253			SSL_SESSION * ses
6254			CODE:
6255	0		RETVAL = SSL_SESSION_get_ex_data(ses,0);
6256			OUTPUT:
6257			RETVAL
6258
6259			long
6260			SSL_session_reused(ssl)
6261			SSL * ssl
6262
6263			int
6264			SSL_SESSION_set_app_data(s,a)
6265			SSL_SESSION * s
6266			void * a
6267			CODE:
6268	0		RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
6269			OUTPUT:
6270			RETVAL
6271
6272			int
6273			SSL_set_app_data(s,arg)
6274			SSL * s
6275			void * arg
6276			CODE:
6277	0		RETVAL = SSL_set_ex_data(s,0,(char *)arg);
6278			OUTPUT:
6279			RETVAL
6280
6281			long
6282			SSL_set_mode(ssl,op)
6283			SSL * ssl
6284			long op
6285			CODE:
6286	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
6287			OUTPUT:
6288			RETVAL
6289
6290			int
6291			SSL_set_pref_cipher(s,n)
6292			SSL * s
6293			const char * n
6294			CODE:
6295	0		RETVAL = SSL_set_cipher_list(s,n);
6296			OUTPUT:
6297			RETVAL
6298
6299			long
6300			SSL_set_tmp_dh(ssl,dh)
6301			SSL * ssl
6302			DH * dh
6303
6304			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6305			long
6306			SSL_set_tmp_rsa(ssl,rsa)
6307			SSL * ssl
6308			char * rsa
6309			CODE:
6310	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
6311			OUTPUT:
6312			RETVAL
6313
6314			#endif
6315
6316			BIGNUM *
6317			BN_dup(const BIGNUM *from)
6318
6319			void
6320			BN_clear(BIGNUM *bn)
6321
6322			void
6323			BN_clear_free(BIGNUM *bn)
6324
6325			void
6326			BN_free(BIGNUM *bn)
6327
6328			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6329
6330			RSA *
6331			RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6332			int bits
6333			unsigned long ee
6334			SV* perl_cb
6335			SV* perl_data
6336			PREINIT:
6337	8		simple_cb_data_t* cb_data = NULL;
6338			int rc;
6339			RSA * ret;
6340			BIGNUM *e;
6341			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6342			BN_GENCB *new_cb;
6343			#else
6344			BN_GENCB new_cb;
6345			#endif
6346			CODE:
6347			/* openssl 0.9.8 deprecated RSA_generate_key. */
6348			/* This equivalent was contributed by Brian Fraser for Android, */
6349			/* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */
6350			/* It should now be more versatile. */
6351			/* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
6352			/* instead BN_EGNCB_new() has to be used. */
6353	8		e = BN_new();
6354	8	50	if(!e)
6355	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
6356	8		BN_set_word(e, ee);
6357	8		cb_data = simple_cb_data_new(perl_cb, perl_data);
6358
6359	8		ret = RSA_new();
6360	8	50	if(!ret) {
6361	0		simple_cb_data_free(cb_data);
6362	0		BN_free(e);
6363	0		croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
6364			}
6365			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6366			new_cb = BN_GENCB_new();
6367			if(!new_cb) {
6368			simple_cb_data_free(cb_data);
6369			BN_free(e);
6370			RSA_free(ret);
6371			croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n");
6372			}
6373			BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6374			rc = RSA_generate_key_ex(ret, bits, e, new_cb);
6375			BN_GENCB_free(new_cb);
6376			#else
6377	8		BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6378	8		rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
6379			#endif
6380	7		simple_cb_data_free(cb_data);
6381	7		BN_free(e);
6382	7	50	if (rc == -1 \|\| ret == NULL) {
		50
6383	0	0	if (ret) RSA_free(ret);
6384	0		croak("Net::SSLeay: Couldn't generate RSA key");
6385			}
6386	7		e = NULL;
6387	7		RETVAL = ret;
6388			OUTPUT:
6389			RETVAL
6390
6391			#else
6392
6393			RSA *
6394			RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6395			int bits
6396			unsigned long e
6397			SV* perl_cb
6398			SV* perl_data
6399			PREINIT:
6400			simple_cb_data_t* cb = NULL;
6401			CODE:
6402			cb = simple_cb_data_new(perl_cb, perl_data);
6403			RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
6404			simple_cb_data_free(cb);
6405			OUTPUT:
6406			RETVAL
6407
6408			#endif
6409
6410			void
6411			RSA_get_key_parameters(rsa)
6412			RSA * rsa
6413			PREINIT:
6414			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6415			const BIGNUM n, e, *d;
6416			const BIGNUM p, q;
6417			const BIGNUM dmp1, dmq1, *iqmp;
6418			#endif
6419			PPCODE:
6420			{
6421			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6422			RSA_get0_key(rsa, &n, &e, &d);
6423			RSA_get0_factors(rsa, &p, &q);
6424			RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
6425			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6426			XPUSHs(bn2sv(n));
6427			XPUSHs(bn2sv(e));
6428			XPUSHs(bn2sv(d));
6429			XPUSHs(bn2sv(p));
6430			XPUSHs(bn2sv(q));
6431			XPUSHs(bn2sv(dmp1));
6432			XPUSHs(bn2sv(dmq1));
6433			XPUSHs(bn2sv(iqmp));
6434			#else
6435			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6436	1	50	XPUSHs(bn2sv(rsa->n));
6437	1	50	XPUSHs(bn2sv(rsa->e));
6438	1	50	XPUSHs(bn2sv(rsa->d));
6439	1	50	XPUSHs(bn2sv(rsa->p));
6440	1	50	XPUSHs(bn2sv(rsa->q));
6441	1	50	XPUSHs(bn2sv(rsa->dmp1));
6442	1	50	XPUSHs(bn2sv(rsa->dmq1));
6443	1	50	XPUSHs(bn2sv(rsa->iqmp));
6444			#endif
6445			}
6446
6447			void
6448			RSA_free(r)
6449			RSA * r
6450
6451			X509 *
6452			X509_new()
6453
6454			void
6455			X509_free(a)
6456			X509 * a
6457
6458			X509_CRL *
6459			d2i_X509_CRL_bio(BIO bp,void unused=NULL)
6460
6461			X509_REQ *
6462			d2i_X509_REQ_bio(BIO bp,void unused=NULL)
6463
6464			X509 *
6465			d2i_X509_bio(BIO bp,void unused=NULL)
6466
6467			DH *
6468			PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
6469			BIO * bio
6470			void * x
6471			pem_password_cb * cb
6472			void * u
6473
6474			X509_CRL *
6475			PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
6476			BIO * bio
6477			void * x
6478			pem_password_cb * cb
6479			void * u
6480
6481			X509 *
6482			PEM_read_bio_X509(BIO bio,void x=NULL,void cb=NULL,void u=NULL)
6483
6484			STACK_OF(X509_INFO) *
6485			PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL)
6486			BIO * bio
6487			STACK_OF(X509_INFO) * stack
6488			pem_password_cb * cb
6489			void * u
6490
6491			int
6492			sk_X509_INFO_num(stack)
6493			STACK_OF(X509_INFO) * stack
6494
6495			X509_INFO *
6496			sk_X509_INFO_value(stack, index)
6497			const STACK_OF(X509_INFO) * stack
6498			int index
6499
6500			void
6501			sk_X509_INFO_free(stack)
6502			STACK_OF(X509_INFO) * stack
6503
6504			STACK_OF(X509) *
6505			sk_X509_new_null()
6506
6507			void
6508			sk_X509_free(stack)
6509			STACK_OF(X509) * stack
6510
6511			int
6512			sk_X509_push(stack, data)
6513			STACK_OF(X509) * stack
6514			X509 * data
6515
6516			X509 *
6517			sk_X509_pop(stack)
6518			STACK_OF(X509) * stack
6519
6520			X509 *
6521			sk_X509_shift(stack)
6522			STACK_OF(X509) * stack
6523
6524			int
6525			sk_X509_unshift(stack,x509)
6526			STACK_OF(X509) * stack
6527			X509 * x509
6528
6529			int
6530			sk_X509_insert(stack,x509,index)
6531			STACK_OF(X509) * stack
6532			X509 * x509
6533			int index
6534
6535			X509 *
6536			sk_X509_delete(stack,index)
6537			STACK_OF(X509) * stack
6538			int index
6539
6540			X509 *
6541			sk_X509_value(stack,index)
6542			STACK_OF(X509) * stack
6543			int index
6544
6545			int
6546			sk_X509_num(stack)
6547			STACK_OF(X509) * stack
6548
6549			X509 *
6550			P_X509_INFO_get_x509(info)
6551			X509_INFO * info
6552			CODE:
6553	3		RETVAL = info->x509;
6554			OUTPUT:
6555			RETVAL
6556
6557			X509_REQ *
6558			PEM_read_bio_X509_REQ(BIO bio,void x=NULL,pem_password_cb cb=NULL,void u=NULL)
6559
6560			EVP_PKEY *
6561			PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6562			BIO *bio
6563			SV* perl_cb
6564			SV* perl_data
6565			PREINIT:
6566	8		simple_cb_data_t* cb = NULL;
6567			CODE:
6568	8		RETVAL = 0;
6569	8	100	if (SvOK(perl_cb)) {
		50
		50
6570			/* setup our callback */
6571	2		cb = simple_cb_data_new(perl_cb, perl_data);
6572	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb);
6573	2		simple_cb_data_free(cb);
6574			}
6575	6	50	else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) {
		50
		50
		100
		50
		50
		50
6576			/* use perl_data as the password */
6577	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data));
6578			}
6579	4	50	else if (!SvOK(perl_cb) && !SvOK(perl_data)) {
		50
		50
		50
		50
		50
6580			/* will trigger default password callback */
6581	4		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
6582			}
6583			OUTPUT:
6584			RETVAL
6585
6586			void
6587			DH_free(dh)
6588			DH * dh
6589
6590			long
6591			SSL_total_renegotiations(ssl)
6592			SSL * ssl
6593			CODE:
6594	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
6595			OUTPUT:
6596			RETVAL
6597
6598			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6599			void
6600			SSL_SESSION_get_master_key(s)
6601			SSL_SESSION * s
6602			PREINIT:
6603			size_t master_key_length;
6604			unsigned char* master_key;
6605			CODE:
6606			ST(0) = sv_newmortal(); /* Undefined to start with */
6607			master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
6608			New(0, master_key, master_key_length, unsigned char);
6609			SSL_SESSION_get_master_key(s, master_key, master_key_length);
6610			sv_setpvn(ST(0), (const char*)master_key, master_key_length);
6611			Safefree(master_key);
6612
6613			#else
6614			void
6615			SSL_SESSION_get_master_key(s)
6616			SSL_SESSION * s
6617			CODE:
6618	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6619	0		sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
6620
6621			#endif
6622
6623			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6624
6625			void
6626			SSL_SESSION_set_master_key(s,key)
6627			SSL_SESSION * s
6628			PREINIT:
6629			STRLEN len;
6630			INPUT:
6631			char * key = SvPV(ST(1), len);
6632			CODE:
6633	0		memcpy(s->master_key, key, len);
6634	0		s->master_key_length = len;
6635
6636			#endif
6637
6638			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6639
6640			void
6641			SSL_get_client_random(s)
6642			SSL * s
6643			PREINIT:
6644			size_t random_length;
6645			unsigned char* random_data;
6646			CODE:
6647			ST(0) = sv_newmortal(); /* Undefined to start with */
6648			random_length = SSL_get_client_random(s, 0, 0); /* get the length */
6649			New(0, random_data, random_length, unsigned char);
6650			SSL_get_client_random(s, random_data, random_length);
6651			sv_setpvn(ST(0), (const char*)random_data, random_length);
6652			Safefree(random_data);
6653
6654			#else
6655
6656			void
6657			SSL_get_client_random(s)
6658			SSL * s
6659			CODE:
6660	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6661	0		sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
6662
6663			#endif
6664
6665			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6666
6667			void
6668			SSL_get_server_random(s)
6669			SSL * s
6670			PREINIT:
6671			size_t random_length;
6672			unsigned char* random_data;
6673			CODE:
6674			ST(0) = sv_newmortal(); /* Undefined to start with */
6675			random_length = SSL_get_server_random(s, 0, 0); /* get the length */
6676			New(0, random_data, random_length, unsigned char);
6677			SSL_get_server_random(s, random_data, random_length);
6678			sv_setpvn(ST(0), (const char*)random_data, random_length);
6679			Safefree(random_data);
6680
6681			#else
6682
6683			void
6684			SSL_get_server_random(s)
6685			SSL * s
6686			CODE:
6687	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6688	0		sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
6689
6690			#endif
6691
6692			# AEAD ciphers require an Initialization Vector that has nonce
6693			# qualities. A part of the IV comes from PRF. This part is called
6694			# 'implicit'. See RFC 5246 section 6.2.3.3. Length of the 'implicit'
6695			# part of nonce for GCM and CCM mode ciphers is defined to be 4 by RFCs
6696			# 5288 and 6655, respectively, and the total length of nonce is 12
6697			# octets. Because of the above, SSL_get_keyblock_size adjusts
6698			# iv_length and does not fetch full nonce length from the PRF.
6699			int
6700			SSL_get_keyblock_size(s)
6701			SSL * s
6702			CODE:
6703			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6704			const SSL_CIPHER *ssl_cipher;
6705			int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
6706			const EVP_CIPHER *c = NULL;
6707			const EVP_MD *h = NULL;
6708
6709			ssl_cipher = SSL_get_current_cipher(s);
6710			if (ssl_cipher)
6711			cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
6712			if (cipher != NID_undef)
6713			c = EVP_get_cipherbynid(cipher);
6714
6715			if (ssl_cipher)
6716			digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
6717			if (digest != NID_undef) /* No digest if e.g., AEAD cipher */
6718			h = EVP_get_digestbynid(digest);
6719			if (h)
6720			mac_secret_size = EVP_MD_size(h);
6721
6722			RETVAL = -1;
6723			if (c) {
6724			int iv_length = EVP_CIPHER_iv_length(c);
6725			if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
6726			EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
6727			iv_length = 4;
6728			RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size +
6729			iv_length);
6730			}
6731			#else
6732	1	50	if (s == NULL \|\|
		50
6733	1	50	s->enc_read_ctx == NULL \|\|
6734	1	50	s->enc_read_ctx->cipher == NULL \|\|
6735	1		s->read_hash == NULL)
6736			{
6737	0		RETVAL = -1;
6738			}
6739			else
6740			{
6741			const EVP_CIPHER *c;
6742			const EVP_MD *h;
6743	1		int iv_length = -1;
6744	1		int md_size = -1;
6745	1		c = s->enc_read_ctx->cipher;
6746	1		iv_length = EVP_CIPHER_iv_length(c);
6747			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
6748	1		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
6749	0		EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
6750	1		iv_length = 4;
6751	1		h = NULL;
6752	1	50	if (s->s3)
6753	1		md_size = s->s3->tmp.new_mac_secret_size;
6754			#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
6755			h = EVP_MD_CTX_md(s->read_hash);
6756			md_size = EVP_MD_size(h);
6757			#else
6758			h = s->read_hash;
6759			md_size = EVP_MD_size(h);
6760			#endif
6761			/* No digest if e.g., AEAD cipher */
6762	2		RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) +
6763	1		md_size +
6764			iv_length))
6765	2	50	: -1;
6766			}
6767			#endif
6768
6769			OUTPUT:
6770			RETVAL
6771
6772
6773
6774			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
6775
6776			void
6777			SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef)
6778			SSL * s
6779			SV * callback
6780			SV * data
6781			CODE:
6782	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6783	0		SSL_set_session_secret_cb(s, NULL, NULL);
6784	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL);
6785	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL);
6786			}
6787			else {
6788	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
6789	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
6790	0		SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
6791			}
6792
6793			#endif
6794
6795			#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
6796
6797			void
6798			SSL_set_psk_client_callback(s,callback=&PL_sv_undef)
6799			SSL * s
6800			SV * callback
6801			CODE:
6802	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6803	0		SSL_set_psk_client_callback(s, NULL);
6804	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL);
6805			}
6806			else {
6807	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback));
6808	0		SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke);
6809			}
6810
6811			void
6812			SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef)
6813			SSL_CTX * ctx
6814			SV * callback
6815			CODE:
6816	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6817	0		SSL_CTX_set_psk_client_callback(ctx, NULL);
6818	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL);
6819			}
6820			else {
6821	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback));
6822	0		SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke);
6823			}
6824
6825			#endif
6826
6827			#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB
6828
6829			void
6830			SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
6831			SSL_CTX * ctx
6832			SV * callback
6833			SV * data
6834			CODE:
6835	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
6836	0		SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL);
6837	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL);
6838	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL);
6839			}
6840			else {
6841	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback));
6842	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data));
6843	3		SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke);
6844			}
6845
6846
6847			#endif
6848
6849
6850			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
6851			#define REM11 "NOTE: before 0.9.7"
6852
6853			int EVP_add_digest(EVP_MD *digest)
6854
6855			#else
6856
6857			int EVP_add_digest(const EVP_MD *digest)
6858
6859			#endif
6860
6861			#ifndef OPENSSL_NO_SHA
6862
6863			const EVP_MD *EVP_sha1()
6864
6865			#endif
6866			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6867
6868			const EVP_MD *EVP_sha256()
6869
6870			#endif
6871			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6872
6873			const EVP_MD *EVP_sha512()
6874
6875			#endif
6876			void OpenSSL_add_all_digests()
6877
6878			const EVP_MD * EVP_get_digestbyname(const char *name)
6879
6880			int EVP_MD_type(const EVP_MD *md)
6881
6882			int EVP_MD_size(const EVP_MD *md)
6883
6884			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
6885
6886			SV*
6887			P_EVP_MD_list_all()
6888			INIT:
6889			AV * results;
6890			CODE:
6891	2		results = (AV )sv_2mortal((SV )newAV());
6892	2		EVP_MD_do_all_sorted(handler_list_md_fn, results);
6893	2		RETVAL = newRV((SV *)results);
6894			OUTPUT:
6895			RETVAL
6896
6897			#endif
6898
6899			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6900			#define REM16 "NOTE: requires 0.9.7+"
6901
6902			const EVP_MD EVP_MD_CTX_md(const EVP_MD_CTX ctx)
6903
6904			EVP_MD_CTX *EVP_MD_CTX_create()
6905
6906			int EVP_DigestInit(EVP_MD_CTX ctx, const EVP_MD type)
6907
6908			int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
6909
6910			void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
6911
6912			void
6913			EVP_DigestUpdate(ctx,data)
6914			PREINIT:
6915			STRLEN len;
6916			INPUT:
6917			EVP_MD_CTX ctx = INT2PTR(EVP_MD_CTX , SvIV(ST(0)));
6918			unsigned char data = (unsigned char ) SvPV(ST(1), len);
6919			CODE:
6920	9138		XSRETURN_IV(EVP_DigestUpdate(ctx,data,len));
6921
6922			void
6923			EVP_DigestFinal(ctx)
6924			EVP_MD_CTX *ctx
6925			INIT:
6926			unsigned char md[EVP_MAX_MD_SIZE];
6927			unsigned int md_size;
6928			CODE:
6929	57	50	if (EVP_DigestFinal(ctx,md,&md_size))
6930	57		XSRETURN_PVN((char *)md, md_size);
6931			else
6932	57		XSRETURN_UNDEF;
6933
6934			void
6935			EVP_DigestFinal_ex(ctx)
6936			EVP_MD_CTX *ctx
6937			INIT:
6938			unsigned char md[EVP_MAX_MD_SIZE];
6939			unsigned int md_size;
6940			CODE:
6941	9	50	if (EVP_DigestFinal_ex(ctx,md,&md_size))
6942	9		XSRETURN_PVN((char *)md, md_size);
6943			else
6944	9		XSRETURN_UNDEF;
6945
6946			void
6947			EVP_Digest(...)
6948			PREINIT:
6949			STRLEN len;
6950			unsigned char md[EVP_MAX_MD_SIZE];
6951			unsigned int md_size;
6952			INPUT:
6953			unsigned char data = (unsigned char ) SvPV(ST(0), len);
6954			EVP_MD type = INT2PTR(EVP_MD , SvIV(ST(1)));
6955			ENGINE impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE , SvIV(ST(2))) : NULL;
6956			CODE:
6957	48	50	if (EVP_Digest(data,len,md,&md_size,type,impl))
6958	48		XSRETURN_PVN((char *)md, md_size);
6959			else
6960	48		XSRETURN_UNDEF;
6961
6962			#endif
6963
6964			const EVP_CIPHER *
6965			EVP_get_cipherbyname(const char *name)
6966
6967			void
6968			OpenSSL_add_all_algorithms()
6969
6970			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6971
6972			void
6973			OPENSSL_add_all_algorithms_noconf()
6974
6975			void
6976			OPENSSL_add_all_algorithms_conf()
6977
6978			#endif
6979
6980			#if OPENSSL_VERSION_NUMBER >= 0x10000003L
6981
6982			int
6983			SSL_CTX_set1_param(ctx, vpm)
6984			SSL_CTX * ctx
6985			X509_VERIFY_PARAM *vpm
6986
6987			int
6988			SSL_set1_param(ctx, vpm)
6989			SSL * ctx
6990			X509_VERIFY_PARAM *vpm
6991
6992			#endif
6993
6994			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6995
6996			X509_VERIFY_PARAM *
6997			X509_VERIFY_PARAM_new()
6998
6999			void
7000			X509_VERIFY_PARAM_free(param)
7001			X509_VERIFY_PARAM *param
7002
7003			int
7004			X509_VERIFY_PARAM_inherit(to, from)
7005			X509_VERIFY_PARAM *to
7006			X509_VERIFY_PARAM *from
7007
7008			int
7009			X509_VERIFY_PARAM_set1(to, from)
7010			X509_VERIFY_PARAM *to
7011			X509_VERIFY_PARAM *from
7012
7013			int
7014			X509_VERIFY_PARAM_set1_name(param, name)
7015			X509_VERIFY_PARAM *param
7016			const char *name
7017
7018			int
7019			X509_VERIFY_PARAM_set_flags(param, flags)
7020			X509_VERIFY_PARAM *param
7021			unsigned long flags
7022
7023			#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
7024			#define REM13 "NOTE: requires 0.9.8a+"
7025
7026			int
7027			X509_VERIFY_PARAM_clear_flags(param, flags)
7028			X509_VERIFY_PARAM *param
7029			unsigned long flags
7030
7031			unsigned long
7032			X509_VERIFY_PARAM_get_flags(param)
7033			X509_VERIFY_PARAM *param
7034
7035			#endif
7036
7037			int
7038			X509_VERIFY_PARAM_set_purpose(param, purpose)
7039			X509_VERIFY_PARAM *param
7040			int purpose
7041
7042			int
7043			X509_VERIFY_PARAM_set_trust(param, trust)
7044			X509_VERIFY_PARAM *param
7045			int trust
7046
7047			void
7048			X509_VERIFY_PARAM_set_depth(param, depth)
7049			X509_VERIFY_PARAM *param
7050			int depth
7051
7052			void
7053			X509_VERIFY_PARAM_set_time(param, t)
7054			X509_VERIFY_PARAM *param
7055			time_t t
7056
7057			int
7058			X509_VERIFY_PARAM_add0_policy(param, policy)
7059			X509_VERIFY_PARAM *param
7060			ASN1_OBJECT *policy
7061
7062			int
7063			X509_VERIFY_PARAM_set1_policies(param, policies)
7064			X509_VERIFY_PARAM *param
7065			STACK_OF(ASN1_OBJECT) *policies
7066
7067			int
7068			X509_VERIFY_PARAM_get_depth(param)
7069			X509_VERIFY_PARAM *param
7070
7071			int
7072			X509_VERIFY_PARAM_add0_table(param)
7073			X509_VERIFY_PARAM *param
7074
7075			const X509_VERIFY_PARAM *
7076			X509_VERIFY_PARAM_lookup(name)
7077			const char *name
7078
7079			void
7080			X509_VERIFY_PARAM_table_cleanup()
7081
7082			#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7083
7084			X509_VERIFY_PARAM *
7085			SSL_CTX_get0_param(ctx)
7086			SSL_CTX * ctx
7087
7088			X509_VERIFY_PARAM *
7089			SSL_get0_param(ssl)
7090			SSL * ssl
7091
7092			int
7093			X509_VERIFY_PARAM_set1_host(param, name)
7094			X509_VERIFY_PARAM *param
7095			PREINIT:
7096			STRLEN namelen;
7097			INPUT:
7098			const char * name = SvPV(ST(1), namelen);
7099			CODE:
7100	2		RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen);
7101			OUTPUT:
7102			RETVAL
7103
7104			int
7105			X509_VERIFY_PARAM_set1_email(param, email)
7106			X509_VERIFY_PARAM *param
7107			PREINIT:
7108			STRLEN emaillen;
7109			INPUT:
7110			const char * email = SvPV(ST(1), emaillen);
7111			CODE:
7112	2		RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen);
7113			OUTPUT:
7114			RETVAL
7115
7116			int
7117			X509_VERIFY_PARAM_set1_ip(param, ip)
7118			X509_VERIFY_PARAM *param
7119			PREINIT:
7120			STRLEN iplen;
7121			INPUT:
7122			const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen);
7123			CODE:
7124	6		RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen);
7125			OUTPUT:
7126			RETVAL
7127
7128			int
7129			X509_VERIFY_PARAM_set1_ip_asc(param, ipasc)
7130			X509_VERIFY_PARAM *param
7131			const char *ipasc
7132
7133			#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7134
7135			#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7136
7137			int
7138			X509_VERIFY_PARAM_add1_host(param, name)
7139			X509_VERIFY_PARAM *param
7140			PREINIT:
7141			STRLEN namelen;
7142			INPUT:
7143			const char * name = SvPV(ST(1), namelen);
7144			CODE:
7145	1		RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen);
7146			OUTPUT:
7147			RETVAL
7148
7149			void
7150			X509_VERIFY_PARAM_set_hostflags(param, flags)
7151			X509_VERIFY_PARAM *param
7152			unsigned int flags
7153
7154			char *
7155			X509_VERIFY_PARAM_get0_peername(param)
7156			X509_VERIFY_PARAM *param
7157
7158			#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7159
7160			void
7161			X509_policy_tree_free(tree)
7162			X509_POLICY_TREE *tree
7163
7164			int
7165			X509_policy_tree_level_count(tree)
7166			X509_POLICY_TREE *tree
7167
7168			X509_POLICY_LEVEL *
7169			X509_policy_tree_get0_level(tree, i)
7170			X509_POLICY_TREE *tree
7171			int i
7172
7173			STACK_OF(X509_POLICY_NODE) *
7174			X509_policy_tree_get0_policies(tree)
7175			X509_POLICY_TREE *tree
7176
7177			STACK_OF(X509_POLICY_NODE) *
7178			X509_policy_tree_get0_user_policies(tree)
7179			X509_POLICY_TREE *tree
7180
7181			int
7182			X509_policy_level_node_count(level)
7183			X509_POLICY_LEVEL *level
7184
7185			X509_POLICY_NODE *
7186			X509_policy_level_get0_node(level, i)
7187			X509_POLICY_LEVEL *level
7188			int i
7189
7190			const ASN1_OBJECT *
7191			X509_policy_node_get0_policy(node)
7192			const X509_POLICY_NODE *node
7193
7194			STACK_OF(POLICYQUALINFO) *
7195			X509_policy_node_get0_qualifiers(node)
7196			X509_POLICY_NODE *node
7197
7198			const X509_POLICY_NODE *
7199			X509_policy_node_get0_parent(node)
7200			const X509_POLICY_NODE *node
7201
7202			#endif
7203
7204			ASN1_OBJECT *
7205			OBJ_dup(o)
7206			ASN1_OBJECT *o
7207
7208			ASN1_OBJECT *
7209			OBJ_nid2obj(n)
7210			int n
7211
7212			const char *
7213			OBJ_nid2ln(n)
7214			int n
7215
7216			const char *
7217			OBJ_nid2sn(n)
7218			int n
7219
7220			int
7221			OBJ_obj2nid(o)
7222			ASN1_OBJECT *o
7223
7224			ASN1_OBJECT *
7225			OBJ_txt2obj(s, no_name=0)
7226			const char *s
7227			int no_name
7228
7229			void
7230			OBJ_obj2txt(a, no_name=0)
7231			ASN1_OBJECT *a
7232			int no_name
7233			PREINIT:
7234			char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
7235			int len;
7236			CODE:
7237	73		len = OBJ_obj2txt(buf, sizeof(buf), a, no_name);
7238	73		ST(0) = sv_newmortal();
7239	73		sv_setpvn(ST(0), buf, len);
7240
7241			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
7242			#define REM14 "NOTE: before 0.9.7"
7243
7244			int
7245			OBJ_txt2nid(s)
7246			char *s
7247
7248			#else
7249
7250			int
7251			OBJ_txt2nid(s)
7252			const char *s
7253
7254			#endif
7255
7256			int
7257			OBJ_ln2nid(s)
7258			const char *s
7259
7260			int
7261			OBJ_sn2nid(s)
7262			const char *s
7263
7264			int
7265			OBJ_cmp(a, b)
7266			ASN1_OBJECT *a
7267			ASN1_OBJECT *b
7268
7269			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
7270
7271			void
7272			X509_pubkey_digest(data,type)
7273			const X509 *data
7274			const EVP_MD *type
7275			PREINIT:
7276			unsigned char md[EVP_MAX_MD_SIZE];
7277			unsigned int md_size;
7278			PPCODE:
7279	4	50	if (X509_pubkey_digest(data,type,md,&md_size))
7280	4		XSRETURN_PVN((char *)md, md_size);
7281			else
7282	4		XSRETURN_UNDEF;
7283
7284			#endif
7285
7286			void
7287			X509_digest(data,type)
7288			const X509 *data
7289			const EVP_MD *type
7290			PREINIT:
7291			unsigned char md[EVP_MAX_MD_SIZE];
7292			unsigned int md_size;
7293			PPCODE:
7294	4	50	if (X509_digest(data,type,md,&md_size))
7295	4		XSRETURN_PVN((char *)md, md_size);
7296	4		XSRETURN_UNDEF;
7297
7298			void
7299			X509_CRL_digest(data,type)
7300			const X509_CRL *data
7301			const EVP_MD *type
7302			PREINIT:
7303			unsigned char md[EVP_MAX_MD_SIZE];
7304			unsigned int md_size;
7305			PPCODE:
7306	1	50	if (X509_CRL_digest(data,type,md,&md_size))
7307	1		XSRETURN_PVN((char *)md, md_size);
7308	1		XSRETURN_UNDEF;
7309
7310			void
7311			X509_REQ_digest(data,type)
7312			const X509_REQ *data
7313			const EVP_MD *type
7314			PREINIT:
7315			unsigned char md[EVP_MAX_MD_SIZE];
7316			unsigned int md_size;
7317			PPCODE:
7318	1	50	if (X509_REQ_digest(data,type,md,&md_size))
7319	1		XSRETURN_PVN((char *)md, md_size);
7320	1		XSRETURN_UNDEF;
7321
7322			void
7323			X509_NAME_digest(data,type)
7324			const X509_NAME *data
7325			const EVP_MD *type
7326			PREINIT:
7327			unsigned char md[EVP_MAX_MD_SIZE];
7328			unsigned int md_size;
7329			PPCODE:
7330	0	0	if (X509_NAME_digest(data,type,md,&md_size))
7331	0		XSRETURN_PVN((char *)md, md_size);
7332	0		XSRETURN_UNDEF;
7333
7334			unsigned long
7335			X509_subject_name_hash(X509 *x)
7336
7337			unsigned long
7338			X509_issuer_name_hash(X509 *a)
7339
7340			unsigned long
7341			X509_issuer_and_serial_hash(X509 *a)
7342
7343			ASN1_OBJECT *
7344			P_X509_get_signature_alg(x)
7345			X509 * x
7346			CODE:
7347			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7348			RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
7349			#else
7350	4		RETVAL = (x->cert_info->signature->algorithm);
7351			#endif
7352			OUTPUT:
7353			RETVAL
7354
7355			ASN1_OBJECT *
7356			P_X509_get_pubkey_alg(x)
7357			X509 * x
7358			PREINIT:
7359			CODE:
7360			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7361			{
7362			X509_ALGOR * algor;
7363			X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
7364			RETVAL = (algor->algorithm);
7365			}
7366			#else
7367	4		RETVAL = (x->cert_info->key->algor->algorithm);
7368			#endif
7369			OUTPUT:
7370			RETVAL
7371
7372			void
7373			X509_get_X509_PUBKEY(x)
7374			const X509 *x
7375			PPCODE:
7376			X509_PUBKEY *pkey;
7377			STRLEN len;
7378			unsigned char pc, pi;
7379	1	50	if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate");
7380	1	50	if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key");
7381	1		Newx(pc,len,unsigned char);
7382	1	50	if (!pc) croak("out of memory");
7383	1		pi = pc;
7384	1		i2d_X509_PUBKEY(pkey, &pi);
7385	1	50	if (pi-pc != len) croak("invalid encoded length");
7386	1	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7387	1		Safefree(pc);
7388
7389			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
7390
7391			int
7392			SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef)
7393			SSL_CTX * ctx
7394			SV * callback
7395			SV * data
7396			CODE:
7397	1		RETVAL = 1;
7398	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7399	0		SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL);
7400	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7401	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL);
7402			PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n");
7403			}
7404	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7405			/* callback param array ref like ['proto1','proto2'] */
7406	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7407	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback));
7408	1		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7409			PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx);
7410			}
7411	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7412	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback));
7413	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data));
7414	0		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7415			PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx);
7416			}
7417			else {
7418	0		RETVAL = 0;
7419			}
7420			OUTPUT:
7421			RETVAL
7422
7423			int
7424			SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef)
7425			SSL_CTX * ctx
7426			SV * callback
7427			SV * data
7428			CODE:
7429	1		RETVAL = 1;
7430	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7431	0		SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL);
7432	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7433	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL);
7434			PR1("SSL_CTX_set_next_proto_select_cb - undef\n");
7435			}
7436	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7437			/* callback param array ref like ['proto1','proto2'] */
7438	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7439	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback));
7440	1		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7441			PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx);
7442			}
7443	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7444	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback));
7445	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data));
7446	0		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7447			PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx);
7448			}
7449			else {
7450	0		RETVAL = 0;
7451			}
7452			OUTPUT:
7453			RETVAL
7454
7455			void
7456			P_next_proto_negotiated(s)
7457			const SSL *s
7458			PREINIT:
7459			const unsigned char *data;
7460			unsigned int len;
7461			PPCODE:
7462	2		SSL_get0_next_proto_negotiated(s, &data, &len);
7463	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7464
7465			void
7466			P_next_proto_last_status(s)
7467			const SSL *s
7468			PPCODE:
7469	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status"))));
7470
7471			#endif
7472
7473			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
7474
7475			#if !defined(OPENSSL_NO_TLSEXT)
7476
7477			int
7478			SSL_set_tlsext_status_type(SSL *ssl,int cmd)
7479
7480			long
7481			SSL_set_tlsext_status_ocsp_resp(ssl,staple)
7482			SSL * ssl
7483			PREINIT:
7484			char * p;
7485			STRLEN staplelen;
7486			INPUT:
7487			char * staple = SvPV( ST(1), staplelen);
7488			CODE:
7489			/* OpenSSL will free the memory */
7490	0		New(0, p, staplelen, char);
7491	0		memcpy(p, staple, staplelen);
7492	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p);
7493			OUTPUT:
7494			RETVAL
7495
7496			int
7497			SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef)
7498			SSL_CTX * ctx
7499			SV * callback
7500			SV * data
7501			CODE:
7502	0		RETVAL = 1;
7503	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
7504	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL);
7505	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL);
7506	0		SSL_CTX_set_tlsext_status_cb(ctx, NULL);
7507	0	0	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7508	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback));
7509	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data));
7510	0		SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke);
7511			} else {
7512	0		croak("argument must be code reference");
7513			}
7514			OUTPUT:
7515			RETVAL
7516
7517			int
7518			SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef)
7519			SSL * ssl
7520			SV * callback
7521			SV * data
7522			CODE:
7523	1		RETVAL = 1;
7524	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7525	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL);
7526	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL);
7527	0		SSL_set_session_ticket_ext_cb(ssl, NULL, NULL);
7528	1	50	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		50
7529	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback));
7530	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data));
7531	1		SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl);
7532			} else {
7533	0		croak("argument must be code reference");
7534			}
7535			OUTPUT:
7536			RETVAL
7537
7538			int
7539			SSL_set_session_ticket_ext(ssl,ticket)
7540			SSL *ssl
7541			PREINIT:
7542			unsigned char * p;
7543			STRLEN ticketlen;
7544			INPUT:
7545			unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen);
7546			CODE:
7547	1		RETVAL = 0;
7548	1	50	if (ticketlen > 0) {
7549	1		Newx(p, ticketlen, unsigned char);
7550	1	50	if (!p)
7551	0		croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n");
7552	1		memcpy(p, ticket, ticketlen);
7553	1		RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen);
7554	1		Safefree(p);
7555			}
7556			OUTPUT:
7557			RETVAL
7558
7559			#endif
7560
7561			OCSP_RESPONSE *
7562			d2i_OCSP_RESPONSE(pv)
7563			SV *pv
7564			CODE:
7565	0		RETVAL = NULL;
7566	0	0	if (SvPOK(pv)) {
7567			const unsigned char *p;
7568			STRLEN len;
7569	0	0	p = (unsigned char*)SvPV(pv,len);
7570	0		RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len);
7571			}
7572			OUTPUT:
7573			RETVAL
7574
7575			void
7576			i2d_OCSP_RESPONSE(r)
7577			OCSP_RESPONSE * r
7578			PPCODE:
7579			STRLEN len;
7580			unsigned char pc,pi;
7581	0	0	if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response");
7582	0		Newx(pc,len,unsigned char);
7583	0	0	if (!pc) croak("out of memory");
7584	0		pi = pc;
7585	0		i2d_OCSP_RESPONSE(r,&pi);
7586	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7587	0		Safefree(pc);
7588
7589			void
7590			OCSP_RESPONSE_free(r)
7591			OCSP_RESPONSE * r
7592
7593
7594			OCSP_REQUEST *
7595			d2i_OCSP_REQUEST(pv)
7596			SV *pv
7597			CODE:
7598	0		RETVAL = NULL;
7599	0	0	if (SvPOK(pv)) {
7600			const unsigned char *p;
7601			STRLEN len;
7602	0	0	p = (unsigned char*)SvPV(pv,len);
7603	0		RETVAL = d2i_OCSP_REQUEST(NULL,&p,len);
7604			}
7605			OUTPUT:
7606			RETVAL
7607
7608			void
7609			i2d_OCSP_REQUEST(r)
7610			OCSP_REQUEST * r
7611			PPCODE:
7612			STRLEN len;
7613			unsigned char pc,pi;
7614	0	0	if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request");
7615	0		Newx(pc,len,unsigned char);
7616	0	0	if (!pc) croak("out of memory");
7617	0		pi = pc;
7618	0		i2d_OCSP_REQUEST(r,&pi);
7619	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7620	0		Safefree(pc);
7621
7622
7623			void
7624			OCSP_REQUEST_free(r)
7625			OCSP_REQUEST * r
7626
7627
7628			const char *
7629			OCSP_response_status_str(long status)
7630
7631			long
7632			OCSP_response_status(OCSP_RESPONSE *r)
7633
7634			void
7635			SSL_OCSP_cert2ids(ssl,...)
7636			SSL *ssl
7637			PPCODE:
7638			SSL_CTX *ctx;
7639			X509_STORE *store;
7640			STACK_OF(X509) *chain;
7641			X509 cert,issuer;
7642			OCSP_CERTID *id;
7643			int i;
7644			STRLEN len;
7645			unsigned char *pi;
7646
7647	0	0	if (!ssl) croak("not a SSL object");
7648	0		ctx = SSL_get_SSL_CTX(ssl);
7649	0	0	if (!ctx) croak("invalid SSL object - no context");
7650	0		store = SSL_CTX_get_cert_store(ctx);
7651	0		chain = SSL_get_peer_cert_chain(ssl);
7652
7653	0	0	for(i=0;i
7654	0	0	cert = INT2PTR(X509*,SvIV(ST(i+1)));
7655	0	0	if (X509_check_issued(cert,cert) == X509_V_OK)
7656	0		croak("no OCSP request for self-signed certificate");
7657	0	0	if (!(issuer = find_issuer(cert,store,chain)))
7658	0		croak("cannot find issuer certificate");
7659	0		id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
7660	0		X509_free(issuer);
7661	0	0	if (!id)
7662	0		croak("out of memory for generating OCSP certid");
7663
7664	0		pi = NULL;
7665	0	0	if (!(len = i2d_OCSP_CERTID(id,&pi)))
7666	0		croak("OCSP certid has no length");
7667	0	0	XPUSHs(sv_2mortal(newSVpvn((char *)pi, len)));
7668
7669	0		OPENSSL_free(pi);
7670	0		OCSP_CERTID_free(id);
7671			}
7672
7673
7674			OCSP_REQUEST *
7675			OCSP_ids2req(...)
7676			CODE:
7677			OCSP_REQUEST *req;
7678			OCSP_CERTID *id;
7679			int i;
7680
7681	0		req = OCSP_REQUEST_new();
7682	0	0	if (!req) croak("out of memory");
7683	0		OCSP_request_add1_nonce(req,NULL,-1);
7684
7685	0	0	for(i=0;i
7686			STRLEN len;
7687	0	0	const unsigned char p = (unsigned char)SvPV(ST(i),len);
7688	0		id = d2i_OCSP_CERTID(NULL,&p,len);
7689	0	0	if (!id) {
7690	0		OCSP_REQUEST_free(req);
7691	0		croak("failed to get OCSP certid from string");
7692			}
7693	0		OCSP_request_add0_id(req,id);
7694			}
7695	0		RETVAL = req;
7696			OUTPUT:
7697			RETVAL
7698
7699
7700
7701			int
7702			SSL_OCSP_response_verify(ssl,rsp,svreq=NULL,flags=0)
7703			SSL *ssl
7704			OCSP_RESPONSE *rsp
7705			SV *svreq
7706			unsigned long flags
7707			PREINIT:
7708			SSL_CTX *ctx;
7709			X509_STORE *store;
7710			OCSP_BASICRESP *bsr;
7711	0		OCSP_REQUEST *req = NULL;
7712			int i;
7713			CODE:
7714	0	0	if (!ssl) croak("not a SSL object");
7715	0		ctx = SSL_get_SSL_CTX(ssl);
7716	0	0	if (!ctx) croak("invalid SSL object - no context");
7717
7718	0		bsr = OCSP_response_get1_basic(rsp);
7719	0	0	if (!bsr) croak("invalid OCSP response");
7720
7721			/* if we get a nonce it should match our nonce, if we get no nonce
7722			* it was probably pre-signed */
7723	0	0	if (svreq && SvOK(svreq) &&
		0
		0
		0
		0
7724	0	0	(req = INT2PTR(OCSP_REQUEST*,SvIV(svreq)))) {
7725	0		i = OCSP_check_nonce(req,bsr);
7726	0	0	if ( i <= 0 ) {
7727	0	0	if (i == -1) {
7728	0		TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
7729			} else {
7730	0		OCSP_BASICRESP_free(bsr);
7731	0		croak("nonce in OCSP response does not match request");
7732			}
7733			}
7734			}
7735
7736	0		RETVAL = 0;
7737	0	0	if ((store = SSL_CTX_get_cert_store(ctx))) {
7738			/* add the SSL uchain to the uchain of the OCSP basic response, this
7739			* looks like the easiest way to handle the case where the OCSP
7740			* response does not contain the chain up to the trusted root */
7741	0		STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
7742	0	0	for(i=0;i
7743	0		OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
7744			}
7745	0		TRACE(1,"run basic verify");
7746	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7747	0	0	if (chain && !RETVAL) {
		0
7748			/* some CAs don't add a certificate to their OCSP responses and
7749			* openssl does not include the trusted CA which signed the
7750			* lowest chain certificate when looking for the signer.
7751			* So find this CA ourself and retry verification. */
7752			X509 *issuer;
7753	0		X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
7754	0		ERR_clear_error(); /* clear error from last OCSP_basic_verify */
7755	0	0	if (last && (issuer = find_issuer(last,store,chain))) {
		0
7756	0		OCSP_basic_add1_cert(bsr, issuer);
7757	0		X509_free(issuer);
7758	0		TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
7759	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7760			}
7761			}
7762			}
7763	0		OCSP_BASICRESP_free(bsr);
7764			OUTPUT:
7765			RETVAL
7766
7767
7768			void
7769			OCSP_response_results(rsp,...)
7770			OCSP_RESPONSE *rsp
7771			PPCODE:
7772			OCSP_BASICRESP *bsr;
7773			int i,want_array;
7774	0		time_t nextupd = 0;
7775	0		time_t gmtoff = -1;
7776			int getall,sksn;
7777
7778	0		bsr = OCSP_response_get1_basic(rsp);
7779	0	0	if (!bsr) croak("invalid OCSP response");
7780
7781	0	0	want_array = (GIMME == G_LIST);
7782	0		getall = (items <= 1);
7783	0		sksn = OCSP_resp_count(bsr);
7784
7785	0	0	for(i=0; i < (getall ? sksn : items-1); i++) {
		0
7786	0		const char *error = NULL;
7787	0		OCSP_SINGLERESP *sir = NULL;
7788	0		OCSP_CERTID *certid = NULL;
7789	0		SV *idsv = NULL;
7790			int first, status, revocationReason;
7791			ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
7792
7793	0	0	if(getall) {
7794	0		sir = OCSP_resp_get0(bsr,i);
7795			} else {
7796			STRLEN len;
7797			const unsigned char *p;
7798
7799	0		idsv = ST(i+1);
7800	0	0	if (!SvOK(idsv)) croak("undefined certid in arguments");
		0
		0
7801	0	0	p = (unsigned char*)SvPV(idsv,len);
7802	0	0	if (!(certid = d2i_OCSP_CERTID(NULL,&p,len))) {
7803	0		error = "failed to get OCSP certid from string";
7804	0		goto end;
7805			}
7806	0		first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
7807	0	0	if (first >= 0)
7808	0		sir = OCSP_resp_get0(bsr,first);
7809			}
7810
7811	0	0	if (sir)
7812			{
7813			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7814			status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
7815			#else
7816	0		status = sir->certStatus->type;
7817	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED)
7818	0		revocationTime = sir->certStatus->value.revoked->revocationTime;
7819	0		thisupdate = sir->thisUpdate;
7820	0		nextupdate = sir->nextUpdate;
7821			#endif
7822	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7823	0		error = "certificate status is revoked";
7824	0	0	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
7825	0		error = "certificate status is unknown";
7826			}
7827	0	0	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
7828	0		error = "response not yet valid or expired";
7829			}
7830			} else {
7831	0		error = "cannot find entry for certificate in OCSP response";
7832			}
7833
7834			end:
7835	0	0	if (want_array) {
7836	0		AV *idav = newAV();
7837	0	0	if (!idsv) {
7838			/* getall: create new SV with OCSP_CERTID */
7839			unsigned char pi,pc;
7840			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7841			int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
7842			#else
7843	0		int len = i2d_OCSP_CERTID(sir->certId,NULL);
7844			#endif
7845	0	0	if(!len) continue;
7846	0		Newx(pc,len,unsigned char);
7847	0	0	if (!pc) croak("out of memory");
7848	0		pi = pc;
7849			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7850			i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
7851			#else
7852	0		i2d_OCSP_CERTID(sir->certId,&pi);
7853			#endif
7854	0		idsv = newSVpv((char*)pc,len);
7855	0		Safefree(pc);
7856			} else {
7857			/* reuse idsv from ST(..), but increment refcount */
7858	0		idsv = SvREFCNT_inc(idsv);
7859			}
7860	0		av_push(idav, idsv);
7861	0	0	av_push(idav, error ? newSVpv(error,0) : newSV(0));
7862	0	0	if (sir) {
7863	0		HV *details = newHV();
7864	0		av_push(idav,newRV_noinc((SV*)details));
7865	0		hv_store(details,"statusType",10,
7866			newSViv(status),0);
7867	0	0	if (nextupdate) hv_store(details,"nextUpdate",10,
7868			newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
7869	0	0	if (thisupdate) hv_store(details,"thisUpdate",10,
7870			newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
7871	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7872			#if OPENSSL_VERSION_NUMBER < 0x10100000L
7873	0		OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
7874	0		revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
7875			#endif
7876	0		hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
7877	0		hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
7878	0		hv_store(details,"revocationReason_str",20,newSVpv(
7879			OCSP_crl_reason_str(revocationReason),0),0);
7880			}
7881			}
7882	0	0	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
7883	0	0	} else if (!error) {
7884			/* compute lowest nextUpdate */
7885	0		time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
7886	0	0	if (!nextupd \|\| nextupd>nu) nextupd = nu;
		0
7887			}
7888
7889	0	0	if (certid) OCSP_CERTID_free(certid);
7890	0	0	if (error && !want_array) {
		0
7891	0		OCSP_BASICRESP_free(bsr);
7892	0		croak("%s", error);
7893			}
7894			}
7895	0		OCSP_BASICRESP_free(bsr);
7896	0	0	if (!want_array)
7897	0	0	XPUSHs(sv_2mortal(newSViv(nextupd)));
7898
7899
7900
7901			#endif
7902
7903			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
7904
7905			int
7906			SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
7907			SSL_CTX * ctx
7908			SV * callback
7909			SV * data
7910			CODE:
7911	1		RETVAL = 1;
7912	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7913	0		SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
7914	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7915	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL);
7916			PR1("SSL_CTX_set_alpn_select_cb - undef\n");
7917			}
7918	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7919			/* callback param array ref like ['proto1','proto2'] */
7920	1		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7921	1		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback));
7922	1		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7923			PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx);
7924			}
7925	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7926	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback));
7927	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data));
7928	0		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7929			PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx);
7930			}
7931			else {
7932	0		RETVAL = 0;
7933			}
7934			OUTPUT:
7935			RETVAL
7936
7937			int
7938			SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef)
7939			SSL_CTX * ctx
7940			SV * data
7941			PREINIT:
7942			unsigned char *alpn_data;
7943			unsigned char alpn_len;
7944
7945			CODE:
7946	1		RETVAL = -1;
7947
7948	1	50	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		50
7949	0		croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n");
7950	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7951	1		Newx(alpn_data, alpn_len, unsigned char);
7952	1	50	if (!alpn_data)
7953	0		croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n");
7954	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7955	1		RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len);
7956	1		Safefree(alpn_data);
7957
7958			OUTPUT:
7959			RETVAL
7960
7961			int
7962			SSL_set_alpn_protos(ssl,data=&PL_sv_undef)
7963			SSL * ssl
7964			SV * data
7965			PREINIT:
7966			unsigned char *alpn_data;
7967			unsigned char alpn_len;
7968
7969			CODE:
7970	0		RETVAL = -1;
7971
7972	0	0	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		0
7973	0		croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n");
7974	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7975	0		Newx(alpn_data, alpn_len, unsigned char);
7976	0	0	if (!alpn_data)
7977	0		croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n");
7978	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7979	0		RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len);
7980	0		Safefree(alpn_data);
7981
7982			OUTPUT:
7983			RETVAL
7984
7985			void
7986			P_alpn_selected(s)
7987			const SSL *s
7988			PREINIT:
7989			const unsigned char *data;
7990			unsigned int len;
7991			PPCODE:
7992	2		SSL_get0_alpn_selected(s, &data, &len);
7993	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7994
7995			#endif
7996
7997			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
7998
7999			void
8000			SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
8001			SSL * ssl
8002			int outlen
8003			SV * context
8004			PREINIT:
8005			unsigned char * out;
8006			STRLEN llen;
8007	15		STRLEN contextlen = 0;
8008	15		char *context_arg = NULL;
8009	15		int use_context = 0;
8010			int ret;
8011			INPUT:
8012			char * label = SvPV( ST(2), llen);
8013			PPCODE:
8014	15		Newx(out, outlen, unsigned char);
8015
8016	15	100	if (context != &PL_sv_undef) {
8017	9		use_context = 1;
8018	9	50	context_arg = SvPV( ST(3), contextlen);
8019			}
8020	15		ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context);
8021	15	50	PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0)));
8022	15	50	EXTEND(SP, 1);
8023	15		Safefree(out);
8024
8025			#endif
8026
8027			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
8028
8029			OSSL_LIB_CTX *
8030			OSSL_LIB_CTX_get0_global_default()
8031
8032
8033			OSSL_PROVIDER *
8034			OSSL_PROVIDER_load(SV libctx, const char name)
8035			CODE:
8036			OSSL_LIB_CTX *ctx = NULL;
8037			if (libctx != &PL_sv_undef)
8038			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8039			RETVAL = OSSL_PROVIDER_load(ctx, name);
8040			if (RETVAL == NULL)
8041			XSRETURN_UNDEF;
8042			OUTPUT:
8043			RETVAL
8044
8045			OSSL_PROVIDER *
8046			OSSL_PROVIDER_try_load(SV libctx, const char name, int retain_fallbacks)
8047			CODE:
8048			OSSL_LIB_CTX *ctx = NULL;
8049			if (libctx != &PL_sv_undef)
8050			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8051			RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
8052			if (RETVAL == NULL)
8053			XSRETURN_UNDEF;
8054			OUTPUT:
8055			RETVAL
8056
8057			int
8058			OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
8059
8060			int
8061			OSSL_PROVIDER_available(SV libctx, const char name)
8062			CODE:
8063			OSSL_LIB_CTX *ctx = NULL;
8064			if (libctx != &PL_sv_undef)
8065			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8066			RETVAL = OSSL_PROVIDER_available(ctx, name);
8067			OUTPUT:
8068			RETVAL
8069
8070			int
8071			OSSL_PROVIDER_do_all(SV libctx, SV perl_cb, SV *perl_cbdata = &PL_sv_undef)
8072			PREINIT:
8073			simple_cb_data_t* cbdata = NULL;
8074			CODE:
8075			OSSL_LIB_CTX *ctx = NULL;
8076			if (libctx != &PL_sv_undef)
8077			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8078
8079			/* setup our callback */
8080			cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
8081			RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
8082			simple_cb_data_free(cbdata);
8083			OUTPUT:
8084			RETVAL
8085
8086			const char *
8087			OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
8088
8089			int
8090			OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
8091
8092			#endif
8093
8094			#define REM_EOF "/* EOF - SSLeay.xs */"