File Coverage

SSLeay.xs

Criterion	Covered	Total	%
statement	1400	2401	58.3
branch	702	1806	38.8
condition			n/a
subroutine			n/a
pod			n/a
total	2102	4207	49.9

line	stmt	bran	code
1			/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
2			*
3			* Copyright (c) 1996-2003 Sampo Kellomäki
4			* Copyright (c) 2005-2010 Florian Ragwitz
5			* Copyright (c) 2005-2018 Mike McCauley
6			* Copyright (c) 2018 Tuure Vartiainen
7			* Copyright (c) 2018- Chris Novakovic
8			* Copyright (c) 2018- Heikki Vatiainen
9			*
10			* All rights reserved.
11			*
12			* Change data removed. See Changes
13			*
14			* This module is released under the terms of the Artistic License 2.0. For
15			* details, see the LICENSE file.
16			*/
17
18			/* ####
19			* #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! ####
20			* ####
21			*
22			* Function naming conventions:
23			*
24			* 1/ never change the already existing function names (all calling convention) in a way
25			* that may cause backward incompatibility (e.g. add ALIAS with old name if necessary)
26			*
27			* 2/ it is recommended to keep the original openssl function names for functions that are:
28			*
29			* 1:1 wrappers to the original openssl functions
30			* see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert)
31			*
32			* nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling
33			* see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf)
34			*
35			* 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix
36			* (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without
37			* "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions
38			*
39			* 4/ The names of functions which do not fit rule 2/ (which means they implement some non
40			* trivial code around original openssl function or do more complex tasks) should be
41			* prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime
42			*
43			* 5/ Exceptions from rules above:
44			* functions that are part or wider set of already existing function not following this rule
45			* for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want
46			* to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_")
47			*
48			* Support for different Perl versions, libssl implementations, platforms, and compilers:
49			*
50			* 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the
51			* "Prerequisites" section in the README file). The test suite must pass when run on any
52			* of those version combinations.
53			*
54			* 2/ Fix all compiler warnings - we expect 100% clean build
55			*
56			* 3/ If you add a function which is available since certain openssl version
57			* use proper #ifdefs to assure that SSLeay.xs will compile also with older versions
58			* which are missing this function
59			*
60			* 4/ Even warnings arising from different use of "const" in different openssl versions
61			* needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt
62			*
63			* 5/ avoid using global C variables (it is very likely to break thread-safetyness)
64			* use rather global MY_CXT structure
65			*
66			* 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must
67			* compile also on non-UNIX platforms like MS Windows and others
68			*
69			* 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler)
70			* even if your compiler can handle them without warnings
71			*
72			* Passing test suite:
73			*
74			* 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite
75			*
76			* 2/ it is strongly recommended to create test(s) for newly added function(s), especially
77			* when the new function is not only a 1:1 wrapper but contains a complex code
78			*
79			* 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod
80			* otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into
81			* your patch)
82			*
83			* Preferred code layout:
84			*
85			* 1/ for simple 1:1 XS wrappers use:
86			*
87			* a/ functions with short "signature" (short list of args):
88			*
89			* long
90			* SSL_set_tmp_dh(SSL ssl,DH dh)
91			*
92			* b/ functions with long "signature" (long list of args):
93			* simply when approach a/ does not fit to 120 columns
94			*
95			* void
96			* SSL_any_functions(library_flag,function_name,reason,file_name,line)
97			* int library_flag
98			* int function_name
99			* int reason
100			* char *file_name
101			* int line
102			*
103			* 2/ for XS functions with full implementation use identation like this:
104			*
105			* int
106			* RAND_bytes(buf, num)
107			* SV *buf
108			* int num
109			* PREINIT:
110			* int rc;
111			* unsigned char *random;
112			* CODE:
113			* / * some code here * /
114			* RETVAL = rc;
115			* OUTPUT:
116			* RETVAL
117			*
118			*
119			* Runtime debugging:
120			*
121			* with TRACE(level,fmt,...) you can output debug messages.
122			* it behaves the same as
123			* warn sprintf($msg,...) if $Net::SSLeay::trace>=$level
124			* would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable)
125			*
126			*
127			* THE LAST RULE:
128			*
129			* The fact that some parts of SSLeay.xs do not follow the rules above is not
130			* a reason why any new code can also break these rules in the same way
131			*
132			*/
133
134			/* Prevent warnings about strncpy from Windows compilers */
135
136			#ifndef _CRT_SECURE_NO_DEPRECATE
137			# define _CRT_SECURE_NO_DEPRECATE
138			#endif
139
140			/* Silence compound-token-split-by-macro warnings from perl.h when building for
141			* Perl < 5.35.2 with Clang >= 12 - see GH-383
142			*/
143			#if NET_SSLEAY_PERL_VERSION < 5035002 && defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 12
144			#pragma clang diagnostic ignored "-Wunknown-warning-option"
145			#pragma clang diagnostic ignored "-Wcompound-token-split-by-macro"
146			#pragma clang diagnostic warning "-Wunknown-warning-option"
147			#endif
148
149			#include "EXTERN.h"
150			#include "perl.h"
151			#include "XSUB.h"
152			#include
153			#define NEED_my_snprintf
154			#include "ppport.h"
155
156			/* Sigh: openssl 1.0 has
157			typedef void *BLOCK;
158			which conflicts with perls
159			typedef struct block BLOCK;
160			*/
161			#define BLOCK OPENSSL_BLOCK
162			#include
163			#include
164			#include
165			#include
166			#include
167			#include
168			#include
169			#ifndef OPENSSL_NO_COMP
170			#include /* openssl-0.9.6a forgets to include this */
171			#endif
172			#ifndef OPENSSL_NO_MD2
173			#include
174			#endif
175			#ifndef OPENSSL_NO_MD4
176			#include
177			#endif
178			#ifndef OPENSSL_NO_MD5
179			#include /* openssl-SNAP-20020227 does not automatically include this */
180			#endif
181			#include
182			#include
183			#include
184			#ifndef OPENSSL_NO_ENGINE
185			#include
186			#endif
187			#ifdef OPENSSL_FIPS
188			#include
189			#endif
190			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
191			#include
192			#endif
193			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
194			#include
195			#endif
196			#undef BLOCK
197
198			/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and
199			* related functions return uint64_t instead of long. For this reason
200			* constant() in constant.c and Net::SSLeay must also be able to
201			* return 64bit constants. However, this creates a problem with Perls
202			* that have only 32 bit integers. The define below helps with
203			* handling this API change.
204			*/
205			#if (OPENSSL_VERSION_NUMBER < 0x30000000L) \|\| defined(NET_SSLEAY_32BIT_INT_PERL)
206			#define NET_SSLEAY_32BIT_CONSTANTS
207			#endif
208
209			/* Debugging output - to enable use:
210			*
211			* perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
212			* make
213			*
214			*/
215
216			#ifdef SHOW_XS_DEBUG
217			#define PR1(s) fprintf(stderr,s);
218			#define PR2(s,t) fprintf(stderr,s,t);
219			#define PR3(s,t,u) fprintf(stderr,s,t,u);
220			#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v);
221			#else
222			#define PR1(s)
223			#define PR2(s,t)
224			#define PR3(s,t,u)
225			#define PR4(s,t,u,v)
226			#endif
227
228	1		static void TRACE(int level,const char *msg,...) {
229			va_list args;
230	1		SV *trace = get_sv("Net::SSLeay::trace",0);
231	1	50	if (trace && SvIOK(trace) && SvIV(trace)>=level) {
		50
		50
232			char buf[4096];
233	0		va_start(args,msg);
234	0		vsnprintf(buf,4095,msg,args);
235	0		warn("%s",buf);
236	0		va_end(args);
237			}
238	1		}
239
240			#include "constants.c"
241
242			/* ============= thread-safety related stuff ============== */
243
244			#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION
245
246			typedef struct {
247			HV* global_cb_data;
248			UV tid;
249			} my_cxt_t;
250			START_MY_CXT
251
252			#ifdef USE_ITHREADS
253			static perl_mutex LIB_init_mutex;
254			#if OPENSSL_VERSION_NUMBER < 0x10100000L
255			static perl_mutex *GLOBAL_openssl_mutex = NULL;
256			#endif
257			#endif
258			static int LIB_initialized;
259
260	60		UV get_my_thread_id(void) /* returns threads->tid() value */
261			{
262	60		dSP;
263	60		UV tid = 0;
264			#ifdef USE_ITHREADS
265			int count = 0;
266
267			ENTER;
268			SAVETMPS;
269			PUSHMARK(SP);
270			XPUSHs(sv_2mortal(newSVpv("threads", 0)));
271			PUTBACK;
272			count = call_method("tid", G_SCALAR\|G_EVAL);
273			SPAGAIN;
274			/* Caution: recent perls do not appear support threads->tid() */
275			if (SvTRUE(ERRSV) \|\| count != 1)
276			{
277			/* if compatible threads not loaded or an error occurs return 0 */
278			tid = 0;
279			}
280			else
281			tid = (UV)POPi;
282			PUTBACK;
283			FREETMPS;
284			LEAVE;
285			#endif
286
287	60		return tid;
288			}
289
290			/* IMPORTANT NOTE:
291			* openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html
292			* we implement both static and dynamic locking as described on URL above
293			* locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer
294			* we intentionally do not implement cleanup of openssl's threading as it causes troubles
295			* with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay
296			*/
297			#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
298
299
300			#if OPENSSL_VERSION_NUMBER < 0x10100000L
301			static void openssl_locking_function(int mode, int type, const char *file, int line)
302			{
303			PR3("openssl_locking_function %d %d\n", mode, type);
304
305			if (!GLOBAL_openssl_mutex) return;
306			if (mode & CRYPTO_LOCK)
307			MUTEX_LOCK(&GLOBAL_openssl_mutex[type]);
308			else
309			MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]);
310			}
311
312			#if OPENSSL_VERSION_NUMBER < 0x10000000L
313			static unsigned long openssl_threadid_func(void)
314			{
315			dMY_CXT;
316			return (unsigned long)(MY_CXT.tid);
317			}
318			#else
319			void openssl_threadid_func(CRYPTO_THREADID *id)
320			{
321			dMY_CXT;
322			CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid));
323			}
324			#endif
325
326			struct CRYPTO_dynlock_value
327			{
328			perl_mutex mutex;
329			};
330
331			struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line)
332			{
333			struct CRYPTO_dynlock_value *retval;
334			New(0, retval, 1, struct CRYPTO_dynlock_value);
335			if (!retval) return NULL;
336			MUTEX_INIT(&retval->mutex);
337			return retval;
338			}
339
340			void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value l, const char file, int line)
341			{
342			if (!l) return;
343			if (mode & CRYPTO_LOCK)
344			MUTEX_LOCK(&l->mutex);
345			else
346			MUTEX_UNLOCK(&l->mutex);
347			}
348
349			void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value l, const char file, int line)
350			{
351			if (!l) return;
352			MUTEX_DESTROY(&l->mutex);
353			Safefree(l);
354			}
355			#endif
356
357			void openssl_threads_init(void)
358			{
359			int i;
360
361			PR1("STARTED: openssl_threads_init\n");
362
363			#if OPENSSL_VERSION_NUMBER < 0x10100000L
364			/* initialize static locking */
365			if ( !CRYPTO_get_locking_callback() ) {
366			#if OPENSSL_VERSION_NUMBER < 0x10000000L
367			if ( !CRYPTO_get_id_callback() ) {
368			#else
369			if ( !CRYPTO_THREADID_get_callback() ) {
370			#endif
371			PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks());
372			New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex);
373			if (!GLOBAL_openssl_mutex) return;
374			for (i=0; i
375			CRYPTO_set_locking_callback((void ()(int,int,const char ,int))openssl_locking_function);
376
377			#ifndef WIN32
378			/* no need for threadid_func() on Win32 */
379			#if OPENSSL_VERSION_NUMBER < 0x10000000L
380			CRYPTO_set_id_callback(openssl_threadid_func);
381			#else
382			CRYPTO_THREADID_set_callback(openssl_threadid_func);
383			#endif
384			#endif
385			}
386			}
387
388			/* initialize dynamic locking */
389			if ( !CRYPTO_get_dynlock_create_callback() &&
390			!CRYPTO_get_dynlock_lock_callback() &&
391			!CRYPTO_get_dynlock_destroy_callback() ) {
392			PR1("openssl_threads_init dynamic locking\n");
393			CRYPTO_set_dynlock_create_callback(openssl_dynlocking_create_function);
394			CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
395			CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
396			}
397			#endif
398			}
399
400			#endif
401
402			/* ============= typedefs to agument TYPEMAP ============== */
403
404			typedef void callback_no_ret(void);
405			typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
406			typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
407
408			typedef STACK_OF(X509_NAME) X509_NAME_STACK;
409
410			typedef int perl_filehandle_t;
411
412			/* ======= special handler used by EVP_MD_do_all_sorted ======= */
413
414			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
415	112		static void handler_list_md_fn(const EVP_MD m, const char from, const char to, void arg)
416			{
417			/* taken from apps/dgst.c */
418			const char *mname;
419	112	100	if (!m) return; /* Skip aliases */
420	42		mname = OBJ_nid2ln(EVP_MD_type(m));
421	42	50	if (strcmp(from, mname)) return; /* Skip shortnames */
422			#if OPENSSL_VERSION_NUMBER < 0x10100000L
423			if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
424			#endif
425	42	50	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
426	42		av_push((AV *)arg, newSVpv(mname,0));
427			}
428			#endif
429
430			/* ============= callbacks - basic info =============
431			*
432			* PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!!
433			*
434			* There are basically 2 types of callbacks used in SSLeay:
435			*
436			* 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS.
437			* These callbacks use a special C structure simple_cb_data_t to pass necessary data.
438			* There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free()
439			* For example see implementation of these functions:
440			* - RSA_generate_key
441			* - PEM_read_bio_PrivateKey
442			*
443			* 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These
444			* callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time.
445			* There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating
446			* global hash MY_CXT.global_cb_data which work like this:
447			* cb_data_advanced_put(, "data_name", dataSV)
448			* >>>
449			* global_cb_data->{"ptr_"}->{"data_name"} = dataSV)
450			* or
451			* data = cb_data_advanced_get(, "data_name")
452			* >>>
453			* my $data = global_cb_data->{"ptr_"}->{"data_name"}
454			* For example see implementation of these functions:
455			* - SSL_CTX_set_verify
456			* - SSL_set_verify
457			* - SSL_CTX_set_cert_verify_callback
458			* - SSL_CTX_set_default_passwd_cb
459			* - SSL_CTX_set_default_passwd_cb_userdata
460			* - SSL_set_session_secret_cb
461			*
462			* If you want to add a new callback:
463			* - you very likely need a new function "your_callback_name_invoke()"
464			* - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions)
465			* - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before)
466			*
467			*/
468
469			/* ============= callback stuff - generic functions============== */
470
471			struct _ssleay_cb_t {
472			SV* func;
473			SV* data;
474			};
475			typedef struct _ssleay_cb_t simple_cb_data_t;
476
477	10		simple_cb_data_t* simple_cb_data_new(SV* func, SV* data)
478			{
479			simple_cb_data_t* cb;
480	10		New(0, cb, 1, simple_cb_data_t);
481	10	50	if (cb) {
482	10		SvREFCNT_inc(func);
483	10		SvREFCNT_inc(data);
484	10		cb->func = func;
485	10	100	cb->data = (data == &PL_sv_undef) ? NULL : data;
486			}
487	10		return cb;
488			}
489
490	9		void simple_cb_data_free(simple_cb_data_t* cb)
491			{
492	9	50	if (cb) {
493	9	50	if (cb->func) {
494	9		SvREFCNT_dec(cb->func);
495	9		cb->func = NULL;
496			}
497	9	100	if (cb->data) {
498	2		SvREFCNT_dec(cb->data);
499	2		cb->data = NULL;
500			}
501			}
502	9		Safefree(cb);
503	9		}
504
505	606		int cb_data_advanced_put(const void ptr, const char data_name, SV* data)
506			{
507			HV * L2HV;
508			SV ** svtmp;
509			int len;
510			char key_name[500];
511			dMY_CXT;
512
513	606		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
514	606	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
515
516			/* get or create level-2 hash */
517	606		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
518	606	100	if (svtmp == NULL) {
519	306		L2HV = newHV();
520	306		hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0);
521			}
522			else {
523	300	50	if (!SvOK(svtmp) \|\| !SvROK(svtmp)) return 0;
		50
524			#if defined(MUTABLE_PTR)
525	300		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
526			#else
527			L2HV = (HV)(SvRV(svtmp));
528			#endif
529			}
530
531			/* first delete already stored value */
532	606		hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD);
533	606	100	if (data!=NULL) {
534	593	100	if (SvOK(data))
535	332		hv_store(L2HV, data_name, strlen(data_name), data, 0);
536			else
537			/* we're not storing data so discard it */
538	261		SvREFCNT_dec(data);
539			}
540
541	606		return 1;
542			}
543
544	1682		SV* cb_data_advanced_get(const void ptr, const char data_name)
545			{
546			HV * L2HV;
547			SV ** svtmp;
548			int len;
549			char key_name[500];
550			dMY_CXT;
551
552	1682		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
553	1682	50	if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/
554
555			/* get level-2 hash */
556	1682		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
557	1682	100	if (svtmp == NULL) return &PL_sv_undef;
558	1678	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
559	1678	50	if (!SvROK(*svtmp)) return &PL_sv_undef;
560			#if defined(MUTABLE_PTR)
561	1678		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
562			#else
563			L2HV = (HV)(SvRV(svtmp));
564			#endif
565
566			/* get stored data */
567	1678		svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0);
568	1678	100	if (svtmp == NULL) return &PL_sv_undef;
569	958	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
570
571	958		return *svtmp;
572			}
573
574	592		int cb_data_advanced_drop(const void *ptr)
575			{
576			int len;
577			char key_name[500];
578			dMY_CXT;
579
580	592		len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
581	592	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
582
583	592		hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD);
584	592		return 1;
585			}
586
587			/* ============= callback stuff - invoke functions ============== */
588
589	21		static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store)
590			{
591	21		dSP;
592			SSL* ssl;
593	21		int count = -1, res;
594			SV *cb_func;
595
596			PR1("STARTED: ssleay_verify_callback_invoke\n");
597	21		ssl = (SSL *)X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx());
598	21		cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func");
599
600	21	100	if (!SvOK(cb_func)) {
601	3		SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
602	3		cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func");
603			}
604
605	21	50	if (!SvOK(cb_func))
606	0		croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n");
607
608	21		ENTER;
609	21		SAVETMPS;
610
611			PR2("verify callback glue ok=%d\n", ok);
612
613	21	50	PUSHMARK(sp);
614	21	50	EXTEND( sp, 2 );
615	21		PUSHs( sv_2mortal(newSViv(ok)) );
616	21		PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) );
617	21		PUTBACK;
618
619			PR1("About to call verify callback.\n");
620	21		count = call_sv(cb_func, G_SCALAR);
621			PR1("Returned from verify callback.\n");
622
623	21		SPAGAIN;
624
625	21	50	if (count != 1)
626	0		croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n");
627
628	21		res = POPi;
629
630	21		PUTBACK;
631	21	50	FREETMPS;
632	21		LEAVE;
633
634	21		return res;
635			}
636
637	5		static int ssleay_ctx_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
638			{
639	5		dSP;
640	5		int count = -1;
641			char *res;
642			SV cb_func, cb_data;
643
644			PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n");
645	5		cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func");
646	5		cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data");
647
648	5	50	if(!SvOK(cb_func))
649	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
650
651	5		ENTER;
652	5		SAVETMPS;
653
654	5	50	PUSHMARK(sp);
655	5	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
656	5	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
657	5		PUTBACK;
658
659	5		count = call_sv( cb_func, G_SCALAR );
660
661	5		SPAGAIN;
662
663	5	50	if (count != 1)
664	0		croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n");
665
666	5		res = POPp;
667
668	5	50	if (res == NULL) {
669	0		*buf = '\0';
670			} else {
671	5		strncpy(buf, res, size);
672	5		buf[size - 1] = '\0';
673			}
674
675	5		PUTBACK;
676	5	50	FREETMPS;
677	5		LEAVE;
678
679	5		return strlen(buf);
680			}
681
682			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */
683			#ifndef LIBRESSL_VERSION_NUMBER
684	6		static int ssleay_ssl_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
685			{
686	6		dSP;
687	6		int count = -1;
688			char *res;
689			SV cb_func, cb_data;
690
691			PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n");
692	6		cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func");
693	6		cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data");
694
695	6	50	if(!SvOK(cb_func))
696	0		croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n");
697
698	6		ENTER;
699	6		SAVETMPS;
700
701	6	50	PUSHMARK(sp);
702	6	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
703	6	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
704	6		PUTBACK;
705
706	6		count = call_sv( cb_func, G_SCALAR );
707
708	6		SPAGAIN;
709
710	6	50	if (count != 1)
711	0		croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n");
712
713	6		res = POPp;
714
715	6	50	if (res == NULL) {
716	0		*buf = '\0';
717			} else {
718	6		strncpy(buf, res, size);
719	6		buf[size - 1] = '\0';
720			}
721
722	6		PUTBACK;
723	6	50	FREETMPS;
724	6		LEAVE;
725
726	6		return strlen(buf);
727			}
728			#endif /* !LibreSSL */
729			#endif /* >= 1.1.0f */
730
731	1		int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data)
732			{
733	1		dSP;
734	1		int count = -1;
735			int res;
736			SV * cb_func, *cb_data;
737
738			PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n");
739
740	1		cb_func = cb_data_advanced_get(data, "ssleay_ctx_cert_verify_cb!!func");
741	1		cb_data = cb_data_advanced_get(data, "ssleay_ctx_cert_verify_cb!!data");
742
743	1	50	if(!SvOK(cb_func))
744	0		croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n");
745
746	1		ENTER;
747	1		SAVETMPS;
748
749	1	50	PUSHMARK(SP);
750	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx))));
751	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
752	1		PUTBACK;
753
754	1		count = call_sv(cb_func, G_SCALAR);
755
756	1		SPAGAIN;
757
758	1	50	if (count != 1)
759	0		croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n");
760
761	1		res = POPi;
762
763	1		PUTBACK;
764	1	50	FREETMPS;
765	1		LEAVE;
766
767	1		return res;
768			}
769
770			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
771
772	0		int tlsext_servername_callback_invoke(SSL ssl, int ad, void *arg)
773			{
774	0		dSP;
775	0		int count = -1;
776			int res;
777			SV * cb_func, *cb_data;
778
779			PR1("STARTED: tlsext_servername_callback_invoke\n");
780
781	0		cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func");
782	0		cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data");
783
784	0	0	if(!SvOK(cb_func))
785	0		croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n");
786
787	0		ENTER;
788	0		SAVETMPS;
789
790	0	0	PUSHMARK(SP);
791	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
792	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
793	0		PUTBACK;
794
795	0		count = call_sv(cb_func, G_SCALAR);
796
797	0		SPAGAIN;
798
799	0	0	if (count != 1)
800	0		croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n");
801
802	0		res = POPi;
803
804	0		PUTBACK;
805	0	0	FREETMPS;
806	0		LEAVE;
807
808	0		return res;
809			}
810
811			#endif
812
813			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT)
814
815	0		int tlsext_status_cb_invoke(SSL ssl, void arg)
816			{
817	0		dSP;
818			SV cb_func, cb_data;
819	0		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
820	0		int len,res,nres = -1;
821	0		const unsigned char *p = NULL;
822	0		OCSP_RESPONSE *ocsp_response = NULL;
823
824	0		cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func");
825	0		cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data");
826
827	0	0	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		0
828	0		croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n");
829
830	0		len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
831	0	0	if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len);
832
833	0		ENTER;
834	0		SAVETMPS;
835
836	0	0	PUSHMARK(SP);
837	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
838	0		PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) );
839	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
840	0		PUTBACK;
841
842	0		nres = call_sv(cb_func, G_SCALAR);
843	0	0	if (ocsp_response) OCSP_RESPONSE_free(ocsp_response);
844
845	0		SPAGAIN;
846
847	0	0	if (nres != 1)
848	0		croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n");
849
850	0		res = POPi;
851
852	0		PUTBACK;
853	0	0	FREETMPS;
854	0		LEAVE;
855
856	0		return res;
857			}
858
859	1		int session_ticket_ext_cb_invoke(SSL ssl, const unsigned char data, int len, void *arg)
860			{
861	1		dSP;
862			SV cb_func, cb_data;
863	1		int res,nres = -1;
864
865	1		cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func");
866	1		cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data");
867
868	1	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
869	0		croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n");
870
871	1		ENTER;
872	1		SAVETMPS;
873
874	1	50	PUSHMARK(SP);
875	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
876	1	50	XPUSHs(sv_2mortal(newSVpvn((const char *)data, len)));
877	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
878	1		PUTBACK;
879
880	1		nres = call_sv(cb_func, G_SCALAR);
881
882	1		SPAGAIN;
883
884	1	50	if (nres != 1)
885	0		croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n");
886
887	1		res = POPi;
888
889	1		PUTBACK;
890	1	50	FREETMPS;
891	1		LEAVE;
892
893	1		return res;
894			}
895
896			#endif
897
898			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
899
900	0		int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
901			STACK_OF(SSL_CIPHER) *peer_ciphers,
902			const SSL_CIPHER *cipher, void arg)
903			{
904	0		dSP;
905	0		int count = -1, res, i;
906	0		AV *ciphers = newAV();
907	0		SV *pref_cipher = sv_newmortal();
908			SV * cb_func, *cb_data;
909			SV * secretsv;
910
911			PR1("STARTED: ssleay_session_secret_cb_invoke\n");
912	0		cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
913	0		cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data");
914
915	0	0	if(!SvOK(cb_func))
916	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
917
918	0		ENTER;
919	0		SAVETMPS;
920
921	0	0	PUSHMARK(SP);
922	0		secretsv = sv_2mortal( newSVpv((const char )secret, secret_len));
923	0	0	XPUSHs(secretsv);
924	0	0	for (i=0; i
925	0		const SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
926	0		av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
927			}
928	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)ciphers)));
929	0	0	XPUSHs(sv_2mortal(newRV_inc(pref_cipher)));
930	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
931
932	0		PUTBACK;
933
934	0		count = call_sv( cb_func, G_SCALAR );
935
936	0		SPAGAIN;
937
938	0	0	if (count != 1)
939	0		croak ("Net::SSLeay: ssleay_session_secret_cb_invoke perl function did not return a scalar.\n");
940
941	0		res = POPi;
942	0	0	if (res) {
943			/* See if there is a preferred cipher selected, if so it is an index into the stack */
944	0	0	if (SvIOK(pref_cipher))
945	0		*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
946
947			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
948			{
949			/* Use any new master secret set by the callback function in secret */
950			STRLEN newsecretlen;
951	0		char* newsecretdata = SvPV(secretsv, newsecretlen);
952	0	0	if (secret_len < 0 \|\| newsecretlen > (STRLEN)secret_len)
		0
953	0		croak("Net::SSLeay: ssleay_session_secret_cb_invoke perl function returned too long secret: %ld > %ld.\n", (long)newsecretlen, (long)*secret_len);
954	0		memcpy(secret, newsecretdata, newsecretlen);
955	0		*secret_len = newsecretlen;
956			}
957			#endif
958			}
959
960	0		PUTBACK;
961	0	0	FREETMPS;
962	0		LEAVE;
963
964	0		return res;
965			}
966
967			#endif
968
969			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK)
970			#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
971
972	0		unsigned int ssleay_set_psk_client_callback_invoke(SSL ssl, const char hint,
973			char *identity, unsigned int max_identity_len,
974			unsigned char *psk, unsigned int max_psk_len)
975			{
976	0		dSP;
977	0		int count = -1;
978			char identity_val, psk_val;
979	0		unsigned int psk_len = 0;
980	0		BIGNUM *psk_bn = NULL;
981			SV * cb_func;
982			SV * hintsv;
983			/* this n_a is required for building with old perls: */
984			STRLEN n_a;
985
986			PR1("STARTED: ssleay_set_psk_client_callback_invoke\n");
987	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func");
988
989	0	0	if(!SvOK(cb_func))
990	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
991
992	0		ENTER;
993	0		SAVETMPS;
994
995	0	0	PUSHMARK(SP);
996	0	0	if (hint != NULL) {
997	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
998	0	0	XPUSHs(hintsv);
999			}
1000
1001	0		PUTBACK;
1002
1003	0		count = call_sv( cb_func, G_LIST );
1004
1005	0		SPAGAIN;
1006
1007	0	0	if (count != 2)
1008	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1009
1010	0		psk_val = POPpx;
1011	0		identity_val = POPpx;
1012
1013	0		my_snprintf(identity, max_identity_len, "%s", identity_val);
1014
1015	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1016	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1017	0		psk_len = BN_bn2bin(psk_bn, psk);
1018			}
1019	0		BN_free(psk_bn);
1020			}
1021
1022	0		PUTBACK;
1023	0	0	FREETMPS;
1024	0		LEAVE;
1025
1026	0		return psk_len;
1027			}
1028
1029	0		unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL ssl, const char hint,
1030			char *identity, unsigned int max_identity_len,
1031			unsigned char *psk, unsigned int max_psk_len)
1032			{
1033	0		dSP;
1034			SSL_CTX *ctx;
1035	0		int count = -1;
1036			char identity_val, psk_val;
1037	0		unsigned int psk_len = 0;
1038	0		BIGNUM *psk_bn = NULL;
1039			SV * cb_func;
1040			SV * hintsv;
1041			/* this n_a is required for building with old perls: */
1042			STRLEN n_a;
1043
1044	0		ctx = SSL_get_SSL_CTX(ssl);
1045
1046			PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n");
1047	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func");
1048
1049	0	0	if(!SvOK(cb_func))
1050	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1051
1052	0		ENTER;
1053	0		SAVETMPS;
1054
1055	0	0	PUSHMARK(SP);
1056	0	0	if (hint != NULL) {
1057	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1058	0	0	XPUSHs(hintsv);
1059			}
1060
1061	0		PUTBACK;
1062
1063	0		count = call_sv( cb_func, G_LIST );
1064
1065	0		SPAGAIN;
1066
1067	0	0	if (count != 2)
1068	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1069
1070	0		psk_val = POPpx;
1071	0		identity_val = POPpx;
1072
1073	0		my_snprintf(identity, max_identity_len, "%s", identity_val);
1074
1075	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1076	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1077	0		psk_len = BN_bn2bin(psk_bn, psk);
1078			}
1079	0		BN_free(psk_bn);
1080			}
1081
1082	0		PUTBACK;
1083	0	0	FREETMPS;
1084	0		LEAVE;
1085
1086	0		return psk_len;
1087			}
1088
1089	0		unsigned int ssleay_set_psk_server_callback_invoke(SSL ssl, const char identity,
1090			unsigned char *psk, unsigned int max_psk_len)
1091			{
1092	0		dSP;
1093	0		int count = -1;
1094	0		unsigned int psk_len = 0;
1095			SV * cb_func, *psk_sv;
1096
1097			PR1("STARTED: ssleay_set_psk_server_callback_invoke\n");
1098
1099	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_server_callback!!func");
1100	0	0	if(!SvOK(cb_func))
1101	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke called, but not set to point to any perl function.\n");
1102
1103	0		ENTER;
1104	0		SAVETMPS;
1105
1106	0	0	PUSHMARK(SP);
1107	0	0	EXTEND(SP, 3);
1108	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1109	0		PUSHs(sv_2mortal(newSVpv(identity, 0)));
1110	0		PUSHs(sv_2mortal(newSViv(max_psk_len)));
1111
1112	0		PUTBACK;
1113
1114	0		count = call_sv( cb_func, G_SCALAR );
1115
1116	0		SPAGAIN;
1117
1118	0	0	if (count != 1)
1119	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke perl function did not return 1 value.\n");
1120
1121	0		psk_sv = POPs;
1122	0	0	if (SvOK(psk_sv)) {
1123			STRLEN new_psk_len;
1124	0		char *new_psk = SvPV(psk_sv, new_psk_len);
1125
1126	0	0	if (!SvPOK(psk_sv))
1127	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke PSK is not a string.\n");
1128
1129	0	0	if (new_psk_len > max_psk_len)
1130	0		croak ("Net::SSLeay: ssleay_set_psk_server_callback_invoke PSK is longer than allowed (%lu > %u).\n", new_psk_len, max_psk_len);
1131	0		memcpy(psk, new_psk, new_psk_len);
1132	0		psk_len = new_psk_len;
1133			}
1134
1135	0		PUTBACK;
1136	0	0	FREETMPS;
1137	0		LEAVE;
1138
1139	0		return psk_len;
1140			}
1141
1142	0		unsigned int ssleay_ctx_set_psk_server_callback_invoke(SSL ssl, const char identity,
1143			unsigned char *psk, unsigned int max_psk_len)
1144			{
1145	0		dSP;
1146			SSL_CTX *ctx;
1147	0		int count = -1;
1148	0		unsigned int psk_len = 0;
1149			SV * cb_func, *psk_sv;
1150
1151			PR1("STARTED: ssleay_ctx_set_psk_server_callback_invoke\n");
1152
1153	0		ctx = SSL_get_SSL_CTX(ssl);
1154	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_server_callback!!func");
1155	0	0	if(!SvOK(cb_func))
1156	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke called, but not set to point to any perl function.\n");
1157
1158	0		ENTER;
1159	0		SAVETMPS;
1160
1161	0	0	PUSHMARK(SP);
1162	0	0	EXTEND(SP, 3);
1163	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1164	0		PUSHs(sv_2mortal(newSVpv(identity, 0)));
1165	0		PUSHs(sv_2mortal(newSViv(max_psk_len)));
1166
1167	0		PUTBACK;
1168
1169	0		count = call_sv( cb_func, G_SCALAR );
1170
1171	0		SPAGAIN;
1172
1173	0	0	if (count != 1)
1174	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke perl function did not return 1 value.\n");
1175
1176	0		psk_sv = POPs;
1177	0	0	if (SvOK(psk_sv)) {
1178			STRLEN new_psk_len;
1179	0		char *new_psk = SvPV(psk_sv, new_psk_len);
1180
1181	0	0	if (!SvPOK(psk_sv))
1182	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke PSK is not a string.\n");
1183
1184	0	0	if (new_psk_len > max_psk_len)
1185	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_server_callback_invoke PSK is longer than allowed (%lu > %u).\n", new_psk_len, max_psk_len);
1186	0		memcpy(psk, new_psk, new_psk_len);
1187	0		psk_len = new_psk_len;
1188			}
1189
1190	0		PUTBACK;
1191	0	0	FREETMPS;
1192	0		LEAVE;
1193
1194	0		return psk_len;
1195			}
1196
1197			#if OPENSSL_VERSION_NUMBER >= 0x10101001L
1198
1199			/* TLS 1.3 has its own callbacks */
1200	0		int ssleay_set_psk_find_session_callback_invoke(SSL ssl, const unsigned char identity,
1201			size_t identity_len,
1202			SSL_SESSION **sess)
1203			{
1204	0		dSP;
1205	0		int count = -1, ret;
1206			SV * cb_func, *sess_sv;
1207
1208			PR1("STARTED: ssleay_psk_find_session_callback_callback_invoke\n");
1209
1210	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_find_session_callback!!func");
1211	0	0	if(!SvOK(cb_func))
1212	0		croak ("Net::SSLeay: ssleay_psk_find_session_callback_callback_invoke called, but not set to point to any perl function.\n");
1213
1214	0		ENTER;
1215	0		SAVETMPS;
1216
1217	0	0	PUSHMARK(SP);
1218	0	0	EXTEND(SP, 2);
1219	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1220	0		PUSHs(sv_2mortal(newSVpvn((const char *)identity, identity_len)));
1221
1222	0		PUTBACK;
1223
1224	0		count = call_sv( cb_func, G_LIST );
1225
1226	0		SPAGAIN;
1227
1228	0	0	if (count != 2)
1229	0		croak ("Net::SSLeay: ssleay_psk_find_session_callback_callback_invoke perl function did not return 2 values.\n");
1230
1231	0		*sess = NULL;
1232	0		sess_sv = POPs;
1233	0	0	if (SvOK(sess_sv))
1234	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1235
1236	0		ret = POPi;
1237
1238	0		PUTBACK;
1239	0	0	FREETMPS;
1240	0		LEAVE;
1241
1242	0		return ret;
1243			}
1244
1245	0		int ssleay_ctx_set_psk_find_session_callback_invoke(SSL ssl, const unsigned char identity,
1246			size_t identity_len,
1247			SSL_SESSION **sess)
1248			{
1249	0		dSP;
1250			SSL_CTX *ctx;
1251	0		int count = -1, ret;
1252			SV * cb_func, *sess_sv;
1253
1254	0		ctx = SSL_get_SSL_CTX(ssl);
1255
1256			PR1("STARTED: ssleay_ctx_psk_find_session_callback_callback_invoke\n");
1257
1258	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_find_session_callback!!func");
1259	0	0	if(!SvOK(cb_func))
1260	0		croak ("Net::SSLeay: ssleay_ctx_psk_find_session_callback_callback_invoke called, but not set to point to any perl function.\n");
1261
1262	0		ENTER;
1263	0		SAVETMPS;
1264
1265	0	0	PUSHMARK(SP);
1266	0	0	EXTEND(SP, 2);
1267	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1268	0		PUSHs(sv_2mortal(newSVpvn((const char *)identity, identity_len)));
1269
1270	0		PUTBACK;
1271
1272	0		count = call_sv( cb_func, G_LIST );
1273
1274	0		SPAGAIN;
1275
1276	0	0	if (count != 2)
1277	0		croak ("Net::SSLeay: ssleay_ctx_psk_find_session_callback_callback_invoke perl function did not return 2 values.\n");
1278
1279	0		*sess = NULL;
1280	0		sess_sv = POPs;
1281	0	0	if (SvOK(sess_sv))
1282	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1283
1284	0		ret = POPi;
1285
1286	0		PUTBACK;
1287	0	0	FREETMPS;
1288	0		LEAVE;
1289
1290	0		return ret;
1291			}
1292
1293	0		int ssleay_set_psk_use_session_callback_invoke(SSL ssl, const EVP_MD md,
1294			const unsigned char **id,
1295			size_t *idlen,
1296			SSL_SESSION **sess)
1297			{
1298	0		dSP;
1299	0		int count = -1, ret;
1300			SV * cb_func, sess_sv, id_sv;
1301
1302			PR1("STARTED: ssleay_psk_use_session_callback_invoke\n");
1303
1304	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_use_session_callback!!func");
1305	0	0	if(!SvOK(cb_func))
1306	0		croak ("Net::SSLeay: ssleay_psk_use_session_callback_invoke called, but not set to point to any perl function.\n");
1307
1308	0		ENTER;
1309	0		SAVETMPS;
1310
1311	0	0	PUSHMARK(SP);
1312	0	0	EXTEND(SP, 2);
1313	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1314	0		PUSHs(sv_2mortal(newSViv(PTR2IV(md))));
1315
1316	0		PUTBACK;
1317
1318	0		count = call_sv( cb_func, G_LIST );
1319
1320	0		SPAGAIN;
1321
1322	0	0	if (count != 3)
1323	0		croak ("Net::SSLeay: ssleay_psk_use_session_callback_invoke perl function did not return 3 values.\n");
1324
1325	0		*sess = NULL;
1326	0		*id = NULL;
1327	0		*idlen = 0;
1328	0		sess_sv = POPs;
1329	0		id_sv = POPs;
1330	0		ret = POPi;
1331	0	0	if (ret && SvOK(sess_sv)) {
		0
1332			/* Returning with success but without NULL SSL_SESSION is
1333			* permissible. In this case the handshake continues with
1334			* certificate authentication */
1335			char *id_sv_ptr;
1336			STRLEN id_sv_len;
1337	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1338	0		id_sv_ptr = SvPVbyte(id_sv, id_sv_len);
1339	0		id = (const unsigned char )id_sv_ptr;
1340	0		*idlen = id_sv_len;
1341	0		sv_dump(id_sv);
1342	0		SSL_SESSION_print_fp(stdout, *sess);
1343			}
1344
1345	0		PUTBACK;
1346	0	0	FREETMPS;
1347	0		LEAVE;
1348
1349	0		return ret;
1350			}
1351
1352	0		int ssleay_ctx_set_psk_use_session_callback_invoke(SSL ssl, const EVP_MD md,
1353			const unsigned char **id,
1354			size_t *idlen,
1355			SSL_SESSION **sess)
1356			{
1357	0		dSP;
1358			SSL_CTX *ctx;
1359	0		int count = -1, ret;
1360			SV * cb_func, sess_sv, id_sv;
1361
1362	0		ctx = SSL_get_SSL_CTX(ssl);
1363
1364			PR1("STARTED: ssleay_ctx_psk_use_session_callback_invoke\n");
1365
1366	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_use_session_callback!!func");
1367	0	0	if(!SvOK(cb_func))
1368	0		croak ("Net::SSLeay: ssleay_ctx_psk_use_session_callback_invoke called, but not set to point to any perl function.\n");
1369
1370	0		ENTER;
1371	0		SAVETMPS;
1372
1373	0	0	PUSHMARK(SP);
1374	0	0	EXTEND(SP, 2);
1375	0		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1376	0		PUSHs(sv_2mortal(newSViv(PTR2IV(md))));
1377
1378	0		PUTBACK;
1379
1380	0		count = call_sv( cb_func, G_LIST );
1381
1382	0		SPAGAIN;
1383
1384	0	0	if (count != 3)
1385	0		croak ("Net::SSLeay: ssleay_ctx_psk_use_session_callback_invoke perl function did not return 2 values.\n");
1386
1387	0		*sess = NULL;
1388	0		*id = NULL;
1389	0		*idlen = 0;
1390	0		sess_sv = POPs;
1391	0		id_sv = POPs;
1392	0		ret = POPi;
1393	0	0	if (ret && SvOK(sess_sv)) {
		0
1394			/* Returning with success but without NULL SSL_SESSION is
1395			* permissible. In this case the handshake continues with
1396			* certificate authentication */
1397			char *id_sv_ptr;
1398			STRLEN id_sv_len;
1399	0		sess = INT2PTR(SSL_SESSION , SvIV(sess_sv));
1400	0		id_sv_ptr = SvPVbyte(id_sv, id_sv_len);
1401	0		id = (const unsigned char )id_sv_ptr;
1402	0		*idlen = id_sv_len;
1403	0		sv_dump(id_sv);
1404	0		SSL_SESSION_print_fp(stdout, *sess);
1405			}
1406
1407	0		PUTBACK;
1408	0	0	FREETMPS;
1409	0		LEAVE;
1410
1411	0		return ret;
1412			}
1413
1414			#endif
1415			#endif
1416
1417			#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) \|\| (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT))
1418
1419	20		int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
1420			{
1421	20		int i, last_index, ptr = 0;
1422	20		last_index = av_len(list);
1423	20	50	if (last_index<0) return 0;
1424	60	100	for(i=0; i<=last_index; i++) {
1425	40		char p = SvPV_nolen(av_fetch(list, i, 0));
1426	40		size_t len = strlen(p);
1427	40	50	if (len>255) return 0;
1428	40	100	if (out) {
1429			/* if out == NULL we only calculate the length of output */
1430	20		out[ptr] = (unsigned char)len;
1431	20		strncpy((char*)out+ptr+1, p, len);
1432			}
1433	40		ptr += strlen(p) + 1;
1434			}
1435	20		return ptr;
1436			}
1437
1438	0		int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen)
1439			{
1440	0		unsigned int i = 0;
1441			unsigned char il;
1442	0	0	if (!list \|\| inlen<2) return 0;
		0
1443	0	0	while (i
1444	0		il = in[i++];
1445	0	0	if (i+il > inlen) return 0;
1446	0		av_push(list, newSVpv((const char*)in+i, il));
1447	0		i += il;
1448			}
1449	0		return 1;
1450			}
1451
1452			#endif
1453
1454			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
1455
1456	1		int next_proto_select_cb_invoke(SSL ssl, unsigned char out, unsigned char outlen,
1457			const unsigned char in, unsigned int inlen, void arg)
1458			{
1459			SV cb_func, cb_data;
1460			unsigned char *next_proto_data;
1461			size_t next_proto_len;
1462			int next_proto_status;
1463	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1464			/* this n_a is required for building with old perls: */
1465			STRLEN n_a;
1466
1467			PR1("STARTED: next_proto_select_cb_invoke\n");
1468	1		cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func");
1469	1		cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data");
1470			/* clear last_status value = store undef */
1471	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL);
1472	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL);
1473
1474	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1475	0		int count = -1;
1476	0		AV *list = newAV();
1477			SV *tmpsv;
1478	0		dSP;
1479
1480	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1481
1482	0		ENTER;
1483	0		SAVETMPS;
1484	0	0	PUSHMARK(SP);
1485	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1486	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1487	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1488	0		PUTBACK;
1489	0		count = call_sv( cb_func, G_LIST );
1490	0		SPAGAIN;
1491	0	0	if (count != 2)
1492	0		croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n");
1493	0		next_proto_data = (unsigned char*)POPpx;
1494	0		next_proto_status = POPi;
1495
1496	0		next_proto_len = strlen((const char*)next_proto_data);
1497	0	0	if (next_proto_len<=255) {
1498			/* store last_status + last_negotiated into global hash */
1499	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1500	0		tmpsv = newSVpv((const char*)next_proto_data, next_proto_len);
1501	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv);
1502	0		out = (unsigned char )SvPVX(tmpsv);
1503	0		*outlen = next_proto_len;
1504			}
1505
1506	0		PUTBACK;
1507	0	0	FREETMPS;
1508	0		LEAVE;
1509
1510	0	0	return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK;
1511			}
1512	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1513	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1514	1		Newx(next_proto_data, next_proto_len, unsigned char);
1515	1	50	if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1516	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data);
1517
1518	1		next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len);
1519	1		Safefree(next_proto_data);
1520	1	50	if (next_proto_status != OPENSSL_NPN_NEGOTIATED) {
1521	0		outlen = in;
1522	0		out = (unsigned char )in+1;
1523			}
1524
1525			/* store last_status + last_negotiated into global hash */
1526	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1527	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char)out, *outlen));
1528	1		return SSL_TLSEXT_ERR_OK;
1529			}
1530	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1531			}
1532
1533	1		int next_protos_advertised_cb_invoke(SSL ssl, const unsigned char out, unsigned int outlen, void *arg_unused)
1534			{
1535			SV cb_func, cb_data;
1536	1		unsigned char *protodata = NULL;
1537	1		unsigned short protodata_len = 0;
1538			SV *tmpsv;
1539			AV *tmpav;
1540	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1541
1542			PR1("STARTED: next_protos_advertised_cb_invoke");
1543	1		cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func");
1544	1		cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data");
1545
1546	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1547	0		int count = -1;
1548	0		dSP;
1549	0		ENTER;
1550	0		SAVETMPS;
1551	0	0	PUSHMARK(SP);
1552	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1553	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1554	0		PUTBACK;
1555	0		count = call_sv( cb_func, G_SCALAR );
1556	0		SPAGAIN;
1557	0	0	if (count != 1)
1558	0		croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n");
1559	0		tmpsv = POPs;
1560	0	0	if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) {
		0
		0
1561	0		tmpav = (AV*)SvRV(tmpsv);
1562	0		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1563	0		Newx(protodata, protodata_len, unsigned char);
1564	0	0	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1565			}
1566	0		PUTBACK;
1567	0	0	FREETMPS;
1568	0		LEAVE;
1569			}
1570	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1571	1		tmpav = (AV*)SvRV(cb_data);
1572	1		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1573	1		Newx(protodata, protodata_len, unsigned char);
1574	1	50	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1575			}
1576	1	50	if (protodata) {
1577	1		tmpsv = newSVpv((const char*)protodata, protodata_len);
1578	1		Safefree(protodata);
1579	1		cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv);
1580	1		out = (unsigned char )SvPVX(tmpsv);
1581	1		*outlen = protodata_len;
1582	1		return SSL_TLSEXT_ERR_OK;
1583			}
1584	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1585			}
1586
1587			#endif
1588
1589			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
1590
1591	1		int alpn_select_cb_invoke(SSL ssl, const unsigned char out, unsigned char outlen,
1592			const unsigned char in, unsigned int inlen, void arg)
1593			{
1594			SV cb_func, cb_data;
1595			unsigned char *alpn_data;
1596			size_t alpn_len;
1597	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1598
1599			PR1("STARTED: alpn_select_cb_invoke\n");
1600	1		cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func");
1601	1		cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data");
1602
1603	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1604	0		int count = -1;
1605	0		AV *list = newAV();
1606			SV *tmpsv;
1607			SV *alpn_data_sv;
1608	0		dSP;
1609
1610	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1611
1612	0		ENTER;
1613	0		SAVETMPS;
1614	0	0	PUSHMARK(SP);
1615	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1616	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1617	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1618	0		PUTBACK;
1619	0		count = call_sv( cb_func, G_LIST );
1620	0		SPAGAIN;
1621	0	0	if (count != 1)
1622	0		croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n");
1623	0		alpn_data_sv = POPs;
1624	0	0	if (SvOK(alpn_data_sv)) {
1625	0		alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv);
1626	0		alpn_len = strlen((const char*)alpn_data);
1627	0	0	if (alpn_len <= 255) {
1628	0		tmpsv = newSVpv((const char*)alpn_data, alpn_len);
1629	0		out = (unsigned char )SvPVX(tmpsv);
1630	0		*outlen = alpn_len;
1631			}
1632			} else {
1633	0		alpn_data = NULL;
1634	0		alpn_len = 0;
1635			}
1636	0		PUTBACK;
1637	0	0	FREETMPS;
1638	0		LEAVE;
1639
1640	0	0	if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL;
1641	0	0	return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1642			}
1643	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1644			int status;
1645
1646	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1647	1		Newx(alpn_data, alpn_len, unsigned char);
1648	1	50	if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1649	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data);
1650
1651			/* This is the same function that is used for NPN. */
1652	1		status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len);
1653	1		Safefree(alpn_data);
1654	1	50	if (status != OPENSSL_NPN_NEGOTIATED) {
1655	0		outlen = in;
1656	0		*out = in+1;
1657			}
1658	1	50	return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1659			}
1660	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1661			}
1662
1663			#endif
1664
1665	2		int pem_password_cb_invoke(char buf, int bufsize, int rwflag, void data) {
1666	2		dSP;
1667			char *str;
1668	2		int count = -1;
1669	2		size_t str_len = 0;
1670	2		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1671			/* this n_a is required for building with old perls: */
1672			STRLEN n_a;
1673
1674			PR1("STARTED: pem_password_cb_invoke\n");
1675	2	50	if (cb->func && SvOK(cb->func)) {
		50
1676	2		ENTER;
1677	2		SAVETMPS;
1678
1679	2	50	PUSHMARK(sp);
1680
1681	2	50	XPUSHs(sv_2mortal( newSViv(bufsize-1) ));
1682	2	50	XPUSHs(sv_2mortal( newSViv(rwflag) ));
1683	2	50	if (cb->data) XPUSHs( cb->data );
		0
1684
1685	2		PUTBACK;
1686
1687	2		count = call_sv( cb->func, G_SCALAR );
1688
1689	2		SPAGAIN;
1690
1691	2		buf[0] = 0; /* start with an empty password */
1692	2	50	if (count != 1) {
1693	0		croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n");
1694			}
1695			else {
1696	2		str = POPpx;
1697	2		str_len = strlen(str);
1698	2	50	if (str_len+1 < bufsize) {
1699	2		strcpy(buf, str);
1700			}
1701			else {
1702	0		str_len = 0;
1703	0		warn("Net::SSLeay: pem_password_cb_invoke password too long\n");
1704			}
1705			}
1706
1707	2		PUTBACK;
1708	2	50	FREETMPS;
1709	2		LEAVE;
1710			}
1711	2		return str_len;
1712			}
1713
1714	7541		void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data)
1715			{
1716	7541		dSP;
1717	7541		int count = -1;
1718	7541		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1719
1720			/* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */
1721	7541	50	if (cb->func && SvOK(cb->func)) {
		100
1722	2471		ENTER;
1723	2471		SAVETMPS;
1724
1725	2471	50	PUSHMARK(sp);
1726
1727	2471	50	XPUSHs(sv_2mortal( newSViv(i) ));
1728	2471	50	XPUSHs(sv_2mortal( newSViv(n) ));
1729	2471	100	if (cb->data) XPUSHs( cb->data );
		50
1730
1731	2471		PUTBACK;
1732
1733	2471		count = call_sv( cb->func, G_VOID\|G_DISCARD );
1734
1735	2470	50	if (count != 0)
1736	0		croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
1737			"perl function did return something in void context.\n");
1738
1739	2470		SPAGAIN;
1740	2470	50	FREETMPS;
1741	2470		LEAVE;
1742			}
1743	7540		}
1744
1745	23		void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret)
1746			{
1747	23		dSP;
1748			SV cb_func, cb_data;
1749
1750	23		cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func");
1751	23		cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data");
1752
1753	23	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1754	0		croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n");
1755
1756	23		ENTER;
1757	23		SAVETMPS;
1758
1759	23	50	PUSHMARK(SP);
1760	23	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1761	23	50	XPUSHs(sv_2mortal(newSViv(where)) );
1762	23	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1763	23	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1764	23		PUTBACK;
1765
1766	23		call_sv(cb_func, G_VOID);
1767
1768	23		SPAGAIN;
1769	23		PUTBACK;
1770	23	50	FREETMPS;
1771	23		LEAVE;
1772	23		}
1773
1774	680		void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
1775			{
1776	680		dSP;
1777			SV cb_func, cb_data;
1778	680		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1779
1780	680		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func");
1781	680		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data");
1782
1783	680	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1784	0		croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n");
1785
1786	680		ENTER;
1787	680		SAVETMPS;
1788
1789	680	50	PUSHMARK(SP);
1790	680	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1791	680	50	XPUSHs(sv_2mortal(newSViv(where)) );
1792	680	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1793	680	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1794	680		PUTBACK;
1795
1796	680		call_sv(cb_func, G_VOID);
1797
1798	680		SPAGAIN;
1799	680		PUTBACK;
1800	680	50	FREETMPS;
1801	680		LEAVE;
1802	680		}
1803
1804	34		void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1805			{
1806	34		dSP;
1807			SV cb_func, cb_data;
1808
1809	34		cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
1810	34		cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
1811
1812	34	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1813	0		croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
1814
1815	34		ENTER;
1816	34		SAVETMPS;
1817
1818	34	50	PUSHMARK(SP);
1819	34	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1820	34	50	XPUSHs(sv_2mortal(newSViv(version)));
1821	34	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1822	34	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1823	34	50	XPUSHs(sv_2mortal(newSViv(len)));
1824	34	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1825	34	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1826	34		PUTBACK;
1827
1828	34		call_sv(cb_func, G_VOID);
1829
1830	34		SPAGAIN;
1831	34		PUTBACK;
1832	34	50	FREETMPS;
1833	34		LEAVE;
1834	34		}
1835
1836	34		void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1837			{
1838	34		dSP;
1839			SV cb_func, cb_data;
1840	34		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1841
1842	34		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
1843	34		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
1844
1845	34	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1846	0		croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
1847
1848	34		ENTER;
1849	34		SAVETMPS;
1850
1851	34	50	PUSHMARK(SP);
1852	34	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1853	34	50	XPUSHs(sv_2mortal(newSViv(version)));
1854	34	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1855	34	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1856	34	50	XPUSHs(sv_2mortal(newSViv(len)));
1857	34	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1858	34	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1859	34		PUTBACK;
1860
1861	34		call_sv(cb_func, G_VOID);
1862
1863	34		SPAGAIN;
1864	34		PUTBACK;
1865	34	50	FREETMPS;
1866	34		LEAVE;
1867	34		}
1868
1869			/*
1870			* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
1871			* broken in various ways during the various 1.0.0* versions.
1872			* Better enable it only starting with 1.0.1.
1873			*/
1874			#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT)
1875			#define NET_SSLEAY_CAN_TICKET_KEY_CB
1876
1877	7		int tlsext_ticket_key_cb_invoke(
1878			SSL *ssl,
1879			unsigned char *key_name,
1880			unsigned char *iv,
1881			EVP_CIPHER_CTX *ectx,
1882			HMAC_CTX *hctx,
1883			int enc
1884			){
1885
1886	7		dSP;
1887	7		int count,usable_rv_count,hmac_key_len = 0;
1888			SV cb_func, cb_data;
1889			STRLEN svlen;
1890			unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */
1891			unsigned char name[16];
1892	7		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1893
1894			PR1("STARTED: tlsext_ticket_key_cb_invoke\n");
1895	7		cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func");
1896	7		cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data");
1897
1898	7	50	if (!SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1899	0		croak("callback must be a code reference");
1900
1901	7		ENTER;
1902	7		SAVETMPS;
1903	7	50	PUSHMARK(SP);
1904
1905	7	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1906
1907	7	100	if (!enc) {
1908			/* call as getkey(data,this_name) -> (key,current_name) */
1909	4	50	XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16)));
1910			} else {
1911			/* call as getkey(data) -> (key,current_name) */
1912			}
1913
1914	7		PUTBACK;
1915
1916	7		count = call_sv( cb_func, G_LIST );
1917
1918	7		SPAGAIN;
1919
1920	7	50	if (count>2)
1921	0		croak("too much return values - only (name,key) should be returned");
1922
1923	7		usable_rv_count = 0;
1924	7	100	if (count>0) {
1925	6		SV *sname = POPs;
1926	6	50	if (SvOK(sname)) {
1927	6		unsigned char pname = (unsigned char )SvPV(sname,svlen);
1928	6	50	if (svlen > 16)
1929	0		croak("name must be at at most 16 bytes, got %d",(int)svlen);
1930	6	50	if (svlen == 0)
1931	0		croak("name should not be empty");
1932	6		OPENSSL_cleanse(name, 16);
1933	6		memcpy(name,pname,svlen);
1934	6		usable_rv_count++;
1935			}
1936			}
1937	7	100	if (count>1) {
1938	6		SV *skey = POPs;
1939	6	50	if (SvOK(skey)) {
1940	6		unsigned char pkey = (unsigned char )SvPV(skey,svlen);
1941	6	50	if (svlen != 32 && svlen != 48)
		0
1942	0		croak("key must be 32 or 48 random bytes, got %d",(int)svlen);
1943	6		hmac_key_len = (int)svlen - 16;
1944	6		memcpy(key,pkey,(int)svlen);
1945	6		usable_rv_count++;
1946			}
1947			}
1948
1949	7		PUTBACK;
1950	7	50	FREETMPS;
1951	7		LEAVE;
1952
1953	7	100	if (!enc && usable_rv_count == 0) {
		100
1954	1		TRACE(2,"no key returned for ticket");
1955	1		return 0;
1956			}
1957	6	50	if (usable_rv_count != 2)
1958	0		croak("key functions needs to return (key,name)");
1959
1960	6	100	if (enc) {
1961			/* encrypt ticket information with given key */
1962	3		RAND_bytes(iv, 16);
1963	3		EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1964	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1965	3		memcpy(key_name,name,16);
1966	3		return 1;
1967
1968			} else {
1969	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1970	3		EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1971
1972	3	100	if (memcmp(name,key_name,16) == 0)
1973	2		return 1; /* current key was used */
1974			else
1975	1		return 2; /* different key was used, need to be renewed */
1976			}
1977			}
1978
1979			#endif
1980
1981	26		int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st ssl, SSL_SESSION sess)
1982			{
1983	26		dSP;
1984			int count, remove;
1985			SSL_CTX *ctx;
1986			SV *cb_func;
1987
1988			PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n");
1989	26		ctx = SSL_get_SSL_CTX(ssl);
1990	26		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func");
1991
1992	26	50	if(!SvOK(cb_func))
1993	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n");
1994
1995	26		ENTER;
1996	26		SAVETMPS;
1997
1998	26	50	PUSHMARK(sp);
1999	26	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2000	26	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
2001	26		PUTBACK;
2002
2003	26		count = call_sv(cb_func, G_SCALAR);
2004
2005	26		SPAGAIN;
2006
2007	26	50	if (count != 1)
2008	0		croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n");
2009
2010	26		remove = POPi;
2011
2012	26		PUTBACK;
2013	26	50	FREETMPS;
2014	26		LEAVE;
2015
2016	26		return remove;
2017			}
2018
2019	8		void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX ctx, SSL_SESSION sess)
2020			{
2021	8		dSP;
2022			SV *cb_func;
2023
2024			PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n");
2025	8		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func");
2026
2027	8	50	if(!SvOK(cb_func))
2028	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n");
2029
2030	8		ENTER;
2031	8		SAVETMPS;
2032
2033	8	50	PUSHMARK(sp);
2034	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx))));
2035	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
2036	8		PUTBACK;
2037
2038	8		call_sv(cb_func, G_VOID);
2039
2040	8		SPAGAIN;
2041
2042	8		PUTBACK;
2043	8	50	FREETMPS;
2044	8		LEAVE;
2045	8		}
2046
2047			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2048	2		int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER provider, void cbdata) {
2049	2		dSP;
2050	2		int ret = 1;
2051	2		int count = -1;
2052	2		simple_cb_data_t cb = (simple_cb_data_t )cbdata;
2053
2054			PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
2055	2	50	if (cb->func && SvOK(cb->func)) {
		50
2056	2		ENTER;
2057	2		SAVETMPS;
2058
2059	2	50	PUSHMARK(SP);
2060	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
2061	2	50	if (cb->data) XPUSHs(cb->data);
		50
2062
2063	2		PUTBACK;
2064
2065	2		count = call_sv(cb->func, G_SCALAR);
2066
2067	2		SPAGAIN;
2068
2069	2	50	if (count != 1)
2070	0		croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
2071
2072	2		ret = POPi;
2073
2074	2		PUTBACK;
2075	2	50	FREETMPS;
2076	2		LEAVE;
2077			}
2078
2079	2		return ret;
2080			}
2081			#endif
2082
2083			#if (OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
2084	12		void ssl_ctx_keylog_cb_func_invoke(const SSL ssl, const char line)
2085			{
2086	12		dSP;
2087			SV *cb_func;
2088	12		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
2089
2090			PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n");
2091	12		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
2092
2093	12	50	if(!SvOK(cb_func))
2094	0		croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n");
2095
2096	12		ENTER;
2097	12		SAVETMPS;
2098
2099	12	50	PUSHMARK(SP);
2100	12	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2101	12	50	XPUSHs(sv_2mortal(newSVpv(line, 0)));
2102
2103	12		PUTBACK;
2104
2105	12		call_sv(cb_func, G_VOID);
2106
2107	12		SPAGAIN;
2108	12		PUTBACK;
2109	12	50	FREETMPS;
2110	12		LEAVE;
2111
2112	12		return;
2113			}
2114			#endif
2115
2116			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
2117	8		int ssl_client_hello_cb_fn_invoke(SSL ssl, int al, void *arg)
2118			{
2119	8		dSP;
2120			int count, res;
2121			SV cb_func, cb_arg;
2122	8		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
2123
2124			PR1("STARTED: ssl_client_hello_cb_fn_invoke\n");
2125	8		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!func");
2126	8		cb_arg = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg");
2127	8	50	if(!SvOK(cb_func))
2128	0		croak ("Net::SSLeay: ssl_client_hello_cb_fn_invoke called, but not set to point to any perl function.\n");
2129
2130	8		ENTER;
2131	8		SAVETMPS;
2132
2133	8	50	PUSHMARK(SP);
2134	8	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2135	8	50	XPUSHs(sv_2mortal(newSVsv(cb_arg)));
2136
2137	8		PUTBACK;
2138
2139	8		count = call_sv(cb_func, G_LIST);
2140
2141	8		SPAGAIN;
2142
2143	8	100	if (count < 1 \|\| count > 2)
		100
2144	2		croak ("Net::SSLeay: ssl_client_hello_cb_fn perl function returned %d values, 1 or 2 expected\n", count);
2145	6	100	if (count == 2)
2146	5		*al = POPi;
2147	6		res = POPi;
2148
2149	6		PUTBACK;
2150	6	50	FREETMPS;
2151	6		LEAVE;
2152
2153	6		return res;
2154			}
2155			#endif
2156
2157	2		int ssl_ctx_set_cert_cb_invoke(SSL ssl, void arg)
2158			{
2159	2		dSP;
2160			int count, res;
2161			SV cb_func, cb_arg;
2162	2		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
2163
2164			PR1("STARTED: ssl_ctx_set_cert_cb_invoke\n");
2165	2		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_set_cert_cb!!func");
2166	2		cb_arg = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg");
2167	2	50	if(!SvOK(cb_func))
2168	0		croak ("Net::SSLeay: ssl_ctx_set_cert_cb_invoke called, but not set to point to any perl function.\n");
2169
2170	2		ENTER;
2171	2		SAVETMPS;
2172
2173	2	50	PUSHMARK(SP);
2174	2	50	EXTEND(SP, 2);
2175	2		PUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
2176	2		PUSHs(sv_2mortal(newSVsv(cb_arg)));
2177
2178	2		PUTBACK;
2179	2		count = call_sv(cb_func, G_SCALAR);
2180	2		SPAGAIN;
2181
2182	2	50	if (count != 1)
2183	0		croak ("Net::SSLeay: ssl_ctx_set_cert_cb_invoke perl function returned %d values, 1 expected\n", count);
2184	2		res = POPi;
2185
2186	2		PUTBACK;
2187	2	50	FREETMPS;
2188	2		LEAVE;
2189
2190	2		return res;
2191			}
2192
2193			/* ============= end of callback stuff, begin helper functions ============== */
2194
2195	0		time_t ASN1_TIME_timet(ASN1_TIME asn1t, time_t gmtoff) {
2196			struct tm t;
2197	0		const char p = (const char) asn1t->data;
2198	0		size_t msec = 0, tz = 0, i, l;
2199			time_t result;
2200	0		int adj = 0;
2201
2202	0	0	if (asn1t->type == V_ASN1_UTCTIME) {
2203	0	0	if (asn1t->length<12 \|\| asn1t->length>17) return 0;
		0
2204	0	0	if (asn1t->length>12) tz = 12;
2205			} else {
2206	0	0	if (asn1t->length<14) return 0;
2207	0	0	if (asn1t->length>14) {
2208	0	0	if (p[14] == '.') {
2209	0		msec = 14;
2210	0	0	for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ;
		0
		0
2211	0	0	if (ilength) tz = i;
2212			} else {
2213	0		tz = 14;
2214			}
2215			}
2216			}
2217
2218	0	0	l = msec ? msec : tz ? tz : asn1t->length;
		0
2219	0	0	for(i=0;i
2220	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
2221			}
2222
2223			/* extract data and time */
2224	0		OPENSSL_cleanse(&t, sizeof(t));
2225	0	0	if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */
2226	0		t.tm_year = (p[0]-'0')*10 + (p[1]-'0');
2227	0	0	if (t.tm_year < 70) t.tm_year += 100;
2228	0		i=2;
2229			} else { /* YYYY */
2230	0		t.tm_year = (p[0]-'0')1000 + (p[1]-'0')100 + (p[2]-'0')*10 + p[3]-'0';
2231	0		t.tm_year -= 1900;
2232	0		i=4;
2233			}
2234	0		t.tm_mon = (p[i+0]-'0')10 + (p[i+1]-'0') -1; / MM, starts with 0 in tm */
2235	0		t.tm_mday = (p[i+2]-'0')10 + (p[i+3]-'0'); / DD */
2236	0		t.tm_hour = (p[i+4]-'0')10 + (p[i+5]-'0'); / hh */
2237	0		t.tm_min = (p[i+6]-'0')10 + (p[i+7]-'0'); / mm */
2238	0		t.tm_sec = (p[i+8]-'0')10 + (p[i+9]-'0'); / ss */
2239
2240			/* skip msec, because time_t does not support it */
2241
2242	0	0	if (tz) {
2243			/* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/
2244	0	0	if (p[tz] == 'Z') {
2245	0	0	if (asn1t->length>tz+1 ) return 0;
2246	0	0	} else if (asn1t->length
		0
		0
2247	0		return 0;
2248			} else {
2249	0	0	if (asn1t->length>tz+5 ) return 0;
2250	0	0	for(i=tz+1;i
2251	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
2252			}
2253	0		adj = ((p[tz+1]-'0')10 + (p[tz+2]-'0'))3600
2254	0		+ ((p[tz+3]-'0')10 + (p[tz+4]-'0'))60;
2255	0	0	if (p[tz]=='+') adj= -1; / +0500: subtract 5 hours to get UTC */
2256			}
2257			}
2258
2259	0		result = mktime(&t);
2260	0	0	if (result == -1) return 0; /* broken time */
2261	0		result += adj;
2262	0	0	if (gmtoff && *gmtoff == -1) {
		0
2263	0		*gmtoff = result - mktime(gmtime(&result));
2264	0		result += *gmtoff;
2265			} else {
2266	0		result += result - mktime(gmtime(&result));
2267			}
2268	0		return result;
2269			}
2270
2271	0		X509 * find_issuer(X509 cert,X509_STORE store, STACK_OF(X509) *chain) {
2272			int i;
2273	0		X509 *issuer = NULL;
2274
2275			/* search first in the chain */
2276	0	0	if (chain) {
2277	0	0	for(i=0;i
2278	0	0	if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
2279	0		TRACE(2,"found issuer in chain");
2280	0		issuer = X509_dup(sk_X509_value(chain,i));
2281			}
2282			}
2283			}
2284			/* if not in the chain it might be in the store */
2285	0	0	if ( !issuer && store ) {
		0
2286	0		X509_STORE_CTX *stx = X509_STORE_CTX_new();
2287	0	0	if (stx && X509_STORE_CTX_init(stx,store,cert,NULL)) {
		0
2288	0		int ok = X509_STORE_CTX_get1_issuer(&issuer,stx,cert);
2289	0	0	if (ok<0) {
2290	0		int err = ERR_get_error();
2291	0	0	if(err) {
2292	0		TRACE(2,"failed to get issuer: %s",ERR_error_string(err,NULL));
2293			} else {
2294	0		TRACE(2,"failed to get issuer: unknown error");
2295			}
2296	0	0	} else if (ok == 0 ) {
2297	0		TRACE(2,"failed to get issuer(0)");
2298			} else {
2299	0		TRACE(2,"got issuer");
2300			}
2301			}
2302	0	0	if (stx) X509_STORE_CTX_free(stx);
2303			}
2304	0		return issuer;
2305			}
2306
2307	8		static SV bn2sv(const BIGNUM p_bn)
2308			{
2309			return p_bn != NULL
2310	8		? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
2311	16	50	: &PL_sv_undef;
2312			}
2313
2314			/* ============= end of helper functions ============== */
2315
2316			MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
2317
2318			PROTOTYPES: ENABLE
2319
2320			BOOT:
2321			{
2322			MY_CXT_INIT;
2323	60		LIB_initialized = 0;
2324			#ifdef USE_ITHREADS
2325			MUTEX_INIT(&LIB_init_mutex);
2326			#ifdef OPENSSL_THREADS
2327			/* If we running under ModPerl, we dont need our own thread locking because
2328			* perl threads are not supported under mod-perl, and we can fall back to the thread
2329			* locking built in to mod-ssl
2330			*/
2331			if (!hv_fetch(get_hv("ENV", 1), "MOD_PERL", 8, 0))
2332			openssl_threads_init();
2333			#endif
2334			#endif
2335			/* initialize global shared callback data hash */
2336	60		MY_CXT.global_cb_data = newHV();
2337	60		MY_CXT.tid = get_my_thread_id();
2338			#ifdef USE_ITHREADS
2339			PR3("BOOT: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
2340			#else
2341			PR1("BOOT:\n");
2342			#endif
2343			}
2344
2345			void
2346			CLONE(...)
2347			CODE:
2348			MY_CXT_CLONE;
2349			/* reset all callback related data as we want to prevent
2350			* cross-thread callbacks
2351			* TODO: later somebody can make the global hash MY_CXT.global_cb_data
2352			* somehow shared between threads
2353			*/
2354	0		MY_CXT.global_cb_data = newHV();
2355	0		MY_CXT.tid = get_my_thread_id();
2356			#ifdef USE_ITHREADS
2357			PR3("CLONE: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
2358			#else
2359			PR1("CLONE: but USE_ITHREADS not defined\n");
2360			#endif
2361
2362			#ifdef NET_SSLEAY_32BIT_CONSTANTS
2363			double
2364			constant(name)
2365			char * name
2366			CODE:
2367			errno = 0;
2368			RETVAL = constant(name, strlen(name));
2369			OUTPUT:
2370			RETVAL
2371
2372			#else
2373
2374			uint64_t
2375			constant(name)
2376			char * name
2377			CODE:
2378	1341		errno = 0;
2379	1341		RETVAL = constant(name, strlen(name));
2380			OUTPUT:
2381			RETVAL
2382
2383			#endif
2384
2385			int
2386			hello()
2387			CODE:
2388			PR1("\tSSLeay Hello World!\n");
2389	1	50	RETVAL = 1;
2390			OUTPUT:
2391			RETVAL
2392
2393			#define REM0 "============= version related functions =============="
2394
2395			unsigned long
2396			SSLeay()
2397
2398			const char *
2399			SSLeay_version(type=SSLEAY_VERSION)
2400			int type
2401
2402			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2403
2404			unsigned long
2405			OpenSSL_version_num()
2406
2407			const char *
2408			OpenSSL_version(t=OPENSSL_VERSION)
2409			int t
2410
2411			#endif /* OpenSSL 1.1.0 */
2412
2413			#if (OPENSSL_VERSION_MAJOR >= 3)
2414
2415			unsigned int
2416			OPENSSL_version_major()
2417
2418			unsigned int
2419			OPENSSL_version_minor()
2420
2421			unsigned int
2422			OPENSSL_version_patch()
2423
2424			const char *
2425			OPENSSL_version_pre_release()
2426
2427			const char *
2428			OPENSSL_version_build_metadata()
2429
2430			const char *
2431			OPENSSL_info(int t)
2432
2433			#endif
2434
2435			#define REM1 "============= SSL CONTEXT functions =============="
2436
2437			SSL_CTX *
2438			SSL_CTX_new()
2439			CODE:
2440	19		RETVAL = SSL_CTX_new (SSLv23_method());
2441			OUTPUT:
2442			RETVAL
2443
2444
2445			#if OPENSSL_VERSION_NUMBER < 0x10100000L
2446			#ifndef OPENSSL_NO_SSL2
2447
2448			SSL_CTX *
2449			SSL_CTX_v2_new()
2450			CODE:
2451			RETVAL = SSL_CTX_new (SSLv2_method());
2452			OUTPUT:
2453			RETVAL
2454
2455			#endif
2456			#endif
2457			#ifndef OPENSSL_NO_SSL3
2458
2459			SSL_CTX *
2460			SSL_CTX_v3_new()
2461			CODE:
2462			RETVAL = SSL_CTX_new (SSLv3_method());
2463			OUTPUT:
2464			RETVAL
2465
2466			#endif
2467
2468			SSL_CTX *
2469			SSL_CTX_v23_new()
2470			CODE:
2471	1		RETVAL = SSL_CTX_new (SSLv23_method());
2472			OUTPUT:
2473			RETVAL
2474
2475			#if !defined(OPENSSL_NO_TLS1_METHOD)
2476
2477			SSL_CTX *
2478			SSL_CTX_tlsv1_new()
2479			CODE:
2480	1		RETVAL = SSL_CTX_new (TLSv1_method());
2481			OUTPUT:
2482			RETVAL
2483
2484			#endif
2485
2486			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
2487
2488			SSL_CTX *
2489			SSL_CTX_tlsv1_1_new()
2490			CODE:
2491	0		RETVAL = SSL_CTX_new (TLSv1_1_method());
2492			OUTPUT:
2493			RETVAL
2494
2495			#endif
2496
2497			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
2498
2499			SSL_CTX *
2500			SSL_CTX_tlsv1_2_new()
2501			CODE:
2502	0		RETVAL = SSL_CTX_new (TLSv1_2_method());
2503			OUTPUT:
2504			RETVAL
2505
2506			#endif
2507
2508			SSL_CTX *
2509			SSL_CTX_new_with_method(meth)
2510			SSL_METHOD * meth
2511			CODE:
2512	337		RETVAL = SSL_CTX_new (meth);
2513			OUTPUT:
2514			RETVAL
2515
2516			void
2517			SSL_CTX_free(ctx)
2518			SSL_CTX * ctx
2519			CODE:
2520	279		SSL_CTX_free(ctx);
2521	279		cb_data_advanced_drop(ctx); /* clean callback related data from global hash */
2522
2523			int
2524			SSL_CTX_add_session(ctx,ses)
2525			SSL_CTX * ctx
2526			SSL_SESSION * ses
2527
2528			int
2529			SSL_CTX_remove_session(ctx,ses)
2530			SSL_CTX * ctx
2531			SSL_SESSION * ses
2532
2533			void
2534			SSL_CTX_flush_sessions(ctx,tm)
2535			SSL_CTX * ctx
2536			long tm
2537
2538			int
2539			SSL_CTX_set_default_verify_paths(ctx)
2540			SSL_CTX * ctx
2541
2542			int
2543			SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
2544			SSL_CTX * ctx
2545			char * CAfile
2546			char * CApath
2547			CODE:
2548	24	50	RETVAL = SSL_CTX_load_verify_locations (ctx,
		50
2549	8	50	CAfile?(*CAfile?CAfile:NULL):NULL,
2550	8	50	CApath?(*CApath?CApath:NULL):NULL
2551			);
2552			OUTPUT:
2553			RETVAL
2554
2555			void
2556			SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef)
2557			SSL_CTX * ctx
2558			int mode
2559			SV * callback
2560			CODE:
2561
2562			/* Former versions of SSLeay checked if the callback was a true boolean value
2563			* and didn't call it if it was false. Therefor some people set the callback
2564			* to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
2565			* we don't execute the callback if it's value isn't something true to retain
2566			* backwards compatibility.
2567			*/
2568
2569	2	50	if (callback==NULL \|\| !SvOK(callback) \|\| !SvTRUE(callback)) {
		100
		50
2570	1		SSL_CTX_set_verify(ctx, mode, NULL);
2571	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL);
2572			} else {
2573	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback));
2574	1		SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke);
2575			}
2576
2577			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
2578
2579			void
2580			SSL_CTX_set_security_level(SSL_CTX * ctx, int level)
2581
2582			int
2583			SSL_CTX_get_security_level(SSL_CTX * ctx)
2584
2585			#endif
2586
2587			#if (OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
2588
2589			int
2590			SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
2591
2592			size_t
2593			SSL_CTX_get_num_tickets(SSL_CTX *ctx)
2594
2595			#endif
2596
2597			#if (OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
2598
2599			int
2600			SSL_CTX_set_ciphersuites(SSL_CTX ctx, const char str)
2601
2602			#endif
2603
2604			#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.0.2 */
2605
2606			long
2607			SSL_CTX_set1_sigalgs_list(SSL_CTX ctx, const char str)
2608
2609			long
2610			SSL_CTX_set1_client_sigalgs_list(SSL_CTX ctx, const char str)
2611
2612			#endif
2613
2614			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2615
2616			void
2617			SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
2618
2619			#endif
2620
2621			void
2622			SSL_CTX_sess_set_new_cb(ctx, callback)
2623			SSL_CTX * ctx
2624			SV * callback
2625			CODE:
2626	10	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
2627	0		SSL_CTX_sess_set_new_cb(ctx, NULL);
2628	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL);
2629			}
2630			else {
2631	10		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback));
2632	10		SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke);
2633			}
2634
2635			void
2636			SSL_CTX_sess_set_remove_cb(ctx, callback)
2637			SSL_CTX * ctx
2638			SV * callback
2639			CODE:
2640	10	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
2641	0		SSL_CTX_sess_set_remove_cb(ctx, NULL);
2642	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL);
2643			}
2644			else {
2645	10		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback));
2646	10		SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke);
2647			}
2648
2649			int
2650			SSL_get_error(s,ret)
2651			SSL * s
2652			int ret
2653
2654			#define REM10 "============= SSL functions =============="
2655
2656			SSL *
2657			SSL_new(ctx)
2658			SSL_CTX * ctx
2659
2660			void
2661			SSL_free(s)
2662			SSL * s
2663			CODE:
2664	313		SSL_free(s);
2665	313		cb_data_advanced_drop(s); /* clean callback related data from global hash */
2666
2667			int
2668			SSL_accept(s)
2669			SSL * s
2670
2671			void
2672			SSL_clear(s)
2673			SSL * s
2674
2675			int
2676			SSL_connect(s)
2677			SSL * s
2678
2679
2680			#if defined(WIN32)
2681
2682			int
2683			SSL_set_fd(s,fd)
2684			SSL * s
2685			perl_filehandle_t fd
2686			CODE:
2687			RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
2688			OUTPUT:
2689			RETVAL
2690
2691			int
2692			SSL_set_rfd(s,fd)
2693			SSL * s
2694			perl_filehandle_t fd
2695			CODE:
2696			RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
2697			OUTPUT:
2698			RETVAL
2699
2700			int
2701			SSL_set_wfd(s,fd)
2702			SSL * s
2703			perl_filehandle_t fd
2704			CODE:
2705			RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
2706			OUTPUT:
2707			RETVAL
2708
2709			#else
2710
2711			int
2712			SSL_set_fd(s,fd)
2713			SSL * s
2714			perl_filehandle_t fd
2715
2716			int
2717			SSL_set_rfd(s,fd)
2718			SSL * s
2719			perl_filehandle_t fd
2720
2721			int
2722			SSL_set_wfd(s,fd)
2723			SSL * s
2724			perl_filehandle_t fd
2725
2726			#endif
2727
2728			int
2729			SSL_get_fd(s)
2730			SSL * s
2731
2732			void
2733			SSL_read(s,max=32768)
2734			SSL * s
2735			int max
2736			PREINIT:
2737			char *buf;
2738			int got;
2739	334	100	int succeeded = 1;
2740			PPCODE:
2741	334		New(0, buf, max, char);
2742
2743	334		got = SSL_read(s, buf, max);
2744	334	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		100
2745	7		succeeded = 0;
2746
2747			/* If in list context, return 2-item list:
2748			* first return value: data gotten, or undef on error (got<0)
2749			* second return value: result from SSL_read()
2750			*/
2751	334	100	if (GIMME_V==G_LIST) {
2752	287	50	EXTEND(SP, 2);
2753	287	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2754	287		PUSHs(sv_2mortal(newSViv(got)));
2755
2756			/* If in scalar or void context, return data gotten, or undef on error. */
2757			} else {
2758	47	50	EXTEND(SP, 1);
2759	47	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2760			}
2761
2762	334		Safefree(buf);
2763
2764			void
2765			SSL_peek(s,max=32768)
2766			SSL * s
2767			int max
2768			PREINIT:
2769			char *buf;
2770			int got;
2771	6	50	int succeeded = 1;
2772			PPCODE:
2773	6		New(0, buf, max, char);
2774
2775	6		got = SSL_peek(s, buf, max);
2776	6	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		50
2777	2		succeeded = 0;
2778
2779			/* If in list context, return 2-item list:
2780			* first return value: data gotten, or undef on error (got<0)
2781			* second return value: result from SSL_peek()
2782			*/
2783	6	100	if (GIMME_V==G_LIST) {
2784	2	50	EXTEND(SP, 2);
2785	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2786	2		PUSHs(sv_2mortal(newSViv(got)));
2787
2788			/* If in scalar or void context, return data gotten, or undef on error. */
2789			} else {
2790	4	50	EXTEND(SP, 1);
2791	4	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2792			}
2793	6		Safefree(buf);
2794
2795			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2796
2797			void
2798			SSL_read_ex(s,max=32768)
2799			SSL * s
2800			int max
2801			PREINIT:
2802			char *buf;
2803			size_t readbytes;
2804			int succeeded;
2805			PPCODE:
2806	4		Newx(buf, max, char);
2807
2808	4		succeeded = SSL_read_ex(s, buf, max, &readbytes);
2809
2810			/* Return 2-item list:
2811			* first return value: data gotten, or undef on error
2812			* second return value: result from SSL_read_ex()
2813			*/
2814	4	50	EXTEND(SP, 2);
2815	4	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2816	4		PUSHs(sv_2mortal(newSViv(succeeded)));
2817
2818	4		Safefree(buf);
2819
2820
2821			void
2822			SSL_peek_ex(s,max=32768)
2823			SSL * s
2824			int max
2825			PREINIT:
2826			char *buf;
2827			size_t readbytes;
2828			int succeeded;
2829			PPCODE:
2830	2		Newx(buf, max, char);
2831
2832	2		succeeded = SSL_peek_ex(s, buf, max, &readbytes);
2833
2834			/* Return 2-item list:
2835			* first return value: data gotten, or undef on error
2836			* second return value: result from SSL_peek_ex()
2837			*/
2838	2	50	EXTEND(SP, 2);
2839	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2840	2		PUSHs(sv_2mortal(newSViv(succeeded)));
2841
2842	2		Safefree(buf);
2843
2844			void
2845			SSL_write_ex(s,buf)
2846			SSL * s
2847			PREINIT:
2848			STRLEN len;
2849			size_t written;
2850			int succeeded;
2851			INPUT:
2852			char * buf = SvPV( ST(1), len);
2853			PPCODE:
2854	1		succeeded = SSL_write_ex(s, buf, len, &written);
2855
2856			/* Return 2-item list:
2857			* first return value: data gotten, or undef on error
2858			* second return value: result from SSL_read_ex()
2859			*/
2860	1	50	EXTEND(SP, 2);
2861	1		PUSHs(sv_2mortal(newSVuv(written)));
2862	1		PUSHs(sv_2mortal(newSViv(succeeded)));
2863
2864			#endif
2865
2866			int
2867			SSL_write(s,buf)
2868			SSL * s
2869			PREINIT:
2870			STRLEN len;
2871			INPUT:
2872			char * buf = SvPV( ST(1), len);
2873			CODE:
2874	46		RETVAL = SSL_write (s, buf, (int)len);
2875			OUTPUT:
2876			RETVAL
2877
2878			int
2879			SSL_write_partial(s,from,count,buf)
2880			SSL * s
2881			int from
2882			int count
2883			PREINIT:
2884			STRLEN ulen;
2885			IV len;
2886			INPUT:
2887			char * buf = SvPV( ST(3), ulen);
2888			CODE:
2889			/*
2890			if (SvROK( ST(3) )) {
2891			SV* t = SvRV( ST(3) );
2892			buf = SvPV( t, len);
2893			} else
2894			buf = SvPV( ST(3), len);
2895			*/
2896			PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen);
2897			/PR2("buf='%s'\n",&buf[from]); / too noisy */
2898	22		len = (IV)ulen;
2899	22		len -= from;
2900	22	50	if (len < 0) {
2901	0		croak("from beyound end of buffer");
2902			RETVAL = -1;
2903			} else
2904	22		RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
2905			OUTPUT:
2906			RETVAL
2907
2908			int
2909			SSL_use_RSAPrivateKey(s,rsa)
2910			SSL * s
2911			RSA * rsa
2912
2913			int
2914			SSL_use_RSAPrivateKey_ASN1(s,d,len)
2915			SSL * s
2916			unsigned char * d
2917			long len
2918
2919			int
2920			SSL_use_RSAPrivateKey_file(s,file,type)
2921			SSL * s
2922			char * file
2923			int type
2924
2925			int
2926			SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
2927			SSL_CTX * ctx
2928			char * file
2929			int type
2930
2931			int
2932			SSL_use_PrivateKey(s,pkey)
2933			SSL * s
2934			EVP_PKEY * pkey
2935
2936			int
2937			SSL_use_PrivateKey_ASN1(pk,s,d,len)
2938			int pk
2939			SSL * s
2940			unsigned char * d
2941			long len
2942
2943			int
2944			SSL_use_PrivateKey_file(s,file,type)
2945			SSL * s
2946			char * file
2947			int type
2948
2949			int
2950			SSL_CTX_use_PrivateKey_file(ctx,file,type)
2951			SSL_CTX * ctx
2952			char * file
2953			int type
2954
2955			int
2956			SSL_use_certificate(s,x)
2957			SSL * s
2958			X509 * x
2959
2960			int
2961			SSL_use_certificate_ASN1(s,d,len)
2962			SSL * s
2963			unsigned char * d
2964			long len
2965
2966			int
2967			SSL_use_certificate_file(s,file,type)
2968			SSL * s
2969			char * file
2970			int type
2971
2972			int
2973			SSL_CTX_use_certificate_file(ctx,file,type)
2974			SSL_CTX * ctx
2975			char * file
2976			int type
2977
2978			const char *
2979			SSL_state_string(s)
2980			SSL * s
2981
2982			const char *
2983			SSL_rstate_string(s)
2984			SSL * s
2985
2986			const char *
2987			SSL_state_string_long(s)
2988			SSL * s
2989
2990			const char *
2991			SSL_rstate_string_long(s)
2992			SSL * s
2993
2994
2995			long
2996			SSL_get_time(ses)
2997			SSL_SESSION * ses
2998
2999			long
3000			SSL_set_time(ses,t)
3001			SSL_SESSION * ses
3002			long t
3003
3004			long
3005			SSL_get_timeout(ses)
3006			SSL_SESSION * ses
3007
3008			long
3009			SSL_set_timeout(ses,t)
3010			SSL_SESSION * ses
3011			long t
3012
3013			void
3014			SSL_copy_session_id(to,from)
3015			SSL * to
3016			SSL * from
3017
3018			void
3019			SSL_set_read_ahead(s,yes=1)
3020			SSL * s
3021			int yes
3022
3023			int
3024			SSL_get_read_ahead(s)
3025			SSL * s
3026
3027			int
3028			SSL_pending(s)
3029			SSL * s
3030
3031			#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
3032
3033			int
3034			SSL_has_pending(s)
3035			SSL * s
3036
3037			#endif
3038
3039			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) /* OpenSSL 1.1.0-pre3 */
3040			#
3041			# /* LibreSSL 2.7.0 has OPENSSL_init_{ssl,crypto} but it does not
3042			# * have a definition of OPENSSL_INIT_SETTINGS and uses void * as
3043			# * the second argument type.
3044			# */
3045
3046			#ifdef NET_SSLEAY_32BIT_INT_PERL
3047			int
3048			OPENSSL_init_ssl(double opts, SV *sv_settings = &PL_sv_undef)
3049			PREINIT:
3050			const OPENSSL_INIT_SETTINGS *settings = NULL;
3051			CODE:
3052			if (sv_settings != &PL_sv_undef)
3053			settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3054			RETVAL = OPENSSL_init_ssl(opts, settings);
3055			OUTPUT:
3056			RETVAL
3057
3058			int
3059			OPENSSL_init_crypto(double opts, SV *sv_settings = &PL_sv_undef)
3060			PREINIT:
3061			const OPENSSL_INIT_SETTINGS *settings = NULL;
3062			CODE:
3063			if (sv_settings != &PL_sv_undef)
3064			settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3065			RETVAL = OPENSSL_init_crypto(opts, settings);
3066			OUTPUT:
3067			RETVAL
3068
3069			#else
3070			int
3071			OPENSSL_init_ssl(uint64_t opts, SV *sv_settings = &PL_sv_undef)
3072			PREINIT:
3073	1	50	const OPENSSL_INIT_SETTINGS *settings = NULL;
3074			CODE:
3075	1	50	if (sv_settings != &PL_sv_undef)
3076	1		settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3077	1		RETVAL = OPENSSL_init_ssl(opts, settings);
3078			OUTPUT:
3079			RETVAL
3080
3081			int
3082			OPENSSL_init_crypto(uint64_t opts, SV *sv_settings = &PL_sv_undef)
3083			PREINIT:
3084	1	50	const OPENSSL_INIT_SETTINGS *settings = NULL;
3085			CODE:
3086	1	50	if (sv_settings != &PL_sv_undef)
3087	1		settings = INT2PTR(OPENSSL_INIT_SETTINGS *, SvIV(sv_settings));
3088	1		RETVAL = OPENSSL_init_crypto(opts, settings);
3089			OUTPUT:
3090			RETVAL
3091
3092			#endif /* NET_SSLEAY_32BIT_INT_PERL */
3093
3094			#endif /* OpenSSL 1.1.0-pre3 */
3095
3096			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL) /* OpenSSL 1.1.0-pre3 or LibreSSL 3.6.0 */
3097
3098			void
3099			OPENSSL_cleanup()
3100
3101			#endif /* OpenSSL 1.1.0-pre3 or LibreSSL 3.6.0 */
3102
3103			#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0-pre3 */
3104
3105			OPENSSL_INIT_SETTINGS *
3106			OPENSSL_INIT_new()
3107
3108			#endif /* OpenSSL 1.1.0-pre3 */
3109
3110			#if OPENSSL_VERSION_NUMBER >= 0x1010102fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1b */
3111
3112			int
3113			OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS init, const char filename)
3114
3115			int
3116			OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS init, const char name)
3117
3118			void
3119			OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init)
3120
3121			#endif /* OpenSSL 1.1.0-pre3 */
3122
3123			#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 3.0.0-alpha1 */
3124
3125			void
3126			OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, unsigned long flags)
3127
3128			#endif /* OpenSSL 3.0.0-alpha1 */
3129
3130			int
3131			SSL_CTX_set_cipher_list(s,str)
3132			SSL_CTX * s
3133			char * str
3134
3135			void
3136			SSL_get_ciphers(s)
3137			SSL * s
3138			PREINIT:
3139	4		STACK_OF(SSL_CIPHER) *sk = NULL;
3140			const SSL_CIPHER *c;
3141			int i;
3142			PPCODE:
3143	4		sk = SSL_get_ciphers(s);
3144	4	100	if( sk == NULL ) {
3145	2		XSRETURN_EMPTY;
3146			}
3147	122	100	for (i=0; i
3148	120		c = sk_SSL_CIPHER_value(sk, i);
3149	120	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(c))));
3150			}
3151
3152			const char *
3153			SSL_get_cipher_list(s,n)
3154			SSL * s
3155			int n
3156
3157			int
3158			SSL_set_cipher_list(s,str)
3159			SSL * s
3160			char * str
3161
3162			const char *
3163			SSL_get_cipher(s)
3164			SSL * s
3165
3166			void
3167			SSL_get_shared_ciphers(s,ignored_param1=0,ignored_param2=0)
3168			SSL *s
3169			int ignored_param1
3170			int ignored_param2
3171			PREINIT:
3172			char buf[8192];
3173			CODE:
3174	7		ST(0) = sv_newmortal(); /* undef to start with */
3175	7	50	if(SSL_get_shared_ciphers(s, buf, sizeof(buf)))
3176	7		sv_setpvn(ST(0), buf, strlen(buf));
3177
3178			X509 *
3179			SSL_get_peer_certificate(s)
3180			SSL * s
3181
3182			void
3183			SSL_get_peer_cert_chain(s)
3184			SSL * s
3185			PREINIT:
3186	0		STACK_OF(X509) *chain = NULL;
3187			X509 *x;
3188			int i;
3189			PPCODE:
3190	0		chain = SSL_get_peer_cert_chain(s);
3191	0	0	if( chain == NULL ) {
3192	0		XSRETURN_EMPTY;
3193			}
3194	0	0	for (i=0; i
3195	0		x = sk_X509_value(chain, i);
3196	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
3197			}
3198
3199			void
3200			SSL_set_verify(s,mode,callback)
3201			SSL * s
3202			int mode
3203			SV * callback
3204			CODE:
3205	7	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
3206	0		SSL_set_verify(s, mode, NULL);
3207	0		cb_data_advanced_put(s, "ssleay_verify_callback!!func", NULL);
3208			}
3209			else {
3210	7		cb_data_advanced_put(s, "ssleay_verify_callback!!func", newSVsv(callback));
3211	7		SSL_set_verify(s, mode, &ssleay_verify_callback_invoke);
3212			}
3213
3214			void
3215			SSL_set_bio(s,rbio,wbio)
3216			SSL * s
3217			BIO * rbio
3218			BIO * wbio
3219
3220			BIO *
3221			SSL_get_rbio(s)
3222			SSL * s
3223
3224			BIO *
3225			SSL_get_wbio(s)
3226			SSL * s
3227
3228
3229			SSL_SESSION *
3230			SSL_SESSION_new()
3231
3232			int
3233			SSL_SESSION_print(fp,ses)
3234			BIO * fp
3235			SSL_SESSION * ses
3236
3237			void
3238			SSL_SESSION_free(ses)
3239			SSL_SESSION * ses
3240
3241			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3242
3243			int
3244			SSL_SESSION_is_resumable(ses)
3245			SSL_SESSION * ses
3246
3247			SSL_SESSION *
3248			SSL_SESSION_dup(sess)
3249			SSL_SESSION * sess
3250
3251			#endif
3252			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
3253
3254			void
3255			SSL_set_post_handshake_auth(SSL *ssl, int val)
3256
3257			int
3258			SSL_verify_client_post_handshake(SSL *ssl)
3259
3260			#endif
3261
3262			void
3263			i2d_SSL_SESSION(sess)
3264			SSL_SESSION * sess
3265			PREINIT:
3266			STRLEN len;
3267			unsigned char pc,pi;
3268			PPCODE:
3269	3	50	if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION");
3270	3		Newx(pc,len,unsigned char);
3271	3	50	if (!pc) croak("out of memory");
3272	3		pi = pc;
3273	3		i2d_SSL_SESSION(sess,&pi);
3274	3	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
3275	3		Safefree(pc);
3276
3277
3278			SSL_SESSION *
3279			d2i_SSL_SESSION(pv)
3280			SV *pv
3281			CODE:
3282	7		RETVAL = NULL;
3283	7	50	if (SvPOK(pv)) {
3284			const unsigned char *p;
3285			STRLEN len;
3286	7		p = (unsigned char*)SvPV(pv,len);
3287	7		RETVAL = d2i_SSL_SESSION(NULL,&p,len);
3288			}
3289			OUTPUT:
3290			RETVAL
3291
3292			#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
3293
3294			int
3295			SSL_SESSION_up_ref(sess)
3296			SSL_SESSION * sess
3297
3298			#endif
3299
3300			int
3301			SSL_set_session(to,ses)
3302			SSL * to
3303			SSL_SESSION * ses
3304
3305			#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
3306
3307			SSL_SESSION *
3308			SSL_get_session(s)
3309			SSL * s
3310			ALIAS:
3311			SSL_get0_session = 1
3312
3313			SSL_SESSION *
3314			SSL_get1_session(s)
3315			SSL * s
3316
3317			X509 *
3318			SSL_get_certificate(s)
3319			SSL * s
3320
3321			SSL_CTX *
3322			SSL_get_SSL_CTX(s)
3323			SSL * s
3324
3325			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
3326
3327			SSL_CTX *
3328			SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
3329
3330			#endif
3331
3332			long
3333			SSL_ctrl(ssl,cmd,larg,parg)
3334			SSL * ssl
3335			int cmd
3336			long larg
3337			char * parg
3338
3339			long
3340			SSL_CTX_ctrl(ctx,cmd,larg,parg)
3341			SSL_CTX * ctx
3342			int cmd
3343			long larg
3344			char * parg
3345
3346			#ifdef NET_SSLEAY_32BIT_CONSTANTS
3347
3348			long
3349			SSL_get_options(ssl)
3350			SSL * ssl
3351
3352			long
3353			SSL_set_options(ssl,op)
3354			SSL * ssl
3355			long op
3356
3357			long
3358			SSL_CTX_get_options(ctx)
3359			SSL_CTX * ctx
3360
3361			long
3362			SSL_CTX_set_options(ctx,op)
3363			SSL_CTX * ctx
3364			long op
3365
3366			#else
3367
3368			uint64_t
3369			SSL_get_options(ssl)
3370			SSL * ssl
3371
3372			uint64_t
3373			SSL_set_options(ssl,op)
3374			SSL * ssl
3375			uint64_t op
3376
3377			uint64_t
3378			SSL_CTX_get_options(ctx)
3379			SSL_CTX * ctx
3380
3381			uint64_t
3382			SSL_CTX_set_options(ctx,op)
3383			SSL_CTX * ctx
3384			uint64_t op
3385
3386			#endif
3387
3388			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
3389
3390			struct lhash_st_SSL_SESSION *
3391			SSL_CTX_sessions(ctx)
3392			SSL_CTX * ctx
3393
3394			#else
3395
3396			LHASH *
3397			SSL_CTX_sessions(ctx)
3398			SSL_CTX * ctx
3399			CODE:
3400			/* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
3401			if (ctx == NULL) croak("NULL SSL context passed as argument.");
3402			RETVAL = ctx -> sessions;
3403			OUTPUT:
3404			RETVAL
3405
3406			#endif
3407
3408			unsigned long
3409			SSL_CTX_sess_number(ctx)
3410			SSL_CTX * ctx
3411
3412			int
3413			SSL_CTX_sess_connect(ctx)
3414			SSL_CTX * ctx
3415
3416			int
3417			SSL_CTX_sess_connect_good(ctx)
3418			SSL_CTX * ctx
3419
3420			int
3421			SSL_CTX_sess_connect_renegotiate(ctx)
3422			SSL_CTX * ctx
3423
3424			int
3425			SSL_CTX_sess_accept(ctx)
3426			SSL_CTX * ctx
3427
3428			int
3429			SSL_CTX_sess_accept_renegotiate(ctx)
3430			SSL_CTX * ctx
3431
3432			int
3433			SSL_CTX_sess_accept_good(ctx)
3434			SSL_CTX * ctx
3435
3436			int
3437			SSL_CTX_sess_hits(ctx)
3438			SSL_CTX * ctx
3439
3440			int
3441			SSL_CTX_sess_cb_hits(ctx)
3442			SSL_CTX * ctx
3443
3444			int
3445			SSL_CTX_sess_misses(ctx)
3446			SSL_CTX * ctx
3447
3448			int
3449			SSL_CTX_sess_timeouts(ctx)
3450			SSL_CTX * ctx
3451
3452			int
3453			SSL_CTX_sess_cache_full(ctx)
3454			SSL_CTX * ctx
3455
3456			int
3457			SSL_CTX_sess_get_cache_size(ctx)
3458			SSL_CTX * ctx
3459
3460			long
3461			SSL_CTX_sess_set_cache_size(ctx,size)
3462			SSL_CTX * ctx
3463			int size
3464
3465			int
3466			SSL_want(s)
3467			SSL * s
3468
3469			# OpenSSL 1.1.1 documents SSL_in_init and the related functions as
3470			# returning 0 or 1. However, older versions and e.g. LibreSSL may
3471			# return other values than 1 which we fold to 1.
3472			int
3473			SSL_in_before(s)
3474			SSL * s
3475			CODE:
3476	7	100	RETVAL = SSL_in_before(s) == 0 ? 0 : 1;
3477			OUTPUT:
3478			RETVAL
3479
3480			int
3481			SSL_is_init_finished(s)
3482			SSL * s
3483			CODE:
3484	7	100	RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1;
3485			OUTPUT:
3486			RETVAL
3487
3488			int
3489			SSL_in_init(s)
3490			SSL * s
3491			CODE:
3492	7	100	RETVAL = SSL_in_init(s) == 0 ? 0 : 1;
3493			OUTPUT:
3494			RETVAL
3495
3496			int
3497			SSL_in_connect_init(s)
3498			SSL * s
3499			CODE:
3500	2	50	RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1;
		100
		50
3501			OUTPUT:
3502			RETVAL
3503
3504			int
3505			SSL_in_accept_init(s)
3506			SSL * s
3507			CODE:
3508	2	50	RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1;
		100
		50
3509			OUTPUT:
3510			RETVAL
3511
3512			#if OPENSSL_VERSION_NUMBER < 0x10100000L
3513			int
3514			SSL_state(s)
3515			SSL * s
3516
3517			int
3518			SSL_get_state(ssl)
3519			SSL * ssl
3520			CODE:
3521			RETVAL = SSL_state(ssl);
3522			OUTPUT:
3523			RETVAL
3524
3525
3526			#else
3527			int
3528			SSL_state(s)
3529			SSL * s
3530			CODE:
3531	0	0	RETVAL = SSL_get_state(s);
3532			OUTPUT:
3533			RETVAL
3534
3535
3536			int
3537			SSL_get_state(s)
3538			SSL * s
3539
3540			#endif
3541			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
3542
3543			long
3544			SSL_set_tlsext_host_name(SSL ssl, const char name)
3545
3546			const char *
3547			SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name)
3548
3549			int
3550			SSL_get_servername_type(const SSL *s)
3551
3552			void
3553			SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
3554			SSL_CTX * ctx
3555			SV * callback
3556			SV * data
3557			CODE:
3558	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
3559	0		SSL_CTX_set_tlsext_servername_callback(ctx, NULL);
3560	0		SSL_CTX_set_tlsext_servername_arg(ctx, NULL);
3561	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL);
3562	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL);
3563			} else {
3564	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data));
3565	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback));
3566	0		SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke);
3567	0		SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx);
3568			}
3569
3570			#endif
3571
3572			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */
3573			#ifndef LIBRESSL_VERSION_NUMBER
3574			void
3575			SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef)
3576			SSL * ssl
3577			SV * callback
3578			CODE:
3579	4	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
3580	0		SSL_set_default_passwd_cb(ssl, NULL);
3581	0		SSL_set_default_passwd_cb_userdata(ssl, NULL);
3582	0		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL);
3583			}
3584			else {
3585	4		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback));
3586	4		SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl);
3587	4		SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke);
3588			}
3589
3590			void
3591			SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef)
3592			SSL * ssl
3593			SV * data
3594			CODE:
3595			/* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */
3596	2	50	if (data==NULL \|\| !SvOK(data)) {
		50
3597	0		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL);
3598			}
3599			else {
3600	2		cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data));
3601			}
3602
3603			#endif /* !LibreSSL */
3604			#endif /* >= 1.1.0f */
3605
3606			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
3607
3608			void
3609			SSL_set_security_level(SSL * ssl, int level)
3610
3611			int
3612			SSL_get_security_level(SSL * ssl)
3613
3614			#endif
3615
3616			#if (OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
3617
3618			int
3619			SSL_set_num_tickets(SSL *ssl, size_t num_tickets)
3620
3621			size_t
3622			SSL_get_num_tickets(SSL *ssl)
3623
3624			#endif
3625
3626			#if (OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
3627
3628			int
3629			SSL_set_ciphersuites(SSL ssl, const char str)
3630
3631			#endif
3632
3633			#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.0.2 */
3634
3635			long
3636			SSL_set1_sigalgs_list(SSL ssl, const char str)
3637
3638			long
3639			SSL_set1_client_sigalgs_list(SSL ssl, const char str)
3640
3641			void
3642			SSL_get_sigalgs(SSL *ssl, int idx)
3643			PREINIT:
3644			int n_sigalgs;
3645	18		int psign = NID_undef, phash = NID_undef, psignhash = NID_undef;
3646	18		unsigned char rsig = 0, rhash = 0;
3647			PPCODE:
3648	18		n_sigalgs = SSL_get_sigalgs(ssl, idx,
3649			&psign, &phash, &psignhash,
3650			&rsig, &rhash);
3651
3652	18	50	EXTEND(SP, 6);
3653	18		PUSHs(sv_2mortal(newSViv(n_sigalgs)));
3654	18		PUSHs(sv_2mortal(newSViv(psign)));
3655	18		PUSHs(sv_2mortal(newSViv(phash)));
3656	18		PUSHs(sv_2mortal(newSViv(psignhash)));
3657	18		PUSHs(sv_2mortal(newSVuv(rsig)));
3658	18		PUSHs(sv_2mortal(newSVuv(rhash)));
3659
3660			void
3661			SSL_get_shared_sigalgs(SSL *ssl, int idx)
3662			PREINIT:
3663			int n_sigalgs;
3664	3		int psign = NID_undef, phash = NID_undef, psignhash = NID_undef;
3665	3		unsigned char rsig = 0, rhash = 0;
3666			PPCODE:
3667	3		n_sigalgs = SSL_get_shared_sigalgs(ssl, idx,
3668			&psign, &phash, &psignhash,
3669			&rsig, &rhash);
3670
3671	3	50	EXTEND(SP, 6);
3672	3		PUSHs(sv_2mortal(newSViv(n_sigalgs)));
3673	3		PUSHs(sv_2mortal(newSViv(psign)));
3674	3		PUSHs(sv_2mortal(newSViv(phash)));
3675	3		PUSHs(sv_2mortal(newSViv(psignhash)));
3676	3		PUSHs(sv_2mortal(newSVuv(rsig)));
3677	3		PUSHs(sv_2mortal(newSVuv(rhash)));
3678
3679			#endif
3680
3681			const BIO_METHOD *
3682			BIO_f_ssl()
3683
3684			const BIO_METHOD *
3685			BIO_s_mem()
3686
3687			unsigned long
3688			ERR_get_error()
3689
3690			unsigned long
3691			ERR_peek_error()
3692
3693			void
3694			ERR_put_error(lib,func,reason,file,line)
3695			int lib
3696			int func
3697			int reason
3698			char * file
3699			int line
3700
3701			void
3702			ERR_clear_error()
3703
3704			char *
3705			ERR_error_string(error,buf=NULL)
3706			unsigned long error
3707			char * buf
3708			CODE:
3709	10		RETVAL = ERR_error_string(error,buf);
3710			OUTPUT:
3711			RETVAL
3712
3713			void
3714			SSL_load_error_strings()
3715
3716			void
3717			ERR_load_crypto_strings()
3718
3719			int
3720			SSL_FIPS_mode_set(int onoff)
3721			CODE:
3722			#ifdef USE_ITHREADS
3723			MUTEX_LOCK(&LIB_init_mutex);
3724			#endif
3725			#ifdef OPENSSL_FIPS
3726			RETVAL = FIPS_mode_set(onoff);
3727			if (!RETVAL)
3728			{
3729			ERR_load_crypto_strings();
3730			ERR_print_errors_fp(stderr);
3731			}
3732			#else
3733	0		RETVAL = 1;
3734	0		fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n");
3735			#endif
3736			#ifdef USE_ITHREADS
3737			MUTEX_UNLOCK(&LIB_init_mutex);
3738			#endif
3739			OUTPUT:
3740			RETVAL
3741
3742
3743			int
3744			SSL_library_init()
3745			ALIAS:
3746			SSLeay_add_ssl_algorithms = 1
3747			OpenSSL_add_ssl_algorithms = 2
3748			add_ssl_algorithms = 3
3749			CODE:
3750			#ifdef USE_ITHREADS
3751			MUTEX_LOCK(&LIB_init_mutex);
3752			#endif
3753	50		RETVAL = 0;
3754	50	100	if (!LIB_initialized) {
3755	49		RETVAL = SSL_library_init();
3756	49		LIB_initialized = 1;
3757			}
3758			#ifdef USE_ITHREADS
3759			MUTEX_UNLOCK(&LIB_init_mutex);
3760			#endif
3761			OUTPUT:
3762			RETVAL
3763
3764			#ifndef OPENSSL_NO_ENGINE
3765
3766			void
3767			ENGINE_load_builtin_engines()
3768
3769			void
3770			ENGINE_register_all_complete()
3771
3772			ENGINE*
3773			ENGINE_by_id(id)
3774			char * id
3775
3776			int
3777			ENGINE_set_default(e, flags)
3778			ENGINE * e
3779			int flags
3780
3781			#endif /* OPENSSL_NO_ENGINE */
3782
3783			void
3784			ERR_load_SSL_strings()
3785
3786			void
3787			ERR_load_RAND_strings()
3788
3789			int
3790			RAND_bytes(buf, num)
3791			SV *buf
3792			int num
3793			PREINIT:
3794			int rc;
3795			unsigned char *random;
3796			CODE:
3797	7		New(0, random, num, unsigned char);
3798	7		rc = RAND_bytes(random, num);
3799	7		sv_setpvn(buf, (const char*)random, num);
3800	7		Safefree(random);
3801	7	100	RETVAL = rc;
3802			OUTPUT:
3803			RETVAL
3804
3805			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3806
3807			int
3808			RAND_priv_bytes(buf, num)
3809			SV *buf
3810			int num
3811			PREINIT:
3812			int rc;
3813			unsigned char *random;
3814			CODE:
3815	5		New(0, random, num, unsigned char);
3816	5		rc = RAND_priv_bytes(random, num);
3817	5		sv_setpvn(buf, (const char*)random, num);
3818	5		Safefree(random);
3819	5	100	RETVAL = rc;
3820			OUTPUT:
3821			RETVAL
3822
3823			#endif
3824
3825			int
3826			RAND_pseudo_bytes(buf, num)
3827			SV *buf
3828			int num
3829			PREINIT:
3830			int rc;
3831			unsigned char *random;
3832			CODE:
3833	5		New(0, random, num, unsigned char);
3834	5		rc = RAND_pseudo_bytes(random, num);
3835	5		sv_setpvn(buf, (const char*)random, num);
3836	5		Safefree(random);
3837	5	100	RETVAL = rc;
3838			OUTPUT:
3839			RETVAL
3840
3841			void
3842			RAND_add(buf, num, entropy)
3843			SV *buf
3844			int num
3845			double entropy
3846			PREINIT:
3847			STRLEN len;
3848			CODE:
3849	0		RAND_add((const void *)SvPV(buf, len), num, entropy);
3850
3851			int
3852			RAND_poll()
3853
3854			int
3855			RAND_status()
3856
3857			SV *
3858			RAND_file_name(num)
3859			size_t num
3860			PREINIT:
3861			char *buf;
3862			CODE:
3863	3		Newxz(buf, num, char);
3864	3	100	if (!RAND_file_name(buf, num)) {
3865	1		Safefree(buf);
3866	1		XSRETURN_UNDEF;
3867			}
3868	2		RETVAL = newSVpv(buf, 0);
3869	2		Safefree(buf);
3870			OUTPUT:
3871			RETVAL
3872
3873			void
3874			RAND_seed(buf)
3875			PREINIT:
3876			STRLEN len;
3877			INPUT:
3878			char *buf = SvPV(ST(0), len);
3879			CODE:
3880	51		RAND_seed (buf, (int)len);
3881
3882			void
3883			RAND_cleanup()
3884
3885			int
3886			RAND_load_file(file_name, how_much)
3887			char * file_name
3888			int how_much
3889
3890			int
3891			RAND_write_file(file_name)
3892			char * file_name
3893
3894			#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
3895
3896			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2050000fL)
3897
3898			int
3899			X509_check_host(X509 cert, const char name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
3900			PREINIT:
3901	0	0	char *c_peername = NULL;
3902			CODE:
3903	0	0	RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
3904	0	0	if (items == 4)
3905	0		sv_setpv(peername, c_peername);
3906			OUTPUT:
3907			RETVAL
3908			CLEANUP:
3909	0	0	if (c_peername)
3910	0		OPENSSL_free(c_peername);
3911
3912			int
3913			X509_check_email(X509 cert, const char address, unsigned int flags = 0)
3914			CODE:
3915	0		RETVAL = X509_check_email(cert, address, 0, flags);
3916			OUTPUT:
3917			RETVAL
3918
3919			int
3920			X509_check_ip(X509 cert, SV address, unsigned int flags = 0)
3921			PREINIT:
3922			unsigned char *c_address;
3923			size_t addresslen;
3924			CODE:
3925	0		c_address = (unsigned char *)SvPV(address, addresslen);
3926	0		RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
3927			OUTPUT:
3928			RETVAL
3929
3930			int
3931			X509_check_ip_asc(X509 cert, const char address, unsigned int flags = 0)
3932
3933			#endif
3934
3935			X509_NAME*
3936			X509_get_issuer_name(cert)
3937			X509 * cert
3938
3939			X509_NAME*
3940			X509_get_subject_name(cert)
3941			X509 * cert
3942
3943			void *
3944			X509_get_ex_data(cert,idx)
3945			X509 * cert
3946			int idx
3947
3948			int
3949			X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3950			long argl
3951			void * argp
3952			CRYPTO_EX_new * new_func
3953			CRYPTO_EX_dup * dup_func
3954			CRYPTO_EX_free * free_func
3955
3956			void *
3957			X509_get_app_data(cert)
3958			X509 * cert
3959			CODE:
3960	0		RETVAL = X509_get_ex_data(cert,0);
3961			OUTPUT:
3962			RETVAL
3963
3964			int
3965			X509_set_ex_data(cert,idx,data)
3966			X509 * cert
3967			int idx
3968			void * data
3969
3970			int
3971			X509_set_app_data(cert,arg)
3972			X509 * cert
3973			char * arg
3974			CODE:
3975	0		RETVAL = X509_set_ex_data(cert,0,arg);
3976			OUTPUT:
3977			RETVAL
3978
3979			int
3980			X509_set_issuer_name(X509 x, X509_NAME name)
3981
3982			int
3983			X509_set_subject_name(X509 x, X509_NAME name)
3984
3985			int
3986			X509_set_version(X509 *x, long version)
3987
3988			int
3989			X509_set_pubkey(X509 x, EVP_PKEY pkey)
3990
3991			long
3992			X509_get_version(X509 *x)
3993
3994			EVP_PKEY *
3995			X509_get_pubkey(X509 *x)
3996
3997			ASN1_INTEGER *
3998			X509_get_serialNumber(X509 *x)
3999
4000			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2080100fL)
4001
4002			const ASN1_INTEGER *
4003			X509_get0_serialNumber(const X509 *x)
4004
4005			#endif
4006
4007			int
4008			X509_set_serialNumber(X509 x, ASN1_INTEGER serial)
4009
4010			int
4011			X509_certificate_type(X509 x, EVP_PKEY pubkey=NULL);
4012
4013			int
4014			X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
4015
4016			int
4017			X509_verify(X509 x, EVP_PKEY r)
4018
4019			X509_NAME *
4020			X509_NAME_new()
4021
4022			unsigned long
4023			X509_NAME_hash(X509_NAME *name)
4024
4025			void
4026			X509_NAME_oneline(name)
4027			X509_NAME * name
4028			PREINIT:
4029			char * buf;
4030			CODE:
4031	17		ST(0) = sv_newmortal(); /* Undefined to start with */
4032	17	50	if ((buf = X509_NAME_oneline(name, NULL, 0))) {
4033	17		sv_setpvn( ST(0), buf, strlen(buf));
4034	17		OPENSSL_free(buf); /* mem was allocated by openssl */
4035			}
4036
4037			void
4038			X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0)
4039			X509_NAME * name
4040			unsigned long flags
4041			int utf8_decode
4042			PREINIT:
4043			char * buf;
4044			BIO * bp;
4045	13	50	int n, i, ident=0;
4046			CODE:
4047	13		ST(0) = sv_newmortal(); /* undef to start with */
4048	13		bp = BIO_new(BIO_s_mem());
4049	13	50	if (bp) {
4050	13	50	if (X509_NAME_print_ex(bp, name, ident, flags)) {
4051	13		n = BIO_ctrl_pending(bp);
4052	13		New(0, buf, n, char);
4053	13	50	if (buf) {
4054	13		i = BIO_read(bp,buf,n);
4055	13	50	if (i>=0 && i<=n) {
		50
4056	13		sv_setpvn(ST(0), buf, i);
4057	13	50	if (utf8_decode) sv_utf8_decode(ST(0));
4058			}
4059	13		Safefree(buf);
4060			}
4061			}
4062	13		BIO_free(bp);
4063			}
4064
4065			void
4066			X509_NAME_get_text_by_NID(name,nid)
4067			X509_NAME * name
4068			int nid
4069			PREINIT:
4070			char* buf;
4071			int length;
4072			CODE:
4073	1		ST(0) = sv_newmortal(); /* Undefined to start with */
4074	1		length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
4075
4076	1	50	if (length>=0) {
4077	1		New(0, buf, length+1, char);
4078	1	50	if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0)
4079	1		sv_setpvn( ST(0), buf, length);
4080	1		Safefree(buf);
4081			}
4082
4083			int
4084			X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0)
4085			X509_NAME *name
4086			int nid
4087			int type
4088			int loc
4089			int set
4090			PREINIT:
4091			STRLEN len;
4092			INPUT:
4093			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4094			CODE:
4095	1		RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set);
4096			OUTPUT:
4097			RETVAL
4098
4099			int
4100			X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0)
4101			X509_NAME *name
4102			ASN1_OBJECT *obj
4103			int type
4104			int loc
4105			int set
4106			PREINIT:
4107			STRLEN len;
4108			INPUT:
4109			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4110			CODE:
4111	1		RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set);
4112			OUTPUT:
4113			RETVAL
4114
4115			int
4116			X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0)
4117			X509_NAME *name
4118			char *field
4119			int type
4120			int loc
4121			int set
4122			PREINIT:
4123			STRLEN len;
4124			INPUT:
4125			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4126			CODE:
4127	6		RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set);
4128			OUTPUT:
4129			RETVAL
4130
4131			int
4132			X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
4133
4134			int
4135			X509_NAME_entry_count(X509_NAME *name)
4136
4137			X509_NAME_ENTRY *
4138			X509_NAME_get_entry(X509_NAME *name, int loc)
4139
4140			ASN1_STRING *
4141			X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
4142
4143			ASN1_OBJECT *
4144			X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
4145
4146			void
4147			X509_CRL_free(X509_CRL *x)
4148
4149			X509_CRL *
4150			X509_CRL_new()
4151
4152			int
4153			X509_CRL_set_version(X509_CRL *x, long version)
4154
4155			int
4156			X509_CRL_set_issuer_name(X509_CRL x, X509_NAME name)
4157
4158			int
4159			X509_CRL_sort(X509_CRL *x)
4160
4161			long
4162			X509_CRL_get_version(X509_CRL *x)
4163
4164			X509_NAME *
4165			X509_CRL_get_issuer(X509_CRL *x)
4166
4167			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4168
4169			const ASN1_TIME *
4170			X509_CRL_get0_lastUpdate(const X509_CRL *crl)
4171			ALIAS:
4172			X509_CRL_get_lastUpdate = 1
4173
4174			const ASN1_TIME *
4175			X509_CRL_get0_nextUpdate(const X509_CRL *crl)
4176			ALIAS:
4177			X509_CRL_get_nextUpdate = 1
4178
4179			int
4180			X509_CRL_set1_lastUpdate(X509_CRL x, ASN1_TIME tm)
4181			ALIAS:
4182			X509_CRL_set_lastUpdate = 1
4183
4184			int
4185			X509_CRL_set1_nextUpdate(X509_CRL x, ASN1_TIME tm)
4186			ALIAS:
4187			X509_CRL_set_nextUpdate = 1
4188
4189			#else /* plain get/set is deprecated */
4190
4191			ASN1_TIME *
4192			X509_CRL_get_lastUpdate(X509_CRL *x)
4193			ALIAS:
4194			X509_CRL_get0_lastUpdate = 1
4195
4196			ASN1_TIME *
4197			X509_CRL_get_nextUpdate(X509_CRL *x)
4198			ALIAS:
4199			X509_CRL_get0_nextUpdate = 1
4200
4201			int
4202			X509_CRL_set_lastUpdate(X509_CRL x, ASN1_TIME tm)
4203			ALIAS:
4204			X509_CRL_set1_lastUpdate = 1
4205
4206			int
4207			X509_CRL_set_nextUpdate(X509_CRL x, ASN1_TIME tm)
4208			ALIAS:
4209			X509_CRL_set1_nextUpdate = 1
4210
4211			#endif
4212
4213			int
4214			X509_CRL_verify(X509_CRL a, EVP_PKEY r)
4215
4216			int
4217			X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
4218
4219			int
4220			P_X509_CRL_set_serial(crl,crl_number)
4221			X509_CRL *crl
4222			ASN1_INTEGER * crl_number;
4223			CODE:
4224	1		RETVAL = 0;
4225	1	50	if (crl && crl_number)
		50
4226	1	50	if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1;
4227			OUTPUT:
4228			RETVAL
4229
4230			ASN1_INTEGER *
4231			P_X509_CRL_get_serial(crl)
4232			X509_CRL *crl
4233			INIT:
4234			int i;
4235			CODE:
4236	1		RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL);
4237	1	50	if (!RETVAL \|\| i==-1) XSRETURN_UNDEF;
		50
4238			OUTPUT:
4239			RETVAL
4240
4241			void
4242			P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL)
4243			X509_CRL *crl
4244			char * serial_hex
4245			ASN1_TIME *rev_time
4246			long reason_code
4247			ASN1_TIME *comp_time
4248			PREINIT:
4249	2		BIGNUM *bn = NULL;
4250			ASN1_INTEGER *sn;
4251			X509_REVOKED *rev;
4252	2	50	ASN1_ENUMERATED *rsn = NULL;
4253			int rv;
4254			PPCODE:
4255	2		rv=0;
4256	2		rev = X509_REVOKED_new();
4257	2	50	if (rev) {
4258	2	50	if (BN_hex2bn(&bn, serial_hex)) {
4259	2		sn = BN_to_ASN1_INTEGER(bn, NULL);
4260	2	50	if (sn) {
4261	2		X509_REVOKED_set_serialNumber(rev, sn);
4262	2		ASN1_INTEGER_free(sn);
4263	2		rv = 1;
4264			}
4265	2		BN_free(bn);
4266			}
4267			}
4268	2	50	if (!rv) XSRETURN_IV(0);
4269
4270	2	50	if (!rev_time) XSRETURN_IV(0);
4271	2	50	if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0);
4272
4273	2	50	if(reason_code) {
4274	2		rv = 0;
4275	2		rsn = ASN1_ENUMERATED_new();
4276	2	50	if (rsn) {
4277	2	50	if (ASN1_ENUMERATED_set(rsn, reason_code))
4278	2	50	if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0))
4279	2		rv=1;
4280	2		ASN1_ENUMERATED_free(rsn);
4281			}
4282	2	50	if (!rv) XSRETURN_IV(0);
4283			}
4284
4285	2	50	if(comp_time) {
4286	2		X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0);
4287			}
4288
4289	2	50	if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0);
4290	2		XSRETURN_IV(1);
4291
4292			X509_REQ *
4293			X509_REQ_new()
4294
4295			void
4296			X509_REQ_free(X509_REQ *x)
4297
4298			X509_NAME *
4299			X509_REQ_get_subject_name(X509_REQ *x)
4300
4301			int
4302			X509_REQ_set_subject_name(X509_REQ x, X509_NAME name)
4303
4304			int
4305			X509_REQ_set_pubkey(X509_REQ x, EVP_PKEY pkey)
4306
4307			EVP_PKEY *
4308			X509_REQ_get_pubkey(X509_REQ *x)
4309
4310			int
4311			X509_REQ_sign(X509_REQ x, EVP_PKEY pk, const EVP_MD *md)
4312
4313			int
4314			X509_REQ_verify(X509_REQ x, EVP_PKEY r)
4315
4316			int
4317			X509_REQ_set_version(X509_REQ *x, long version)
4318
4319			long
4320			X509_REQ_get_version(X509_REQ *x)
4321
4322			int
4323			X509_REQ_get_attr_count(const X509_REQ *req);
4324
4325			int
4326			X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1)
4327
4328			int
4329			X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj, int lastpos=-1)
4330
4331			int
4332			X509_REQ_add1_attr_by_NID(req,nid,type,bytes)
4333			X509_REQ *req
4334			int nid
4335			int type
4336			PREINIT:
4337			STRLEN len;
4338			INPUT:
4339			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
4340			CODE:
4341	2		RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len);
4342			OUTPUT:
4343			RETVAL
4344
4345			void
4346			P_X509_REQ_get_attr(req,n)
4347			X509_REQ *req
4348			int n
4349			INIT:
4350			X509_ATTRIBUTE * att;
4351			int count, i;
4352			ASN1_STRING * s;
4353			ASN1_TYPE * t;
4354			PPCODE:
4355	1		att = X509_REQ_get_attr(req,n);
4356	1		count = X509_ATTRIBUTE_count(att);
4357	2	100	for (i=0; i
4358	1		t = X509_ATTRIBUTE_get0_type(att, i);
4359	1		s = t->value.asn1_string;
4360	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
4361			}
4362
4363			int
4364			P_X509_REQ_add_extensions(x,...)
4365			X509_REQ *x
4366			PREINIT:
4367	1	50	int i=1;
4368			int nid;
4369			char *data;
4370			X509_EXTENSION *ex;
4371			STACK_OF(X509_EXTENSION) *stack;
4372			CODE:
4373	1	50	if (items>1) {
4374	1		RETVAL = 1;
4375	1		stack = sk_X509_EXTENSION_new_null();
4376	7	100	while(i+1
4377	6		nid = SvIV(ST(i));
4378	6		data = SvPV_nolen(ST(i+1));
4379	6		i+=2;
4380	6		ex = X509V3_EXT_conf_nid(NULL, NULL, nid, data);
4381	6	50	if (ex)
4382	6		sk_X509_EXTENSION_push(stack, ex);
4383			else
4384	0		RETVAL = 0;
4385			}
4386	1		X509_REQ_add_extensions(x, stack);
4387	1		sk_X509_EXTENSION_pop_free(stack, X509_EXTENSION_free);
4388			}
4389			else
4390	0		RETVAL = 0;
4391			OUTPUT:
4392			RETVAL
4393
4394			int
4395			P_X509_add_extensions(x,ca_cert,...)
4396			X509 *x
4397			X509 *ca_cert
4398			PREINIT:
4399	1	50	int i=2;
4400			int nid;
4401			char *data;
4402			X509_EXTENSION *ex;
4403			X509V3_CTX ctx;
4404			CODE:
4405	1	50	if (items>1) {
4406	1		RETVAL = 1;
4407	7	100	while(i+1
4408	6		nid = SvIV(ST(i));
4409	6		data = SvPV_nolen(ST(i+1));
4410	6		i+=2;
4411	6		X509V3_set_ctx(&ctx, ca_cert, x, NULL, NULL, 0);
4412	6		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
4413	6	50	if (ex) {
4414	6		X509_add_ext(x,ex,-1);
4415	6		X509_EXTENSION_free(ex);
4416			}
4417			else {
4418	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
4419	0		ERR_print_errors_fp(stderr);
4420	0		RETVAL = 0;
4421			}
4422			}
4423			}
4424			else
4425	0		RETVAL = 0;
4426			OUTPUT:
4427			RETVAL
4428
4429			int
4430			P_X509_CRL_add_extensions(x,ca_cert,...)
4431			X509_CRL *x
4432			X509 *ca_cert
4433			PREINIT:
4434	1	50	int i=2;
4435			int nid;
4436			char *data;
4437			X509_EXTENSION *ex;
4438			X509V3_CTX ctx;
4439			CODE:
4440	1	50	if (items>1) {
4441	1		RETVAL = 1;
4442	2	100	while(i+1
4443	1		nid = SvIV(ST(i));
4444	1		data = SvPV_nolen(ST(i+1));
4445	1		i+=2;
4446	1		X509V3_set_ctx(&ctx, ca_cert, NULL, NULL, x, 0);
4447	1		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
4448	1	50	if (ex) {
4449	1		X509_CRL_add_ext(x,ex,-1);
4450	1		X509_EXTENSION_free(ex);
4451			}
4452			else {
4453	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
4454	0		ERR_print_errors_fp(stderr);
4455	0		RETVAL = 0;
4456			}
4457			}
4458			}
4459			else
4460	0		RETVAL = 0;
4461			OUTPUT:
4462			RETVAL
4463
4464			void
4465			P_X509_copy_extensions(x509_req,x509,override=1)
4466			X509_REQ *x509_req
4467			X509 *x509
4468			int override
4469			PREINIT:
4470	1		STACK_OF(X509_EXTENSION) *exts = NULL;
4471			X509_EXTENSION ext, tmpext;
4472			ASN1_OBJECT *obj;
4473	1	50	int i, idx, ret = 1;
4474			PPCODE:
4475	1	50	if (!x509 \|\| !x509_req) XSRETURN_IV(0);
		50
4476	1		exts = X509_REQ_get_extensions(x509_req);
4477	7	100	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
4478	6		ext = sk_X509_EXTENSION_value(exts, i);
4479	6		obj = X509_EXTENSION_get_object(ext);
4480	6		idx = X509_get_ext_by_OBJ(x509, obj, -1);
4481			/* Does extension exist? */
4482	6	50	if (idx != -1) {
4483	0	0	if (override) continue; /* don't override existing extension */
4484			/* Delete all extensions of same type */
4485			do {
4486	0		tmpext = X509_get_ext(x509, idx);
4487	0		X509_delete_ext(x509, idx);
4488	0		X509_EXTENSION_free(tmpext);
4489	0		idx = X509_get_ext_by_OBJ(x509, obj, -1);
4490	0	0	} while (idx != -1);
4491			}
4492	6	50	if (!X509_add_ext(x509, ext, -1)) ret = 0;
4493			}
4494	1		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
4495	1		XSRETURN_IV(ret);
4496
4497			X509 *
4498			X509_STORE_CTX_get_current_cert(x509_store_ctx)
4499			X509_STORE_CTX * x509_store_ctx
4500
4501			#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */
4502
4503			X509 *
4504			X509_STORE_CTX_get0_cert(x509_store_ctx)
4505			X509_STORE_CTX *x509_store_ctx
4506
4507			#endif
4508
4509			STACK_OF(X509) *
4510			X509_STORE_CTX_get1_chain(x509_store_ctx)
4511			X509_STORE_CTX *x509_store_ctx
4512
4513
4514			int
4515			X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
4516			long argl
4517			void * argp
4518			CRYPTO_EX_new * new_func
4519			CRYPTO_EX_dup * dup_func
4520			CRYPTO_EX_free * free_func
4521
4522			void *
4523			X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
4524			X509_STORE_CTX * x509_store_ctx
4525			int idx
4526
4527			void *
4528			X509_STORE_CTX_get_app_data(x509_store_ctx)
4529			X509_STORE_CTX * x509_store_ctx
4530			CODE:
4531	0		RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0);
4532			OUTPUT:
4533			RETVAL
4534
4535			void
4536			X509_get_fingerprint(cert,type)
4537			X509 * cert
4538			char * type
4539			PREINIT:
4540	9		const EVP_MD *digest_tp = NULL;
4541			unsigned char digest[EVP_MAX_MD_SIZE];
4542	9		unsigned int dsz, k = 0;
4543			char text[EVP_MAX_MD_SIZE * 3 + 1];
4544			CODE:
4545			#ifndef OPENSSL_NO_MD5
4546	9	50	if (!k && !strcmp(type,"md5")) {
		100
4547	4		k = 1; digest_tp = EVP_md5();
4548			}
4549			#endif
4550	9	100	if (!k && !strcmp(type,"sha1")) {
		100
4551	4		k = 1; digest_tp = EVP_sha1();
4552			}
4553			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4554			#ifndef OPENSSL_NO_SHA256
4555	9	100	if (!k && !strcmp(type,"sha256")) {
		50
4556	0		k = 1; digest_tp = EVP_sha256();
4557			}
4558			#endif
4559			#endif
4560	9	100	if (!k && !strcmp(type,"ripemd160")) {
		50
4561	0		k = 1; digest_tp = EVP_ripemd160();
4562			}
4563	9	100	if (!k) /* Default digest */
4564	1		digest_tp = EVP_sha1();
4565	9	50	if ( digest_tp == NULL ) {
4566			/* Out of memory */
4567	0		XSRETURN_UNDEF;
4568			}
4569	9	50	if (!X509_digest(cert, digest_tp, digest, &dsz)) {
4570			/* Out of memory */
4571	0		XSRETURN_UNDEF;
4572			}
4573	9		text[0] = '\0';
4574	173	100	for(k=0; k
4575	164		sprintf(&text[strlen(text)], "%02X:", digest[k]);
4576			}
4577	9		text[strlen(text)-1] = '\0';
4578	9		ST(0) = sv_newmortal(); /* Undefined to start with */
4579	9		sv_setpvn( ST(0), text, strlen(text));
4580
4581			void
4582			X509_get_subjectAltNames(cert)
4583			X509 * cert
4584			PREINIT:
4585	5		int i, j, count = 0;
4586	5		X509_EXTENSION *subjAltNameExt = NULL;
4587	5		STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
4588	5		GENERAL_NAME *subjAltNameDN = NULL;
4589			int num_gnames;
4590			PPCODE:
4591	5	100	if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
4592	3	50	&& (subjAltNameExt = X509_get_ext(cert, i))
4593	3	50	&& (subjAltNameDNs = (STACK_OF(GENERAL_NAME) *)X509V3_EXT_d2i(subjAltNameExt)))
4594			{
4595	3		num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
4596
4597	19	100	for (j = 0; j < num_gnames; j++)
4598			{
4599	16		subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
4600
4601	16		switch (subjAltNameDN->type)
4602			{
4603	2		case GEN_OTHERNAME:
4604	2	50	EXTEND(SP, 2);
4605	2		count++;
4606	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4607			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4608	2		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4609			#else
4610			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4611			#endif
4612	2		break;
4613
4614	8		case GEN_EMAIL:
4615			case GEN_DNS:
4616			case GEN_URI:
4617	8	50	EXTEND(SP, 2);
4618	8		count++;
4619	8		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4620			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4621	8		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4622			#else
4623			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4624			#endif
4625	8		break;
4626
4627	0		case GEN_DIRNAME:
4628			{
4629	0		char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
4630	0	0	EXTEND(SP, 2);
4631	0		count++;
4632	0		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4633	0		PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
4634			}
4635	0		break;
4636
4637	2		case GEN_RID:
4638			{
4639			char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */
4640	2		int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1);
4641	2	50	if (len < 0 \|\| len > (int)((sizeof(buf) - 1)))
		50
4642			break; /* Skip bad or overly long RID */
4643	2	50	EXTEND(SP, 2);
4644	2		count++;
4645	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4646	2		PUSHs(sv_2mortal(newSVpv(buf, 0)));
4647			}
4648	2		break;
4649
4650	4		case GEN_IPADD:
4651	4	50	EXTEND(SP, 2);
4652	4		count++;
4653	4		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4654	4		PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
4655	4		break;
4656
4657			}
4658			}
4659	3		sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free);
4660			}
4661	5		XSRETURN(count * 2);
4662
4663			void
4664			P_X509_get_crl_distribution_points(cert)
4665			X509 * cert
4666			INIT:
4667			GENERAL_NAMES *gnames;
4668			GENERAL_NAME *gn;
4669			STACK_OF(DIST_POINT) *points;
4670			DIST_POINT *p;
4671			int i, j;
4672			PPCODE:
4673	4		points = (STACK_OF(DIST_POINT) *)X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
4674	6	100	for (i = 0; i < sk_DIST_POINT_num(points); i++) {
4675	2		p = sk_DIST_POINT_value(points, i);
4676	2	50	if (!p->distpoint)
4677	0		continue;
4678	2	50	if (p->distpoint->type == 0) {
4679			/* full name */
4680	2		gnames = p->distpoint->name.fullname;
4681	4	100	for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) {
4682	2		gn = sk_GENERAL_NAME_value(gnames, j);
4683
4684	2	50	if (gn->type == GEN_URI) {
4685			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4686	2	50	XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_get0_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4687			#else
4688			XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4689			#endif
4690			}
4691			}
4692			}
4693			else {
4694			/* relative name - not supported */
4695			/* XXX-TODO: the code below is just an idea; do not enable it without proper test case
4696			BIO *bp;
4697			char *buf;
4698			int n;
4699			X509_NAME ntmp;
4700			ntmp.entries = p->distpoint->name.relativename;
4701			bp = BIO_new(BIO_s_mem());
4702			if (bp) {
4703			X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253);
4704			n = BIO_ctrl_pending(bp);
4705			New(0, buf, n, char);
4706			if (buf) {
4707			j = BIO_read(bp,buf,n);
4708			if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j)));
4709			Safefree(buf);
4710			}
4711			BIO_free(bp);
4712			}
4713			*/
4714			}
4715			}
4716	4		sk_DIST_POINT_pop_free(points, DIST_POINT_free);
4717
4718			void
4719			P_X509_get_ocsp_uri(cert)
4720			X509 * cert
4721			PREINIT:
4722			AUTHORITY_INFO_ACCESS *info;
4723			int i;
4724			PPCODE:
4725	0		info = (AUTHORITY_INFO_ACCESS *)X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
4726	0	0	if (!info) XSRETURN_UNDEF;
4727
4728	0	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
4729	0		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
4730	0	0	if (OBJ_obj2nid(ad->method) == NID_ad_OCSP
4731	0	0	&& ad->location->type == GEN_URI) {
4732			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4733	0	0	XPUSHs(sv_2mortal(newSVpv(
4734			(char*)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier),
4735			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4736			)));
4737			#else
4738			XPUSHs(sv_2mortal(newSVpv(
4739			(char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier),
4740			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4741			)));
4742			#endif
4743	0	0	if (GIMME_V == G_SCALAR) break; /* get only first */
4744			}
4745			}
4746	0		AUTHORITY_INFO_ACCESS_free(info);
4747
4748
4749			void
4750			P_X509_get_ext_key_usage(cert,format=0)
4751			X509 * cert
4752			int format
4753			PREINIT:
4754			EXTENDED_KEY_USAGE *extusage;
4755			int i, nid;
4756			char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
4757			ASN1_OBJECT *o;
4758			PPCODE:
4759	16		extusage = (EXTENDED_KEY_USAGE *)X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
4760	92	100	for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
4761	76		o = sk_ASN1_OBJECT_value(extusage,i);
4762	76		nid = OBJ_obj2nid(o);
4763	76		OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1);
4764	76	100	if(format==0)
4765	19	50	XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */
4766	57	100	else if(format==1 && nid>0)
		100
4767	17	50	XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */
4768	40	100	else if(format==2 && nid>0)
		100
4769	17	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */
4770	23	100	else if(format==3 && nid>0)
		100
4771	17	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */
4772			}
4773	16		EXTENDED_KEY_USAGE_free(extusage);
4774
4775			void
4776			P_X509_get_key_usage(cert)
4777			X509 * cert
4778			INIT:
4779			ASN1_BIT_STRING * u;
4780			PPCODE:
4781	4		u = (ASN1_BIT_STRING *)X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
4782	4	50	if (u) {
4783	4	50	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0)));
		50
4784	4	100	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0)));
		50
4785	4	50	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0)));
		50
4786	4	100	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0)));
		50
4787	4	100	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0)));
		50
4788	4	100	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0)));
		50
4789	4	100	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0)));
		50
4790	4	50	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0)));
		0
4791	4	100	if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0)));
		50
4792	4		ASN1_BIT_STRING_free(u);
4793			}
4794
4795			void
4796			P_X509_get_netscape_cert_type(cert)
4797			X509 * cert
4798			INIT:
4799			ASN1_BIT_STRING * u;
4800			PPCODE:
4801	4		u = (ASN1_BIT_STRING *)X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL);
4802	4	50	if (u) {
4803	0	0	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0)));
		0
4804	0	0	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0)));
		0
4805	0	0	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0)));
		0
4806	0	0	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0)));
		0
4807	0	0	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0)));
		0
4808	0	0	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0)));
		0
4809	0	0	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0)));
		0
4810	0	0	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0)));
		0
4811	0		ASN1_BIT_STRING_free(u);
4812			}
4813
4814			int
4815			X509_get_ext_by_NID(x,nid,loc=-1)
4816			X509* x
4817			int nid
4818			int loc
4819
4820			X509_EXTENSION *
4821			X509_get_ext(x,loc)
4822			X509* x
4823			int loc
4824
4825			int
4826			X509_EXTENSION_get_critical(X509_EXTENSION *ex)
4827
4828			ASN1_OCTET_STRING *
4829			X509_EXTENSION_get_data(X509_EXTENSION *ne)
4830
4831			ASN1_OBJECT *
4832			X509_EXTENSION_get_object(X509_EXTENSION *ex)
4833
4834			int
4835			X509_get_ext_count(X509 *x)
4836
4837			int
4838			X509_CRL_get_ext_count(X509_CRL *x)
4839
4840			int
4841			X509_CRL_get_ext_by_NID(x,ni,loc=-1)
4842			X509_CRL* x
4843			int ni
4844			int loc
4845
4846			X509_EXTENSION *
4847			X509_CRL_get_ext(x,loc)
4848			X509_CRL* x
4849			int loc
4850
4851			void
4852			X509V3_EXT_print(ext,flags=0,utf8_decode=0)
4853			X509_EXTENSION * ext
4854			unsigned long flags
4855			int utf8_decode
4856			PREINIT:
4857			BIO * bp;
4858			char * buf;
4859			int i, n;
4860	21	50	int indent=0;
4861			CODE:
4862	21		ST(0) = sv_newmortal(); /* undef to start with */
4863	21		bp = BIO_new(BIO_s_mem());
4864	21	50	if (bp) {
4865	21	50	if(X509V3_EXT_print(bp,ext,flags,indent)) {
4866	21		n = BIO_ctrl_pending(bp);
4867	21		New(0, buf, n, char);
4868	21	50	if (buf) {
4869	21		i = BIO_read(bp,buf,n);
4870	21	50	if (i>=0 && i<=n) {
		50
4871	21		sv_setpvn(ST(0), buf, i);
4872	21	50	if (utf8_decode) sv_utf8_decode(ST(0));
4873			}
4874	21		Safefree(buf);
4875			}
4876			}
4877	21		BIO_free(bp);
4878			}
4879
4880			void *
4881			X509V3_EXT_d2i(ext)
4882			X509_EXTENSION *ext
4883
4884			X509_STORE_CTX *
4885			X509_STORE_CTX_new()
4886
4887			int
4888			X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
4889			X509_STORE_CTX * ctx
4890			X509_STORE * store
4891			X509 * x509
4892			STACK_OF(X509) * chain
4893
4894			void
4895			X509_STORE_CTX_free(ctx)
4896			X509_STORE_CTX * ctx
4897
4898			int
4899			X509_verify_cert(x509_store_ctx)
4900			X509_STORE_CTX * x509_store_ctx
4901
4902			int
4903			X509_STORE_CTX_get_error(x509_store_ctx)
4904			X509_STORE_CTX * x509_store_ctx
4905
4906			int
4907			X509_STORE_CTX_get_error_depth(x509_store_ctx)
4908			X509_STORE_CTX * x509_store_ctx
4909
4910			int
4911			X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
4912			X509_STORE_CTX * x509_store_ctx
4913			int idx
4914			void * data
4915
4916			int
4917			X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
4918			X509_STORE_CTX * x509_store_ctx
4919			char * arg
4920			CODE:
4921	0		RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg);
4922			OUTPUT:
4923			RETVAL
4924
4925			void
4926			X509_STORE_CTX_set_error(x509_store_ctx,s)
4927			X509_STORE_CTX * x509_store_ctx
4928			int s
4929
4930			void
4931			X509_STORE_CTX_set_cert(x509_store_ctx,x)
4932			X509_STORE_CTX * x509_store_ctx
4933			X509 * x
4934
4935			X509_STORE *
4936			X509_STORE_new()
4937
4938			void
4939			X509_STORE_free(store)
4940			X509_STORE * store
4941
4942			X509_LOOKUP *
4943			X509_STORE_add_lookup(store, method)
4944			X509_STORE * store
4945			X509_LOOKUP_METHOD * method
4946
4947			int
4948			X509_STORE_add_cert(ctx, x)
4949			X509_STORE *ctx
4950			X509 *x
4951
4952			int
4953			X509_STORE_add_crl(ctx, x)
4954			X509_STORE *ctx
4955			X509_CRL *x
4956
4957			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4958
4959			void
4960			X509_STORE_set_flags(ctx, flags)
4961			X509_STORE *ctx
4962			long flags
4963
4964			void
4965			X509_STORE_set_purpose(ctx, purpose)
4966			X509_STORE *ctx
4967			int purpose
4968
4969			void
4970			X509_STORE_set_trust(ctx, trust)
4971			X509_STORE *ctx
4972			int trust
4973
4974			int
4975			X509_STORE_set1_param(ctx, pm)
4976			X509_STORE *ctx
4977			X509_VERIFY_PARAM *pm
4978
4979			#endif
4980
4981			X509_LOOKUP_METHOD *
4982			X509_LOOKUP_hash_dir()
4983
4984			void
4985			X509_LOOKUP_add_dir(lookup, dir, type)
4986			X509_LOOKUP * lookup
4987			char * dir
4988			int type
4989
4990			int
4991			X509_load_cert_file(ctx, file, type)
4992			X509_LOOKUP *ctx
4993			char *file
4994			int type
4995
4996			int
4997			X509_load_crl_file(ctx, file, type)
4998			X509_LOOKUP *ctx
4999			char *file
5000			int type
5001
5002			int
5003			X509_load_cert_crl_file(ctx, file, type)
5004			X509_LOOKUP *ctx
5005			char *file
5006			int type
5007
5008			const char *
5009			X509_verify_cert_error_string(n)
5010			long n
5011
5012			ASN1_INTEGER *
5013			ASN1_INTEGER_new()
5014
5015			void
5016			ASN1_INTEGER_free(ASN1_INTEGER *i)
5017
5018			int
5019			ASN1_INTEGER_set(ASN1_INTEGER *i, long val)
5020
5021			long
5022			ASN1_INTEGER_get(ASN1_INTEGER *a)
5023
5024			void
5025			P_ASN1_INTEGER_set_hex(i,str)
5026			ASN1_INTEGER * i
5027			char * str
5028			INIT:
5029			BIGNUM *bn;
5030	3		int rv = 1;
5031			PPCODE:
5032	3		bn = BN_new();
5033	3	50	if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0);
5034	3	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
5035	3		BN_free(bn);
5036	3		XSRETURN_IV(rv);
5037
5038			void
5039			P_ASN1_INTEGER_set_dec(i,str)
5040			ASN1_INTEGER * i
5041			char * str
5042			INIT:
5043			BIGNUM *bn;
5044	1		int rv = 1;
5045			PPCODE:
5046	1		bn = BN_new();
5047	1	50	if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0);
5048	1	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
5049	1		BN_free(bn);
5050	1		XSRETURN_IV(rv);
5051
5052			void
5053			P_ASN1_INTEGER_get_hex(i)
5054			ASN1_INTEGER * i
5055			INIT:
5056			BIGNUM *bn;
5057			char *result;
5058			PPCODE:
5059	10		bn = BN_new();
5060	10	50	if (!bn) XSRETURN_UNDEF;
5061	10		ASN1_INTEGER_to_BN(i, bn);
5062	10		result = BN_bn2hex(bn);
5063	10		BN_free(bn);
5064	10	50	if (!result) XSRETURN_UNDEF;
5065	10	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
5066	10		OPENSSL_free(result);
5067
5068			void
5069			P_ASN1_INTEGER_get_dec(i)
5070			ASN1_INTEGER * i
5071			INIT:
5072			BIGNUM *bn;
5073			char *result;
5074			PPCODE:
5075	9		bn = BN_new();
5076	9	50	if (!bn) XSRETURN_UNDEF;
5077	9		ASN1_INTEGER_to_BN(i, bn);
5078	9		result = BN_bn2dec(bn);
5079	9		BN_free(bn);
5080	9	50	if (!result) XSRETURN_UNDEF;
5081	9	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
5082	9		OPENSSL_free(result);
5083
5084			void
5085			P_ASN1_STRING_get(s,utf8_decode=0)
5086			ASN1_STRING * s
5087			int utf8_decode
5088			PREINIT:
5089			SV * u8;
5090			PPCODE:
5091			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
5092	87		u8 = newSVpv((const char*)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
5093			#else
5094			u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s));
5095			#endif
5096	87	100	if (utf8_decode) sv_utf8_decode(u8);
5097	87	50	XPUSHs(sv_2mortal(u8));
5098
5099			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
5100
5101			const ASN1_TIME *
5102			X509_get0_notBefore(const X509 *cert)
5103
5104			const ASN1_TIME *
5105			X509_get0_notAfter(const X509 *cert)
5106
5107			ASN1_TIME *
5108			X509_getm_notBefore(const X509 *cert)
5109			ALIAS:
5110			X509_get_notBefore = 1
5111
5112			ASN1_TIME *
5113			X509_getm_notAfter(const X509 *cert)
5114			ALIAS:
5115			X509_get_notAfter = 1
5116
5117			#else /* plain get_ is deprecated */
5118
5119			ASN1_TIME *
5120			X509_get_notBefore(X509 *cert)
5121			ALIAS:
5122			X509_get0_notBefore = 1
5123			X509_getm_notBefore = 2
5124
5125			ASN1_TIME *
5126			X509_get_notAfter(X509 *cert)
5127			ALIAS:
5128			X509_get0_notAfter = 1
5129			X509_getm_notAfter = 2
5130
5131			#endif
5132
5133			ASN1_TIME *
5134			X509_gmtime_adj(s, adj)
5135			ASN1_TIME * s
5136			long adj
5137
5138			ASN1_TIME *
5139			ASN1_TIME_set(s,t)
5140			ASN1_TIME *s
5141			time_t t
5142
5143			void
5144			ASN1_TIME_free(s)
5145			ASN1_TIME *s
5146
5147			time_t
5148			ASN1_TIME_timet(s)
5149			ASN1_TIME *s
5150			CODE:
5151	0		RETVAL = ASN1_TIME_timet(s,NULL);
5152			OUTPUT:
5153			RETVAL
5154
5155			ASN1_TIME *
5156			ASN1_TIME_new()
5157
5158			void
5159			P_ASN1_TIME_put2string(tm)
5160			ASN1_TIME * tm
5161			PREINIT:
5162	4		BIO *bp=NULL;
5163	4		int i=0;
5164			char buffer[256];
5165			ALIAS:
5166			P_ASN1_UTCTIME_put2string = 1
5167			CODE:
5168	4		ST(0) = sv_newmortal(); /* undef retval to start with */
5169	4	50	if (tm) {
5170	4		bp = BIO_new(BIO_s_mem());
5171	4	50	if (bp) {
5172	4		ASN1_TIME_print(bp,tm);
5173	4		i = BIO_read(bp,buffer,255);
5174	4		buffer[i] = '\0';
5175	4	50	if (i>0)
5176	4		sv_setpvn(ST(0), buffer, i);
5177	4		BIO_free(bp);
5178			}
5179			}
5180
5181			void
5182			P_ASN1_TIME_get_isotime(tm)
5183			ASN1_TIME *tm
5184			PREINIT:
5185	34		ASN1_GENERALIZEDTIME *tmp = NULL;
5186			char buf[256];
5187			CODE:
5188	34		buf[0] = '\0';
5189			/* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */
5190	34		ASN1_TIME_to_generalizedtime(tm,&tmp);
5191	34	50	if (tmp) {
5192	34	50	if (ASN1_GENERALIZEDTIME_check(tmp)) {
5193	34	50	if (strlen((char)tmp->data)>=14 && strlen((char)tmp->data)<200) {
		50
5194	34		strcpy (buf,"yyyy-mm-ddThh:mm:ss");
5195	34		strncpy(buf, (char*)tmp->data, 4);
5196	34		strncpy(buf+5, (char*)tmp->data+4, 2);
5197	34		strncpy(buf+8, (char*)tmp->data+6, 2);
5198	34		strncpy(buf+11,(char*)tmp->data+8, 2);
5199	34		strncpy(buf+14,(char*)tmp->data+10,2);
5200	34		strncpy(buf+17,(char*)tmp->data+12,2);
5201	34	50	if (strlen((char)tmp->data)>14) strcat(buf+19,(char)tmp->data+14);
5202			}
5203			}
5204	34		ASN1_GENERALIZEDTIME_free(tmp);
5205			}
5206	34		ST(0) = sv_newmortal();
5207	34		sv_setpv(ST(0), buf);
5208
5209			void
5210			P_ASN1_TIME_set_isotime(tm,str)
5211			ASN1_TIME *tm
5212			const char *str
5213			PREINIT:
5214			ASN1_TIME t;
5215			char buf[256];
5216			int i,rv;
5217			CODE:
5218	13	50	if (!tm) XSRETURN_UNDEF;
5219			/* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */
5220	13	50	if (strlen(str) < 19) XSRETURN_UNDEF;
5221	65	50	for (i=0; i<4; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5222	39	50	for (i=5; i<7; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5223	39	50	for (i=8; i<10; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5224	39	50	for (i=11; i<13; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5225	39	50	for (i=14; i<16; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5226	39	50	for (i=17; i<19; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
5227	13		strncpy(buf, str, 4);
5228	13		strncpy(buf+4, str+5, 2);
5229	13		strncpy(buf+6, str+8, 2);
5230	13		strncpy(buf+8, str+11, 2);
5231	13		strncpy(buf+10, str+14, 2);
5232	13		strncpy(buf+12, str+17, 2);
5233	13		buf[14] = '\0';
5234	13	50	if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19);
		50
5235
5236			/* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/
5237			/* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */
5238	13		t.length = strlen(buf);
5239	13		t.data = (unsigned char *)buf;
5240	13		t.flags = 0;
5241	13		t.type = V_ASN1_UTCTIME;
5242	13	50	if (!ASN1_TIME_check(&t)) {
5243	13		t.type = V_ASN1_GENERALIZEDTIME;
5244	13	50	if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF;
5245			}
5246	13		tm->type = t.type;
5247	13		tm->flags = t.flags;
5248	13	50	if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF;
5249	13		rv = 1;
5250
5251			/* end of ASN1_TIME_set_string() reimplementation */
5252
5253	13		ST(0) = sv_newmortal();
5254	13		sv_setiv(ST(0), rv); /* 1 = success, undef = failure */
5255
5256			int
5257			EVP_PKEY_copy_parameters(to,from)
5258			EVP_PKEY * to
5259			EVP_PKEY * from
5260
5261			EVP_PKEY *
5262			EVP_PKEY_new()
5263
5264			void
5265			EVP_PKEY_free(EVP_PKEY *pkey)
5266
5267			int
5268			EVP_PKEY_assign_RSA(EVP_PKEY pkey, RSA key)
5269
5270			int
5271			EVP_PKEY_bits(EVP_PKEY *pkey)
5272
5273			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3060000fL)
5274
5275			int
5276			EVP_PKEY_security_bits(EVP_PKEY *pkey)
5277
5278			#endif
5279
5280			int
5281			EVP_PKEY_size(EVP_PKEY *pkey)
5282
5283			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
5284
5285			int
5286			EVP_PKEY_id(const EVP_PKEY *pkey)
5287
5288			#endif
5289
5290			void
5291			PEM_get_string_X509(x509)
5292			X509 * x509
5293			PREINIT:
5294			BIO *bp;
5295			int i, n;
5296			char *buf;
5297			CODE:
5298	3		ST(0) = sv_newmortal(); /* undef to start with */
5299	3		bp = BIO_new(BIO_s_mem());
5300	3	50	if (bp && x509) {
		50
5301	3		PEM_write_bio_X509(bp,x509);
5302	3		n = BIO_ctrl_pending(bp);
5303	3		New(0, buf, n, char);
5304	3	50	if (buf) {
5305	3		i = BIO_read(bp,buf,n);
5306	3	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5307	3		Safefree(buf);
5308			}
5309	3		BIO_free(bp);
5310			}
5311
5312			void
5313			PEM_get_string_X509_REQ(x509_req)
5314			X509_REQ * x509_req
5315			PREINIT:
5316			BIO *bp;
5317			int i, n;
5318			char *buf;
5319			CODE:
5320	1		ST(0) = sv_newmortal(); /* undef to start with */
5321	1		bp = BIO_new(BIO_s_mem());
5322	1	50	if (bp && x509_req) {
		50
5323	1		PEM_write_bio_X509_REQ(bp,x509_req);
5324	1		n = BIO_ctrl_pending(bp);
5325	1		New(0, buf, n, char);
5326	1	50	if (buf) {
5327	1		i = BIO_read(bp,buf,n);
5328	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5329	1		Safefree(buf);
5330			}
5331	1		BIO_free(bp);
5332			}
5333
5334			void
5335			PEM_get_string_X509_CRL(x509_crl)
5336			X509_CRL * x509_crl
5337			PREINIT:
5338			BIO *bp;
5339			int i, n;
5340			char *buf;
5341			CODE:
5342	1		ST(0) = sv_newmortal(); /* undef to start with */
5343	1		bp = BIO_new(BIO_s_mem());
5344	1	50	if (bp && x509_crl) {
		50
5345	1		PEM_write_bio_X509_CRL(bp,x509_crl);
5346	1		n = BIO_ctrl_pending(bp);
5347	1		New(0, buf, n, char);
5348	1	50	if (buf) {
5349	1		i = BIO_read(bp,buf,n);
5350	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5351	1		Safefree(buf);
5352			}
5353	1		BIO_free(bp);
5354			}
5355
5356			void
5357			PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
5358			EVP_PKEY * pk
5359			char * passwd
5360			const EVP_CIPHER * enc_alg
5361			PREINIT:
5362			BIO *bp;
5363			int i, n;
5364			char *buf;
5365	6		size_t passwd_len = 0;
5366	6		pem_password_cb * cb = NULL;
5367	6	100	void * u = NULL;
5368			CODE:
5369	6		ST(0) = sv_newmortal(); /* undef to start with */
5370	6		bp = BIO_new(BIO_s_mem());
5371	6	50	if (bp && pk) {
		50
5372	6	100	if (passwd) passwd_len = strlen(passwd);
5373	6	100	if (passwd_len>0) {
5374			/* encrypted key */
5375	2	100	if (!enc_alg)
5376	1		PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
5377			else
5378	1		PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
5379			}
5380			else {
5381			/* unencrypted key */
5382	4		PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u);
5383			}
5384	6		n = BIO_ctrl_pending(bp);
5385	6		New(0, buf, n, char);
5386	6	50	if (buf) {
5387	6		i = BIO_read(bp,buf,n);
5388	6	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
5389	6		Safefree(buf);
5390			}
5391	6		BIO_free(bp);
5392			}
5393
5394			int
5395			CTX_use_PKCS12_file(ctx, file, password=NULL)
5396			SSL_CTX *ctx
5397			char *file
5398			char *password
5399			PREINIT:
5400			PKCS12 *p12;
5401			EVP_PKEY *private_key;
5402			X509 *certificate;
5403			BIO *bio;
5404			CODE:
5405	0		RETVAL = 0;
5406	0		bio = BIO_new_file(file, "rb");
5407	0	0	if (bio) {
5408	0		OPENSSL_add_all_algorithms_noconf();
5409	0	0	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
5410	0	0	if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) {
5411	0	0	if (private_key) {
5412	0	0	if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1;
5413	0		EVP_PKEY_free(private_key);
5414			}
5415	0	0	if (certificate) {
5416	0	0	if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1;
5417	0		X509_free(certificate);
5418			}
5419			}
5420	0		PKCS12_free(p12);
5421			}
5422	0	0	if (!RETVAL) ERR_print_errors_fp(stderr);
5423	0		BIO_free(bio);
5424			}
5425			OUTPUT:
5426			RETVAL
5427
5428			void
5429			P_PKCS12_load_file(file, load_chain=0, password=NULL)
5430			char *file
5431			int load_chain
5432			char *password
5433			PREINIT:
5434			PKCS12 *p12;
5435	4		EVP_PKEY *private_key = NULL;
5436	4		X509 *certificate = NULL;
5437	4	50	STACK_OF(X509) *cachain = NULL;
5438			X509 *x;
5439			BIO *bio;
5440			int i, result;
5441			PPCODE:
5442	4		bio = BIO_new_file(file, "rb");
5443	4	50	if (bio) {
5444	4		OPENSSL_add_all_algorithms_noconf();
5445	4	50	if ((p12 = d2i_PKCS12_bio(bio, NULL))) {
5446	4	100	if(load_chain)
5447	3		result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain);
5448			else
5449	1		result= PKCS12_parse(p12, password, &private_key, &certificate, NULL);
5450	4	50	if (result) {
5451	4	50	if (private_key)
5452	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key))));
5453			else
5454	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
5455	4	50	if (certificate)
5456	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate))));
5457			else
5458	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
5459	4	100	if (cachain) {
5460	3	100	for (i=0; i
5461	2		x = sk_X509_value(cachain, i);
5462	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
5463			}
5464	1		sk_X509_free(cachain);
5465			}
5466			}
5467	4		PKCS12_free(p12);
5468			}
5469	4		BIO_free(bio);
5470			}
5471
5472			#ifndef OPENSSL_NO_MD2
5473
5474			void
5475			MD2(data)
5476			PREINIT:
5477			STRLEN len;
5478			unsigned char md[MD2_DIGEST_LENGTH];
5479			unsigned char * ret;
5480			INPUT:
5481			unsigned char* data = (unsigned char *) SvPV( ST(0), len);
5482			CODE:
5483			ret = MD2(data,len,md);
5484			if (ret!=NULL) {
5485			XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
5486			} else {
5487			XSRETURN_UNDEF;
5488			}
5489
5490			#endif
5491
5492			#ifndef OPENSSL_NO_MD4
5493
5494			void
5495			MD4(data)
5496			PREINIT:
5497			STRLEN len;
5498			unsigned char md[MD4_DIGEST_LENGTH];
5499			INPUT:
5500			unsigned char* data = (unsigned char *) SvPV( ST(0), len );
5501			CODE:
5502	0	0	if (MD4(data,len,md)) {
5503	0		XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
5504			} else {
5505	0		XSRETURN_UNDEF;
5506			}
5507
5508			#endif
5509
5510			#ifndef OPENSSL_NO_MD5
5511
5512			void
5513			MD5(data)
5514			PREINIT:
5515			STRLEN len;
5516			unsigned char md[MD5_DIGEST_LENGTH];
5517			INPUT:
5518			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5519			CODE:
5520	9	50	if (MD5(data,len,md)) {
5521	9		XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
5522			} else {
5523	0		XSRETURN_UNDEF;
5524			}
5525
5526			#endif
5527
5528			void
5529			RIPEMD160(data)
5530			PREINIT:
5531			STRLEN len;
5532			unsigned char md[RIPEMD160_DIGEST_LENGTH];
5533			INPUT:
5534			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5535			CODE:
5536	9	50	if (RIPEMD160(data,len,md)) {
5537	9		XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH);
5538			} else {
5539	0		XSRETURN_UNDEF;
5540			}
5541
5542			#if !defined(OPENSSL_NO_SHA)
5543
5544			void
5545			SHA1(data)
5546			PREINIT:
5547			STRLEN len;
5548			unsigned char md[SHA_DIGEST_LENGTH];
5549			INPUT:
5550			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5551			CODE:
5552	8	50	if (SHA1(data,len,md)) {
5553	8		XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH);
5554			} else {
5555	0		XSRETURN_UNDEF;
5556			}
5557
5558			#endif
5559			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5560
5561			void
5562			SHA256(data)
5563			PREINIT:
5564			STRLEN len;
5565			unsigned char md[SHA256_DIGEST_LENGTH];
5566			INPUT:
5567			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5568			CODE:
5569	8	50	if (SHA256(data,len,md)) {
5570	8		XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH);
5571			} else {
5572	0		XSRETURN_UNDEF;
5573			}
5574
5575			#endif
5576			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5577
5578			void
5579			SHA512(data)
5580			PREINIT:
5581			STRLEN len;
5582			unsigned char md[SHA512_DIGEST_LENGTH];
5583			INPUT:
5584			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5585			CODE:
5586	8	50	if (SHA512(data,len,md)) {
5587	8		XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH);
5588			} else {
5589	0		XSRETURN_UNDEF;
5590			}
5591
5592			#endif
5593
5594			#ifndef OPENSSL_NO_SSL2
5595			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5596
5597			const SSL_METHOD *
5598			SSLv2_method()
5599
5600			#endif
5601			#endif
5602
5603			#ifndef OPENSSL_NO_SSL3
5604
5605			const SSL_METHOD *
5606			SSLv3_method()
5607
5608			#endif
5609
5610			const SSL_METHOD *
5611			SSLv23_method()
5612
5613			const SSL_METHOD *
5614			SSLv23_server_method()
5615
5616			const SSL_METHOD *
5617			SSLv23_client_method()
5618
5619			#if !defined(OPENSSL_NO_TLS1_METHOD)
5620
5621			const SSL_METHOD *
5622			TLSv1_method()
5623
5624			const SSL_METHOD *
5625			TLSv1_server_method()
5626
5627			const SSL_METHOD *
5628			TLSv1_client_method()
5629
5630			#endif
5631
5632			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
5633
5634			const SSL_METHOD *
5635			TLSv1_1_method()
5636
5637			const SSL_METHOD *
5638			TLSv1_1_server_method()
5639
5640			const SSL_METHOD *
5641			TLSv1_1_client_method()
5642
5643			#endif
5644
5645			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
5646
5647			const SSL_METHOD *
5648			TLSv1_2_method()
5649
5650			const SSL_METHOD *
5651			TLSv1_2_server_method()
5652
5653			const SSL_METHOD *
5654			TLSv1_2_client_method()
5655
5656			#endif
5657
5658
5659			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
5660
5661			const SSL_METHOD *
5662			TLS_method()
5663
5664			const SSL_METHOD *
5665			TLS_server_method()
5666
5667			const SSL_METHOD *
5668			TLS_client_method()
5669
5670			#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */
5671
5672
5673			#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2060000fL)
5674
5675			int
5676			SSL_CTX_set_min_proto_version(ctx, version)
5677			SSL_CTX * ctx
5678			int version
5679
5680			int
5681			SSL_CTX_set_max_proto_version(ctx, version)
5682			SSL_CTX * ctx
5683			int version
5684
5685			int
5686			SSL_set_min_proto_version(ssl, version)
5687			SSL * ssl
5688			int version
5689
5690			int
5691			SSL_set_max_proto_version(ssl, version)
5692			SSL * ssl
5693			int version
5694
5695			#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
5696
5697
5698			#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
5699
5700			int
5701			SSL_CTX_get_min_proto_version(ctx)
5702			SSL_CTX * ctx
5703
5704			int
5705			SSL_CTX_get_max_proto_version(ctx)
5706			SSL_CTX * ctx
5707
5708			int
5709			SSL_get_min_proto_version(ssl)
5710			SSL * ssl
5711
5712			int
5713			SSL_get_max_proto_version(ssl)
5714			SSL * ssl
5715
5716			#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
5717
5718
5719			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5720
5721			int
5722			SSL_set_ssl_method(ssl, method)
5723			SSL * ssl
5724			SSL_METHOD * method
5725
5726			#else
5727
5728			int
5729			SSL_set_ssl_method(ssl, method)
5730			SSL * ssl
5731			const SSL_METHOD * method
5732
5733			#endif
5734
5735			const SSL_METHOD *
5736			SSL_get_ssl_method(ssl)
5737			SSL * ssl
5738
5739			#define REM_AUTOMATICALLY_GENERATED_1_09
5740
5741			BIO *
5742			BIO_new_buffer_ssl_connect(ctx)
5743			SSL_CTX * ctx
5744
5745			BIO *
5746			BIO_new_file(filename,mode)
5747			char * filename
5748			char * mode
5749
5750			BIO *
5751			BIO_new_ssl(ctx,client)
5752			SSL_CTX * ctx
5753			int client
5754
5755			BIO *
5756			BIO_new_ssl_connect(ctx)
5757			SSL_CTX * ctx
5758
5759			BIO *
5760			BIO_new(type)
5761			BIO_METHOD * type;
5762
5763			int
5764			BIO_free(bio)
5765			BIO * bio;
5766
5767			void
5768			BIO_read(s,max=32768)
5769			BIO * s
5770			int max
5771			PREINIT:
5772	162	100	char *buf = NULL;
5773			int got;
5774			CODE:
5775	162		New(0, buf, max, char);
5776	162		ST(0) = sv_newmortal(); /* Undefined to start with */
5777	162	100	if ((got = BIO_read(s, buf, max)) >= 0)
5778	69		sv_setpvn( ST(0), buf, got);
5779	162		Safefree(buf);
5780
5781			int
5782			BIO_write(s,buf)
5783			BIO * s
5784			PREINIT:
5785			STRLEN len;
5786			INPUT:
5787			char * buf = SvPV( ST(1), len);
5788			CODE:
5789	69		RETVAL = BIO_write (s, buf, (int)len);
5790			OUTPUT:
5791			RETVAL
5792
5793			int
5794			BIO_eof(s)
5795			BIO * s
5796
5797			int
5798			BIO_pending(s)
5799			BIO * s
5800
5801			int
5802			BIO_wpending(s)
5803			BIO * s
5804
5805			int
5806			BIO_ssl_copy_session_id(to,from)
5807			BIO * to
5808			BIO * from
5809
5810			void
5811			BIO_ssl_shutdown(ssl_bio)
5812			BIO * ssl_bio
5813
5814			int
5815			SSL_add_client_CA(ssl,x)
5816			SSL * ssl
5817			X509 * x
5818
5819			const char *
5820			SSL_alert_desc_string(value)
5821			int value
5822
5823			const char *
5824			SSL_alert_desc_string_long(value)
5825			int value
5826
5827			const char *
5828			SSL_alert_type_string(value)
5829			int value
5830
5831			const char *
5832			SSL_alert_type_string_long(value)
5833			int value
5834
5835			long
5836			SSL_callback_ctrl(ssl,i,fp)
5837			SSL * ssl
5838			int i
5839			callback_no_ret * fp
5840
5841			int
5842			SSL_check_private_key(ctx)
5843			SSL * ctx
5844
5845			# /* buf and size were required with Net::SSLeay 1.88 and earlier. */
5846			# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */
5847			void
5848			SSL_CIPHER_description(const SSL_CIPHER cipher, char unused_buf=NULL, int unused_size=0)
5849			PREINIT:
5850			char *description;
5851			char buf[512];
5852			PPCODE:
5853	120		description = SSL_CIPHER_description(cipher, buf, sizeof(buf));
5854	120	50	if(description == NULL) {
5855	0		XSRETURN_EMPTY;
5856			}
5857	120	50	XPUSHs(sv_2mortal(newSVpv(description, 0)));
5858
5859			const char *
5860			SSL_CIPHER_get_name(const SSL_CIPHER *c)
5861
5862			int
5863			SSL_CIPHER_get_bits(c, ...)
5864			const SSL_CIPHER * c
5865			CODE:
5866			int alg_bits;
5867	242		RETVAL = SSL_CIPHER_get_bits(c, &alg_bits);
5868	242	50	if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters");
5869	242	100	if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits)));
5870			OUTPUT:
5871			RETVAL
5872
5873			const char *
5874			SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
5875
5876			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
5877
5878			const EVP_MD *
5879			SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
5880
5881			#endif /* OpenSSL 1.1.1-pre1 */
5882
5883			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL) /* LibreSSL >= 3.4.0 */
5884
5885			const SSL_CIPHER *
5886			SSL_CIPHER_find(SSL ssl, const unsigned char ptr)
5887
5888			#endif
5889
5890			#ifndef OPENSSL_NO_COMP
5891
5892			int
5893			SSL_COMP_add_compression_method(id,cm)
5894			int id
5895			COMP_METHOD * cm
5896
5897			#endif
5898
5899			int
5900			SSL_CTX_add_client_CA(ctx,x)
5901			SSL_CTX * ctx
5902			X509 * x
5903
5904			long
5905			SSL_CTX_callback_ctrl(ctx,i,fp)
5906			SSL_CTX * ctx
5907			int i
5908			callback_no_ret * fp
5909
5910			int
5911			SSL_CTX_check_private_key(ctx)
5912			SSL_CTX * ctx
5913
5914			void *
5915			SSL_CTX_get_ex_data(ssl,idx)
5916			SSL_CTX * ssl
5917			int idx
5918
5919			int
5920			SSL_CTX_get_quiet_shutdown(ctx)
5921			SSL_CTX * ctx
5922
5923			long
5924			SSL_CTX_get_timeout(ctx)
5925			SSL_CTX * ctx
5926
5927			int
5928			SSL_CTX_get_verify_depth(ctx)
5929			SSL_CTX * ctx
5930
5931			int
5932			SSL_CTX_get_verify_mode(ctx)
5933			SSL_CTX * ctx
5934
5935			void
5936			SSL_CTX_set_cert_store(ctx,store)
5937			SSL_CTX * ctx
5938			X509_STORE * store
5939
5940			X509_STORE *
5941			SSL_CTX_get_cert_store(ctx)
5942			SSL_CTX * ctx
5943
5944			void
5945			SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef)
5946			SSL_CTX * ctx
5947			SV * callback
5948			SV * data
5949			CODE:
5950	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
5951	0		SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
5952	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL);
5953	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL);
5954			}
5955			else {
5956	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback));
5957	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data));
5958	1		SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx);
5959			}
5960
5961			X509_NAME_STACK *
5962			SSL_CTX_get_client_CA_list(ctx)
5963			SSL_CTX *ctx
5964
5965			void
5966			SSL_CTX_set_client_CA_list(ctx,list)
5967			SSL_CTX * ctx
5968			X509_NAME_STACK * list
5969
5970			void
5971			SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef)
5972			SSL_CTX * ctx
5973			SV * callback
5974			CODE:
5975	5	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
5976	0		SSL_CTX_set_default_passwd_cb(ctx, NULL);
5977	0		SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
5978	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL);
5979			}
5980			else {
5981	5		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback));
5982	5		SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx);
5983	5		SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
5984			}
5985
5986			void
5987			SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef)
5988			SSL_CTX * ctx
5989			SV * data
5990			CODE:
5991			/* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */
5992	3	50	if (data==NULL \|\| !SvOK(data)) {
		50
5993	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL);
5994			}
5995			else {
5996	3		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data));
5997			}
5998
5999			int
6000			SSL_CTX_set_ex_data(ssl,idx,data)
6001			SSL_CTX * ssl
6002			int idx
6003			void * data
6004
6005			int
6006			SSL_CTX_set_purpose(s,purpose)
6007			SSL_CTX * s
6008			int purpose
6009
6010			void
6011			SSL_CTX_set_quiet_shutdown(ctx,mode)
6012			SSL_CTX * ctx
6013			int mode
6014
6015			#if OPENSSL_VERSION_NUMBER < 0x10000000L
6016
6017			int
6018			SSL_CTX_set_ssl_version(ctx,meth)
6019			SSL_CTX * ctx
6020			SSL_METHOD * meth
6021
6022			#else
6023
6024			int
6025			SSL_CTX_set_ssl_version(ctx,meth)
6026			SSL_CTX * ctx
6027			const SSL_METHOD * meth
6028
6029			#endif
6030
6031			long
6032			SSL_CTX_set_timeout(ctx,t)
6033			SSL_CTX * ctx
6034			long t
6035
6036			int
6037			SSL_CTX_set_trust(s,trust)
6038			SSL_CTX * s
6039			int trust
6040
6041			void
6042			SSL_CTX_set_verify_depth(ctx,depth)
6043			SSL_CTX * ctx
6044			int depth
6045
6046			int
6047			SSL_CTX_use_certificate(ctx,x)
6048			SSL_CTX * ctx
6049			X509 * x
6050
6051			int
6052			SSL_CTX_use_certificate_chain_file(ctx,file)
6053			SSL_CTX * ctx
6054			const char * file
6055
6056
6057			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3030200fL) /* OpenSSL 1.1.0-pre1 or LibreSSL 3.3.2 */
6058
6059			int
6060			SSL_use_certificate_chain_file(ssl,file)
6061			SSL * ssl
6062			const char * file
6063
6064			#endif /* OpenSSL 1.1.0 */
6065
6066			int
6067			SSL_CTX_use_PrivateKey(ctx,pkey)
6068			SSL_CTX * ctx
6069			EVP_PKEY * pkey
6070
6071			int
6072			SSL_CTX_use_RSAPrivateKey(ctx,rsa)
6073			SSL_CTX * ctx
6074			RSA * rsa
6075
6076			int
6077			SSL_do_handshake(s)
6078			SSL * s
6079
6080			SSL *
6081			SSL_dup(ssl)
6082			SSL * ssl
6083
6084			const SSL_CIPHER *
6085			SSL_get_current_cipher(s)
6086			SSL * s
6087
6088			long
6089			SSL_get_default_timeout(s)
6090			SSL * s
6091
6092			void *
6093			SSL_get_ex_data(ssl,idx)
6094			SSL * ssl
6095			int idx
6096
6097			size_t
6098			SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
6099			SSL *ssl
6100			SV *buf
6101			size_t count
6102			PREINIT:
6103			unsigned char *finished;
6104			size_t finished_len;
6105			CODE:
6106	4		Newx(finished, count, unsigned char);
6107	4		finished_len = SSL_get_finished(ssl, finished, count);
6108	4	100	if (count > finished_len)
6109	3		count = finished_len;
6110	4		sv_setpvn(buf, (const char *)finished, count);
6111	4		Safefree(finished);
6112	4	50	RETVAL = finished_len;
6113			OUTPUT:
6114			RETVAL
6115
6116			size_t
6117			SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
6118			SSL *ssl
6119			SV *buf
6120			size_t count
6121			PREINIT:
6122			unsigned char *finished;
6123			size_t finished_len;
6124			CODE:
6125	4		Newx(finished, count, unsigned char);
6126	4		finished_len = SSL_get_peer_finished(ssl, finished, count);
6127	4	100	if (count > finished_len)
6128	3		count = finished_len;
6129	4		sv_setpvn(buf, (const char *)finished, count);
6130	4		Safefree(finished);
6131	4	50	RETVAL = finished_len;
6132			OUTPUT:
6133			RETVAL
6134
6135			int
6136			SSL_get_quiet_shutdown(ssl)
6137			SSL * ssl
6138
6139			int
6140			SSL_get_shutdown(ssl)
6141			SSL * ssl
6142
6143			int
6144			SSL_get_verify_depth(s)
6145			SSL * s
6146
6147			int
6148			SSL_get_verify_mode(s)
6149			SSL * s
6150
6151			long
6152			SSL_get_verify_result(ssl)
6153			SSL * ssl
6154
6155			int
6156			SSL_renegotiate(s)
6157			SSL * s
6158
6159			#if OPENSSL_VERSION_NUMBER < 0x10000000L
6160
6161			int
6162			SSL_SESSION_cmp(a,b)
6163			SSL_SESSION * a
6164			SSL_SESSION * b
6165
6166			#endif
6167
6168			void *
6169			SSL_SESSION_get_ex_data(ss,idx)
6170			SSL_SESSION * ss
6171			int idx
6172
6173			long
6174			SSL_SESSION_get_time(s)
6175			SSL_SESSION * s
6176
6177			long
6178			SSL_SESSION_get_timeout(s)
6179			SSL_SESSION * s
6180
6181			int
6182			SSL_SESSION_print_fp(fp,ses)
6183			FILE * fp
6184			SSL_SESSION * ses
6185
6186			int
6187			SSL_SESSION_set_ex_data(ss,idx,data)
6188			SSL_SESSION * ss
6189			int idx
6190			void * data
6191
6192			long
6193			SSL_SESSION_set_time(s,t)
6194			SSL_SESSION * s
6195			long t
6196
6197			long
6198			SSL_SESSION_set_timeout(s,t)
6199			SSL_SESSION * s
6200			long t
6201
6202			void
6203			SSL_set_accept_state(s)
6204			SSL * s
6205
6206			void
6207			sk_X509_NAME_free(sk)
6208			X509_NAME_STACK *sk
6209
6210			int
6211			sk_X509_NAME_num(sk)
6212			X509_NAME_STACK *sk
6213
6214			X509_NAME *
6215			sk_X509_NAME_value(sk,i)
6216			X509_NAME_STACK *sk
6217			int i
6218
6219			X509_NAME_STACK *
6220			SSL_get_client_CA_list(s)
6221			SSL * s
6222
6223			void
6224			SSL_set_client_CA_list(s,list)
6225			SSL * s
6226			X509_NAME_STACK * list
6227
6228			void
6229			SSL_set_connect_state(s)
6230			SSL * s
6231
6232			int
6233			SSL_set_ex_data(ssl,idx,data)
6234			SSL * ssl
6235			int idx
6236			void * data
6237
6238
6239			void
6240			SSL_set_info_callback(ssl,callback,data=&PL_sv_undef)
6241			SSL * ssl
6242			SV * callback
6243			SV * data
6244			CODE:
6245	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6246	0		SSL_set_info_callback(ssl, NULL);
6247	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL);
6248	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL);
6249			} else {
6250	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback));
6251	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data));
6252	1		SSL_set_info_callback(ssl, ssleay_info_cb_invoke);
6253			}
6254
6255			void
6256			SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
6257			SSL_CTX * ctx
6258			SV * callback
6259			SV * data
6260			CODE:
6261	252	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6262	0		SSL_CTX_set_info_callback(ctx, NULL);
6263	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL);
6264	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL);
6265			} else {
6266	252		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback));
6267	252		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data));
6268	252		SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
6269			}
6270
6271			void
6272			SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
6273			SSL * ssl
6274			SV * callback
6275			SV * data
6276			CODE:
6277	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6278	1		SSL_set_msg_callback(ssl, NULL);
6279	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
6280	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
6281			} else {
6282	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
6283	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
6284	1		SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
6285			}
6286
6287			void
6288			SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
6289			SSL_CTX * ctx
6290			SV * callback
6291			SV * data
6292			CODE:
6293	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6294	1		SSL_CTX_set_msg_callback(ctx, NULL);
6295	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
6296	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
6297			} else {
6298	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
6299	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
6300	1		SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
6301			}
6302
6303
6304			#if (OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
6305
6306			void
6307			SSL_CTX_set_keylog_callback(SSL_CTX ctx, SV callback)
6308			CODE:
6309	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6310	1		SSL_CTX_set_keylog_callback(ctx, NULL);
6311	1		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL);
6312			} else {
6313	5		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback));
6314	5		SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke);
6315			}
6316
6317			SV *
6318			SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
6319			CODE:
6320	3		SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
6321			/* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */
6322	3		SvREFCNT_inc(func);
6323	3		RETVAL = func;
6324			OUTPUT:
6325			RETVAL
6326
6327			#endif
6328
6329			#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
6330
6331			void
6332			SSL_CTX_set_cert_cb(SSL_CTX ctx, SV callback, SV *arg=&PL_sv_undef)
6333			CODE:
6334	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
6335	1		SSL_CTX_set_cert_cb(ctx, NULL, NULL);
6336	1		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!func", NULL);
6337	1		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg", NULL);
6338			} else {
6339	2		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!func", newSVsv(callback));
6340	2		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_set_cert_cb!!arg", newSVsv(arg));
6341	2		SSL_CTX_set_cert_cb(ctx, ssl_ctx_set_cert_cb_invoke, NULL);
6342			}
6343
6344			#endif
6345
6346			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
6347
6348			void
6349			SSL_CTX_set_client_hello_cb(SSL_CTX ctx, SV callback, SV *arg=&PL_sv_undef)
6350			CODE:
6351	8	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
6352	0		SSL_CTX_set_client_hello_cb(ctx, NULL, NULL);
6353	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", NULL);
6354	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", NULL);
6355			} else {
6356	8		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", newSVsv(callback));
6357	8		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", newSVsv(arg));
6358	8		SSL_CTX_set_client_hello_cb(ctx, ssl_client_hello_cb_fn_invoke, NULL);
6359			}
6360
6361			int
6362			SSL_client_hello_isv2(SSL *s)
6363
6364			unsigned int
6365			SSL_client_hello_get0_legacy_version(SSL *s)
6366
6367			void
6368			SSL_client_hello_get0_random(SSL *s)
6369			PREINIT:
6370	2		const unsigned char *out = NULL;
6371			size_t outlen;
6372			CODE:
6373	2		outlen = SSL_client_hello_get0_random(s, &out);
6374	2	50	if (outlen == 0) XSRETURN_PV("");
6375	2		ST(0) = sv_newmortal();
6376	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6377
6378			void
6379			SSL_client_hello_get0_session_id(SSL *s)
6380			PREINIT:
6381	2		const unsigned char *out = NULL;
6382			size_t outlen;
6383			CODE:
6384	2		outlen = SSL_client_hello_get0_session_id(s, &out);
6385	2	100	if (outlen == 0) XSRETURN_PV("");
6386	1		ST(0) = sv_newmortal();
6387	1		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6388
6389			void
6390			SSL_client_hello_get0_ciphers(SSL *s)
6391			PREINIT:
6392	2		const unsigned char *out = NULL;
6393			size_t outlen;
6394			CODE:
6395	2		outlen = SSL_client_hello_get0_ciphers(s, &out);
6396	2	50	if (outlen == 0) XSRETURN_PV("");
6397	2		ST(0) = sv_newmortal();
6398	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6399
6400			void
6401			SSL_client_hello_get0_compression_methods(SSL *s)
6402			PREINIT:
6403	2		const unsigned char *out = NULL;
6404			size_t outlen;
6405			CODE:
6406	2		outlen = SSL_client_hello_get0_compression_methods(s, &out);
6407	2	50	if (outlen == 0) XSRETURN_PV("");
6408	2		ST(0) = sv_newmortal();
6409	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6410
6411			void
6412			SSL_client_hello_get1_extensions_present(SSL *s)
6413			PREINIT:
6414	2		int ret, *out = NULL, i;
6415			size_t outlen;
6416			AV *av;
6417			PPCODE:
6418	2		ret = SSL_client_hello_get1_extensions_present(s, &out, &outlen);
6419	2	50	if (ret != 1) XSRETURN_UNDEF;
6420
6421	2		av = newAV();
6422	2	50	mXPUSHs(newRV_noinc((SV*)av));
6423	11	100	for (i=0; i < outlen; i++) {
6424	9		av_push(av, newSViv(*(out + i)));
6425			}
6426	2		OPENSSL_free(out);
6427
6428			#if OPENSSL_VERSION_NUMBER >= 0x30200000L && !defined(LIBRESSL_VERSION_NUMBER)
6429
6430			void
6431			SSL_client_hello_get_extension_order(SSL *s)
6432			PREINIT:
6433			int ret, i;
6434			uint16_t *exts;
6435			size_t num_exts;
6436			AV *av;
6437			PPCODE:
6438			ret = SSL_client_hello_get_extension_order(s, NULL, &num_exts);
6439			if (ret != 1) XSRETURN_UNDEF;
6440
6441			Newx(exts, num_exts, uint16_t);
6442			ret = SSL_client_hello_get_extension_order(s, exts, &num_exts);
6443			if (ret != 1) {
6444			Safefree(exts);
6445			XSRETURN_UNDEF;
6446			}
6447
6448			av = newAV();
6449			mXPUSHs(newRV_noinc((SV*)av));
6450			for (i=0; i < num_exts; i++) {
6451			av_push(av, newSViv(*(exts + i)));
6452			}
6453			Safefree(exts);
6454
6455			#endif
6456
6457			void
6458			SSL_client_hello_get0_ext(SSL *s, unsigned int type)
6459			PREINIT:
6460			int ret;
6461	3		const unsigned char *out = NULL;
6462			size_t outlen;
6463			CODE:
6464	3		ret = SSL_client_hello_get0_ext(s, type, &out, &outlen);
6465	3	100	if (ret != 1) XSRETURN_UNDEF;
6466
6467	2		ST(0) = sv_newmortal();
6468	2		sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
6469
6470			#endif
6471
6472			int
6473			SSL_set_purpose(s,purpose)
6474			SSL * s
6475			int purpose
6476
6477			void
6478			SSL_set_quiet_shutdown(ssl,mode)
6479			SSL * ssl
6480			int mode
6481
6482			void
6483			SSL_set_shutdown(ssl,mode)
6484			SSL * ssl
6485			int mode
6486
6487			int
6488			SSL_set_trust(s,trust)
6489			SSL * s
6490			int trust
6491
6492			void
6493			SSL_set_verify_depth(s,depth)
6494			SSL * s
6495			int depth
6496
6497			void
6498			SSL_set_verify_result(ssl,v)
6499			SSL * ssl
6500			long v
6501
6502			int
6503			SSL_shutdown(s)
6504			SSL * s
6505
6506			const char *
6507			SSL_get_version(ssl)
6508			const SSL * ssl
6509
6510			int
6511			SSL_version(ssl)
6512			SSL * ssl
6513
6514			#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */
6515
6516			int
6517			SSL_client_version(ssl)
6518			const SSL * ssl
6519
6520			#endif
6521			#if (OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3030200fL) /* 1.1.0-pre6 or LibreSSL 3.3.2 */
6522
6523			int
6524			SSL_is_dtls(ssl)
6525			const SSL * ssl
6526
6527			#endif
6528
6529			#define REM_MANUALLY_ADDED_1_09
6530
6531			X509_NAME_STACK *
6532			SSL_load_client_CA_file(file)
6533			const char * file
6534
6535			int
6536			SSL_add_file_cert_subjects_to_stack(stackCAs,file)
6537			X509_NAME_STACK * stackCAs
6538			const char * file
6539
6540			#ifndef WIN32
6541			#ifndef VMS
6542			#ifndef MAC_OS_pre_X
6543
6544			int
6545			SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
6546			X509_NAME_STACK * stackCAs
6547			const char * dir
6548
6549			#endif
6550			#endif
6551			#endif
6552
6553			int
6554			SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6555			long argl
6556			void * argp
6557			CRYPTO_EX_new * new_func
6558			CRYPTO_EX_dup * dup_func
6559			CRYPTO_EX_free * free_func
6560
6561			int
6562			SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
6563			SSL_CTX * ctx
6564			const unsigned char * sid_ctx
6565			unsigned int sid_ctx_len
6566
6567			int
6568			SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
6569			SSL * ssl
6570			const unsigned char * sid_ctx
6571			unsigned int sid_ctx_len
6572
6573			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6574			void
6575			SSL_CTX_set_tmp_rsa_callback(ctx, cb)
6576			SSL_CTX * ctx
6577			cb_ssl_int_int_ret_RSA * cb
6578
6579			void
6580			SSL_set_tmp_rsa_callback(ssl, cb)
6581			SSL * ssl
6582			cb_ssl_int_int_ret_RSA * cb
6583
6584			#endif
6585
6586			void
6587			SSL_CTX_set_tmp_dh_callback(ctx, dh)
6588			SSL_CTX * ctx
6589			cb_ssl_int_int_ret_DH * dh
6590
6591			void
6592			SSL_set_tmp_dh_callback(ssl,dh)
6593			SSL * ssl
6594			cb_ssl_int_int_ret_DH * dh
6595
6596			int
6597			SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6598			long argl
6599			void * argp
6600			CRYPTO_EX_new * new_func
6601			CRYPTO_EX_dup * dup_func
6602			CRYPTO_EX_free * free_func
6603
6604			int
6605			SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
6606			long argl
6607			void * argp
6608			CRYPTO_EX_new * new_func
6609			CRYPTO_EX_dup * dup_func
6610			CRYPTO_EX_free * free_func
6611
6612			#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
6613
6614			long
6615			SSL_clear_num_renegotiations(ssl)
6616			SSL * ssl
6617			CODE:
6618	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
6619			OUTPUT:
6620			RETVAL
6621
6622			long
6623			SSL_CTX_add_extra_chain_cert(ctx,x509)
6624			SSL_CTX * ctx
6625			X509 * x509
6626			CODE:
6627	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
6628			OUTPUT:
6629			RETVAL
6630
6631			void *
6632			SSL_CTX_get_app_data(ctx)
6633			SSL_CTX * ctx
6634			CODE:
6635	0		RETVAL = SSL_CTX_get_ex_data(ctx,0);
6636			OUTPUT:
6637			RETVAL
6638
6639			long
6640			SSL_CTX_get_mode(ctx)
6641			SSL_CTX * ctx
6642			CODE:
6643	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
6644			OUTPUT:
6645			RETVAL
6646
6647			long
6648			SSL_CTX_get_read_ahead(ctx)
6649			SSL_CTX * ctx
6650			CODE:
6651	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
6652			OUTPUT:
6653			RETVAL
6654
6655			long
6656			SSL_CTX_get_session_cache_mode(ctx)
6657			SSL_CTX * ctx
6658			CODE:
6659	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
6660			OUTPUT:
6661			RETVAL
6662
6663			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6664			long
6665			SSL_CTX_need_tmp_RSA(ctx)
6666			SSL_CTX * ctx
6667			CODE:
6668			RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6669			OUTPUT:
6670			RETVAL
6671
6672			#endif
6673
6674			int
6675			SSL_CTX_set_app_data(ctx,arg)
6676			SSL_CTX * ctx
6677			char * arg
6678			CODE:
6679	0		RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
6680			OUTPUT:
6681			RETVAL
6682
6683			long
6684			SSL_CTX_set_mode(ctx,op)
6685			SSL_CTX * ctx
6686			long op
6687			CODE:
6688	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
6689			OUTPUT:
6690			RETVAL
6691
6692			long
6693			SSL_CTX_set_read_ahead(ctx,m)
6694			SSL_CTX * ctx
6695			long m
6696			CODE:
6697	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
6698			OUTPUT:
6699			RETVAL
6700
6701			long
6702			SSL_CTX_set_session_cache_mode(ctx,m)
6703			SSL_CTX * ctx
6704			long m
6705			CODE:
6706	10		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
6707			OUTPUT:
6708			RETVAL
6709
6710			long
6711			SSL_CTX_set_tmp_dh(ctx,dh)
6712			SSL_CTX * ctx
6713			DH * dh
6714
6715			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6716			long
6717			SSL_CTX_set_tmp_rsa(ctx,rsa)
6718			SSL_CTX * ctx
6719			RSA * rsa
6720
6721			#endif
6722
6723			#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
6724
6725			EC_KEY *
6726			EC_KEY_new_by_curve_name(nid)
6727			int nid
6728
6729			void
6730			EC_KEY_free(key)
6731			EC_KEY * key
6732
6733			long
6734			SSL_CTX_set_tmp_ecdh(ctx,ecdh)
6735			SSL_CTX * ctx
6736			EC_KEY * ecdh
6737
6738			int
6739			EVP_PKEY_assign_EC_KEY(pkey,key)
6740			EVP_PKEY * pkey
6741			EC_KEY * key
6742
6743
6744			EC_KEY *
6745			EC_KEY_generate_key(curve)
6746			SV *curve;
6747			PREINIT:
6748	1		EC_GROUP *group = NULL;
6749	1	50	EC_KEY *eckey = NULL;
6750			int nid;
6751			CODE:
6752	1		RETVAL = 0;
6753	1	50	if (SvIOK(curve)) {
6754	0		nid = SvIV(curve);
6755			} else {
6756	1		nid = OBJ_sn2nid(SvPV_nolen(curve));
6757			#if OPENSSL_VERSION_NUMBER > 0x10002000L
6758	1	50	if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
6759			#endif
6760	1	50	if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
6761			}
6762
6763	1		group = EC_GROUP_new_by_curve_name(nid);
6764	1	50	if (!group) croak("unknown curve nid=%d",nid);
6765	1		EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
6766
6767	1		eckey = EC_KEY_new();
6768	1	50	if ( eckey
6769	1	50	&& EC_KEY_set_group(eckey, group)
6770	1	50	&& EC_KEY_generate_key(eckey)) {
6771	1		RETVAL = eckey;
6772			} else {
6773	0	0	if (eckey) EC_KEY_free(eckey);
6774			}
6775	1	50	if (group) EC_GROUP_free(group);
6776
6777			OUTPUT:
6778			RETVAL
6779
6780
6781			#ifdef SSL_CTRL_SET_ECDH_AUTO
6782
6783			long
6784			SSL_CTX_set_ecdh_auto(ctx,onoff)
6785			SSL_CTX * ctx
6786			int onoff
6787
6788			long
6789			SSL_set_ecdh_auto(ssl,onoff)
6790			SSL * ssl
6791			int onoff
6792
6793			#endif
6794
6795			#ifdef SSL_CTRL_SET_CURVES_LIST
6796
6797			long
6798			SSL_CTX_set1_curves_list(ctx,list)
6799			SSL_CTX * ctx
6800			char * list
6801
6802			long
6803			SSL_set1_curves_list(ssl,list)
6804			SSL * ssl
6805			char * list
6806
6807			#endif
6808
6809			#if SSL_CTRL_SET_GROUPS_LIST
6810
6811			long
6812			SSL_CTX_set1_groups_list(ctx,list)
6813			SSL_CTX * ctx
6814			char * list
6815
6816			long
6817			SSL_set1_groups_list(ssl,list)
6818			SSL * ssl
6819			char * list
6820
6821			#endif
6822
6823
6824
6825			#endif
6826
6827			void *
6828			SSL_get_app_data(s)
6829			SSL * s
6830			CODE:
6831	0		RETVAL = SSL_get_ex_data(s,0);
6832			OUTPUT:
6833			RETVAL
6834
6835			int
6836			SSL_get_cipher_bits(s,np=NULL)
6837			SSL * s
6838			int * np
6839			CODE:
6840	0		RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
6841			OUTPUT:
6842			RETVAL
6843
6844			long
6845			SSL_get_mode(ssl)
6846			SSL * ssl
6847			CODE:
6848	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
6849			OUTPUT:
6850			RETVAL
6851
6852			void
6853			SSL_set_state(ssl,state)
6854			SSL * ssl
6855			int state
6856			CODE:
6857			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
6858			/* not available */
6859			#elif defined(OPENSSL_NO_SSL_INTERN)
6860			SSL_set_state(ssl,state);
6861			#else
6862			ssl->state = state;
6863			#endif
6864
6865			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6866			long
6867			SSL_need_tmp_RSA(ssl)
6868			SSL * ssl
6869			CODE:
6870			RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6871			OUTPUT:
6872			RETVAL
6873
6874
6875			#endif
6876
6877			long
6878			SSL_num_renegotiations(ssl)
6879			SSL * ssl
6880			CODE:
6881	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
6882			OUTPUT:
6883			RETVAL
6884
6885			void *
6886			SSL_SESSION_get_app_data(ses)
6887			SSL_SESSION * ses
6888			CODE:
6889	0		RETVAL = SSL_SESSION_get_ex_data(ses,0);
6890			OUTPUT:
6891			RETVAL
6892
6893			long
6894			SSL_session_reused(ssl)
6895			SSL * ssl
6896
6897			int
6898			SSL_SESSION_set_app_data(s,a)
6899			SSL_SESSION * s
6900			void * a
6901			CODE:
6902	0		RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
6903			OUTPUT:
6904			RETVAL
6905
6906			int
6907			SSL_set_app_data(s,arg)
6908			SSL * s
6909			void * arg
6910			CODE:
6911	0		RETVAL = SSL_set_ex_data(s,0,(char *)arg);
6912			OUTPUT:
6913			RETVAL
6914
6915			long
6916			SSL_set_mode(ssl,op)
6917			SSL * ssl
6918			long op
6919			CODE:
6920	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
6921			OUTPUT:
6922			RETVAL
6923
6924			int
6925			SSL_set_pref_cipher(s,n)
6926			SSL * s
6927			const char * n
6928			CODE:
6929	0		RETVAL = SSL_set_cipher_list(s,n);
6930			OUTPUT:
6931			RETVAL
6932
6933			long
6934			SSL_set_tmp_dh(ssl,dh)
6935			SSL * ssl
6936			DH * dh
6937
6938			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6939			long
6940			SSL_set_tmp_rsa(ssl,rsa)
6941			SSL * ssl
6942			char * rsa
6943			CODE:
6944			RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
6945			OUTPUT:
6946			RETVAL
6947
6948			#endif
6949
6950			BIGNUM *
6951			BN_dup(const BIGNUM *from)
6952
6953			void
6954			BN_clear(BIGNUM *bn)
6955
6956			void
6957			BN_clear_free(BIGNUM *bn)
6958
6959			void
6960			BN_free(BIGNUM *bn)
6961
6962			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6963
6964			RSA *
6965			RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6966			int bits
6967			unsigned long ee
6968			SV* perl_cb
6969			SV* perl_data
6970			PREINIT:
6971	7	50	simple_cb_data_t* cb_data = NULL;
6972			int rc;
6973			RSA * ret;
6974			BIGNUM *e;
6975			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6976			BN_GENCB *new_cb;
6977			#else
6978			BN_GENCB new_cb;
6979			#endif
6980			CODE:
6981			/* openssl 0.9.8 deprecated RSA_generate_key. */
6982			/* This equivalent was contributed by Brian Fraser for Android, */
6983			/* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */
6984			/* It should now be more versatile. */
6985			/* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
6986			/* instead BN_EGNCB_new() has to be used. */
6987	7		e = BN_new();
6988	7	50	if(!e)
6989	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
6990	7		BN_set_word(e, ee);
6991	7		cb_data = simple_cb_data_new(perl_cb, perl_data);
6992
6993	7		ret = RSA_new();
6994	7	50	if(!ret) {
6995	0		simple_cb_data_free(cb_data);
6996	0		BN_free(e);
6997	0		croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
6998			}
6999			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7000	7		new_cb = BN_GENCB_new();
7001	7	50	if(!new_cb) {
7002	0		simple_cb_data_free(cb_data);
7003	0		BN_free(e);
7004	0		RSA_free(ret);
7005	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n");
7006			}
7007	7		BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
7008	7		rc = RSA_generate_key_ex(ret, bits, e, new_cb);
7009	6		BN_GENCB_free(new_cb);
7010			#else
7011			BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
7012			rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
7013			#endif
7014	6		simple_cb_data_free(cb_data);
7015	6		BN_free(e);
7016	6	50	if (rc == -1 \|\| ret == NULL) {
		50
7017	0	0	if (ret) RSA_free(ret);
7018	0		croak("Net::SSLeay: Couldn't generate RSA key");
7019			}
7020	6		e = NULL;
7021	6	50	RETVAL = ret;
7022			OUTPUT:
7023			RETVAL
7024
7025			#else
7026
7027			RSA *
7028			RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
7029			int bits
7030			unsigned long e
7031			SV* perl_cb
7032			SV* perl_data
7033			PREINIT:
7034			simple_cb_data_t* cb = NULL;
7035			CODE:
7036			cb = simple_cb_data_new(perl_cb, perl_data);
7037			RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
7038			simple_cb_data_free(cb);
7039			OUTPUT:
7040			RETVAL
7041
7042			#endif
7043
7044			void
7045			RSA_get_key_parameters(rsa)
7046			RSA * rsa
7047			PREINIT:
7048			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
7049			const BIGNUM n, e, *d;
7050			const BIGNUM p, q;
7051			const BIGNUM dmp1, dmq1, *iqmp;
7052			#endif
7053			PPCODE:
7054			{
7055			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
7056	1		RSA_get0_key(rsa, &n, &e, &d);
7057	1		RSA_get0_factors(rsa, &p, &q);
7058	1		RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
7059			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
7060	1	50	XPUSHs(bn2sv(n));
7061	1	50	XPUSHs(bn2sv(e));
7062	1	50	XPUSHs(bn2sv(d));
7063	1	50	XPUSHs(bn2sv(p));
7064	1	50	XPUSHs(bn2sv(q));
7065	1	50	XPUSHs(bn2sv(dmp1));
7066	1	50	XPUSHs(bn2sv(dmq1));
7067	1	50	XPUSHs(bn2sv(iqmp));
7068			#else
7069			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
7070			XPUSHs(bn2sv(rsa->n));
7071			XPUSHs(bn2sv(rsa->e));
7072			XPUSHs(bn2sv(rsa->d));
7073			XPUSHs(bn2sv(rsa->p));
7074			XPUSHs(bn2sv(rsa->q));
7075			XPUSHs(bn2sv(rsa->dmp1));
7076			XPUSHs(bn2sv(rsa->dmq1));
7077			XPUSHs(bn2sv(rsa->iqmp));
7078			#endif
7079			}
7080
7081			void
7082			RSA_free(r)
7083			RSA * r
7084
7085			X509 *
7086			X509_new()
7087
7088			void
7089			X509_free(a)
7090			X509 * a
7091
7092			X509_CRL *
7093			d2i_X509_CRL_bio(BIO bp,X509_CRL *unused=NULL)
7094
7095			X509_REQ *
7096			d2i_X509_REQ_bio(BIO bp,X509_REQ *unused=NULL)
7097
7098			X509 *
7099			d2i_X509_bio(BIO bp,X509 *unused=NULL)
7100
7101			DH *
7102			PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
7103			BIO * bio
7104			DH ** x
7105			pem_password_cb * cb
7106			void * u
7107
7108			X509_CRL *
7109			PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
7110			BIO * bio
7111			X509_CRL ** x
7112			pem_password_cb * cb
7113			void * u
7114
7115			X509 *
7116			PEM_read_bio_X509(BIO bio,X509 x=NULL,pem_password_cb cb=NULL,void *u=NULL)
7117
7118			STACK_OF(X509_INFO) *
7119			PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL)
7120			BIO * bio
7121			STACK_OF(X509_INFO) * stack
7122			pem_password_cb * cb
7123			void * u
7124
7125			int
7126			sk_X509_INFO_num(stack)
7127			STACK_OF(X509_INFO) * stack
7128
7129			X509_INFO *
7130			sk_X509_INFO_value(stack, index)
7131			const STACK_OF(X509_INFO) * stack
7132			int index
7133
7134			void
7135			sk_X509_INFO_free(stack)
7136			STACK_OF(X509_INFO) * stack
7137
7138			STACK_OF(X509) *
7139			sk_X509_new_null()
7140
7141			void
7142			sk_X509_free(stack)
7143			STACK_OF(X509) * stack
7144
7145			int
7146			sk_X509_push(stack, data)
7147			STACK_OF(X509) * stack
7148			X509 * data
7149
7150			X509 *
7151			sk_X509_pop(stack)
7152			STACK_OF(X509) * stack
7153
7154			X509 *
7155			sk_X509_shift(stack)
7156			STACK_OF(X509) * stack
7157
7158			int
7159			sk_X509_unshift(stack,x509)
7160			STACK_OF(X509) * stack
7161			X509 * x509
7162
7163			int
7164			sk_X509_insert(stack,x509,index)
7165			STACK_OF(X509) * stack
7166			X509 * x509
7167			int index
7168
7169			X509 *
7170			sk_X509_delete(stack,index)
7171			STACK_OF(X509) * stack
7172			int index
7173
7174			X509 *
7175			sk_X509_value(stack,index)
7176			STACK_OF(X509) * stack
7177			int index
7178
7179			int
7180			sk_X509_num(stack)
7181			STACK_OF(X509) * stack
7182
7183			X509 *
7184			P_X509_INFO_get_x509(info)
7185			X509_INFO * info
7186			CODE:
7187	3	100	RETVAL = info->x509;
7188			OUTPUT:
7189			RETVAL
7190
7191			X509_REQ *
7192			PEM_read_bio_X509_REQ(BIO bio,X509_REQ x=NULL,pem_password_cb cb=NULL,void *u=NULL)
7193
7194			EVP_PKEY *
7195			PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
7196			BIO *bio
7197			SV* perl_cb
7198			SV* perl_data
7199			PREINIT:
7200	8	50	simple_cb_data_t* cb = NULL;
7201			CODE:
7202	8		RETVAL = 0;
7203	8	100	if (SvOK(perl_cb)) {
7204			/* setup our callback */
7205	2		cb = simple_cb_data_new(perl_cb, perl_data);
7206	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb);
7207	2		simple_cb_data_free(cb);
7208			}
7209	6	50	else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) {
		100
		50
7210			/* use perl_data as the password */
7211	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data));
7212			}
7213	4	50	else if (!SvOK(perl_cb) && !SvOK(perl_data)) {
		50
7214			/* will trigger default password callback */
7215	4		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
7216			}
7217			OUTPUT:
7218			RETVAL
7219
7220			void
7221			DH_free(dh)
7222			DH * dh
7223
7224			long
7225			SSL_total_renegotiations(ssl)
7226			SSL * ssl
7227			CODE:
7228	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
7229			OUTPUT:
7230			RETVAL
7231
7232			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7233			void
7234			SSL_SESSION_get_master_key(s)
7235			SSL_SESSION * s
7236			PREINIT:
7237			size_t master_key_length;
7238			unsigned char* master_key;
7239			CODE:
7240	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7241	0		master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
7242	0		New(0, master_key, master_key_length, unsigned char);
7243	0		SSL_SESSION_get_master_key(s, master_key, master_key_length);
7244	0		sv_setpvn(ST(0), (const char*)master_key, master_key_length);
7245	0		Safefree(master_key);
7246
7247			#else
7248			void
7249			SSL_SESSION_get_master_key(s)
7250			SSL_SESSION * s
7251			CODE:
7252			ST(0) = sv_newmortal(); /* Undefined to start with */
7253			sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
7254
7255			#endif
7256
7257			#if OPENSSL_VERSION_NUMBER < 0x10100000L
7258
7259			void
7260			SSL_SESSION_set_master_key(s,key)
7261			SSL_SESSION * s
7262			PREINIT:
7263			STRLEN len;
7264			INPUT:
7265			char * key = SvPV(ST(1), len);
7266			CODE:
7267			memcpy(s->master_key, key, len);
7268			s->master_key_length = len;
7269
7270			#endif
7271
7272			#if (OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER))
7273
7274			int
7275			SSL_SESSION_set1_master_key(SSL_SESSION *sess, in)
7276			PREINIT:
7277			STRLEN len;
7278			INPUT:
7279			const unsigned char in = (unsigned char)SvPV(ST(1), len);
7280			CODE:
7281	0		RETVAL = SSL_SESSION_set1_master_key(sess, in, len);
7282			OUTPUT:
7283			RETVAL
7284
7285			int
7286			SSL_SESSION_set_cipher(SSL_SESSION s, const SSL_CIPHER cipher)
7287
7288			int
7289			SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
7290
7291			#endif
7292
7293			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
7294
7295			const SSL_CIPHER *
7296			SSL_SESSION_get0_cipher(const SSL_SESSION *s)
7297
7298			#endif
7299
7300			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7301
7302			void
7303			SSL_get_client_random(s)
7304			SSL * s
7305			PREINIT:
7306			size_t random_length;
7307			unsigned char* random_data;
7308			CODE:
7309	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7310	0		random_length = SSL_get_client_random(s, 0, 0); /* get the length */
7311	0		New(0, random_data, random_length, unsigned char);
7312	0		SSL_get_client_random(s, random_data, random_length);
7313	0		sv_setpvn(ST(0), (const char*)random_data, random_length);
7314	0		Safefree(random_data);
7315
7316			#else
7317
7318			void
7319			SSL_get_client_random(s)
7320			SSL * s
7321			CODE:
7322			ST(0) = sv_newmortal(); /* Undefined to start with */
7323			sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
7324
7325			#endif
7326
7327			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7328
7329			void
7330			SSL_get_server_random(s)
7331			SSL * s
7332			PREINIT:
7333			size_t random_length;
7334			unsigned char* random_data;
7335			CODE:
7336	0		ST(0) = sv_newmortal(); /* Undefined to start with */
7337	0		random_length = SSL_get_server_random(s, 0, 0); /* get the length */
7338	0		New(0, random_data, random_length, unsigned char);
7339	0		SSL_get_server_random(s, random_data, random_length);
7340	0		sv_setpvn(ST(0), (const char*)random_data, random_length);
7341	0		Safefree(random_data);
7342
7343			#else
7344
7345			void
7346			SSL_get_server_random(s)
7347			SSL * s
7348			CODE:
7349			ST(0) = sv_newmortal(); /* Undefined to start with */
7350			sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
7351
7352			#endif
7353
7354			# AEAD ciphers require an Initialization Vector that has nonce
7355			# qualities. A part of the IV comes from PRF. This part is called
7356			# 'implicit'. See RFC 5246 section 6.2.3.3. Length of the 'implicit'
7357			# part of nonce for GCM and CCM mode ciphers is defined to be 4 by RFCs
7358			# 5288 and 6655, respectively, and the total length of nonce is 12
7359			# octets. Because of the above, SSL_get_keyblock_size adjusts
7360			# iv_length and does not fetch full nonce length from the PRF.
7361			int
7362			SSL_get_keyblock_size(s)
7363			SSL * s
7364			PREINIT:
7365			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7366			const SSL_CIPHER *ssl_cipher;
7367	1		int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
7368	1		const EVP_CIPHER *c = NULL;
7369	1	50	const EVP_MD *h = NULL;
7370			#endif
7371
7372			CODE:
7373			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
7374	1		ssl_cipher = SSL_get_current_cipher(s);
7375	1	50	if (ssl_cipher)
7376	1		cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
7377	1	50	if (cipher != NID_undef)
7378	1		c = EVP_get_cipherbynid(cipher);
7379
7380	1	50	if (ssl_cipher)
7381	1		digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
7382	1	50	if (digest != NID_undef) /* No digest if e.g., AEAD cipher */
7383	0		h = EVP_get_digestbynid(digest);
7384	1	50	if (h)
7385	0		mac_secret_size = EVP_MD_size(h);
7386
7387	1		RETVAL = -1;
7388	1	50	if (c) {
7389	1		int iv_length = EVP_CIPHER_iv_length(c);
7390	1		if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
7391	0		EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
7392	1		iv_length = 4;
7393	1		RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size +
7394			iv_length);
7395			}
7396			#else
7397			if (s == NULL \|\|
7398			s->enc_read_ctx == NULL \|\|
7399			s->enc_read_ctx->cipher == NULL \|\|
7400			s->read_hash == NULL)
7401			{
7402			RETVAL = -1;
7403			}
7404			else
7405			{
7406			const EVP_CIPHER *c;
7407			const EVP_MD *h;
7408			int iv_length = -1;
7409			int md_size = -1;
7410			c = s->enc_read_ctx->cipher;
7411			iv_length = EVP_CIPHER_iv_length(c);
7412			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
7413			if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE \|\|
7414			EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
7415			iv_length = 4;
7416			h = NULL;
7417			if (s->s3)
7418			md_size = s->s3->tmp.new_mac_secret_size;
7419			#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
7420			h = EVP_MD_CTX_md(s->read_hash);
7421			md_size = EVP_MD_size(h);
7422			#else
7423			h = s->read_hash;
7424			md_size = EVP_MD_size(h);
7425			#endif
7426			/* No digest if e.g., AEAD cipher */
7427			RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) +
7428			md_size +
7429			iv_length))
7430			: -1;
7431			}
7432			#endif
7433
7434			OUTPUT:
7435			RETVAL
7436
7437
7438
7439			#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
7440
7441			void
7442			SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef)
7443			SSL * s
7444			SV * callback
7445			SV * data
7446			CODE:
7447	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7448	0		SSL_set_session_secret_cb(s, NULL, NULL);
7449	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL);
7450	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL);
7451			}
7452			else {
7453	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
7454	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
7455	0		SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
7456			}
7457
7458			#endif
7459
7460			#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
7461
7462			void
7463			SSL_set_psk_client_callback(s,callback=&PL_sv_undef)
7464			SSL * s
7465			SV * callback
7466			CODE:
7467	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7468	0		SSL_set_psk_client_callback(s, NULL);
7469	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL);
7470			}
7471			else {
7472	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback));
7473	0		SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke);
7474			}
7475
7476			void
7477			SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef)
7478			SSL_CTX * ctx
7479			SV * callback
7480			CODE:
7481	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
7482	0		SSL_CTX_set_psk_client_callback(ctx, NULL);
7483	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL);
7484			}
7485			else {
7486	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback));
7487	0		SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke);
7488			}
7489
7490			int
7491			SSL_use_psk_identity_hint(SSL ssl, const char hint)
7492
7493			int
7494			SSL_CTX_use_psk_identity_hint(SSL_CTX ctx, const char hint)
7495
7496			void
7497			SSL_set_psk_server_callback(ssl,cb=&PL_sv_undef)
7498			SSL * ssl
7499			SV * cb
7500			CODE:
7501	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7502	0		SSL_set_psk_server_callback(ssl, NULL);
7503	0		cb_data_advanced_put(ssl, "ssleay_set_psk_server_callback!!func", NULL);
7504			}
7505			else {
7506	0		cb_data_advanced_put(ssl, "ssleay_set_psk_server_callback!!func", newSVsv(cb));
7507	0		SSL_set_psk_server_callback(ssl, ssleay_set_psk_server_callback_invoke);
7508			}
7509
7510			void
7511			SSL_CTX_set_psk_server_callback(ctx,cb=&PL_sv_undef)
7512			SSL_CTX * ctx
7513			SV * cb
7514			CODE:
7515	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7516	0		SSL_CTX_set_psk_server_callback(ctx, NULL);
7517	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_server_callback!!func", NULL);
7518			}
7519			else {
7520	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_server_callback!!func", newSVsv(cb));
7521	0		SSL_CTX_set_psk_server_callback(ctx, ssleay_ctx_set_psk_server_callback_invoke);
7522			}
7523
7524			#if OPENSSL_VERSION_NUMBER >= 0x10101001L
7525
7526			void
7527			SSL_set_psk_find_session_callback(s,cb=&PL_sv_undef)
7528			SSL * s
7529			SV * cb
7530			CODE:
7531	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7532	0		SSL_set_psk_find_session_callback(s, NULL);
7533	0		cb_data_advanced_put(s, "ssleay_set_psk_find_session_callback!!func", NULL);
7534			}
7535			else {
7536	0		cb_data_advanced_put(s, "ssleay_set_psk_find_session_callback!!func", newSVsv(cb));
7537	0		SSL_set_psk_find_session_callback(s, ssleay_set_psk_find_session_callback_invoke);
7538			}
7539
7540			void
7541			SSL_CTX_set_psk_find_session_callback(ctx,cb=&PL_sv_undef)
7542			SSL_CTX * ctx
7543			SV * cb
7544			CODE:
7545	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7546	0		SSL_CTX_set_psk_find_session_callback(ctx, NULL);
7547	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_find_session_callback!!func", NULL);
7548			}
7549			else {
7550	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_find_session_callback!!func", newSVsv(cb));
7551	0		SSL_CTX_set_psk_find_session_callback(ctx, ssleay_ctx_set_psk_find_session_callback_invoke);
7552			}
7553
7554			void
7555			SSL_set_psk_use_session_callback(s,cb=&PL_sv_undef)
7556			SSL * s
7557			SV * cb
7558			CODE:
7559	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7560	0		SSL_set_psk_use_session_callback(s, NULL);
7561	0		cb_data_advanced_put(s, "ssleay_set_psk_use_session_callback!!func", NULL);
7562			}
7563			else {
7564	0		cb_data_advanced_put(s, "ssleay_set_psk_use_session_callback!!func", newSVsv(cb));
7565	0		SSL_set_psk_use_session_callback(s, ssleay_set_psk_use_session_callback_invoke);
7566			}
7567
7568			void
7569			SSL_CTX_set_psk_use_session_callback(ctx,cb=&PL_sv_undef)
7570			SSL_CTX * ctx
7571			SV * cb
7572			CODE:
7573	0	0	if (cb==NULL \|\| !SvOK(cb)) {
		0
7574	0		SSL_CTX_set_psk_use_session_callback(ctx, NULL);
7575	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_use_session_callback!!func", NULL);
7576			}
7577			else {
7578	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_use_session_callback!!func", newSVsv(cb));
7579	0		SSL_CTX_set_psk_use_session_callback(ctx, ssleay_ctx_set_psk_use_session_callback_invoke);
7580			}
7581
7582			#endif
7583			#endif
7584
7585			#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB
7586
7587			void
7588			SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
7589			SSL_CTX * ctx
7590			SV * callback
7591			SV * data
7592			CODE:
7593	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
7594	0		SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL);
7595	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL);
7596	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL);
7597			}
7598			else {
7599	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback));
7600	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data));
7601	3		SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke);
7602			}
7603
7604
7605			#endif
7606
7607			#if !defined(LIBRESSL_VERSION_NUMBER) \|\| (LIBRESSL_VERSION_NUMBER < 0x3090000fL) /* LibreSSL < 3.9.0 */
7608
7609			int EVP_add_digest(const EVP_MD *digest)
7610
7611			#endif
7612
7613			#ifndef OPENSSL_NO_SHA
7614
7615			const EVP_MD *EVP_sha1()
7616
7617			#endif
7618			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
7619
7620			const EVP_MD *EVP_sha256()
7621
7622			#endif
7623			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
7624
7625			const EVP_MD *EVP_sha512()
7626
7627			#endif
7628			void OpenSSL_add_all_digests()
7629
7630			const EVP_MD * EVP_get_digestbyname(const char *name)
7631
7632			int EVP_MD_type(const EVP_MD *md)
7633
7634			int EVP_MD_size(const EVP_MD *md)
7635
7636			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
7637
7638			const char *
7639			EVP_MD_get0_description(const EVP_MD *md)
7640
7641			const char *
7642			EVP_MD_get0_name(const EVP_MD *md)
7643
7644			int
7645			EVP_MD_get_type(const EVP_MD *md)
7646
7647			#endif
7648
7649			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
7650
7651			SV*
7652			P_EVP_MD_list_all()
7653			INIT:
7654			AV * results;
7655			CODE:
7656	2		results = (AV )sv_2mortal((SV )newAV());
7657	2		EVP_MD_do_all_sorted(handler_list_md_fn, results);
7658	2		RETVAL = newRV((SV *)results);
7659			OUTPUT:
7660			RETVAL
7661
7662			#endif
7663
7664			const EVP_MD EVP_MD_CTX_md(const EVP_MD_CTX ctx)
7665
7666			EVP_MD_CTX *EVP_MD_CTX_create()
7667
7668			int EVP_DigestInit(EVP_MD_CTX ctx, const EVP_MD type)
7669
7670			int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
7671
7672			void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
7673
7674			void
7675			EVP_DigestUpdate(ctx,data)
7676			PREINIT:
7677			STRLEN len;
7678			INPUT:
7679			EVP_MD_CTX ctx = INT2PTR(EVP_MD_CTX , SvIV(ST(0)));
7680			unsigned char data = (unsigned char ) SvPV(ST(1), len);
7681			CODE:
7682	6100		XSRETURN_IV(EVP_DigestUpdate(ctx,data,len));
7683
7684			void
7685			EVP_DigestFinal(ctx)
7686			EVP_MD_CTX *ctx
7687			INIT:
7688			unsigned char md[EVP_MAX_MD_SIZE];
7689			unsigned int md_size;
7690			CODE:
7691	46	50	if (EVP_DigestFinal(ctx,md,&md_size))
7692	46		XSRETURN_PVN((char *)md, md_size);
7693			else
7694	0		XSRETURN_UNDEF;
7695
7696			void
7697			EVP_DigestFinal_ex(ctx)
7698			EVP_MD_CTX *ctx
7699			INIT:
7700			unsigned char md[EVP_MAX_MD_SIZE];
7701			unsigned int md_size;
7702			CODE:
7703	6	50	if (EVP_DigestFinal_ex(ctx,md,&md_size))
7704	6		XSRETURN_PVN((char *)md, md_size);
7705			else
7706	0		XSRETURN_UNDEF;
7707
7708			void
7709			EVP_Digest(...)
7710			PREINIT:
7711			STRLEN len;
7712			unsigned char md[EVP_MAX_MD_SIZE];
7713			unsigned int md_size;
7714			INPUT:
7715			unsigned char data = (unsigned char ) SvPV(ST(0), len);
7716			EVP_MD type = INT2PTR(EVP_MD , SvIV(ST(1)));
7717			ENGINE impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE , SvIV(ST(2))) : NULL;
7718			CODE:
7719	40	50	if (EVP_Digest(data,len,md,&md_size,type,impl))
7720	40		XSRETURN_PVN((char *)md, md_size);
7721			else
7722	0		XSRETURN_UNDEF;
7723
7724			const EVP_CIPHER *
7725			EVP_get_cipherbyname(const char *name)
7726
7727			void
7728			OpenSSL_add_all_algorithms()
7729
7730			void
7731			OPENSSL_add_all_algorithms_noconf()
7732
7733			void
7734			OPENSSL_add_all_algorithms_conf()
7735
7736			#if OPENSSL_VERSION_NUMBER >= 0x10000003L
7737
7738			int
7739			SSL_CTX_set1_param(ctx, vpm)
7740			SSL_CTX * ctx
7741			X509_VERIFY_PARAM *vpm
7742
7743			int
7744			SSL_set1_param(ctx, vpm)
7745			SSL * ctx
7746			X509_VERIFY_PARAM *vpm
7747
7748			#endif
7749
7750			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
7751
7752			X509_VERIFY_PARAM *
7753			X509_VERIFY_PARAM_new()
7754
7755			void
7756			X509_VERIFY_PARAM_free(param)
7757			X509_VERIFY_PARAM *param
7758
7759			int
7760			X509_VERIFY_PARAM_inherit(to, from)
7761			X509_VERIFY_PARAM *to
7762			X509_VERIFY_PARAM *from
7763
7764			int
7765			X509_VERIFY_PARAM_set1(to, from)
7766			X509_VERIFY_PARAM *to
7767			X509_VERIFY_PARAM *from
7768
7769			int
7770			X509_VERIFY_PARAM_set1_name(param, name)
7771			X509_VERIFY_PARAM *param
7772			const char *name
7773
7774			int
7775			X509_VERIFY_PARAM_set_flags(param, flags)
7776			X509_VERIFY_PARAM *param
7777			unsigned long flags
7778
7779			#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
7780			#define REM13 "NOTE: requires 0.9.8a+"
7781
7782			int
7783			X509_VERIFY_PARAM_clear_flags(param, flags)
7784			X509_VERIFY_PARAM *param
7785			unsigned long flags
7786
7787			unsigned long
7788			X509_VERIFY_PARAM_get_flags(param)
7789			X509_VERIFY_PARAM *param
7790
7791			#endif
7792
7793			int
7794			X509_VERIFY_PARAM_set_purpose(param, purpose)
7795			X509_VERIFY_PARAM *param
7796			int purpose
7797
7798			int
7799			X509_VERIFY_PARAM_set_trust(param, trust)
7800			X509_VERIFY_PARAM *param
7801			int trust
7802
7803			void
7804			X509_VERIFY_PARAM_set_depth(param, depth)
7805			X509_VERIFY_PARAM *param
7806			int depth
7807
7808			void
7809			X509_VERIFY_PARAM_set_time(param, t)
7810			X509_VERIFY_PARAM *param
7811			time_t t
7812
7813			int
7814			X509_VERIFY_PARAM_add0_policy(param, policy)
7815			X509_VERIFY_PARAM *param
7816			ASN1_OBJECT *policy
7817
7818			int
7819			X509_VERIFY_PARAM_set1_policies(param, policies)
7820			X509_VERIFY_PARAM *param
7821			STACK_OF(ASN1_OBJECT) *policies
7822
7823			int
7824			X509_VERIFY_PARAM_get_depth(param)
7825			X509_VERIFY_PARAM *param
7826
7827			int
7828			X509_VERIFY_PARAM_add0_table(param)
7829			X509_VERIFY_PARAM *param
7830
7831			const X509_VERIFY_PARAM *
7832			X509_VERIFY_PARAM_lookup(name)
7833			const char *name
7834
7835			void
7836			X509_VERIFY_PARAM_table_cleanup()
7837
7838			#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7839
7840			X509_VERIFY_PARAM *
7841			SSL_CTX_get0_param(ctx)
7842			SSL_CTX * ctx
7843
7844			X509_VERIFY_PARAM *
7845			SSL_get0_param(ssl)
7846			SSL * ssl
7847
7848			int
7849			X509_VERIFY_PARAM_set1_host(param, name)
7850			X509_VERIFY_PARAM *param
7851			PREINIT:
7852			STRLEN namelen;
7853			INPUT:
7854			const char * name = SvPV(ST(1), namelen);
7855			CODE:
7856	2		RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen);
7857			OUTPUT:
7858			RETVAL
7859
7860			int
7861			X509_VERIFY_PARAM_set1_email(param, email)
7862			X509_VERIFY_PARAM *param
7863			PREINIT:
7864			STRLEN emaillen;
7865			INPUT:
7866			const char * email = SvPV(ST(1), emaillen);
7867			CODE:
7868	2		RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen);
7869			OUTPUT:
7870			RETVAL
7871
7872			int
7873			X509_VERIFY_PARAM_set1_ip(param, ip)
7874			X509_VERIFY_PARAM *param
7875			PREINIT:
7876			STRLEN iplen;
7877			INPUT:
7878			const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen);
7879			CODE:
7880	6		RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen);
7881			OUTPUT:
7882			RETVAL
7883
7884			int
7885			X509_VERIFY_PARAM_set1_ip_asc(param, ipasc)
7886			X509_VERIFY_PARAM *param
7887			const char *ipasc
7888
7889			#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7890
7891			#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7892
7893			int
7894			X509_VERIFY_PARAM_add1_host(param, name)
7895			X509_VERIFY_PARAM *param
7896			PREINIT:
7897			STRLEN namelen;
7898			INPUT:
7899			const char * name = SvPV(ST(1), namelen);
7900			CODE:
7901	1		RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen);
7902			OUTPUT:
7903			RETVAL
7904
7905			void
7906			X509_VERIFY_PARAM_set_hostflags(param, flags)
7907			X509_VERIFY_PARAM *param
7908			unsigned int flags
7909
7910			char *
7911			X509_VERIFY_PARAM_get0_peername(param)
7912			X509_VERIFY_PARAM *param
7913
7914			#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7915
7916			#if !defined(LIBRESSL_VERSION_NUMBER) \|\| (LIBRESSL_VERSION_NUMBER < 0x3080000fL) /* LibreSSL < 3.8.0 */
7917			void
7918			X509_policy_tree_free(tree)
7919			X509_POLICY_TREE *tree
7920
7921			int
7922			X509_policy_tree_level_count(tree)
7923			X509_POLICY_TREE *tree
7924
7925			X509_POLICY_LEVEL *
7926			X509_policy_tree_get0_level(tree, i)
7927			X509_POLICY_TREE *tree
7928			int i
7929
7930			STACK_OF(X509_POLICY_NODE) *
7931			X509_policy_tree_get0_policies(tree)
7932			X509_POLICY_TREE *tree
7933
7934			STACK_OF(X509_POLICY_NODE) *
7935			X509_policy_tree_get0_user_policies(tree)
7936			X509_POLICY_TREE *tree
7937
7938			int
7939			X509_policy_level_node_count(level)
7940			X509_POLICY_LEVEL *level
7941
7942			X509_POLICY_NODE *
7943			X509_policy_level_get0_node(level, i)
7944			X509_POLICY_LEVEL *level
7945			int i
7946
7947			const ASN1_OBJECT *
7948			X509_policy_node_get0_policy(node)
7949			const X509_POLICY_NODE *node
7950
7951			STACK_OF(POLICYQUALINFO) *
7952			X509_policy_node_get0_qualifiers(node)
7953			X509_POLICY_NODE *node
7954
7955			const X509_POLICY_NODE *
7956			X509_policy_node_get0_parent(node)
7957			const X509_POLICY_NODE *node
7958
7959			#endif /* LibreSSL < 3.8.0 */
7960			#endif
7961
7962			ASN1_OBJECT *
7963			OBJ_dup(o)
7964			ASN1_OBJECT *o
7965
7966			ASN1_OBJECT *
7967			OBJ_nid2obj(n)
7968			int n
7969
7970			const char *
7971			OBJ_nid2ln(n)
7972			int n
7973
7974			const char *
7975			OBJ_nid2sn(n)
7976			int n
7977
7978			int
7979			OBJ_obj2nid(o)
7980			ASN1_OBJECT *o
7981
7982			ASN1_OBJECT *
7983			OBJ_txt2obj(s, no_name=0)
7984			const char *s
7985			int no_name
7986
7987			void
7988			OBJ_obj2txt(a, no_name=0)
7989			ASN1_OBJECT *a
7990			int no_name
7991			PREINIT:
7992			char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
7993			int len;
7994			CODE:
7995	73		len = OBJ_obj2txt(buf, sizeof(buf), a, no_name);
7996	73		ST(0) = sv_newmortal();
7997	73		sv_setpvn(ST(0), buf, len);
7998
7999			int
8000			OBJ_txt2nid(s)
8001			const char *s
8002
8003			int
8004			OBJ_ln2nid(s)
8005			const char *s
8006
8007			int
8008			OBJ_sn2nid(s)
8009			const char *s
8010
8011			int
8012			OBJ_cmp(a, b)
8013			ASN1_OBJECT *a
8014			ASN1_OBJECT *b
8015
8016			void
8017			X509_pubkey_digest(data,type)
8018			const X509 *data
8019			const EVP_MD *type
8020			PREINIT:
8021			unsigned char md[EVP_MAX_MD_SIZE];
8022			unsigned int md_size;
8023			PPCODE:
8024	4	50	if (X509_pubkey_digest(data,type,md,&md_size))
8025	4		XSRETURN_PVN((char *)md, md_size);
8026			else
8027	0		XSRETURN_UNDEF;
8028
8029			void
8030			X509_digest(data,type)
8031			const X509 *data
8032			const EVP_MD *type
8033			PREINIT:
8034			unsigned char md[EVP_MAX_MD_SIZE];
8035			unsigned int md_size;
8036			PPCODE:
8037	4	50	if (X509_digest(data,type,md,&md_size))
8038	4		XSRETURN_PVN((char *)md, md_size);
8039	0		XSRETURN_UNDEF;
8040
8041			void
8042			X509_CRL_digest(data,type)
8043			const X509_CRL *data
8044			const EVP_MD *type
8045			PREINIT:
8046			unsigned char md[EVP_MAX_MD_SIZE];
8047			unsigned int md_size;
8048			PPCODE:
8049	1	50	if (X509_CRL_digest(data,type,md,&md_size))
8050	1		XSRETURN_PVN((char *)md, md_size);
8051	0		XSRETURN_UNDEF;
8052
8053			void
8054			X509_REQ_digest(data,type)
8055			const X509_REQ *data
8056			const EVP_MD *type
8057			PREINIT:
8058			unsigned char md[EVP_MAX_MD_SIZE];
8059			unsigned int md_size;
8060			PPCODE:
8061	1	50	if (X509_REQ_digest(data,type,md,&md_size))
8062	1		XSRETURN_PVN((char *)md, md_size);
8063	0		XSRETURN_UNDEF;
8064
8065			void
8066			X509_NAME_digest(data,type)
8067			const X509_NAME *data
8068			const EVP_MD *type
8069			PREINIT:
8070			unsigned char md[EVP_MAX_MD_SIZE];
8071			unsigned int md_size;
8072			PPCODE:
8073	0	0	if (X509_NAME_digest(data,type,md,&md_size))
8074	0		XSRETURN_PVN((char *)md, md_size);
8075	0		XSRETURN_UNDEF;
8076
8077			unsigned long
8078			X509_subject_name_hash(X509 *x)
8079
8080			unsigned long
8081			X509_issuer_name_hash(X509 *a)
8082
8083			unsigned long
8084			X509_issuer_and_serial_hash(X509 *a)
8085
8086			ASN1_OBJECT *
8087			P_X509_get_signature_alg(x)
8088			X509 * x
8089			CODE:
8090			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
8091	4	100	RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
8092			#else
8093			RETVAL = (x->cert_info->signature->algorithm);
8094			#endif
8095			OUTPUT:
8096			RETVAL
8097
8098			ASN1_OBJECT *
8099			P_X509_get_pubkey_alg(x)
8100			X509 * x
8101			PREINIT:
8102			CODE:
8103			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8104			{
8105			X509_ALGOR * algor;
8106	4		X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
8107	4	100	RETVAL = (algor->algorithm);
8108			}
8109			#else
8110			RETVAL = (x->cert_info->key->algor->algorithm);
8111			#endif
8112			OUTPUT:
8113			RETVAL
8114
8115			void
8116			X509_get_X509_PUBKEY(x)
8117			const X509 *x
8118			PREINIT:
8119			X509_PUBKEY *pkey;
8120			STRLEN len;
8121			unsigned char pc, pi;
8122			PPCODE:
8123	1	50	if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate");
8124	1	50	if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key");
8125	1		Newx(pc,len,unsigned char);
8126	1	50	if (!pc) croak("out of memory");
8127	1		pi = pc;
8128	1		i2d_X509_PUBKEY(pkey, &pi);
8129	1	50	if (pi-pc != len) croak("invalid encoded length");
8130	1	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8131	1		Safefree(pc);
8132
8133			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
8134
8135			int
8136			SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef)
8137			SSL_CTX * ctx
8138			SV * callback
8139			SV * data
8140			CODE:
8141	1		RETVAL = 1;
8142	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8143	0		SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL);
8144	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
8145	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL);
8146			PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n");
8147			}
8148	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8149			/* callback param array ref like ['proto1','proto2'] */
8150	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
8151	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback));
8152	1		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
8153			PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx);
8154			}
8155	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8156	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback));
8157	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data));
8158	0		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
8159			PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx);
8160			}
8161			else {
8162	0		RETVAL = 0;
8163			}
8164			OUTPUT:
8165			RETVAL
8166
8167			int
8168			SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef)
8169			SSL_CTX * ctx
8170			SV * callback
8171			SV * data
8172			CODE:
8173	1		RETVAL = 1;
8174	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8175	0		SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL);
8176	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
8177	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL);
8178			PR1("SSL_CTX_set_next_proto_select_cb - undef\n");
8179			}
8180	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8181			/* callback param array ref like ['proto1','proto2'] */
8182	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
8183	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback));
8184	1		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
8185			PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx);
8186			}
8187	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8188	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback));
8189	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data));
8190	0		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
8191			PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx);
8192			}
8193			else {
8194	0		RETVAL = 0;
8195			}
8196			OUTPUT:
8197			RETVAL
8198
8199			void
8200			P_next_proto_negotiated(s)
8201			const SSL *s
8202			PREINIT:
8203			const unsigned char *data;
8204			unsigned int len;
8205			PPCODE:
8206	2		SSL_get0_next_proto_negotiated(s, &data, &len);
8207	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
8208
8209			void
8210			P_next_proto_last_status(s)
8211			const SSL *s
8212			PPCODE:
8213	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status"))));
8214
8215			#endif
8216
8217			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
8218
8219			#if !defined(OPENSSL_NO_TLSEXT)
8220
8221			int
8222			SSL_set_tlsext_status_type(SSL *ssl,int cmd)
8223
8224			long
8225			SSL_set_tlsext_status_ocsp_resp(ssl,staple)
8226			SSL * ssl
8227			PREINIT:
8228			char * p;
8229			STRLEN staplelen;
8230			INPUT:
8231			char * staple = SvPV( ST(1), staplelen);
8232			CODE:
8233			/* OpenSSL will free the memory */
8234	0		New(0, p, staplelen, char);
8235	0		memcpy(p, staple, staplelen);
8236	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p);
8237			OUTPUT:
8238			RETVAL
8239
8240			int
8241			SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef)
8242			SSL_CTX * ctx
8243			SV * callback
8244			SV * data
8245			CODE:
8246	0		RETVAL = 1;
8247	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
8248	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL);
8249	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL);
8250	0		SSL_CTX_set_tlsext_status_cb(ctx, NULL);
8251	0	0	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8252	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback));
8253	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data));
8254	0		SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke);
8255			} else {
8256	0		croak("argument must be code reference");
8257			}
8258			OUTPUT:
8259			RETVAL
8260
8261			int
8262			SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef)
8263			SSL * ssl
8264			SV * callback
8265			SV * data
8266			CODE:
8267	1		RETVAL = 1;
8268	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8269	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL);
8270	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL);
8271	0		SSL_set_session_ticket_ext_cb(ssl, NULL, NULL);
8272	1	50	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		50
8273	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback));
8274	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data));
8275	1		SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl);
8276			} else {
8277	0		croak("argument must be code reference");
8278			}
8279			OUTPUT:
8280			RETVAL
8281
8282			int
8283			SSL_set_session_ticket_ext(ssl,ticket)
8284			SSL *ssl
8285			PREINIT:
8286			unsigned char * p;
8287			STRLEN ticketlen;
8288			INPUT:
8289			unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen);
8290			CODE:
8291	1		RETVAL = 0;
8292	1	50	if (ticketlen > 0) {
8293	1		Newx(p, ticketlen, unsigned char);
8294	1	50	if (!p)
8295	0		croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n");
8296	1		memcpy(p, ticket, ticketlen);
8297	1		RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen);
8298	1		Safefree(p);
8299			}
8300			OUTPUT:
8301			RETVAL
8302
8303			#endif
8304
8305			OCSP_RESPONSE *
8306			d2i_OCSP_RESPONSE(pv)
8307			SV *pv
8308			CODE:
8309	0		RETVAL = NULL;
8310	0	0	if (SvPOK(pv)) {
8311			const unsigned char *p;
8312			STRLEN len;
8313	0		p = (unsigned char*)SvPV(pv,len);
8314	0		RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len);
8315			}
8316			OUTPUT:
8317			RETVAL
8318
8319			void
8320			i2d_OCSP_RESPONSE(r)
8321			OCSP_RESPONSE * r
8322			PREINIT:
8323			STRLEN len;
8324			unsigned char pc,pi;
8325			PPCODE:
8326	0	0	if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response");
8327	0		Newx(pc,len,unsigned char);
8328	0	0	if (!pc) croak("out of memory");
8329	0		pi = pc;
8330	0		i2d_OCSP_RESPONSE(r,&pi);
8331	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8332	0		Safefree(pc);
8333
8334			void
8335			OCSP_RESPONSE_free(r)
8336			OCSP_RESPONSE * r
8337
8338
8339			OCSP_REQUEST *
8340			d2i_OCSP_REQUEST(pv)
8341			SV *pv
8342			CODE:
8343	0		RETVAL = NULL;
8344	0	0	if (SvPOK(pv)) {
8345			const unsigned char *p;
8346			STRLEN len;
8347	0		p = (unsigned char*)SvPV(pv,len);
8348	0		RETVAL = d2i_OCSP_REQUEST(NULL,&p,len);
8349			}
8350			OUTPUT:
8351			RETVAL
8352
8353			void
8354			i2d_OCSP_REQUEST(r)
8355			OCSP_REQUEST * r
8356			PREINIT:
8357			STRLEN len;
8358			unsigned char pc,pi;
8359			PPCODE:
8360	0	0	if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request");
8361	0		Newx(pc,len,unsigned char);
8362	0	0	if (!pc) croak("out of memory");
8363	0		pi = pc;
8364	0		i2d_OCSP_REQUEST(r,&pi);
8365	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
8366	0		Safefree(pc);
8367
8368
8369			void
8370			OCSP_REQUEST_free(r)
8371			OCSP_REQUEST * r
8372
8373
8374			const char *
8375			OCSP_response_status_str(long status)
8376
8377			long
8378			OCSP_response_status(OCSP_RESPONSE *r)
8379
8380			void
8381			SSL_OCSP_cert2ids(ssl,...)
8382			SSL *ssl
8383			PREINIT:
8384			SSL_CTX *ctx;
8385			X509_STORE *store;
8386			STACK_OF(X509) *chain;
8387			X509 cert,issuer;
8388			OCSP_CERTID *id;
8389			int i;
8390			STRLEN len;
8391			unsigned char *pi;
8392			PPCODE:
8393
8394	0	0	if (!ssl) croak("not a SSL object");
8395	0		ctx = SSL_get_SSL_CTX(ssl);
8396	0	0	if (!ctx) croak("invalid SSL object - no context");
8397	0		store = SSL_CTX_get_cert_store(ctx);
8398	0		chain = SSL_get_peer_cert_chain(ssl);
8399
8400	0	0	for(i=0;i
8401	0		cert = INT2PTR(X509*,SvIV(ST(i+1)));
8402	0	0	if (X509_check_issued(cert,cert) == X509_V_OK)
8403	0		croak("no OCSP request for self-signed certificate");
8404	0	0	if (!(issuer = find_issuer(cert,store,chain)))
8405	0		croak("cannot find issuer certificate");
8406	0		id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
8407	0		X509_free(issuer);
8408	0	0	if (!id)
8409	0		croak("out of memory for generating OCSP certid");
8410
8411	0		pi = NULL;
8412	0	0	if (!(len = i2d_OCSP_CERTID(id,&pi)))
8413	0		croak("OCSP certid has no length");
8414	0	0	XPUSHs(sv_2mortal(newSVpvn((char *)pi, len)));
8415
8416	0		OPENSSL_free(pi);
8417	0		OCSP_CERTID_free(id);
8418			}
8419
8420
8421			OCSP_REQUEST *
8422			OCSP_ids2req(...)
8423			PREINIT:
8424			OCSP_REQUEST *req;
8425			OCSP_CERTID *id;
8426			int i;
8427			CODE:
8428
8429	0		req = OCSP_REQUEST_new();
8430	0	0	if (!req) croak("out of memory");
8431	0		OCSP_request_add1_nonce(req,NULL,-1);
8432
8433	0	0	for(i=0;i
8434			STRLEN len;
8435	0		const unsigned char p = (unsigned char)SvPV(ST(i),len);
8436	0		id = d2i_OCSP_CERTID(NULL,&p,len);
8437	0	0	if (!id) {
8438	0		OCSP_REQUEST_free(req);
8439	0		croak("failed to get OCSP certid from string");
8440			}
8441	0		OCSP_request_add0_id(req,id);
8442			}
8443	0	0	RETVAL = req;
8444			OUTPUT:
8445			RETVAL
8446
8447
8448
8449			int
8450			SSL_OCSP_response_verify(ssl,rsp,svreq=NULL,flags=0)
8451			SSL *ssl
8452			OCSP_RESPONSE *rsp
8453			SV *svreq
8454			unsigned long flags
8455			PREINIT:
8456			SSL_CTX *ctx;
8457			X509_STORE *store;
8458			OCSP_BASICRESP *bsr;
8459	0	0	OCSP_REQUEST *req = NULL;
8460			int i;
8461			CODE:
8462	0	0	if (!ssl) croak("not a SSL object");
8463	0		ctx = SSL_get_SSL_CTX(ssl);
8464	0	0	if (!ctx) croak("invalid SSL object - no context");
8465
8466	0		bsr = OCSP_response_get1_basic(rsp);
8467	0	0	if (!bsr) croak("invalid OCSP response");
8468
8469			/* if we get a nonce it should match our nonce, if we get no nonce
8470			* it was probably pre-signed */
8471	0	0	if (svreq && SvOK(svreq) &&
		0
8472	0	0	(req = INT2PTR(OCSP_REQUEST*,SvIV(svreq)))) {
8473	0		i = OCSP_check_nonce(req,bsr);
8474	0	0	if ( i <= 0 ) {
8475	0	0	if (i == -1) {
8476	0		TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
8477			} else {
8478	0		OCSP_BASICRESP_free(bsr);
8479	0		croak("nonce in OCSP response does not match request");
8480			}
8481			}
8482			}
8483
8484	0		RETVAL = 0;
8485	0	0	if ((store = SSL_CTX_get_cert_store(ctx))) {
8486			/* add the SSL uchain to the uchain of the OCSP basic response, this
8487			* looks like the easiest way to handle the case where the OCSP
8488			* response does not contain the chain up to the trusted root */
8489	0		STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
8490	0	0	for(i=0;i
8491	0		OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
8492			}
8493	0		TRACE(1,"run basic verify");
8494	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
8495	0	0	if (chain && !RETVAL) {
		0
8496			/* some CAs don't add a certificate to their OCSP responses and
8497			* openssl does not include the trusted CA which signed the
8498			* lowest chain certificate when looking for the signer.
8499			* So find this CA ourself and retry verification. */
8500			X509 *issuer;
8501	0		X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
8502	0		ERR_clear_error(); /* clear error from last OCSP_basic_verify */
8503	0	0	if (last && (issuer = find_issuer(last,store,chain))) {
		0
8504	0		OCSP_basic_add1_cert(bsr, issuer);
8505	0		X509_free(issuer);
8506	0		TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
8507	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
8508			}
8509			}
8510			}
8511	0		OCSP_BASICRESP_free(bsr);
8512			OUTPUT:
8513			RETVAL
8514
8515
8516			void
8517			OCSP_response_results(rsp,...)
8518			OCSP_RESPONSE *rsp
8519			PREINIT:
8520			OCSP_BASICRESP *bsr;
8521			int i,want_array;
8522	0		time_t nextupd = 0;
8523	0		time_t gmtoff = -1;
8524			int getall,sksn;
8525			PPCODE:
8526
8527	0		bsr = OCSP_response_get1_basic(rsp);
8528	0	0	if (!bsr) croak("invalid OCSP response");
8529
8530	0		want_array = (GIMME_V == G_LIST);
8531	0		getall = (items <= 1);
8532	0		sksn = OCSP_resp_count(bsr);
8533
8534	0	0	for(i=0; i < (getall ? sksn : items-1); i++) {
		0
8535	0		const char *error = NULL;
8536	0		OCSP_SINGLERESP *sir = NULL;
8537	0		OCSP_CERTID *certid = NULL;
8538	0		SV *idsv = NULL;
8539			int first, status, revocationReason;
8540			ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
8541
8542	0	0	if(getall) {
8543	0		sir = OCSP_resp_get0(bsr,i);
8544			} else {
8545			STRLEN len;
8546			const unsigned char *p;
8547
8548	0		idsv = ST(i+1);
8549	0	0	if (!SvOK(idsv)) croak("undefined certid in arguments");
8550	0		p = (unsigned char*)SvPV(idsv,len);
8551	0	0	if (!(certid = d2i_OCSP_CERTID(NULL,&p,len))) {
8552	0		error = "failed to get OCSP certid from string";
8553	0		goto end;
8554			}
8555	0		first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
8556	0	0	if (first >= 0)
8557	0		sir = OCSP_resp_get0(bsr,first);
8558			}
8559
8560	0	0	if (sir)
8561			{
8562			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8563	0		status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
8564			#else
8565			status = sir->certStatus->type;
8566			if (status == V_OCSP_CERTSTATUS_REVOKED)
8567			revocationTime = sir->certStatus->value.revoked->revocationTime;
8568			thisupdate = sir->thisUpdate;
8569			nextupdate = sir->nextUpdate;
8570			#endif
8571	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
8572	0		error = "certificate status is revoked";
8573	0	0	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
8574	0		error = "certificate status is unknown";
8575			}
8576	0	0	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
8577	0		error = "response not yet valid or expired";
8578			}
8579			} else {
8580	0		error = "cannot find entry for certificate in OCSP response";
8581			}
8582
8583	0		end:
8584	0	0	if (want_array) {
8585	0		AV *idav = newAV();
8586	0	0	if (!idsv) {
8587			/* getall: create new SV with OCSP_CERTID */
8588			unsigned char pi,pc;
8589			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
8590	0		int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
8591			#else
8592			int len = i2d_OCSP_CERTID(sir->certId,NULL);
8593			#endif
8594	0	0	if(!len) continue;
8595	0		Newx(pc,len,unsigned char);
8596	0	0	if (!pc) croak("out of memory");
8597	0		pi = pc;
8598			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
8599	0		i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
8600			#else
8601			i2d_OCSP_CERTID(sir->certId,&pi);
8602			#endif
8603	0		idsv = newSVpv((char*)pc,len);
8604	0		Safefree(pc);
8605			} else {
8606			/* reuse idsv from ST(..), but increment refcount */
8607	0		idsv = SvREFCNT_inc(idsv);
8608			}
8609	0		av_push(idav, idsv);
8610	0	0	av_push(idav, error ? newSVpv(error,0) : newSV(0));
8611	0	0	if (sir) {
8612	0		HV *details = newHV();
8613	0		av_push(idav,newRV_noinc((SV*)details));
8614	0		hv_store(details,"statusType",10,
8615			newSViv(status),0);
8616	0	0	if (nextupdate) hv_store(details,"nextUpdate",10,
8617			newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
8618	0	0	if (thisupdate) hv_store(details,"thisUpdate",10,
8619			newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
8620	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
8621			#if OPENSSL_VERSION_NUMBER < 0x10100000L
8622			OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
8623			revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
8624			#endif
8625	0		hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
8626	0		hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
8627	0		hv_store(details,"revocationReason_str",20,newSVpv(
8628			OCSP_crl_reason_str(revocationReason),0),0);
8629			}
8630			}
8631	0	0	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
8632	0	0	} else if (!error) {
8633			/* compute lowest nextUpdate */
8634	0		time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
8635	0	0	if (!nextupd \|\| nextupd>nu) nextupd = nu;
		0
8636			}
8637
8638	0	0	if (certid) OCSP_CERTID_free(certid);
8639	0	0	if (error && !want_array) {
		0
8640	0		OCSP_BASICRESP_free(bsr);
8641	0		croak("%s", error);
8642			}
8643			}
8644	0		OCSP_BASICRESP_free(bsr);
8645	0	0	if (!want_array)
8646	0	0	XPUSHs(sv_2mortal(newSViv(nextupd)));
8647
8648
8649
8650			#endif
8651
8652			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
8653
8654			int
8655			SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
8656			SSL_CTX * ctx
8657			SV * callback
8658			SV * data
8659			CODE:
8660	1		RETVAL = 1;
8661	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
8662	0		SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
8663	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
8664	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL);
8665			PR1("SSL_CTX_set_alpn_select_cb - undef\n");
8666			}
8667	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
8668			/* callback param array ref like ['proto1','proto2'] */
8669	1		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
8670	1		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback));
8671	1		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
8672			PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx);
8673			}
8674	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
8675	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback));
8676	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data));
8677	0		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
8678			PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx);
8679			}
8680			else {
8681	0		RETVAL = 0;
8682			}
8683			OUTPUT:
8684			RETVAL
8685
8686			int
8687			SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef)
8688			SSL_CTX * ctx
8689			SV * data
8690			PREINIT:
8691			unsigned char *alpn_data;
8692			unsigned char alpn_len;
8693
8694			CODE:
8695	7		RETVAL = -1;
8696
8697	7	50	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		50
8698	0		croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n");
8699	7		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
8700	7		Newx(alpn_data, alpn_len, unsigned char);
8701	7	50	if (!alpn_data)
8702	0		croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n");
8703	7		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
8704	7		RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len);
8705	7		Safefree(alpn_data);
8706
8707			OUTPUT:
8708			RETVAL
8709
8710			int
8711			SSL_set_alpn_protos(ssl,data=&PL_sv_undef)
8712			SSL * ssl
8713			SV * data
8714			PREINIT:
8715			unsigned char *alpn_data;
8716			unsigned char alpn_len;
8717
8718			CODE:
8719	0		RETVAL = -1;
8720
8721	0	0	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		0
8722	0		croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n");
8723	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
8724	0		Newx(alpn_data, alpn_len, unsigned char);
8725	0	0	if (!alpn_data)
8726	0		croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n");
8727	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
8728	0		RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len);
8729	0		Safefree(alpn_data);
8730
8731			OUTPUT:
8732			RETVAL
8733
8734			void
8735			P_alpn_selected(s)
8736			const SSL *s
8737			PREINIT:
8738			const unsigned char *data;
8739			unsigned int len;
8740			PPCODE:
8741	2		SSL_get0_alpn_selected(s, &data, &len);
8742	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
8743
8744			#endif
8745
8746			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
8747
8748			void
8749			SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
8750			SSL * ssl
8751			int outlen
8752			SV * context
8753			PREINIT:
8754			unsigned char * out;
8755			STRLEN llen;
8756	10		STRLEN contextlen = 0;
8757	10		char *context_arg = NULL;
8758	10		int use_context = 0;
8759			int ret;
8760			INPUT:
8761			char * label = SvPV( ST(2), llen);
8762			PPCODE:
8763	10		Newx(out, outlen, unsigned char);
8764
8765	10	100	if (context != &PL_sv_undef) {
8766	6		use_context = 1;
8767	6		context_arg = SvPV( ST(3), contextlen);
8768			}
8769	10		ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context);
8770	10	50	PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0)));
8771	10	50	EXTEND(SP, 1);
8772	10		Safefree(out);
8773
8774			#endif
8775
8776			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
8777
8778			OSSL_LIB_CTX *
8779			OSSL_LIB_CTX_get0_global_default()
8780
8781
8782			OSSL_PROVIDER *
8783			OSSL_PROVIDER_load(SV libctx, const char name)
8784			PREINIT:
8785	8	50	OSSL_LIB_CTX *ctx = NULL;
8786			CODE:
8787	8	100	if (libctx != &PL_sv_undef)
8788	1		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8789	8		RETVAL = OSSL_PROVIDER_load(ctx, name);
8790	8	50	if (RETVAL == NULL)
8791	0		XSRETURN_UNDEF;
8792			OUTPUT:
8793			RETVAL
8794
8795			OSSL_PROVIDER *
8796			OSSL_PROVIDER_try_load(SV libctx, const char name, int retain_fallbacks)
8797			PREINIT:
8798	2	50	OSSL_LIB_CTX *ctx = NULL;
8799			CODE:
8800	2	50	if (libctx != &PL_sv_undef)
8801	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8802	2		RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
8803	2	50	if (RETVAL == NULL)
8804	0		XSRETURN_UNDEF;
8805			OUTPUT:
8806			RETVAL
8807
8808			int
8809			OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
8810
8811			int
8812			OSSL_PROVIDER_available(SV libctx, const char name)
8813			PREINIT:
8814	8	50	OSSL_LIB_CTX *ctx = NULL;
8815			CODE:
8816	8	50	if (libctx != &PL_sv_undef)
8817	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8818	8		RETVAL = OSSL_PROVIDER_available(ctx, name);
8819			OUTPUT:
8820			RETVAL
8821
8822			int
8823			OSSL_PROVIDER_do_all(SV libctx, SV perl_cb, SV *perl_cbdata = &PL_sv_undef)
8824			PREINIT:
8825	1		simple_cb_data_t* cbdata = NULL;
8826	1	50	OSSL_LIB_CTX *ctx = NULL;
8827			CODE:
8828	1	50	if (libctx != &PL_sv_undef)
8829	0		ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8830
8831			/* setup our callback */
8832	1		cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
8833	1		RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
8834	1		simple_cb_data_free(cbdata);
8835			OUTPUT:
8836			RETVAL
8837
8838			const char *
8839			OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
8840
8841			int
8842			OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
8843
8844			#endif
8845
8846			#define REM_EOF "/* EOF - SSLeay.xs */"