File Coverage

SSLeay.xs

Criterion	Covered	Total	%
statement	1350	2351	57.4
branch	691	1788	38.6
condition			n/a
subroutine			n/a
pod			n/a
total	2041	4139	49.3

line	stmt	bran	code
1			/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
2			*
3			* Copyright (c) 1996-2003 Sampo Kellomäki
4			* Copyright (c) 2005-2010 Florian Ragwitz
5			* Copyright (c) 2005-2018 Mike McCauley
6			* Copyright (c) 2018 Tuure Vartiainen
7			* Copyright (c) 2018- Chris Novakovic
8			* Copyright (c) 2018- Heikki Vatiainen
9			*
10			* All rights reserved.
11			*
12			* Change data removed. See Changes
13			*
14			* This module is released under the terms of the Artistic License 2.0. For
15			* details, see the LICENSE file.
16			*/
17
18			/* ####
19			* #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! ####
20			* ####
21			*
22			* Function naming conventions:
23			*
24			* 1/ never change the already existing function names (all calling convention) in a way
25			* that may cause backward incompatibility (e.g. add ALIAS with old name if necessary)
26			*
27			* 2/ it is recommended to keep the original openssl function names for functions that are:
28			*
29			* 1:1 wrappers to the original openssl functions
30			* see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert)
31			*
32			* nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling
33			* see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf)
34			*
35			* 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix
36			* (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without
37			* "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions
38			*
39			* 4/ The names of functions which do not fit rule 2/ (which means they implement some non
40			* trivial code around original openssl function or do more complex tasks) should be
41			* prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime
42			*
43			* 5/ Exceptions from rules above:
44			* functions that are part or wider set of already existing function not following this rule
45			* for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want
46			* to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_")
47			*
48			* Support for different Perl versions, libssl implementations, platforms, and compilers:
49			*
50			* 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the
51			* "Prerequisites" section in the README file). The test suite must pass when run on any
52			* of those version combinations.
53			*
54			* 2/ Fix all compiler warnings - we expect 100% clean build
55			*
56			* 3/ If you add a function which is available since certain openssl version
57			* use proper #ifdefs to assure that SSLeay.xs will compile also with older versions
58			* which are missing this function
59			*
60			* 4/ Even warnings arising from different use of "const" in different openssl versions
61			* needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt
62			*
63			* 5/ avoid using global C variables (it is very likely to break thread-safetyness)
64			* use rather global MY_CXT structure
65			*
66			* 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must
67			* compile also on non-UNIX platforms like MS Windows and others
68			*
69			* 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler)
70			* even if your compiler can handle them without warnings
71			*
72			* Passing test suite:
73			*
74			* 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite
75			*
76			* 2/ it is strongly recommended to create test(s) for newly added function(s), especially
77			* when the new function is not only a 1:1 wrapper but contains a complex code
78			*
79			* 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod
80			* otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into
81			* your patch)
82			*
83			* Preferred code layout:
84			*
85			* 1/ for simple 1:1 XS wrappers use:
86			*
87			* a/ functions with short "signature" (short list of args):
88			*
89			* long
90			* SSL_set_tmp_dh(SSL ssl,DH dh)
91			*
92			* b/ functions with long "signature" (long list of args):
93			* simply when approach a/ does not fit to 120 columns
94			*
95			* void
96			* SSL_any_functions(library_flag,function_name,reason,file_name,line)
97			* int library_flag
98			* int function_name
99			* int reason
100			* char *file_name
101			* int line
102			*
103			* 2/ for XS functions with full implementation use identation like this:
104			*
105			* int
106			* RAND_bytes(buf, num)
107			* SV *buf
108			* int num
109			* PREINIT:
110			* int rc;
111			* unsigned char *random;
112			* CODE:
113			* / * some code here * /
114			* RETVAL = rc;
115			* OUTPUT:
116			* RETVAL
117			*
118			*
119			* Runtime debugging:
120			*
121			* with TRACE(level,fmt,...) you can output debug messages.
122			* it behaves the same as
123			* warn sprintf($msg,...) if $Net::SSLeay::trace>=$level
124			* would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable)
125			*
126			*
127			* THE LAST RULE:
128			*
129			* The fact that some parts of SSLeay.xs do not follow the rules above is not
130			* a reason why any new code can also break these rules in the same way
131			*
132			*/
133
134			/* Prevent warnings about strncpy from Windows compilers */
135
136			#ifndef _CRT_SECURE_NO_DEPRECATE
137			# define _CRT_SECURE_NO_DEPRECATE
138			#endif
139
140			/* Silence compound-token-split-by-macro warnings from perl.h when building for
141			* Perl < 5.35.2 with Clang >= 12 - see GH-383
142			*/
143			#if NET_SSLEAY_PERL_VERSION < 5035002 && defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 12
144			#pragma clang diagnostic ignored "-Wunknown-warning-option"
145			#pragma clang diagnostic ignored "-Wcompound-token-split-by-macro"
146			#pragma clang diagnostic warning "-Wunknown-warning-option"
147			#endif
148
149			#include "EXTERN.h"
150			#include "perl.h"
151			#include "XSUB.h"
152			#include
153			#define NEED_my_snprintf
154			#include "ppport.h"
155
156			/* Sigh: openssl 1.0 has
157			typedef void *BLOCK;
158			which conflicts with perls
159			typedef struct block BLOCK;
160			*/
161			#define BLOCK OPENSSL_BLOCK
162			#include
163			#include
164			#include
165			#include
166			#include
167			#include
168			#include
169			#ifndef OPENSSL_NO_COMP
170			#include /* openssl-0.9.6a forgets to include this */
171			#endif
172			#ifndef OPENSSL_NO_MD2
173			#include
174			#endif
175			#ifndef OPENSSL_NO_MD4
176			#include
177			#endif
178			#ifndef OPENSSL_NO_MD5
179			#include /* openssl-SNAP-20020227 does not automatically include this */
180			#endif
181			#include
182			#include
183			#include
184			#ifndef OPENSSL_NO_ENGINE
185			#include
186			#endif
187			#ifdef OPENSSL_FIPS
188			#include
189			#endif
190			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
191			#include
192			#endif
193			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
194			#include
195			#endif
196			#undef BLOCK
197
198			/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and
199			* related functions return uint64_t instead of long. For this reason
200			* constant() in constant.c and Net::SSLeay must also be able to
201			* return 64bit constants. However, this creates a problem with Perls
202			* that have only 32 bit integers. The define below helps with
203			* handling this API change.
204			*/
205			#if (OPENSSL_VERSION_NUMBER < 0x30000000L) \|\| defined(NET_SSLEAY_32BIT_INT_PERL)
206			#define NET_SSLEAY_32BIT_CONSTANTS
207			#endif
208
209			/* Debugging output - to enable use:
210			*
211			* perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
212			* make
213			*
214			*/
215
216			#ifdef SHOW_XS_DEBUG
217			#define PR1(s) fprintf(stderr,s);
218			#define PR2(s,t) fprintf(stderr,s,t);
219			#define PR3(s,t,u) fprintf(stderr,s,t,u);
220			#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v);
221			#else
222			#define PR1(s)
223			#define PR2(s,t)
224			#define PR3(s,t,u)
225			#define PR4(s,t,u,v)
226			#endif
227
228	1		static void TRACE(int level,const char *msg,...) {
229			va_list args;
230	1		SV *trace = get_sv("Net::SSLeay::trace",0);
231	1	50	if (trace && SvIOK(trace) && SvIV(trace)>=level) {
		50
		50
232			char buf[4096];
233	0		va_start(args,msg);
234	0		vsnprintf(buf,4095,msg,args);
235	0		warn("%s",buf);
236	0		va_end(args);
237			}
238	1		}
239
240			#include "constants.c"
241
242			/* ============= thread-safety related stuff ============== */
243
244			#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION
245
246			typedef struct {
247			HV* global_cb_data;
248			UV tid;
249			} my_cxt_t;
250			START_MY_CXT
251
252			#ifdef USE_ITHREADS
253			static perl_mutex LIB_init_mutex;
254			#if OPENSSL_VERSION_NUMBER < 0x10100000L
255			static perl_mutex *GLOBAL_openssl_mutex = NULL;
256			#endif
257			#endif
258			static int LIB_initialized;
259
260	58		UV get_my_thread_id(void) /* returns threads->tid() value */
261			{
262	58		dSP;
263	58		UV tid = 0;
264			#ifdef USE_ITHREADS
265			int count = 0;
266
267			ENTER;
268			SAVETMPS;
269			PUSHMARK(SP);
270			XPUSHs(sv_2mortal(newSVpv("threads", 0)));
271			PUTBACK;
272			count = call_method("tid", G_SCALAR\|G_EVAL);
273			SPAGAIN;
274			/* Caution: recent perls do not appear support threads->tid() */
275			if (SvTRUE(ERRSV) \|\| count != 1)
276			{
277			/* if compatible threads not loaded or an error occurs return 0 */
278			tid = 0;
279			}
280			else
281			tid = (UV)POPi;
282			PUTBACK;
283			FREETMPS;
284			LEAVE;
285			#endif
286
287	58		return tid;
288			}
289
290			/* IMPORTANT NOTE:
291			* openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html
292			* we implement both static and dynamic locking as described on URL above
293			* locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer
294			* we intentionally do not implement cleanup of openssl's threading as it causes troubles
295			* with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay
296			*/
297			#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
298
299
300			#if OPENSSL_VERSION_NUMBER < 0x10100000L
301			static void openssl_locking_function(int mode, int type, const char *file, int line)
302			{
303			PR3("openssl_locking_function %d %d\n", mode, type);
304
305			if (!GLOBAL_openssl_mutex) return;
306			if (mode & CRYPTO_LOCK)
307			MUTEX_LOCK(&GLOBAL_openssl_mutex[type]);
308			else
309			MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]);
310			}
311
312			#if OPENSSL_VERSION_NUMBER < 0x10000000L
313			static unsigned long openssl_threadid_func(void)
314			{
315			dMY_CXT;
316			return (unsigned long)(MY_CXT.tid);
317			}
318			#else
319			void openssl_threadid_func(CRYPTO_THREADID *id)
320			{
321			dMY_CXT;
322			CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid));
323			}
324			#endif
325
326			struct CRYPTO_dynlock_value
327			{
328			perl_mutex mutex;
329			};
330
331			struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line)
332			{
333			struct CRYPTO_dynlock_value *retval;
334			New(0, retval, 1, struct CRYPTO_dynlock_value);
335			if (!retval) return NULL;
336			MUTEX_INIT(&retval->mutex);
337			return retval;
338			}
339
340			void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value l, const char file, int line)
341			{
342			if (!l) return;
343			if (mode & CRYPTO_LOCK)
344			MUTEX_LOCK(&l->mutex);
345			else
346			MUTEX_UNLOCK(&l->mutex);
347			}
348
349			void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value l, const char file, int line)
350			{
351			if (!l) return;
352			MUTEX_DESTROY(&l->mutex);
353			Safefree(l);
354			}
355			#endif
356
357			void openssl_threads_init(void)
358			{
359			int i;
360
361			PR1("STARTED: openssl_threads_init\n");
362
363			#if OPENSSL_VERSION_NUMBER < 0x10100000L
364			/* initialize static locking */
365			if ( !CRYPTO_get_locking_callback() ) {
366			#if OPENSSL_VERSION_NUMBER < 0x10000000L
367			if ( !CRYPTO_get_id_callback() ) {
368			#else
369			if ( !CRYPTO_THREADID_get_callback() ) {
370			#endif
371			PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks());
372			New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex);
373			if (!GLOBAL_openssl_mutex) return;
374			for (i=0; i
375			CRYPTO_set_locking_callback((void ()(int,int,const char ,int))openssl_locking_function);
376
377			#ifndef WIN32
378			/* no need for threadid_func() on Win32 */
379			#if OPENSSL_VERSION_NUMBER < 0x10000000L
380			CRYPTO_set_id_callback(openssl_threadid_func);
381			#else
382			CRYPTO_THREADID_set_callback(openssl_threadid_func);
383			#endif
384			#endif
385			}
386			}
387
388			/* initialize dynamic locking */
389			if ( !CRYPTO_get_dynlock_create_callback() &&
390			!CRYPTO_get_dynlock_lock_callback() &&
391			!CRYPTO_get_dynlock_destroy_callback() ) {
392			PR1("openssl_threads_init dynamic locking\n");
393			CRYPTO_set_dynlock_create_callback(openssl_dynlocking_create_function);
394			CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
395			CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
396			}
397			#endif
398			}
399
400			#endif
401
402			/* ============= typedefs to agument TYPEMAP ============== */
403
404			typedef void callback_no_ret(void);
405			typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
406			typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
407
408			typedef STACK_OF(X509_NAME) X509_NAME_STACK;
409
410			typedef int perl_filehandle_t;
411
412			/* ======= special handler used by EVP_MD_do_all_sorted ======= */
413
414			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
415	112		static void handler_list_md_fn(const EVP_MD m, const char from, const char to, void arg)
416			{
417			/* taken from apps/dgst.c */
418			const char *mname;
419	112	100	if (!m) return; /* Skip aliases */
420	42		mname = OBJ_nid2ln(EVP_MD_type(m));
421	42	50	if (strcmp(from, mname)) return; /* Skip shortnames */
422			#if OPENSSL_VERSION_NUMBER < 0x10100000L
423			if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
424			#endif
425	42	50	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
426	42		av_push((AV *)arg, newSVpv(mname,0));
427			}
428			#endif
429
430			/* ============= callbacks - basic info =============
431			*
432			* PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!!
433			*
434			* There are basically 2 types of callbacks used in SSLeay:
435			*
436			* 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS.
437			* These callbacks use a special C structure simple_cb_data_t to pass necessary data.
438			* There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free()
439			* For example see implementation of these functions:
440			* - RSA_generate_key
441			* - PEM_read_bio_PrivateKey
442			*
443			* 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These
444			* callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time.
445			* There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating
446			* global hash MY_CXT.global_cb_data which work like this:
447			* cb_data_advanced_put(, "data_name", dataSV)
448			* >>>
449			* global_cb_data->{"ptr_"}->{"data_name"} = dataSV)
450			* or
451			* data = cb_data_advanced_get(, "data_name")
452			* >>>
453			* my $data = global_cb_data->{"ptr_"}->{"data_name"}
454			* For example see implementation of these functions:
455			* - SSL_CTX_set_verify
456			* - SSL_set_verify
457			* - SSL_CTX_set_cert_verify_callback
458			* - SSL_CTX_set_default_passwd_cb
459			* - SSL_CTX_set_default_passwd_cb_userdata
460			* - SSL_set_session_secret_cb
461			*
462			* If you want to add a new callback:
463			* - you very likely need a new function "your_callback_name_invoke()"
464			* - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions)
465			* - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before)
466			*
467			*/
468
469			/* ============= callback stuff - generic functions============== */
470
471			struct _ssleay_cb_t {
472			SV* func;
473			SV* data;
474			};
475			typedef struct _ssleay_cb_t simple_cb_data_t;
476
477	10		simple_cb_data_t* simple_cb_data_new(SV* func, SV* data)
478			{
479			simple_cb_data_t* cb;
480	10		New(0, cb, 1, simple_cb_data_t);
481	10	50	if (cb) {
482	10		SvREFCNT_inc(func);
483	10		SvREFCNT_inc(data);
484	10		cb->func = func;
485	10	100	cb->data = (data == &PL_sv_undef) ? NULL : data;
486			}
487	10		return cb;
488			}
489
490	9		void simple_cb_data_free(simple_cb_data_t* cb)
491			{
492	9	50	if (cb) {
493	9	50	if (cb->func) {
494	9		SvREFCNT_dec(cb->func);
495	9		cb->func = NULL;
496			}
497	9	100	if (cb->data) {
498	2		SvREFCNT_dec(cb->data);
499	2		cb->data = NULL;
500			}
501			}
502	9		Safefree(cb);
503	9		}
504
505	575		int cb_data_advanced_put(const void ptr, const char data_name, SV* data)
506			{
507			HV * L2HV;
508			SV ** svtmp;
509			int len;
510			char key_name[500];
511			dMY_CXT;
512
513	575		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
514	575	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
515
516			/* get or create level-2 hash */
517	575		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
518	575	100	if (svtmp == NULL) {
519	292		L2HV = newHV();
520	292		hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0);
521			}
522			else {
523	283	50	if (!SvOK(svtmp) \|\| !SvROK(svtmp)) return 0;
		50
524			#if defined(MUTABLE_PTR)
525	283		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
526			#else
527			L2HV = (HV)(SvRV(svtmp));
528			#endif
529			}
530
531			/* first delete already stored value */
532	575		hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD);
533	575	100	if (data!=NULL) {
534	565	100	if (SvOK(data))
535	316		hv_store(L2HV, data_name, strlen(data_name), data, 0);
536			else
537			/* we're not storing data so discard it */
538	249		SvREFCNT_dec(data);
539			}
540
541	575		return 1;
542			}
543
544	1614		SV* cb_data_advanced_get(const void ptr, const char data_name)
545			{
546			HV * L2HV;
547			SV ** svtmp;
548			int len;
549			char key_name[500];
550			dMY_CXT;
551
552	1614		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
553	1614	50	if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/
554
555			/* get level-2 hash */
556	1614		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
557	1614	100	if (svtmp == NULL) return &PL_sv_undef;
558	1610	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
559	1610	50	if (!SvROK(*svtmp)) return &PL_sv_undef;
560			#if defined(MUTABLE_PTR)
561	1610		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
562			#else
563			L2HV = (HV)(SvRV(svtmp));
564			#endif
565
566			/* get stored data */
567	1610		svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0);
568	1610	100	if (svtmp == NULL) return &PL_sv_undef;
569	922	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
570
571	922		return *svtmp;
572			}
573
574	568		int cb_data_advanced_drop(const void *ptr)
575			{
576			int len;
577			char key_name[500];
578			dMY_CXT;
579
580	568		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
581	568	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
582
583	568		hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD);
584	568		return 1;
585			}
586
587			/* ============= callback stuff - invoke functions ============== */
588
589	21		static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store)
590			{
591	21		dSP;
592			SSL* ssl;
593	21		int count = -1, res;
594			SV *cb_func;
595
596			PR1("STARTED: ssleay_verify_callback_invoke\n");
597	21		ssl = (SSL *)X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx());
598	21		cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func");
599
600	21	100	if (!SvOK(cb_func)) {
601	3		SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
602	3		cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func");
603			}
604
605	21	50	if (!SvOK(cb_func))
606	0		croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n");
607
608	21		ENTER;
609	21		SAVETMPS;
610
611			PR2("verify callback glue ok=%d\n", ok);
612
613	21	50	PUSHMARK(sp);
614	21	50	EXTEND( sp, 2 );
615	21		PUSHs( sv_2mortal(newSViv(ok)) );
616	21		PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) );
617	21		PUTBACK;
618
619			PR1("About to call verify callback.\n");
620	21		count = call_sv(cb_func, G_SCALAR);
621			PR1("Returned from verify callback.\n");
622
623	21		SPAGAIN;
624
625	21	50	if (count != 1)
626	0		croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n");
627
628	21		res = POPi;
629
630	21		PUTBACK;
631	21	50	FREETMPS;
632	21		LEAVE;
633
634	21		return res;
635			}
636
637	5		static int ssleay_ctx_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
638			{
639	5		dSP;
640	5		int count = -1;
641			char *res;
642			SV cb_func, cb_data;
643
644			PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n");
645	5		cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func");
646	5		cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data");
647
648	5	50	if(!SvOK(cb_func))
649	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
650
651	5		ENTER;
652	5		SAVETMPS;
653
654	5	50	PUSHMARK(sp);
655	5	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
656	5	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
657	5		PUTBACK;
658
659	5		count = call_sv( cb_func, G_SCALAR );
660
661	5		SPAGAIN;
662
663	5	50	if (count != 1)
664	0		croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n");
665
666	5		res = POPp;
667
668	5	50	if (res == NULL) {
669	0		*buf = '\0';
670			} else {
671	5		strncpy(buf, res, size);
672	5		buf[size - 1] = '\0';
673			}
674
675	5		PUTBACK;
676	5	50	FREETMPS;
677	5		LEAVE;
678
679	5		return strlen(buf);
680			}
681
682			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */
683			#ifndef LIBRESSL_VERSION_NUMBER
684	6		static int ssleay_ssl_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
685			{
686	6		dSP;
687	6		int count = -1;
688			char *res;
689			SV cb_func, cb_data;
690
691			PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n");
692	6		cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func");
693	6		cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data");
694
695	6	50	if(!SvOK(cb_func))
696	0		croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n");
697
698	6		ENTER;
699	6		SAVETMPS;
700
701	6	50	PUSHMARK(sp);
702	6	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
703	6	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
704	6		PUTBACK;
705
706	6		count = call_sv( cb_func, G_SCALAR );
707
708	6		SPAGAIN;
709
710	6	50	if (count != 1)
711	0		croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n");
712
713	6		res = POPp;
714
715	6	50	if (res == NULL) {
716	0		*buf = '\0';
717			} else {
718	6		strncpy(buf, res, size);
719	6		buf[size - 1] = '\0';
720			}
721
722	6		PUTBACK;
723	6	50	FREETMPS;
724	6		LEAVE;
725
726	6		return strlen(buf);
727			}
728			#endif /* !LibreSSL */
729			#endif /* >= 1.1.0f */
730
731	1		int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data)
732			{
733	1		dSP;
734	1		int count = -1;
735			int res;
736			SV * cb_func, *cb_data;
737
738			PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n");
739
740	1		cb_func = cb_data_advanced_get(data, "ssleay_ctx_cert_verify_cb!!func");
741	1		cb_data = cb_data_advanced_get(data, "ssleay_ctx_cert_verify_cb!!data");
742
743	1	50	if(!SvOK(cb_func))
744	0		croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n");
745
746	1		ENTER;
747	1		SAVETMPS;
748
749	1	50	PUSHMARK(SP);
750	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx))));
751	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
752	1		PUTBACK;
753
754	1		count = call_sv(cb_func, G_SCALAR);
755
756	1		SPAGAIN;
757
758	1	50	if (count != 1)
759	0		croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n");
760
761	1		res = POPi;
762
763	1		PUTBACK;
764	1	50	FREETMPS;
765	1		LEAVE;
766
767	1		return res;
768			}
769
770			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
771
772	0		int tlsext_servername_callback_invoke(SSL ssl, int ad, void *arg)
773			{
774	0		dSP;
775	0		int count = -1;
776			int res;
777			SV * cb_func, *cb_data;
778
779			PR1("STARTED: tlsext_servername_callback_invoke\n");
780
781	0		cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func");
782	0		cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data");
783
784	0	0	if(!SvOK(cb_func))
785	0		croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n");
786
787	0		ENTER;
788	0		SAVETMPS;
789
790	0	0	PUSHMARK(SP);
791	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
792	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
793	0		PUTBACK;
794
795	0		count = call_sv(cb_func, G_SCALAR);
796
797	0		SPAGAIN;
798
799	0	0	if (count != 1)
800	0		croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n");
801
802	0		res = POPi;
803
804	0		PUTBACK;
805	0	0	FREETMPS;
806	0		LEAVE;
807
808	0		return res;
809			}
810
811			#endif
812
813			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT)
814
815	0		int tlsext_status_cb_invoke(SSL ssl, void arg)
816			{
817	0		dSP;
818			SV cb_func, cb_data;
819	0		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
820	0		int len,res,nres = -1;
821	0		const unsigned char *p = NULL;
822	0		OCSP_RESPONSE *ocsp_response = NULL;
823
824	0		cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func");
825	0		cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data");
826
827	0	0	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		0
828	0		croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n");
829
830	0		len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
831	0	0	if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len);
832
833	0		ENTER;
834	0		SAVETMPS;
835
836	0	0	PUSHMARK(SP);
837	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
838	0		PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) );
839	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
840	0		PUTBACK;
841
842	0		nres = call_sv(cb_func, G_SCALAR);
843	0	0	if (ocsp_response) OCSP_RESPONSE_free(ocsp_response);
844
845	0		SPAGAIN;
846
847	0	0	if (nres != 1)
848	0		croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n");
849
850	0		res = POPi;
851
852	0		PUTBACK;
853	0	0	FREETMPS;
854	0		LEAVE;
855
856	0		return res;
857			}
858
859	1		int session_ticket_ext_cb_invoke(SSL ssl, const unsigned char data, int len, void *arg)
860			{
861	1		dSP;
862			SV cb_func, cb_data;
863	1		int res,nres = -1;
864
865	1		cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func");
866	1		cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data");
867
868	1	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
869	0		croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n");
870
871	1		ENTER;
872	1		SAVETMPS;
873
874	1	50	PUSHMARK(SP);
875	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
876	1	50	XPUSHs(sv_2mortal(newSVpvn((const char *)data, len)));
877	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
878	1		PUTBACK;
879
880	1		nres = call_sv(cb_func, G_SCALAR);
881
882	1		SPAGAIN;
883
884	1	50	if (nres != 1)
885	0		croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n");
886
887	1		res = POPi;
888
889	1		PUTBACK;
890	1	50	FREETMPS;
891	1		LEAVE;
892
893	1		return res;
894			}
895
896			#endif
897
898			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
899
900	0		int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
901			STACK_OF(SSL_CIPHER) *peer_ciphers,
902			const SSL_CIPHER *cipher, void arg)
903			{
904	0		dSP;
905	0		int count = -1, res, i;
906	0		AV *ciphers = newAV();
907	0		SV *pref_cipher = sv_newmortal();
908			SV * cb_func, *cb_data;
909			SV * secretsv;
910
911			PR1("STARTED: ssleay_session_secret_cb_invoke\n");
912	0		cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
913	0		cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data");
914
915	0	0	if(!SvOK(cb_func))
916	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
917
918	0		ENTER;
919	0		SAVETMPS;
920
921	0	0	PUSHMARK(SP);
922	0		secretsv = sv_2mortal( newSVpv((const char )secret, secret_len));
923	0	0	XPUSHs(secretsv);
924	0	0	for (i=0; i
925	0		const SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
926	0		av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
927			}
928	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)ciphers)));
929	0	0	XPUSHs(sv_2mortal(newRV_inc(pref_cipher)));
930	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
931
932	0		PUTBACK;
933
934	0		count = call_sv( cb_func, G_SCALAR );
935
936	0		SPAGAIN;
937
938	0	0	if (count != 1)
939	0		croak ("Net::SSLeay: ssleay_session_secret_cb_invoke perl function did not return a scalar.\n");
940
941	0		res = POPi;
942	0	0	if (res) {
943			/* See if there is a preferred cipher selected, if so it is an index into the stack */
944	0	0	if (SvIOK(pref_cipher))
945	0		*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
946
947			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
948			{
949			/* Use any new master secret set by the callback function in secret */
950			STRLEN newsecretlen;
951	0		char* newsecretdata = SvPV(secretsv, newsecretlen);
952	0	0	if (secret_len < 0 \|\| newsecretlen > (STRLEN)secret_len)
		0
953	0		croak("Net::SSLeay: ssleay_session_secret_cb_invoke perl function returned too long secret: %ld > %ld.\n", (long)newsecretlen, (long)*secret_len);
954	0		memcpy(secret, newsecretdata, newsecretlen);
955	0		*secret_len = newsecretlen;
956			}
957			#endif
958			}
959
960	0		PUTBACK;
961	0	0	FREETMPS;
962	0		LEAVE;
963
964	0		return res;
965			}
966
967			#endif
968
969			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK)
970			#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
971
972	0		unsigned int ssleay_set_psk_client_callback_invoke(SSL ssl, const char hint,
973			char *identity, unsigned int max_identity_len,
974			unsigned char *psk, unsigned int max_psk_len)
975			{
976	0		dSP;
977	0		int count = -1;
978			char identity_val, psk_val;
979	0		unsigned int psk_len = 0;
980	0		BIGNUM *psk_bn = NULL;
981			SV * cb_func;
982			SV * hintsv;
983			/* this n_a is required for building with old perls: */
984			STRLEN n_a;
985
986			PR1("STARTED: ssleay_set_psk_client_callback_invoke\n");
987	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func");
988
989	0	0	if(!SvOK(cb_func))
990	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
991
992	0		ENTER;
993	0		SAVETMPS;
994
995	0	0	PUSHMARK(SP);
996	0	0	if (hint != NULL) {
997	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
998	0	0	XPUSHs(hintsv);
999			}
1000
1001	0		PUTBACK;
1002
1003	0		count = call_sv( cb_func, G_LIST );
1004
1005	0		SPAGAIN;
1006
1007	0	0	if (count != 2)
1008	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1009
1010	0		psk_val = POPpx;
1011	0		identity_val = POPpx;
1012
1013	0		my_snprintf(identity, max_identity_len, "%s", identity_val);
1014
1015	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1016	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1017	0		psk_len = BN_bn2bin(psk_bn, psk);
1018			}
1019	0		BN_free(psk_bn);
1020			}
1021
1022	0		PUTBACK;
1023	0	0	FREETMPS;
1024	0		LEAVE;
1025
1026	0		return psk_len;
1027			}
1028
1029	0		unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL ssl, const char hint,
1030			char *identity, unsigned int max_identity_len,
1031			unsigned char *psk, unsigned int max_psk_len)
1032			{
1033	0		dSP;
1034			SSL_CTX *ctx;
1035	0		int count = -1;
1036			char identity_val, psk_val;
1037	0		unsigned int psk_len = 0;
1038	0		BIGNUM *psk_bn = NULL;
1039			SV * cb_func;
1040			SV * hintsv;
1041			/* this n_a is required for building with old perls: */
1042			STRLEN n_a;
1043
1044	0		ctx = SSL_get_SSL_CTX(ssl);
1045
1046			PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n");
1047	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func");
1048
1049	0	0	if(!SvOK(cb_func))
1050	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1051
1052	0		ENTER;
1053	0		SAVETMPS;
1054
1055	0	0	PUSHMARK(SP);
1056	0	0	if (hint != NULL) {
1057	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1058	0	0	XPUSHs(hintsv);
1059			}
1060
1061	0		PUTBACK;
1062
1063	0		count = call_sv( cb_func, G_LIST );
1064
1065	0		SPAGAIN;
1066
1067	0	0	if (count != 2)
1068	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1069
1070	0		psk_val = POPpx;
1071	0		identity_val = POPpx;
1072
1073	0		my_snprintf(identity, max_identity_len, "%s", identity_val);
1074
1075	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1076	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1077	0		psk_len = BN_bn2bin(psk_bn, psk);
1078			}
1079	0		BN_free(psk_bn);
1080			}
1081
1082	0		PUTBACK;
1083	0	0	FREETMPS;
1084	0		LEAVE;
1085
1086	0		return psk_len;
1087			}
1088
1089	0		unsigned int ssleay_set_psk_server_callback_invoke(SSL ssl, const char identity,
1090			unsigned char *psk, unsigned int max_psk_len)
1091			{
1092	0		dSP;
1093	0		int count = -1;
1094	0		unsigned int psk_len = 0;
1095			SV * cb_func, *psk_sv;
1096
1097			PR1("STARTED: ssleay_set_psk_server_callback_invoke\n");
1098
1099	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_server_callback!!func");
1100	0	0	if(!SvOK(cb_func))
1101	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke called, but not set to point to any perl function.\n");
1102
1103	0		ENTER;
1104	0		SAVETMPS;
1105
1106	0	0	PUSHMARK(SP);
1107	0	0	EXTEND(SP, 3);
1108	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1109	0		PUSHs(sv_2mortal(newSVpv(identity, 0)));
1110	0		PUSHs(sv_2mortal(newSViv(max_psk_len)));
1111
1112	0		PUTBACK;
1113
1114	0		count = call_sv( cb_func, G_SCALAR );
1115
1116	0		SPAGAIN;
1117
1118	0	0	if (count != 1)
1119	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke perl function did not return 1 value.\n");
1120
1121	0		psk_sv = POPs;
1122	0	0	if (SvOK(psk_sv)) {
1123			STRLEN new_psk_len;
1124	0		char *new_psk = SvPV(psk_sv, new_psk_len);
1125
1126	0	0	if (!SvPOK(psk_sv))
1127	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke PSK is not a string.\n");
1128
1129	0	0	if (new_psk_len > max_psk_len)
1130	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke PSK is longer than allowed (%lu > %u).\n", new_psk_len, max_psk_len);
1131	0		memcpy(psk, new_psk, new_psk_len);
1132	0		psk_len = new_psk_len;
1133			}
1134
1135	0		PUTBACK;
1136	0	0	FREETMPS;
1137	0		LEAVE;
1138
1139	0		return psk_len;
1140			}
1141
1142	0		unsigned int ssleay_ctx_set_psk_server_callback_invoke(SSL ssl, const char identity,
1143			unsigned char *psk, unsigned int max_psk_len)
1144			{
1145	0		dSP;
1146			SSL_CTX *ctx;
1147	0		int count = -1;
1148	0		unsigned int psk_len = 0;
1149			SV * cb_func, *psk_sv;
1150
1151			PR1("STARTED: ssleay_ctx_set_psk_server_callback_invoke\n");
1152
1153	0		ctx = SSL_get_SSL_CTX(ssl);
1154	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_server_callback!!func");
1155	0	0	if(!SvOK(cb_func))
1156	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke called, but not set to point to any perl function.\n");
1157
1158	0		ENTER;
1159	0		SAVETMPS;
1160
1161	0	0	PUSHMARK(SP);
1162	0	0	EXTEND(SP, 3);
1163	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1164	0		PUSHs(sv_2mortal(newSVpv(identity, 0)));
1165	0		PUSHs(sv_2mortal(newSViv(max_psk_len)));
1166
1167	0		PUTBACK;
1168
1169	0		count = call_sv( cb_func, G_SCALAR );
1170
1171	0		SPAGAIN;
1172
1173	0	0	if (count != 1)
1174	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke perl function did not return 1 value.\n");
1175
1176	0		psk_sv = POPs;
1177	0	0	if (SvOK(psk_sv)) {
1178			STRLEN new_psk_len;
1179	0		char *new_psk = SvPV(psk_sv, new_psk_len);
1180
1181	0	0	if (!SvPOK(psk_sv))
1182	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke PSK is not a string.\n");
1183
1184	0	0	if (new_psk_len > max_psk_len)
1185	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke PSK is longer than allowed (%lu > %u).\n", new_psk_len, max_psk_len);
1186	0		memcpy(psk, new_psk, new_psk_len);
1187	0		psk_len = new_psk_len;
1188			}
1189
1190	0		PUTBACK;
1191	0	0	FREETMPS;
1192	0		LEAVE;
1193
1194	0		return psk_len;
1195			}
1196
1197			#if OPENSSL_VERSION_NUMBER >= 0x10101001L
1198
1199			/* TLS 1.3 has its own callbacks */
1200	0		int ssleay_set_psk_find_session_callback_invoke(SSL ssl, const unsigned char identity,
1201			size_t identity_len,
1202			SSL_SESSION **sess)
1203			{
1204	0		dSP;
1205	0		int count = -1, ret;
1206			SV * cb_func, *sess_sv;
1207
1208			PR1("STARTED: ssleay_psk_find_session_callback_callback_invoke\n");
1209
1210	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_find_session_callback!!func");
1211	0	0	if(!SvOK(cb_func))
1212	0		croak ("Net::SSLeay: ssleay_psk_find_session_callback_callback_invoke called, but not set to point to any perl function.\n");
1213
1214	0		ENTER;
1215	0		SAVETMPS;
1216
1217	0	0	PUSHMARK(SP);
1218	0	0	EXTEND(SP, 2);
1219	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1220	0		PUSHs(sv_2mortal(newSVpvn((const char *)identity, identity_len)));
1221
1222	0		PUTBACK;
1223
1224	0		count = call_sv( cb_func, G_LIST );
1225
1226	0		SPAGAIN;
1227
1228	0	0	if (count != 2)
1229	0		croak ("Net::SSLeay: ssleay_psk_find_session_callback_callback_invoke perl function did not return 2 values.\n");
1230
1231	0		*sess = NULL;
1232	0		sess_sv = POPs;
1233	0	0	if (SvOK(sess_sv))
1234	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1235
1236	0		ret = POPi;
1237
1238	0		PUTBACK;
1239	0	0	FREETMPS;
1240	0		LEAVE;
1241
1242	0		return ret;
1243			}
1244
1245	0		int ssleay_ctx_set_psk_find_session_callback_invoke(SSL ssl, const unsigned char identity,
1246			size_t identity_len,
1247			SSL_SESSION **sess)
1248			{
1249	0		dSP;
1250			SSL_CTX *ctx;
1251	0		int count = -1, ret;
1252			SV * cb_func, *sess_sv;
1253
1254	0		ctx = SSL_get_SSL_CTX(ssl);
1255
1256			PR1("STARTED: ssleay_ctx_psk_find_session_callback_callback_invoke\n");
1257
1258	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_find_session_callback!!func");
1259	0	0	if(!SvOK(cb_func))
1260	0		croak ("Net::SSLeay: ssleay_ctx_psk_find_session_callback_callback_invoke called, but not set to point to any perl function.\n");
1261
1262	0		ENTER;
1263	0		SAVETMPS;
1264
1265	0	0	PUSHMARK(SP);
1266	0	0	EXTEND(SP, 2);
1267	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1268	0		PUSHs(sv_2mortal(newSVpvn((const char *)identity, identity_len)));
1269
1270	0		PUTBACK;
1271
1272	0		count = call_sv( cb_func, G_LIST );
1273
1274	0		SPAGAIN;
1275
1276	0	0	if (count != 2)
1277	0		croak ("Net::SSLeay: ssleay_ctx_psk_find_session_callback_callback_invoke perl function did not return 2 values.\n");
1278
1279	0		*sess = NULL;
1280	0		sess_sv = POPs;
1281	0	0	if (SvOK(sess_sv))
1282	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1283
1284	0		ret = POPi;
1285
1286	0		PUTBACK;
1287	0	0	FREETMPS;
1288	0		LEAVE;
1289
1290	0		return ret;
1291			}
1292
1293	0		int ssleay_set_psk_use_session_callback_invoke(SSL ssl, const EVP_MD md,
1294			const unsigned char **id,
1295			size_t *idlen,
1296			SSL_SESSION **sess)
1297			{
1298	0		dSP;
1299	0		int count = -1, ret;
1300			SV * cb_func, sess_sv, id_sv;
1301
1302			PR1("STARTED: ssleay_psk_use_session_callback_invoke\n");
1303
1304	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_use_session_callback!!func");
1305	0	0	if(!SvOK(cb_func))
1306	0		croak ("Net::SSLeay: ssleay_psk_use_session_callback_invoke called, but not set to point to any perl function.\n");
1307
1308	0		ENTER;
1309	0		SAVETMPS;
1310
1311	0	0	PUSHMARK(SP);
1312	0	0	EXTEND(SP, 2);
1313	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1314	0		PUSHs(sv_2mortal(newSViv(PTR2IV(md))));
1315
1316	0		PUTBACK;
1317
1318	0		count = call_sv( cb_func, G_LIST );
1319
1320	0		SPAGAIN;
1321
1322	0	0	if (count != 3)
1323	0		croak ("Net::SSLeay: ssleay_psk_use_session_callback_invoke perl function did not return 3 values.\n");
1324
1325	0		*sess = NULL;
1326	0		*id = NULL;
1327	0		*idlen = 0;
1328	0		sess_sv = POPs;
1329	0		id_sv = POPs;
1330	0		ret = POPi;
1331	0	0	if (ret && SvOK(sess_sv)) {
		0
1332			/* Returning with success but without NULL SSL_SESSION is
1333			* permissible. In this case the handshake continues with
1334			* certificate authentication */
1335			char *id_sv_ptr;
1336			STRLEN id_sv_len;
1337	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1338	0		id_sv_ptr = SvPVbyte(id_sv, id_sv_len);
1339	0		id = (const unsigned char )id_sv_ptr;
1340	0		*idlen = id_sv_len;
1341	0		sv_dump(id_sv);
1342	0		SSL_SESSION_print_fp(stdout, *sess);
1343			}
1344
1345	0		PUTBACK;
1346	0	0	FREETMPS;
1347	0		LEAVE;
1348
1349	0		return ret;
1350			}
1351
1352	0		int ssleay_ctx_set_psk_use_session_callback_invoke(SSL ssl, const EVP_MD md,
1353			const unsigned char **id,
1354			size_t *idlen,
1355			SSL_SESSION **sess)
1356			{
1357	0		dSP;
1358			SSL_CTX *ctx;
1359	0		int count = -1, ret;
1360			SV * cb_func, sess_sv, id_sv;
1361
1362	0		ctx = SSL_get_SSL_CTX(ssl);
1363
1364			PR1("STARTED: ssleay_ctx_psk_use_session_callback_invoke\n");
1365
1366	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_use_session_callback!!func");
1367	0	0	if(!SvOK(cb_func))
1368	0		croak ("Net::SSLeay: ssleay_ctx_psk_use_session_callback_invoke called, but not set to point to any perl function.\n");
1369
1370	0		ENTER;
1371	0		SAVETMPS;
1372
1373	0	0	PUSHMARK(SP);
1374	0	0	EXTEND(SP, 2);
1375	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1376	0		PUSHs(sv_2mortal(newSViv(PTR2IV(md))));
1377
1378	0		PUTBACK;
1379
1380	0		count = call_sv( cb_func, G_LIST );
1381
1382	0		SPAGAIN;
1383
1384	0	0	if (count != 3)
1385	0		croak ("Net::SSLeay: ssleay_ctx_psk_use_session_callback_invoke perl function did not return 2 values.\n");
1386
1387	0		*sess = NULL;
1388	0		*id = NULL;
1389	0		*idlen = 0;
1390	0		sess_sv = POPs;
1391	0		id_sv = POPs;
1392	0		ret = POPi;
1393	0	0	if (ret && SvOK(sess_sv)) {
		0
1394			/* Returning with success but without NULL SSL_SESSION is
1395			* permissible. In this case the handshake continues with
1396			* certificate authentication */
1397			char *id_sv_ptr;
1398			STRLEN id_sv_len;
1399	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1400	0		id_sv_ptr = SvPVbyte(id_sv, id_sv_len);
1401	0		id = (const unsigned char )id_sv_ptr;
1402	0		*idlen = id_sv_len;
1403	0		sv_dump(id_sv);
1404	0		SSL_SESSION_print_fp(stdout, *sess);
1405			}
1406
1407	0		PUTBACK;
1408	0	0	FREETMPS;
1409	0		LEAVE;
1410
1411	0		return ret;
1412			}
1413
1414			#endif
1415			#endif
1416
1417			#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) \|\| (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT))
1418
1419	20		int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
1420			{
1421	20		int i, last_index, ptr = 0;
1422	20		last_index = av_len(list);
1423	20	50	if (last_index<0) return 0;
1424	60	100	for(i=0; i<=last_index; i++) {
1425	40		char p = SvPV_nolen(av_fetch(list, i, 0));
1426	40		size_t len = strlen(p);
1427	40	50	if (len>255) return 0;
1428	40	100	if (out) {
1429			/* if out == NULL we only calculate the length of output */
1430	20		out[ptr] = (unsigned char)len;
1431	20		strncpy((char*)out+ptr+1, p, len);
1432			}
1433	40		ptr += strlen(p) + 1;
1434			}
1435	20		return ptr;
1436			}
1437
1438	0		int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen)
1439			{
1440	0		unsigned int i = 0;
1441			unsigned char il;
1442	0	0	if (!list \|\| inlen<2) return 0;
		0
1443	0	0	while (i
1444	0		il = in[i++];
1445	0	0	if (i+il > inlen) return 0;
1446	0		av_push(list, newSVpv((const char*)in+i, il));
1447	0		i += il;
1448			}
1449	0		return 1;
1450			}
1451
1452			#endif
1453
1454			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
1455
1456	1		int next_proto_select_cb_invoke(SSL ssl, unsigned char out, unsigned char outlen,
1457			const unsigned char in, unsigned int inlen, void arg)
1458			{
1459			SV cb_func, cb_data;
1460			unsigned char *next_proto_data;
1461			size_t next_proto_len;
1462			int next_proto_status;
1463	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1464			/* this n_a is required for building with old perls: */
1465			STRLEN n_a;
1466
1467			PR1("STARTED: next_proto_select_cb_invoke\n");
1468	1		cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func");
1469	1		cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data");
1470			/* clear last_status value = store undef */
1471	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL);
1472	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL);
1473
1474	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1475	0		int count = -1;
1476	0		AV *list = newAV();
1477			SV *tmpsv;
1478	0		dSP;
1479
1480	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1481
1482	0		ENTER;
1483	0		SAVETMPS;
1484	0	0	PUSHMARK(SP);
1485	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1486	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1487	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1488	0		PUTBACK;
1489	0		count = call_sv( cb_func, G_LIST );
1490	0		SPAGAIN;
1491	0	0	if (count != 2)
1492	0		croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n");
1493	0		next_proto_data = (unsigned char*)POPpx;
1494	0		next_proto_status = POPi;
1495
1496	0		next_proto_len = strlen((const char*)next_proto_data);
1497	0	0	if (next_proto_len<=255) {
1498			/* store last_status + last_negotiated into global hash */
1499	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1500	0		tmpsv = newSVpv((const char*)next_proto_data, next_proto_len);
1501	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv);
1502	0		out = (unsigned char )SvPVX(tmpsv);
1503	0		*outlen = next_proto_len;
1504			}
1505
1506	0		PUTBACK;
1507	0	0	FREETMPS;
1508	0		LEAVE;
1509
1510	0	0	return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK;
1511			}
1512	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1513	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1514	1		Newx(next_proto_data, next_proto_len, unsigned char);
1515	1	50	if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1516	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data);
1517
1518	1		next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len);
1519	1		Safefree(next_proto_data);
1520	1	50	if (next_proto_status != OPENSSL_NPN_NEGOTIATED) {
1521	0		outlen = in;
1522	0		out = (unsigned char )in+1;
1523			}
1524
1525			/* store last_status + last_negotiated into global hash */
1526	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1527	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char)out, *outlen));
1528	1		return SSL_TLSEXT_ERR_OK;
1529			}
1530	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1531			}
1532
1533	1		int next_protos_advertised_cb_invoke(SSL ssl, const unsigned char out, unsigned int outlen, void *arg_unused)
1534			{
1535			SV cb_func, cb_data;
1536	1		unsigned char *protodata = NULL;
1537	1		unsigned short protodata_len = 0;
1538			SV *tmpsv;
1539			AV *tmpav;
1540	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1541
1542			PR1("STARTED: next_protos_advertised_cb_invoke");
1543	1		cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func");
1544	1		cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data");
1545
1546	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1547	0		int count = -1;
1548	0		dSP;
1549	0		ENTER;
1550	0		SAVETMPS;
1551	0	0	PUSHMARK(SP);
1552	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1553	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1554	0		PUTBACK;
1555	0		count = call_sv( cb_func, G_SCALAR );
1556	0		SPAGAIN;
1557	0	0	if (count != 1)
1558	0		croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n");
1559	0		tmpsv = POPs;
1560	0	0	if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) {
		0
		0
1561	0		tmpav = (AV*)SvRV(tmpsv);
1562	0		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1563	0		Newx(protodata, protodata_len, unsigned char);
1564	0	0	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1565			}
1566	0		PUTBACK;
1567	0	0	FREETMPS;
1568	0		LEAVE;
1569			}
1570	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1571	1		tmpav = (AV*)SvRV(cb_data);
1572	1		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1573	1		Newx(protodata, protodata_len, unsigned char);
1574	1	50	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1575			}
1576	1	50	if (protodata) {
1577	1		tmpsv = newSVpv((const char*)protodata, protodata_len);
1578	1		Safefree(protodata);
1579	1		cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv);
1580	1		out = (unsigned char )SvPVX(tmpsv);
1581	1		*outlen = protodata_len;
1582	1		return SSL_TLSEXT_ERR_OK;
1583			}
1584	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1585			}
1586
1587			#endif
1588
1589			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
1590
1591	1		int alpn_select_cb_invoke(SSL ssl, const unsigned char out, unsigned char outlen,
1592			const unsigned char in, unsigned int inlen, void arg)
1593			{
1594			SV cb_func, cb_data;
1595			unsigned char *alpn_data;
1596			size_t alpn_len;
1597	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1598
1599			PR1("STARTED: alpn_select_cb_invoke\n");
1600	1		cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func");
1601	1		cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data");
1602
1603	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1604	0		int count = -1;
1605	0		AV *list = newAV();
1606			SV *tmpsv;
1607			SV *alpn_data_sv;
1608	0		dSP;
1609
1610	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1611
1612	0		ENTER;
1613	0		SAVETMPS;
1614	0	0	PUSHMARK(SP);
1615	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1616	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1617	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1618	0		PUTBACK;
1619	0		count = call_sv( cb_func, G_LIST );
1620	0		SPAGAIN;
1621	0	0	if (count != 1)
1622	0		croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n");
1623	0		alpn_data_sv = POPs;
1624	0	0	if (SvOK(alpn_data_sv)) {
1625	0		alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv);
1626	0		alpn_len = strlen((const char*)alpn_data);
1627	0	0	if (alpn_len <= 255) {
1628	0		tmpsv = newSVpv((const char*)alpn_data, alpn_len);
1629	0		out = (unsigned char )SvPVX(tmpsv);
1630	0		*outlen = alpn_len;
1631			}
1632			} else {
1633	0		alpn_data = NULL;
1634	0		alpn_len = 0;
1635			}
1636	0		PUTBACK;
1637	0	0	FREETMPS;
1638	0		LEAVE;
1639
1640	0	0	if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL;
1641	0	0	return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1642			}
1643	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1644			int status;
1645
1646	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1647	1		Newx(alpn_data, alpn_len, unsigned char);
1648	1	50	if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1649	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data);
1650
1651			/* This is the same function that is used for NPN. */
1652	1		status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len);
1653	1		Safefree(alpn_data);
1654	1	50	if (status != OPENSSL_NPN_NEGOTIATED) {
1655	0		outlen = in;
1656	0		*out = in+1;
1657			}
1658	1	50	return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1659			}
1660	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1661			}
1662
1663			#endif
1664
1665	2		int pem_password_cb_invoke(char buf, int bufsize, int rwflag, void data) {
1666	2		dSP;
1667			char *str;
1668	2		int count = -1;
1669	2		size_t str_len = 0;
1670	2		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1671			/* this n_a is required for building with old perls: */
1672			STRLEN n_a;
1673
1674			PR1("STARTED: pem_password_cb_invoke\n");
1675	2	50	if (cb->func && SvOK(cb->func)) {
		50
1676	2		ENTER;
1677	2		SAVETMPS;
1678
1679	2	50	PUSHMARK(sp);
1680
1681	2	50	XPUSHs(sv_2mortal( newSViv(bufsize-1) ));
1682	2	50	XPUSHs(sv_2mortal( newSViv(rwflag) ));
1683	2	50	if (cb->data) XPUSHs( cb->data );
		0
1684
1685	2		PUTBACK;
1686
1687	2		count = call_sv( cb->func, G_SCALAR );
1688
1689	2		SPAGAIN;
1690
1691	2		buf[0] = 0; /* start with an empty password */
1692	2	50	if (count != 1) {
1693	0		croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n");
1694			}
1695			else {
1696	2		str = POPpx;
1697	2		str_len = strlen(str);
1698	2	50	if (str_len+1 < bufsize) {
1699	2		strcpy(buf, str);
1700			}
1701			else {
1702	0		str_len = 0;
1703	0		warn("Net::SSLeay: pem_password_cb_invoke password too long\n");
1704			}
1705			}
1706
1707	2		PUTBACK;
1708	2	50	FREETMPS;
1709	2		LEAVE;
1710			}
1711	2		return str_len;
1712			}
1713
1714	11572		void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data)
1715			{
1716	11572		dSP;
1717	11572		int count = -1;
1718	11572		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1719
1720			/* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */
1721	11572	50	if (cb->func && SvOK(cb->func)) {
		100
1722	2974		ENTER;
1723	2974		SAVETMPS;
1724
1725	2974	50	PUSHMARK(sp);
1726
1727	2974	50	XPUSHs(sv_2mortal( newSViv(i) ));
1728	2974	50	XPUSHs(sv_2mortal( newSViv(n) ));
1729	2974	100	if (cb->data) XPUSHs( cb->data );
		50
1730
1731	2974		PUTBACK;
1732
1733	2974		count = call_sv( cb->func, G_VOID\|G_DISCARD );
1734
1735	2973	50	if (count != 0)
1736	0		croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
1737			"perl function did return something in void context.\n");
1738
1739	2973		SPAGAIN;
1740	2973	50	FREETMPS;
1741	2973		LEAVE;
1742			}
1743	11571		}
1744
1745	23		void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret)
1746			{
1747	23		dSP;
1748			SV cb_func, cb_data;
1749
1750	23		cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func");
1751	23		cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data");
1752
1753	23	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1754	0		croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n");
1755
1756	23		ENTER;
1757	23		SAVETMPS;
1758
1759	23	50	PUSHMARK(SP);
1760	23	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1761	23	50	XPUSHs(sv_2mortal(newSViv(where)) );
1762	23	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1763	23	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1764	23		PUTBACK;
1765
1766	23		call_sv(cb_func, G_VOID);
1767
1768	23		SPAGAIN;
1769	23		PUTBACK;
1770	23	50	FREETMPS;
1771	23		LEAVE;
1772	23		}
1773
1774	648		void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
1775			{
1776	648		dSP;
1777			SV cb_func, cb_data;
1778	648		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1779
1780	648		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func");
1781	648		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data");
1782
1783	648	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1784	0		croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n");
1785
1786	648		ENTER;
1787	648		SAVETMPS;
1788
1789	648	50	PUSHMARK(SP);
1790	648	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1791	648	50	XPUSHs(sv_2mortal(newSViv(where)) );
1792	648	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1793	648	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1794	648		PUTBACK;
1795
1796	648		call_sv(cb_func, G_VOID);
1797
1798	648		SPAGAIN;
1799	648		PUTBACK;
1800	648	50	FREETMPS;
1801	648		LEAVE;
1802	648		}
1803
1804	34		void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1805			{
1806	34		dSP;
1807			SV cb_func, cb_data;
1808
1809	34		cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
1810	34		cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
1811
1812	34	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1813	0		croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
1814
1815	34		ENTER;
1816	34		SAVETMPS;
1817
1818	34	50	PUSHMARK(SP);
1819	34	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1820	34	50	XPUSHs(sv_2mortal(newSViv(version)));
1821	34	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1822	34	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1823	34	50	XPUSHs(sv_2mortal(newSViv(len)));
1824	34	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1825	34	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1826	34		PUTBACK;
1827
1828	34		call_sv(cb_func, G_VOID);
1829
1830	34		SPAGAIN;
1831	34		PUTBACK;
1832	34	50	FREETMPS;
1833	34		LEAVE;
1834	34		}
1835
1836	34		void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1837			{
1838	34		dSP;
1839			SV cb_func, cb_data;
1840	34		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1841
1842	34		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
1843	34		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
1844
1845	34	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1846	0		croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
1847
1848	34		ENTER;
1849	34		SAVETMPS;
1850
1851	34	50	PUSHMARK(SP);
1852	34	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1853	34	50	XPUSHs(sv_2mortal(newSViv(version)));
1854	34	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1855	34	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1856	34	50	XPUSHs(sv_2mortal(newSViv(len)));
1857	34	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1858	34	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1859	34		PUTBACK;
1860
1861	34		call_sv(cb_func, G_VOID);
1862
1863	34		SPAGAIN;
1864	34		PUTBACK;
1865	34	50	FREETMPS;
1866	34		LEAVE;
1867	34		}
1868
1869			/*
1870			* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
1871			* broken in various ways during the various 1.0.0* versions.
1872			* Better enable it only starting with 1.0.1.
1873			*/
1874			#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT)
1875			#define NET_SSLEAY_CAN_TICKET_KEY_CB
1876
1877	7		int tlsext_ticket_key_cb_invoke(
1878			SSL *ssl,
1879			unsigned char *key_name,
1880			unsigned char *iv,
1881			EVP_CIPHER_CTX *ectx,
1882			HMAC_CTX *hctx,
1883			int enc
1884			){
1885
1886	7		dSP;
1887	7		int count,usable_rv_count,hmac_key_len = 0;
1888			SV cb_func, cb_data;
1889			STRLEN svlen;
1890			unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */
1891			unsigned char name[16];
1892	7		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1893
1894			PR1("STARTED: tlsext_ticket_key_cb_invoke\n");
1895	7		cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func");
1896	7		cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data");
1897
1898	7	50	if (!SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1899	0		croak("callback must be a code reference");
1900
1901	7		ENTER;
1902	7		SAVETMPS;
1903	7	50	PUSHMARK(SP);
1904
1905	7	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1906
1907	7	100	if (!enc) {
1908			/* call as getkey(data,this_name) -> (key,current_name) */
1909	4	50	XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16)));
1910			} else {
1911			/* call as getkey(data) -> (key,current_name) */
1912			}
1913
1914	7		PUTBACK;
1915
1916	7		count = call_sv( cb_func, G_LIST );
1917
1918	7		SPAGAIN;
1919
1920	7	50	if (count>2)
1921	0		croak("too much return values - only (name,key) should be returned");
1922
1923	7		usable_rv_count = 0;
1924	7	100	if (count>0) {
1925	6		SV *sname = POPs;
1926	6	50	if (SvOK(sname)) {
1927	6		unsigned char pname = (unsigned char )SvPV(sname,svlen);
1928	6	50	if (svlen > 16)
1929	0		croak("name must be at at most 16 bytes, got %d",(int)svlen);
1930	6	50	if (svlen == 0)
1931	0		croak("name should not be empty");
1932	6		OPENSSL_cleanse(name, 16);
1933	6		memcpy(name,pname,svlen);
1934	6		usable_rv_count++;
1935			}
1936			}
1937	7	100	if (count>1) {
1938	6		SV *skey = POPs;
1939	6	50	if (SvOK(skey)) {
1940	6		unsigned char pkey = (unsigned char )SvPV(skey,svlen);
1941	6	50	if (svlen != 32 && svlen != 48)
		0
1942	0		croak("key must be 32 or 48 random bytes, got %d",(int)svlen);
1943	6		hmac_key_len = (int)svlen - 16;
1944	6		memcpy(key,pkey,(int)svlen);
1945	6		usable_rv_count++;
1946			}
1947			}
1948
1949	7		PUTBACK;
1950	7	50	FREETMPS;
1951	7		LEAVE;
1952
1953	7	100	if (!enc && usable_rv_count == 0) {
		100
1954	1		TRACE(2,"no key returned for ticket");
1955	1		return 0;
1956			}
1957	6	50	if (usable_rv_count != 2)
1958	0		croak("key functions needs to return (key,name)");
1959
1960	6	100	if (enc) {
1961			/* encrypt ticket information with given key */
1962	3		RAND_bytes(iv, 16);
1963	3		EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1964	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1965	3		memcpy(key_name,name,16);
1966	3		return 1;
1967
1968			} else {
1969	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1970	3		EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1971
1972	3	100	if (memcmp(name,key_name,16) == 0)
1973	2		return 1; /* current key was used */
1974			else
1975	1		return 2; /* different key was used, need to be renewed */
1976			}
1977			}
1978
1979			#endif
1980
1981	26		int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st ssl, SSL_SESSION sess)
1982			{
1983	26		dSP;
1984			int count, remove;
1985			SSL_CTX *ctx;
1986			SV *cb_func;
1987
1988			PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n");
1989	26		ctx = SSL_get_SSL_CTX(ssl);
1990	26		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func");
1991
1992	26	50	if(!SvOK(cb_func))
1993	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n");
1994
1995	26		ENTER;
1996	26		SAVETMPS;
1997
1998	26	50	PUSHMARK(sp);
1999	26	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2000	26	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
2001	26		PUTBACK;
2002
2003	26		count = call_sv(cb_func, G_SCALAR);
2004
2005	26		SPAGAIN;
2006
2007	26	50	if (count != 1)
2008	0		croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n");
2009
2010	26		remove = POPi;
2011
2012	26		PUTBACK;
2013	26	50	FREETMPS;
2014	26		LEAVE;
2015
2016	26		return remove;
2017			}
2018
2019	8		void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX ctx, SSL_SESSION sess)
2020			{
2021	8		dSP;
2022			SV *cb_func;
2023
2024			PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n");
2025	8		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func");
2026
2027	8	50	if(!SvOK(cb_func))
2028	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n");
2029
2030	8		ENTER;
2031	8		SAVETMPS;
2032
2033	8	50	PUSHMARK(sp);
2034	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx))));
2035	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
2036	8		PUTBACK;
2037
2038	8		call_sv(cb_func, G_VOID);
2039
2040	8		SPAGAIN;
2041
2042	8		PUTBACK;
2043	8	50	FREETMPS;
2044	8		LEAVE;
2045	8		}
2046
2047			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2048	2		int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER provider, void cbdata) {
2049	2		dSP;
2050	2		int ret = 1;
2051	2		int count = -1;
2052	2		simple_cb_data_t cb = (simple_cb_data_t )cbdata;
2053
2054			PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
2055	2	50	if (cb->func && SvOK(cb->func)) {
		50
2056	2		ENTER;
2057	2		SAVETMPS;
2058
2059	2	50	PUSHMARK(SP);
2060	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
2061	2	50	if (cb->data) XPUSHs(cb->data);
		50
2062
2063	2		PUTBACK;
2064
2065	2		count = call_sv(cb->func, G_SCALAR);
2066
2067	2		SPAGAIN;
2068
2069	2	50	if (count != 1)
2070	0		croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
2071
2072	2		ret = POPi;
2073
2074	2		PUTBACK;
2075	2	50	FREETMPS;
2076	2		LEAVE;
2077			}
2078
2079	2		return ret;
2080			}
2081			#endif
2082
2083			#if (OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
2084	12		void ssl_ctx_keylog_cb_func_invoke(const SSL ssl, const char line)
2085			{
2086	12		dSP;
2087			SV *cb_func;
2088	12		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
2089
2090			PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n");
2091	12		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
2092
2093	12	50	if(!SvOK(cb_func))
2094	0		croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n");
2095
2096	12		ENTER;
2097	12		SAVETMPS;
2098
2099	12	50	PUSHMARK(SP);
2100	12	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2101	12	50	XPUSHs(sv_2mortal(newSVpv(line, 0)));
2102
2103	12		PUTBACK;
2104
2105	12		call_sv(cb_func, G_VOID);
2106
2107	12		SPAGAIN;
2108	12		PUTBACK;
2109	12	50	FREETMPS;
2110	12		LEAVE;
2111
2112	12		return;
2113			}
2114			#endif
2115
2116			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
2117	8		int ssl_client_hello_cb_fn_invoke(SSL ssl, int al, void *arg)
2118			{
2119	8		dSP;
2120			int count, res;
2121			SV cb_func, cb_arg;
2122	8		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
2123
2124			PR1("STARTED: ssl_client_hello_cb_fn_invoke\n");
2125	8		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!func");
2126	8		cb_arg = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg");
2127	8	50	if(!SvOK(cb_func))
2128	0		croak ("Net::SSLeay: ssl_client_hello_cb_fn_invoke called, but not set to point to any perl function.\n");
2129
2130	8		ENTER;
2131	8		SAVETMPS;
2132
2133	8	50	PUSHMARK(SP);
2134	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2135	8	50	XPUSHs(sv_2mortal(newSVsv(cb_arg)));
2136
2137	8		PUTBACK;
2138
2139	8		count = call_sv(cb_func, G_LIST);
2140
2141	8		SPAGAIN;
2142
2143	8	100	if (count < 1 \|\| count > 2)
		100
2144	2		croak ("Net::SSLeay: ssl_client_hello_cb_fn perl function returned %d values, 1 or 2 expected\n", count);
2145	6	100	if (count == 2)
2146	5		*al = POPi;
2147	6		res = POPi;
2148
2149	6		PUTBACK;
2150	6	50	FREETMPS;
2151	6		LEAVE;
2152
2153	6		return res;
2154			}
2155			#endif
2156
2157			/* ============= end of callback stuff, begin helper functions ============== */
2158
2159	0		time_t ASN1_TIME_timet(ASN1_TIME asn1t, time_t gmtoff) {
2160			struct tm t;
2161	0		const char p = (const char) asn1t->data;
2162	0		size_t msec = 0, tz = 0, i, l;
2163			time_t result;
2164	0		int adj = 0;
2165
2166	0	0	if (asn1t->type == V_ASN1_UTCTIME) {
2167	0	0	if (asn1t->length<12 \|\| asn1t->length>17) return 0;
		0
2168	0	0	if (asn1t->length>12) tz = 12;
2169			} else {
2170	0	0	if (asn1t->length<14) return 0;
2171	0	0	if (asn1t->length>14) {
2172	0	0	if (p[14] == '.') {
2173	0		msec = 14;
2174	0	0	for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ;
		0
		0
2175	0	0	if (ilength) tz = i;
2176			} else {
2177	0		tz = 14;
2178			}
2179			}
2180			}
2181
2182	0	0	l = msec ? msec : tz ? tz : asn1t->length;
		0
2183	0	0	for(i=0;i
2184	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
2185			}
2186
2187			/* extract data and time */
2188	0		OPENSSL_cleanse(&t, sizeof(t));
2189	0	0	if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */
2190	0		t.tm_year = (p[0]-'0')*10 + (p[1]-'0');
2191	0	0	if (t.tm_year < 70) t.tm_year += 100;
2192	0		i=2;
2193			} else { /* YYYY */
2194	0		t.tm_year = (p[0]-'0')1000 + (p[1]-'0')100 + (p[2]-'0')*10 + p[3]-'0';
2195	0		t.tm_year -= 1900;
2196	0		i=4;
2197			}
2198	0		t.tm_mon = (p[i+0]-'0')10 + (p[i+1]-'0') -1; / MM, starts with 0 in tm */
2199	0		t.tm_mday = (p[i+2]-'0')10 + (p[i+3]-'0'); / DD */
2200	0		t.tm_hour = (p[i+4]-'0')10 + (p[i+5]-'0'); / hh */
2201	0		t.tm_min = (p[i+6]-'0')10 + (p[i+7]-'0'); / mm */
2202	0		t.tm_sec = (p[i+8]-'0')10 + (p[i+9]-'0'); / ss */
2203
2204			/* skip msec, because time_t does not support it */
2205
2206	0	0	if (tz) {
2207			/* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/
2208	0	0	if (p[tz] == 'Z') {
2209	0	0	if (asn1t->length>tz+1 ) return 0;
2210	0	0	} else if (asn1t->length
		0
		0
2211	0		return 0;
2212			} else {
2213	0	0	if (asn1t->length>tz+5 ) return 0;
2214	0	0	for(i=tz+1;i
2215	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
2216			}
2217	0		adj = ((p[tz+1]-'0')10 + (p[tz+2]-'0'))3600
2218	0		+ ((p[tz+3]-'0')10 + (p[tz+4]-'0'))60;
2219	0	0	if (p[tz]=='+') adj= -1; / +0500: subtract 5 hours to get UTC */
2220			}
2221			}
2222
2223	0		result = mktime(&t);
2224	0	0	if (result == -1) return 0; /* broken time */
2225	0		result += adj;
2226	0	0	if (gmtoff && *gmtoff == -1) {
		0
2227	0		*gmtoff = result - mktime(gmtime(&result));
2228	0		result += *gmtoff;
2229			} else {
2230	0		result += result - mktime(gmtime(&result));
2231			}
2232	0		return result;
2233			}
2234
2235	0		X509 * find_issuer(X509 cert,X509_STORE store, STACK_OF(X509) *chain) {
2236			int i;
2237	0		X509 *issuer = NULL;
2238
2239			/* search first in the chain */
2240	0	0	if (chain) {
2241	0	0	for(i=0;i
2242	0	0	if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
2243	0		TRACE(2,"found issuer in chain");
2244	0		issuer = X509_dup(sk_X509_value(chain,i));
2245			}
2246			}
2247			}
2248			/* if not in the chain it might be in the store */
2249	0	0	if ( !issuer && store ) {
		0
2250	0		X509_STORE_CTX *stx = X509_STORE_CTX_new();
2251	0	0	if (stx && X509_STORE_CTX_init(stx,store,cert,NULL)) {
		0
2252	0		int ok = X509_STORE_CTX_get1_issuer(&issuer,stx,cert);
2253	0	0	if (ok<0) {
2254	0		int err = ERR_get_error();
2255	0	0	if(err) {
2256	0		TRACE(2,"failed to get issuer: %s",ERR_error_string(err,NULL));
2257			} else {
2258	0		TRACE(2,"failed to get issuer: unknown error");
2259			}
2260	0	0	} else if (ok == 0 ) {
2261	0		TRACE(2,"failed to get issuer(0)");
2262			} else {
2263	0		TRACE(2,"got issuer");
2264			}
2265			}
2266	0	0	if (stx) X509_STORE_CTX_free(stx);
2267			}
2268	0		return issuer;
2269			}
2270
2271	8		static SV bn2sv(const BIGNUM p_bn)
2272			{
2273			return p_bn != NULL
2274	8		? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
2275	16	50	: &PL_sv_undef;
2276			}
2277
2278			/* ============= end of helper functions ============== */
2279
2280			MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
2281
2282			PROTOTYPES: ENABLE
2283
2284			BOOT:
2285			{
2286			MY_CXT_INIT;
2287	58		LIB_initialized = 0;
2288			#ifdef USE_ITHREADS
2289			MUTEX_INIT(&LIB_init_mutex);
2290			#ifdef OPENSSL_THREADS
2291			/* If we running under ModPerl, we dont need our own thread locking because
2292			* perl threads are not supported under mod-perl, and we can fall back to the thread
2293			* locking built in to mod-ssl
2294			*/
2295			if (!hv_fetch(get_hv("ENV", 1), "MOD_PERL", 8, 0))
2296			openssl_threads_init();
2297			#endif
2298			#endif
2299			/* initialize global shared callback data hash */
2300	58		MY_CXT.global_cb_data = newHV();
2301	58		MY_CXT.tid = get_my_thread_id();
2302			#ifdef USE_ITHREADS
2303			PR3("BOOT: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
2304			#else
2305			PR1("BOOT:\n");
2306			#endif
2307			}
2308
2309			void
2310			CLONE(...)
2311			CODE:
2312			MY_CXT_CLONE;
2313			/* reset all callback related data as we want to prevent
2314			* cross-thread callbacks
2315			* TODO: later somebody can make the global hash MY_CXT.global_cb_data
2316			* somehow shared between threads
2317			*/
2318	0		MY_CXT.global_cb_data = newHV();
2319	0		MY_CXT.tid = get_my_thread_id();
2320			#ifdef USE_ITHREADS
2321			PR3("CLONE: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
2322			#else
2323			PR1("CLONE: but USE_ITHREADS not defined\n");
2324			#endif
2325
2326			#ifdef NET_SSLEAY_32BIT_CONSTANTS
2327			double
2328			constant(name)
2329			char * name
2330			CODE:
2331			errno = 0;
2332			RETVAL = constant(name, strlen(name));
2333			OUTPUT:
2334			RETVAL
2335
2336			#else
2337
2338			uint64_t
2339			constant(name)
2340			char * name
2341			CODE:
2342	1316		errno = 0;
2343	1316		RETVAL = constant(name, strlen(name));
2344			OUTPUT:
2345			RETVAL
2346
2347			#endif
2348
2349			int
2350			hello()
2351			CODE:
2352			PR1("\tSSLeay Hello World!\n");
2353	1	50	RETVAL = 1;
2354			OUTPUT:
2355			RETVAL
2356
2357			#define REM0 "============= version related functions =============="
2358
2359			unsigned long
2360			SSLeay()
2361
2362			const char *
2363			SSLeay_version(type=SSLEAY_VERSION)
2364			int type
2365
2366			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2367
2368			unsigned long
2369			OpenSSL_version_num()
2370
2371			const char *
2372			OpenSSL_version(t=OPENSSL_VERSION)
2373			int t
2374
2375			#endif /* OpenSSL 1.1.0 */
2376
2377			#if (OPENSSL_VERSION_MAJOR >= 3)
2378
2379			unsigned int
2380			OPENSSL_version_major()
2381
2382			unsigned int
2383			OPENSSL_version_minor()
2384
2385			unsigned int
2386			OPENSSL_version_patch()
2387
2388			const char *
2389			OPENSSL_version_pre_release()
2390
2391			const char *
2392			OPENSSL_version_build_metadata()
2393
2394			const char *
2395			OPENSSL_info(int t)
2396
2397			#endif
2398
2399			#define REM1 "============= SSL CONTEXT functions =============="
2400
2401			SSL_CTX *
2402			SSL_CTX_new()
2403			CODE:
2404	19		RETVAL = SSL_CTX_new (SSLv23_method());
2405			OUTPUT:
2406			RETVAL
2407
2408
2409			#if OPENSSL_VERSION_NUMBER < 0x10100000L
2410			#ifndef OPENSSL_NO_SSL2
2411
2412			SSL_CTX *
2413			SSL_CTX_v2_new()
2414			CODE:
2415			RETVAL = SSL_CTX_new (SSLv2_method());
2416			OUTPUT:
2417			RETVAL
2418
2419			#endif
2420			#endif
2421			#ifndef OPENSSL_NO_SSL3
2422
2423			SSL_CTX *
2424			SSL_CTX_v3_new()
2425			CODE:
2426			RETVAL = SSL_CTX_new (SSLv3_method());
2427			OUTPUT:
2428			RETVAL
2429
2430			#endif
2431
2432			SSL_CTX *
2433			SSL_CTX_v23_new()
2434			CODE:
2435	1		RETVAL = SSL_CTX_new (SSLv23_method());
2436			OUTPUT:
2437			RETVAL
2438
2439			#if !defined(OPENSSL_NO_TLS1_METHOD)
2440
2441			SSL_CTX *
2442			SSL_CTX_tlsv1_new()
2443			CODE:
2444	1		RETVAL = SSL_CTX_new (TLSv1_method());
2445			OUTPUT:
2446			RETVAL
2447
2448			#endif
2449
2450			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
2451
2452			SSL_CTX *
2453			SSL_CTX_tlsv1_1_new()
2454			CODE:
2455	0		RETVAL = SSL_CTX_new (TLSv1_1_method());
2456			OUTPUT:
2457			RETVAL
2458
2459			#endif
2460
2461			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
2462
2463			SSL_CTX *
2464			SSL_CTX_tlsv1_2_new()
2465			CODE:
2466	0		RETVAL = SSL_CTX_new (TLSv1_2_method());
2467			OUTPUT:
2468			RETVAL
2469
2470			#endif
2471
2472			SSL_CTX *
2473			SSL_CTX_new_with_method(meth)
2474			SSL_METHOD * meth
2475			CODE:
2476	321		RETVAL = SSL_CTX_new (meth);
2477			OUTPUT:
2478			RETVAL
2479
2480			void
2481			SSL_CTX_free(ctx)
2482			SSL_CTX * ctx
2483			CODE:
2484	267		SSL_CTX_free(ctx);
2485	267		cb_data_advanced_drop(ctx); /* clean callback related data from global hash */
2486
2487			int
2488			SSL_CTX_add_session(ctx,ses)
2489			SSL_CTX * ctx
2490			SSL_SESSION * ses
2491
2492			int
2493			SSL_CTX_remove_session(ctx,ses)
2494			SSL_CTX * ctx
2495			SSL_SESSION * ses
2496
2497			void
2498			SSL_CTX_flush_sessions(ctx,tm)
2499			SSL_CTX * ctx
2500			long tm
2501
2502			int
2503			SSL_CTX_set_default_verify_paths(ctx)
2504			SSL_CTX * ctx
2505
2506			int
2507			SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
2508			SSL_CTX * ctx
2509			char * CAfile
2510			char * CApath
2511			CODE:
2512	21	50	RETVAL = SSL_CTX_load_verify_locations (ctx,
		50
2513	7	50	CAfile?(*CAfile?CAfile:NULL):NULL,
2514	7	50	CApath?(*CApath?CApath:NULL):NULL
2515			);
2516			OUTPUT:
2517			RETVAL
2518
2519			void
2520			SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef)
2521			SSL_CTX * ctx
2522			int mode
2523			SV * callback
2524			CODE:
2525
2526			/* Former versions of SSLeay checked if the callback was a true boolean value
2527			* and didn't call it if it was false. Therefor some people set the callback
2528			* to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
2529			* we don't execute the callback if it's value isn't something true to retain
2530			* backwards compatibility.
2531			*/
2532
2533	1	50	if (callback==NULL \|\| !SvOK(callback) \|\| !SvTRUE(callback)) {
		50
		50
2534	0		SSL_CTX_set_verify(ctx, mode, NULL);
2535	0		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL);
2536			} else {
2537	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback));
2538	1		SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke);
2539			}
2540
2541			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
2542
2543			void
2544			SSL_CTX_set_security_level(SSL_CTX * ctx, int level)
2545
2546			int
2547			SSL_CTX_get_security_level(SSL_CTX * ctx)
2548
2549			#endif
2550
2551			#if (OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
2552
2553			int
2554			SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
2555
2556			size_t
2557			SSL_CTX_get_num_tickets(SSL_CTX *ctx)
2558
2559			#endif
2560
2561			#if (OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
2562
2563			int
2564			SSL_CTX_set_ciphersuites(SSL_CTX ctx, const char str)
2565
2566			#endif
2567
2568			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2569
2570			void
2571			SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
2572
2573			#endif
2574
2575			void
2576			SSL_CTX_sess_set_new_cb(ctx, callback)
2577			SSL_CTX * ctx
2578			SV * callback
2579			CODE:
2580	10	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
2581	0		SSL_CTX_sess_set_new_cb(ctx, NULL);
2582	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL);
2583			}
2584			else {
2585	10		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback));
2586	10		SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke);
2587			}
2588
2589			void
2590			SSL_CTX_sess_set_remove_cb(ctx, callback)
2591			SSL_CTX * ctx
2592			SV * callback
2593			CODE:
2594	10	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
2595	0		SSL_CTX_sess_set_remove_cb(ctx, NULL);
2596	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL);
2597			}
2598			else {
2599	10		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback));
2600	10		SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke);
2601			}
2602
2603			int
2604			SSL_get_error(s,ret)
2605			SSL * s
2606			int ret
2607
2608			#define REM10 "============= SSL functions =============="
2609
2610			SSL *
2611			SSL_new(ctx)
2612			SSL_CTX * ctx
2613
2614			void
2615			SSL_free(s)
2616			SSL * s
2617			CODE:
2618	301		SSL_free(s);
2619	301		cb_data_advanced_drop(s); /* clean callback related data from global hash */
2620
2621			int
2622			SSL_accept(s)
2623			SSL * s
2624
2625			void
2626			SSL_clear(s)
2627			SSL * s
2628
2629			int
2630			SSL_connect(s)
2631			SSL * s
2632
2633
2634			#if defined(WIN32)
2635
2636			int
2637			SSL_set_fd(s,fd)
2638			SSL * s
2639			perl_filehandle_t fd
2640			CODE:
2641			RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
2642			OUTPUT:
2643			RETVAL
2644
2645			int
2646			SSL_set_rfd(s,fd)
2647			SSL * s
2648			perl_filehandle_t fd
2649			CODE:
2650			RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
2651			OUTPUT:
2652			RETVAL
2653
2654			int
2655			SSL_set_wfd(s,fd)
2656			SSL * s
2657			perl_filehandle_t fd
2658			CODE:
2659			RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
2660			OUTPUT:
2661			RETVAL
2662
2663			#else
2664
2665			int
2666			SSL_set_fd(s,fd)
2667			SSL * s
2668			perl_filehandle_t fd
2669
2670			int
2671			SSL_set_rfd(s,fd)
2672			SSL * s
2673			perl_filehandle_t fd
2674
2675			int
2676			SSL_set_wfd(s,fd)
2677			SSL * s
2678			perl_filehandle_t fd
2679
2680			#endif
2681
2682			int
2683			SSL_get_fd(s)
2684			SSL * s
2685
2686			void
2687			SSL_read(s,max=32768)
2688			SSL * s
2689			int max
2690			PREINIT:
2691			char *buf;
2692			int got;
2693	333	100	int succeeded = 1;
2694			PPCODE:
2695	333		New(0, buf, max, char);
2696
2697	333		got = SSL_read(s, buf, max);
2698	333	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		100
2699	7		succeeded = 0;
2700
2701			/* If in list context, return 2-item list:
2702			* first return value: data gotten, or undef on error (got<0)
2703			* second return value: result from SSL_read()
2704			*/
2705	333	100	if (GIMME_V==G_LIST) {
2706	287	50	EXTEND(SP, 2);
2707	287	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2708	287		PUSHs(sv_2mortal(newSViv(got)));
2709
2710			/* If in scalar or void context, return data gotten, or undef on error. */
2711			} else {
2712	46	50	EXTEND(SP, 1);
2713	46	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2714			}
2715
2716	333		Safefree(buf);
2717
2718			void
2719			SSL_peek(s,max=32768)
2720			SSL * s
2721			int max
2722			PREINIT:
2723			char *buf;
2724			int got;
2725	6	50	int succeeded = 1;
2726			PPCODE:
2727	6		New(0, buf, max, char);
2728
2729	6		got = SSL_peek(s, buf, max);
2730	6	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		50
2731	2		succeeded = 0;
2732
2733			/* If in list context, return 2-item list:
2734			* first return value: data gotten, or undef on error (got<0)
2735			* second return value: result from SSL_peek()
2736			*/
2737	6	100	if (GIMME_V==G_LIST) {
2738	2	50	EXTEND(SP, 2);
2739	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2740	2		PUSHs(sv_2mortal(newSViv(got)));
2741
2742			/* If in scalar or void context, return data gotten, or undef on error. */
2743			} else {
2744	4	50	EXTEND(SP, 1);
2745	4	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2746			}
2747	6		Safefree(buf);
2748
2749			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2750
2751			void
2752			SSL_read_ex(s,max=32768)
2753			SSL * s
2754			int max
2755			PREINIT:
2756			char *buf;
2757			size_t readbytes;
2758			int succeeded;
2759			PPCODE:
2760	4		Newx(buf, max, char);
2761
2762	4		succeeded = SSL_read_ex(s, buf, max, &readbytes);
2763
2764			/* Return 2-item list:
2765			* first return value: data gotten, or undef on error
2766			* second return value: result from SSL_read_ex()
2767			*/
2768	4	50	EXTEND(SP, 2);
2769	4	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2770	4		PUSHs(sv_2mortal(newSViv(succeeded)));
2771
2772	4		Safefree(buf);
2773
2774
2775			void
2776			SSL_peek_ex(s,max=32768)
2777			SSL * s
2778			int max
2779			PREINIT:
2780			char *buf;
2781			size_t readbytes;
2782			int succeeded;
2783			PPCODE:
2784	2		Newx(buf, max, char);
2785
2786	2		succeeded = SSL_peek_ex(s, buf, max, &readbytes);
2787
2788			/* Return 2-item list:
2789			* first return value: data gotten, or undef on error
2790			* second return value: result from SSL_peek_ex()
2791			*/
2792	2	50	EXTEND(SP, 2);
2793	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2794	2		PUSHs(sv_2mortal(newSViv(succeeded)));
2795
2796	2		Safefree(buf);
2797
2798			void
2799			SSL_write_ex(s,buf)
2800			SSL * s
2801			PREINIT:
2802			STRLEN len;
2803			size_t written;
2804			int succeeded;
2805			INPUT:
2806			char * buf = SvPV( ST(1), len);
2807			PPCODE:
2808	1		succeeded = SSL_write_ex(s, buf, len, &written);
2809
2810			/* Return 2-item list:
2811			* first return value: data gotten, or undef on error
2812			* second return value: result from SSL_read_ex()
2813			*/
2814	1	50	EXTEND(SP, 2);
2815	1		PUSHs(sv_2mortal(newSVuv(written)));
2816	1		PUSHs(sv_2mortal(newSViv(succeeded)));
2817
2818			#endif
2819
2820			int
2821			SSL_write(s,buf)
2822			SSL * s
2823			PREINIT:
2824			STRLEN len;
2825			INPUT:
2826			char * buf = SvPV( ST(1), len);
2827			CODE:
2828	45		RETVAL = SSL_write (s, buf, (int)len);
2829			OUTPUT:
2830			RETVAL
2831
2832			int
2833			SSL_write_partial(s,from,count,buf)
2834			SSL * s
2835			int from
2836			int count
2837			PREINIT:
2838			STRLEN ulen;
2839			IV len;
2840			INPUT:
2841			char * buf = SvPV( ST(3), ulen);
2842			CODE:
2843			/*
2844			if (SvROK( ST(3) )) {
2845			SV* t = SvRV( ST(3) );
2846			buf = SvPV( t, len);
2847			} else
2848			buf = SvPV( ST(3), len);
2849			*/
2850			PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen);
2851			/PR2("buf='%s'\n",&buf[from]); / too noisy */
2852	22		len = (IV)ulen;
2853	22		len -= from;
2854	22	50	if (len < 0) {
2855	0		croak("from beyound end of buffer");
2856			RETVAL = -1;
2857			} else
2858	22		RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
2859			OUTPUT:
2860			RETVAL
2861
2862			int
2863			SSL_use_RSAPrivateKey(s,rsa)
2864			SSL * s
2865			RSA * rsa
2866
2867			int
2868			SSL_use_RSAPrivateKey_ASN1(s,d,len)
2869			SSL * s
2870			unsigned char * d
2871			long len
2872
2873			int
2874			SSL_use_RSAPrivateKey_file(s,file,type)
2875			SSL * s
2876			char * file
2877			int type
2878
2879			int
2880			SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
2881			SSL_CTX * ctx
2882			char * file
2883			int type
2884
2885			int
2886			SSL_use_PrivateKey(s,pkey)
2887			SSL * s
2888			EVP_PKEY * pkey
2889
2890			int
2891			SSL_use_PrivateKey_ASN1(pk,s,d,len)
2892			int pk
2893			SSL * s
2894			unsigned char * d
2895			long len
2896
2897			int
2898			SSL_use_PrivateKey_file(s,file,type)
2899			SSL * s
2900			char * file
2901			int type
2902
2903			int
2904			SSL_CTX_use_PrivateKey_file(ctx,file,type)
2905			SSL_CTX * ctx
2906			char * file
2907			int type
2908
2909			int
2910			SSL_use_certificate(s,x)
2911			SSL * s
2912			X509 * x
2913
2914			int
2915			SSL_use_certificate_ASN1(s,d,len)
2916			SSL * s
2917			unsigned char * d
2918			long len
2919
2920			int
2921			SSL_use_certificate_file(s,file,type)
2922			SSL * s
2923			char * file
2924			int type
2925
2926			int
2927			SSL_CTX_use_certificate_file(ctx,file,type)
2928			SSL_CTX * ctx
2929			char * file
2930			int type
2931
2932			const char *
2933			SSL_state_string(s)
2934			SSL * s
2935
2936			const char *
2937			SSL_rstate_string(s)
2938			SSL * s
2939
2940			const char *
2941			SSL_state_string_long(s)
2942			SSL * s
2943
2944			const char *
2945			SSL_rstate_string_long(s)
2946			SSL * s
2947
2948
2949			long
2950			SSL_get_time(ses)
2951			SSL_SESSION * ses
2952
2953			long
2954			SSL_set_time(ses,t)
2955			SSL_SESSION * ses
2956			long t
2957
2958			long
2959			SSL_get_timeout(ses)
2960			SSL_SESSION * ses
2961
2962			long
2963			SSL_set_timeout(ses,t)
2964			SSL_SESSION * ses
2965			long t
2966
2967			void
2968			SSL_copy_session_id(to,from)
2969			SSL * to
2970			SSL * from
2971
2972			void
2973			SSL_set_read_ahead(s,yes=1)
2974			SSL * s
2975			int yes
2976
2977			int
2978			SSL_get_read_ahead(s)
2979			SSL * s
2980
2981			int
2982			SSL_pending(s)
2983			SSL * s
2984
2985			#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
2986
2987			int
2988			SSL_has_pending(s)
2989			SSL * s
2990
2991			#endif
2992
2993			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) /* OpenSSL 1.1.0-pre3 */
2994			#
2995			# /* LibreSSL 2.7.0 has OPENSSL_init_{ssl,crypto} but it does not
2996			# * have a definition of OPENSSL_INIT_SETTINGS and uses void * as
2997			# * the second argument type.
2998			# */
2999
3000			#ifdef NET_SSLEAY_32BIT_INT_PERL
3001			int
3002			OPENSSL_init_ssl(double opts, SV *sv_settings = &PL_sv_undef)
3003			PREINIT:
3004			const OPENSSL_INIT_SETTINGS *settings = NULL;
3005			CODE:
3006			if (sv_settings != &PL_sv_undef)
3007			settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3008			RETVAL = OPENSSL_init_ssl(opts, settings);
3009			OUTPUT:
3010			RETVAL
3011
3012			int
3013			OPENSSL_init_crypto(double opts, SV *sv_settings = &PL_sv_undef)
3014			PREINIT:
3015			const OPENSSL_INIT_SETTINGS *settings = NULL;
3016			CODE:
3017			if (sv_settings != &PL_sv_undef)
3018			settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3019			RETVAL = OPENSSL_init_crypto(opts, settings);
3020			OUTPUT:
3021			RETVAL
3022
3023			#else
3024			int
3025			OPENSSL_init_ssl(uint64_t opts, SV *sv_settings = &PL_sv_undef)
3026			PREINIT:
3027	1	50	const OPENSSL_INIT_SETTINGS *settings = NULL;
3028			CODE:
3029	1	50	if (sv_settings != &PL_sv_undef)
3030	1		settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3031	1		RETVAL = OPENSSL_init_ssl(opts, settings);
3032			OUTPUT:
3033			RETVAL
3034
3035			int
3036			OPENSSL_init_crypto(uint64_t opts, SV *sv_settings = &PL_sv_undef)
3037			PREINIT:
3038	1	50	const OPENSSL_INIT_SETTINGS *settings = NULL;
3039			CODE:
3040	1	50	if (sv_settings != &PL_sv_undef)
3041	1		settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3042	1		RETVAL = OPENSSL_init_crypto(opts, settings);
3043			OUTPUT:
3044			RETVAL
3045
3046			#endif /* NET_SSLEAY_32BIT_INT_PERL */
3047
3048			#endif /* OpenSSL 1.1.0-pre3 */
3049
3050			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL) /* OpenSSL 1.1.0-pre3 or LibreSSL 3.6.0 */
3051
3052			void
3053			OPENSSL_cleanup()
3054
3055			#endif /* OpenSSL 1.1.0-pre3 or LibreSSL 3.6.0 */
3056
3057			#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0-pre3 */
3058
3059			OPENSSL_INIT_SETTINGS *
3060			OPENSSL_INIT_new()
3061
3062			#endif /* OpenSSL 1.1.0-pre3 */
3063
3064			#if OPENSSL_VERSION_NUMBER >= 0x1010102fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1b */
3065
3066			int
3067			OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS init, const char filename)
3068
3069			int
3070			OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS init, const char name)
3071
3072			void
3073			OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init)
3074
3075			#endif /* OpenSSL 1.1.0-pre3 */
3076
3077			#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 3.0.0-alpha1 */
3078
3079			void
3080			OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, unsigned long flags)
3081
3082			#endif /* OpenSSL 3.0.0-alpha1 */
3083
3084			int
3085			SSL_CTX_set_cipher_list(s,str)
3086			SSL_CTX * s
3087			char * str
3088
3089			void
3090			SSL_get_ciphers(s)
3091			SSL * s
3092			PREINIT:
3093	4		STACK_OF(SSL_CIPHER) *sk = NULL;
3094			const SSL_CIPHER *c;
3095			int i;
3096			PPCODE:
3097	4		sk = SSL_get_ciphers(s);
3098	4	100	if( sk == NULL ) {
3099	2		XSRETURN_EMPTY;
3100			}
3101	122	100	for (i=0; i
3102	120		c = sk_SSL_CIPHER_value(sk, i);
3103	120	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(c))));
3104			}
3105
3106			const char *
3107			SSL_get_cipher_list(s,n)
3108			SSL * s
3109			int n
3110
3111			int
3112			SSL_set_cipher_list(s,str)
3113			SSL * s
3114			char * str
3115
3116			const char *
3117			SSL_get_cipher(s)
3118			SSL * s
3119
3120			void
3121			SSL_get_shared_ciphers(s,ignored_param1=0,ignored_param2=0)
3122			SSL *s
3123			int ignored_param1
3124			int ignored_param2
3125			PREINIT:
3126			char buf[8192];
3127			CODE:
3128	7		ST(0) = sv_newmortal(); /* undef to start with */
3129	7	50	if(SSL_get_shared_ciphers(s, buf, sizeof(buf)))
3130	7		sv_setpvn(ST(0), buf, strlen(buf));
3131
3132			X509 *
3133			SSL_get_peer_certificate(s)
3134			SSL * s
3135
3136			void
3137			SSL_get_peer_cert_chain(s)
3138			SSL * s
3139			PREINIT:
3140	0		STACK_OF(X509) *chain = NULL;
3141			X509 *x;
3142			int i;
3143			PPCODE:
3144	0		chain = SSL_get_peer_cert_chain(s);
3145	0	0	if( chain == NULL ) {
3146	0		XSRETURN_EMPTY;
3147			}
3148	0	0	for (i=0; i
3149	0		x = sk_X509_value(chain, i);
3150	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
3151			}
3152
3153			void
3154			SSL_set_verify(s,mode,callback)
3155			SSL * s
3156			int mode
3157			SV * callback
3158			CODE:
3159	7	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
3160	0		SSL_set_verify(s, mode, NULL);
3161	0		cb_data_advanced_put(s, "ssleay_verify_callback!!func", NULL);
3162			}
3163			else {
3164	7		cb_data_advanced_put(s, "ssleay_verify_callback!!func", newSVsv(callback));
3165	7		SSL_set_verify(s, mode, &ssleay_verify_callback_invoke);
3166			}
3167
3168			void
3169			SSL_set_bio(s,rbio,wbio)
3170			SSL * s
3171			BIO * rbio
3172			BIO * wbio
3173
3174			BIO *
3175			SSL_get_rbio(s)
3176			SSL * s
3177
3178			BIO *
3179			SSL_get_wbio(s)
3180			SSL * s
3181
3182
3183			SSL_SESSION *
3184			SSL_SESSION_new()
3185
3186			int
3187			SSL_SESSION_print(fp,ses)
3188			BIO * fp
3189			SSL_SESSION * ses
3190
3191			void
3192			SSL_SESSION_free(ses)
3193			SSL_SESSION * ses
3194
3195			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3196
3197			int
3198			SSL_SESSION_is_resumable(ses)
3199			SSL_SESSION * ses
3200
3201			SSL_SESSION *
3202			SSL_SESSION_dup(sess)
3203			SSL_SESSION * sess
3204
3205			#endif
3206			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
3207
3208			void
3209			SSL_set_post_handshake_auth(SSL *ssl, int val)
3210
3211			int
3212			SSL_verify_client_post_handshake(SSL *ssl)
3213
3214			#endif
3215
3216			void
3217			i2d_SSL_SESSION(sess)
3218			SSL_SESSION * sess
3219			PREINIT:
3220			STRLEN len;
3221			unsigned char pc,pi;
3222			PPCODE:
3223	3	50	if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION");
3224	3		Newx(pc,len,unsigned char);
3225	3	50	if (!pc) croak("out of memory");
3226	3		pi = pc;
3227	3		i2d_SSL_SESSION(sess,&pi);
3228	3	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
3229	3		Safefree(pc);
3230
3231
3232			SSL_SESSION *
3233			d2i_SSL_SESSION(pv)
3234			SV *pv
3235			CODE:
3236	7		RETVAL = NULL;
3237	7	50	if (SvPOK(pv)) {
3238			const unsigned char *p;
3239			STRLEN len;
3240	7		p = (unsigned char*)SvPV(pv,len);
3241	7		RETVAL = d2i_SSL_SESSION(NULL,&p,len);
3242			}
3243			OUTPUT:
3244			RETVAL
3245
3246			#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
3247
3248			int
3249			SSL_SESSION_up_ref(sess)
3250			SSL_SESSION * sess
3251
3252			#endif
3253
3254			int
3255			SSL_set_session(to,ses)
3256			SSL * to
3257			SSL_SESSION * ses
3258
3259			#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
3260
3261			SSL_SESSION *
3262			SSL_get_session(s)
3263			SSL * s
3264			ALIAS:
3265			SSL_get0_session = 1
3266
3267			SSL_SESSION *
3268			SSL_get1_session(s)
3269			SSL * s
3270
3271			X509 *
3272			SSL_get_certificate(s)
3273			SSL * s
3274
3275			SSL_CTX *
3276			SSL_get_SSL_CTX(s)
3277			SSL * s
3278
3279			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
3280
3281			SSL_CTX *
3282			SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
3283
3284			#endif
3285
3286			long
3287			SSL_ctrl(ssl,cmd,larg,parg)
3288			SSL * ssl
3289			int cmd
3290			long larg
3291			char * parg
3292
3293			long
3294			SSL_CTX_ctrl(ctx,cmd,larg,parg)
3295			SSL_CTX * ctx
3296			int cmd
3297			long larg
3298			char * parg
3299
3300			#ifdef NET_SSLEAY_32BIT_CONSTANTS
3301
3302			long
3303			SSL_get_options(ssl)
3304			SSL * ssl
3305
3306			long
3307			SSL_set_options(ssl,op)
3308			SSL * ssl
3309			long op
3310
3311			long
3312			SSL_CTX_get_options(ctx)
3313			SSL_CTX * ctx
3314
3315			long
3316			SSL_CTX_set_options(ctx,op)
3317			SSL_CTX * ctx
3318			long op
3319
3320			#else
3321
3322			uint64_t
3323			SSL_get_options(ssl)
3324			SSL * ssl
3325
3326			uint64_t
3327			SSL_set_options(ssl,op)
3328			SSL * ssl
3329			uint64_t op
3330
3331			uint64_t
3332			SSL_CTX_get_options(ctx)
3333			SSL_CTX * ctx
3334
3335			uint64_t
3336			SSL_CTX_set_options(ctx,op)
3337			SSL_CTX * ctx
3338			uint64_t op
3339
3340			#endif
3341
3342			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
3343
3344			struct lhash_st_SSL_SESSION *
3345			SSL_CTX_sessions(ctx)
3346			SSL_CTX * ctx
3347
3348			#else
3349
3350			LHASH *
3351			SSL_CTX_sessions(ctx)
3352			SSL_CTX * ctx
3353			CODE:
3354			/* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
3355			if (ctx == NULL) croak("NULL SSL context passed as argument.");
3356			RETVAL = ctx -> sessions;
3357			OUTPUT:
3358			RETVAL
3359
3360			#endif
3361
3362			unsigned long
3363			SSL_CTX_sess_number(ctx)
3364			SSL_CTX * ctx
3365
3366			int
3367			SSL_CTX_sess_connect(ctx)
3368			SSL_CTX * ctx
3369
3370			int
3371			SSL_CTX_sess_connect_good(ctx)
3372			SSL_CTX * ctx
3373
3374			int
3375			SSL_CTX_sess_connect_renegotiate(ctx)
3376			SSL_CTX * ctx
3377
3378			int
3379			SSL_CTX_sess_accept(ctx)
3380			SSL_CTX * ctx
3381
3382			int
3383			SSL_CTX_sess_accept_renegotiate(ctx)
3384			SSL_CTX * ctx
3385
3386			int
3387			SSL_CTX_sess_accept_good(ctx)
3388			SSL_CTX * ctx
3389
3390			int
3391			SSL_CTX_sess_hits(ctx)
3392			SSL_CTX * ctx
3393
3394			int
3395			SSL_CTX_sess_cb_hits(ctx)
3396			SSL_CTX * ctx
3397
3398			int
3399			SSL_CTX_sess_misses(ctx)
3400			SSL_CTX * ctx
3401
3402			int
3403			SSL_CTX_sess_timeouts(ctx)
3404			SSL_CTX * ctx
3405
3406			int
3407			SSL_CTX_sess_cache_full(ctx)
3408			SSL_CTX * ctx
3409
3410			int
3411			SSL_CTX_sess_get_cache_size(ctx)
3412			SSL_CTX * ctx
3413
3414			long
3415			SSL_CTX_sess_set_cache_size(ctx,size)
3416			SSL_CTX * ctx
3417			int size
3418
3419			int
3420			SSL_want(s)
3421			SSL * s
3422
3423			# OpenSSL 1.1.1 documents SSL_in_init and the related functions as
3424			# returning 0 or 1. However, older versions and e.g. LibreSSL may
3425			# return other values than 1 which we fold to 1.
3426			int
3427			SSL_in_before(s)
3428			SSL * s
3429			CODE:
3430	7	100	RETVAL = SSL_in_before(s) == 0 ? 0 : 1;
3431			OUTPUT:
3432			RETVAL
3433
3434			int
3435			SSL_is_init_finished(s)
3436			SSL * s
3437			CODE:
3438	7	100	RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1;
3439			OUTPUT:
3440			RETVAL
3441
3442			int
3443			SSL_in_init(s)
3444			SSL * s
3445			CODE:
3446	7	100	RETVAL = SSL_in_init(s) == 0 ? 0 : 1;
3447			OUTPUT:
3448			RETVAL
3449
3450			int
3451			SSL_in_connect_init(s)
3452			SSL * s
3453			CODE:
3454	2	50	RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1;
		100
		50
3455			OUTPUT:
3456			RETVAL
3457
3458			int
3459			SSL_in_accept_init(s)
3460			SSL * s
3461			CODE:
3462	2	50	RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1;
		100
		50
3463			OUTPUT:
3464			RETVAL
3465
3466			#if OPENSSL_VERSION_NUMBER < 0x10100000L
3467			int
3468			SSL_state(s)
3469			SSL * s
3470
3471			int
3472			SSL_get_state(ssl)
3473			SSL * ssl
3474			CODE:
3475			RETVAL = SSL_state(ssl);
3476			OUTPUT:
3477			RETVAL
3478
3479
3480			#else
3481			int
3482			SSL_state(s)
3483			SSL * s
3484			CODE:
3485	0	0	RETVAL = SSL_get_state(s);
3486			OUTPUT:
3487			RETVAL
3488
3489
3490			int
3491			SSL_get_state(s)
3492			SSL * s
3493
3494			#endif
3495			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
3496
3497			long
3498			SSL_set_tlsext_host_name(SSL ssl, const char name)
3499
3500			const char *
3501			SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name)
3502
3503			int
3504			SSL_get_servername_type(const SSL *s)
3505
3506			void
3507			SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
3508			SSL_CTX * ctx
3509			SV * callback
3510			SV * data
3511			CODE:
3512	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
3513	0		SSL_CTX_set_tlsext_servername_callback(ctx, NULL);
3514	0		SSL_CTX_set_tlsext_servername_arg(ctx, NULL);
3515	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL);
3516	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL);
3517			} else {
3518	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data));
3519	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback));
3520	0		SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke);
3521	0		SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx);
3522			}
3523
3524			#endif
3525
3526			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */
3527			#ifndef LIBRESSL_VERSION_NUMBER
3528			void
3529			SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef)
3530			SSL * ssl
3531			SV * callback
3532			CODE:
3533	4	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
3534	0		SSL_set_default_passwd_cb(ssl, NULL);
3535	0		SSL_set_default_passwd_cb_userdata(ssl, NULL);
3536	0		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL);
3537			}
3538			else {
3539	4		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback));
3540	4		SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl);
3541	4		SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke);
3542			}
3543
3544			void
3545			SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef)
3546			SSL * ssl
3547			SV * data
3548			CODE:
3549			/* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */
3550	2	50	if (data==NULL \|\| !SvOK(data)) {
		50
3551	0		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL);
3552			}
3553			else {
3554	2		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data));
3555			}
3556
3557			#endif /* !LibreSSL */
3558			#endif /* >= 1.1.0f */
3559
3560			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
3561
3562			void
3563			SSL_set_security_level(SSL * ssl, int level)
3564
3565			int
3566			SSL_get_security_level(SSL * ssl)
3567
3568			#endif
3569
3570			#if (OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
3571
3572			int
3573			SSL_set_num_tickets(SSL *ssl, size_t num_tickets)
3574
3575			size_t
3576			SSL_get_num_tickets(SSL *ssl)
3577
3578			#endif
3579
3580			#if (OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
3581
3582			int
3583			SSL_set_ciphersuites(SSL ssl, const char str)
3584
3585			#endif
3586
3587			const BIO_METHOD *
3588			BIO_f_ssl()
3589
3590			const BIO_METHOD *
3591			BIO_s_mem()
3592
3593			unsigned long
3594			ERR_get_error()
3595
3596			unsigned long
3597			ERR_peek_error()
3598
3599			void
3600			ERR_put_error(lib,func,reason,file,line)
3601			int lib
3602			int func
3603			int reason
3604			char * file
3605			int line
3606
3607			void
3608			ERR_clear_error()
3609
3610			char *
3611			ERR_error_string(error,buf=NULL)
3612			unsigned long error
3613			char * buf
3614			CODE:
3615	10		RETVAL = ERR_error_string(error,buf);
3616			OUTPUT:
3617			RETVAL
3618
3619			void
3620			SSL_load_error_strings()
3621
3622			void
3623			ERR_load_crypto_strings()
3624
3625			int
3626			SSL_FIPS_mode_set(int onoff)
3627			CODE:
3628			#ifdef USE_ITHREADS
3629			MUTEX_LOCK(&LIB_init_mutex);
3630			#endif
3631			#ifdef OPENSSL_FIPS
3632			RETVAL = FIPS_mode_set(onoff);
3633			if (!RETVAL)
3634			{
3635			ERR_load_crypto_strings();
3636			ERR_print_errors_fp(stderr);
3637			}
3638			#else
3639	0		RETVAL = 1;
3640	0		fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n");
3641			#endif
3642			#ifdef USE_ITHREADS
3643			MUTEX_UNLOCK(&LIB_init_mutex);
3644			#endif
3645			OUTPUT:
3646			RETVAL
3647
3648
3649			int
3650			SSL_library_init()
3651			ALIAS:
3652			SSLeay_add_ssl_algorithms = 1
3653			OpenSSL_add_ssl_algorithms = 2
3654			add_ssl_algorithms = 3
3655			CODE:
3656			#ifdef USE_ITHREADS
3657			MUTEX_LOCK(&LIB_init_mutex);
3658			#endif
3659	48		RETVAL = 0;
3660	48	100	if (!LIB_initialized) {
3661	47		RETVAL = SSL_library_init();
3662	47		LIB_initialized = 1;
3663			}
3664			#ifdef USE_ITHREADS
3665			MUTEX_UNLOCK(&LIB_init_mutex);
3666			#endif
3667			OUTPUT:
3668			RETVAL
3669
3670			#ifndef OPENSSL_NO_ENGINE
3671
3672			void
3673			ENGINE_load_builtin_engines()
3674
3675			void
3676			ENGINE_register_all_complete()
3677
3678			ENGINE*
3679			ENGINE_by_id(id)
3680			char * id
3681
3682			int
3683			ENGINE_set_default(e, flags)
3684			ENGINE * e
3685			int flags
3686
3687			#endif /* OPENSSL_NO_ENGINE */
3688
3689			void
3690			ERR_load_SSL_strings()
3691
3692			void
3693			ERR_load_RAND_strings()
3694
3695			int
3696			RAND_bytes(buf, num)
3697			SV *buf
3698			int num
3699			PREINIT:
3700			int rc;
3701			unsigned char *random;
3702			CODE:
3703	7		New(0, random, num, unsigned char);
3704	7		rc = RAND_bytes(random, num);
3705	7		sv_setpvn(buf, (const char*)random, num);
3706	7		Safefree(random);
3707	7	100	RETVAL = rc;
3708			OUTPUT:
3709			RETVAL
3710
3711			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3712
3713			int
3714			RAND_priv_bytes(buf, num)
3715			SV *buf
3716			int num
3717			PREINIT:
3718			int rc;
3719			unsigned char *random;
3720			CODE:
3721	5		New(0, random, num, unsigned char);
3722	5		rc = RAND_priv_bytes(random, num);
3723	5		sv_setpvn(buf, (const char*)random, num);
3724	5		Safefree(random);
3725	5	100	RETVAL = rc;
3726			OUTPUT:
3727			RETVAL
3728
3729			#endif
3730
3731			int
3732			RAND_pseudo_bytes(buf, num)
3733			SV *buf
3734			int num
3735			PREINIT:
3736			int rc;
3737			unsigned char *random;
3738			CODE:
3739	5		New(0, random, num, unsigned char);
3740	5		rc = RAND_pseudo_bytes(random, num);
3741	5		sv_setpvn(buf, (const char*)random, num);
3742	5		Safefree(random);
3743	5	100	RETVAL = rc;
3744			OUTPUT:
3745			RETVAL
3746
3747			void
3748			RAND_add(buf, num, entropy)
3749			SV *buf
3750			int num
3751			double entropy
3752			PREINIT:
3753			STRLEN len;
3754			CODE:
3755	0		RAND_add((const void *)SvPV(buf, len), num, entropy);
3756
3757			int
3758			RAND_poll()
3759
3760			int
3761			RAND_status()
3762
3763			SV *
3764			RAND_file_name(num)
3765			size_t num
3766			PREINIT:
3767			char *buf;
3768			CODE:
3769	3		Newxz(buf, num, char);
3770	3	100	if (!RAND_file_name(buf, num)) {
3771	1		Safefree(buf);
3772	1		XSRETURN_UNDEF;
3773			}
3774	2		RETVAL = newSVpv(buf, 0);
3775	2		Safefree(buf);
3776			OUTPUT:
3777			RETVAL
3778
3779			void
3780			RAND_seed(buf)
3781			PREINIT:
3782			STRLEN len;
3783			INPUT:
3784			char *buf = SvPV(ST(0), len);
3785			CODE:
3786	49		RAND_seed (buf, (int)len);
3787
3788			void
3789			RAND_cleanup()
3790
3791			int
3792			RAND_load_file(file_name, how_much)
3793			char * file_name
3794			int how_much
3795
3796			int
3797			RAND_write_file(file_name)
3798			char * file_name
3799
3800			#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
3801
3802			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2050000fL)
3803
3804			int
3805			X509_check_host(X509 cert, const char name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
3806			PREINIT:
3807	0	0	char *c_peername = NULL;
3808			CODE:
3809	0	0	RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
3810	0	0	if (items == 4)
3811	0		sv_setpv(peername, c_peername);
3812			OUTPUT:
3813			RETVAL
3814			CLEANUP:
3815	0	0	if (c_peername)
3816	0		OPENSSL_free(c_peername);
3817
3818			int
3819			X509_check_email(X509 cert, const char address, unsigned int flags = 0)
3820			CODE:
3821	0		RETVAL = X509_check_email(cert, address, 0, flags);
3822			OUTPUT:
3823			RETVAL
3824
3825			int
3826			X509_check_ip(X509 cert, SV address, unsigned int flags = 0)
3827			PREINIT:
3828			unsigned char *c_address;
3829			size_t addresslen;
3830			CODE:
3831	0		c_address = (unsigned char *)SvPV(address, addresslen);
3832	0		RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
3833			OUTPUT:
3834			RETVAL
3835
3836			int
3837			X509_check_ip_asc(X509 cert, const char address, unsigned int flags = 0)
3838
3839			#endif
3840
3841			X509_NAME*
3842			X509_get_issuer_name(cert)
3843			X509 * cert
3844
3845			X509_NAME*
3846			X509_get_subject_name(cert)
3847			X509 * cert
3848
3849			void *
3850			X509_get_ex_data(cert,idx)
3851			X509 * cert
3852			int idx
3853
3854			int
3855			X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3856			long argl
3857			void * argp
3858			CRYPTO_EX_new * new_func
3859			CRYPTO_EX_dup * dup_func
3860			CRYPTO_EX_free * free_func
3861
3862			void *
3863			X509_get_app_data(cert)
3864			X509 * cert
3865			CODE:
3866	0		RETVAL = X509_get_ex_data(cert,0);
3867			OUTPUT:
3868			RETVAL
3869
3870			int
3871			X509_set_ex_data(cert,idx,data)
3872			X509 * cert
3873			int idx
3874			void * data
3875
3876			int
3877			X509_set_app_data(cert,arg)
3878			X509 * cert
3879			char * arg
3880			CODE:
3881	0		RETVAL = X509_set_ex_data(cert,0,arg);
3882			OUTPUT:
3883			RETVAL
3884
3885			int
3886			X509_set_issuer_name(X509 x, X509_NAME name)
3887
3888			int
3889			X509_set_subject_name(X509 x, X509_NAME name)
3890
3891			int
3892			X509_set_version(X509 *x, long version)
3893
3894			int
3895			X509_set_pubkey(X509 x, EVP_PKEY pkey)
3896
3897			long
3898			X509_get_version(X509 *x)
3899
3900			EVP_PKEY *
3901			X509_get_pubkey(X509 *x)
3902
3903			ASN1_INTEGER *
3904			X509_get_serialNumber(X509 *x)
3905
3906			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2080100fL)
3907
3908			const ASN1_INTEGER *
3909			X509_get0_serialNumber(const X509 *x)
3910
3911			#endif
3912
3913			int
3914			X509_set_serialNumber(X509 x, ASN1_INTEGER serial)
3915
3916			int
3917			X509_certificate_type(X509 x, EVP_PKEY pubkey=NULL);
3918
3919			int
3920			X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
3921
3922			int
3923			X509_verify(X509 x, EVP_PKEY r)
3924
3925			X509_NAME *
3926			X509_NAME_new()
3927
3928			unsigned long
3929			X509_NAME_hash(X509_NAME *name)
3930
3931			void
3932			X509_NAME_oneline(name)
3933			X509_NAME * name
3934			PREINIT:
3935			char * buf;
3936			CODE:
3937	17		ST(0) = sv_newmortal(); /* Undefined to start with */
3938	17	50	if ((buf = X509_NAME_oneline(name, NULL, 0))) {
3939	17		sv_setpvn( ST(0), buf, strlen(buf));
3940	17		OPENSSL_free(buf); /* mem was allocated by openssl */
3941			}
3942
3943			void
3944			X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0)
3945			X509_NAME * name
3946			unsigned long flags
3947			int utf8_decode
3948			PREINIT:
3949			char * buf;
3950			BIO * bp;
3951	13	50	int n, i, ident=0;
3952			CODE:
3953	13		ST(0) = sv_newmortal(); /* undef to start with */
3954	13		bp = BIO_new(BIO_s_mem());
3955	13	50	if (bp) {
3956	13	50	if (X509_NAME_print_ex(bp, name, ident, flags)) {
3957	13		n = BIO_ctrl_pending(bp);
3958	13		New(0, buf, n, char);
3959	13	50	if (buf) {
3960	13		i = BIO_read(bp,buf,n);
3961	13	50	if (i>=0 && i<=n) {
		50
3962	13		sv_setpvn(ST(0), buf, i);
3963	13	50	if (utf8_decode) sv_utf8_decode(ST(0));
3964			}
3965	13		Safefree(buf);
3966			}
3967			}
3968	13		BIO_free(bp);
3969			}
3970
3971			void
3972			X509_NAME_get_text_by_NID(name,nid)
3973			X509_NAME * name
3974			int nid
3975			PREINIT:
3976			char* buf;
3977			int length;
3978			CODE:
3979	1		ST(0) = sv_newmortal(); /* Undefined to start with */
3980	1		length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
3981
3982	1	50	if (length>=0) {
3983	1		New(0, buf, length+1, char);
3984	1	50	if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0)
3985	1		sv_setpvn( ST(0), buf, length);
3986	1		Safefree(buf);
3987			}
3988
3989			int
3990			X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0)
3991			X509_NAME *name
3992			int nid
3993			int type
3994			int loc
3995			int set
3996			PREINIT:
3997			STRLEN len;
3998			INPUT:
3999			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4000			CODE:
4001	1		RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set);
4002			OUTPUT:
4003			RETVAL
4004
4005			int
4006			X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0)
4007			X509_NAME *name
4008			ASN1_OBJECT *obj
4009			int type
4010			int loc
4011			int set
4012			PREINIT:
4013			STRLEN len;
4014			INPUT:
4015			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4016			CODE:
4017	1		RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set);
4018			OUTPUT:
4019			RETVAL
4020
4021			int
4022			X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0)
4023			X509_NAME *name
4024			char *field
4025			int type
4026			int loc
4027			int set
4028			PREINIT:
4029			STRLEN len;
4030			INPUT:
4031			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4032			CODE:
4033	6		RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set);
4034			OUTPUT:
4035			RETVAL
4036
4037			int
4038			X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
4039
4040			int
4041			X509_NAME_entry_count(X509_NAME *name)
4042
4043			X509_NAME_ENTRY *
4044			X509_NAME_get_entry(X509_NAME *name, int loc)
4045
4046			ASN1_STRING *
4047			X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
4048
4049			ASN1_OBJECT *
4050			X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
4051
4052			void
4053			X509_CRL_free(X509_CRL *x)
4054
4055			X509_CRL *
4056			X509_CRL_new()
4057
4058			int
4059			X509_CRL_set_version(X509_CRL *x, long version)
4060
4061			int
4062			X509_CRL_set_issuer_name(X509_CRL x, X509_NAME name)
4063
4064			int
4065			X509_CRL_sort(X509_CRL *x)
4066
4067			long
4068			X509_CRL_get_version(X509_CRL *x)
4069
4070			X509_NAME *
4071			X509_CRL_get_issuer(X509_CRL *x)
4072
4073			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4074
4075			const ASN1_TIME *
4076			X509_CRL_get0_lastUpdate(const X509_CRL *crl)
4077			ALIAS:
4078			X509_CRL_get_lastUpdate = 1
4079
4080			const ASN1_TIME *
4081			X509_CRL_get0_nextUpdate(const X509_CRL *crl)
4082			ALIAS:
4083			X509_CRL_get_nextUpdate = 1
4084
4085			int
4086			X509_CRL_set1_lastUpdate(X509_CRL x, ASN1_TIME tm)
4087			ALIAS:
4088			X509_CRL_set_lastUpdate = 1
4089
4090			int
4091			X509_CRL_set1_nextUpdate(X509_CRL x, ASN1_TIME tm)
4092			ALIAS:
4093			X509_CRL_set_nextUpdate = 1
4094
4095			#else /* plain get/set is deprecated */
4096
4097			ASN1_TIME *
4098			X509_CRL_get_lastUpdate(X509_CRL *x)
4099			ALIAS:
4100			X509_CRL_get0_lastUpdate = 1
4101
4102			ASN1_TIME *
4103			X509_CRL_get_nextUpdate(X509_CRL *x)
4104			ALIAS:
4105			X509_CRL_get0_nextUpdate = 1
4106
4107			int
4108			X509_CRL_set_lastUpdate(X509_CRL x, ASN1_TIME tm)
4109			ALIAS:
4110			X509_CRL_set1_lastUpdate = 1
4111
4112			int
4113			X509_CRL_set_nextUpdate(X509_CRL x, ASN1_TIME tm)
4114			ALIAS:
4115			X509_CRL_set1_nextUpdate = 1
4116
4117			#endif
4118
4119			int
4120			X509_CRL_verify(X509_CRL a, EVP_PKEY r)
4121
4122			int
4123			X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
4124
4125			int
4126			P_X509_CRL_set_serial(crl,crl_number)
4127			X509_CRL *crl
4128			ASN1_INTEGER * crl_number;
4129			CODE:
4130	1		RETVAL = 0;
4131	1	50	if (crl && crl_number)
		50
4132	1	50	if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1;
4133			OUTPUT:
4134			RETVAL
4135
4136			ASN1_INTEGER *
4137			P_X509_CRL_get_serial(crl)
4138			X509_CRL *crl
4139			INIT:
4140			int i;
4141			CODE:
4142	1		RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL);
4143	1	50	if (!RETVAL \|\| i==-1) XSRETURN_UNDEF;
		50
4144			OUTPUT:
4145			RETVAL
4146
4147			void
4148			P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL)
4149			X509_CRL *crl
4150			char * serial_hex
4151			ASN1_TIME *rev_time
4152			long reason_code
4153			ASN1_TIME *comp_time
4154			PREINIT:
4155	2		BIGNUM *bn = NULL;
4156			ASN1_INTEGER *sn;
4157			X509_REVOKED *rev;
4158	2	50	ASN1_ENUMERATED *rsn = NULL;
4159			int rv;
4160			PPCODE:
4161	2		rv=0;
4162	2		rev = X509_REVOKED_new();
4163	2	50	if (rev) {
4164	2	50	if (BN_hex2bn(&bn, serial_hex)) {
4165	2		sn = BN_to_ASN1_INTEGER(bn, NULL);
4166	2	50	if (sn) {
4167	2		X509_REVOKED_set_serialNumber(rev, sn);
4168	2		ASN1_INTEGER_free(sn);
4169	2		rv = 1;
4170			}
4171	2		BN_free(bn);
4172			}
4173			}
4174	2	50	if (!rv) XSRETURN_IV(0);
4175
4176	2	50	if (!rev_time) XSRETURN_IV(0);
4177	2	50	if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0);
4178
4179	2	50	if(reason_code) {
4180	2		rv = 0;
4181	2		rsn = ASN1_ENUMERATED_new();
4182	2	50	if (rsn) {
4183	2	50	if (ASN1_ENUMERATED_set(rsn, reason_code))
4184	2	50	if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0))
4185	2		rv=1;
4186	2		ASN1_ENUMERATED_free(rsn);
4187			}
4188	2	50	if (!rv) XSRETURN_IV(0);
4189			}
4190
4191	2	50	if(comp_time) {
4192	2		X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0);
4193			}
4194
4195	2	50	if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0);
4196	2		XSRETURN_IV(1);
4197
4198			X509_REQ *
4199			X509_REQ_new()
4200
4201			void
4202			X509_REQ_free(X509_REQ *x)
4203
4204			X509_NAME *
4205			X509_REQ_get_subject_name(X509_REQ *x)
4206
4207			int
4208			X509_REQ_set_subject_name(X509_REQ x, X509_NAME name)
4209
4210			int
4211			X509_REQ_set_pubkey(X509_REQ x, EVP_PKEY pkey)
4212
4213			EVP_PKEY *
4214			X509_REQ_get_pubkey(X509_REQ *x)
4215
4216			int
4217			X509_REQ_sign(X509_REQ x, EVP_PKEY pk, const EVP_MD *md)
4218
4219			int
4220			X509_REQ_verify(X509_REQ x, EVP_PKEY r)
4221
4222			int
4223			X509_REQ_set_version(X509_REQ *x, long version)
4224
4225			long
4226			X509_REQ_get_version(X509_REQ *x)
4227
4228			int
4229			X509_REQ_get_attr_count(const X509_REQ *req);
4230
4231			int
4232			X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1)
4233
4234			int
4235			X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj, int lastpos=-1)
4236
4237			int
4238			X509_REQ_add1_attr_by_NID(req,nid,type,bytes)
4239			X509_REQ *req
4240			int nid
4241			int type
4242			PREINIT:
4243			STRLEN len;
4244			INPUT:
4245			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4246			CODE:
4247	2		RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len);
4248			OUTPUT:
4249			RETVAL
4250
4251			void
4252			P_X509_REQ_get_attr(req,n)
4253			X509_REQ *req
4254			int n
4255			INIT:
4256			X509_ATTRIBUTE * att;
4257			int count, i;
4258			ASN1_STRING * s;
4259			ASN1_TYPE * t;
4260			PPCODE:
4261	1		att = X509_REQ_get_attr(req,n);
4262	1		count = X509_ATTRIBUTE_count(att);
4263	2	100	for (i=0; i
4264	1		t = X509_ATTRIBUTE_get0_type(att, i);
4265	1		s = t->value.asn1_string;
4266	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
4267			}
4268
4269			int
4270			P_X509_REQ_add_extensions(x,...)
4271			X509_REQ *x
4272			PREINIT:
4273	1	50	int i=1;
4274			int nid;
4275			char *data;
4276			X509_EXTENSION *ex;
4277			STACK_OF(X509_EXTENSION) *stack;
4278			CODE:
4279	1	50	if (items>1) {
4280	1		RETVAL = 1;
4281	1		stack = sk_X509_EXTENSION_new_null();
4282	7	100	while(i+1
4283	6		nid = SvIV(ST(i));
4284	6		data = SvPV_nolen(ST(i+1));
4285	6		i+=2;
4286	6		ex = X509V3_EXT_conf_nid(NULL, NULL, nid, data);
4287	6	50	if (ex)
4288	6		sk_X509_EXTENSION_push(stack, ex);
4289			else
4290	0		RETVAL = 0;
4291			}
4292	1		X509_REQ_add_extensions(x, stack);
4293	1		sk_X509_EXTENSION_pop_free(stack, X509_EXTENSION_free);
4294			}
4295			else
4296	0		RETVAL = 0;
4297			OUTPUT:
4298			RETVAL
4299
4300			int
4301			P_X509_add_extensions(x,ca_cert,...)
4302			X509 *x
4303			X509 *ca_cert
4304			PREINIT:
4305	1	50	int i=2;
4306			int nid;
4307			char *data;
4308			X509_EXTENSION *ex;
4309			X509V3_CTX ctx;
4310			CODE:
4311	1	50	if (items>1) {
4312	1		RETVAL = 1;
4313	7	100	while(i+1
4314	6		nid = SvIV(ST(i));
4315	6		data = SvPV_nolen(ST(i+1));
4316	6		i+=2;
4317	6		X509V3_set_ctx(&ctx, ca_cert, x, NULL, NULL, 0);
4318	6		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
4319	6	50	if (ex) {
4320	6		X509_add_ext(x,ex,-1);
4321	6		X509_EXTENSION_free(ex);
4322			}
4323			else {
4324	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
4325	0		ERR_print_errors_fp(stderr);
4326	0		RETVAL = 0;
4327			}
4328			}
4329			}
4330			else
4331	0		RETVAL = 0;
4332			OUTPUT:
4333			RETVAL
4334
4335			int
4336			P_X509_CRL_add_extensions(x,ca_cert,...)
4337			X509_CRL *x
4338			X509 *ca_cert
4339			PREINIT:
4340	1	50	int i=2;
4341			int nid;
4342			char *data;
4343			X509_EXTENSION *ex;
4344			X509V3_CTX ctx;
4345			CODE:
4346	1	50	if (items>1) {
4347	1		RETVAL = 1;
4348	2	100	while(i+1
4349	1		nid = SvIV(ST(i));
4350	1		data = SvPV_nolen(ST(i+1));
4351	1		i+=2;
4352	1		X509V3_set_ctx(&ctx, ca_cert, NULL, NULL, x, 0);
4353	1		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
4354	1	50	if (ex) {
4355	1		X509_CRL_add_ext(x,ex,-1);
4356	1		X509_EXTENSION_free(ex);
4357			}
4358			else {
4359	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
4360	0		ERR_print_errors_fp(stderr);
4361	0		RETVAL = 0;
4362			}
4363			}
4364			}
4365			else
4366	0		RETVAL = 0;
4367			OUTPUT:
4368			RETVAL
4369
4370			void
4371			P_X509_copy_extensions(x509_req,x509,override=1)
4372			X509_REQ *x509_req
4373			X509 *x509
4374			int override
4375			PREINIT:
4376	1		STACK_OF(X509_EXTENSION) *exts = NULL;
4377			X509_EXTENSION ext, tmpext;
4378			ASN1_OBJECT *obj;
4379	1	50	int i, idx, ret = 1;
4380			PPCODE:
4381	1	50	if (!x509 \|\| !x509_req) XSRETURN_IV(0);
		50
4382	1		exts = X509_REQ_get_extensions(x509_req);
4383	7	100	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
4384	6		ext = sk_X509_EXTENSION_value(exts, i);
4385	6		obj = X509_EXTENSION_get_object(ext);
4386	6		idx = X509_get_ext_by_OBJ(x509, obj, -1);
4387			/* Does extension exist? */
4388	6	50	if (idx != -1) {
4389	0	0	if (override) continue; /* don't override existing extension */
4390			/* Delete all extensions of same type */
4391			do {
4392	0		tmpext = X509_get_ext(x509, idx);
4393	0		X509_delete_ext(x509, idx);
4394	0		X509_EXTENSION_free(tmpext);
4395	0		idx = X509_get_ext_by_OBJ(x509, obj, -1);
4396	0	0	} while (idx != -1);
4397			}
4398	6	50	if (!X509_add_ext(x509, ext, -1)) ret = 0;
4399			}
4400	1		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
4401	1		XSRETURN_IV(ret);
4402
4403			X509 *
4404			X509_STORE_CTX_get_current_cert(x509_store_ctx)
4405			X509_STORE_CTX * x509_store_ctx
4406
4407			#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */
4408
4409			X509 *
4410			X509_STORE_CTX_get0_cert(x509_store_ctx)
4411			X509_STORE_CTX *x509_store_ctx
4412
4413			#endif
4414
4415			STACK_OF(X509) *
4416			X509_STORE_CTX_get1_chain(x509_store_ctx)
4417			X509_STORE_CTX *x509_store_ctx
4418
4419
4420			int
4421			X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
4422			long argl
4423			void * argp
4424			CRYPTO_EX_new * new_func
4425			CRYPTO_EX_dup * dup_func
4426			CRYPTO_EX_free * free_func
4427
4428			void *
4429			X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
4430			X509_STORE_CTX * x509_store_ctx
4431			int idx
4432
4433			void *
4434			X509_STORE_CTX_get_app_data(x509_store_ctx)
4435			X509_STORE_CTX * x509_store_ctx
4436			CODE:
4437	0		RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0);
4438			OUTPUT:
4439			RETVAL
4440
4441			void
4442			X509_get_fingerprint(cert,type)
4443			X509 * cert
4444			char * type
4445			PREINIT:
4446	9		const EVP_MD *digest_tp = NULL;
4447			unsigned char digest[EVP_MAX_MD_SIZE];
4448	9		unsigned int dsz, k = 0;
4449			char text[EVP_MAX_MD_SIZE * 3 + 1];
4450			CODE:
4451			#ifndef OPENSSL_NO_MD5
4452	9	50	if (!k && !strcmp(type,"md5")) {
		100
4453	4		k = 1; digest_tp = EVP_md5();
4454			}
4455			#endif
4456	9	100	if (!k && !strcmp(type,"sha1")) {
		100
4457	4		k = 1; digest_tp = EVP_sha1();
4458			}
4459			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4460			#ifndef OPENSSL_NO_SHA256
4461	9	100	if (!k && !strcmp(type,"sha256")) {
		50
4462	0		k = 1; digest_tp = EVP_sha256();
4463			}
4464			#endif
4465			#endif
4466	9	100	if (!k && !strcmp(type,"ripemd160")) {
		50
4467	0		k = 1; digest_tp = EVP_ripemd160();
4468			}
4469	9	100	if (!k) /* Default digest */
4470	1		digest_tp = EVP_sha1();
4471	9	50	if ( digest_tp == NULL ) {
4472			/* Out of memory */
4473	0		XSRETURN_UNDEF;
4474			}
4475	9	50	if (!X509_digest(cert, digest_tp, digest, &dsz)) {
4476			/* Out of memory */
4477	0		XSRETURN_UNDEF;
4478			}
4479	9		text[0] = '\0';
4480	173	100	for(k=0; k
4481	164		sprintf(&text[strlen(text)], "%02X:", digest[k]);
4482			}
4483	9		text[strlen(text)-1] = '\0';
4484	9		ST(0) = sv_newmortal(); /* Undefined to start with */
4485	9		sv_setpvn( ST(0), text, strlen(text));
4486
4487			void
4488			X509_get_subjectAltNames(cert)
4489			X509 * cert
4490			PREINIT:
4491	5		int i, j, count = 0;
4492	5		X509_EXTENSION *subjAltNameExt = NULL;
4493	5		STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
4494	5		GENERAL_NAME *subjAltNameDN = NULL;
4495			int num_gnames;
4496			PPCODE:
4497	5	100	if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
4498	3	50	&& (subjAltNameExt = X509_get_ext(cert, i))
4499	3	50	&& (subjAltNameDNs = (STACK_OF(GENERAL_NAME) *)X509V3_EXT_d2i(subjAltNameExt)))
4500			{
4501	3		num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
4502
4503	19	100	for (j = 0; j < num_gnames; j++)
4504			{
4505	16		subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
4506
4507	16		switch (subjAltNameDN->type)
4508			{
4509	2		case GEN_OTHERNAME:
4510	2	50	EXTEND(SP, 2);
4511	2		count++;
4512	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4513			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4514	2		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4515			#else
4516			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4517			#endif
4518	2		break;
4519
4520	8		case GEN_EMAIL:
4521			case GEN_DNS:
4522			case GEN_URI:
4523	8	50	EXTEND(SP, 2);
4524	8		count++;
4525	8		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4526			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4527	8		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4528			#else
4529			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4530			#endif
4531	8		break;
4532
4533	0		case GEN_DIRNAME:
4534			{
4535	0		char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
4536	0	0	EXTEND(SP, 2);
4537	0		count++;
4538	0		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4539	0		PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
4540			}
4541	0		break;
4542
4543	2		case GEN_RID:
4544			{
4545			char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */
4546	2		int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1);
4547	2	50	if (len < 0 \|\| len > (int)((sizeof(buf) - 1)))
		50
4548			break; /* Skip bad or overly long RID */
4549	2	50	EXTEND(SP, 2);
4550	2		count++;
4551	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4552	2		PUSHs(sv_2mortal(newSVpv(buf, 0)));
4553			}
4554	2		break;
4555
4556	4		case GEN_IPADD:
4557	4	50	EXTEND(SP, 2);
4558	4		count++;
4559	4		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4560	4		PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
4561	4		break;
4562
4563			}
4564			}
4565	3		sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free);
4566			}
4567	5		XSRETURN(count * 2);
4568
4569			void
4570			P_X509_get_crl_distribution_points(cert)
4571			X509 * cert
4572			INIT:
4573			GENERAL_NAMES *gnames;
4574			GENERAL_NAME *gn;
4575			STACK_OF(DIST_POINT) *points;
4576			DIST_POINT *p;
4577			int i, j;
4578			PPCODE:
4579	4		points = (STACK_OF(DIST_POINT) *)X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
4580	6	100	for (i = 0; i < sk_DIST_POINT_num(points); i++) {
4581	2		p = sk_DIST_POINT_value(points, i);
4582	2	50	if (!p->distpoint)
4583	0		continue;
4584	2	50	if (p->distpoint->type == 0) {
4585			/* full name */
4586	2		gnames = p->distpoint->name.fullname;
4587	4	100	for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) {
4588	2		gn = sk_GENERAL_NAME_value(gnames, j);
4589
4590	2	50	if (gn->type == GEN_URI) {
4591			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4592	2	50	XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_get0_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4593			#else
4594			XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4595			#endif
4596			}
4597			}
4598			}
4599			else {
4600			/* relative name - not supported */
4601			/* XXX-TODO: the code below is just an idea; do not enable it without proper test case
4602			BIO *bp;
4603			char *buf;
4604			int n;
4605			X509_NAME ntmp;
4606			ntmp.entries = p->distpoint->name.relativename;
4607			bp = BIO_new(BIO_s_mem());
4608			if (bp) {
4609			X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253);
4610			n = BIO_ctrl_pending(bp);
4611			New(0, buf, n, char);
4612			if (buf) {
4613			j = BIO_read(bp,buf,n);
4614			if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j)));
4615			Safefree(buf);
4616			}
4617			BIO_free(bp);
4618			}
4619			*/
4620			}
4621			}
4622	4		sk_DIST_POINT_pop_free(points, DIST_POINT_free);
4623
4624			void
4625			P_X509_get_ocsp_uri(cert)
4626			X509 * cert
4627			PREINIT:
4628			AUTHORITY_INFO_ACCESS *info;
4629			int i;
4630			PPCODE:
4631	0		info = (AUTHORITY_INFO_ACCESS *)X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
4632	0	0	if (!info) XSRETURN_UNDEF;
4633
4634	0	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
4635	0		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
4636	0	0	if (OBJ_obj2nid(ad->method) == NID_ad_OCSP
4637	0	0	&& ad->location->type == GEN_URI) {
4638			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4639	0	0	XPUSHs(sv_2mortal(newSVpv(
4640			(char*)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier),
4641			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4642			)));
4643			#else
4644			XPUSHs(sv_2mortal(newSVpv(
4645			(char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier),
4646			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4647			)));
4648			#endif
4649	0	0	if (GIMME_V == G_SCALAR) break; /* get only first */
4650			}
4651			}
4652	0		AUTHORITY_INFO_ACCESS_free(info);
4653
4654
4655			void
4656			P_X509_get_ext_key_usage(cert,format=0)
4657			X509 * cert
4658			int format
4659			PREINIT:
4660			EXTENDED_KEY_USAGE *extusage;
4661			int i, nid;
4662			char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
4663			ASN1_OBJECT *o;
4664			PPCODE:
4665	16		extusage = (EXTENDED_KEY_USAGE *)X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
4666	92	100	for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
4667	76		o = sk_ASN1_OBJECT_value(extusage,i);
4668	76		nid = OBJ_obj2nid(o);
4669	76		OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1);
4670	76	100	if(format==0)
4671	19	50	XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */
4672	57	100	else if(format==1 && nid>0)
		100
4673	17	50	XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */
4674	40	100	else if(format==2 && nid>0)
		100
4675	17	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */
4676	23	100	else if(format==3 && nid>0)
		100
4677	17	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */
4678			}
4679	16		EXTENDED_KEY_USAGE_free(extusage);
4680
4681			void
4682			P_X509_get_key_usage(cert)
4683			X509 * cert
4684			INIT:
4685			ASN1_BIT_STRING * u;
4686			PPCODE:
4687	4		u = (ASN1_BIT_STRING *)X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
4688	4	50	if (u) {
4689	4	50	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0)));
		50
4690	4	100	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0)));
		50
4691	4	50	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0)));
		50
4692	4	100	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0)));
		50
4693	4	100	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0)));
		50
4694	4	100	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0)));
		50
4695	4	100	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0)));
		50
4696	4	50	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0)));
		0
4697	4	100	if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0)));
		50
4698	4		ASN1_BIT_STRING_free(u);
4699			}
4700
4701			void
4702			P_X509_get_netscape_cert_type(cert)
4703			X509 * cert
4704			INIT:
4705			ASN1_BIT_STRING * u;
4706			PPCODE:
4707	4		u = (ASN1_BIT_STRING *)X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL);
4708	4	50	if (u) {
4709	0	0	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0)));
		0
4710	0	0	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0)));
		0
4711	0	0	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0)));
		0
4712	0	0	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0)));
		0
4713	0	0	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0)));
		0
4714	0	0	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0)));
		0
4715	0	0	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0)));
		0
4716	0	0	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0)));
		0
4717	0		ASN1_BIT_STRING_free(u);
4718			}
4719
4720			int
4721			X509_get_ext_by_NID(x,nid,loc=-1)
4722			X509* x
4723			int nid
4724			int loc
4725
4726			X509_EXTENSION *
4727			X509_get_ext(x,loc)
4728			X509* x
4729			int loc
4730
4731			int
4732			X509_EXTENSION_get_critical(X509_EXTENSION *ex)
4733
4734			ASN1_OCTET_STRING *
4735			X509_EXTENSION_get_data(X509_EXTENSION *ne)
4736
4737			ASN1_OBJECT *
4738			X509_EXTENSION_get_object(X509_EXTENSION *ex)
4739
4740			int
4741			X509_get_ext_count(X509 *x)
4742
4743			int
4744			X509_CRL_get_ext_count(X509_CRL *x)
4745
4746			int
4747			X509_CRL_get_ext_by_NID(x,ni,loc=-1)
4748			X509_CRL* x
4749			int ni
4750			int loc
4751
4752			X509_EXTENSION *
4753			X509_CRL_get_ext(x,loc)
4754			X509_CRL* x
4755			int loc
4756
4757			void
4758			X509V3_EXT_print(ext,flags=0,utf8_decode=0)
4759			X509_EXTENSION * ext
4760			unsigned long flags
4761			int utf8_decode
4762			PREINIT:
4763			BIO * bp;
4764			char * buf;
4765			int i, n;
4766	21	50	int indent=0;
4767			CODE:
4768	21		ST(0) = sv_newmortal(); /* undef to start with */
4769	21		bp = BIO_new(BIO_s_mem());
4770	21	50	if (bp) {
4771	21	50	if(X509V3_EXT_print(bp,ext,flags,indent)) {
4772	21		n = BIO_ctrl_pending(bp);
4773	21		New(0, buf, n, char);
4774	21	50	if (buf) {
4775	21		i = BIO_read(bp,buf,n);
4776	21	50	if (i>=0 && i<=n) {
		50
4777	21		sv_setpvn(ST(0), buf, i);
4778	21	50	if (utf8_decode) sv_utf8_decode(ST(0));
4779			}
4780	21		Safefree(buf);
4781			}
4782			}
4783	21		BIO_free(bp);
4784			}
4785
4786			void *
4787			X509V3_EXT_d2i(ext)
4788			X509_EXTENSION *ext
4789
4790			X509_STORE_CTX *
4791			X509_STORE_CTX_new()
4792
4793			int
4794			X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
4795			X509_STORE_CTX * ctx
4796			X509_STORE * store
4797			X509 * x509
4798			STACK_OF(X509) * chain
4799
4800			void
4801			X509_STORE_CTX_free(ctx)
4802			X509_STORE_CTX * ctx
4803
4804			int
4805			X509_verify_cert(x509_store_ctx)
4806			X509_STORE_CTX * x509_store_ctx
4807
4808			int
4809			X509_STORE_CTX_get_error(x509_store_ctx)
4810			X509_STORE_CTX * x509_store_ctx
4811
4812			int
4813			X509_STORE_CTX_get_error_depth(x509_store_ctx)
4814			X509_STORE_CTX * x509_store_ctx
4815
4816			int
4817			X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
4818			X509_STORE_CTX * x509_store_ctx
4819			int idx
4820			void * data
4821
4822			int
4823			X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
4824			X509_STORE_CTX * x509_store_ctx
4825			char * arg
4826			CODE:
4827	0		RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg);
4828			OUTPUT:
4829			RETVAL
4830
4831			void
4832			X509_STORE_CTX_set_error(x509_store_ctx,s)
4833			X509_STORE_CTX * x509_store_ctx
4834			int s
4835
4836			void
4837			X509_STORE_CTX_set_cert(x509_store_ctx,x)
4838			X509_STORE_CTX * x509_store_ctx
4839			X509 * x
4840
4841			X509_STORE *
4842			X509_STORE_new()
4843
4844			void
4845			X509_STORE_free(store)
4846			X509_STORE * store
4847
4848			X509_LOOKUP *
4849			X509_STORE_add_lookup(store, method)
4850			X509_STORE * store
4851			X509_LOOKUP_METHOD * method
4852
4853			int
4854			X509_STORE_add_cert(ctx, x)
4855			X509_STORE *ctx
4856			X509 *x
4857
4858			int
4859			X509_STORE_add_crl(ctx, x)
4860			X509_STORE *ctx
4861			X509_CRL *x
4862
4863			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4864
4865			void
4866			X509_STORE_set_flags(ctx, flags)
4867			X509_STORE *ctx
4868			long flags
4869
4870			void
4871			X509_STORE_set_purpose(ctx, purpose)
4872			X509_STORE *ctx
4873			int purpose
4874
4875			void
4876			X509_STORE_set_trust(ctx, trust)
4877			X509_STORE *ctx
4878			int trust
4879
4880			int
4881			X509_STORE_set1_param(ctx, pm)
4882			X509_STORE *ctx
4883			X509_VERIFY_PARAM *pm
4884
4885			#endif
4886
4887			X509_LOOKUP_METHOD *
4888			X509_LOOKUP_hash_dir()
4889
4890			void
4891			X509_LOOKUP_add_dir(lookup, dir, type)
4892			X509_LOOKUP * lookup
4893			char * dir
4894			int type
4895
4896			int
4897			X509_load_cert_file(ctx, file, type)
4898			X509_LOOKUP *ctx
4899			char *file
4900			int type
4901
4902			int
4903			X509_load_crl_file(ctx, file, type)
4904			X509_LOOKUP *ctx
4905			char *file
4906			int type
4907
4908			int
4909			X509_load_cert_crl_file(ctx, file, type)
4910			X509_LOOKUP *ctx
4911			char *file
4912			int type
4913
4914			const char *
4915			X509_verify_cert_error_string(n)
4916			long n
4917
4918			ASN1_INTEGER *
4919			ASN1_INTEGER_new()
4920
4921			void
4922			ASN1_INTEGER_free(ASN1_INTEGER *i)
4923
4924			int
4925			ASN1_INTEGER_set(ASN1_INTEGER *i, long val)
4926
4927			long
4928			ASN1_INTEGER_get(ASN1_INTEGER *a)
4929
4930			void
4931			P_ASN1_INTEGER_set_hex(i,str)
4932			ASN1_INTEGER * i
4933			char * str
4934			INIT:
4935			BIGNUM *bn;
4936	3		int rv = 1;
4937			PPCODE:
4938	3		bn = BN_new();
4939	3	50	if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0);
4940	3	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4941	3		BN_free(bn);
4942	3		XSRETURN_IV(rv);
4943
4944			void
4945			P_ASN1_INTEGER_set_dec(i,str)
4946			ASN1_INTEGER * i
4947			char * str
4948			INIT:
4949			BIGNUM *bn;
4950	1		int rv = 1;
4951			PPCODE:
4952	1		bn = BN_new();
4953	1	50	if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0);
4954	1	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4955	1		BN_free(bn);
4956	1		XSRETURN_IV(rv);
4957
4958			void
4959			P_ASN1_INTEGER_get_hex(i)
4960			ASN1_INTEGER * i
4961			INIT:
4962			BIGNUM *bn;
4963			char *result;
4964			PPCODE:
4965	10		bn = BN_new();
4966	10	50	if (!bn) XSRETURN_UNDEF;
4967	10		ASN1_INTEGER_to_BN(i, bn);
4968	10		result = BN_bn2hex(bn);
4969	10		BN_free(bn);
4970	10	50	if (!result) XSRETURN_UNDEF;
4971	10	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4972	10		OPENSSL_free(result);
4973
4974			void
4975			P_ASN1_INTEGER_get_dec(i)
4976			ASN1_INTEGER * i
4977			INIT:
4978			BIGNUM *bn;
4979			char *result;
4980			PPCODE:
4981	9		bn = BN_new();
4982	9	50	if (!bn) XSRETURN_UNDEF;
4983	9		ASN1_INTEGER_to_BN(i, bn);
4984	9		result = BN_bn2dec(bn);
4985	9		BN_free(bn);
4986	9	50	if (!result) XSRETURN_UNDEF;
4987	9	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4988	9		OPENSSL_free(result);
4989
4990			void
4991			P_ASN1_STRING_get(s,utf8_decode=0)
4992			ASN1_STRING * s
4993			int utf8_decode
4994			PREINIT:
4995			SV * u8;
4996			PPCODE:
4997			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4998	87		u8 = newSVpv((const char*)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
4999			#else
5000			u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s));
5001			#endif
5002	87	100	if (utf8_decode) sv_utf8_decode(u8);
5003	87	50	XPUSHs(sv_2mortal(u8));
5004
5005			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
5006
5007			const ASN1_TIME *
5008			X509_get0_notBefore(const X509 *cert)
5009
5010			const ASN1_TIME *
5011			X509_get0_notAfter(const X509 *cert)
5012
5013			ASN1_TIME *
5014			X509_getm_notBefore(const X509 *cert)
5015			ALIAS:
5016			X509_get_notBefore = 1
5017
5018			ASN1_TIME *
5019			X509_getm_notAfter(const X509 *cert)
5020			ALIAS:
5021			X509_get_notAfter = 1
5022
5023			#else /* plain get_ is deprecated */
5024
5025			ASN1_TIME *
5026			X509_get_notBefore(X509 *cert)
5027			ALIAS:
5028			X509_get0_notBefore = 1
5029			X509_getm_notBefore = 2
5030
5031			ASN1_TIME *
5032			X509_get_notAfter(X509 *cert)
5033			ALIAS:
5034			X509_get0_notAfter = 1
5035			X509_getm_notAfter = 2
5036
5037			#endif
5038
5039			ASN1_TIME *
5040			X509_gmtime_adj(s, adj)
5041			ASN1_TIME * s
5042			long adj
5043
5044			ASN1_TIME *
5045			ASN1_TIME_set(s,t)
5046			ASN1_TIME *s
5047			time_t t
5048
5049			void
5050			ASN1_TIME_free(s)
5051			ASN1_TIME *s
5052
5053			time_t
5054			ASN1_TIME_timet(s)
5055			ASN1_TIME *s
5056			CODE:
5057	0		RETVAL = ASN1_TIME_timet(s,NULL);
5058			OUTPUT:
5059			RETVAL
5060
5061			ASN1_TIME *
5062			ASN1_TIME_new()
5063
5064			void
5065			P_ASN1_TIME_put2string(tm)
5066			ASN1_TIME * tm
5067			PREINIT:
5068	4		BIO *bp=NULL;
5069	4		int i=0;
5070			char buffer[256];
5071			ALIAS:
5072			P_ASN1_UTCTIME_put2string = 1
5073			CODE:
5074	4		ST(0) = sv_newmortal(); /* undef retval to start with */
5075	4	50	if (tm) {
5076	4		bp = BIO_new(BIO_s_mem());
5077	4	50	if (bp) {
5078	4		ASN1_TIME_print(bp,tm);
5079	4		i = BIO_read(bp,buffer,255);
5080	4		buffer[i] = '\0';
5081	4	50	if (i>0)
5082	4		sv_setpvn(ST(0), buffer, i);
5083	4		BIO_free(bp);
5084			}
5085			}
5086
5087			void
5088			P_ASN1_TIME_get_isotime(tm)
5089			ASN1_TIME *tm
5090			PREINIT:
5091	34		ASN1_GENERALIZEDTIME *tmp = NULL;
5092			char buf[256];
5093			CODE:
5094	34		buf[0] = '\0';
5095			/* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */
5096	34		ASN1_TIME_to_generalizedtime(tm,&tmp);
5097	34	50	if (tmp) {
5098	34	50	if (ASN1_GENERALIZEDTIME_check(tmp)) {
5099	34	50	if (strlen((char)tmp->data)>=14 && strlen((char)tmp->data)<200) {
		50
5100	34		strcpy (buf,"yyyy-mm-ddThh:mm:ss");
5101	34		strncpy(buf, (char*)tmp->data, 4);
5102	34		strncpy(buf+5, (char*)tmp->data+4, 2);
5103	34		strncpy(buf+8, (char*)tmp->data+6, 2);
5104	34		strncpy(buf+11,(char*)tmp->data+8, 2);
5105	34		strncpy(buf+14,(char*)tmp->data+10,2);
5106	34		strncpy(buf+17,(char*)tmp->data+12,2);
5107	34	50	if (strlen((char)tmp->data)>14) strcat(buf+19,(char)tmp->data+14);
5108			}
5109			}
5110	34		ASN1_GENERALIZEDTIME_free(tmp);
5111			}
5112	34		ST(0) = sv_newmortal();
5113	34		sv_setpv(ST(0), buf);
5114
5115			void
5116			P_ASN1_TIME_set_isotime(tm,str)
5117			ASN1_TIME *tm
5118			const char *str
5119			PREINIT:
5120			ASN1_TIME t;
5121			char buf[256];
5122			int i,rv;
5123			CODE:
5124	13	50	if (!tm) XSRETURN_UNDEF;
5125			/* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */
5126	13	50	if (strlen(str) < 19) XSRETURN_UNDEF;
5127	65	50	for (i=0; i<4; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5128	39	50	for (i=5; i<7; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5129	39	50	for (i=8; i<10; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5130	39	50	for (i=11; i<13; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5131	39	50	for (i=14; i<16; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5132	39	50	for (i=17; i<19; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5133	13		strncpy(buf, str, 4);
5134	13		strncpy(buf+4, str+5, 2);
5135	13		strncpy(buf+6, str+8, 2);
5136	13		strncpy(buf+8, str+11, 2);
5137	13		strncpy(buf+10, str+14, 2);
5138	13		strncpy(buf+12, str+17, 2);
5139	13		buf[14] = '\0';
5140	13	50	if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19);
		50
5141
5142			/* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/
5143			/* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */
5144	13		t.length = strlen(buf);
5145	13		t.data = (unsigned char *)buf;
5146	13		t.flags = 0;
5147	13		t.type = V_ASN1_UTCTIME;
5148	13	50	if (!ASN1_TIME_check(&t)) {
5149	13		t.type = V_ASN1_GENERALIZEDTIME;
5150	13	50	if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF;
5151			}
5152	13		tm->type = t.type;
5153	13		tm->flags = t.flags;
5154	13	50	if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF;
5155	13		rv = 1;
5156
5157			/* end of ASN1_TIME_set_string() reimplementation */
5158
5159	13		ST(0) = sv_newmortal();
5160	13		sv_setiv(ST(0), rv); /* 1 = success, undef = failure */
5161
5162			int
5163			EVP_PKEY_copy_parameters(to,from)
5164			EVP_PKEY * to
5165			EVP_PKEY * from
5166
5167			EVP_PKEY *
5168			EVP_PKEY_new()
5169
5170			void
5171			EVP_PKEY_free(EVP_PKEY *pkey)
5172
5173			int
5174			EVP_PKEY_assign_RSA(EVP_PKEY pkey, RSA key)
5175
5176			int
5177			EVP_PKEY_bits(EVP_PKEY *pkey)
5178
5179			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
5180
5181			int
5182			EVP_PKEY_security_bits(EVP_PKEY *pkey)
5183
5184			#endif
5185
5186			int
5187			EVP_PKEY_size(EVP_PKEY *pkey)
5188
5189			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
5190
5191			int
5192			EVP_PKEY_id(const EVP_PKEY *pkey)
5193
5194			#endif
5195
5196			void
5197			PEM_get_string_X509(x509)
5198			X509 * x509
5199			PREINIT:
5200			BIO *bp;
5201			int i, n;
5202			char *buf;
5203			CODE:
5204	3		ST(0) = sv_newmortal(); /* undef to start with */
5205	3		bp = BIO_new(BIO_s_mem());
5206	3	50	if (bp && x509) {
		50
5207	3		PEM_write_bio_X509(bp,x509);
5208	3		n = BIO_ctrl_pending(bp);
5209	3		New(0, buf, n, char);
5210	3	50	if (buf) {
5211	3		i = BIO_read(bp,buf,n);
5212	3	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5213	3		Safefree(buf);
5214			}
5215	3		BIO_free(bp);
5216			}
5217
5218			void
5219			PEM_get_string_X509_REQ(x509_req)
5220			X509_REQ * x509_req
5221			PREINIT:
5222			BIO *bp;
5223			int i, n;
5224			char *buf;
5225			CODE:
5226	1		ST(0) = sv_newmortal(); /* undef to start with */
5227	1		bp = BIO_new(BIO_s_mem());
5228	1	50	if (bp && x509_req) {
		50
5229	1		PEM_write_bio_X509_REQ(bp,x509_req);
5230	1		n = BIO_ctrl_pending(bp);
5231	1		New(0, buf, n, char);
5232	1	50	if (buf) {
5233	1		i = BIO_read(bp,buf,n);
5234	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5235	1		Safefree(buf);
5236			}
5237	1		BIO_free(bp);
5238			}
5239
5240			void
5241			PEM_get_string_X509_CRL(x509_crl)
5242			X509_CRL * x509_crl
5243			PREINIT:
5244			BIO *bp;
5245			int i, n;
5246			char *buf;
5247			CODE:
5248	1		ST(0) = sv_newmortal(); /* undef to start with */
5249	1		bp = BIO_new(BIO_s_mem());
5250	1	50	if (bp && x509_crl) {
		50
5251	1		PEM_write_bio_X509_CRL(bp,x509_crl);
5252	1		n = BIO_ctrl_pending(bp);
5253	1		New(0, buf, n, char);
5254	1	50	if (buf) {
5255	1		i = BIO_read(bp,buf,n);
5256	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5257	1		Safefree(buf);
5258			}
5259	1		BIO_free(bp);
5260			}
5261
5262			void
5263			PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
5264			EVP_PKEY * pk
5265			char * passwd
5266			const EVP_CIPHER * enc_alg
5267			PREINIT:
5268			BIO *bp;
5269			int i, n;
5270			char *buf;
5271	6		size_t passwd_len = 0;
5272	6		pem_password_cb * cb = NULL;
5273	6	100	void * u = NULL;
5274			CODE:
5275	6		ST(0) = sv_newmortal(); /* undef to start with */
5276	6		bp = BIO_new(BIO_s_mem());
5277	6	50	if (bp && pk) {
		50
5278	6	100	if (passwd) passwd_len = strlen(passwd);
5279	6	100	if (passwd_len>0) {
5280			/* encrypted key */
5281	2	100	if (!enc_alg)
5282	1		PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
5283			else
5284	1		PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
5285			}
5286			else {
5287			/* unencrypted key */
5288	4		PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u);
5289			}
5290	6		n = BIO_ctrl_pending(bp);
5291	6		New(0, buf, n, char);
5292	6	50	if (buf) {
5293	6		i = BIO_read(bp,buf,n);
5294	6	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5295	6		Safefree(buf);
5296			}
5297	6		BIO_free(bp);
5298			}
5299
5300			int
5301			CTX_use_PKCS12_file(ctx, file, password=NULL)
5302			SSL_CTX *ctx
5303			char *file
5304			char *password
5305			PREINIT:
5306			PKCS12 *p12;
5307			EVP_PKEY *private_key;
5308			X509 *certificate;
5309			BIO *bio;
5310			CODE:
5311	0		RETVAL = 0;
5312	0		bio = BIO_new_file(file, "rb");
5313	0	0	if (bio) {
5314	0		OPENSSL_add_all_algorithms_noconf();
5315	0	0	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
5316	0	0	if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) {
5317	0	0	if (private_key) {
5318	0	0	if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1;
5319	0		EVP_PKEY_free(private_key);
5320			}
5321	0	0	if (certificate) {
5322	0	0	if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1;
5323	0		X509_free(certificate);
5324			}
5325			}
5326	0		PKCS12_free(p12);
5327			}
5328	0	0	if (!RETVAL) ERR_print_errors_fp(stderr);
5329	0		BIO_free(bio);
5330			}
5331			OUTPUT:
5332			RETVAL
5333
5334			void
5335			P_PKCS12_load_file(file, load_chain=0, password=NULL)
5336			char *file
5337			int load_chain
5338			char *password
5339			PREINIT:
5340			PKCS12 *p12;
5341	4		EVP_PKEY *private_key = NULL;
5342	4		X509 *certificate = NULL;
5343	4	50	STACK_OF(X509) *cachain = NULL;
5344			X509 *x;
5345			BIO *bio;
5346			int i, result;
5347			PPCODE:
5348	4		bio = BIO_new_file(file, "rb");
5349	4	50	if (bio) {
5350	4		OPENSSL_add_all_algorithms_noconf();
5351	4	50	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
5352	4	100	if(load_chain)
5353	3		result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain);
5354			else
5355	1		result= PKCS12_parse(p12, password, &private_key, &certificate, NULL);
5356	4	50	if (result) {
5357	4	50	if (private_key)
5358	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key))));
5359			else
5360	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
5361	4	50	if (certificate)
5362	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate))));
5363			else
5364	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
5365	4	100	if (cachain) {
5366	3	100	for (i=0; i
5367	2		x = sk_X509_value(cachain, i);
5368	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
5369			}
5370	1		sk_X509_free(cachain);
5371			}
5372			}
5373	4		PKCS12_free(p12);
5374			}
5375	4		BIO_free(bio);
5376			}
5377
5378			#ifndef OPENSSL_NO_MD2
5379
5380			void
5381			MD2(data)
5382			PREINIT:
5383			STRLEN len;
5384			unsigned char md[MD2_DIGEST_LENGTH];
5385			unsigned char * ret;
5386			INPUT:
5387			unsigned char* data = (unsigned char *) SvPV( ST(0), len);
5388			CODE:
5389			ret = MD2(data,len,md);
5390			if (ret!=NULL) {
5391			XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
5392			} else {
5393			XSRETURN_UNDEF;
5394			}
5395
5396			#endif
5397
5398			#ifndef OPENSSL_NO_MD4
5399
5400			void
5401			MD4(data)
5402			PREINIT:
5403			STRLEN len;
5404			unsigned char md[MD4_DIGEST_LENGTH];
5405			INPUT:
5406			unsigned char* data = (unsigned char *) SvPV( ST(0), len );
5407			CODE:
5408	0	0	if (MD4(data,len,md)) {
5409	0		XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
5410			} else {
5411	0		XSRETURN_UNDEF;
5412			}
5413
5414			#endif
5415
5416			#ifndef OPENSSL_NO_MD5
5417
5418			void
5419			MD5(data)
5420			PREINIT:
5421			STRLEN len;
5422			unsigned char md[MD5_DIGEST_LENGTH];
5423			INPUT:
5424			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5425			CODE:
5426	9	50	if (MD5(data,len,md)) {
5427	9		XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
5428			} else {
5429	0		XSRETURN_UNDEF;
5430			}
5431
5432			#endif
5433
5434			void
5435			RIPEMD160(data)
5436			PREINIT:
5437			STRLEN len;
5438			unsigned char md[RIPEMD160_DIGEST_LENGTH];
5439			INPUT:
5440			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5441			CODE:
5442	9	50	if (RIPEMD160(data,len,md)) {
5443	9		XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH);
5444			} else {
5445	0		XSRETURN_UNDEF;
5446			}
5447
5448			#if !defined(OPENSSL_NO_SHA)
5449
5450			void
5451			SHA1(data)
5452			PREINIT:
5453			STRLEN len;
5454			unsigned char md[SHA_DIGEST_LENGTH];
5455			INPUT:
5456			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5457			CODE:
5458	8	50	if (SHA1(data,len,md)) {
5459	8		XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH);
5460			} else {
5461	0		XSRETURN_UNDEF;
5462			}
5463
5464			#endif
5465			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5466
5467			void
5468			SHA256(data)
5469			PREINIT:
5470			STRLEN len;
5471			unsigned char md[SHA256_DIGEST_LENGTH];
5472			INPUT:
5473			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5474			CODE:
5475	8	50	if (SHA256(data,len,md)) {
5476	8		XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH);
5477			} else {
5478	0		XSRETURN_UNDEF;
5479			}
5480
5481			#endif
5482			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5483
5484			void
5485			SHA512(data)
5486			PREINIT:
5487			STRLEN len;
5488			unsigned char md[SHA512_DIGEST_LENGTH];
5489			INPUT:
5490			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5491			CODE:
5492	8	50	if (SHA512(data,len,md)) {
5493	8		XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH);
5494			} else {
5495	0		XSRETURN_UNDEF;
5496			}
5497
5498			#endif
5499
5500			#ifndef OPENSSL_NO_SSL2
5501			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5502
5503			const SSL_METHOD *
5504			SSLv2_method()
5505
5506			#endif
5507			#endif
5508
5509			#ifndef OPENSSL_NO_SSL3
5510
5511			const SSL_METHOD *
5512			SSLv3_method()
5513
5514			#endif
5515
5516			const SSL_METHOD *
5517			SSLv23_method()
5518
5519			const SSL_METHOD *
5520			SSLv23_server_method()
5521
5522			const SSL_METHOD *
5523			SSLv23_client_method()
5524
5525			#if !defined(OPENSSL_NO_TLS1_METHOD)
5526
5527			const SSL_METHOD *
5528			TLSv1_method()
5529
5530			const SSL_METHOD *
5531			TLSv1_server_method()
5532
5533			const SSL_METHOD *
5534			TLSv1_client_method()
5535
5536			#endif
5537
5538			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
5539
5540			const SSL_METHOD *
5541			TLSv1_1_method()
5542
5543			const SSL_METHOD *
5544			TLSv1_1_server_method()
5545
5546			const SSL_METHOD *
5547			TLSv1_1_client_method()
5548
5549			#endif
5550
5551			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
5552
5553			const SSL_METHOD *
5554			TLSv1_2_method()
5555
5556			const SSL_METHOD *
5557			TLSv1_2_server_method()
5558
5559			const SSL_METHOD *
5560			TLSv1_2_client_method()
5561
5562			#endif
5563
5564
5565			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
5566
5567			const SSL_METHOD *
5568			TLS_method()
5569
5570			const SSL_METHOD *
5571			TLS_server_method()
5572
5573			const SSL_METHOD *
5574			TLS_client_method()
5575
5576			#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */
5577
5578
5579			#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2060000fL)
5580
5581			int
5582			SSL_CTX_set_min_proto_version(ctx, version)
5583			SSL_CTX * ctx
5584			int version
5585
5586			int
5587			SSL_CTX_set_max_proto_version(ctx, version)
5588			SSL_CTX * ctx
5589			int version
5590
5591			int
5592			SSL_set_min_proto_version(ssl, version)
5593			SSL * ssl
5594			int version
5595
5596			int
5597			SSL_set_max_proto_version(ssl, version)
5598			SSL * ssl
5599			int version
5600
5601			#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
5602
5603
5604			#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
5605
5606			int
5607			SSL_CTX_get_min_proto_version(ctx)
5608			SSL_CTX * ctx
5609
5610			int
5611			SSL_CTX_get_max_proto_version(ctx)
5612			SSL_CTX * ctx
5613
5614			int
5615			SSL_get_min_proto_version(ssl)
5616			SSL * ssl
5617
5618			int
5619			SSL_get_max_proto_version(ssl)
5620			SSL * ssl
5621
5622			#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
5623
5624
5625			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5626
5627			int
5628			SSL_set_ssl_method(ssl, method)
5629			SSL * ssl
5630			SSL_METHOD * method
5631
5632			#else
5633
5634			int
5635			SSL_set_ssl_method(ssl, method)
5636			SSL * ssl
5637			const SSL_METHOD * method
5638
5639			#endif
5640
5641			const SSL_METHOD *
5642			SSL_get_ssl_method(ssl)
5643			SSL * ssl
5644
5645			#define REM_AUTOMATICALLY_GENERATED_1_09
5646
5647			BIO *
5648			BIO_new_buffer_ssl_connect(ctx)
5649			SSL_CTX * ctx
5650
5651			BIO *
5652			BIO_new_file(filename,mode)
5653			char * filename
5654			char * mode
5655
5656			BIO *
5657			BIO_new_ssl(ctx,client)
5658			SSL_CTX * ctx
5659			int client
5660
5661			BIO *
5662			BIO_new_ssl_connect(ctx)
5663			SSL_CTX * ctx
5664
5665			BIO *
5666			BIO_new(type)
5667			BIO_METHOD * type;
5668
5669			int
5670			BIO_free(bio)
5671			BIO * bio;
5672
5673			void
5674			BIO_read(s,max=32768)
5675			BIO * s
5676			int max
5677			PREINIT:
5678	162	100	char *buf = NULL;
5679			int got;
5680			CODE:
5681	162		New(0, buf, max, char);
5682	162		ST(0) = sv_newmortal(); /* Undefined to start with */
5683	162	100	if ((got = BIO_read(s, buf, max)) >= 0)
5684	69		sv_setpvn( ST(0), buf, got);
5685	162		Safefree(buf);
5686
5687			int
5688			BIO_write(s,buf)
5689			BIO * s
5690			PREINIT:
5691			STRLEN len;
5692			INPUT:
5693			char * buf = SvPV( ST(1), len);
5694			CODE:
5695	69		RETVAL = BIO_write (s, buf, (int)len);
5696			OUTPUT:
5697			RETVAL
5698
5699			int
5700			BIO_eof(s)
5701			BIO * s
5702
5703			int
5704			BIO_pending(s)
5705			BIO * s
5706
5707			int
5708			BIO_wpending(s)
5709			BIO * s
5710
5711			int
5712			BIO_ssl_copy_session_id(to,from)
5713			BIO * to
5714			BIO * from
5715
5716			void
5717			BIO_ssl_shutdown(ssl_bio)
5718			BIO * ssl_bio
5719
5720			int
5721			SSL_add_client_CA(ssl,x)
5722			SSL * ssl
5723			X509 * x
5724
5725			const char *
5726			SSL_alert_desc_string(value)
5727			int value
5728
5729			const char *
5730			SSL_alert_desc_string_long(value)
5731			int value
5732
5733			const char *
5734			SSL_alert_type_string(value)
5735			int value
5736
5737			const char *
5738			SSL_alert_type_string_long(value)
5739			int value
5740
5741			long
5742			SSL_callback_ctrl(ssl,i,fp)
5743			SSL * ssl
5744			int i
5745			callback_no_ret * fp
5746
5747			int
5748			SSL_check_private_key(ctx)
5749			SSL * ctx
5750
5751			# /* buf and size were required with Net::SSLeay 1.88 and earlier. */
5752			# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */
5753			void
5754			SSL_CIPHER_description(const SSL_CIPHER cipher, char unused_buf=NULL, int unused_size=0)
5755			PREINIT:
5756			char *description;
5757			char buf[512];
5758			PPCODE:
5759	120		description = SSL_CIPHER_description(cipher, buf, sizeof(buf));
5760	120	50	if(description == NULL) {
5761	0		XSRETURN_EMPTY;
5762			}
5763	120	50	XPUSHs(sv_2mortal(newSVpv(description, 0)));
5764
5765			const char *
5766			SSL_CIPHER_get_name(const SSL_CIPHER *c)
5767
5768			int
5769			SSL_CIPHER_get_bits(c, ...)
5770			const SSL_CIPHER * c
5771			CODE:
5772			int alg_bits;
5773	242		RETVAL = SSL_CIPHER_get_bits(c, &alg_bits);
5774	242	50	if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters");
5775	242	100	if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits)));
5776			OUTPUT:
5777			RETVAL
5778
5779			const char *
5780			SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
5781
5782			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
5783
5784			const EVP_MD *
5785			SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
5786
5787			#endif /* OpenSSL 1.1.1-pre1 */
5788
5789			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL) /* LibreSSL >= 3.4.0 */
5790
5791			const SSL_CIPHER *
5792			SSL_CIPHER_find(SSL ssl, const unsigned char ptr)
5793
5794			#endif
5795
5796			#ifndef OPENSSL_NO_COMP
5797
5798			int
5799			SSL_COMP_add_compression_method(id,cm)
5800			int id
5801			COMP_METHOD * cm
5802
5803			#endif
5804
5805			int
5806			SSL_CTX_add_client_CA(ctx,x)
5807			SSL_CTX * ctx
5808			X509 * x
5809
5810			long
5811			SSL_CTX_callback_ctrl(ctx,i,fp)
5812			SSL_CTX * ctx
5813			int i
5814			callback_no_ret * fp
5815
5816			int
5817			SSL_CTX_check_private_key(ctx)
5818			SSL_CTX * ctx
5819
5820			void *
5821			SSL_CTX_get_ex_data(ssl,idx)
5822			SSL_CTX * ssl
5823			int idx
5824
5825			int
5826			SSL_CTX_get_quiet_shutdown(ctx)
5827			SSL_CTX * ctx
5828
5829			long
5830			SSL_CTX_get_timeout(ctx)
5831			SSL_CTX * ctx
5832
5833			int
5834			SSL_CTX_get_verify_depth(ctx)
5835			SSL_CTX * ctx
5836
5837			int
5838			SSL_CTX_get_verify_mode(ctx)
5839			SSL_CTX * ctx
5840
5841			void
5842			SSL_CTX_set_cert_store(ctx,store)
5843			SSL_CTX * ctx
5844			X509_STORE * store
5845
5846			X509_STORE *
5847			SSL_CTX_get_cert_store(ctx)
5848			SSL_CTX * ctx
5849
5850			void
5851			SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef)
5852			SSL_CTX * ctx
5853			SV * callback
5854			SV * data
5855			CODE:
5856	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
5857	0		SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
5858	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL);
5859	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL);
5860			}
5861			else {
5862	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback));
5863	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data));
5864	1		SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx);
5865			}
5866
5867			X509_NAME_STACK *
5868			SSL_CTX_get_client_CA_list(ctx)
5869			SSL_CTX *ctx
5870
5871			void
5872			SSL_CTX_set_client_CA_list(ctx,list)
5873			SSL_CTX * ctx
5874			X509_NAME_STACK * list
5875
5876			void
5877			SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef)
5878			SSL_CTX * ctx
5879			SV * callback
5880			CODE:
5881	5	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
5882	0		SSL_CTX_set_default_passwd_cb(ctx, NULL);
5883	0		SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
5884	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL);
5885			}
5886			else {
5887	5		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback));
5888	5		SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx);
5889	5		SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
5890			}
5891
5892			void
5893			SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef)
5894			SSL_CTX * ctx
5895			SV * data
5896			CODE:
5897			/* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */
5898	3	50	if (data==NULL \|\| !SvOK(data)) {
		50
5899	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL);
5900			}
5901			else {
5902	3		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data));
5903			}
5904
5905			int
5906			SSL_CTX_set_ex_data(ssl,idx,data)
5907			SSL_CTX * ssl
5908			int idx
5909			void * data
5910
5911			int
5912			SSL_CTX_set_purpose(s,purpose)
5913			SSL_CTX * s
5914			int purpose
5915
5916			void
5917			SSL_CTX_set_quiet_shutdown(ctx,mode)
5918			SSL_CTX * ctx
5919			int mode
5920
5921			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5922
5923			int
5924			SSL_CTX_set_ssl_version(ctx,meth)
5925			SSL_CTX * ctx
5926			SSL_METHOD * meth
5927
5928			#else
5929
5930			int
5931			SSL_CTX_set_ssl_version(ctx,meth)
5932			SSL_CTX * ctx
5933			const SSL_METHOD * meth
5934
5935			#endif
5936
5937			long
5938			SSL_CTX_set_timeout(ctx,t)
5939			SSL_CTX * ctx
5940			long t
5941
5942			int
5943			SSL_CTX_set_trust(s,trust)
5944			SSL_CTX * s
5945			int trust
5946
5947			void
5948			SSL_CTX_set_verify_depth(ctx,depth)
5949			SSL_CTX * ctx
5950			int depth
5951
5952			int
5953			SSL_CTX_use_certificate(ctx,x)
5954			SSL_CTX * ctx
5955			X509 * x
5956
5957			int
5958			SSL_CTX_use_certificate_chain_file(ctx,file)
5959			SSL_CTX * ctx
5960			const char * file
5961
5962
5963			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3030200fL) /* OpenSSL 1.1.0-pre1 or LibreSSL 3.3.2 */
5964
5965			int
5966			SSL_use_certificate_chain_file(ssl,file)
5967			SSL * ssl
5968			const char * file
5969
5970			#endif /* OpenSSL 1.1.0 */
5971
5972			int
5973			SSL_CTX_use_PrivateKey(ctx,pkey)
5974			SSL_CTX * ctx
5975			EVP_PKEY * pkey
5976
5977			int
5978			SSL_CTX_use_RSAPrivateKey(ctx,rsa)
5979			SSL_CTX * ctx
5980			RSA * rsa
5981
5982			int
5983			SSL_do_handshake(s)
5984			SSL * s
5985
5986			SSL *
5987			SSL_dup(ssl)
5988			SSL * ssl
5989
5990			const SSL_CIPHER *
5991			SSL_get_current_cipher(s)
5992			SSL * s
5993
5994			long
5995			SSL_get_default_timeout(s)
5996			SSL * s
5997
5998			void *
5999			SSL_get_ex_data(ssl,idx)
6000			SSL * ssl
6001			int idx
6002
6003			size_t
6004			SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
6005			SSL *ssl
6006			SV *buf
6007			size_t count
6008			PREINIT:
6009			unsigned char *finished;
6010			size_t finished_len;
6011			CODE:
6012	4		Newx(finished, count, unsigned char);
6013	4		finished_len = SSL_get_finished(ssl, finished, count);
6014	4	100	if (count > finished_len)
6015	3		count = finished_len;
6016	4		sv_setpvn(buf, (const char *)finished, count);
6017	4		Safefree(finished);
6018	4	50	RETVAL = finished_len;
6019			OUTPUT:
6020			RETVAL
6021
6022			size_t
6023			SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
6024			SSL *ssl
6025			SV *buf
6026			size_t count
6027			PREINIT:
6028			unsigned char *finished;
6029			size_t finished_len;
6030			CODE:
6031	4		Newx(finished, count, unsigned char);
6032	4		finished_len = SSL_get_peer_finished(ssl, finished, count);
6033	4	100	if (count > finished_len)
6034	3		count = finished_len;
6035	4		sv_setpvn(buf, (const char *)finished, count);
6036	4		Safefree(finished);
6037	4	50	RETVAL = finished_len;
6038			OUTPUT:
6039			RETVAL
6040
6041			int
6042			SSL_get_quiet_shutdown(ssl)
6043			SSL * ssl
6044
6045			int
6046			SSL_get_shutdown(ssl)
6047			SSL * ssl
6048
6049			int
6050			SSL_get_verify_depth(s)
6051			SSL * s
6052
6053			int
6054			SSL_get_verify_mode(s)
6055			SSL * s
6056
6057			long
6058			SSL_get_verify_result(ssl)
6059			SSL * ssl
6060
6061			int
6062			SSL_renegotiate(s)
6063			SSL * s
6064
6065			#if OPENSSL_VERSION_NUMBER < 0x10000000L
6066
6067			int
6068			SSL_SESSION_cmp(a,b)
6069			SSL_SESSION * a
6070			SSL_SESSION * b
6071
6072			#endif
6073
6074			void *
6075			SSL_SESSION_get_ex_data(ss,idx)
6076			SSL_SESSION * ss
6077			int idx
6078
6079			long
6080			SSL_SESSION_get_time(s)
6081			SSL_SESSION * s
6082
6083			long
6084			SSL_SESSION_get_timeout(s)
6085			SSL_SESSION * s
6086
6087			int
6088			SSL_SESSION_print_fp(fp,ses)
6089			FILE * fp
6090			SSL_SESSION * ses
6091
6092			int
6093			SSL_SESSION_set_ex_data(ss,idx,data)
6094			SSL_SESSION * ss
6095			int idx
6096			void * data
6097
6098			long
6099			SSL_SESSION_set_time(s,t)
6100			SSL_SESSION * s
6101			long t
6102
6103			long
6104			SSL_SESSION_set_timeout(s,t)
6105			SSL_SESSION * s
6106			long t
6107
6108			void
6109			SSL_set_accept_state(s)
6110			SSL * s
6111
6112			void
6113			sk_X509_NAME_free(sk)
6114			X509_NAME_STACK *sk
6115
6116			int
6117			sk_X509_NAME_num(sk)
6118			X509_NAME_STACK *sk
6119
6120			X509_NAME *
6121			sk_X509_NAME_value(sk,i)
6122			X509_NAME_STACK *sk
6123			int i
6124
6125			X509_NAME_STACK *
6126			SSL_get_client_CA_list(s)
6127			SSL * s
6128
6129			void
6130			SSL_set_client_CA_list(s,list)
6131			SSL * s
6132			X509_NAME_STACK * list
6133
6134			void
6135			SSL_set_connect_state(s)
6136			SSL * s
6137
6138			int
6139			SSL_set_ex_data(ssl,idx,data)
6140			SSL * ssl
6141			int idx
6142			void * data
6143
6144
6145			void
6146			SSL_set_info_callback(ssl,callback,data=&PL_sv_undef)
6147			SSL * ssl
6148			SV * callback
6149			SV * data
6150			CODE:
6151	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6152	0		SSL_set_info_callback(ssl, NULL);
6153	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL);
6154	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL);
6155			} else {
6156	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback));
6157	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data));
6158	1		SSL_set_info_callback(ssl, ssleay_info_cb_invoke);
6159			}
6160
6161			void
6162			SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
6163			SSL_CTX * ctx
6164			SV * callback
6165			SV * data
6166			CODE:
6167	240	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6168	0		SSL_CTX_set_info_callback(ctx, NULL);
6169	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL);
6170	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL);
6171			} else {
6172	240		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback));
6173	240		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data));
6174	240		SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
6175			}
6176
6177			void
6178			SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
6179			SSL * ssl
6180			SV * callback
6181			SV * data
6182			CODE:
6183	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6184	1		SSL_set_msg_callback(ssl, NULL);
6185	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
6186	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
6187			} else {
6188	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
6189	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
6190	1		SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
6191			}
6192
6193			void
6194			SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
6195			SSL_CTX * ctx
6196			SV * callback
6197			SV * data
6198			CODE:
6199	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6200	1		SSL_CTX_set_msg_callback(ctx, NULL);
6201	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
6202	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
6203			} else {
6204	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
6205	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
6206	1		SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
6207			}
6208
6209
6210			#if (OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
6211
6212			void
6213			SSL_CTX_set_keylog_callback(SSL_CTX ctx, SV callback)
6214			CODE:
6215	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6216	1		SSL_CTX_set_keylog_callback(ctx, NULL);
6217	1		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL);
6218			} else {
6219	5		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback));
6220	5		SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke);
6221			}
6222
6223			SV *
6224			SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
6225			CODE:
6226	3		SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
6227			/* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */
6228	3		SvREFCNT_inc(func);
6229	3		RETVAL = func;
6230			OUTPUT:
6231			RETVAL
6232
6233			#endif
6234
6235			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
6236
6237			void
6238			SSL_CTX_set_client_hello_cb(SSL_CTX ctx, SV callback, SV *arg=&PL_sv_undef)
6239			CODE:
6240	8	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6241	0		SSL_CTX_set_client_hello_cb(ctx, NULL, NULL);
6242	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", NULL);
6243	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", NULL);
6244			} else {
6245	8		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", newSVsv(callback));
6246	8		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", newSVsv(arg));
6247	8		SSL_CTX_set_client_hello_cb(ctx, ssl_client_hello_cb_fn_invoke, NULL);
6248			}
6249
6250			int
6251			SSL_client_hello_isv2(SSL *s)
6252
6253			unsigned int
6254			SSL_client_hello_get0_legacy_version(SSL *s)
6255
6256			void
6257			SSL_client_hello_get0_random(SSL *s)
6258			PREINIT:
6259	2		const unsigned char *out = NULL;
6260			size_t outlen;
6261			CODE:
6262	2		outlen = SSL_client_hello_get0_random(s, &out);
6263	2	50	if (outlen == 0) XSRETURN_PV("");
6264	2		ST(0) = sv_newmortal();
6265	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6266
6267			void
6268			SSL_client_hello_get0_session_id(SSL *s)
6269			PREINIT:
6270	2		const unsigned char *out = NULL;
6271			size_t outlen;
6272			CODE:
6273	2		outlen = SSL_client_hello_get0_session_id(s, &out);
6274	2	100	if (outlen == 0) XSRETURN_PV("");
6275	1		ST(0) = sv_newmortal();
6276	1		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6277
6278			void
6279			SSL_client_hello_get0_ciphers(SSL *s)
6280			PREINIT:
6281	2		const unsigned char *out = NULL;
6282			size_t outlen;
6283			CODE:
6284	2		outlen = SSL_client_hello_get0_ciphers(s, &out);
6285	2	50	if (outlen == 0) XSRETURN_PV("");
6286	2		ST(0) = sv_newmortal();
6287	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6288
6289			void
6290			SSL_client_hello_get0_compression_methods(SSL *s)
6291			PREINIT:
6292	2		const unsigned char *out = NULL;
6293			size_t outlen;
6294			CODE:
6295	2		outlen = SSL_client_hello_get0_compression_methods(s, &out);
6296	2	50	if (outlen == 0) XSRETURN_PV("");
6297	2		ST(0) = sv_newmortal();
6298	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6299
6300			void
6301			SSL_client_hello_get1_extensions_present(SSL *s)
6302			PREINIT:
6303	2		int ret, *out = NULL, i;
6304			size_t outlen;
6305			AV *av;
6306			PPCODE:
6307	2		ret = SSL_client_hello_get1_extensions_present(s, &out, &outlen);
6308	2	50	if (ret != 1) XSRETURN_UNDEF;
6309
6310	2		av = newAV();
6311	2	50	mXPUSHs(newRV_noinc((SV*)av));
6312	11	100	for (i=0; i < outlen; i++) {
6313	9		av_push(av, newSViv(*(out + i)));
6314			}
6315	2		OPENSSL_free(out);
6316
6317			#if OPENSSL_VERSION_NUMBER >= 0x30200000L && !defined(LIBRESSL_VERSION_NUMBER)
6318
6319			void
6320			SSL_client_hello_get_extension_order(SSL *s)
6321			PREINIT:
6322			int ret, i;
6323			uint16_t *exts;
6324			size_t num_exts;
6325			AV *av;
6326			PPCODE:
6327			ret = SSL_client_hello_get_extension_order(s, NULL, &num_exts);
6328			if (ret != 1) XSRETURN_UNDEF;
6329
6330			Newx(exts, num_exts, uint16_t);
6331			ret = SSL_client_hello_get_extension_order(s, exts, &num_exts);
6332			if (ret != 1) {
6333			Safefree(exts);
6334			XSRETURN_UNDEF;
6335			}
6336
6337			av = newAV();
6338			mXPUSHs(newRV_noinc((SV*)av));
6339			for (i=0; i < num_exts; i++) {
6340			av_push(av, newSViv(*(exts + i)));
6341			}
6342			Safefree(exts);
6343
6344			#endif
6345
6346			void
6347			SSL_client_hello_get0_ext(SSL *s, unsigned int type)
6348			PREINIT:
6349			int ret;
6350	3		const unsigned char *out = NULL;
6351			size_t outlen;
6352			CODE:
6353	3		ret = SSL_client_hello_get0_ext(s, type, &out, &outlen);
6354	3	100	if (ret != 1) XSRETURN_UNDEF;
6355
6356	2		ST(0) = sv_newmortal();
6357	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6358
6359			#endif
6360
6361			int
6362			SSL_set_purpose(s,purpose)
6363			SSL * s
6364			int purpose
6365
6366			void
6367			SSL_set_quiet_shutdown(ssl,mode)
6368			SSL * ssl
6369			int mode
6370
6371			void
6372			SSL_set_shutdown(ssl,mode)
6373			SSL * ssl
6374			int mode
6375
6376			int
6377			SSL_set_trust(s,trust)
6378			SSL * s
6379			int trust
6380
6381			void
6382			SSL_set_verify_depth(s,depth)
6383			SSL * s
6384			int depth
6385
6386			void
6387			SSL_set_verify_result(ssl,v)
6388			SSL * ssl
6389			long v
6390
6391			int
6392			SSL_shutdown(s)
6393			SSL * s
6394
6395			const char *
6396			SSL_get_version(ssl)
6397			const SSL * ssl
6398
6399			int
6400			SSL_version(ssl)
6401			SSL * ssl
6402
6403			#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */
6404
6405			int
6406			SSL_client_version(ssl)
6407			const SSL * ssl
6408
6409			#endif
6410			#if (OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3030200fL) /* 1.1.0-pre6 or LibreSSL 3.3.2 */
6411
6412			int
6413			SSL_is_dtls(ssl)
6414			const SSL * ssl
6415
6416			#endif
6417
6418			#define REM_MANUALLY_ADDED_1_09
6419
6420			X509_NAME_STACK *
6421			SSL_load_client_CA_file(file)
6422			const char * file
6423
6424			int
6425			SSL_add_file_cert_subjects_to_stack(stackCAs,file)
6426			X509_NAME_STACK * stackCAs
6427			const char * file
6428
6429			#ifndef WIN32
6430			#ifndef VMS
6431			#ifndef MAC_OS_pre_X
6432
6433			int
6434			SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
6435			X509_NAME_STACK * stackCAs
6436			const char * dir
6437
6438			#endif
6439			#endif
6440			#endif
6441
6442			int
6443			SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6444			long argl
6445			void * argp
6446			CRYPTO_EX_new * new_func
6447			CRYPTO_EX_dup * dup_func
6448			CRYPTO_EX_free * free_func
6449
6450			int
6451			SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
6452			SSL_CTX * ctx
6453			const unsigned char * sid_ctx
6454			unsigned int sid_ctx_len
6455
6456			int
6457			SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
6458			SSL * ssl
6459			const unsigned char * sid_ctx
6460			unsigned int sid_ctx_len
6461
6462			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6463			void
6464			SSL_CTX_set_tmp_rsa_callback(ctx, cb)
6465			SSL_CTX * ctx
6466			cb_ssl_int_int_ret_RSA * cb
6467
6468			void
6469			SSL_set_tmp_rsa_callback(ssl, cb)
6470			SSL * ssl
6471			cb_ssl_int_int_ret_RSA * cb
6472
6473			#endif
6474
6475			void
6476			SSL_CTX_set_tmp_dh_callback(ctx, dh)
6477			SSL_CTX * ctx
6478			cb_ssl_int_int_ret_DH * dh
6479
6480			void
6481			SSL_set_tmp_dh_callback(ssl,dh)
6482			SSL * ssl
6483			cb_ssl_int_int_ret_DH * dh
6484
6485			int
6486			SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6487			long argl
6488			void * argp
6489			CRYPTO_EX_new * new_func
6490			CRYPTO_EX_dup * dup_func
6491			CRYPTO_EX_free * free_func
6492
6493			int
6494			SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6495			long argl
6496			void * argp
6497			CRYPTO_EX_new * new_func
6498			CRYPTO_EX_dup * dup_func
6499			CRYPTO_EX_free * free_func
6500
6501			#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
6502
6503			long
6504			SSL_clear_num_renegotiations(ssl)
6505			SSL * ssl
6506			CODE:
6507	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
6508			OUTPUT:
6509			RETVAL
6510
6511			long
6512			SSL_CTX_add_extra_chain_cert(ctx,x509)
6513			SSL_CTX * ctx
6514			X509 * x509
6515			CODE:
6516	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
6517			OUTPUT:
6518			RETVAL
6519
6520			void *
6521			SSL_CTX_get_app_data(ctx)
6522			SSL_CTX * ctx
6523			CODE:
6524	0		RETVAL = SSL_CTX_get_ex_data(ctx,0);
6525			OUTPUT:
6526			RETVAL
6527
6528			long
6529			SSL_CTX_get_mode(ctx)
6530			SSL_CTX * ctx
6531			CODE:
6532	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
6533			OUTPUT:
6534			RETVAL
6535
6536			long
6537			SSL_CTX_get_read_ahead(ctx)
6538			SSL_CTX * ctx
6539			CODE:
6540	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
6541			OUTPUT:
6542			RETVAL
6543
6544			long
6545			SSL_CTX_get_session_cache_mode(ctx)
6546			SSL_CTX * ctx
6547			CODE:
6548	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
6549			OUTPUT:
6550			RETVAL
6551
6552			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6553			long
6554			SSL_CTX_need_tmp_RSA(ctx)
6555			SSL_CTX * ctx
6556			CODE:
6557			RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6558			OUTPUT:
6559			RETVAL
6560
6561			#endif
6562
6563			int
6564			SSL_CTX_set_app_data(ctx,arg)
6565			SSL_CTX * ctx
6566			char * arg
6567			CODE:
6568	0		RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
6569			OUTPUT:
6570			RETVAL
6571
6572			long
6573			SSL_CTX_set_mode(ctx,op)
6574			SSL_CTX * ctx
6575			long op
6576			CODE:
6577	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
6578			OUTPUT:
6579			RETVAL
6580
6581			long
6582			SSL_CTX_set_read_ahead(ctx,m)
6583			SSL_CTX * ctx
6584			long m
6585			CODE:
6586	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
6587			OUTPUT:
6588			RETVAL
6589
6590			long
6591			SSL_CTX_set_session_cache_mode(ctx,m)
6592			SSL_CTX * ctx
6593			long m
6594			CODE:
6595	10		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
6596			OUTPUT:
6597			RETVAL
6598
6599			long
6600			SSL_CTX_set_tmp_dh(ctx,dh)
6601			SSL_CTX * ctx
6602			DH * dh
6603
6604			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6605			long
6606			SSL_CTX_set_tmp_rsa(ctx,rsa)
6607			SSL_CTX * ctx
6608			RSA * rsa
6609
6610			#endif
6611
6612			#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
6613
6614			EC_KEY *
6615			EC_KEY_new_by_curve_name(nid)
6616			int nid
6617
6618			void
6619			EC_KEY_free(key)
6620			EC_KEY * key
6621
6622			long
6623			SSL_CTX_set_tmp_ecdh(ctx,ecdh)
6624			SSL_CTX * ctx
6625			EC_KEY * ecdh
6626
6627			int
6628			EVP_PKEY_assign_EC_KEY(pkey,key)
6629			EVP_PKEY * pkey
6630			EC_KEY * key
6631
6632
6633			EC_KEY *
6634			EC_KEY_generate_key(curve)
6635			SV *curve;
6636			PREINIT:
6637	1		EC_GROUP *group = NULL;
6638	1	50	EC_KEY *eckey = NULL;
6639			int nid;
6640			CODE:
6641	1		RETVAL = 0;
6642	1	50	if (SvIOK(curve)) {
6643	0		nid = SvIV(curve);
6644			} else {
6645	1		nid = OBJ_sn2nid(SvPV_nolen(curve));
6646			#if OPENSSL_VERSION_NUMBER > 0x10002000L
6647	1	50	if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
6648			#endif
6649	1	50	if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
6650			}
6651
6652	1		group = EC_GROUP_new_by_curve_name(nid);
6653	1	50	if (!group) croak("unknown curve nid=%d",nid);
6654	1		EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
6655
6656	1		eckey = EC_KEY_new();
6657	1	50	if ( eckey
6658	1	50	&& EC_KEY_set_group(eckey, group)
6659	1	50	&& EC_KEY_generate_key(eckey)) {
6660	1		RETVAL = eckey;
6661			} else {
6662	0	0	if (eckey) EC_KEY_free(eckey);
6663			}
6664	1	50	if (group) EC_GROUP_free(group);
6665
6666			OUTPUT:
6667			RETVAL
6668
6669
6670			#ifdef SSL_CTRL_SET_ECDH_AUTO
6671
6672			long
6673			SSL_CTX_set_ecdh_auto(ctx,onoff)
6674			SSL_CTX * ctx
6675			int onoff
6676
6677			long
6678			SSL_set_ecdh_auto(ssl,onoff)
6679			SSL * ssl
6680			int onoff
6681
6682			#endif
6683
6684			#ifdef SSL_CTRL_SET_CURVES_LIST
6685
6686			long
6687			SSL_CTX_set1_curves_list(ctx,list)
6688			SSL_CTX * ctx
6689			char * list
6690
6691			long
6692			SSL_set1_curves_list(ssl,list)
6693			SSL * ssl
6694			char * list
6695
6696			#endif
6697
6698			#if SSL_CTRL_SET_GROUPS_LIST
6699
6700			long
6701			SSL_CTX_set1_groups_list(ctx,list)
6702			SSL_CTX * ctx
6703			char * list
6704
6705			long
6706			SSL_set1_groups_list(ssl,list)
6707			SSL * ssl
6708			char * list
6709
6710			#endif
6711
6712
6713
6714			#endif
6715
6716			void *
6717			SSL_get_app_data(s)
6718			SSL * s
6719			CODE:
6720	0		RETVAL = SSL_get_ex_data(s,0);
6721			OUTPUT:
6722			RETVAL
6723
6724			int
6725			SSL_get_cipher_bits(s,np=NULL)
6726			SSL * s
6727			int * np
6728			CODE:
6729	0		RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
6730			OUTPUT:
6731			RETVAL
6732
6733			long
6734			SSL_get_mode(ssl)
6735			SSL * ssl
6736			CODE:
6737	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
6738			OUTPUT:
6739			RETVAL
6740
6741			void
6742			SSL_set_state(ssl,state)
6743			SSL * ssl
6744			int state
6745			CODE:
6746			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
6747			/* not available */
6748			#elif defined(OPENSSL_NO_SSL_INTERN)
6749			SSL_set_state(ssl,state);
6750			#else
6751			ssl->state = state;
6752			#endif
6753
6754			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6755			long
6756			SSL_need_tmp_RSA(ssl)
6757			SSL * ssl
6758			CODE:
6759			RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6760			OUTPUT:
6761			RETVAL
6762
6763
6764			#endif
6765
6766			long
6767			SSL_num_renegotiations(ssl)
6768			SSL * ssl
6769			CODE:
6770	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
6771			OUTPUT:
6772			RETVAL
6773
6774			void *
6775			SSL_SESSION_get_app_data(ses)
6776			SSL_SESSION * ses
6777			CODE:
6778	0		RETVAL = SSL_SESSION_get_ex_data(ses,0);
6779			OUTPUT:
6780			RETVAL
6781
6782			long
6783			SSL_session_reused(ssl)
6784			SSL * ssl
6785
6786			int
6787			SSL_SESSION_set_app_data(s,a)
6788			SSL_SESSION * s
6789			void * a
6790			CODE:
6791	0		RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
6792			OUTPUT:
6793			RETVAL
6794
6795			int
6796			SSL_set_app_data(s,arg)
6797			SSL * s
6798			void * arg
6799			CODE:
6800	0		RETVAL = SSL_set_ex_data(s,0,(char *)arg);
6801			OUTPUT:
6802			RETVAL
6803
6804			long
6805			SSL_set_mode(ssl,op)
6806			SSL * ssl
6807			long op
6808			CODE:
6809	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
6810			OUTPUT:
6811			RETVAL
6812
6813			int
6814			SSL_set_pref_cipher(s,n)
6815			SSL * s
6816			const char * n
6817			CODE:
6818	0		RETVAL = SSL_set_cipher_list(s,n);
6819			OUTPUT:
6820			RETVAL
6821
6822			long
6823			SSL_set_tmp_dh(ssl,dh)
6824			SSL * ssl
6825			DH * dh
6826
6827			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6828			long
6829			SSL_set_tmp_rsa(ssl,rsa)
6830			SSL * ssl
6831			char * rsa
6832			CODE:
6833			RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
6834			OUTPUT:
6835			RETVAL
6836
6837			#endif
6838
6839			BIGNUM *
6840			BN_dup(const BIGNUM *from)
6841
6842			void
6843			BN_clear(BIGNUM *bn)
6844
6845			void
6846			BN_clear_free(BIGNUM *bn)
6847
6848			void
6849			BN_free(BIGNUM *bn)
6850
6851			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6852
6853			RSA *
6854			RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6855			int bits
6856			unsigned long ee
6857			SV* perl_cb
6858			SV* perl_data
6859			PREINIT:
6860	7	50	simple_cb_data_t* cb_data = NULL;
6861			int rc;
6862			RSA * ret;
6863			BIGNUM *e;
6864			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6865			BN_GENCB *new_cb;
6866			#else
6867			BN_GENCB new_cb;
6868			#endif
6869			CODE:
6870			/* openssl 0.9.8 deprecated RSA_generate_key. */
6871			/* This equivalent was contributed by Brian Fraser for Android, */
6872			/* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */
6873			/* It should now be more versatile. */
6874			/* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
6875			/* instead BN_EGNCB_new() has to be used. */
6876	7		e = BN_new();
6877	7	50	if(!e)
6878	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
6879	7		BN_set_word(e, ee);
6880	7		cb_data = simple_cb_data_new(perl_cb, perl_data);
6881
6882	7		ret = RSA_new();
6883	7	50	if(!ret) {
6884	0		simple_cb_data_free(cb_data);
6885	0		BN_free(e);
6886	0		croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
6887			}
6888			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6889	7		new_cb = BN_GENCB_new();
6890	7	50	if(!new_cb) {
6891	0		simple_cb_data_free(cb_data);
6892	0		BN_free(e);
6893	0		RSA_free(ret);
6894	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n");
6895			}
6896	7		BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6897	7		rc = RSA_generate_key_ex(ret, bits, e, new_cb);
6898	6		BN_GENCB_free(new_cb);
6899			#else
6900			BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6901			rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
6902			#endif
6903	6		simple_cb_data_free(cb_data);
6904	6		BN_free(e);
6905	6	50	if (rc == -1 \|\| ret == NULL) {
		50
6906	0	0	if (ret) RSA_free(ret);
6907	0		croak("Net::SSLeay: Couldn't generate RSA key");
6908			}
6909	6		e = NULL;
6910	6	50	RETVAL = ret;
6911			OUTPUT:
6912			RETVAL
6913
6914			#else
6915
6916			RSA *
6917			RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6918			int bits
6919			unsigned long e
6920			SV* perl_cb
6921			SV* perl_data
6922			PREINIT:
6923			simple_cb_data_t* cb = NULL;
6924			CODE:
6925			cb = simple_cb_data_new(perl_cb, perl_data);
6926			RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
6927			simple_cb_data_free(cb);
6928			OUTPUT:
6929			RETVAL
6930
6931			#endif
6932
6933			void
6934			RSA_get_key_parameters(rsa)
6935			RSA * rsa
6936			PREINIT:
6937			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6938			const BIGNUM n, e, *d;
6939			const BIGNUM p, q;
6940			const BIGNUM dmp1, dmq1, *iqmp;
6941			#endif
6942			PPCODE:
6943			{
6944			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6945	1		RSA_get0_key(rsa, &n, &e, &d);
6946	1		RSA_get0_factors(rsa, &p, &q);
6947	1		RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
6948			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6949	1	50	XPUSHs(bn2sv(n));
6950	1	50	XPUSHs(bn2sv(e));
6951	1	50	XPUSHs(bn2sv(d));
6952	1	50	XPUSHs(bn2sv(p));
6953	1	50	XPUSHs(bn2sv(q));
6954	1	50	XPUSHs(bn2sv(dmp1));
6955	1	50	XPUSHs(bn2sv(dmq1));
6956	1	50	XPUSHs(bn2sv(iqmp));
6957			#else
6958			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6959			XPUSHs(bn2sv(rsa->n));
6960			XPUSHs(bn2sv(rsa->e));
6961			XPUSHs(bn2sv(rsa->d));
6962			XPUSHs(bn2sv(rsa->p));
6963			XPUSHs(bn2sv(rsa->q));
6964			XPUSHs(bn2sv(rsa->dmp1));
6965			XPUSHs(bn2sv(rsa->dmq1));
6966			XPUSHs(bn2sv(rsa->iqmp));
6967			#endif
6968			}
6969
6970			void
6971			RSA_free(r)
6972			RSA * r
6973
6974			X509 *
6975			X509_new()
6976
6977			void
6978			X509_free(a)
6979			X509 * a
6980
6981			X509_CRL *
6982			d2i_X509_CRL_bio(BIO bp,X509_CRL *unused=NULL)
6983
6984			X509_REQ *
6985			d2i_X509_REQ_bio(BIO bp,X509_REQ *unused=NULL)
6986
6987			X509 *
6988			d2i_X509_bio(BIO bp,X509 *unused=NULL)
6989
6990			DH *
6991			PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
6992			BIO * bio
6993			DH ** x
6994			pem_password_cb * cb
6995			void * u
6996
6997			X509_CRL *
6998			PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
6999			BIO * bio
7000			X509_CRL ** x
7001			pem_password_cb * cb
7002			void * u
7003
7004			X509 *
7005			PEM_read_bio_X509(BIO bio,X509 x=NULL,pem_password_cb cb=NULL,void *u=NULL)
7006
7007			STACK_OF(X509_INFO) *
7008			PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL)
7009			BIO * bio
7010			STACK_OF(X509_INFO) * stack
7011			pem_password_cb * cb
7012			void * u
7013
7014			int
7015			sk_X509_INFO_num(stack)
7016			STACK_OF(X509_INFO) * stack
7017
7018			X509_INFO *
7019			sk_X509_INFO_value(stack, index)
7020			const STACK_OF(X509_INFO) * stack
7021			int index
7022
7023			void
7024			sk_X509_INFO_free(stack)
7025			STACK_OF(X509_INFO) * stack
7026
7027			STACK_OF(X509) *
7028			sk_X509_new_null()
7029
7030			void
7031			sk_X509_free(stack)
7032			STACK_OF(X509) * stack
7033
7034			int
7035			sk_X509_push(stack, data)
7036			STACK_OF(X509) * stack
7037			X509 * data
7038
7039			X509 *
7040			sk_X509_pop(stack)
7041			STACK_OF(X509) * stack
7042
7043			X509 *
7044			sk_X509_shift(stack)
7045			STACK_OF(X509) * stack
7046
7047			int
7048			sk_X509_unshift(stack,x509)
7049			STACK_OF(X509) * stack
7050			X509 * x509
7051
7052			int
7053			sk_X509_insert(stack,x509,index)
7054			STACK_OF(X509) * stack
7055			X509 * x509
7056			int index
7057
7058			X509 *
7059			sk_X509_delete(stack,index)
7060			STACK_OF(X509) * stack
7061			int index
7062
7063			X509 *
7064			sk_X509_value(stack,index)
7065			STACK_OF(X509) * stack
7066			int index
7067
7068			int
7069			sk_X509_num(stack)
7070			STACK_OF(X509) * stack
7071
7072			X509 *
7073			P_X509_INFO_get_x509(info)
7074			X509_INFO * info
7075			CODE:
7076	3	100	RETVAL = info->x509;
7077			OUTPUT:
7078			RETVAL
7079
7080			X509_REQ *
7081			PEM_read_bio_X509_REQ(BIO bio,X509_REQ x=NULL,pem_password_cb cb=NULL,void *u=NULL)
7082
7083			EVP_PKEY *
7084			PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
7085			BIO *bio
7086			SV* perl_cb
7087			SV* perl_data
7088			PREINIT:
7089	8	50	simple_cb_data_t* cb = NULL;
7090			CODE:
7091	8		RETVAL = 0;
7092	8	100	if (SvOK(perl_cb)) {
7093			/* setup our callback */
7094	2		cb = simple_cb_data_new(perl_cb, perl_data);
7095	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb);
7096	2		simple_cb_data_free(cb);
7097			}
7098	6	50	else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) {
		100
		50
7099			/* use perl_data as the password */
7100	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data));
7101			}
7102	4	50	else if (!SvOK(perl_cb) && !SvOK(perl_data)) {
		50
7103			/* will trigger default password callback */
7104	4		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
7105			}
7106			OUTPUT:
7107			RETVAL
7108
7109			void
7110			DH_free(dh)
7111			DH * dh
7112
7113			long
7114			SSL_total_renegotiations(ssl)
7115			SSL * ssl
7116			CODE:
7117	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
7118			OUTPUT:
7119			RETVAL
7120
7121			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7122			void
7123			SSL_SESSION_get_master_key(s)
7124			SSL_SESSION * s
7125			PREINIT:
7126			size_t master_key_length;
7127			unsigned char* master_key;
7128			CODE:
7129	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7130	0		master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
7131	0		New(0, master_key, master_key_length, unsigned char);
7132	0		SSL_SESSION_get_master_key(s, master_key, master_key_length);
7133	0		sv_setpvn(ST(0), (const char*)master_key, master_key_length);
7134	0		Safefree(master_key);
7135
7136			#else
7137			void
7138			SSL_SESSION_get_master_key(s)
7139			SSL_SESSION * s
7140			CODE:
7141			ST(0) = sv_newmortal(); /* Undefined to start with */
7142			sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
7143
7144			#endif
7145
7146			#if OPENSSL_VERSION_NUMBER < 0x10100000L
7147
7148			void
7149			SSL_SESSION_set_master_key(s,key)
7150			SSL_SESSION * s
7151			PREINIT:
7152			STRLEN len;
7153			INPUT:
7154			char * key = SvPV(ST(1), len);
7155			CODE:
7156			memcpy(s->master_key, key, len);
7157			s->master_key_length = len;
7158
7159			#endif
7160
7161			#if (OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER))
7162
7163			int
7164			SSL_SESSION_set1_master_key(SSL_SESSION *sess, in)
7165			PREINIT:
7166			STRLEN len;
7167			INPUT:
7168			const unsigned char in = (unsigned char)SvPV(ST(1), len);
7169			CODE:
7170	0		RETVAL = SSL_SESSION_set1_master_key(sess, in, len);
7171			OUTPUT:
7172			RETVAL
7173
7174			int
7175			SSL_SESSION_set_cipher(SSL_SESSION s, const SSL_CIPHER cipher)
7176
7177			int
7178			SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
7179
7180			#endif
7181
7182			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
7183
7184			const SSL_CIPHER *
7185			SSL_SESSION_get0_cipher(const SSL_SESSION *s)
7186
7187			#endif
7188
7189			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7190
7191			void
7192			SSL_get_client_random(s)
7193			SSL * s
7194			PREINIT:
7195			size_t random_length;
7196			unsigned char* random_data;
7197			CODE:
7198	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7199	0		random_length = SSL_get_client_random(s, 0, 0); /* get the length */
7200	0		New(0, random_data, random_length, unsigned char);
7201	0		SSL_get_client_random(s, random_data, random_length);
7202	0		sv_setpvn(ST(0), (const char*)random_data, random_length);
7203	0		Safefree(random_data);
7204
7205			#else
7206
7207			void
7208			SSL_get_client_random(s)
7209			SSL * s
7210			CODE:
7211			ST(0) = sv_newmortal(); /* Undefined to start with */
7212			sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
7213
7214			#endif
7215
7216			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7217
7218			void
7219			SSL_get_server_random(s)
7220			SSL * s
7221			PREINIT:
7222			size_t random_length;
7223			unsigned char* random_data;
7224			CODE:
7225	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7226	0		random_length = SSL_get_server_random(s, 0, 0); /* get the length */
7227	0		New(0, random_data, random_length, unsigned char);
7228	0		SSL_get_server_random(s, random_data, random_length);
7229	0		sv_setpvn(ST(0), (const char*)random_data, random_length);
7230	0		Safefree(random_data);
7231
7232			#else
7233
7234			void
7235			SSL_get_server_random(s)
7236			SSL * s
7237			CODE:
7238			ST(0) = sv_newmortal(); /* Undefined to start with */
7239			sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
7240
7241			#endif
7242
7243			# AEAD ciphers require an Initialization Vector that has nonce
7244			# qualities. A part of the IV comes from PRF. This part is called
7245			# 'implicit'. See RFC 5246 section 6.2.3.3. Length of the 'implicit'
7246			# part of nonce for GCM and CCM mode ciphers is defined to be 4 by RFCs
7247			# 5288 and 6655, respectively, and the total length of nonce is 12
7248			# octets. Because of the above, SSL_get_keyblock_size adjusts
7249			# iv_length and does not fetch full nonce length from the PRF.
7250			int
7251			SSL_get_keyblock_size(s)
7252			SSL * s
7253			PREINIT:
7254			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7255			const SSL_CIPHER *ssl_cipher;
7256	1		int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
7257	1		const EVP_CIPHER *c = NULL;
7258	1	50	const EVP_MD *h = NULL;
7259			#endif
7260
7261			CODE:
7262			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7263	1		ssl_cipher = SSL_get_current_cipher(s);
7264	1	50	if (ssl_cipher)
7265	1		cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
7266	1	50	if (cipher != NID_undef)
7267	1		c = EVP_get_cipherbynid(cipher);
7268
7269	1	50	if (ssl_cipher)
7270	1		digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
7271	1	50	if (digest != NID_undef) /* No digest if e.g., AEAD cipher */
7272	0		h = EVP_get_digestbynid(digest);
7273	1	50	if (h)
7274	0		mac_secret_size = EVP_MD_size(h);
7275
7276	1		RETVAL = -1;
7277	1	50	if (c) {
7278	1		int iv_length = EVP_CIPHER_iv_length(c);
7279	1		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
7280	0		EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
7281	1		iv_length = 4;
7282	1		RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size +
7283			iv_length);
7284			}
7285			#else
7286			if (s == NULL \|\|
7287			s->enc_read_ctx == NULL \|\|
7288			s->enc_read_ctx->cipher == NULL \|\|
7289			s->read_hash == NULL)
7290			{
7291			RETVAL = -1;
7292			}
7293			else
7294			{
7295			const EVP_CIPHER *c;
7296			const EVP_MD *h;
7297			int iv_length = -1;
7298			int md_size = -1;
7299			c = s->enc_read_ctx->cipher;
7300			iv_length = EVP_CIPHER_iv_length(c);
7301			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
7302			if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
7303			EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
7304			iv_length = 4;
7305			h = NULL;
7306			if (s->s3)
7307			md_size = s->s3->tmp.new_mac_secret_size;
7308			#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
7309			h = EVP_MD_CTX_md(s->read_hash);
7310			md_size = EVP_MD_size(h);
7311			#else
7312			h = s->read_hash;
7313			md_size = EVP_MD_size(h);
7314			#endif
7315			/* No digest if e.g., AEAD cipher */
7316			RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) +
7317			md_size +
7318			iv_length))
7319			: -1;
7320			}
7321			#endif
7322
7323			OUTPUT:
7324			RETVAL
7325
7326
7327
7328			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
7329
7330			void
7331			SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef)
7332			SSL * s
7333			SV * callback
7334			SV * data
7335			CODE:
7336	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7337	0		SSL_set_session_secret_cb(s, NULL, NULL);
7338	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL);
7339	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL);
7340			}
7341			else {
7342	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
7343	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
7344	0		SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
7345			}
7346
7347			#endif
7348
7349			#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
7350
7351			void
7352			SSL_set_psk_client_callback(s,callback=&PL_sv_undef)
7353			SSL * s
7354			SV * callback
7355			CODE:
7356	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7357	0		SSL_set_psk_client_callback(s, NULL);
7358	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL);
7359			}
7360			else {
7361	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback));
7362	0		SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke);
7363			}
7364
7365			void
7366			SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef)
7367			SSL_CTX * ctx
7368			SV * callback
7369			CODE:
7370	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7371	0		SSL_CTX_set_psk_client_callback(ctx, NULL);
7372	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL);
7373			}
7374			else {
7375	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback));
7376	0		SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke);
7377			}
7378
7379			int
7380			SSL_use_psk_identity_hint(SSL ssl, const char hint)
7381
7382			int
7383			SSL_CTX_use_psk_identity_hint(SSL_CTX ctx, const char hint)
7384
7385			void
7386			SSL_set_psk_server_callback(ssl,cb=&PL_sv_undef)
7387			SSL * ssl
7388			SV * cb
7389			CODE:
7390	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7391	0		SSL_set_psk_server_callback(ssl, NULL);
7392	0		cb_data_advanced_put(ssl, "ssleay_set_psk_server_callback!!func", NULL);
7393			}
7394			else {
7395	0		cb_data_advanced_put(ssl, "ssleay_set_psk_server_callback!!func", newSVsv(cb));
7396	0		SSL_set_psk_server_callback(ssl, ssleay_set_psk_server_callback_invoke);
7397			}
7398
7399			void
7400			SSL_CTX_set_psk_server_callback(ctx,cb=&PL_sv_undef)
7401			SSL_CTX * ctx
7402			SV * cb
7403			CODE:
7404	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7405	0		SSL_CTX_set_psk_server_callback(ctx, NULL);
7406	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_server_callback!!func", NULL);
7407			}
7408			else {
7409	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_server_callback!!func", newSVsv(cb));
7410	0		SSL_CTX_set_psk_server_callback(ctx, ssleay_ctx_set_psk_server_callback_invoke);
7411			}
7412
7413			#if OPENSSL_VERSION_NUMBER >= 0x10101001L
7414
7415			void
7416			SSL_set_psk_find_session_callback(s,cb=&PL_sv_undef)
7417			SSL * s
7418			SV * cb
7419			CODE:
7420	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7421	0		SSL_set_psk_find_session_callback(s, NULL);
7422	0		cb_data_advanced_put(s, "ssleay_set_psk_find_session_callback!!func", NULL);
7423			}
7424			else {
7425	0		cb_data_advanced_put(s, "ssleay_set_psk_find_session_callback!!func", newSVsv(cb));
7426	0		SSL_set_psk_find_session_callback(s, ssleay_set_psk_find_session_callback_invoke);
7427			}
7428
7429			void
7430			SSL_CTX_set_psk_find_session_callback(ctx,cb=&PL_sv_undef)
7431			SSL_CTX * ctx
7432			SV * cb
7433			CODE:
7434	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7435	0		SSL_CTX_set_psk_find_session_callback(ctx, NULL);
7436	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_find_session_callback!!func", NULL);
7437			}
7438			else {
7439	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_find_session_callback!!func", newSVsv(cb));
7440	0		SSL_CTX_set_psk_find_session_callback(ctx, ssleay_ctx_set_psk_find_session_callback_invoke);
7441			}
7442
7443			void
7444			SSL_set_psk_use_session_callback(s,cb=&PL_sv_undef)
7445			SSL * s
7446			SV * cb
7447			CODE:
7448	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7449	0		SSL_set_psk_use_session_callback(s, NULL);
7450	0		cb_data_advanced_put(s, "ssleay_set_psk_use_session_callback!!func", NULL);
7451			}
7452			else {
7453	0		cb_data_advanced_put(s, "ssleay_set_psk_use_session_callback!!func", newSVsv(cb));
7454	0		SSL_set_psk_use_session_callback(s, ssleay_set_psk_use_session_callback_invoke);
7455			}
7456
7457			void
7458			SSL_CTX_set_psk_use_session_callback(ctx,cb=&PL_sv_undef)
7459			SSL_CTX * ctx
7460			SV * cb
7461			CODE:
7462	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7463	0		SSL_CTX_set_psk_use_session_callback(ctx, NULL);
7464	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_use_session_callback!!func", NULL);
7465			}
7466			else {
7467	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_use_session_callback!!func", newSVsv(cb));
7468	0		SSL_CTX_set_psk_use_session_callback(ctx, ssleay_ctx_set_psk_use_session_callback_invoke);
7469			}
7470
7471			#endif
7472			#endif
7473
7474			#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB
7475
7476			void
7477			SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
7478			SSL_CTX * ctx
7479			SV * callback
7480			SV * data
7481			CODE:
7482	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
7483	0		SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL);
7484	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL);
7485	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL);
7486			}
7487			else {
7488	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback));
7489	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data));
7490	3		SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke);
7491			}
7492
7493
7494			#endif
7495
7496			int EVP_add_digest(const EVP_MD *digest)
7497
7498			#ifndef OPENSSL_NO_SHA
7499
7500			const EVP_MD *EVP_sha1()
7501
7502			#endif
7503			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
7504
7505			const EVP_MD *EVP_sha256()
7506
7507			#endif
7508			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
7509
7510			const EVP_MD *EVP_sha512()
7511
7512			#endif
7513			void OpenSSL_add_all_digests()
7514
7515			const EVP_MD * EVP_get_digestbyname(const char *name)
7516
7517			int EVP_MD_type(const EVP_MD *md)
7518
7519			int EVP_MD_size(const EVP_MD *md)
7520
7521			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
7522
7523			const char *
7524			EVP_MD_get0_description(const EVP_MD *md)
7525
7526			const char *
7527			EVP_MD_get0_name(const EVP_MD *md)
7528
7529			int
7530			EVP_MD_get_type(const EVP_MD *md)
7531
7532			#endif
7533
7534			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
7535
7536			SV*
7537			P_EVP_MD_list_all()
7538			INIT:
7539			AV * results;
7540			CODE:
7541	2		results = (AV )sv_2mortal((SV )newAV());
7542	2		EVP_MD_do_all_sorted(handler_list_md_fn, results);
7543	2		RETVAL = newRV((SV *)results);
7544			OUTPUT:
7545			RETVAL
7546
7547			#endif
7548
7549			const EVP_MD EVP_MD_CTX_md(const EVP_MD_CTX ctx)
7550
7551			EVP_MD_CTX *EVP_MD_CTX_create()
7552
7553			int EVP_DigestInit(EVP_MD_CTX ctx, const EVP_MD type)
7554
7555			int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
7556
7557			void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
7558
7559			void
7560			EVP_DigestUpdate(ctx,data)
7561			PREINIT:
7562			STRLEN len;
7563			INPUT:
7564			EVP_MD_CTX ctx = INT2PTR(EVP_MD_CTX , SvIV(ST(0)));
7565			unsigned char data = (unsigned char ) SvPV(ST(1), len);
7566			CODE:
7567	6100		XSRETURN_IV(EVP_DigestUpdate(ctx,data,len));
7568
7569			void
7570			EVP_DigestFinal(ctx)
7571			EVP_MD_CTX *ctx
7572			INIT:
7573			unsigned char md[EVP_MAX_MD_SIZE];
7574			unsigned int md_size;
7575			CODE:
7576	46	50	if (EVP_DigestFinal(ctx,md,&md_size))
7577	46		XSRETURN_PVN((char *)md, md_size);
7578			else
7579	0		XSRETURN_UNDEF;
7580
7581			void
7582			EVP_DigestFinal_ex(ctx)
7583			EVP_MD_CTX *ctx
7584			INIT:
7585			unsigned char md[EVP_MAX_MD_SIZE];
7586			unsigned int md_size;
7587			CODE:
7588	6	50	if (EVP_DigestFinal_ex(ctx,md,&md_size))
7589	6		XSRETURN_PVN((char *)md, md_size);
7590			else
7591	0		XSRETURN_UNDEF;
7592
7593			void
7594			EVP_Digest(...)
7595			PREINIT:
7596			STRLEN len;
7597			unsigned char md[EVP_MAX_MD_SIZE];
7598			unsigned int md_size;
7599			INPUT:
7600			unsigned char data = (unsigned char ) SvPV(ST(0), len);
7601			EVP_MD type = INT2PTR(EVP_MD , SvIV(ST(1)));
7602			ENGINE impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE , SvIV(ST(2))) : NULL;
7603			CODE:
7604	40	50	if (EVP_Digest(data,len,md,&md_size,type,impl))
7605	40		XSRETURN_PVN((char *)md, md_size);
7606			else
7607	0		XSRETURN_UNDEF;
7608
7609			const EVP_CIPHER *
7610			EVP_get_cipherbyname(const char *name)
7611
7612			void
7613			OpenSSL_add_all_algorithms()
7614
7615			void
7616			OPENSSL_add_all_algorithms_noconf()
7617
7618			void
7619			OPENSSL_add_all_algorithms_conf()
7620
7621			#if OPENSSL_VERSION_NUMBER >= 0x10000003L
7622
7623			int
7624			SSL_CTX_set1_param(ctx, vpm)
7625			SSL_CTX * ctx
7626			X509_VERIFY_PARAM *vpm
7627
7628			int
7629			SSL_set1_param(ctx, vpm)
7630			SSL * ctx
7631			X509_VERIFY_PARAM *vpm
7632
7633			#endif
7634
7635			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
7636
7637			X509_VERIFY_PARAM *
7638			X509_VERIFY_PARAM_new()
7639
7640			void
7641			X509_VERIFY_PARAM_free(param)
7642			X509_VERIFY_PARAM *param
7643
7644			int
7645			X509_VERIFY_PARAM_inherit(to, from)
7646			X509_VERIFY_PARAM *to
7647			X509_VERIFY_PARAM *from
7648
7649			int
7650			X509_VERIFY_PARAM_set1(to, from)
7651			X509_VERIFY_PARAM *to
7652			X509_VERIFY_PARAM *from
7653
7654			int
7655			X509_VERIFY_PARAM_set1_name(param, name)
7656			X509_VERIFY_PARAM *param
7657			const char *name
7658
7659			int
7660			X509_VERIFY_PARAM_set_flags(param, flags)
7661			X509_VERIFY_PARAM *param
7662			unsigned long flags
7663
7664			#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
7665			#define REM13 "NOTE: requires 0.9.8a+"
7666
7667			int
7668			X509_VERIFY_PARAM_clear_flags(param, flags)
7669			X509_VERIFY_PARAM *param
7670			unsigned long flags
7671
7672			unsigned long
7673			X509_VERIFY_PARAM_get_flags(param)
7674			X509_VERIFY_PARAM *param
7675
7676			#endif
7677
7678			int
7679			X509_VERIFY_PARAM_set_purpose(param, purpose)
7680			X509_VERIFY_PARAM *param
7681			int purpose
7682
7683			int
7684			X509_VERIFY_PARAM_set_trust(param, trust)
7685			X509_VERIFY_PARAM *param
7686			int trust
7687
7688			void
7689			X509_VERIFY_PARAM_set_depth(param, depth)
7690			X509_VERIFY_PARAM *param
7691			int depth
7692
7693			void
7694			X509_VERIFY_PARAM_set_time(param, t)
7695			X509_VERIFY_PARAM *param
7696			time_t t
7697
7698			int
7699			X509_VERIFY_PARAM_add0_policy(param, policy)
7700			X509_VERIFY_PARAM *param
7701			ASN1_OBJECT *policy
7702
7703			int
7704			X509_VERIFY_PARAM_set1_policies(param, policies)
7705			X509_VERIFY_PARAM *param
7706			STACK_OF(ASN1_OBJECT) *policies
7707
7708			int
7709			X509_VERIFY_PARAM_get_depth(param)
7710			X509_VERIFY_PARAM *param
7711
7712			int
7713			X509_VERIFY_PARAM_add0_table(param)
7714			X509_VERIFY_PARAM *param
7715
7716			const X509_VERIFY_PARAM *
7717			X509_VERIFY_PARAM_lookup(name)
7718			const char *name
7719
7720			void
7721			X509_VERIFY_PARAM_table_cleanup()
7722
7723			#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7724
7725			X509_VERIFY_PARAM *
7726			SSL_CTX_get0_param(ctx)
7727			SSL_CTX * ctx
7728
7729			X509_VERIFY_PARAM *
7730			SSL_get0_param(ssl)
7731			SSL * ssl
7732
7733			int
7734			X509_VERIFY_PARAM_set1_host(param, name)
7735			X509_VERIFY_PARAM *param
7736			PREINIT:
7737			STRLEN namelen;
7738			INPUT:
7739			const char * name = SvPV(ST(1), namelen);
7740			CODE:
7741	2		RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen);
7742			OUTPUT:
7743			RETVAL
7744
7745			int
7746			X509_VERIFY_PARAM_set1_email(param, email)
7747			X509_VERIFY_PARAM *param
7748			PREINIT:
7749			STRLEN emaillen;
7750			INPUT:
7751			const char * email = SvPV(ST(1), emaillen);
7752			CODE:
7753	2		RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen);
7754			OUTPUT:
7755			RETVAL
7756
7757			int
7758			X509_VERIFY_PARAM_set1_ip(param, ip)
7759			X509_VERIFY_PARAM *param
7760			PREINIT:
7761			STRLEN iplen;
7762			INPUT:
7763			const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen);
7764			CODE:
7765	6		RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen);
7766			OUTPUT:
7767			RETVAL
7768
7769			int
7770			X509_VERIFY_PARAM_set1_ip_asc(param, ipasc)
7771			X509_VERIFY_PARAM *param
7772			const char *ipasc
7773
7774			#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7775
7776			#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7777
7778			int
7779			X509_VERIFY_PARAM_add1_host(param, name)
7780			X509_VERIFY_PARAM *param
7781			PREINIT:
7782			STRLEN namelen;
7783			INPUT:
7784			const char * name = SvPV(ST(1), namelen);
7785			CODE:
7786	1		RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen);
7787			OUTPUT:
7788			RETVAL
7789
7790			void
7791			X509_VERIFY_PARAM_set_hostflags(param, flags)
7792			X509_VERIFY_PARAM *param
7793			unsigned int flags
7794
7795			char *
7796			X509_VERIFY_PARAM_get0_peername(param)
7797			X509_VERIFY_PARAM *param
7798
7799			#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7800
7801			#if !defined(LIBRESSL_VERSION_NUMBER) \|\| (LIBRESSL_VERSION_NUMBER < 0x3080000fL) /* LibreSSL < 3.8.0 */
7802			void
7803			X509_policy_tree_free(tree)
7804			X509_POLICY_TREE *tree
7805
7806			int
7807			X509_policy_tree_level_count(tree)
7808			X509_POLICY_TREE *tree
7809
7810			X509_POLICY_LEVEL *
7811			X509_policy_tree_get0_level(tree, i)
7812			X509_POLICY_TREE *tree
7813			int i
7814
7815			STACK_OF(X509_POLICY_NODE) *
7816			X509_policy_tree_get0_policies(tree)
7817			X509_POLICY_TREE *tree
7818
7819			STACK_OF(X509_POLICY_NODE) *
7820			X509_policy_tree_get0_user_policies(tree)
7821			X509_POLICY_TREE *tree
7822
7823			int
7824			X509_policy_level_node_count(level)
7825			X509_POLICY_LEVEL *level
7826
7827			X509_POLICY_NODE *
7828			X509_policy_level_get0_node(level, i)
7829			X509_POLICY_LEVEL *level
7830			int i
7831
7832			const ASN1_OBJECT *
7833			X509_policy_node_get0_policy(node)
7834			const X509_POLICY_NODE *node
7835
7836			STACK_OF(POLICYQUALINFO) *
7837			X509_policy_node_get0_qualifiers(node)
7838			X509_POLICY_NODE *node
7839
7840			const X509_POLICY_NODE *
7841			X509_policy_node_get0_parent(node)
7842			const X509_POLICY_NODE *node
7843
7844			#endif /* LibreSSL < 3.8.0 */
7845			#endif
7846
7847			ASN1_OBJECT *
7848			OBJ_dup(o)
7849			ASN1_OBJECT *o
7850
7851			ASN1_OBJECT *
7852			OBJ_nid2obj(n)
7853			int n
7854
7855			const char *
7856			OBJ_nid2ln(n)
7857			int n
7858
7859			const char *
7860			OBJ_nid2sn(n)
7861			int n
7862
7863			int
7864			OBJ_obj2nid(o)
7865			ASN1_OBJECT *o
7866
7867			ASN1_OBJECT *
7868			OBJ_txt2obj(s, no_name=0)
7869			const char *s
7870			int no_name
7871
7872			void
7873			OBJ_obj2txt(a, no_name=0)
7874			ASN1_OBJECT *a
7875			int no_name
7876			PREINIT:
7877			char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
7878			int len;
7879			CODE:
7880	73		len = OBJ_obj2txt(buf, sizeof(buf), a, no_name);
7881	73		ST(0) = sv_newmortal();
7882	73		sv_setpvn(ST(0), buf, len);
7883
7884			int
7885			OBJ_txt2nid(s)
7886			const char *s
7887
7888			int
7889			OBJ_ln2nid(s)
7890			const char *s
7891
7892			int
7893			OBJ_sn2nid(s)
7894			const char *s
7895
7896			int
7897			OBJ_cmp(a, b)
7898			ASN1_OBJECT *a
7899			ASN1_OBJECT *b
7900
7901			void
7902			X509_pubkey_digest(data,type)
7903			const X509 *data
7904			const EVP_MD *type
7905			PREINIT:
7906			unsigned char md[EVP_MAX_MD_SIZE];
7907			unsigned int md_size;
7908			PPCODE:
7909	4	50	if (X509_pubkey_digest(data,type,md,&md_size))
7910	4		XSRETURN_PVN((char *)md, md_size);
7911			else
7912	0		XSRETURN_UNDEF;
7913
7914			void
7915			X509_digest(data,type)
7916			const X509 *data
7917			const EVP_MD *type
7918			PREINIT:
7919			unsigned char md[EVP_MAX_MD_SIZE];
7920			unsigned int md_size;
7921			PPCODE:
7922	4	50	if (X509_digest(data,type,md,&md_size))
7923	4		XSRETURN_PVN((char *)md, md_size);
7924	0		XSRETURN_UNDEF;
7925
7926			void
7927			X509_CRL_digest(data,type)
7928			const X509_CRL *data
7929			const EVP_MD *type
7930			PREINIT:
7931			unsigned char md[EVP_MAX_MD_SIZE];
7932			unsigned int md_size;
7933			PPCODE:
7934	1	50	if (X509_CRL_digest(data,type,md,&md_size))
7935	1		XSRETURN_PVN((char *)md, md_size);
7936	0		XSRETURN_UNDEF;
7937
7938			void
7939			X509_REQ_digest(data,type)
7940			const X509_REQ *data
7941			const EVP_MD *type
7942			PREINIT:
7943			unsigned char md[EVP_MAX_MD_SIZE];
7944			unsigned int md_size;
7945			PPCODE:
7946	1	50	if (X509_REQ_digest(data,type,md,&md_size))
7947	1		XSRETURN_PVN((char *)md, md_size);
7948	0		XSRETURN_UNDEF;
7949
7950			void
7951			X509_NAME_digest(data,type)
7952			const X509_NAME *data
7953			const EVP_MD *type
7954			PREINIT:
7955			unsigned char md[EVP_MAX_MD_SIZE];
7956			unsigned int md_size;
7957			PPCODE:
7958	0	0	if (X509_NAME_digest(data,type,md,&md_size))
7959	0		XSRETURN_PVN((char *)md, md_size);
7960	0		XSRETURN_UNDEF;
7961
7962			unsigned long
7963			X509_subject_name_hash(X509 *x)
7964
7965			unsigned long
7966			X509_issuer_name_hash(X509 *a)
7967
7968			unsigned long
7969			X509_issuer_and_serial_hash(X509 *a)
7970
7971			ASN1_OBJECT *
7972			P_X509_get_signature_alg(x)
7973			X509 * x
7974			CODE:
7975			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7976	4	100	RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
7977			#else
7978			RETVAL = (x->cert_info->signature->algorithm);
7979			#endif
7980			OUTPUT:
7981			RETVAL
7982
7983			ASN1_OBJECT *
7984			P_X509_get_pubkey_alg(x)
7985			X509 * x
7986			PREINIT:
7987			CODE:
7988			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7989			{
7990			X509_ALGOR * algor;
7991	4		X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
7992	4	100	RETVAL = (algor->algorithm);
7993			}
7994			#else
7995			RETVAL = (x->cert_info->key->algor->algorithm);
7996			#endif
7997			OUTPUT:
7998			RETVAL
7999
8000			void
8001			X509_get_X509_PUBKEY(x)
8002			const X509 *x
8003			PREINIT:
8004			X509_PUBKEY *pkey;
8005			STRLEN len;
8006			unsigned char pc, pi;
8007			PPCODE:
8008	1	50	if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate");
8009	1	50	if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key");
8010	1		Newx(pc,len,unsigned char);
8011	1	50	if (!pc) croak("out of memory");
8012	1		pi = pc;
8013	1		i2d_X509_PUBKEY(pkey, &pi);
8014	1	50	if (pi-pc != len) croak("invalid encoded length");
8015	1	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8016	1		Safefree(pc);
8017
8018			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
8019
8020			int
8021			SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef)
8022			SSL_CTX * ctx
8023			SV * callback
8024			SV * data
8025			CODE:
8026	1		RETVAL = 1;
8027	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8028	0		SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL);
8029	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
8030	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL);
8031			PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n");
8032			}
8033	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8034			/* callback param array ref like ['proto1','proto2'] */
8035	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
8036	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback));
8037	1		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
8038			PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx);
8039			}
8040	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8041	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback));
8042	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data));
8043	0		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
8044			PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx);
8045			}
8046			else {
8047	0		RETVAL = 0;
8048			}
8049			OUTPUT:
8050			RETVAL
8051
8052			int
8053			SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef)
8054			SSL_CTX * ctx
8055			SV * callback
8056			SV * data
8057			CODE:
8058	1		RETVAL = 1;
8059	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8060	0		SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL);
8061	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
8062	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL);
8063			PR1("SSL_CTX_set_next_proto_select_cb - undef\n");
8064			}
8065	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8066			/* callback param array ref like ['proto1','proto2'] */
8067	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
8068	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback));
8069	1		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
8070			PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx);
8071			}
8072	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8073	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback));
8074	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data));
8075	0		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
8076			PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx);
8077			}
8078			else {
8079	0		RETVAL = 0;
8080			}
8081			OUTPUT:
8082			RETVAL
8083
8084			void
8085			P_next_proto_negotiated(s)
8086			const SSL *s
8087			PREINIT:
8088			const unsigned char *data;
8089			unsigned int len;
8090			PPCODE:
8091	2		SSL_get0_next_proto_negotiated(s, &data, &len);
8092	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
8093
8094			void
8095			P_next_proto_last_status(s)
8096			const SSL *s
8097			PPCODE:
8098	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status"))));
8099
8100			#endif
8101
8102			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
8103
8104			#if !defined(OPENSSL_NO_TLSEXT)
8105
8106			int
8107			SSL_set_tlsext_status_type(SSL *ssl,int cmd)
8108
8109			long
8110			SSL_set_tlsext_status_ocsp_resp(ssl,staple)
8111			SSL * ssl
8112			PREINIT:
8113			char * p;
8114			STRLEN staplelen;
8115			INPUT:
8116			char * staple = SvPV( ST(1), staplelen);
8117			CODE:
8118			/* OpenSSL will free the memory */
8119	0		New(0, p, staplelen, char);
8120	0		memcpy(p, staple, staplelen);
8121	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p);
8122			OUTPUT:
8123			RETVAL
8124
8125			int
8126			SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef)
8127			SSL_CTX * ctx
8128			SV * callback
8129			SV * data
8130			CODE:
8131	0		RETVAL = 1;
8132	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
8133	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL);
8134	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL);
8135	0		SSL_CTX_set_tlsext_status_cb(ctx, NULL);
8136	0	0	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8137	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback));
8138	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data));
8139	0		SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke);
8140			} else {
8141	0		croak("argument must be code reference");
8142			}
8143			OUTPUT:
8144			RETVAL
8145
8146			int
8147			SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef)
8148			SSL * ssl
8149			SV * callback
8150			SV * data
8151			CODE:
8152	1		RETVAL = 1;
8153	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8154	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL);
8155	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL);
8156	0		SSL_set_session_ticket_ext_cb(ssl, NULL, NULL);
8157	1	50	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		50
8158	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback));
8159	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data));
8160	1		SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl);
8161			} else {
8162	0		croak("argument must be code reference");
8163			}
8164			OUTPUT:
8165			RETVAL
8166
8167			int
8168			SSL_set_session_ticket_ext(ssl,ticket)
8169			SSL *ssl
8170			PREINIT:
8171			unsigned char * p;
8172			STRLEN ticketlen;
8173			INPUT:
8174			unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen);
8175			CODE:
8176	1		RETVAL = 0;
8177	1	50	if (ticketlen > 0) {
8178	1		Newx(p, ticketlen, unsigned char);
8179	1	50	if (!p)
8180	0		croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n");
8181	1		memcpy(p, ticket, ticketlen);
8182	1		RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen);
8183	1		Safefree(p);
8184			}
8185			OUTPUT:
8186			RETVAL
8187
8188			#endif
8189
8190			OCSP_RESPONSE *
8191			d2i_OCSP_RESPONSE(pv)
8192			SV *pv
8193			CODE:
8194	0		RETVAL = NULL;
8195	0	0	if (SvPOK(pv)) {
8196			const unsigned char *p;
8197			STRLEN len;
8198	0		p = (unsigned char*)SvPV(pv,len);
8199	0		RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len);
8200			}
8201			OUTPUT:
8202			RETVAL
8203
8204			void
8205			i2d_OCSP_RESPONSE(r)
8206			OCSP_RESPONSE * r
8207			PREINIT:
8208			STRLEN len;
8209			unsigned char pc,pi;
8210			PPCODE:
8211	0	0	if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response");
8212	0		Newx(pc,len,unsigned char);
8213	0	0	if (!pc) croak("out of memory");
8214	0		pi = pc;
8215	0		i2d_OCSP_RESPONSE(r,&pi);
8216	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8217	0		Safefree(pc);
8218
8219			void
8220			OCSP_RESPONSE_free(r)
8221			OCSP_RESPONSE * r
8222
8223
8224			OCSP_REQUEST *
8225			d2i_OCSP_REQUEST(pv)
8226			SV *pv
8227			CODE:
8228	0		RETVAL = NULL;
8229	0	0	if (SvPOK(pv)) {
8230			const unsigned char *p;
8231			STRLEN len;
8232	0		p = (unsigned char*)SvPV(pv,len);
8233	0		RETVAL = d2i_OCSP_REQUEST(NULL,&p,len);
8234			}
8235			OUTPUT:
8236			RETVAL
8237
8238			void
8239			i2d_OCSP_REQUEST(r)
8240			OCSP_REQUEST * r
8241			PREINIT:
8242			STRLEN len;
8243			unsigned char pc,pi;
8244			PPCODE:
8245	0	0	if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request");
8246	0		Newx(pc,len,unsigned char);
8247	0	0	if (!pc) croak("out of memory");
8248	0		pi = pc;
8249	0		i2d_OCSP_REQUEST(r,&pi);
8250	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8251	0		Safefree(pc);
8252
8253
8254			void
8255			OCSP_REQUEST_free(r)
8256			OCSP_REQUEST * r
8257
8258
8259			const char *
8260			OCSP_response_status_str(long status)
8261
8262			long
8263			OCSP_response_status(OCSP_RESPONSE *r)
8264
8265			void
8266			SSL_OCSP_cert2ids(ssl,...)
8267			SSL *ssl
8268			PREINIT:
8269			SSL_CTX *ctx;
8270			X509_STORE *store;
8271			STACK_OF(X509) *chain;
8272			X509 cert,issuer;
8273			OCSP_CERTID *id;
8274			int i;
8275			STRLEN len;
8276			unsigned char *pi;
8277			PPCODE:
8278
8279	0	0	if (!ssl) croak("not a SSL object");
8280	0		ctx = SSL_get_SSL_CTX(ssl);
8281	0	0	if (!ctx) croak("invalid SSL object - no context");
8282	0		store = SSL_CTX_get_cert_store(ctx);
8283	0		chain = SSL_get_peer_cert_chain(ssl);
8284
8285	0	0	for(i=0;i
8286	0		cert = INT2PTR(X509*,SvIV(ST(i+1)));
8287	0	0	if (X509_check_issued(cert,cert) == X509_V_OK)
8288	0		croak("no OCSP request for self-signed certificate");
8289	0	0	if (!(issuer = find_issuer(cert,store,chain)))
8290	0		croak("cannot find issuer certificate");
8291	0		id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
8292	0		X509_free(issuer);
8293	0	0	if (!id)
8294	0		croak("out of memory for generating OCSP certid");
8295
8296	0		pi = NULL;
8297	0	0	if (!(len = i2d_OCSP_CERTID(id,&pi)))
8298	0		croak("OCSP certid has no length");
8299	0	0	XPUSHs(sv_2mortal(newSVpvn((char *)pi, len)));
8300
8301	0		OPENSSL_free(pi);
8302	0		OCSP_CERTID_free(id);
8303			}
8304
8305
8306			OCSP_REQUEST *
8307			OCSP_ids2req(...)
8308			PREINIT:
8309			OCSP_REQUEST *req;
8310			OCSP_CERTID *id;
8311			int i;
8312			CODE:
8313
8314	0		req = OCSP_REQUEST_new();
8315	0	0	if (!req) croak("out of memory");
8316	0		OCSP_request_add1_nonce(req,NULL,-1);
8317
8318	0	0	for(i=0;i
8319			STRLEN len;
8320	0		const unsigned char p = (unsigned char)SvPV(ST(i),len);
8321	0		id = d2i_OCSP_CERTID(NULL,&p,len);
8322	0	0	if (!id) {
8323	0		OCSP_REQUEST_free(req);
8324	0		croak("failed to get OCSP certid from string");
8325			}
8326	0		OCSP_request_add0_id(req,id);
8327			}
8328	0	0	RETVAL = req;
8329			OUTPUT:
8330			RETVAL
8331
8332
8333
8334			int
8335			SSL_OCSP_response_verify(ssl,rsp,svreq=NULL,flags=0)
8336			SSL *ssl
8337			OCSP_RESPONSE *rsp
8338			SV *svreq
8339			unsigned long flags
8340			PREINIT:
8341			SSL_CTX *ctx;
8342			X509_STORE *store;
8343			OCSP_BASICRESP *bsr;
8344	0	0	OCSP_REQUEST *req = NULL;
8345			int i;
8346			CODE:
8347	0	0	if (!ssl) croak("not a SSL object");
8348	0		ctx = SSL_get_SSL_CTX(ssl);
8349	0	0	if (!ctx) croak("invalid SSL object - no context");
8350
8351	0		bsr = OCSP_response_get1_basic(rsp);
8352	0	0	if (!bsr) croak("invalid OCSP response");
8353
8354			/* if we get a nonce it should match our nonce, if we get no nonce
8355			* it was probably pre-signed */
8356	0	0	if (svreq && SvOK(svreq) &&
		0
8357	0	0	(req = INT2PTR(OCSP_REQUEST*,SvIV(svreq)))) {
8358	0		i = OCSP_check_nonce(req,bsr);
8359	0	0	if ( i <= 0 ) {
8360	0	0	if (i == -1) {
8361	0		TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
8362			} else {
8363	0		OCSP_BASICRESP_free(bsr);
8364	0		croak("nonce in OCSP response does not match request");
8365			}
8366			}
8367			}
8368
8369	0		RETVAL = 0;
8370	0	0	if ((store = SSL_CTX_get_cert_store(ctx))) {
8371			/* add the SSL uchain to the uchain of the OCSP basic response, this
8372			* looks like the easiest way to handle the case where the OCSP
8373			* response does not contain the chain up to the trusted root */
8374	0		STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
8375	0	0	for(i=0;i
8376	0		OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
8377			}
8378	0		TRACE(1,"run basic verify");
8379	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
8380	0	0	if (chain && !RETVAL) {
		0
8381			/* some CAs don't add a certificate to their OCSP responses and
8382			* openssl does not include the trusted CA which signed the
8383			* lowest chain certificate when looking for the signer.
8384			* So find this CA ourself and retry verification. */
8385			X509 *issuer;
8386	0		X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
8387	0		ERR_clear_error(); /* clear error from last OCSP_basic_verify */
8388	0	0	if (last && (issuer = find_issuer(last,store,chain))) {
		0
8389	0		OCSP_basic_add1_cert(bsr, issuer);
8390	0		X509_free(issuer);
8391	0		TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
8392	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
8393			}
8394			}
8395			}
8396	0		OCSP_BASICRESP_free(bsr);
8397			OUTPUT:
8398			RETVAL
8399
8400
8401			void
8402			OCSP_response_results(rsp,...)
8403			OCSP_RESPONSE *rsp
8404			PREINIT:
8405			OCSP_BASICRESP *bsr;
8406			int i,want_array;
8407	0		time_t nextupd = 0;
8408	0		time_t gmtoff = -1;
8409			int getall,sksn;
8410			PPCODE:
8411
8412	0		bsr = OCSP_response_get1_basic(rsp);
8413	0	0	if (!bsr) croak("invalid OCSP response");
8414
8415	0		want_array = (GIMME_V == G_LIST);
8416	0		getall = (items <= 1);
8417	0		sksn = OCSP_resp_count(bsr);
8418
8419	0	0	for(i=0; i < (getall ? sksn : items-1); i++) {
		0
8420	0		const char *error = NULL;
8421	0		OCSP_SINGLERESP *sir = NULL;
8422	0		OCSP_CERTID *certid = NULL;
8423	0		SV *idsv = NULL;
8424			int first, status, revocationReason;
8425			ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
8426
8427	0	0	if(getall) {
8428	0		sir = OCSP_resp_get0(bsr,i);
8429			} else {
8430			STRLEN len;
8431			const unsigned char *p;
8432
8433	0		idsv = ST(i+1);
8434	0	0	if (!SvOK(idsv)) croak("undefined certid in arguments");
8435	0		p = (unsigned char*)SvPV(idsv,len);
8436	0	0	if (!(certid = d2i_OCSP_CERTID(NULL,&p,len))) {
8437	0		error = "failed to get OCSP certid from string";
8438	0		goto end;
8439			}
8440	0		first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
8441	0	0	if (first >= 0)
8442	0		sir = OCSP_resp_get0(bsr,first);
8443			}
8444
8445	0	0	if (sir)
8446			{
8447			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8448	0		status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
8449			#else
8450			status = sir->certStatus->type;
8451			if (status == V_OCSP_CERTSTATUS_REVOKED)
8452			revocationTime = sir->certStatus->value.revoked->revocationTime;
8453			thisupdate = sir->thisUpdate;
8454			nextupdate = sir->nextUpdate;
8455			#endif
8456	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
8457	0		error = "certificate status is revoked";
8458	0	0	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
8459	0		error = "certificate status is unknown";
8460			}
8461	0	0	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
8462	0		error = "response not yet valid or expired";
8463			}
8464			} else {
8465	0		error = "cannot find entry for certificate in OCSP response";
8466			}
8467
8468	0		end:
8469	0	0	if (want_array) {
8470	0		AV *idav = newAV();
8471	0	0	if (!idsv) {
8472			/* getall: create new SV with OCSP_CERTID */
8473			unsigned char pi,pc;
8474			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
8475	0		int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
8476			#else
8477			int len = i2d_OCSP_CERTID(sir->certId,NULL);
8478			#endif
8479	0	0	if(!len) continue;
8480	0		Newx(pc,len,unsigned char);
8481	0	0	if (!pc) croak("out of memory");
8482	0		pi = pc;
8483			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
8484	0		i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
8485			#else
8486			i2d_OCSP_CERTID(sir->certId,&pi);
8487			#endif
8488	0		idsv = newSVpv((char*)pc,len);
8489	0		Safefree(pc);
8490			} else {
8491			/* reuse idsv from ST(..), but increment refcount */
8492	0		idsv = SvREFCNT_inc(idsv);
8493			}
8494	0		av_push(idav, idsv);
8495	0	0	av_push(idav, error ? newSVpv(error,0) : newSV(0));
8496	0	0	if (sir) {
8497	0		HV *details = newHV();
8498	0		av_push(idav,newRV_noinc((SV*)details));
8499	0		hv_store(details,"statusType",10,
8500			newSViv(status),0);
8501	0	0	if (nextupdate) hv_store(details,"nextUpdate",10,
8502			newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
8503	0	0	if (thisupdate) hv_store(details,"thisUpdate",10,
8504			newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
8505	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
8506			#if OPENSSL_VERSION_NUMBER < 0x10100000L
8507			OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
8508			revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
8509			#endif
8510	0		hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
8511	0		hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
8512	0		hv_store(details,"revocationReason_str",20,newSVpv(
8513			OCSP_crl_reason_str(revocationReason),0),0);
8514			}
8515			}
8516	0	0	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
8517	0	0	} else if (!error) {
8518			/* compute lowest nextUpdate */
8519	0		time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
8520	0	0	if (!nextupd \|\| nextupd>nu) nextupd = nu;
		0
8521			}
8522
8523	0	0	if (certid) OCSP_CERTID_free(certid);
8524	0	0	if (error && !want_array) {
		0
8525	0		OCSP_BASICRESP_free(bsr);
8526	0		croak("%s", error);
8527			}
8528			}
8529	0		OCSP_BASICRESP_free(bsr);
8530	0	0	if (!want_array)
8531	0	0	XPUSHs(sv_2mortal(newSViv(nextupd)));
8532
8533
8534
8535			#endif
8536
8537			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
8538
8539			int
8540			SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
8541			SSL_CTX * ctx
8542			SV * callback
8543			SV * data
8544			CODE:
8545	1		RETVAL = 1;
8546	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8547	0		SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
8548	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
8549	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL);
8550			PR1("SSL_CTX_set_alpn_select_cb - undef\n");
8551			}
8552	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8553			/* callback param array ref like ['proto1','proto2'] */
8554	1		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
8555	1		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback));
8556	1		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
8557			PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx);
8558			}
8559	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8560	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback));
8561	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data));
8562	0		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
8563			PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx);
8564			}
8565			else {
8566	0		RETVAL = 0;
8567			}
8568			OUTPUT:
8569			RETVAL
8570
8571			int
8572			SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef)
8573			SSL_CTX * ctx
8574			SV * data
8575			PREINIT:
8576			unsigned char *alpn_data;
8577			unsigned char alpn_len;
8578
8579			CODE:
8580	7		RETVAL = -1;
8581
8582	7	50	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		50
8583	0		croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n");
8584	7		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
8585	7		Newx(alpn_data, alpn_len, unsigned char);
8586	7	50	if (!alpn_data)
8587	0		croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n");
8588	7		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
8589	7		RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len);
8590	7		Safefree(alpn_data);
8591
8592			OUTPUT:
8593			RETVAL
8594
8595			int
8596			SSL_set_alpn_protos(ssl,data=&PL_sv_undef)
8597			SSL * ssl
8598			SV * data
8599			PREINIT:
8600			unsigned char *alpn_data;
8601			unsigned char alpn_len;
8602
8603			CODE:
8604	0		RETVAL = -1;
8605
8606	0	0	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		0
8607	0		croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n");
8608	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
8609	0		Newx(alpn_data, alpn_len, unsigned char);
8610	0	0	if (!alpn_data)
8611	0		croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n");
8612	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
8613	0		RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len);
8614	0		Safefree(alpn_data);
8615
8616			OUTPUT:
8617			RETVAL
8618
8619			void
8620			P_alpn_selected(s)
8621			const SSL *s
8622			PREINIT:
8623			const unsigned char *data;
8624			unsigned int len;
8625			PPCODE:
8626	2		SSL_get0_alpn_selected(s, &data, &len);
8627	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
8628
8629			#endif
8630
8631			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
8632
8633			void
8634			SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
8635			SSL * ssl
8636			int outlen
8637			SV * context
8638			PREINIT:
8639			unsigned char * out;
8640			STRLEN llen;
8641	10		STRLEN contextlen = 0;
8642	10		char *context_arg = NULL;
8643	10		int use_context = 0;
8644			int ret;
8645			INPUT:
8646			char * label = SvPV( ST(2), llen);
8647			PPCODE:
8648	10		Newx(out, outlen, unsigned char);
8649
8650	10	100	if (context != &PL_sv_undef) {
8651	6		use_context = 1;
8652	6		context_arg = SvPV( ST(3), contextlen);
8653			}
8654	10		ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context);
8655	10	50	PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0)));
8656	10	50	EXTEND(SP, 1);
8657	10		Safefree(out);
8658
8659			#endif
8660
8661			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
8662
8663			OSSL_LIB_CTX *
8664			OSSL_LIB_CTX_get0_global_default()
8665
8666
8667			OSSL_PROVIDER *
8668			OSSL_PROVIDER_load(SV libctx, const char name)
8669			PREINIT:
8670	8	50	OSSL_LIB_CTX *ctx = NULL;
8671			CODE:
8672	8	100	if (libctx != &PL_sv_undef)
8673	1		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8674	8		RETVAL = OSSL_PROVIDER_load(ctx, name);
8675	8	50	if (RETVAL == NULL)
8676	0		XSRETURN_UNDEF;
8677			OUTPUT:
8678			RETVAL
8679
8680			OSSL_PROVIDER *
8681			OSSL_PROVIDER_try_load(SV libctx, const char name, int retain_fallbacks)
8682			PREINIT:
8683	2	50	OSSL_LIB_CTX *ctx = NULL;
8684			CODE:
8685	2	50	if (libctx != &PL_sv_undef)
8686	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8687	2		RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
8688	2	50	if (RETVAL == NULL)
8689	0		XSRETURN_UNDEF;
8690			OUTPUT:
8691			RETVAL
8692
8693			int
8694			OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
8695
8696			int
8697			OSSL_PROVIDER_available(SV libctx, const char name)
8698			PREINIT:
8699	8	50	OSSL_LIB_CTX *ctx = NULL;
8700			CODE:
8701	8	50	if (libctx != &PL_sv_undef)
8702	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8703	8		RETVAL = OSSL_PROVIDER_available(ctx, name);
8704			OUTPUT:
8705			RETVAL
8706
8707			int
8708			OSSL_PROVIDER_do_all(SV libctx, SV perl_cb, SV *perl_cbdata = &PL_sv_undef)
8709			PREINIT:
8710	1		simple_cb_data_t* cbdata = NULL;
8711	1	50	OSSL_LIB_CTX *ctx = NULL;
8712			CODE:
8713	1	50	if (libctx != &PL_sv_undef)
8714	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8715
8716			/* setup our callback */
8717	1		cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
8718	1		RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
8719	1		simple_cb_data_free(cbdata);
8720			OUTPUT:
8721			RETVAL
8722
8723			const char *
8724			OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
8725
8726			int
8727			OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
8728
8729			#endif
8730
8731			#define REM_EOF "/* EOF - SSLeay.xs */"