File Coverage

SSLeay.xs

Criterion	Covered	Total	%
statement	1168	1903	61.3
branch	622	1808	34.4
condition			n/a
subroutine			n/a
pod			n/a
total	1790	3711	48.2

line	stmt	bran	code
1			/* SSLeay.xs - Perl module for using Eric Young's implementation of SSL
2			*
3			* Copyright (c) 1996-2003 Sampo Kellomäki
4			* Copyright (c) 2005-2010 Florian Ragwitz
5			* Copyright (c) 2005-2018 Mike McCauley
6			* Copyright (c) 2018- Chris Novakovic
7			* Copyright (c) 2018- Tuure Vartiainen
8			* Copyright (c) 2018- Heikki Vatiainen
9			*
10			* All rights reserved.
11			*
12			* Change data removed. See Changes
13			*
14			* This module is released under the terms of the Artistic License 2.0. For
15			* details, see the LICENSE file.
16			*/
17
18			/* ####
19			* #### PLEASE READ THE FOLLOWING RULES BEFORE YOU START EDITING THIS FILE! ####
20			* ####
21			*
22			* Function naming conventions:
23			*
24			* 1/ never change the already existing function names (all calling convention) in a way
25			* that may cause backward incompatibility (e.g. add ALIAS with old name if necessary)
26			*
27			* 2/ it is recommended to keep the original openssl function names for functions that are:
28			*
29			* 1:1 wrappers to the original openssl functions
30			* see for example: X509_get_issuer_name(cert) >> Net::SSLeay::X509_get_issuer_name($cert)
31			*
32			* nearly 1:1 wrappers implementing only necessary "glue" e.g. buffer handling
33			* see for example: RAND_seed(buf,len) >> Net::SSLeay::RAND_seed($buf)
34			*
35			* 3/ OpenSSL functions starting with "SSL_" are added into SSLeay.xs with "SLL_" prefix
36			* (e.g. SSL_CTX_new) but keep in mind that they will be available in Net::SSLeay without
37			* "SSL_" prefix (e.g. Net::SSLeay::CTX_new) - keep this for all new functions
38			*
39			* 4/ The names of functions which do not fit rule 2/ (which means they implement some non
40			* trivial code around original openssl function or do more complex tasks) should be
41			* prefixed with "P_" - see for example: P_ASN1_TIME_set_isotime
42			*
43			* 5/ Exceptions from rules above:
44			* functions that are part or wider set of already existing function not following this rule
45			* for example: there already exists: PEM_get_string_X509_CRL + PEM_get_string_X509_REQ and you want
46			* to add PEM_get_string_SOMETHING - then no need to follow 3/ (do not prefix with "P_")
47			*
48			* Support for different Perl versions, libssl implementations, platforms, and compilers:
49			*
50			* 1/ Net-SSLeay has a version support policy for Perl and OpenSSL/LibreSSL (described in the
51			* "Prerequisites" section in the README file). The test suite must pass when run on any
52			* of those version combinations.
53			*
54			* 2/ Fix all compiler warnings - we expect 100% clean build
55			*
56			* 3/ If you add a function which is available since certain openssl version
57			* use proper #ifdefs to assure that SSLeay.xs will compile also with older versions
58			* which are missing this function
59			*
60			* 4/ Even warnings arising from different use of "const" in different openssl versions
61			* needs to be hanled with #ifdefs - see for example: X509_NAME_add_entry_by_txt
62			*
63			* 5/ avoid using global C variables (it is very likely to break thread-safetyness)
64			* use rather global MY_CXT structure
65			*
66			* 6/ avoid using any UNIX/POSIX specific functions, keep in mind that SSLeay.xs must
67			* compile also on non-UNIX platforms like MS Windows and others
68			*
69			* 7/ avoid using c++ comments "//" (or other c++ features accepted by some c compiler)
70			* even if your compiler can handle them without warnings
71			*
72			* Passing test suite:
73			*
74			* 1/ any changes to SSLeay.xs must not introduce a failure of existing test suite
75			*
76			* 2/ it is strongly recommended to create test(s) for newly added function(s), especially
77			* when the new function is not only a 1:1 wrapper but contains a complex code
78			*
79			* 3/ it is mandatory to add a documentation for all newly added functions into SSLeay.pod
80			* otherwise t/local/02_pod_coverage.t fail (and you will be asked to add some doc into
81			* your patch)
82			*
83			* Preferred code layout:
84			*
85			* 1/ for simple 1:1 XS wrappers use:
86			*
87			* a/ functions with short "signature" (short list of args):
88			*
89			* long
90			* SSL_set_tmp_dh(SSL ssl,DH dh)
91			*
92			* b/ functions with long "signature" (long list of args):
93			* simply when approach a/ does not fit to 120 columns
94			*
95			* void
96			* SSL_any_functions(library_flag,function_name,reason,file_name,line)
97			* int library_flag
98			* int function_name
99			* int reason
100			* char *file_name
101			* int line
102			*
103			* 2/ for XS functions with full implementation use identation like this:
104			*
105			* int
106			* RAND_bytes(buf, num)
107			* SV *buf
108			* int num
109			* PREINIT:
110			* int rc;
111			* unsigned char *random;
112			* CODE:
113			* / * some code here * /
114			* RETVAL = rc;
115			* OUTPUT:
116			* RETVAL
117			*
118			*
119			* Runtime debugging:
120			*
121			* with TRACE(level,fmt,...) you can output debug messages.
122			* it behaves the same as
123			* warn sprintf($msg,...) if $Net::SSLeay::trace>=$level
124			* would do in Perl (e.g. it is using also the $Net::SSLeay::trace variable)
125			*
126			*
127			* THE LAST RULE:
128			*
129			* The fact that some parts of SSLeay.xs do not follow the rules above is not
130			* a reason why any new code can also break these rules in the same way
131			*
132			*/
133
134			/* Prevent warnings about strncpy from Windows compilers */
135			#define _CRT_SECURE_NO_DEPRECATE
136
137			#ifdef __cplusplus
138			extern "C" {
139			#endif
140			#include "EXTERN.h"
141			#include "perl.h"
142			#include "XSUB.h"
143			#include
144			#define NEED_newRV_noinc
145			#define NEED_sv_2pv_flags
146			#define NEED_my_snprintf
147			#include "ppport.h"
148			#ifdef __cplusplus
149			}
150			#endif
151
152			/* OpenSSL-0.9.3a has some strange warning about this in
153			* openssl/des.h
154			*/
155			#undef _
156
157			/* Sigh: openssl 1.0 has
158			typedef void *BLOCK;
159			which conflicts with perls
160			typedef struct block BLOCK;
161			*/
162			#define BLOCK OPENSSL_BLOCK
163			#include
164			#include
165			#include
166			#include
167			#include
168			#include
169			#ifndef OPENSSL_NO_COMP
170			#include /* openssl-0.9.6a forgets to include this */
171			#endif
172			#ifndef OPENSSL_NO_MD2
173			#include
174			#endif
175			#ifndef OPENSSL_NO_MD4
176			#include
177			#endif
178			#ifndef OPENSSL_NO_MD5
179			#include /* openssl-SNAP-20020227 does not automatically include this */
180			#endif
181			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
182			#include
183			#endif
184			#include
185			#include
186			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
187			/* requires 0.9.7+ */
188			#ifndef OPENSSL_NO_ENGINE
189			#include
190			#endif
191			#endif
192			#ifdef OPENSSL_FIPS
193			#include
194			#endif
195			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
196			#include
197			#endif
198			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
199			#include
200			#endif
201			#undef BLOCK
202
203			/* Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and
204			* related functions return uint64_t instead of long. For this reason
205			* constant() in constant.c and Net::SSLeay must also be able to
206			* return 64bit constants. However, this creates a problem with Perls
207			* that have only 32 bit integers. The define below helps with
208			* handling this API change.
209			*/
210			#if (OPENSSL_VERSION_NUMBER < 0x30000000L) \|\| defined(NET_SSLEAY_32BIT_INT_PERL)
211			#define NET_SSLEAY_32BIT_CONSTANTS
212			#endif
213
214			/* Debugging output - to enable use:
215			*
216			* perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
217			* make
218			*
219			*/
220
221			#ifdef SHOW_XS_DEBUG
222			#define PR1(s) fprintf(stderr,s);
223			#define PR2(s,t) fprintf(stderr,s,t);
224			#define PR3(s,t,u) fprintf(stderr,s,t,u);
225			#define PR4(s,t,u,v) fprintf(stderr,s,t,u,v);
226			#else
227			#define PR1(s)
228			#define PR2(s,t)
229			#define PR3(s,t,u)
230			#define PR4(s,t,u,v)
231			#endif
232
233	1		static void TRACE(int level,char *msg,...) {
234			va_list args;
235	1		SV *trace = get_sv("Net::SSLeay::trace",0);
236	1	50	if (trace && SvIOK(trace) && SvIV(trace)>=level) {
		50
		50
		50
237			char buf[4096];
238	0		va_start(args,msg);
239	0		vsnprintf(buf,4095,msg,args);
240	0		warn("%s",buf);
241	0		va_end(args);
242			}
243	1		}
244
245			#include "constants.c"
246
247			/* ============= thread-safety related stuff ============== */
248
249			#define MY_CXT_KEY "Net::SSLeay::_guts" XS_VERSION
250
251			typedef struct {
252			HV* global_cb_data;
253			UV tid;
254			} my_cxt_t;
255			START_MY_CXT
256
257			#ifdef USE_ITHREADS
258			static perl_mutex LIB_init_mutex;
259			#if OPENSSL_VERSION_NUMBER < 0x10100000L
260			static perl_mutex *GLOBAL_openssl_mutex = NULL;
261			#endif
262			#endif
263			static int LIB_initialized;
264
265	54		UV get_my_thread_id(void) /* returns threads->tid() value */
266			{
267	54		dSP;
268	54		UV tid = 0;
269			#ifdef USE_ITHREADS
270			int count = 0;
271
272			ENTER;
273			SAVETMPS;
274			PUSHMARK(SP);
275			XPUSHs(sv_2mortal(newSVpv("threads", 0)));
276			PUTBACK;
277			count = call_method("tid", G_SCALAR\|G_EVAL);
278			SPAGAIN;
279			/* Caution: recent perls do not appear support threads->tid() */
280			if (SvTRUE(ERRSV) \|\| count != 1)
281			{
282			/* if compatible threads not loaded or an error occurs return 0 */
283			tid = 0;
284			}
285			else
286			tid = (UV)POPi;
287			PUTBACK;
288			FREETMPS;
289			LEAVE;
290			#endif
291
292	54		return tid;
293			}
294
295			/* IMPORTANT NOTE:
296			* openssl locking was implemented according to http://www.openssl.org/docs/crypto/threads.html
297			* we implement both static and dynamic locking as described on URL above
298			* locking is supported when OPENSSL_THREADS macro is defined which means openssl-0.9.7 or newer
299			* we intentionally do not implement cleanup of openssl's threading as it causes troubles
300			* with apache-mpm-worker+mod_perl+mod_ssl+net-ssleay
301			*/
302			#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
303
304
305			#if OPENSSL_VERSION_NUMBER < 0x10100000L
306			static void openssl_locking_function(int mode, int type, const char *file, int line)
307			{
308			PR3("openssl_locking_function %d %d\n", mode, type);
309
310			if (!GLOBAL_openssl_mutex) return;
311			if (mode & CRYPTO_LOCK)
312			MUTEX_LOCK(&GLOBAL_openssl_mutex[type]);
313			else
314			MUTEX_UNLOCK(&GLOBAL_openssl_mutex[type]);
315			}
316
317			#if OPENSSL_VERSION_NUMBER < 0x10000000L
318			static unsigned long openssl_threadid_func(void)
319			{
320			dMY_CXT;
321			return (unsigned long)(MY_CXT.tid);
322			}
323			#else
324			void openssl_threadid_func(CRYPTO_THREADID *id)
325			{
326			dMY_CXT;
327			CRYPTO_THREADID_set_numeric(id, (unsigned long)(MY_CXT.tid));
328			}
329			#endif
330
331			struct CRYPTO_dynlock_value
332			{
333			perl_mutex mutex;
334			};
335
336			struct CRYPTO_dynlock_value * openssl_dynlocking_create_function (const char *file, int line)
337			{
338			struct CRYPTO_dynlock_value *retval;
339			New(0, retval, 1, struct CRYPTO_dynlock_value);
340			if (!retval) return NULL;
341			MUTEX_INIT(&retval->mutex);
342			return retval;
343			}
344
345			void openssl_dynlocking_lock_function (int mode, struct CRYPTO_dynlock_value l, const char file, int line)
346			{
347			if (!l) return;
348			if (mode & CRYPTO_LOCK)
349			MUTEX_LOCK(&l->mutex);
350			else
351			MUTEX_UNLOCK(&l->mutex);
352			}
353
354			void openssl_dynlocking_destroy_function (struct CRYPTO_dynlock_value l, const char file, int line)
355			{
356			if (!l) return;
357			MUTEX_DESTROY(&l->mutex);
358			Safefree(l);
359			}
360			#endif
361
362			void openssl_threads_init(void)
363			{
364			int i;
365
366			PR1("STARTED: openssl_threads_init\n");
367
368			#if OPENSSL_VERSION_NUMBER < 0x10100000L
369			/* initialize static locking */
370			if ( !CRYPTO_get_locking_callback() ) {
371			#if OPENSSL_VERSION_NUMBER < 0x10000000L
372			if ( !CRYPTO_get_id_callback() ) {
373			#else
374			if ( !CRYPTO_THREADID_get_callback() ) {
375			#endif
376			PR2("openssl_threads_init static locking %d\n", CRYPTO_num_locks());
377			New(0, GLOBAL_openssl_mutex, CRYPTO_num_locks(), perl_mutex);
378			if (!GLOBAL_openssl_mutex) return;
379			for (i=0; i
380			CRYPTO_set_locking_callback((void ()(int,int,const char ,int))openssl_locking_function);
381
382			#ifndef WIN32
383			/* no need for threadid_func() on Win32 */
384			#if OPENSSL_VERSION_NUMBER < 0x10000000L
385			CRYPTO_set_id_callback(openssl_threadid_func);
386			#else
387			CRYPTO_THREADID_set_callback(openssl_threadid_func);
388			#endif
389			#endif
390			}
391			}
392
393			/* initialize dynamic locking */
394			if ( !CRYPTO_get_dynlock_create_callback() &&
395			!CRYPTO_get_dynlock_lock_callback() &&
396			!CRYPTO_get_dynlock_destroy_callback() ) {
397			PR1("openssl_threads_init dynamic locking\n");
398			CRYPTO_set_dynlock_create_callback(openssl_dynlocking_create_function);
399			CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
400			CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
401			}
402			#endif
403			}
404
405			#endif
406
407			/* ============= typedefs to agument TYPEMAP ============== */
408
409			typedef void callback_no_ret(void);
410			typedef RSA * cb_ssl_int_int_ret_RSA(SSL * ssl,int is_export, int keylength);
411			typedef DH * cb_ssl_int_int_ret_DH(SSL * ssl,int is_export, int keylength);
412
413			typedef STACK_OF(X509_NAME) X509_NAME_STACK;
414
415			typedef int perl_filehandle_t;
416
417			/* ======= special handler used by EVP_MD_do_all_sorted ======= */
418
419			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
420	89		static void handler_list_md_fn(const EVP_MD m, const char from, const char to, void arg)
421			{
422			/* taken from apps/dgst.c */
423			const char *mname;
424	89	100	if (!m) return; /* Skip aliases */
425	39		mname = OBJ_nid2ln(EVP_MD_type(m));
426	39	100	if (strcmp(from, mname)) return; /* Skip shortnames */
427			#if OPENSSL_VERSION_NUMBER < 0x10100000L
428	21	100	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
429			#endif
430	16	50	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
431	16		av_push(arg, newSVpv(mname,0));
432			}
433			#endif
434
435			/* ============= callbacks - basic info =============
436			*
437			* PLEASE READ THIS BEFORE YOU ADD ANY NEW CALLBACK!!
438			*
439			* There are basically 2 types of callbacks used in SSLeay:
440			*
441			* 1/ "one-time" callbacks - these are created+used+destroyed within one perl function implemented in XS.
442			* These callbacks use a special C structure simple_cb_data_t to pass necessary data.
443			* There are 2 related helper functions: simple_cb_data_new() + simple_cb_data_free()
444			* For example see implementation of these functions:
445			* - RSA_generate_key
446			* - PEM_read_bio_PrivateKey
447			*
448			* 2/ "advanced" callbacks - these are setup/destroyed by one function but used by another function. These
449			* callbacks use global hash MY_CXT.global_cb_data to store perl functions + data to be uset at callback time.
450			* There are 2 related helper functions: cb_data_advanced_put() + cb_data_advanced_get() for manipulating
451			* global hash MY_CXT.global_cb_data which work like this:
452			* cb_data_advanced_put(, "data_name", dataSV)
453			* >>>
454			* global_cb_data->{"ptr_"}->{"data_name"} = dataSV)
455			* or
456			* data = cb_data_advanced_get(, "data_name")
457			* >>>
458			* my $data = global_cb_data->{"ptr_"}->{"data_name"}
459			* For example see implementation of these functions:
460			* - SSL_CTX_set_verify
461			* - SSL_set_verify
462			* - SSL_CTX_set_cert_verify_callback
463			* - SSL_CTX_set_default_passwd_cb
464			* - SSL_CTX_set_default_passwd_cb_userdata
465			* - SSL_set_session_secret_cb
466			*
467			* If you want to add a new callback:
468			* - you very likely need a new function "your_callback_name_invoke()"
469			* - decide whether your case fits case 1/ or 2/ (and implement likewise existing functions)
470			* - try to avoid adding a new style of callback implementation (or ask Net::SSLeay maintainers before)
471			*
472			*/
473
474			/* ============= callback stuff - generic functions============== */
475
476			struct _ssleay_cb_t {
477			SV* func;
478			SV* data;
479			};
480			typedef struct _ssleay_cb_t simple_cb_data_t;
481
482	10		simple_cb_data_t* simple_cb_data_new(SV* func, SV* data)
483			{
484			simple_cb_data_t* cb;
485	10		New(0, cb, 1, simple_cb_data_t);
486	10	50	if (cb) {
487	10		SvREFCNT_inc(func);
488	10		SvREFCNT_inc(data);
489	10		cb->func = func;
490	10	100	cb->data = (data == &PL_sv_undef) ? NULL : data;
491			}
492	10		return cb;
493			}
494
495	9		void simple_cb_data_free(simple_cb_data_t* cb)
496			{
497	9	50	if (cb) {
498	9	50	if (cb->func) {
499	9		SvREFCNT_dec(cb->func);
500	9		cb->func = NULL;
501			}
502	9	100	if (cb->data) {
503	1		SvREFCNT_dec(cb->data);
504	1		cb->data = NULL;
505			}
506			}
507	9		Safefree(cb);
508	9		}
509
510	353		int cb_data_advanced_put(const void ptr, const char data_name, SV* data)
511			{
512			HV * L2HV;
513			SV ** svtmp;
514			int len;
515			char key_name[500];
516			dMY_CXT;
517
518	353	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
519	353	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
520
521			/* get or create level-2 hash */
522	353		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
523	353	100	if (svtmp == NULL) {
524	178		L2HV = newHV();
525	178		hv_store(MY_CXT.global_cb_data, key_name, strlen(key_name), newRV_noinc((SV*)L2HV), 0);
526			}
527			else {
528	175	50	if (!SvOK(svtmp) \|\| !SvROK(svtmp)) return 0;
		0
		0
		50
529			#if defined(MUTABLE_PTR)
530	175		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
531			#else
532			L2HV = (HV)(SvRV(svtmp));
533			#endif
534			}
535
536			/* first delete already stored value */
537	353		hv_delete(L2HV, data_name, strlen(data_name), G_DISCARD);
538	353	100	if (data!=NULL) {
539	344	100	if (SvOK(data))
		50
		50
540	194		hv_store(L2HV, data_name, strlen(data_name), data, 0);
541			else
542			/* we're not storing data so discard it */
543	150		SvREFCNT_dec(data);
544			}
545
546	353		return 1;
547			}
548
549	1113		SV* cb_data_advanced_get(const void ptr, const char data_name)
550			{
551			HV * L2HV;
552			SV ** svtmp;
553			int len;
554			char key_name[500];
555			dMY_CXT;
556
557	1113	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
558	1113	50	if (len == sizeof(key_name)) return &PL_sv_undef; /* return undef on error - key_name too short*/
559
560			/* get level-2 hash */
561	1113		svtmp = hv_fetch(MY_CXT.global_cb_data, key_name, strlen(key_name), 0);
562	1113	100	if (svtmp == NULL) return &PL_sv_undef;
563	1110	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
564	1110	50	if (!SvROK(*svtmp)) return &PL_sv_undef;
565			#if defined(MUTABLE_PTR)
566	1110		L2HV = (HV)MUTABLE_PTR(SvRV(svtmp));
567			#else
568			L2HV = (HV)(SvRV(svtmp));
569			#endif
570
571			/* get stored data */
572	1110		svtmp = hv_fetch(L2HV, data_name, strlen(data_name), 0);
573	1110	100	if (svtmp == NULL) return &PL_sv_undef;
574	630	50	if (!SvOK(*svtmp)) return &PL_sv_undef;
		0
		0
575
576	1113		return *svtmp;
577			}
578
579	350		int cb_data_advanced_drop(const void *ptr)
580			{
581			int len;
582			char key_name[500];
583			dMY_CXT;
584
585	350	50	len = my_snprintf(key_name, sizeof(key_name), "ptr_%p", ptr);
586	350	50	if (len == sizeof(key_name)) return 0; /* error - key_name too short*/
587
588	350		hv_delete(MY_CXT.global_cb_data, key_name, strlen(key_name), G_DISCARD);
589	350		return 1;
590			}
591
592			/* ============= callback stuff - invoke functions ============== */
593
594	21		static int ssleay_verify_callback_invoke (int ok, X509_STORE_CTX* x509_store)
595			{
596	21		dSP;
597			SSL* ssl;
598	21		int count = -1, res;
599			SV *cb_func;
600
601			PR1("STARTED: ssleay_verify_callback_invoke\n");
602	21		ssl = X509_STORE_CTX_get_ex_data(x509_store, SSL_get_ex_data_X509_STORE_CTX_idx());
603	21		cb_func = cb_data_advanced_get(ssl, "ssleay_verify_callback!!func");
604
605	21	100	if (!SvOK(cb_func)) {
		50
		50
606	3		SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
607	3		cb_func = cb_data_advanced_get(ssl_ctx, "ssleay_verify_callback!!func");
608			}
609
610	21	50	if (!SvOK(cb_func))
		0
		0
611	0		croak("Net::SSLeay: verify_callback called, but not set to point to any perl function.\n");
612
613	21		ENTER;
614	21		SAVETMPS;
615
616			PR2("verify callback glue ok=%d\n", ok);
617
618	21	50	PUSHMARK(sp);
619	21	50	EXTEND( sp, 2 );
620	21		PUSHs( sv_2mortal(newSViv(ok)) );
621	21		PUSHs( sv_2mortal(newSViv(PTR2IV(x509_store))) );
622	21		PUTBACK;
623
624			PR1("About to call verify callback.\n");
625	21		count = call_sv(cb_func, G_SCALAR);
626			PR1("Returned from verify callback.\n");
627
628	21		SPAGAIN;
629
630	21	50	if (count != 1)
631	0		croak ( "Net::SSLeay: verify_callback perl function did not return a scalar.\n");
632
633	21	50	res = POPi;
634
635	21		PUTBACK;
636	21	50	FREETMPS;
637	21		LEAVE;
638
639	21		return res;
640			}
641
642	5		static int ssleay_ctx_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
643			{
644	5		dSP;
645	5		int count = -1;
646			char *res;
647			SV cb_func, cb_data;
648
649			PR1("STARTED: ssleay_ctx_passwd_cb_invoke\n");
650	5		cb_func = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!func");
651	5		cb_data = cb_data_advanced_get(userdata, "ssleay_ctx_passwd_cb!!data");
652
653	5	50	if(!SvOK(cb_func))
		0
		0
654	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
655
656	5		ENTER;
657	5		SAVETMPS;
658
659	5	50	PUSHMARK(sp);
660	5	50	XPUSHs(sv_2mortal(newSViv(rwflag)));
661	5	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
662	5		PUTBACK;
663
664	5		count = call_sv( cb_func, G_SCALAR );
665
666	5		SPAGAIN;
667
668	5	50	if (count != 1)
669	0		croak("Net::SSLeay: ssleay_ctx_passwd_cb_invoke perl function did not return a scalar.\n");
670
671	5	50	res = POPp;
672
673	5	50	if (res == NULL) {
674	0		*buf = '\0';
675			} else {
676	5		strncpy(buf, res, size);
677	5		buf[size - 1] = '\0';
678			}
679
680	5		PUTBACK;
681	5	50	FREETMPS;
682	5		LEAVE;
683
684	5		return strlen(buf);
685			}
686
687			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl from 1.1.0f */
688			#ifndef LIBRESSL_VERSION_NUMBER
689			#ifndef OPENSSL_IS_BORINGSSL
690			static int ssleay_ssl_passwd_cb_invoke(char buf, int size, int rwflag, void userdata)
691			{
692			dSP;
693			int count = -1;
694			char *res;
695			SV cb_func, cb_data;
696
697			PR1("STARTED: ssleay_ssl_passwd_cb_invoke\n");
698			cb_func = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!func");
699			cb_data = cb_data_advanced_get(userdata, "ssleay_ssl_passwd_cb!!data");
700
701			if(!SvOK(cb_func))
702			croak ("Net::SSLeay: ssleay_ssl_passwd_cb_invoke called, but not set to point to any perl function.\n");
703
704			ENTER;
705			SAVETMPS;
706
707			PUSHMARK(sp);
708			XPUSHs(sv_2mortal(newSViv(rwflag)));
709			XPUSHs(sv_2mortal(newSVsv(cb_data)));
710			PUTBACK;
711
712			count = call_sv( cb_func, G_SCALAR );
713
714			SPAGAIN;
715
716			if (count != 1)
717			croak("Net::SSLeay: ssleay_ssl_passwd_cb_invoke perl function did not return a scalar.\n");
718
719			res = POPp;
720
721			if (res == NULL) {
722			*buf = '\0';
723			} else {
724			strncpy(buf, res, size);
725			buf[size - 1] = '\0';
726			}
727
728			PUTBACK;
729			FREETMPS;
730			LEAVE;
731
732			return strlen(buf);
733			}
734			#endif /* !BoringSSL */
735			#endif /* !LibreSSL */
736			#endif /* >= 1.1.0f */
737
738	1		int ssleay_ctx_cert_verify_cb_invoke(X509_STORE_CTX* x509_store_ctx, void* data)
739			{
740	1		dSP;
741	1		int count = -1;
742			int res;
743			SV * cb_func, *cb_data;
744			void *ptr;
745			SSL *ssl;
746
747			PR1("STARTED: ssleay_ctx_cert_verify_cb_invoke\n");
748			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
749			ssl = X509_STORE_CTX_get_ex_data(x509_store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
750			ptr = (void*) SSL_get_SSL_CTX(ssl);
751			#else
752	1		ssl = NULL;
753	1		ptr = (void*) data;
754			#endif
755
756	1		cb_func = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!func");
757	1		cb_data = cb_data_advanced_get(ptr, "ssleay_ctx_cert_verify_cb!!data");
758
759	1	50	if(!SvOK(cb_func))
		0
		0
760	0		croak ("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke called, but not set to point to any perl function.\n");
761
762	1		ENTER;
763	1		SAVETMPS;
764
765	1	50	PUSHMARK(SP);
766	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x509_store_ctx))));
767	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
768	1		PUTBACK;
769
770	1		count = call_sv(cb_func, G_SCALAR);
771
772	1		SPAGAIN;
773
774	1	50	if (count != 1)
775	0		croak("Net::SSLeay: ssleay_ctx_cert_verify_cb_invoke perl function did not return a scalar.\n");
776
777	1	50	res = POPi;
778
779	1		PUTBACK;
780	1	50	FREETMPS;
781	1		LEAVE;
782
783	1		return res;
784			}
785
786			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
787
788	0		int tlsext_servername_callback_invoke(SSL ssl, int ad, void *arg)
789			{
790	0		dSP;
791	0		int count = -1;
792			int res;
793			SV * cb_func, *cb_data;
794
795			PR1("STARTED: tlsext_servername_callback_invoke\n");
796
797	0		cb_func = cb_data_advanced_get(arg, "tlsext_servername_callback!!func");
798	0		cb_data = cb_data_advanced_get(arg, "tlsext_servername_callback!!data");
799
800	0	0	if(!SvOK(cb_func))
		0
		0
801	0		croak ("Net::SSLeay: tlsext_servername_callback_invoke called, but not set to point to any perl function.\n");
802
803	0		ENTER;
804	0		SAVETMPS;
805
806	0	0	PUSHMARK(SP);
807	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
808	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
809	0		PUTBACK;
810
811	0		count = call_sv(cb_func, G_SCALAR);
812
813	0		SPAGAIN;
814
815	0	0	if (count != 1)
816	0		croak("Net::SSLeay: tlsext_servername_callback_invoke perl function did not return a scalar.\n");
817
818	0	0	res = POPi;
819
820	0		PUTBACK;
821	0	0	FREETMPS;
822	0		LEAVE;
823
824	0		return res;
825			}
826
827			#endif
828
829			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_TLSEXT)
830
831	0		int tlsext_status_cb_invoke(SSL ssl, void arg)
832			{
833	0		dSP;
834			SV cb_func, cb_data;
835	0		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
836	0		int len,res,nres = -1;
837	0		const unsigned char *p = NULL;
838	0		OCSP_RESPONSE *ocsp_response = NULL;
839
840	0		cb_func = cb_data_advanced_get(ctx, "tlsext_status_cb!!func");
841	0		cb_data = cb_data_advanced_get(ctx, "tlsext_status_cb!!data");
842
843	0	0	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		0
844	0		croak ("Net::SSLeay: tlsext_status_cb_invoke called, but not set to point to any perl function.\n");
845
846	0		len = SSL_get_tlsext_status_ocsp_resp(ssl, &p);
847	0	0	if (p) ocsp_response = d2i_OCSP_RESPONSE(NULL, &p, len);
848
849	0		ENTER;
850	0		SAVETMPS;
851
852	0	0	PUSHMARK(SP);
853	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
854	0		PUSHs( sv_2mortal(newSViv(PTR2IV(ocsp_response))) );
855	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
856	0		PUTBACK;
857
858	0		nres = call_sv(cb_func, G_SCALAR);
859	0	0	if (ocsp_response) OCSP_RESPONSE_free(ocsp_response);
860
861	0		SPAGAIN;
862
863	0	0	if (nres != 1)
864	0		croak("Net::SSLeay: tlsext_status_cb_invoke perl function did not return a scalar.\n");
865
866	0	0	res = POPi;
867
868	0		PUTBACK;
869	0	0	FREETMPS;
870	0		LEAVE;
871
872	0		return res;
873			}
874
875	1		int session_ticket_ext_cb_invoke(SSL ssl, const unsigned char data, int len, void *arg)
876			{
877	1		dSP;
878			SV cb_func, cb_data;
879	1		int res,nres = -1;
880
881	1		cb_func = cb_data_advanced_get(arg, "session_ticket_ext_cb!!func");
882	1		cb_data = cb_data_advanced_get(arg, "session_ticket_ext_cb!!data");
883
884	1	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
885	0		croak ("Net::SSLeay: session_ticket_ext_cb_invoke called, but not set to point to any perl function.\n");
886
887	1		ENTER;
888	1		SAVETMPS;
889
890	1	50	PUSHMARK(SP);
891	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
892	1	50	XPUSHs(sv_2mortal(newSVpvn((const char *)data, len)));
893	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
894	1		PUTBACK;
895
896	1		nres = call_sv(cb_func, G_SCALAR);
897
898	1		SPAGAIN;
899
900	1	50	if (nres != 1)
901	0		croak("Net::SSLeay: session_ticket_ext_cb_invoke perl function did not return a scalar.\n");
902
903	1	50	res = POPi;
904
905	1		PUTBACK;
906	1	50	FREETMPS;
907	1		LEAVE;
908
909	1		return res;
910			}
911
912			#endif
913
914			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) \|\| defined(SSL_F_SSL_SET_SESSION_TICKET_EXT)
915
916	0		int ssleay_session_secret_cb_invoke(SSL* s, void* secret, int *secret_len,
917			STACK_OF(SSL_CIPHER) *peer_ciphers,
918			const SSL_CIPHER *cipher, void arg)
919			{
920	0		dSP;
921	0		int count = -1, res, i;
922	0		AV *ciphers = newAV();
923	0		SV *pref_cipher = sv_newmortal();
924			SV * cb_func, *cb_data;
925			SV * secretsv;
926
927			PR1("STARTED: ssleay_session_secret_cb_invoke\n");
928	0		cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
929	0		cb_data = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!data");
930
931	0	0	if(!SvOK(cb_func))
		0
		0
932	0		croak ("Net::SSLeay: ssleay_ctx_passwd_cb_invoke called, but not set to point to any perl function.\n");
933
934	0		ENTER;
935	0		SAVETMPS;
936
937	0	0	PUSHMARK(SP);
938	0		secretsv = sv_2mortal( newSVpv(secret, *secret_len));
939	0	0	XPUSHs(secretsv);
940	0	0	for (i=0; i
941	0		const SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
942	0		av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
943			}
944	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)ciphers)));
945	0	0	XPUSHs(sv_2mortal(newRV_inc(pref_cipher)));
946	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
947
948	0		PUTBACK;
949
950	0		count = call_sv( cb_func, G_SCALAR );
951
952	0		SPAGAIN;
953
954	0	0	if (count != 1)
955	0		croak ("Net::SSLeay: ssleay_session_secret_cb_invoke perl function did not return a scalar.\n");
956
957	0	0	res = POPi;
958	0	0	if (res) {
959			/* See if there is a preferred cipher selected, if so it is an index into the stack */
960	0	0	if (SvIOK(pref_cipher))
961	0	0	*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
962
963			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
964			{
965			/* Use any new master secret set by the callback function in secret */
966			STRLEN newsecretlen;
967			char* newsecretdata = SvPV(secretsv, newsecretlen);
968			memcpy(secret, newsecretdata, newsecretlen);
969			}
970			#endif
971			}
972
973	0		PUTBACK;
974	0	0	FREETMPS;
975	0		LEAVE;
976
977	0		return res;
978			}
979
980			#endif
981
982			#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_PSK)
983			#define NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
984
985	0		unsigned int ssleay_set_psk_client_callback_invoke(SSL ssl, const char hint,
986			char *identity, unsigned int max_identity_len,
987			unsigned char *psk, unsigned int max_psk_len)
988			{
989	0		dSP;
990	0		int count = -1;
991			char identity_val, psk_val;
992	0		unsigned int psk_len = 0;
993	0		BIGNUM *psk_bn = NULL;
994			SV * cb_func;
995			SV * hintsv;
996			/* this n_a is required for building with old perls: */
997			STRLEN n_a;
998
999			PR1("STARTED: ssleay_set_psk_client_callback_invoke\n");
1000	0		cb_func = cb_data_advanced_get(ssl, "ssleay_set_psk_client_callback!!func");
1001
1002	0	0	if(!SvOK(cb_func))
		0
		0
1003	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1004
1005	0		ENTER;
1006	0		SAVETMPS;
1007
1008	0	0	PUSHMARK(SP);
1009	0	0	if (hint != NULL) {
1010	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1011	0	0	XPUSHs(hintsv);
1012			}
1013
1014	0		PUTBACK;
1015
1016	0		count = call_sv( cb_func, G_ARRAY );
1017
1018	0		SPAGAIN;
1019
1020	0	0	if (count != 2)
1021	0		croak ("Net::SSLeay: ssleay_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1022
1023	0	0	psk_val = POPpx;
1024	0	0	identity_val = POPpx;
1025
1026	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1027
1028	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1029	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1030	0		psk_len = BN_bn2bin(psk_bn, psk);
1031			}
1032	0		BN_free(psk_bn);
1033			}
1034
1035	0		PUTBACK;
1036	0	0	FREETMPS;
1037	0		LEAVE;
1038
1039	0		return psk_len;
1040			}
1041
1042	0		unsigned int ssleay_ctx_set_psk_client_callback_invoke(SSL ssl, const char hint,
1043			char *identity, unsigned int max_identity_len,
1044			unsigned char *psk, unsigned int max_psk_len)
1045			{
1046	0		dSP;
1047			SSL_CTX *ctx;
1048	0		int count = -1;
1049			char identity_val, psk_val;
1050	0		unsigned int psk_len = 0;
1051	0		BIGNUM *psk_bn = NULL;
1052			SV * cb_func;
1053			SV * hintsv;
1054			/* this n_a is required for building with old perls: */
1055			STRLEN n_a;
1056
1057	0		ctx = SSL_get_SSL_CTX(ssl);
1058
1059			PR1("STARTED: ssleay_ctx_set_psk_client_callback_invoke\n");
1060	0		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_set_psk_client_callback!!func");
1061
1062	0	0	if(!SvOK(cb_func))
		0
		0
1063	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke called, but not set to point to any perl function.\n");
1064
1065	0		ENTER;
1066	0		SAVETMPS;
1067
1068	0	0	PUSHMARK(SP);
1069	0	0	if (hint != NULL) {
1070	0		hintsv = sv_2mortal( newSVpv(hint, strlen(hint)));
1071	0	0	XPUSHs(hintsv);
1072			}
1073
1074	0		PUTBACK;
1075
1076	0		count = call_sv( cb_func, G_ARRAY );
1077
1078	0		SPAGAIN;
1079
1080	0	0	if (count != 2)
1081	0		croak ("Net::SSLeay: ssleay_ctx_set_psk_client_callback_invoke perl function did not return 2 values.\n");
1082
1083	0	0	psk_val = POPpx;
1084	0	0	identity_val = POPpx;
1085
1086	0	0	my_snprintf(identity, max_identity_len, "%s", identity_val);
		0
1087
1088	0	0	if (BN_hex2bn(&psk_bn, psk_val) > 0) {
1089	0	0	if (BN_num_bytes(psk_bn) <= max_psk_len) {
1090	0		psk_len = BN_bn2bin(psk_bn, psk);
1091			}
1092	0		BN_free(psk_bn);
1093			}
1094
1095	0		PUTBACK;
1096	0	0	FREETMPS;
1097	0		LEAVE;
1098
1099	0		return psk_len;
1100			}
1101
1102			#endif
1103
1104			#if (OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG)) \|\| (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT))
1105
1106	8		int next_proto_helper_AV2protodata(AV * list, unsigned char *out)
1107			{
1108	8		int i, last_index, ptr = 0;
1109	8		last_index = av_len(list);
1110	8	50	if (last_index<0) return 0;
1111	24	100	for(i=0; i<=last_index; i++) {
1112	16	50	char p = SvPV_nolen(av_fetch(list, i, 0));
1113	16		size_t len = strlen(p);
1114	16	50	if (len>255) return 0;
1115	16	100	if (out) {
1116			/* if out == NULL we only calculate the length of output */
1117	8		out[ptr] = (unsigned char)len;
1118	8		strncpy((char*)out+ptr+1, p, len);
1119			}
1120	16		ptr += strlen(p) + 1;
1121			}
1122	8		return ptr;
1123			}
1124
1125	0		int next_proto_helper_protodata2AV(AV * list, const unsigned char *in, unsigned int inlen)
1126			{
1127	0		unsigned int i = 0;
1128			unsigned char il;
1129	0	0	if (!list \|\| inlen<2) return 0;
		0
1130	0	0	while (i
1131	0		il = in[i++];
1132	0	0	if (i+il > inlen) return 0;
1133	0		av_push(list, newSVpv((const char*)in+i, il));
1134	0		i += il;
1135			}
1136	0		return 1;
1137			}
1138
1139			#endif
1140
1141			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
1142
1143	1		int next_proto_select_cb_invoke(SSL ssl, unsigned char out, unsigned char outlen,
1144			const unsigned char in, unsigned int inlen, void arg)
1145			{
1146			SV cb_func, cb_data;
1147			unsigned char *next_proto_data;
1148			size_t next_proto_len;
1149			int next_proto_status;
1150	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1151			/* this n_a is required for building with old perls: */
1152			STRLEN n_a;
1153
1154			PR1("STARTED: next_proto_select_cb_invoke\n");
1155	1		cb_func = cb_data_advanced_get(ctx, "next_proto_select_cb!!func");
1156	1		cb_data = cb_data_advanced_get(ctx, "next_proto_select_cb!!data");
1157			/* clear last_status value = store undef */
1158	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", NULL);
1159	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", NULL);
1160
1161	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1162	0		int count = -1;
1163	0		AV *list = newAV();
1164			SV *tmpsv;
1165	0		dSP;
1166
1167	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1168
1169	0		ENTER;
1170	0		SAVETMPS;
1171	0	0	PUSHMARK(SP);
1172	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1173	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1174	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1175	0		PUTBACK;
1176	0		count = call_sv( cb_func, G_ARRAY );
1177	0		SPAGAIN;
1178	0	0	if (count != 2)
1179	0		croak ("Net::SSLeay: next_proto_select_cb_invoke perl function did not return 2 values.\n");
1180	0	0	next_proto_data = (unsigned char*)POPpx;
1181	0	0	next_proto_status = POPi;
1182
1183	0		next_proto_len = strlen((const char*)next_proto_data);
1184	0	0	if (next_proto_len<=255) {
1185			/* store last_status + last_negotiated into global hash */
1186	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1187	0		tmpsv = newSVpv((const char*)next_proto_data, next_proto_len);
1188	0		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", tmpsv);
1189	0		out = (unsigned char )SvPVX(tmpsv);
1190	0		*outlen = next_proto_len;
1191			}
1192
1193	0		PUTBACK;
1194	0	0	FREETMPS;
1195	0		LEAVE;
1196
1197	0	0	return next_proto_len>255 ? SSL_TLSEXT_ERR_ALERT_FATAL : SSL_TLSEXT_ERR_OK;
1198			}
1199	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1200	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1201	1		Newx(next_proto_data, next_proto_len, unsigned char);
1202	1	50	if (!next_proto_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1203	1		next_proto_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), next_proto_data);
1204
1205	1		next_proto_status = SSL_select_next_proto(out, outlen, in, inlen, next_proto_data, next_proto_len);
1206	1		Safefree(next_proto_data);
1207	1	50	if (next_proto_status != OPENSSL_NPN_NEGOTIATED) {
1208	0		outlen = in;
1209	0		out = (unsigned char )in+1;
1210			}
1211
1212			/* store last_status + last_negotiated into global hash */
1213	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_status", newSViv(next_proto_status));
1214	1		cb_data_advanced_put(ssl, "next_proto_select_cb!!last_negotiated", newSVpv((const char)out, *outlen));
1215	1		return SSL_TLSEXT_ERR_OK;
1216			}
1217	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1218			}
1219
1220	1		int next_protos_advertised_cb_invoke(SSL ssl, const unsigned char out, unsigned int outlen, void *arg_unused)
1221			{
1222			SV cb_func, cb_data;
1223	1		unsigned char *protodata = NULL;
1224	1		unsigned short protodata_len = 0;
1225			SV *tmpsv;
1226			AV *tmpav;
1227	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1228
1229			PR1("STARTED: next_protos_advertised_cb_invoke");
1230	1		cb_func = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!func");
1231	1		cb_data = cb_data_advanced_get(ctx, "next_protos_advertised_cb!!data");
1232
1233	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1234	0		int count = -1;
1235	0		dSP;
1236	0		ENTER;
1237	0		SAVETMPS;
1238	0	0	PUSHMARK(SP);
1239	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1240	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1241	0		PUTBACK;
1242	0		count = call_sv( cb_func, G_SCALAR );
1243	0		SPAGAIN;
1244	0	0	if (count != 1)
1245	0		croak ("Net::SSLeay: next_protos_advertised_cb_invoke perl function did not return scalar value.\n");
1246	0		tmpsv = POPs;
1247	0	0	if (SvOK(tmpsv) && SvROK(tmpsv) && (SvTYPE(SvRV(tmpsv)) == SVt_PVAV)) {
		0
		0
		0
		0
1248	0		tmpav = (AV*)SvRV(tmpsv);
1249	0		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1250	0		Newx(protodata, protodata_len, unsigned char);
1251	0	0	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1252			}
1253	0		PUTBACK;
1254	0	0	FREETMPS;
1255	0		LEAVE;
1256			}
1257	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1258	1		tmpav = (AV*)SvRV(cb_data);
1259	1		protodata_len = next_proto_helper_AV2protodata(tmpav, NULL);
1260	1		Newx(protodata, protodata_len, unsigned char);
1261	1	50	if (protodata) next_proto_helper_AV2protodata(tmpav, protodata);
1262			}
1263	1	50	if (protodata) {
1264	1		tmpsv = newSVpv((const char*)protodata, protodata_len);
1265	1		Safefree(protodata);
1266	1		cb_data_advanced_put(ssl, "next_protos_advertised_cb!!last_advertised", tmpsv);
1267	1		out = (unsigned char )SvPVX(tmpsv);
1268	1		*outlen = protodata_len;
1269	1		return SSL_TLSEXT_ERR_OK;
1270			}
1271	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1272			}
1273
1274			#endif
1275
1276			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
1277
1278	1		int alpn_select_cb_invoke(SSL ssl, const unsigned char out, unsigned char outlen,
1279			const unsigned char in, unsigned int inlen, void arg)
1280			{
1281			SV cb_func, cb_data;
1282			unsigned char *alpn_data;
1283			size_t alpn_len;
1284	1		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1285
1286			PR1("STARTED: alpn_select_cb_invoke\n");
1287	1		cb_func = cb_data_advanced_get(ctx, "alpn_select_cb!!func");
1288	1		cb_data = cb_data_advanced_get(ctx, "alpn_select_cb!!data");
1289
1290	1	50	if (SvROK(cb_func) && (SvTYPE(SvRV(cb_func)) == SVt_PVCV)) {
		0
1291	0		int count = -1;
1292	0		AV *list = newAV();
1293			SV *tmpsv;
1294			SV *alpn_data_sv;
1295	0		dSP;
1296
1297	0	0	if (!next_proto_helper_protodata2AV(list, in, inlen)) return SSL_TLSEXT_ERR_ALERT_FATAL;
1298
1299	0		ENTER;
1300	0		SAVETMPS;
1301	0	0	PUSHMARK(SP);
1302	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1303	0	0	XPUSHs(sv_2mortal(newRV_inc((SV*)list)));
1304	0	0	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1305	0		PUTBACK;
1306	0		count = call_sv( cb_func, G_ARRAY );
1307	0		SPAGAIN;
1308	0	0	if (count != 1)
1309	0		croak ("Net::SSLeay: alpn_select_cb perl function did not return exactly 1 value.\n");
1310	0		alpn_data_sv = POPs;
1311	0	0	if (SvOK(alpn_data_sv)) {
		0
		0
1312	0	0	alpn_data = (unsigned char*)SvPV_nolen(alpn_data_sv);
1313	0		alpn_len = strlen((const char*)alpn_data);
1314	0	0	if (alpn_len <= 255) {
1315	0		tmpsv = newSVpv((const char*)alpn_data, alpn_len);
1316	0		out = (unsigned char )SvPVX(tmpsv);
1317	0		*outlen = alpn_len;
1318			}
1319			} else {
1320	0		alpn_data = NULL;
1321	0		alpn_len = 0;
1322			}
1323	0		PUTBACK;
1324	0	0	FREETMPS;
1325	0		LEAVE;
1326
1327	0	0	if (alpn_len>255) return SSL_TLSEXT_ERR_ALERT_FATAL;
1328	0	0	return alpn_data ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1329			}
1330	1	50	else if (SvROK(cb_data) && (SvTYPE(SvRV(cb_data)) == SVt_PVAV)) {
		50
1331			int status;
1332
1333	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), NULL);
1334	1		Newx(alpn_data, alpn_len, unsigned char);
1335	1	50	if (!alpn_data) return SSL_TLSEXT_ERR_ALERT_FATAL;
1336	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(cb_data), alpn_data);
1337
1338			/* This is the same function that is used for NPN. */
1339	1		status = SSL_select_next_proto((unsigned char **)out, outlen, in, inlen, alpn_data, alpn_len);
1340	1		Safefree(alpn_data);
1341	1	50	if (status != OPENSSL_NPN_NEGOTIATED) {
1342	0		outlen = in;
1343	0		*out = in+1;
1344			}
1345	1	50	return status == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
1346			}
1347	0		return SSL_TLSEXT_ERR_ALERT_FATAL;
1348			}
1349
1350			#endif
1351
1352	2		int pem_password_cb_invoke(char buf, int bufsize, int rwflag, void data) {
1353	2		dSP;
1354			char *str;
1355	2		int count = -1;
1356	2		size_t str_len = 0;
1357	2		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1358			/* this n_a is required for building with old perls: */
1359			STRLEN n_a;
1360
1361			PR1("STARTED: pem_password_cb_invoke\n");
1362	2	50	if (cb->func && SvOK(cb->func)) {
		50
		0
		0
1363	2		ENTER;
1364	2		SAVETMPS;
1365
1366	2	50	PUSHMARK(sp);
1367
1368	2	50	XPUSHs(sv_2mortal( newSViv(bufsize-1) ));
1369	2	50	XPUSHs(sv_2mortal( newSViv(rwflag) ));
1370	2	50	if (cb->data) XPUSHs( cb->data );
		0
1371
1372	2		PUTBACK;
1373
1374	2		count = call_sv( cb->func, G_SCALAR );
1375
1376	2		SPAGAIN;
1377
1378	2		buf[0] = 0; /* start with an empty password */
1379	2	50	if (count != 1) {
1380	0		croak("Net::SSLeay: pem_password_cb_invoke perl function did not return a scalar.\n");
1381			}
1382			else {
1383	2	50	str = POPpx;
1384	2		str_len = strlen(str);
1385	2	50	if (str_len+1 < bufsize) {
1386	2		strcpy(buf, str);
1387			}
1388			else {
1389	0		str_len = 0;
1390	0		warn("Net::SSLeay: pem_password_cb_invoke password too long\n");
1391			}
1392			}
1393
1394	2		PUTBACK;
1395	2	50	FREETMPS;
1396	2		LEAVE;
1397			}
1398	2		return str_len;
1399			}
1400
1401	845		void ssleay_RSA_generate_key_cb_invoke(int i, int n, void* data)
1402			{
1403	845		dSP;
1404	845		int count = -1;
1405	845		simple_cb_data_t* cb = (simple_cb_data_t*)data;
1406
1407			/* PR1("STARTED: ssleay_RSA_generate_key_cb_invoke\n"); / * too noisy */
1408	845	50	if (cb->func && SvOK(cb->func)) {
		100
		50
		50
1409	340		ENTER;
1410	340		SAVETMPS;
1411
1412	340	50	PUSHMARK(sp);
1413
1414	340	50	XPUSHs(sv_2mortal( newSViv(i) ));
1415	340	50	XPUSHs(sv_2mortal( newSViv(n) ));
1416	340	100	if (cb->data) XPUSHs( cb->data );
		50
1417
1418	340		PUTBACK;
1419
1420	340		count = call_sv( cb->func, G_VOID\|G_DISCARD );
1421
1422	339	50	if (count != 0)
1423	0		croak ("Net::SSLeay: ssleay_RSA_generate_key_cb_invoke "
1424			"perl function did return something in void context.\n");
1425
1426	339		SPAGAIN;
1427	339	50	FREETMPS;
1428	339		LEAVE;
1429			}
1430	844		}
1431
1432	16		void ssleay_info_cb_invoke(const SSL *ssl, int where, int ret)
1433			{
1434	16		dSP;
1435			SV cb_func, cb_data;
1436
1437	16		cb_func = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!func");
1438	16		cb_data = cb_data_advanced_get((void*)ssl, "ssleay_info_cb!!data");
1439
1440	16	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1441	0		croak ("Net::SSLeay: ssleay_info_cb_invoke called, but not set to point to any perl function.\n");
1442
1443	16		ENTER;
1444	16		SAVETMPS;
1445
1446	16	50	PUSHMARK(SP);
1447	16	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1448	16	50	XPUSHs(sv_2mortal(newSViv(where)) );
1449	16	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1450	16	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1451	16		PUTBACK;
1452
1453	16		call_sv(cb_func, G_VOID);
1454
1455	16		SPAGAIN;
1456	16		PUTBACK;
1457	16	50	FREETMPS;
1458	16		LEAVE;
1459	16		}
1460
1461	457		void ssleay_ctx_info_cb_invoke(const SSL *ssl, int where, int ret)
1462			{
1463	457		dSP;
1464			SV cb_func, cb_data;
1465	457		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1466
1467	457		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!func");
1468	457		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_info_cb!!data");
1469
1470	457	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1471	0		croak ("Net::SSLeay: ssleay_ctx_info_cb_invoke called, but not set to point to any perl function.\n");
1472
1473	457		ENTER;
1474	457		SAVETMPS;
1475
1476	457	50	PUSHMARK(SP);
1477	457	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1478	457	50	XPUSHs(sv_2mortal(newSViv(where)) );
1479	457	50	XPUSHs(sv_2mortal(newSViv(ret)) );
1480	457	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1481	457		PUTBACK;
1482
1483	457		call_sv(cb_func, G_VOID);
1484
1485	457		SPAGAIN;
1486	457		PUTBACK;
1487	457	50	FREETMPS;
1488	457		LEAVE;
1489	457		}
1490
1491	24		void ssleay_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1492			{
1493	24		dSP;
1494			SV cb_func, cb_data;
1495
1496	24		cb_func = cb_data_advanced_get(ssl, "ssleay_msg_cb!!func");
1497	24		cb_data = cb_data_advanced_get(ssl, "ssleay_msg_cb!!data");
1498
1499	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1500	0		croak ("Net::SSLeay: ssleay_msg_cb_invoke called, but not set to point to any perl function.\n");
1501
1502	24		ENTER;
1503	24		SAVETMPS;
1504
1505	24	50	PUSHMARK(SP);
1506	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1507	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1508	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1509	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1510	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1511	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1512	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1513	24		PUTBACK;
1514
1515	24		call_sv(cb_func, G_VOID);
1516
1517	24		SPAGAIN;
1518	24		PUTBACK;
1519	24	50	FREETMPS;
1520	24		LEAVE;
1521	24		}
1522
1523	24		void ssleay_ctx_msg_cb_invoke(int write_p, int version, int content_type, const void buf, size_t len, SSL ssl, void *arg)
1524			{
1525	24		dSP;
1526			SV cb_func, cb_data;
1527	24		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1528
1529	24		cb_func = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!func");
1530	24		cb_data = cb_data_advanced_get(ctx, "ssleay_ctx_msg_cb!!data");
1531
1532	24	50	if ( ! SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1533	0		croak ("Net::SSLeay: ssleay_ctx_msg_cb_invoke called, but not set to point to any perl function.\n");
1534
1535	24		ENTER;
1536	24		SAVETMPS;
1537
1538	24	50	PUSHMARK(SP);
1539	24	50	XPUSHs(sv_2mortal(newSViv(write_p)));
1540	24	50	XPUSHs(sv_2mortal(newSViv(version)));
1541	24	50	XPUSHs(sv_2mortal(newSViv(content_type)));
1542	24	50	XPUSHs(sv_2mortal(newSVpv((const char*)buf, len)));
1543	24	50	XPUSHs(sv_2mortal(newSViv(len)));
1544	24	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1545	24	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1546	24		PUTBACK;
1547
1548	24		call_sv(cb_func, G_VOID);
1549
1550	24		SPAGAIN;
1551	24		PUTBACK;
1552	24	50	FREETMPS;
1553	24		LEAVE;
1554	24		}
1555
1556			/*
1557			* Support for tlsext_ticket_key_cb_invoke was already in 0.9.8 but it was
1558			* broken in various ways during the various 1.0.0* versions.
1559			* Better enable it only starting with 1.0.1.
1560			*/
1561			#if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) && OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_TLSEXT)
1562			#define NET_SSLEAY_CAN_TICKET_KEY_CB
1563
1564	7		int tlsext_ticket_key_cb_invoke(
1565			SSL *ssl,
1566			unsigned char *key_name,
1567			unsigned char *iv,
1568			EVP_CIPHER_CTX *ectx,
1569			HMAC_CTX *hctx,
1570			int enc
1571			){
1572
1573	7		dSP;
1574	7		int count,usable_rv_count,hmac_key_len = 0;
1575			SV cb_func, cb_data;
1576			STRLEN svlen;
1577			unsigned char key[48]; /* key[0..15] aes, key[16..32] or key[16..48] hmac */
1578			unsigned char name[16];
1579	7		SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1580
1581			PR1("STARTED: tlsext_ticket_key_cb_invoke\n");
1582	7		cb_func = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!func");
1583	7		cb_data = cb_data_advanced_get(ctx, "tlsext_ticket_key_cb!!data");
1584
1585	7	50	if (!SvROK(cb_func) \|\| (SvTYPE(SvRV(cb_func)) != SVt_PVCV))
		50
1586	0		croak("callback must be a code reference");
1587
1588	7		ENTER;
1589	7		SAVETMPS;
1590	7	50	PUSHMARK(SP);
1591
1592	7	50	XPUSHs(sv_2mortal(newSVsv(cb_data)));
1593
1594	7	100	if (!enc) {
1595			/* call as getkey(data,this_name) -> (key,current_name) */
1596	4	50	XPUSHs(sv_2mortal(newSVpv((const char *)key_name,16)));
1597			} else {
1598			/* call as getkey(data) -> (key,current_name) */
1599			}
1600
1601	7		PUTBACK;
1602
1603	7		count = call_sv( cb_func, G_ARRAY );
1604
1605	7		SPAGAIN;
1606
1607	7	50	if (count>2)
1608	0		croak("too much return values - only (name,key) should be returned");
1609
1610	7		usable_rv_count = 0;
1611	7	100	if (count>0) {
1612	6		SV *sname = POPs;
1613	6	50	if (SvOK(sname)) {
		0
		0
1614	6	50	unsigned char pname = (unsigned char )SvPV(sname,svlen);
1615	6	50	if (svlen > 16)
1616	0		croak("name must be at at most 16 bytes, got %d",(int)svlen);
1617	6	50	if (svlen == 0)
1618	0		croak("name should not be empty");
1619	6		OPENSSL_cleanse(name, 16);
1620	6		memcpy(name,pname,svlen);
1621	6		usable_rv_count++;
1622			}
1623			}
1624	7	100	if (count>1) {
1625	6		SV *skey = POPs;
1626	6	50	if (SvOK(skey)) {
		0
		0
1627	6	50	unsigned char pkey = (unsigned char )SvPV(skey,svlen);
1628	6	50	if (svlen != 32 && svlen != 48)
		0
1629	0		croak("key must be 32 or 48 random bytes, got %d",(int)svlen);
1630	6		hmac_key_len = (int)svlen - 16;
1631	6		memcpy(key,pkey,(int)svlen);
1632	6		usable_rv_count++;
1633			}
1634			}
1635
1636	7		PUTBACK;
1637	7	50	FREETMPS;
1638	7		LEAVE;
1639
1640	7	100	if (!enc && usable_rv_count == 0) {
		100
1641	1		TRACE(2,"no key returned for ticket");
1642	1		return 0;
1643			}
1644	6	50	if (usable_rv_count != 2)
1645	0		croak("key functions needs to return (key,name)");
1646
1647	6	100	if (enc) {
1648			/* encrypt ticket information with given key */
1649	3		RAND_bytes(iv, 16);
1650	3		EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1651	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1652	3		memcpy(key_name,name,16);
1653	3		return 1;
1654
1655			} else {
1656	3		HMAC_Init_ex(hctx,key+16,hmac_key_len,EVP_sha256(),NULL);
1657	3		EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key, iv);
1658
1659	3	100	if (memcmp(name,key_name,16) == 0)
1660	2		return 1; /* current key was used */
1661			else
1662	7		return 2; /* different key was used, need to be renewed */
1663			}
1664			}
1665
1666			#endif
1667
1668	6		int ssleay_ssl_ctx_sess_new_cb_invoke(struct ssl_st ssl, SSL_SESSION sess)
1669			{
1670	6		dSP;
1671			int count, remove;
1672			SSL_CTX *ctx;
1673			SV *cb_func;
1674
1675			PR1("STARTED: ssleay_ssl_ctx_sess_new_cb_invoke\n");
1676	6		ctx = SSL_get_SSL_CTX(ssl);
1677	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_new_cb!!func");
1678
1679	6	50	if(!SvOK(cb_func))
		0
		0
1680	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke called, but not set to point to any perl function.\n");
1681
1682	6		ENTER;
1683	6		SAVETMPS;
1684
1685	6	50	PUSHMARK(sp);
1686	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1687	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1688	6		PUTBACK;
1689
1690	6		count = call_sv(cb_func, G_SCALAR);
1691
1692	6		SPAGAIN;
1693
1694	6	50	if (count != 1)
1695	0		croak("Net::SSLeay: ssleay_ssl_ctx_sess_new_cb_invoke perl function did not return a scalar\n");
1696
1697	6	50	remove = POPi;
1698
1699	6		PUTBACK;
1700	6	50	FREETMPS;
1701	6		LEAVE;
1702
1703	6		return remove;
1704			}
1705
1706	6		void ssleay_ssl_ctx_sess_remove_cb_invoke(SSL_CTX ctx, SSL_SESSION sess)
1707			{
1708	6		dSP;
1709			SV *cb_func;
1710
1711			PR1("STARTED: ssleay_ssl_ctx_sess_remove_cb_invoke\n");
1712	6		cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func");
1713
1714	6	50	if(!SvOK(cb_func))
		0
		0
1715	0		croak ("Net::SSLeay: ssleay_ssl_ctx_sess_remove_cb_invoke called, but not set to point to any perl function.\n");
1716
1717	6		ENTER;
1718	6		SAVETMPS;
1719
1720	6	50	PUSHMARK(sp);
1721	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(ctx))));
1722	6	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(sess))));
1723	6		PUTBACK;
1724
1725	6		call_sv(cb_func, G_VOID);
1726
1727	6		SPAGAIN;
1728
1729	6		PUTBACK;
1730	6	50	FREETMPS;
1731	6		LEAVE;
1732	6		}
1733
1734			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1735			int ossl_provider_do_all_cb_invoke(OSSL_PROVIDER provider, void cbdata) {
1736			dSP;
1737			int ret = 1;
1738			int count = -1;
1739			simple_cb_data_t *cb = cbdata;
1740
1741			PR1("STARTED: ossl_provider_do_all_cb_invoke\n");
1742			if (cb->func && SvOK(cb->func)) {
1743			ENTER;
1744			SAVETMPS;
1745
1746			PUSHMARK(SP);
1747			XPUSHs(sv_2mortal(newSViv(PTR2IV(provider))));
1748			if (cb->data) XPUSHs(cb->data);
1749
1750			PUTBACK;
1751
1752			count = call_sv(cb->func, G_SCALAR);
1753
1754			SPAGAIN;
1755
1756			if (count != 1)
1757			croak("Net::SSLeay: ossl_provider_do_all_cb_invoke perl function did not return a scalar\n");
1758
1759			ret = POPi;
1760
1761			PUTBACK;
1762			FREETMPS;
1763			LEAVE;
1764			}
1765
1766			return ret;
1767			}
1768			#endif
1769
1770			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
1771			void ssl_ctx_keylog_cb_func_invoke(const SSL ssl, const char line)
1772			{
1773			dSP;
1774			SV *cb_func;
1775			SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
1776
1777			PR1("STARTED: ssl_ctx_keylog_cb_func_invoke\n");
1778			cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
1779
1780			if(!SvOK(cb_func))
1781			croak ("Net::SSLeay: ssl_ctx_keylog_cb_func_invoke called, but not set to point to any perl function.\n");
1782
1783			ENTER;
1784			SAVETMPS;
1785
1786			PUSHMARK(SP);
1787			XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
1788			XPUSHs(sv_2mortal(newSVpv(line, 0)));
1789
1790			PUTBACK;
1791
1792			call_sv(cb_func, G_VOID);
1793
1794			SPAGAIN;
1795			PUTBACK;
1796			FREETMPS;
1797			LEAVE;
1798
1799			return;
1800			}
1801			#endif
1802
1803			/* ============= end of callback stuff, begin helper functions ============== */
1804
1805	0		time_t ASN1_TIME_timet(ASN1_TIME asn1t, time_t gmtoff) {
1806			struct tm t;
1807	0		const char p = (const char) asn1t->data;
1808	0		size_t msec = 0, tz = 0, i, l;
1809			time_t result;
1810	0		int adj = 0;
1811
1812	0	0	if (asn1t->type == V_ASN1_UTCTIME) {
1813	0	0	if (asn1t->length<12 \|\| asn1t->length>17) return 0;
		0
1814	0	0	if (asn1t->length>12) tz = 12;
1815			} else {
1816	0	0	if (asn1t->length<14) return 0;
1817	0	0	if (asn1t->length>14) {
1818	0	0	if (p[14] == '.') {
1819	0		msec = 14;
1820	0	0	for(i=msec+1;ilength && p[i]>='0' && p[i]<='9';i++) ;
		0
		0
1821	0	0	if (ilength) tz = i;
1822			} else {
1823	0		tz = 14;
1824			}
1825			}
1826			}
1827
1828	0	0	l = msec ? msec : tz ? tz : asn1t->length;
		0
1829	0	0	for(i=0;i
1830	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1831			}
1832
1833			/* extract data and time */
1834	0		OPENSSL_cleanse(&t, sizeof(t));
1835	0	0	if (asn1t->type == V_ASN1_UTCTIME) { /* YY - two digit year */
1836	0		t.tm_year = (p[0]-'0')*10 + (p[1]-'0');
1837	0	0	if (t.tm_year < 70) t.tm_year += 100;
1838	0		i=2;
1839			} else { /* YYYY */
1840	0		t.tm_year = (p[0]-'0')1000 + (p[1]-'0')100 + (p[2]-'0')*10 + p[3]-'0';
1841	0		t.tm_year -= 1900;
1842	0		i=4;
1843			}
1844	0		t.tm_mon = (p[i+0]-'0')10 + (p[i+1]-'0') -1; / MM, starts with 0 in tm */
1845	0		t.tm_mday = (p[i+2]-'0')10 + (p[i+3]-'0'); / DD */
1846	0		t.tm_hour = (p[i+4]-'0')10 + (p[i+5]-'0'); / hh */
1847	0		t.tm_min = (p[i+6]-'0')10 + (p[i+7]-'0'); / mm */
1848	0		t.tm_sec = (p[i+8]-'0')10 + (p[i+9]-'0'); / ss */
1849
1850			/* skip msec, because time_t does not support it */
1851
1852	0	0	if (tz) {
1853			/* TZ is 'Z' or [+-]DDDD and after TZ the string must stop*/
1854	0	0	if (p[tz] == 'Z') {
1855	0	0	if (asn1t->length>tz+1 ) return 0;
1856	0	0	} else if (asn1t->length
		0
		0
1857	0		return 0;
1858			} else {
1859	0	0	if (asn1t->length>tz+5 ) return 0;
1860	0	0	for(i=tz+1;i
1861	0	0	if (p[i]<'0' \|\| p[i]>'9') return 0;
		0
1862			}
1863	0		adj = ((p[tz+1]-'0')10 + (p[tz+2]-'0'))3600
1864	0		+ ((p[tz+3]-'0')10 + (p[tz+4]-'0'))60;
1865	0	0	if (p[tz]=='+') adj= -1; / +0500: subtract 5 hours to get UTC */
1866			}
1867			}
1868
1869	0		result = mktime(&t);
1870	0	0	if (result == -1) return 0; /* broken time */
1871	0		result += adj;
1872	0	0	if (gmtoff && *gmtoff == -1) {
		0
1873	0		*gmtoff = result - mktime(gmtime(&result));
1874	0		result += *gmtoff;
1875			} else {
1876	0		result += result - mktime(gmtime(&result));
1877			}
1878	0		return result;
1879			}
1880
1881	0		X509 * find_issuer(X509 cert,X509_STORE store, STACK_OF(X509) *chain) {
1882			int i;
1883	0		X509 *issuer = NULL;
1884
1885			/* search first in the chain */
1886	0	0	if (chain) {
1887	0	0	for(i=0;i
1888	0	0	if ( X509_check_issued(sk_X509_value(chain,i),cert) == X509_V_OK ) {
1889	0		TRACE(2,"found issuer in chain");
1890	0		issuer = X509_dup(sk_X509_value(chain,i));
1891			}
1892			}
1893			}
1894			/* if not in the chain it might be in the store */
1895	0	0	if ( !issuer && store ) {
		0
1896	0		X509_STORE_CTX *stx = X509_STORE_CTX_new();
1897	0	0	if (stx && X509_STORE_CTX_init(stx,store,cert,NULL)) {
		0
1898	0		int ok = X509_STORE_CTX_get1_issuer(&issuer,stx,cert);
1899	0	0	if (ok<0) {
1900	0		int err = ERR_get_error();
1901	0	0	if(err) {
1902	0		TRACE(2,"failed to get issuer: %s",ERR_error_string(err,NULL));
1903			} else {
1904	0		TRACE(2,"failed to get issuer: unknown error");
1905			}
1906	0	0	} else if (ok == 0 ) {
1907	0		TRACE(2,"failed to get issuer(0)");
1908			} else {
1909	0		TRACE(2,"got issuer");
1910			}
1911			}
1912	0	0	if (stx) X509_STORE_CTX_free(stx);
1913			}
1914	0		return issuer;
1915			}
1916
1917	8		static SV bn2sv(const BIGNUM p_bn)
1918			{
1919	8		return p_bn != NULL
1920	8		? sv_2mortal(newSViv(PTR2IV(BN_dup(p_bn))))
1921	16	50	: &PL_sv_undef;
1922			}
1923
1924			/* ============= end of helper functions ============== */
1925
1926			MODULE = Net::SSLeay PACKAGE = Net::SSLeay PREFIX = SSL_
1927
1928			PROTOTYPES: ENABLE
1929
1930			BOOT:
1931			{
1932			MY_CXT_INIT;
1933	54		LIB_initialized = 0;
1934			#ifdef USE_ITHREADS
1935			MUTEX_INIT(&LIB_init_mutex);
1936			#ifdef OPENSSL_THREADS
1937			/* If we running under ModPerl, we dont need our own thread locking because
1938			* perl threads are not supported under mod-perl, and we can fall back to the thread
1939			* locking built in to mod-ssl
1940			*/
1941			if (!hv_fetch(get_hv("ENV", 1), "MOD_PERL", 8, 0))
1942			openssl_threads_init();
1943			#endif
1944			#endif
1945			/* initialize global shared callback data hash */
1946	54		MY_CXT.global_cb_data = newHV();
1947	54		MY_CXT.tid = get_my_thread_id();
1948			#ifdef USE_ITHREADS
1949			PR3("BOOT: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1950			#else
1951			PR1("BOOT:\n");
1952			#endif
1953			}
1954
1955			void
1956			CLONE(...)
1957			CODE:
1958			MY_CXT_CLONE;
1959			/* reset all callback related data as we want to prevent
1960			* cross-thread callbacks
1961			* TODO: later somebody can make the global hash MY_CXT.global_cb_data
1962			* somehow shared between threads
1963			*/
1964	0		MY_CXT.global_cb_data = newHV();
1965	0		MY_CXT.tid = get_my_thread_id();
1966			#ifdef USE_ITHREADS
1967			PR3("CLONE: tid=%lu my_perl=%p\n", MY_CXT.tid, my_perl);
1968			#else
1969			PR1("CLONE: but USE_ITHREADS not defined\n");
1970			#endif
1971
1972			#ifdef NET_SSLEAY_32BIT_CONSTANTS
1973			double
1974			constant(name)
1975			char * name
1976			CODE:
1977	1107		errno = 0;
1978	1107		RETVAL = constant(name, strlen(name));
1979			OUTPUT:
1980			RETVAL
1981
1982			#else
1983
1984			uint64_t
1985			constant(name)
1986			char * name
1987			CODE:
1988			errno = 0;
1989			RETVAL = constant(name, strlen(name));
1990			OUTPUT:
1991			RETVAL
1992
1993			#endif
1994
1995			int
1996			hello()
1997			CODE:
1998			PR1("\tSSLeay Hello World!\n");
1999	1		RETVAL = 1;
2000			OUTPUT:
2001			RETVAL
2002
2003			#define REM0 "============= version related functions =============="
2004
2005			unsigned long
2006			SSLeay()
2007
2008			const char *
2009			SSLeay_version(type=SSLEAY_VERSION)
2010			int type
2011
2012			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2013
2014			unsigned long
2015			OpenSSL_version_num()
2016
2017			const char *
2018			OpenSSL_version(t=OPENSSL_VERSION)
2019			int t
2020
2021			#endif /* OpenSSL 1.1.0 */
2022
2023			#if (OPENSSL_VERSION_MAJOR >= 3)
2024
2025			unsigned int
2026			OPENSSL_version_major()
2027
2028			unsigned int
2029			OPENSSL_version_minor()
2030
2031			unsigned int
2032			OPENSSL_version_patch()
2033
2034			const char *
2035			OPENSSL_version_pre_release()
2036
2037			const char *
2038			OPENSSL_version_build_metadata()
2039
2040			const char *
2041			OPENSSL_info(int t)
2042
2043			#endif
2044
2045			#define REM1 "============= SSL CONTEXT functions =============="
2046
2047			SSL_CTX *
2048			SSL_CTX_new()
2049			CODE:
2050	12		RETVAL = SSL_CTX_new (SSLv23_method());
2051			OUTPUT:
2052			RETVAL
2053
2054
2055			#if OPENSSL_VERSION_NUMBER < 0x10100000L
2056			#ifndef OPENSSL_NO_SSL2
2057
2058			SSL_CTX *
2059			SSL_CTX_v2_new()
2060			CODE:
2061			RETVAL = SSL_CTX_new (SSLv2_method());
2062			OUTPUT:
2063			RETVAL
2064
2065			#endif
2066			#endif
2067			#ifndef OPENSSL_NO_SSL3
2068
2069			SSL_CTX *
2070			SSL_CTX_v3_new()
2071			CODE:
2072			RETVAL = SSL_CTX_new (SSLv3_method());
2073			OUTPUT:
2074			RETVAL
2075
2076			#endif
2077
2078			SSL_CTX *
2079			SSL_CTX_v23_new()
2080			CODE:
2081	1		RETVAL = SSL_CTX_new (SSLv23_method());
2082			OUTPUT:
2083			RETVAL
2084
2085			#if !defined(OPENSSL_NO_TLS1_METHOD)
2086
2087			SSL_CTX *
2088			SSL_CTX_tlsv1_new()
2089			CODE:
2090	1		RETVAL = SSL_CTX_new (TLSv1_method());
2091			OUTPUT:
2092			RETVAL
2093
2094			#endif
2095
2096			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
2097
2098			SSL_CTX *
2099			SSL_CTX_tlsv1_1_new()
2100			CODE:
2101	0		RETVAL = SSL_CTX_new (TLSv1_1_method());
2102			OUTPUT:
2103			RETVAL
2104
2105			#endif
2106
2107			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
2108
2109			SSL_CTX *
2110			SSL_CTX_tlsv1_2_new()
2111			CODE:
2112	1		RETVAL = SSL_CTX_new (TLSv1_2_method());
2113			OUTPUT:
2114			RETVAL
2115
2116			#endif
2117
2118			SSL_CTX *
2119			SSL_CTX_new_with_method(meth)
2120			SSL_METHOD * meth
2121			CODE:
2122	204		RETVAL = SSL_CTX_new (meth);
2123			OUTPUT:
2124			RETVAL
2125
2126			void
2127			SSL_CTX_free(ctx)
2128			SSL_CTX * ctx
2129			CODE:
2130	163		SSL_CTX_free(ctx);
2131	163		cb_data_advanced_drop(ctx); /* clean callback related data from global hash */
2132
2133			int
2134			SSL_CTX_add_session(ctx,ses)
2135			SSL_CTX * ctx
2136			SSL_SESSION * ses
2137
2138			int
2139			SSL_CTX_remove_session(ctx,ses)
2140			SSL_CTX * ctx
2141			SSL_SESSION * ses
2142
2143			void
2144			SSL_CTX_flush_sessions(ctx,tm)
2145			SSL_CTX * ctx
2146			long tm
2147
2148			int
2149			SSL_CTX_set_default_verify_paths(ctx)
2150			SSL_CTX * ctx
2151
2152			int
2153			SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
2154			SSL_CTX * ctx
2155			char * CAfile
2156			char * CApath
2157			CODE:
2158	21	50	RETVAL = SSL_CTX_load_verify_locations (ctx,
		50
2159	7	50	CAfile?(*CAfile?CAfile:NULL):NULL,
2160	7	50	CApath?(*CApath?CApath:NULL):NULL
2161			);
2162			OUTPUT:
2163			RETVAL
2164
2165			void
2166			SSL_CTX_set_verify(ctx,mode,callback=&PL_sv_undef)
2167			SSL_CTX * ctx
2168			int mode
2169			SV * callback
2170			CODE:
2171
2172			/* Former versions of SSLeay checked if the callback was a true boolean value
2173			* and didn't call it if it was false. Therefor some people set the callback
2174			* to '0' if they don't want to use it (IO::Socket::SSL for example). Therefor
2175			* we don't execute the callback if it's value isn't something true to retain
2176			* backwards compatibility.
2177			*/
2178
2179	1	50	if (callback==NULL \|\| !SvOK(callback) \|\| !SvTRUE(callback)) {
		50
		0
		0
		50
		50
		0
		50
		0
		0
		50
		0
		0
		0
		0
		0
		50
		0
		0
		0
		0
		0
		50
2180	0		SSL_CTX_set_verify(ctx, mode, NULL);
2181	0		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", NULL);
2182			} else {
2183	1		cb_data_advanced_put(ctx, "ssleay_verify_callback!!func", newSVsv(callback));
2184	1		SSL_CTX_set_verify(ctx, mode, &ssleay_verify_callback_invoke);
2185			}
2186
2187			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
2188
2189			void
2190			SSL_CTX_set_security_level(SSL_CTX * ctx, int level)
2191
2192			int
2193			SSL_CTX_get_security_level(SSL_CTX * ctx)
2194
2195			#endif
2196
2197			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
2198
2199			int
2200			SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
2201
2202			size_t
2203			SSL_CTX_get_num_tickets(SSL_CTX *ctx)
2204
2205			#endif
2206
2207			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
2208
2209			int
2210			SSL_CTX_set_ciphersuites(SSL_CTX ctx, const char str)
2211
2212			#endif
2213
2214			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2215
2216			void
2217			SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
2218
2219			#endif
2220
2221			void
2222			SSL_CTX_sess_set_new_cb(ctx, callback)
2223			SSL_CTX * ctx
2224			SV * callback
2225			CODE:
2226	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2227	0		SSL_CTX_sess_set_new_cb(ctx, NULL);
2228	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", NULL);
2229			}
2230			else {
2231	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_new_cb!!func", newSVsv(callback));
2232	6		SSL_CTX_sess_set_new_cb(ctx, &ssleay_ssl_ctx_sess_new_cb_invoke);
2233			}
2234
2235			void
2236			SSL_CTX_sess_set_remove_cb(ctx, callback)
2237			SSL_CTX * ctx
2238			SV * callback
2239			CODE:
2240	6	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2241	0		SSL_CTX_sess_set_remove_cb(ctx, NULL);
2242	0		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", NULL);
2243			}
2244			else {
2245	6		cb_data_advanced_put(ctx, "ssleay_ssl_ctx_sess_remove_cb!!func", newSVsv(callback));
2246	6		SSL_CTX_sess_set_remove_cb(ctx, &ssleay_ssl_ctx_sess_remove_cb_invoke);
2247			}
2248
2249			int
2250			SSL_get_error(s,ret)
2251			SSL * s
2252			int ret
2253
2254			#define REM10 "============= SSL functions =============="
2255
2256			SSL *
2257			SSL_new(ctx)
2258			SSL_CTX * ctx
2259
2260			void
2261			SSL_free(s)
2262			SSL * s
2263			CODE:
2264	187		SSL_free(s);
2265	187		cb_data_advanced_drop(s); /* clean callback related data from global hash */
2266
2267			#if 0 /* this seems to be gone in 0.9.0 */
2268			void
2269			SSL_debug(file)
2270			char * file
2271
2272			#endif
2273
2274			int
2275			SSL_accept(s)
2276			SSL * s
2277
2278			void
2279			SSL_clear(s)
2280			SSL * s
2281
2282			int
2283			SSL_connect(s)
2284			SSL * s
2285
2286
2287			#if defined(WIN32)
2288
2289			int
2290			SSL_set_fd(s,fd)
2291			SSL * s
2292			perl_filehandle_t fd
2293			CODE:
2294			RETVAL = SSL_set_fd(s,_get_osfhandle(fd));
2295			OUTPUT:
2296			RETVAL
2297
2298			int
2299			SSL_set_rfd(s,fd)
2300			SSL * s
2301			perl_filehandle_t fd
2302			CODE:
2303			RETVAL = SSL_set_rfd(s,_get_osfhandle(fd));
2304			OUTPUT:
2305			RETVAL
2306
2307			int
2308			SSL_set_wfd(s,fd)
2309			SSL * s
2310			perl_filehandle_t fd
2311			CODE:
2312			RETVAL = SSL_set_wfd(s,_get_osfhandle(fd));
2313			OUTPUT:
2314			RETVAL
2315
2316			#else
2317
2318			int
2319			SSL_set_fd(s,fd)
2320			SSL * s
2321			perl_filehandle_t fd
2322
2323			int
2324			SSL_set_rfd(s,fd)
2325			SSL * s
2326			perl_filehandle_t fd
2327
2328			int
2329			SSL_set_wfd(s,fd)
2330			SSL * s
2331			perl_filehandle_t fd
2332
2333			#endif
2334
2335			int
2336			SSL_get_fd(s)
2337			SSL * s
2338
2339			void
2340			SSL_read(s,max=32768)
2341			SSL * s
2342			int max
2343			PREINIT:
2344			char *buf;
2345			int got;
2346	306		int succeeded = 1;
2347			PPCODE:
2348	306		New(0, buf, max, char);
2349
2350	306		got = SSL_read(s, buf, max);
2351	306	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		100
2352	6		succeeded = 0;
2353
2354			/* If in list context, return 2-item list:
2355			* first return value: data gotten, or undef on error (got<0)
2356			* second return value: result from SSL_read()
2357			*/
2358	306	50	if (GIMME_V==G_ARRAY) {
		100
2359	286	50	EXTEND(SP, 2);
2360	286	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2361	286		PUSHs(sv_2mortal(newSViv(got)));
2362
2363			/* If in scalar or void context, return data gotten, or undef on error. */
2364			} else {
2365	20	50	EXTEND(SP, 1);
2366	20	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2367			}
2368
2369	306		Safefree(buf);
2370
2371			void
2372			SSL_peek(s,max=32768)
2373			SSL * s
2374			int max
2375			PREINIT:
2376			char *buf;
2377			int got;
2378	5		int succeeded = 1;
2379			PPCODE:
2380	5		New(0, buf, max, char);
2381
2382	5		got = SSL_peek(s, buf, max);
2383	5	100	if (got <= 0 && SSL_ERROR_ZERO_RETURN != SSL_get_error(s, got))
		50
2384	2		succeeded = 0;
2385
2386			/* If in list context, return 2-item list:
2387			* first return value: data gotten, or undef on error (got<0)
2388			* second return value: result from SSL_peek()
2389			*/
2390	5	50	if (GIMME_V==G_ARRAY) {
		100
2391	2	50	EXTEND(SP, 2);
2392	2	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2393	2		PUSHs(sv_2mortal(newSViv(got)));
2394
2395			/* If in scalar or void context, return data gotten, or undef on error. */
2396			} else {
2397	3	50	EXTEND(SP, 1);
2398	3	100	PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, got) : newSV(0)));
2399			}
2400	5		Safefree(buf);
2401
2402			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2403
2404			void
2405			SSL_read_ex(s,max=32768)
2406			SSL * s
2407			int max
2408			PREINIT:
2409			char *buf;
2410			size_t readbytes;
2411			int succeeded;
2412			PPCODE:
2413			Newx(buf, max, char);
2414
2415			succeeded = SSL_read_ex(s, buf, max, &readbytes);
2416
2417			/* Return 2-item list:
2418			* first return value: data gotten, or undef on error
2419			* second return value: result from SSL_read_ex()
2420			*/
2421			EXTEND(SP, 2);
2422			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2423			PUSHs(sv_2mortal(newSViv(succeeded)));
2424
2425			Safefree(buf);
2426
2427
2428			void
2429			SSL_peek_ex(s,max=32768)
2430			SSL * s
2431			int max
2432			PREINIT:
2433			char *buf;
2434			size_t readbytes;
2435			int succeeded;
2436			PPCODE:
2437			Newx(buf, max, char);
2438
2439			succeeded = SSL_peek_ex(s, buf, max, &readbytes);
2440
2441			/* Return 2-item list:
2442			* first return value: data gotten, or undef on error
2443			* second return value: result from SSL_peek_ex()
2444			*/
2445			EXTEND(SP, 2);
2446			PUSHs(sv_2mortal(succeeded ? newSVpvn(buf, readbytes) : newSV(0)));
2447			PUSHs(sv_2mortal(newSViv(succeeded)));
2448
2449			Safefree(buf);
2450
2451			void
2452			SSL_write_ex(s,buf)
2453			SSL * s
2454			PREINIT:
2455			STRLEN len;
2456			size_t written;
2457			int succeeded;
2458			INPUT:
2459			char * buf = SvPV( ST(1), len);
2460			PPCODE:
2461			succeeded = SSL_write_ex(s, buf, len, &written);
2462
2463			/* Return 2-item list:
2464			* first return value: data gotten, or undef on error
2465			* second return value: result from SSL_read_ex()
2466			*/
2467			EXTEND(SP, 2);
2468			PUSHs(sv_2mortal(newSVuv(written)));
2469			PUSHs(sv_2mortal(newSViv(succeeded)));
2470
2471			#endif
2472
2473			int
2474			SSL_write(s,buf)
2475			SSL * s
2476			PREINIT:
2477			STRLEN len;
2478			INPUT:
2479			char * buf = SvPV( ST(1), len);
2480			CODE:
2481	20		RETVAL = SSL_write (s, buf, (int)len);
2482			OUTPUT:
2483			RETVAL
2484
2485			int
2486			SSL_write_partial(s,from,count,buf)
2487			SSL * s
2488			int from
2489			int count
2490			PREINIT:
2491			STRLEN ulen;
2492			IV len;
2493			INPUT:
2494			char * buf = SvPV( ST(3), ulen);
2495			CODE:
2496			/*
2497			if (SvROK( ST(3) )) {
2498			SV* t = SvRV( ST(3) );
2499			buf = SvPV( t, len);
2500			} else
2501			buf = SvPV( ST(3), len);
2502			*/
2503			PR4("write_partial from=%d count=%d len=%lu\n",from,count,ulen);
2504			/PR2("buf='%s'\n",&buf[from]); / too noisy */
2505	22		len = (IV)ulen;
2506	22		len -= from;
2507	22	50	if (len < 0) {
2508	0		croak("from beyound end of buffer");
2509			RETVAL = -1;
2510			} else
2511	22		RETVAL = SSL_write (s, &(buf[from]), (count<=len)?count:len);
2512			OUTPUT:
2513			RETVAL
2514
2515			int
2516			SSL_use_RSAPrivateKey(s,rsa)
2517			SSL * s
2518			RSA * rsa
2519
2520			int
2521			SSL_use_RSAPrivateKey_ASN1(s,d,len)
2522			SSL * s
2523			unsigned char * d
2524			long len
2525
2526			int
2527			SSL_use_RSAPrivateKey_file(s,file,type)
2528			SSL * s
2529			char * file
2530			int type
2531
2532			int
2533			SSL_CTX_use_RSAPrivateKey_file(ctx,file,type)
2534			SSL_CTX * ctx
2535			char * file
2536			int type
2537
2538			int
2539			SSL_use_PrivateKey(s,pkey)
2540			SSL * s
2541			EVP_PKEY * pkey
2542
2543			int
2544			SSL_use_PrivateKey_ASN1(pk,s,d,len)
2545			int pk
2546			SSL * s
2547			unsigned char * d
2548			long len
2549
2550			int
2551			SSL_use_PrivateKey_file(s,file,type)
2552			SSL * s
2553			char * file
2554			int type
2555
2556			int
2557			SSL_CTX_use_PrivateKey_file(ctx,file,type)
2558			SSL_CTX * ctx
2559			char * file
2560			int type
2561
2562			int
2563			SSL_use_certificate(s,x)
2564			SSL * s
2565			X509 * x
2566
2567			int
2568			SSL_use_certificate_ASN1(s,d,len)
2569			SSL * s
2570			unsigned char * d
2571			long len
2572
2573			int
2574			SSL_use_certificate_file(s,file,type)
2575			SSL * s
2576			char * file
2577			int type
2578
2579			int
2580			SSL_CTX_use_certificate_file(ctx,file,type)
2581			SSL_CTX * ctx
2582			char * file
2583			int type
2584
2585			const char *
2586			SSL_state_string(s)
2587			SSL * s
2588
2589			const char *
2590			SSL_rstate_string(s)
2591			SSL * s
2592
2593			const char *
2594			SSL_state_string_long(s)
2595			SSL * s
2596
2597			const char *
2598			SSL_rstate_string_long(s)
2599			SSL * s
2600
2601
2602			long
2603			SSL_get_time(ses)
2604			SSL_SESSION * ses
2605
2606			long
2607			SSL_set_time(ses,t)
2608			SSL_SESSION * ses
2609			long t
2610
2611			long
2612			SSL_get_timeout(ses)
2613			SSL_SESSION * ses
2614
2615			long
2616			SSL_set_timeout(ses,t)
2617			SSL_SESSION * ses
2618			long t
2619
2620			void
2621			SSL_copy_session_id(to,from)
2622			SSL * to
2623			SSL * from
2624
2625			void
2626			SSL_set_read_ahead(s,yes=1)
2627			SSL * s
2628			int yes
2629
2630			int
2631			SSL_get_read_ahead(s)
2632			SSL * s
2633
2634			int
2635			SSL_pending(s)
2636			SSL * s
2637
2638			#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
2639
2640			int
2641			SSL_has_pending(s)
2642			SSL * s
2643
2644			#endif
2645
2646			int
2647			SSL_CTX_set_cipher_list(s,str)
2648			SSL_CTX * s
2649			char * str
2650
2651			void
2652			SSL_get_ciphers(s)
2653			SSL * s
2654			PREINIT:
2655	4		STACK_OF(SSL_CIPHER) *sk = NULL;
2656			const SSL_CIPHER *c;
2657			int i;
2658			PPCODE:
2659	4		sk = SSL_get_ciphers(s);
2660	4	100	if( sk == NULL ) {
2661	2		XSRETURN_EMPTY;
2662			}
2663	196	100	for (i=0; i
2664	194		c = sk_SSL_CIPHER_value(sk, i);
2665	194	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(c))));
2666			}
2667
2668			const char *
2669			SSL_get_cipher_list(s,n)
2670			SSL * s
2671			int n
2672
2673			int
2674			SSL_set_cipher_list(s,str)
2675			SSL * s
2676			char * str
2677
2678			const char *
2679			SSL_get_cipher(s)
2680			SSL * s
2681
2682			void
2683			SSL_get_shared_ciphers(s,ignored_param1=0,ignored_param2=0)
2684			SSL *s
2685			int ignored_param1
2686			int ignored_param2
2687			PREINIT:
2688			char buf[8192];
2689			CODE:
2690	7		ST(0) = sv_newmortal(); /* undef to start with */
2691	7	50	if(SSL_get_shared_ciphers(s, buf, sizeof(buf)))
2692	7		sv_setpvn(ST(0), buf, strlen(buf));
2693
2694			X509 *
2695			SSL_get_peer_certificate(s)
2696			SSL * s
2697
2698			void
2699			SSL_get_peer_cert_chain(s)
2700			SSL * s
2701			PREINIT:
2702	0		STACK_OF(X509) *chain = NULL;
2703			X509 *x;
2704			int i;
2705			PPCODE:
2706	0		chain = SSL_get_peer_cert_chain(s);
2707	0	0	if( chain == NULL ) {
2708	0		XSRETURN_EMPTY;
2709			}
2710	0	0	for (i=0; i
2711	0		x = sk_X509_value(chain, i);
2712	0	0	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
2713			}
2714
2715			void
2716			SSL_set_verify(s,mode,callback)
2717			SSL * s
2718			int mode
2719			SV * callback
2720			CODE:
2721	7	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
2722	0		SSL_set_verify(s, mode, NULL);
2723	0		cb_data_advanced_put(s, "ssleay_verify_callback!!func", NULL);
2724			}
2725			else {
2726	7		cb_data_advanced_put(s, "ssleay_verify_callback!!func", newSVsv(callback));
2727	7		SSL_set_verify(s, mode, &ssleay_verify_callback_invoke);
2728			}
2729
2730			void
2731			SSL_set_bio(s,rbio,wbio)
2732			SSL * s
2733			BIO * rbio
2734			BIO * wbio
2735
2736			BIO *
2737			SSL_get_rbio(s)
2738			SSL * s
2739
2740			BIO *
2741			SSL_get_wbio(s)
2742			SSL * s
2743
2744
2745			SSL_SESSION *
2746			SSL_SESSION_new()
2747
2748			int
2749			SSL_SESSION_print(fp,ses)
2750			BIO * fp
2751			SSL_SESSION * ses
2752
2753			void
2754			SSL_SESSION_free(ses)
2755			SSL_SESSION * ses
2756
2757			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
2758
2759			int
2760			SSL_SESSION_is_resumable(ses)
2761			SSL_SESSION * ses
2762
2763			SSL_SESSION *
2764			SSL_SESSION_dup(sess)
2765			SSL_SESSION * sess
2766
2767			#endif
2768			#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.1 */
2769
2770			void
2771			SSL_set_post_handshake_auth(SSL *ssl, int val)
2772
2773			int
2774			SSL_verify_client_post_handshake(SSL *ssl)
2775
2776			#endif
2777
2778			void
2779			i2d_SSL_SESSION(sess)
2780			SSL_SESSION * sess
2781			PPCODE:
2782			STRLEN len;
2783			unsigned char pc,pi;
2784	3	50	if (!(len = i2d_SSL_SESSION(sess,NULL))) croak("invalid SSL_SESSION");
2785	3		Newx(pc,len,unsigned char);
2786	3	50	if (!pc) croak("out of memory");
2787	3		pi = pc;
2788	3		i2d_SSL_SESSION(sess,&pi);
2789	3	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
2790	3		Safefree(pc);
2791
2792
2793			SSL_SESSION *
2794			d2i_SSL_SESSION(pv)
2795			SV *pv
2796			CODE:
2797	7		RETVAL = NULL;
2798	7	50	if (SvPOK(pv)) {
2799			const unsigned char *p;
2800			STRLEN len;
2801	7	50	p = (unsigned char*)SvPV(pv,len);
2802	7		RETVAL = d2i_SSL_SESSION(NULL,&p,len);
2803			}
2804			OUTPUT:
2805			RETVAL
2806
2807			#if (OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
2808
2809			int
2810			SSL_SESSION_up_ref(sess)
2811			SSL_SESSION * sess
2812
2813			#endif
2814
2815			int
2816			SSL_set_session(to,ses)
2817			SSL * to
2818			SSL_SESSION * ses
2819
2820			#define REM30 "SSLeay-0.9.0 defines these as macros. I expand them here for safety's sake"
2821
2822			SSL_SESSION *
2823			SSL_get_session(s)
2824			SSL * s
2825			ALIAS:
2826			SSL_get0_session = 1
2827
2828			SSL_SESSION *
2829			SSL_get1_session(s)
2830			SSL * s
2831
2832			X509 *
2833			SSL_get_certificate(s)
2834			SSL * s
2835
2836			SSL_CTX *
2837			SSL_get_SSL_CTX(s)
2838			SSL * s
2839
2840			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
2841
2842			SSL_CTX *
2843			SSL_set_SSL_CTX(SSL ssl, SSL_CTX ctx)
2844
2845			#endif
2846
2847			long
2848			SSL_ctrl(ssl,cmd,larg,parg)
2849			SSL * ssl
2850			int cmd
2851			long larg
2852			char * parg
2853
2854			long
2855			SSL_CTX_ctrl(ctx,cmd,larg,parg)
2856			SSL_CTX * ctx
2857			int cmd
2858			long larg
2859			char * parg
2860
2861			#ifdef NET_SSLEAY_32BIT_CONSTANTS
2862
2863			long
2864			SSL_get_options(ssl)
2865			SSL * ssl
2866
2867			long
2868			SSL_set_options(ssl,op)
2869			SSL * ssl
2870			long op
2871
2872			long
2873			SSL_CTX_get_options(ctx)
2874			SSL_CTX * ctx
2875
2876			long
2877			SSL_CTX_set_options(ctx,op)
2878			SSL_CTX * ctx
2879			long op
2880
2881			#else
2882
2883			uint64_t
2884			SSL_get_options(ssl)
2885			SSL * ssl
2886
2887			uint64_t
2888			SSL_set_options(ssl,op)
2889			SSL * ssl
2890			uint64_t op
2891
2892			uint64_t
2893			SSL_CTX_get_options(ctx)
2894			SSL_CTX * ctx
2895
2896			uint64_t
2897			SSL_CTX_set_options(ctx,op)
2898			SSL_CTX * ctx
2899			uint64_t op
2900
2901			#endif
2902
2903			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
2904
2905			struct lhash_st_SSL_SESSION *
2906			SSL_CTX_sessions(ctx)
2907			SSL_CTX * ctx
2908
2909			#else
2910
2911			LHASH *
2912			SSL_CTX_sessions(ctx)
2913			SSL_CTX * ctx
2914			CODE:
2915			/* NOTE: This should be deprecated. Corresponding macro was removed from ssl.h as of 0.9.2 */
2916			if (ctx == NULL) croak("NULL SSL context passed as argument.");
2917			RETVAL = ctx -> sessions;
2918			OUTPUT:
2919			RETVAL
2920
2921			#endif
2922
2923			unsigned long
2924			SSL_CTX_sess_number(ctx)
2925			SSL_CTX * ctx
2926
2927			int
2928			SSL_CTX_sess_connect(ctx)
2929			SSL_CTX * ctx
2930
2931			int
2932			SSL_CTX_sess_connect_good(ctx)
2933			SSL_CTX * ctx
2934
2935			int
2936			SSL_CTX_sess_connect_renegotiate(ctx)
2937			SSL_CTX * ctx
2938
2939			int
2940			SSL_CTX_sess_accept(ctx)
2941			SSL_CTX * ctx
2942
2943			int
2944			SSL_CTX_sess_accept_renegotiate(ctx)
2945			SSL_CTX * ctx
2946
2947			int
2948			SSL_CTX_sess_accept_good(ctx)
2949			SSL_CTX * ctx
2950
2951			int
2952			SSL_CTX_sess_hits(ctx)
2953			SSL_CTX * ctx
2954
2955			int
2956			SSL_CTX_sess_cb_hits(ctx)
2957			SSL_CTX * ctx
2958
2959			int
2960			SSL_CTX_sess_misses(ctx)
2961			SSL_CTX * ctx
2962
2963			int
2964			SSL_CTX_sess_timeouts(ctx)
2965			SSL_CTX * ctx
2966
2967			int
2968			SSL_CTX_sess_cache_full(ctx)
2969			SSL_CTX * ctx
2970
2971			int
2972			SSL_CTX_sess_get_cache_size(ctx)
2973			SSL_CTX * ctx
2974
2975			long
2976			SSL_CTX_sess_set_cache_size(ctx,size)
2977			SSL_CTX * ctx
2978			int size
2979
2980			int
2981			SSL_want(s)
2982			SSL * s
2983
2984			# OpenSSL 1.1.1 documents SSL_in_init and the related functions as
2985			# returning 0 or 1. However, older versions and e.g. LibreSSL may
2986			# return other values than 1 which we fold to 1.
2987			int
2988			SSL_in_before(s)
2989			SSL * s
2990			CODE:
2991	7		RETVAL = SSL_in_before(s) == 0 ? 0 : 1;
2992			OUTPUT:
2993			RETVAL
2994
2995			int
2996			SSL_is_init_finished(s)
2997			SSL * s
2998			CODE:
2999	7		RETVAL = SSL_is_init_finished(s) == 0 ? 0 : 1;
3000			OUTPUT:
3001			RETVAL
3002
3003			int
3004			SSL_in_init(s)
3005			SSL * s
3006			CODE:
3007	7		RETVAL = SSL_in_init(s) == 0 ? 0 : 1;
3008			OUTPUT:
3009			RETVAL
3010
3011			int
3012			SSL_in_connect_init(s)
3013			SSL * s
3014			CODE:
3015	2		RETVAL = SSL_in_connect_init(s) == 0 ? 0 : 1;
3016			OUTPUT:
3017			RETVAL
3018
3019			int
3020			SSL_in_accept_init(s)
3021			SSL * s
3022			CODE:
3023	2		RETVAL = SSL_in_accept_init(s) == 0 ? 0 : 1;
3024			OUTPUT:
3025			RETVAL
3026
3027			#if OPENSSL_VERSION_NUMBER < 0x10100000L
3028			int
3029			SSL_state(s)
3030			SSL * s
3031
3032			int
3033			SSL_get_state(ssl)
3034			SSL * ssl
3035			CODE:
3036	0		RETVAL = SSL_state(ssl);
3037			OUTPUT:
3038			RETVAL
3039
3040
3041			#else
3042			int
3043			SSL_state(s)
3044			SSL * s
3045			CODE:
3046			RETVAL = SSL_get_state(s);
3047			OUTPUT:
3048			RETVAL
3049
3050
3051			int
3052			SSL_get_state(s)
3053			SSL * s
3054
3055			#endif
3056			#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
3057
3058			long
3059			SSL_set_tlsext_host_name(SSL ssl, const char name)
3060
3061			const char *
3062			SSL_get_servername(const SSL *s, int type=TLSEXT_NAMETYPE_host_name)
3063
3064			int
3065			SSL_get_servername_type(const SSL *s)
3066
3067			void
3068			SSL_CTX_set_tlsext_servername_callback(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
3069			SSL_CTX * ctx
3070			SV * callback
3071			SV * data
3072			CODE:
3073	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
3074	0		SSL_CTX_set_tlsext_servername_callback(ctx, NULL);
3075	0		SSL_CTX_set_tlsext_servername_arg(ctx, NULL);
3076	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", NULL);
3077	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", NULL);
3078			} else {
3079	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!data", newSVsv(data));
3080	0		cb_data_advanced_put(ctx, "tlsext_servername_callback!!func", newSVsv(callback));
3081	0		SSL_CTX_set_tlsext_servername_callback(ctx, &tlsext_servername_callback_invoke);
3082	0		SSL_CTX_set_tlsext_servername_arg(ctx, (void*)ctx);
3083			}
3084
3085			#endif
3086
3087			#if OPENSSL_VERSION_NUMBER >= 0x1010006fL /* In OpenSSL 1.1.0 but actually called for $ssl starting from 1.1.0f */
3088			#ifndef LIBRESSL_VERSION_NUMBER
3089			#ifndef OPENSSL_IS_BORINGSSL
3090			void
3091			SSL_set_default_passwd_cb(ssl,callback=&PL_sv_undef)
3092			SSL * ssl
3093			SV * callback
3094			CODE:
3095			if (callback==NULL \|\| !SvOK(callback)) {
3096			SSL_set_default_passwd_cb(ssl, NULL);
3097			SSL_set_default_passwd_cb_userdata(ssl, NULL);
3098			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", NULL);
3099			}
3100			else {
3101			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!func", newSVsv(callback));
3102			SSL_set_default_passwd_cb_userdata(ssl, (void*)ssl);
3103			SSL_set_default_passwd_cb(ssl, &ssleay_ssl_passwd_cb_invoke);
3104			}
3105
3106			void
3107			SSL_set_default_passwd_cb_userdata(ssl,data=&PL_sv_undef)
3108			SSL * ssl
3109			SV * data
3110			CODE:
3111			/* SSL_set_default_passwd_cb_userdata is set in SSL_set_default_passwd_cb */
3112			if (data==NULL \|\| !SvOK(data)) {
3113			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", NULL);
3114			}
3115			else {
3116			cb_data_advanced_put(ssl, "ssleay_ssl_passwd_cb!!data", newSVsv(data));
3117			}
3118
3119			#endif /* !BoringSSL */
3120			#endif /* !LibreSSL */
3121			#endif /* >= 1.1.0f */
3122
3123			#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
3124
3125			void
3126			SSL_set_security_level(SSL * ssl, int level)
3127
3128			int
3129			SSL_get_security_level(SSL * ssl)
3130
3131			#endif
3132
3133			#if OPENSSL_VERSION_NUMBER >= 0x10101007L && !defined(LIBRESSL_VERSION_NUMBER)
3134
3135			int
3136			SSL_set_num_tickets(SSL *ssl, size_t num_tickets)
3137
3138			size_t
3139			SSL_get_num_tickets(SSL *ssl)
3140
3141			#endif
3142
3143			#if OPENSSL_VERSION_NUMBER >= 0x10101003L && !defined(LIBRESSL_VERSION_NUMBER)
3144
3145			int
3146			SSL_set_ciphersuites(SSL ssl, const char str)
3147
3148			#endif
3149
3150			const BIO_METHOD *
3151			BIO_f_ssl()
3152
3153			const BIO_METHOD *
3154			BIO_s_mem()
3155
3156			unsigned long
3157			ERR_get_error()
3158
3159			unsigned long
3160			ERR_peek_error()
3161
3162			void
3163			ERR_put_error(lib,func,reason,file,line)
3164			int lib
3165			int func
3166			int reason
3167			char * file
3168			int line
3169
3170			void
3171			ERR_clear_error()
3172
3173			char *
3174			ERR_error_string(error,buf=NULL)
3175			unsigned long error
3176			char * buf
3177			CODE:
3178	4		RETVAL = ERR_error_string(error,buf);
3179			OUTPUT:
3180			RETVAL
3181
3182			void
3183			SSL_load_error_strings()
3184
3185			void
3186			ERR_load_crypto_strings()
3187
3188			int
3189			SSL_FIPS_mode_set(int onoff)
3190			CODE:
3191			#ifdef USE_ITHREADS
3192			MUTEX_LOCK(&LIB_init_mutex);
3193			#endif
3194			#ifdef OPENSSL_FIPS
3195			RETVAL = FIPS_mode_set(onoff);
3196			if (!RETVAL)
3197			{
3198			ERR_load_crypto_strings();
3199			ERR_print_errors_fp(stderr);
3200			}
3201			#else
3202	0		RETVAL = 1;
3203	0		fprintf(stderr, "SSL_FIPS_mode_set not available: OpenSSL not compiled with FIPS support\n");
3204			#endif
3205			#ifdef USE_ITHREADS
3206			MUTEX_UNLOCK(&LIB_init_mutex);
3207			#endif
3208			OUTPUT:
3209			RETVAL
3210
3211
3212			int
3213			SSL_library_init()
3214			ALIAS:
3215			SSLeay_add_ssl_algorithms = 1
3216			OpenSSL_add_ssl_algorithms = 2
3217			add_ssl_algorithms = 3
3218			CODE:
3219			#ifdef USE_ITHREADS
3220			MUTEX_LOCK(&LIB_init_mutex);
3221			#endif
3222	44		RETVAL = 0;
3223	44	100	if (!LIB_initialized) {
3224	43		RETVAL = SSL_library_init();
3225	43		LIB_initialized = 1;
3226			}
3227			#ifdef USE_ITHREADS
3228			MUTEX_UNLOCK(&LIB_init_mutex);
3229			#endif
3230			OUTPUT:
3231			RETVAL
3232
3233			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3234			#define REM5 "NOTE: requires 0.9.7+"
3235			#ifndef OPENSSL_NO_ENGINE
3236
3237			void
3238			ENGINE_load_builtin_engines()
3239
3240			void
3241			ENGINE_register_all_complete()
3242
3243			ENGINE*
3244			ENGINE_by_id(id)
3245			char * id
3246
3247			int
3248			ENGINE_set_default(e, flags)
3249			ENGINE * e
3250			int flags
3251
3252			#endif /* OPENSSL_NO_ENGINE */
3253			#endif
3254
3255			void
3256			ERR_load_SSL_strings()
3257
3258			void
3259			ERR_load_RAND_strings()
3260
3261			int
3262			RAND_bytes(buf, num)
3263			SV *buf
3264			int num
3265			PREINIT:
3266			int rc;
3267			unsigned char *random;
3268			CODE:
3269	7		New(0, random, num, unsigned char);
3270	7		rc = RAND_bytes(random, num);
3271	7		sv_setpvn(buf, (const char*)random, num);
3272	7		Safefree(random);
3273	7		RETVAL = rc;
3274			OUTPUT:
3275			RETVAL
3276
3277			#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
3278
3279			int
3280			RAND_priv_bytes(buf, num)
3281			SV *buf
3282			int num
3283			PREINIT:
3284			int rc;
3285			unsigned char *random;
3286			CODE:
3287			New(0, random, num, unsigned char);
3288			rc = RAND_priv_bytes(random, num);
3289			sv_setpvn(buf, (const char*)random, num);
3290			Safefree(random);
3291			RETVAL = rc;
3292			OUTPUT:
3293			RETVAL
3294
3295			#endif
3296
3297			int
3298			RAND_pseudo_bytes(buf, num)
3299			SV *buf
3300			int num
3301			PREINIT:
3302			int rc;
3303			unsigned char *random;
3304			CODE:
3305	5		New(0, random, num, unsigned char);
3306	5		rc = RAND_pseudo_bytes(random, num);
3307	5		sv_setpvn(buf, (const char*)random, num);
3308	5		Safefree(random);
3309	5		RETVAL = rc;
3310			OUTPUT:
3311			RETVAL
3312
3313			void
3314			RAND_add(buf, num, entropy)
3315			SV *buf
3316			int num
3317			double entropy
3318			PREINIT:
3319			STRLEN len;
3320			CODE:
3321	0	0	RAND_add((const void *)SvPV(buf, len), num, entropy);
3322
3323			int
3324			RAND_poll()
3325
3326			int
3327			RAND_status()
3328
3329			SV *
3330			RAND_file_name(num)
3331			size_t num
3332			PREINIT:
3333			char *buf;
3334			CODE:
3335	3		Newxz(buf, num, char);
3336	3	50	if (!RAND_file_name(buf, num)) {
3337	0		Safefree(buf);
3338	0		XSRETURN_UNDEF;
3339			}
3340	3		RETVAL = newSVpv(buf, 0);
3341	3		Safefree(buf);
3342			OUTPUT:
3343			RETVAL
3344
3345			void
3346			RAND_seed(buf)
3347			PREINIT:
3348			STRLEN len;
3349			INPUT:
3350			char * buf = SvPV( ST(1), len);
3351			CODE:
3352	45		RAND_seed (buf, (int)len);
3353
3354			void
3355			RAND_cleanup()
3356
3357			int
3358			RAND_load_file(file_name, how_much)
3359			char * file_name
3360			int how_much
3361
3362			int
3363			RAND_write_file(file_name)
3364			char * file_name
3365
3366			#define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm"
3367
3368			#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2050000fL)
3369
3370			int
3371			X509_check_host(X509 cert, const char name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
3372			PREINIT:
3373	0		char *c_peername = NULL;
3374			CODE:
3375	0	0	RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
3376	0	0	if (items == 4)
3377	0		sv_setpv(peername, c_peername);
3378			OUTPUT:
3379			RETVAL
3380			CLEANUP:
3381	0	0	if (c_peername)
3382	0		OPENSSL_free(c_peername);
3383
3384			int
3385			X509_check_email(X509 cert, const char address, unsigned int flags = 0)
3386			CODE:
3387	0		RETVAL = X509_check_email(cert, address, 0, flags);
3388			OUTPUT:
3389			RETVAL
3390
3391			int
3392			X509_check_ip(X509 cert, SV address, unsigned int flags = 0)
3393			PREINIT:
3394			unsigned char *c_address;
3395			size_t addresslen;
3396			CODE:
3397	0	0	c_address = (unsigned char *)SvPV(address, addresslen);
3398	0		RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
3399			OUTPUT:
3400			RETVAL
3401
3402			int
3403			X509_check_ip_asc(X509 cert, const char address, unsigned int flags = 0)
3404
3405			#endif
3406
3407			X509_NAME*
3408			X509_get_issuer_name(cert)
3409			X509 * cert
3410
3411			X509_NAME*
3412			X509_get_subject_name(cert)
3413			X509 * cert
3414
3415			void *
3416			X509_get_ex_data(cert,idx)
3417			X509 * cert
3418			int idx
3419
3420			int
3421			X509_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
3422			long argl
3423			void * argp
3424			CRYPTO_EX_new * new_func
3425			CRYPTO_EX_dup * dup_func
3426			CRYPTO_EX_free * free_func
3427
3428			void *
3429			X509_get_app_data(cert)
3430			X509 * cert
3431			CODE:
3432	0		RETVAL = X509_get_ex_data(cert,0);
3433			OUTPUT:
3434			RETVAL
3435
3436			int
3437			X509_set_ex_data(cert,idx,data)
3438			X509 * cert
3439			int idx
3440			void * data
3441
3442			int
3443			X509_set_app_data(cert,arg)
3444			X509 * cert
3445			char * arg
3446			CODE:
3447	0		RETVAL = X509_set_ex_data(cert,0,arg);
3448			OUTPUT:
3449			RETVAL
3450
3451			int
3452			X509_set_issuer_name(X509 x, X509_NAME name)
3453
3454			int
3455			X509_set_subject_name(X509 x, X509_NAME name)
3456
3457			int
3458			X509_set_version(X509 *x, long version)
3459
3460			int
3461			X509_set_pubkey(X509 x, EVP_PKEY pkey)
3462
3463			long
3464			X509_get_version(X509 *x)
3465
3466			EVP_PKEY *
3467			X509_get_pubkey(X509 *x)
3468
3469			ASN1_INTEGER *
3470			X509_get_serialNumber(X509 *x)
3471
3472			#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2080100fL)
3473
3474			const ASN1_INTEGER *
3475			X509_get0_serialNumber(const X509 *x)
3476
3477			#endif
3478
3479			int
3480			X509_set_serialNumber(X509 x, ASN1_INTEGER serial)
3481
3482			int
3483			X509_certificate_type(X509 x, EVP_PKEY pubkey=NULL);
3484
3485			int
3486			X509_sign(X509 x, EVP_PKEY pkey, const EVP_MD *md)
3487
3488			int
3489			X509_verify(X509 x, EVP_PKEY r)
3490
3491			X509_NAME *
3492			X509_NAME_new()
3493
3494			unsigned long
3495			X509_NAME_hash(X509_NAME *name)
3496
3497			void
3498			X509_NAME_oneline(name)
3499			X509_NAME * name
3500			PREINIT:
3501			char * buf;
3502			CODE:
3503	17		ST(0) = sv_newmortal(); /* Undefined to start with */
3504	17	50	if ((buf = X509_NAME_oneline(name, NULL, 0))) {
3505	17		sv_setpvn( ST(0), buf, strlen(buf));
3506	17		OPENSSL_free(buf); /* mem was allocated by openssl */
3507			}
3508
3509			void
3510			X509_NAME_print_ex(name,flags=XN_FLAG_RFC2253,utf8_decode=0)
3511			X509_NAME * name
3512			unsigned long flags
3513			int utf8_decode
3514			PREINIT:
3515			char * buf;
3516			BIO * bp;
3517	13		int n, i, ident=0;
3518			CODE:
3519	13		ST(0) = sv_newmortal(); /* undef to start with */
3520	13		bp = BIO_new(BIO_s_mem());
3521	13	50	if (bp) {
3522	13	50	if (X509_NAME_print_ex(bp, name, ident, flags)) {
3523	13		n = BIO_ctrl_pending(bp);
3524	13		New(0, buf, n, char);
3525	13	50	if (buf) {
3526	13		i = BIO_read(bp,buf,n);
3527	13	50	if (i>=0 && i<=n) {
		50
3528	13		sv_setpvn(ST(0), buf, i);
3529	13	50	if (utf8_decode) sv_utf8_decode(ST(0));
3530			}
3531	13		Safefree(buf);
3532			}
3533			}
3534	13		BIO_free(bp);
3535			}
3536
3537			void
3538			X509_NAME_get_text_by_NID(name,nid)
3539			X509_NAME * name
3540			int nid
3541			PREINIT:
3542			char* buf;
3543			int length;
3544			CODE:
3545	1		ST(0) = sv_newmortal(); /* Undefined to start with */
3546	1		length = X509_NAME_get_text_by_NID(name, nid, NULL, 0);
3547
3548	1	50	if (length>=0) {
3549	1		New(0, buf, length+1, char);
3550	1	50	if (X509_NAME_get_text_by_NID(name, nid, buf, length + 1)>=0)
3551	1		sv_setpvn( ST(0), buf, length);
3552	1		Safefree(buf);
3553			}
3554
3555			#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
3556			#define REM17 "requires 0.9.5+"
3557
3558			int
3559			X509_NAME_add_entry_by_NID(name,nid,type,bytes,loc=-1,set=0)
3560			X509_NAME *name
3561			int nid
3562			int type
3563			int loc
3564			int set
3565			PREINIT:
3566			STRLEN len;
3567			INPUT:
3568			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3569			CODE:
3570	1		RETVAL = X509_NAME_add_entry_by_NID(name,nid,type,bytes,len,loc,set);
3571			OUTPUT:
3572			RETVAL
3573
3574			int
3575			X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,loc=-1,set=0)
3576			X509_NAME *name
3577			ASN1_OBJECT *obj
3578			int type
3579			int loc
3580			int set
3581			PREINIT:
3582			STRLEN len;
3583			INPUT:
3584			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3585			CODE:
3586	1		RETVAL = X509_NAME_add_entry_by_OBJ(name,obj,type,bytes,len,loc,set);
3587			OUTPUT:
3588			RETVAL
3589
3590			int
3591			X509_NAME_add_entry_by_txt(name,field,type,bytes,loc=-1,set=0)
3592			X509_NAME *name
3593			char *field
3594			int type
3595			int loc
3596			int set
3597			PREINIT:
3598			STRLEN len;
3599			INPUT:
3600			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3601			CODE:
3602	6		RETVAL = X509_NAME_add_entry_by_txt(name,field,type,bytes,len,loc,set);
3603			OUTPUT:
3604			RETVAL
3605
3606			#endif
3607
3608			int
3609			X509_NAME_cmp(const X509_NAME a, const X509_NAME b)
3610
3611			int
3612			X509_NAME_entry_count(X509_NAME *name)
3613
3614			X509_NAME_ENTRY *
3615			X509_NAME_get_entry(X509_NAME *name, int loc)
3616
3617			ASN1_STRING *
3618			X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
3619
3620			ASN1_OBJECT *
3621			X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
3622
3623			void
3624			X509_CRL_free(X509_CRL *x)
3625
3626			X509_CRL *
3627			X509_CRL_new()
3628
3629			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3630			#define REM19 "requires 0.9.7+"
3631
3632			int
3633			X509_CRL_set_version(X509_CRL *x, long version)
3634
3635			int
3636			X509_CRL_set_issuer_name(X509_CRL x, X509_NAME name)
3637
3638			int
3639			X509_CRL_sort(X509_CRL *x)
3640
3641			#endif
3642
3643			long
3644			X509_CRL_get_version(X509_CRL *x)
3645
3646			X509_NAME *
3647			X509_CRL_get_issuer(X509_CRL *x)
3648
3649			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
3650
3651			const ASN1_TIME *
3652			X509_CRL_get0_lastUpdate(const X509_CRL *crl)
3653			ALIAS:
3654			X509_CRL_get_lastUpdate = 1
3655
3656			const ASN1_TIME *
3657			X509_CRL_get0_nextUpdate(const X509_CRL *crl)
3658			ALIAS:
3659			X509_CRL_get_nextUpdate = 1
3660
3661			int
3662			X509_CRL_set1_lastUpdate(X509_CRL x, ASN1_TIME tm)
3663			ALIAS:
3664			X509_CRL_set_lastUpdate = 1
3665
3666			int
3667			X509_CRL_set1_nextUpdate(X509_CRL x, ASN1_TIME tm)
3668			ALIAS:
3669			X509_CRL_set_nextUpdate = 1
3670
3671			#else /* plain get/set is deprecated */
3672
3673			ASN1_TIME *
3674			X509_CRL_get_lastUpdate(X509_CRL *x)
3675			ALIAS:
3676			X509_CRL_get0_lastUpdate = 1
3677
3678			ASN1_TIME *
3679			X509_CRL_get_nextUpdate(X509_CRL *x)
3680			ALIAS:
3681			X509_CRL_get0_nextUpdate = 1
3682
3683			int
3684			X509_CRL_set_lastUpdate(X509_CRL x, ASN1_TIME tm)
3685			ALIAS:
3686			X509_CRL_set1_lastUpdate = 1
3687
3688			int
3689			X509_CRL_set_nextUpdate(X509_CRL x, ASN1_TIME tm)
3690			ALIAS:
3691			X509_CRL_set1_nextUpdate = 1
3692
3693			#endif
3694
3695			int
3696			X509_CRL_verify(X509_CRL a, EVP_PKEY r)
3697
3698			int
3699			X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md)
3700
3701			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3702			#define REM20 "requires 0.9.7+"
3703
3704			int
3705			P_X509_CRL_set_serial(crl,crl_number)
3706			X509_CRL *crl
3707			ASN1_INTEGER * crl_number;
3708			CODE:
3709	1		RETVAL = 0;
3710	1	50	if (crl && crl_number)
		50
3711	1	50	if (X509_CRL_add1_ext_i2d(crl, NID_crl_number, crl_number, 0, 0)) RETVAL = 1;
3712			OUTPUT:
3713			RETVAL
3714
3715			ASN1_INTEGER *
3716			P_X509_CRL_get_serial(crl)
3717			X509_CRL *crl
3718			INIT:
3719			int i;
3720			CODE:
3721	1		RETVAL = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &i, NULL);
3722	1	50	if (!RETVAL \|\| i==-1) XSRETURN_UNDEF;
		50
3723			OUTPUT:
3724			RETVAL
3725
3726			void
3727			P_X509_CRL_add_revoked_serial_hex(crl,serial_hex,rev_time,reason_code=0,comp_time=NULL)
3728			X509_CRL *crl
3729			char * serial_hex
3730			ASN1_TIME *rev_time
3731			long reason_code
3732			ASN1_TIME *comp_time
3733			PREINIT:
3734	2		BIGNUM *bn = NULL;
3735			ASN1_INTEGER *sn;
3736			X509_REVOKED *rev;
3737	2		ASN1_ENUMERATED *rsn = NULL;
3738			int rv;
3739			PPCODE:
3740	2		rv=0;
3741	2		rev = X509_REVOKED_new();
3742	2	50	if (rev) {
3743	2	50	if (BN_hex2bn(&bn, serial_hex)) {
3744	2		sn = BN_to_ASN1_INTEGER(bn, NULL);
3745	2	50	if (sn) {
3746	2		X509_REVOKED_set_serialNumber(rev, sn);
3747	2		ASN1_INTEGER_free(sn);
3748	2		rv = 1;
3749			}
3750	2		BN_free(bn);
3751			}
3752			}
3753	2	50	if (!rv) XSRETURN_IV(0);
3754
3755	2	50	if (!rev_time) XSRETURN_IV(0);
3756	2	50	if (!X509_REVOKED_set_revocationDate(rev, rev_time)) XSRETURN_IV(0);
3757
3758	2	50	if(reason_code) {
3759	2		rv = 0;
3760	2		rsn = ASN1_ENUMERATED_new();
3761	2	50	if (rsn) {
3762	2	50	if (ASN1_ENUMERATED_set(rsn, reason_code))
3763	2	50	if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rsn, 0, 0))
3764	2		rv=1;
3765	2		ASN1_ENUMERATED_free(rsn);
3766			}
3767	2	50	if (!rv) XSRETURN_IV(0);
3768			}
3769
3770	2	50	if(comp_time) {
3771	2		X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0);
3772			}
3773
3774	2	50	if(!X509_CRL_add0_revoked(crl, rev)) XSRETURN_IV(0);
3775	2		XSRETURN_IV(1);
3776
3777			#endif
3778
3779			X509_REQ *
3780			X509_REQ_new()
3781
3782			void
3783			X509_REQ_free(X509_REQ *x)
3784
3785			X509_NAME *
3786			X509_REQ_get_subject_name(X509_REQ *x)
3787
3788			int
3789			X509_REQ_set_subject_name(X509_REQ x, X509_NAME name)
3790
3791			int
3792			X509_REQ_set_pubkey(X509_REQ x, EVP_PKEY pkey)
3793
3794			EVP_PKEY *
3795			X509_REQ_get_pubkey(X509_REQ *x)
3796
3797			int
3798			X509_REQ_sign(X509_REQ x, EVP_PKEY pk, const EVP_MD *md)
3799
3800			int
3801			X509_REQ_verify(X509_REQ x, EVP_PKEY r)
3802
3803			int
3804			X509_REQ_set_version(X509_REQ *x, long version)
3805
3806			long
3807			X509_REQ_get_version(X509_REQ *x)
3808
3809			int
3810			X509_REQ_get_attr_count(const X509_REQ *req);
3811
3812			int
3813			X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos=-1)
3814
3815			int
3816			X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj, int lastpos=-1)
3817
3818			int
3819			X509_REQ_add1_attr_by_NID(req,nid,type,bytes)
3820			X509_REQ *req
3821			int nid
3822			int type
3823			PREINIT:
3824			STRLEN len;
3825			INPUT:
3826			unsigned char bytes = (unsigned char )SvPV(ST(3), len);
3827			CODE:
3828	2		RETVAL = X509_REQ_add1_attr_by_NID(req,nid,type,bytes,len);
3829			OUTPUT:
3830			RETVAL
3831
3832			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
3833			#define REM21 "requires 0.9.7+"
3834
3835			void
3836			P_X509_REQ_get_attr(req,n)
3837			X509_REQ *req
3838			int n
3839			INIT:
3840			X509_ATTRIBUTE * att;
3841			int count, i;
3842			ASN1_STRING * s;
3843			ASN1_TYPE * t;
3844			PPCODE:
3845	1		att = X509_REQ_get_attr(req,n);
3846	1		count = X509_ATTRIBUTE_count(att);
3847	2	100	for (i=0; i
3848	1		t = X509_ATTRIBUTE_get0_type(att, i);
3849	1		s = t->value.asn1_string;
3850	1	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
3851			}
3852
3853			#endif
3854
3855			int
3856			P_X509_REQ_add_extensions(x,...)
3857			X509_REQ *x
3858			PREINIT:
3859	1		int i=1;
3860			int nid;
3861			char *data;
3862			X509_EXTENSION *ex;
3863			STACK_OF(X509_EXTENSION) *stack;
3864			CODE:
3865	1	50	if (items>1) {
3866	1		RETVAL = 1;
3867	1		stack = sk_X509_EXTENSION_new_null();
3868	7	100	while(i+1
3869	6	50	nid = SvIV(ST(i));
3870	6	50	data = SvPV_nolen(ST(i+1));
3871	6		i+=2;
3872	6		ex = X509V3_EXT_conf_nid(NULL, NULL, nid, data);
3873	6	50	if (ex)
3874	6		sk_X509_EXTENSION_push(stack, ex);
3875			else
3876	0		RETVAL = 0;
3877			}
3878	1		X509_REQ_add_extensions(x, stack);
3879	1		sk_X509_EXTENSION_pop_free(stack, X509_EXTENSION_free);
3880			}
3881			else
3882	0		RETVAL = 0;
3883			OUTPUT:
3884			RETVAL
3885
3886			int
3887			P_X509_add_extensions(x,ca_cert,...)
3888			X509 *x
3889			X509 *ca_cert
3890			PREINIT:
3891	1		int i=2;
3892			int nid;
3893			char *data;
3894			X509_EXTENSION *ex;
3895			X509V3_CTX ctx;
3896			CODE:
3897	1	50	if (items>1) {
3898	1		RETVAL = 1;
3899	7	100	while(i+1
3900	6	50	nid = SvIV(ST(i));
3901	6	50	data = SvPV_nolen(ST(i+1));
3902	6		i+=2;
3903	6		X509V3_set_ctx(&ctx, ca_cert, x, NULL, NULL, 0);
3904	6		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3905	6	50	if (ex) {
3906	6		X509_add_ext(x,ex,-1);
3907	6		X509_EXTENSION_free(ex);
3908			}
3909			else {
3910	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3911	0		ERR_print_errors_fp(stderr);
3912	0		RETVAL = 0;
3913			}
3914			}
3915			}
3916			else
3917	0		RETVAL = 0;
3918			OUTPUT:
3919			RETVAL
3920
3921			int
3922			P_X509_CRL_add_extensions(x,ca_cert,...)
3923			X509_CRL *x
3924			X509 *ca_cert
3925			PREINIT:
3926	1		int i=2;
3927			int nid;
3928			char *data;
3929			X509_EXTENSION *ex;
3930			X509V3_CTX ctx;
3931			CODE:
3932	1	50	if (items>1) {
3933	1		RETVAL = 1;
3934	2	100	while(i+1
3935	1	50	nid = SvIV(ST(i));
3936	1	50	data = SvPV_nolen(ST(i+1));
3937	1		i+=2;
3938	1		X509V3_set_ctx(&ctx, ca_cert, NULL, NULL, x, 0);
3939	1		ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, data);
3940	1	50	if (ex) {
3941	1		X509_CRL_add_ext(x,ex,-1);
3942	1		X509_EXTENSION_free(ex);
3943			}
3944			else {
3945	0		warn("failure during X509V3_EXT_conf_nid() for nid=%d\n", nid);
3946	0		ERR_print_errors_fp(stderr);
3947	0		RETVAL = 0;
3948			}
3949			}
3950			}
3951			else
3952	0		RETVAL = 0;
3953			OUTPUT:
3954			RETVAL
3955
3956			void
3957			P_X509_copy_extensions(x509_req,x509,override=1)
3958			X509_REQ *x509_req
3959			X509 *x509
3960			int override
3961			PREINIT:
3962	1		STACK_OF(X509_EXTENSION) *exts = NULL;
3963			X509_EXTENSION ext, tmpext;
3964			ASN1_OBJECT *obj;
3965	1		int i, idx, ret = 1;
3966			PPCODE:
3967	1	50	if (!x509 \|\| !x509_req) XSRETURN_IV(0);
		50
3968	1		exts = X509_REQ_get_extensions(x509_req);
3969	7	100	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
3970	6		ext = sk_X509_EXTENSION_value(exts, i);
3971	6		obj = X509_EXTENSION_get_object(ext);
3972	6		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3973			/* Does extension exist? */
3974	6	50	if (idx != -1) {
3975	0	0	if (override) continue; /* don't override existing extension */
3976			/* Delete all extensions of same type */
3977			do {
3978	0		tmpext = X509_get_ext(x509, idx);
3979	0		X509_delete_ext(x509, idx);
3980	0		X509_EXTENSION_free(tmpext);
3981	0		idx = X509_get_ext_by_OBJ(x509, obj, -1);
3982	0	0	} while (idx != -1);
3983			}
3984	6	50	if (!X509_add_ext(x509, ext, -1)) ret = 0;
3985			}
3986	1		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
3987	1		XSRETURN_IV(ret);
3988
3989			X509 *
3990			X509_STORE_CTX_get_current_cert(x509_store_ctx)
3991			X509_STORE_CTX * x509_store_ctx
3992
3993			#if (OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1.0-pre5, LibreSSL 2.7.0 */
3994
3995			X509 *
3996			X509_STORE_CTX_get0_cert(x509_store_ctx)
3997			X509_STORE_CTX *x509_store_ctx
3998
3999			#endif
4000
4001			STACK_OF(X509) *
4002			X509_STORE_CTX_get1_chain(x509_store_ctx)
4003			X509_STORE_CTX *x509_store_ctx
4004
4005
4006			int
4007			X509_STORE_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
4008			long argl
4009			void * argp
4010			CRYPTO_EX_new * new_func
4011			CRYPTO_EX_dup * dup_func
4012			CRYPTO_EX_free * free_func
4013
4014			void *
4015			X509_STORE_CTX_get_ex_data(x509_store_ctx,idx)
4016			X509_STORE_CTX * x509_store_ctx
4017			int idx
4018
4019			void *
4020			X509_STORE_CTX_get_app_data(x509_store_ctx)
4021			X509_STORE_CTX * x509_store_ctx
4022			CODE:
4023	0		RETVAL = X509_STORE_CTX_get_ex_data(x509_store_ctx,0);
4024			OUTPUT:
4025			RETVAL
4026
4027			void
4028			X509_get_fingerprint(cert,type)
4029			X509 * cert
4030			char * type
4031			PREINIT:
4032	9		const EVP_MD *digest_tp = NULL;
4033			unsigned char digest[EVP_MAX_MD_SIZE];
4034	9		unsigned int dsz, k = 0;
4035			char text[EVP_MAX_MD_SIZE * 3 + 1];
4036			CODE:
4037			#ifndef OPENSSL_NO_MD5
4038	9	50	if (!k && !strcmp(type,"md5")) {
		100
4039	4		k = 1; digest_tp = EVP_md5();
4040			}
4041			#endif
4042	9	100	if (!k && !strcmp(type,"sha1")) {
		100
4043	4		k = 1; digest_tp = EVP_sha1();
4044			}
4045			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4046			#ifndef OPENSSL_NO_SHA256
4047	9	100	if (!k && !strcmp(type,"sha256")) {
		50
4048	0		k = 1; digest_tp = EVP_sha256();
4049			}
4050			#endif
4051			#endif
4052	9	100	if (!k && !strcmp(type,"ripemd160")) {
		50
4053	0		k = 1; digest_tp = EVP_ripemd160();
4054			}
4055	9	100	if (!k) /* Default digest */
4056	1		digest_tp = EVP_sha1();
4057	9	50	if ( digest_tp == NULL ) {
4058			/* Out of memory */
4059	0		XSRETURN_UNDEF;
4060			}
4061	9	50	if (!X509_digest(cert, digest_tp, digest, &dsz)) {
4062			/* Out of memory */
4063	0		XSRETURN_UNDEF;
4064			}
4065	9		text[0] = '\0';
4066	173	100	for(k=0; k
4067	164		sprintf(&text[strlen(text)], "%02X:", digest[k]);
4068			}
4069	9		text[strlen(text)-1] = '\0';
4070	9		ST(0) = sv_newmortal(); /* Undefined to start with */
4071	9		sv_setpvn( ST(0), text, strlen(text));
4072
4073			void
4074			X509_get_subjectAltNames(cert)
4075			X509 * cert
4076			PPCODE:
4077	5		int i, j, count = 0;
4078	5		X509_EXTENSION *subjAltNameExt = NULL;
4079	5		STACK_OF(GENERAL_NAME) *subjAltNameDNs = NULL;
4080	5		GENERAL_NAME *subjAltNameDN = NULL;
4081			int num_gnames;
4082	5	100	if ( (i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0
4083	3	50	&& (subjAltNameExt = X509_get_ext(cert, i))
4084	3	50	&& (subjAltNameDNs = X509V3_EXT_d2i(subjAltNameExt)))
4085			{
4086	3		num_gnames = sk_GENERAL_NAME_num(subjAltNameDNs);
4087
4088	19	100	for (j = 0; j < num_gnames; j++)
4089			{
4090	16		subjAltNameDN = sk_GENERAL_NAME_value(subjAltNameDNs, j);
4091
4092	16		switch (subjAltNameDN->type)
4093			{
4094			case GEN_OTHERNAME:
4095	2	50	EXTEND(SP, 2);
4096	2		count++;
4097	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4098			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4099			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4100			#else
4101	2		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.otherName->value->value.utf8string), ASN1_STRING_length(subjAltNameDN->d.otherName->value->value.utf8string))));
4102			#endif
4103	2		break;
4104
4105			case GEN_EMAIL:
4106			case GEN_DNS:
4107			case GEN_URI:
4108	8	50	EXTEND(SP, 2);
4109	8		count++;
4110	8		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4111			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4112			PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_get0_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4113			#else
4114	8		PUSHs(sv_2mortal(newSVpv((const char*)ASN1_STRING_data(subjAltNameDN->d.ia5), ASN1_STRING_length(subjAltNameDN->d.ia5))));
4115			#endif
4116	8		break;
4117
4118			case GEN_DIRNAME:
4119			{
4120	0		char * buf = X509_NAME_oneline(subjAltNameDN->d.dirn, NULL, 0);
4121	0	0	EXTEND(SP, 2);
4122	0		count++;
4123	0		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4124	0		PUSHs(sv_2mortal(newSVpv((buf), strlen((buf)))));
4125			}
4126	0		break;
4127
4128			case GEN_RID:
4129			{
4130			char buf[2501]; /* Much more than what's suggested on OBJ_obj2txt manual page */
4131	2		int len = OBJ_obj2txt(buf, sizeof(buf), subjAltNameDN->d.rid, 1);
4132	2	50	if (len < 0 \|\| len > (int)((sizeof(buf) - 1)))
		50
4133			break; /* Skip bad or overly long RID */
4134	2	50	EXTEND(SP, 2);
4135	2		count++;
4136	2		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4137	2		PUSHs(sv_2mortal(newSVpv(buf, 0)));
4138			}
4139	2		break;
4140
4141			case GEN_IPADD:
4142	4	50	EXTEND(SP, 2);
4143	4		count++;
4144	4		PUSHs(sv_2mortal(newSViv(subjAltNameDN->type)));
4145	4		PUSHs(sv_2mortal(newSVpv((const char*)subjAltNameDN->d.ip->data, subjAltNameDN->d.ip->length)));
4146	4		break;
4147
4148			}
4149			}
4150	3		sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free);
4151			}
4152	5		XSRETURN(count * 2);
4153
4154			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4155
4156			void
4157			P_X509_get_crl_distribution_points(cert)
4158			X509 * cert
4159			INIT:
4160			GENERAL_NAMES *gnames;
4161			GENERAL_NAME *gn;
4162			STACK_OF(DIST_POINT) *points;
4163			DIST_POINT *p;
4164			int i, j;
4165			PPCODE:
4166	4		points = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
4167	4	100	if (points)
4168	3	100	for (i = 0; i < sk_DIST_POINT_num(points); i++) {
4169	2		p = sk_DIST_POINT_value(points, i);
4170	2	50	if (!p->distpoint)
4171	0		continue;
4172	2	50	if (p->distpoint->type == 0) {
4173			/* full name */
4174	2		gnames = p->distpoint->name.fullname;
4175	4	100	for (j = 0; j < sk_GENERAL_NAME_num(gnames); j++) {
4176	2		gn = sk_GENERAL_NAME_value(gnames, j);
4177
4178	2	50	if (gn->type == GEN_URI) {
4179			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4180			XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_get0_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4181			#else
4182	2	50	XPUSHs(sv_2mortal(newSVpv((char*)ASN1_STRING_data(gn->d.ia5),ASN1_STRING_length(gn->d.ia5))));
4183			#endif
4184			}
4185			}
4186			}
4187			else {
4188			/* relative name - not supported */
4189			/* XXX-TODO: the code below is just an idea; do not enable it without proper test case
4190			BIO *bp;
4191			char *buf;
4192			int n;
4193			X509_NAME ntmp;
4194			ntmp.entries = p->distpoint->name.relativename;
4195			bp = BIO_new(BIO_s_mem());
4196			if (bp) {
4197			X509_NAME_print_ex(bp, &ntmp, 0, XN_FLAG_RFC2253);
4198			n = BIO_ctrl_pending(bp);
4199			New(0, buf, n, char);
4200			if (buf) {
4201			j = BIO_read(bp,buf,n);
4202			if (j>=0 && j<=n) XPUSHs(sv_2mortal(newSVpvn(buf,j)));
4203			Safefree(buf);
4204			}
4205			BIO_free(bp);
4206			}
4207			*/
4208			}
4209			}
4210
4211			void
4212			P_X509_get_ocsp_uri(cert)
4213			X509 * cert
4214			PPCODE:
4215			AUTHORITY_INFO_ACCESS *info;
4216			int i;
4217	0		info = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
4218	0	0	if (!info) XSRETURN_UNDEF;
4219
4220	0	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
4221	0		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
4222	0	0	if (OBJ_obj2nid(ad->method) == NID_ad_OCSP
4223	0	0	&& ad->location->type == GEN_URI) {
4224	0	0	XPUSHs(sv_2mortal(newSVpv(
4225			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4226			(char*)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier),
4227			#else
4228			(char*)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier),
4229			#endif
4230			ASN1_STRING_length(ad->location->d.uniformResourceIdentifier)
4231			)));
4232	0	0	if (GIMME == G_SCALAR) break; /* get only first */
		0
4233			}
4234			}
4235
4236
4237			void
4238			P_X509_get_ext_key_usage(cert,format=0)
4239			X509 * cert
4240			int format
4241			PREINIT:
4242			EXTENDED_KEY_USAGE *extusage;
4243			int i, nid;
4244			char buffer[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
4245			ASN1_OBJECT *o;
4246			PPCODE:
4247	16		extusage = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
4248	92	100	for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
4249	76		o = sk_ASN1_OBJECT_value(extusage,i);
4250	76		nid = OBJ_obj2nid(o);
4251	76		OBJ_obj2txt(buffer, sizeof(buffer)-1, o, 1);
4252	76	100	if(format==0)
4253	19	50	XPUSHs(sv_2mortal(newSVpv(buffer,0))); /* format 0: oid */
4254	57	100	else if(format==1 && nid>0)
		100
4255	16	50	XPUSHs(sv_2mortal(newSViv(nid))); /* format 1: nid */
4256	41	100	else if(format==2 && nid>0)
		100
4257	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2sn(nid),0))); /* format 2: shortname */
4258	25	100	else if(format==3 && nid>0)
		100
4259	16	50	XPUSHs(sv_2mortal(newSVpv(OBJ_nid2ln(nid),0))); /* format 3: longname */
4260			}
4261
4262			#endif
4263
4264			void
4265			P_X509_get_key_usage(cert)
4266			X509 * cert
4267			INIT:
4268			ASN1_BIT_STRING * u;
4269			PPCODE:
4270	4		u = X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL);
4271	4	50	if (u) {
4272	4	50	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("digitalSignature",0)));
		50
4273	4	100	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("nonRepudiation",0)));
		50
4274	4	50	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("keyEncipherment",0)));
		50
4275	4	100	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("dataEncipherment",0)));
		50
4276	4	100	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("keyAgreement",0)));
		50
4277	4	100	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("keyCertSign",0)));
		50
4278	4	100	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("cRLSign",0)));
		50
4279	4	50	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("encipherOnly",0)));
		0
4280	4	100	if (ASN1_BIT_STRING_get_bit(u,8)) XPUSHs(sv_2mortal(newSVpv("decipherOnly",0)));
		50
4281			}
4282
4283			void
4284			P_X509_get_netscape_cert_type(cert)
4285			X509 * cert
4286			INIT:
4287			ASN1_BIT_STRING * u;
4288			PPCODE:
4289	4		u = X509_get_ext_d2i(cert, NID_netscape_cert_type, NULL, NULL);
4290	4	50	if (u) {
4291	0	0	if (ASN1_BIT_STRING_get_bit(u,0)) XPUSHs(sv_2mortal(newSVpv("client",0)));
		0
4292	0	0	if (ASN1_BIT_STRING_get_bit(u,1)) XPUSHs(sv_2mortal(newSVpv("server",0)));
		0
4293	0	0	if (ASN1_BIT_STRING_get_bit(u,2)) XPUSHs(sv_2mortal(newSVpv("email",0)));
		0
4294	0	0	if (ASN1_BIT_STRING_get_bit(u,3)) XPUSHs(sv_2mortal(newSVpv("objsign",0)));
		0
4295	0	0	if (ASN1_BIT_STRING_get_bit(u,4)) XPUSHs(sv_2mortal(newSVpv("reserved",0)));
		0
4296	0	0	if (ASN1_BIT_STRING_get_bit(u,5)) XPUSHs(sv_2mortal(newSVpv("sslCA",0)));
		0
4297	0	0	if (ASN1_BIT_STRING_get_bit(u,6)) XPUSHs(sv_2mortal(newSVpv("emailCA",0)));
		0
4298	0	0	if (ASN1_BIT_STRING_get_bit(u,7)) XPUSHs(sv_2mortal(newSVpv("objCA",0)));
		0
4299			}
4300
4301			int
4302			X509_get_ext_by_NID(x,nid,loc=-1)
4303			X509* x
4304			int nid
4305			int loc
4306
4307			X509_EXTENSION *
4308			X509_get_ext(x,loc)
4309			X509* x
4310			int loc
4311
4312			int
4313			X509_EXTENSION_get_critical(X509_EXTENSION *ex)
4314
4315			ASN1_OCTET_STRING *
4316			X509_EXTENSION_get_data(X509_EXTENSION *ne)
4317
4318			ASN1_OBJECT *
4319			X509_EXTENSION_get_object(X509_EXTENSION *ex)
4320
4321			int
4322			X509_get_ext_count(X509 *x)
4323
4324			int
4325			X509_CRL_get_ext_count(X509_CRL *x)
4326
4327			int
4328			X509_CRL_get_ext_by_NID(x,ni,loc=-1)
4329			X509_CRL* x
4330			int ni
4331			int loc
4332
4333			X509_EXTENSION *
4334			X509_CRL_get_ext(x,loc)
4335			X509_CRL* x
4336			int loc
4337
4338			void
4339			X509V3_EXT_print(ext,flags=0,utf8_decode=0)
4340			X509_EXTENSION * ext
4341			unsigned long flags
4342			int utf8_decode
4343			PREINIT:
4344			BIO * bp;
4345			char * buf;
4346			int i, n;
4347	21		int indent=0;
4348			CODE:
4349	21		ST(0) = sv_newmortal(); /* undef to start with */
4350	21		bp = BIO_new(BIO_s_mem());
4351	21	50	if (bp) {
4352	21	50	if(X509V3_EXT_print(bp,ext,flags,indent)) {
4353	21		n = BIO_ctrl_pending(bp);
4354	21		New(0, buf, n, char);
4355	21	50	if (buf) {
4356	21		i = BIO_read(bp,buf,n);
4357	21	50	if (i>=0 && i<=n) {
		50
4358	21		sv_setpvn(ST(0), buf, i);
4359	21	50	if (utf8_decode) sv_utf8_decode(ST(0));
4360			}
4361	21		Safefree(buf);
4362			}
4363			}
4364	21		BIO_free(bp);
4365			}
4366
4367			void *
4368			X509V3_EXT_d2i(ext)
4369			X509_EXTENSION *ext
4370
4371			X509_STORE_CTX *
4372			X509_STORE_CTX_new()
4373
4374			int
4375			X509_STORE_CTX_init(ctx, store=NULL, x509=NULL, chain=NULL)
4376			X509_STORE_CTX * ctx
4377			X509_STORE * store
4378			X509 * x509
4379			STACK_OF(X509) * chain
4380
4381			void
4382			X509_STORE_CTX_free(ctx)
4383			X509_STORE_CTX * ctx
4384
4385			int
4386			X509_verify_cert(x509_store_ctx)
4387			X509_STORE_CTX * x509_store_ctx
4388
4389			int
4390			X509_STORE_CTX_get_error(x509_store_ctx)
4391			X509_STORE_CTX * x509_store_ctx
4392
4393			int
4394			X509_STORE_CTX_get_error_depth(x509_store_ctx)
4395			X509_STORE_CTX * x509_store_ctx
4396
4397			int
4398			X509_STORE_CTX_set_ex_data(x509_store_ctx,idx,data)
4399			X509_STORE_CTX * x509_store_ctx
4400			int idx
4401			void * data
4402
4403			int
4404			X509_STORE_CTX_set_app_data(x509_store_ctx,arg)
4405			X509_STORE_CTX * x509_store_ctx
4406			char * arg
4407			CODE:
4408	0		RETVAL = X509_STORE_CTX_set_ex_data(x509_store_ctx,0,arg);
4409			OUTPUT:
4410			RETVAL
4411
4412			void
4413			X509_STORE_CTX_set_error(x509_store_ctx,s)
4414			X509_STORE_CTX * x509_store_ctx
4415			int s
4416
4417			void
4418			X509_STORE_CTX_set_cert(x509_store_ctx,x)
4419			X509_STORE_CTX * x509_store_ctx
4420			X509 * x
4421
4422			X509_STORE *
4423			X509_STORE_new()
4424
4425			void
4426			X509_STORE_free(store)
4427			X509_STORE * store
4428
4429			X509_LOOKUP *
4430			X509_STORE_add_lookup(store, method)
4431			X509_STORE * store
4432			X509_LOOKUP_METHOD * method
4433
4434			int
4435			X509_STORE_add_cert(ctx, x)
4436			X509_STORE *ctx
4437			X509 *x
4438
4439			int
4440			X509_STORE_add_crl(ctx, x)
4441			X509_STORE *ctx
4442			X509_CRL *x
4443
4444			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
4445
4446			void
4447			X509_STORE_set_flags(ctx, flags)
4448			X509_STORE *ctx
4449			long flags
4450
4451			void
4452			X509_STORE_set_purpose(ctx, purpose)
4453			X509_STORE *ctx
4454			int purpose
4455
4456			void
4457			X509_STORE_set_trust(ctx, trust)
4458			X509_STORE *ctx
4459			int trust
4460
4461			int
4462			X509_STORE_set1_param(ctx, pm)
4463			X509_STORE *ctx
4464			X509_VERIFY_PARAM *pm
4465
4466			#endif
4467
4468			X509_LOOKUP_METHOD *
4469			X509_LOOKUP_hash_dir()
4470
4471			void
4472			X509_LOOKUP_add_dir(lookup, dir, type)
4473			X509_LOOKUP * lookup
4474			char * dir
4475			int type
4476
4477			int
4478			X509_load_cert_file(ctx, file, type)
4479			X509_LOOKUP *ctx
4480			char *file
4481			int type
4482
4483			int
4484			X509_load_crl_file(ctx, file, type)
4485			X509_LOOKUP *ctx
4486			char *file
4487			int type
4488
4489			int
4490			X509_load_cert_crl_file(ctx, file, type)
4491			X509_LOOKUP *ctx
4492			char *file
4493			int type
4494
4495			const char *
4496			X509_verify_cert_error_string(n)
4497			long n
4498
4499			ASN1_INTEGER *
4500			ASN1_INTEGER_new()
4501
4502			void
4503			ASN1_INTEGER_free(ASN1_INTEGER *i)
4504
4505			int
4506			ASN1_INTEGER_set(ASN1_INTEGER *i, long val)
4507
4508			long
4509			ASN1_INTEGER_get(ASN1_INTEGER *a)
4510
4511			void
4512			P_ASN1_INTEGER_set_hex(i,str)
4513			ASN1_INTEGER * i
4514			char * str
4515			INIT:
4516			BIGNUM *bn;
4517	3		int rv = 1;
4518			PPCODE:
4519	3		bn = BN_new();
4520	3	50	if (!BN_hex2bn(&bn, str)) XSRETURN_IV(0);
4521	3	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4522	3		BN_free(bn);
4523	3		XSRETURN_IV(rv);
4524
4525			void
4526			P_ASN1_INTEGER_set_dec(i,str)
4527			ASN1_INTEGER * i
4528			char * str
4529			INIT:
4530			BIGNUM *bn;
4531	1		int rv = 1;
4532			PPCODE:
4533	1		bn = BN_new();
4534	1	50	if (!BN_dec2bn(&bn, str)) XSRETURN_IV(0);
4535	1	50	if (!BN_to_ASN1_INTEGER(bn, i)) rv = 0;
4536	1		BN_free(bn);
4537	1		XSRETURN_IV(rv);
4538
4539			void
4540			P_ASN1_INTEGER_get_hex(i)
4541			ASN1_INTEGER * i
4542			INIT:
4543			BIGNUM *bn;
4544			char *result;
4545			PPCODE:
4546	6		bn = BN_new();
4547	6	50	if (!bn) XSRETURN_UNDEF;
4548	6		ASN1_INTEGER_to_BN(i, bn);
4549	6		result = BN_bn2hex(bn);
4550	6		BN_free(bn);
4551	6	50	if (!result) XSRETURN_UNDEF;
4552	6	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4553	6		OPENSSL_free(result);
4554
4555			void
4556			P_ASN1_INTEGER_get_dec(i)
4557			ASN1_INTEGER * i
4558			INIT:
4559			BIGNUM *bn;
4560			char *result;
4561			PPCODE:
4562	5		bn = BN_new();
4563	5	50	if (!bn) XSRETURN_UNDEF;
4564	5		ASN1_INTEGER_to_BN(i, bn);
4565	5		result = BN_bn2dec(bn);
4566	5		BN_free(bn);
4567	5	50	if (!result) XSRETURN_UNDEF;
4568	5	50	XPUSHs(sv_2mortal(newSVpv((const char*)result, strlen(result))));
4569	5		OPENSSL_free(result);
4570
4571			void
4572			P_ASN1_STRING_get(s,utf8_decode=0)
4573			ASN1_STRING * s
4574			int utf8_decode
4575			PREINIT:
4576			SV * u8;
4577			PPCODE:
4578			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4579			u8 = newSVpv((const char*)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
4580			#else
4581	87		u8 = newSVpv((const char*)ASN1_STRING_data(s), ASN1_STRING_length(s));
4582			#endif
4583	87	100	if (utf8_decode) sv_utf8_decode(u8);
4584	87	50	XPUSHs(sv_2mortal(u8));
4585
4586			#if (OPENSSL_VERSION_NUMBER >= 0x1010000f && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
4587
4588			const ASN1_TIME *
4589			X509_get0_notBefore(const X509 *cert)
4590
4591			const ASN1_TIME *
4592			X509_get0_notAfter(const X509 *cert)
4593
4594			ASN1_TIME *
4595			X509_getm_notBefore(const X509 *cert)
4596			ALIAS:
4597			X509_get_notBefore = 1
4598
4599			ASN1_TIME *
4600			X509_getm_notAfter(const X509 *cert)
4601			ALIAS:
4602			X509_get_notAfter = 1
4603
4604			#else /* plain get_ is deprecated */
4605
4606			ASN1_TIME *
4607			X509_get_notBefore(X509 *cert)
4608			ALIAS:
4609			X509_get0_notBefore = 1
4610			X509_getm_notBefore = 2
4611
4612			ASN1_TIME *
4613			X509_get_notAfter(X509 *cert)
4614			ALIAS:
4615			X509_get0_notAfter = 1
4616			X509_getm_notAfter = 2
4617
4618			#endif
4619
4620			ASN1_TIME *
4621			X509_gmtime_adj(s, adj)
4622			ASN1_TIME * s
4623			long adj
4624
4625			ASN1_TIME *
4626			ASN1_TIME_set(s,t)
4627			ASN1_TIME *s
4628			time_t t
4629
4630			void
4631			ASN1_TIME_free(s)
4632			ASN1_TIME *s
4633
4634			time_t
4635			ASN1_TIME_timet(s)
4636			ASN1_TIME *s
4637			CODE:
4638	0		RETVAL = ASN1_TIME_timet(s,NULL);
4639			OUTPUT:
4640			RETVAL
4641
4642			ASN1_TIME *
4643			ASN1_TIME_new()
4644
4645			void
4646			P_ASN1_TIME_put2string(tm)
4647			ASN1_TIME * tm
4648			PREINIT:
4649	4		BIO *bp=NULL;
4650	4		int i=0;
4651			char buffer[256];
4652			ALIAS:
4653			P_ASN1_UTCTIME_put2string = 1
4654			CODE:
4655	4		ST(0) = sv_newmortal(); /* undef retval to start with */
4656	4	50	if (tm) {
4657	4		bp = BIO_new(BIO_s_mem());
4658	4	50	if (bp) {
4659	4		ASN1_TIME_print(bp,tm);
4660	4		i = BIO_read(bp,buffer,255);
4661	4		buffer[i] = '\0';
4662	4	50	if (i>0)
4663	4		sv_setpvn(ST(0), buffer, i);
4664	4		BIO_free(bp);
4665			}
4666			}
4667
4668			#if OPENSSL_VERSION_NUMBER >= 0x0090705f
4669			#define REM15 "NOTE: requires 0.9.7e+"
4670
4671			void
4672			P_ASN1_TIME_get_isotime(tm)
4673			ASN1_TIME *tm
4674			PREINIT:
4675	34		ASN1_GENERALIZEDTIME *tmp = NULL;
4676			char buf[256];
4677			CODE:
4678	34		buf[0] = '\0';
4679			/* ASN1_TIME_to_generalizedtime is buggy on pre-0.9.7e */
4680	34		ASN1_TIME_to_generalizedtime(tm,&tmp);
4681	34	50	if (tmp) {
4682	34	50	if (ASN1_GENERALIZEDTIME_check(tmp)) {
4683	34	50	if (strlen((char)tmp->data)>=14 && strlen((char)tmp->data)<200) {
		50
4684	34		strcpy (buf,"yyyy-mm-ddThh:mm:ss");
4685	34		strncpy(buf, (char*)tmp->data, 4);
4686	34		strncpy(buf+5, (char*)tmp->data+4, 2);
4687	34		strncpy(buf+8, (char*)tmp->data+6, 2);
4688	34		strncpy(buf+11,(char*)tmp->data+8, 2);
4689	34		strncpy(buf+14,(char*)tmp->data+10,2);
4690	34		strncpy(buf+17,(char*)tmp->data+12,2);
4691	34	50	if (strlen((char)tmp->data)>14) strcat(buf+19,(char)tmp->data+14);
4692			}
4693			}
4694	34		ASN1_GENERALIZEDTIME_free(tmp);
4695			}
4696	34		ST(0) = sv_newmortal();
4697	34		sv_setpv(ST(0), buf);
4698
4699			void
4700			P_ASN1_TIME_set_isotime(tm,str)
4701			ASN1_TIME *tm
4702			const char *str
4703			PREINIT:
4704			ASN1_TIME t;
4705			char buf[256];
4706			int i,rv;
4707			CODE:
4708	13	50	if (!tm) XSRETURN_UNDEF;
4709			/* we support only "2012-03-22T23:55:33" or "2012-03-22T23:55:33Z" or "2012-03-22T23:55:33" */
4710	13	50	if (strlen(str) < 19) XSRETURN_UNDEF;
4711	65	50	for (i=0; i<4; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4712	39	50	for (i=5; i<7; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4713	39	50	for (i=8; i<10; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4714	39	50	for (i=11; i<13; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4715	39	50	for (i=14; i<16; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4716	39	50	for (i=17; i<19; i++) if ((str[i] > '9') \|\| (str[i] < '0')) XSRETURN_UNDEF;
		50
		100
4717	13		strncpy(buf, str, 4);
4718	13		strncpy(buf+4, str+5, 2);
4719	13		strncpy(buf+6, str+8, 2);
4720	13		strncpy(buf+8, str+11, 2);
4721	13		strncpy(buf+10, str+14, 2);
4722	13		strncpy(buf+12, str+17, 2);
4723	13		buf[14] = '\0';
4724	13	50	if (strlen(str)>19 && strlen(str)<200) strcat(buf,str+19);
		50
4725
4726			/* WORKAROUND: ASN1_TIME_set_string() not available in 0.9.8 !!!*/
4727			/* in 1.0.0 we would simply: rv = ASN1_TIME_set_string(tm,buf); */
4728	13		t.length = strlen(buf);
4729	13		t.data = (unsigned char *)buf;
4730	13		t.flags = 0;
4731	13		t.type = V_ASN1_UTCTIME;
4732	13	50	if (!ASN1_TIME_check(&t)) {
4733	13		t.type = V_ASN1_GENERALIZEDTIME;
4734	13	50	if (!ASN1_TIME_check(&t)) XSRETURN_UNDEF;
4735			}
4736	13		tm->type = t.type;
4737	13		tm->flags = t.flags;
4738	13	50	if (!ASN1_STRING_set(tm,t.data,t.length)) XSRETURN_UNDEF;
4739	13		rv = 1;
4740
4741			/* end of ASN1_TIME_set_string() reimplementation */
4742
4743	13		ST(0) = sv_newmortal();
4744	13		sv_setiv(ST(0), rv); /* 1 = success, undef = failure */
4745
4746			#endif
4747
4748			int
4749			EVP_PKEY_copy_parameters(to,from)
4750			EVP_PKEY * to
4751			EVP_PKEY * from
4752
4753			EVP_PKEY *
4754			EVP_PKEY_new()
4755
4756			void
4757			EVP_PKEY_free(EVP_PKEY *pkey)
4758
4759			int
4760			EVP_PKEY_assign_RSA(EVP_PKEY pkey, RSA key)
4761
4762			int
4763			EVP_PKEY_bits(EVP_PKEY *pkey)
4764
4765			int
4766			EVP_PKEY_size(EVP_PKEY *pkey)
4767
4768			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
4769
4770			int
4771			EVP_PKEY_id(const EVP_PKEY *pkey)
4772
4773			#endif
4774
4775			void
4776			PEM_get_string_X509(x509)
4777			X509 * x509
4778			PREINIT:
4779			BIO *bp;
4780			int i, n;
4781			char *buf;
4782			CODE:
4783	3		ST(0) = sv_newmortal(); /* undef to start with */
4784	3		bp = BIO_new(BIO_s_mem());
4785	3	50	if (bp && x509) {
		50
4786	3		PEM_write_bio_X509(bp,x509);
4787	3		n = BIO_ctrl_pending(bp);
4788	3		New(0, buf, n, char);
4789	3	50	if (buf) {
4790	3		i = BIO_read(bp,buf,n);
4791	3	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4792	3		Safefree(buf);
4793			}
4794	3		BIO_free(bp);
4795			}
4796
4797			void
4798			PEM_get_string_X509_REQ(x509_req)
4799			X509_REQ * x509_req
4800			PREINIT:
4801			BIO *bp;
4802			int i, n;
4803			char *buf;
4804			CODE:
4805	1		ST(0) = sv_newmortal(); /* undef to start with */
4806	1		bp = BIO_new(BIO_s_mem());
4807	1	50	if (bp && x509_req) {
		50
4808	1		PEM_write_bio_X509_REQ(bp,x509_req);
4809	1		n = BIO_ctrl_pending(bp);
4810	1		New(0, buf, n, char);
4811	1	50	if (buf) {
4812	1		i = BIO_read(bp,buf,n);
4813	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4814	1		Safefree(buf);
4815			}
4816	1		BIO_free(bp);
4817			}
4818
4819			void
4820			PEM_get_string_X509_CRL(x509_crl)
4821			X509_CRL * x509_crl
4822			PREINIT:
4823			BIO *bp;
4824			int i, n;
4825			char *buf;
4826			CODE:
4827	1		ST(0) = sv_newmortal(); /* undef to start with */
4828	1		bp = BIO_new(BIO_s_mem());
4829	1	50	if (bp && x509_crl) {
		50
4830	1		PEM_write_bio_X509_CRL(bp,x509_crl);
4831	1		n = BIO_ctrl_pending(bp);
4832	1		New(0, buf, n, char);
4833	1	50	if (buf) {
4834	1		i = BIO_read(bp,buf,n);
4835	1	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4836	1		Safefree(buf);
4837			}
4838	1		BIO_free(bp);
4839			}
4840
4841			void
4842			PEM_get_string_PrivateKey(pk,passwd=NULL,enc_alg=NULL)
4843			EVP_PKEY * pk
4844			char * passwd
4845			const EVP_CIPHER * enc_alg
4846			PREINIT:
4847			BIO *bp;
4848			int i, n;
4849			char *buf;
4850	6		size_t passwd_len = 0;
4851	6		pem_password_cb * cb = NULL;
4852	6		void * u = NULL;
4853			CODE:
4854	6		ST(0) = sv_newmortal(); /* undef to start with */
4855	6		bp = BIO_new(BIO_s_mem());
4856	6	50	if (bp && pk) {
		50
4857	6	100	if (passwd) passwd_len = strlen(passwd);
4858	6	100	if (passwd_len>0) {
4859			/* encrypted key */
4860	2	100	if (!enc_alg)
4861	1		PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
4862			else
4863	2		PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
4864			}
4865			else {
4866			/* unencrypted key */
4867	4		PEM_write_bio_PrivateKey(bp,pk,NULL,(unsigned char *)passwd,passwd_len,cb,u);
4868			}
4869	6		n = BIO_ctrl_pending(bp);
4870	6		New(0, buf, n, char);
4871	6	50	if (buf) {
4872	6		i = BIO_read(bp,buf,n);
4873	6	50	if (i>=0 && i<=n) sv_setpvn(ST(0), buf, i);
		50
4874	6		Safefree(buf);
4875			}
4876	6		BIO_free(bp);
4877			}
4878
4879			int
4880			CTX_use_PKCS12_file(ctx, file, password=NULL)
4881			SSL_CTX *ctx
4882			char *file
4883			char *password
4884			PREINIT:
4885			PKCS12 *p12;
4886			EVP_PKEY *private_key;
4887			X509 *certificate;
4888			FILE *fp;
4889			CODE:
4890	0		RETVAL = 0;
4891	0	0	if ((fp = fopen (file, "rb"))) {
4892			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4893	0		OPENSSL_add_all_algorithms_noconf();
4894			#else
4895			OpenSSL_add_all_algorithms();
4896			#endif
4897	0	0	if ((p12 = d2i_PKCS12_fp(fp, NULL))) {
4898	0	0	if (PKCS12_parse(p12, password, &private_key, &certificate, NULL)) {
4899	0	0	if (private_key) {
4900	0	0	if (SSL_CTX_use_PrivateKey(ctx, private_key)) RETVAL = 1;
4901	0		EVP_PKEY_free(private_key);
4902			}
4903	0	0	if (certificate) {
4904	0	0	if (SSL_CTX_use_certificate(ctx, certificate)) RETVAL = 1;
4905	0		X509_free(certificate);
4906			}
4907			}
4908	0		PKCS12_free(p12);
4909			}
4910	0	0	if (!RETVAL) ERR_print_errors_fp(stderr);
4911	0		fclose(fp);
4912			}
4913			OUTPUT:
4914			RETVAL
4915
4916			void
4917			P_PKCS12_load_file(file, load_chain=0, password=NULL)
4918			char *file
4919			int load_chain
4920			char *password
4921			PREINIT:
4922			PKCS12 *p12;
4923	4		EVP_PKEY *private_key = NULL;
4924	4		X509 *certificate = NULL;
4925	4		STACK_OF(X509) *cachain = NULL;
4926			X509 *x;
4927			FILE *fp;
4928			int i, result;
4929			PPCODE:
4930	4	50	if ((fp = fopen (file, "rb"))) {
4931			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
4932	4		OPENSSL_add_all_algorithms_noconf();
4933			#else
4934			OpenSSL_add_all_algorithms();
4935			#endif
4936	4	50	if ((p12 = d2i_PKCS12_fp(fp, NULL))) {
4937	4	100	if(load_chain)
4938	3		result= PKCS12_parse(p12, password, &private_key, &certificate, &cachain);
4939			else
4940	1		result= PKCS12_parse(p12, password, &private_key, &certificate, NULL);
4941	4	50	if (result) {
4942	4	50	if (private_key)
4943	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(private_key))));
4944			else
4945	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4946	4	50	if (certificate)
4947	4	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(certificate))));
4948			else
4949	0	0	XPUSHs(sv_2mortal(newSVpv(NULL,0))); /* undef */
4950	4	100	if (cachain) {
4951	3	100	for (i=0; i
4952	2		x = sk_X509_value(cachain, i);
4953	2	50	XPUSHs(sv_2mortal(newSViv(PTR2IV(x))));
4954			}
4955	1		sk_X509_free(cachain);
4956			}
4957			}
4958	4		PKCS12_free(p12);
4959			}
4960	4		fclose(fp);
4961			}
4962
4963			#ifndef OPENSSL_NO_MD2
4964
4965			void
4966			MD2(data)
4967			PREINIT:
4968			STRLEN len;
4969			unsigned char md[MD2_DIGEST_LENGTH];
4970			unsigned char * ret;
4971			INPUT:
4972			unsigned char* data = (unsigned char *) SvPV( ST(0), len);
4973			CODE:
4974			ret = MD2(data,len,md);
4975			if (ret!=NULL) {
4976			XSRETURN_PVN((char *) md, MD2_DIGEST_LENGTH);
4977			} else {
4978			XSRETURN_UNDEF;
4979			}
4980
4981			#endif
4982
4983			#ifndef OPENSSL_NO_MD4
4984
4985			void
4986			MD4(data)
4987			PREINIT:
4988			STRLEN len;
4989			unsigned char md[MD4_DIGEST_LENGTH];
4990			INPUT:
4991			unsigned char* data = (unsigned char *) SvPV( ST(0), len );
4992			CODE:
4993	9	50	if (MD4(data,len,md)) {
4994	9		XSRETURN_PVN((char *) md, MD4_DIGEST_LENGTH);
4995			} else {
4996	9		XSRETURN_UNDEF;
4997			}
4998
4999			#endif
5000
5001			#ifndef OPENSSL_NO_MD5
5002
5003			void
5004			MD5(data)
5005			PREINIT:
5006			STRLEN len;
5007			unsigned char md[MD5_DIGEST_LENGTH];
5008			INPUT:
5009			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5010			CODE:
5011	9	50	if (MD5(data,len,md)) {
5012	9		XSRETURN_PVN((char *) md, MD5_DIGEST_LENGTH);
5013			} else {
5014	9		XSRETURN_UNDEF;
5015			}
5016
5017			#endif
5018
5019			#if OPENSSL_VERSION_NUMBER >= 0x00905000L
5020
5021			void
5022			RIPEMD160(data)
5023			PREINIT:
5024			STRLEN len;
5025			unsigned char md[RIPEMD160_DIGEST_LENGTH];
5026			INPUT:
5027			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5028			CODE:
5029	9	50	if (RIPEMD160(data,len,md)) {
5030	9		XSRETURN_PVN((char *) md, RIPEMD160_DIGEST_LENGTH);
5031			} else {
5032	9		XSRETURN_UNDEF;
5033			}
5034
5035			#endif
5036
5037			#if !defined(OPENSSL_NO_SHA)
5038
5039			void
5040			SHA1(data)
5041			PREINIT:
5042			STRLEN len;
5043			unsigned char md[SHA_DIGEST_LENGTH];
5044			INPUT:
5045			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5046			CODE:
5047	8	50	if (SHA1(data,len,md)) {
5048	8		XSRETURN_PVN((char *) md, SHA_DIGEST_LENGTH);
5049			} else {
5050	8		XSRETURN_UNDEF;
5051			}
5052
5053			#endif
5054			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5055
5056			void
5057			SHA256(data)
5058			PREINIT:
5059			STRLEN len;
5060			unsigned char md[SHA256_DIGEST_LENGTH];
5061			INPUT:
5062			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5063			CODE:
5064	8	50	if (SHA256(data,len,md)) {
5065	8		XSRETURN_PVN((char *) md, SHA256_DIGEST_LENGTH);
5066			} else {
5067	8		XSRETURN_UNDEF;
5068			}
5069
5070			#endif
5071			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
5072
5073			void
5074			SHA512(data)
5075			PREINIT:
5076			STRLEN len;
5077			unsigned char md[SHA512_DIGEST_LENGTH];
5078			INPUT:
5079			unsigned char * data = (unsigned char *) SvPV( ST(0), len);
5080			CODE:
5081	8	50	if (SHA512(data,len,md)) {
5082	8		XSRETURN_PVN((char *) md, SHA512_DIGEST_LENGTH);
5083			} else {
5084	8		XSRETURN_UNDEF;
5085			}
5086
5087			#endif
5088
5089			#ifndef OPENSSL_NO_SSL2
5090			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5091
5092			const SSL_METHOD *
5093			SSLv2_method()
5094
5095			#endif
5096			#endif
5097
5098			#ifndef OPENSSL_NO_SSL3
5099
5100			const SSL_METHOD *
5101			SSLv3_method()
5102
5103			#endif
5104
5105			const SSL_METHOD *
5106			SSLv23_method()
5107
5108			const SSL_METHOD *
5109			SSLv23_server_method()
5110
5111			const SSL_METHOD *
5112			SSLv23_client_method()
5113
5114			#if !defined(OPENSSL_NO_TLS1_METHOD)
5115
5116			const SSL_METHOD *
5117			TLSv1_method()
5118
5119			const SSL_METHOD *
5120			TLSv1_server_method()
5121
5122			const SSL_METHOD *
5123			TLSv1_client_method()
5124
5125			#endif
5126
5127			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_1_METHOD)) /* OpenSSL 1.0.1-beta1 */
5128
5129			const SSL_METHOD *
5130			TLSv1_1_method()
5131
5132			const SSL_METHOD *
5133			TLSv1_1_server_method()
5134
5135			const SSL_METHOD *
5136			TLSv1_1_client_method()
5137
5138			#endif
5139
5140			#if (OPENSSL_VERSION_NUMBER >= 0x10001001L && !defined(OPENSSL_NO_TLS1_2_METHOD)) /* OpenSSL 1.0.1-beta1 */
5141
5142			const SSL_METHOD *
5143			TLSv1_2_method()
5144
5145			const SSL_METHOD *
5146			TLSv1_2_server_method()
5147
5148			const SSL_METHOD *
5149			TLSv1_2_client_method()
5150
5151			#endif
5152
5153
5154			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
5155
5156			const SSL_METHOD *
5157			TLS_method()
5158
5159			const SSL_METHOD *
5160			TLS_server_method()
5161
5162			const SSL_METHOD *
5163			TLS_client_method()
5164
5165			#endif /* OpenSSL 1.1.0 or LibreSSL 2.2.2 */
5166
5167
5168			#if (OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2060000fL)
5169
5170			int
5171			SSL_CTX_set_min_proto_version(ctx, version)
5172			SSL_CTX * ctx
5173			int version
5174
5175			int
5176			SSL_CTX_set_max_proto_version(ctx, version)
5177			SSL_CTX * ctx
5178			int version
5179
5180			int
5181			SSL_set_min_proto_version(ssl, version)
5182			SSL * ssl
5183			int version
5184
5185			int
5186			SSL_set_max_proto_version(ssl, version)
5187			SSL * ssl
5188			int version
5189
5190			#endif /* OpenSSL 1.1.0-pre2 or LibreSSL 2.6.0 */
5191
5192
5193			#if (OPENSSL_VERSION_NUMBER >= 0x1010007fL && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3040000fL)
5194
5195			int
5196			SSL_CTX_get_min_proto_version(ctx)
5197			SSL_CTX * ctx
5198
5199			int
5200			SSL_CTX_get_max_proto_version(ctx)
5201			SSL_CTX * ctx
5202
5203			int
5204			SSL_get_min_proto_version(ssl)
5205			SSL * ssl
5206
5207			int
5208			SSL_get_max_proto_version(ssl)
5209			SSL * ssl
5210
5211			#endif /* OpenSSL 1.1.0g or LibreSSL 3.4.0 */
5212
5213
5214			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5215
5216			int
5217			SSL_set_ssl_method(ssl, method)
5218			SSL * ssl
5219			SSL_METHOD * method
5220
5221			#else
5222
5223			int
5224			SSL_set_ssl_method(ssl, method)
5225			SSL * ssl
5226			const SSL_METHOD * method
5227
5228			#endif
5229
5230			const SSL_METHOD *
5231			SSL_get_ssl_method(ssl)
5232			SSL * ssl
5233
5234			#define REM_AUTOMATICALLY_GENERATED_1_09
5235
5236			BIO *
5237			BIO_new_buffer_ssl_connect(ctx)
5238			SSL_CTX * ctx
5239
5240			BIO *
5241			BIO_new_file(filename,mode)
5242			char * filename
5243			char * mode
5244
5245			BIO *
5246			BIO_new_ssl(ctx,client)
5247			SSL_CTX * ctx
5248			int client
5249
5250			BIO *
5251			BIO_new_ssl_connect(ctx)
5252			SSL_CTX * ctx
5253
5254			BIO *
5255			BIO_new(type)
5256			BIO_METHOD * type;
5257
5258			int
5259			BIO_free(bio)
5260			BIO * bio;
5261
5262			void
5263			BIO_read(s,max=32768)
5264			BIO * s
5265			int max
5266			PREINIT:
5267	138		char *buf = NULL;
5268			int got;
5269			CODE:
5270	138		New(0, buf, max, char);
5271	138		ST(0) = sv_newmortal(); /* Undefined to start with */
5272	138	100	if ((got = BIO_read(s, buf, max)) >= 0)
5273	55		sv_setpvn( ST(0), buf, got);
5274	138		Safefree(buf);
5275
5276			int
5277			BIO_write(s,buf)
5278			BIO * s
5279			PREINIT:
5280			STRLEN len;
5281			INPUT:
5282			char * buf = SvPV( ST(1), len);
5283			CODE:
5284	55		RETVAL = BIO_write (s, buf, (int)len);
5285			OUTPUT:
5286			RETVAL
5287
5288			int
5289			BIO_eof(s)
5290			BIO * s
5291
5292			int
5293			BIO_pending(s)
5294			BIO * s
5295
5296			int
5297			BIO_wpending(s)
5298			BIO * s
5299
5300			int
5301			BIO_ssl_copy_session_id(to,from)
5302			BIO * to
5303			BIO * from
5304
5305			void
5306			BIO_ssl_shutdown(ssl_bio)
5307			BIO * ssl_bio
5308
5309			int
5310			SSL_add_client_CA(ssl,x)
5311			SSL * ssl
5312			X509 * x
5313
5314			const char *
5315			SSL_alert_desc_string(value)
5316			int value
5317
5318			const char *
5319			SSL_alert_desc_string_long(value)
5320			int value
5321
5322			const char *
5323			SSL_alert_type_string(value)
5324			int value
5325
5326			const char *
5327			SSL_alert_type_string_long(value)
5328			int value
5329
5330			long
5331			SSL_callback_ctrl(ssl,i,fp)
5332			SSL * ssl
5333			int i
5334			callback_no_ret * fp
5335
5336			int
5337			SSL_check_private_key(ctx)
5338			SSL * ctx
5339
5340			# /* buf and size were required with Net::SSLeay 1.88 and earlier. */
5341			# /* With OpenSSL 0.9.8l and older compile can warn about discarded const. */
5342			void
5343			SSL_CIPHER_description(const SSL_CIPHER cipher, char unused_buf=NULL, int unused_size=0)
5344			PREINIT:
5345			char *description;
5346			char buf[512];
5347			PPCODE:
5348	194		description = SSL_CIPHER_description(cipher, buf, sizeof(buf));
5349	194	50	if(description == NULL) {
5350	0		XSRETURN_EMPTY;
5351			}
5352	194	50	XPUSHs(sv_2mortal(newSVpv(description, 0)));
5353
5354			const char *
5355			SSL_CIPHER_get_name(const SSL_CIPHER *c)
5356
5357			int
5358			SSL_CIPHER_get_bits(c, ...)
5359			const SSL_CIPHER * c
5360			CODE:
5361			int alg_bits;
5362	390		RETVAL = SSL_CIPHER_get_bits(c, &alg_bits);
5363	390	50	if (items > 2) croak("SSL_CIPHER_get_bits: Need to call with one or two parameters");
5364	390	100	if (items > 1) sv_setsv(ST(1), sv_2mortal(newSViv(alg_bits)));
5365			OUTPUT:
5366			RETVAL
5367
5368			const char *
5369			SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
5370
5371			#ifndef OPENSSL_NO_COMP
5372
5373			int
5374			SSL_COMP_add_compression_method(id,cm)
5375			int id
5376			COMP_METHOD * cm
5377
5378			#endif
5379
5380			int
5381			SSL_CTX_add_client_CA(ctx,x)
5382			SSL_CTX * ctx
5383			X509 * x
5384
5385			long
5386			SSL_CTX_callback_ctrl(ctx,i,fp)
5387			SSL_CTX * ctx
5388			int i
5389			callback_no_ret * fp
5390
5391			int
5392			SSL_CTX_check_private_key(ctx)
5393			SSL_CTX * ctx
5394
5395			void *
5396			SSL_CTX_get_ex_data(ssl,idx)
5397			SSL_CTX * ssl
5398			int idx
5399
5400			int
5401			SSL_CTX_get_quiet_shutdown(ctx)
5402			SSL_CTX * ctx
5403
5404			long
5405			SSL_CTX_get_timeout(ctx)
5406			SSL_CTX * ctx
5407
5408			int
5409			SSL_CTX_get_verify_depth(ctx)
5410			SSL_CTX * ctx
5411
5412			int
5413			SSL_CTX_get_verify_mode(ctx)
5414			SSL_CTX * ctx
5415
5416			void
5417			SSL_CTX_set_cert_store(ctx,store)
5418			SSL_CTX * ctx
5419			X509_STORE * store
5420
5421			X509_STORE *
5422			SSL_CTX_get_cert_store(ctx)
5423			SSL_CTX * ctx
5424
5425			void
5426			SSL_CTX_set_cert_verify_callback(ctx,callback,data=&PL_sv_undef)
5427			SSL_CTX * ctx
5428			SV * callback
5429			SV * data
5430			CODE:
5431	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5432	0		SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
5433	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", NULL);
5434	0		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", NULL);
5435			}
5436			else {
5437	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!func", newSVsv(callback));
5438	1		cb_data_advanced_put(ctx, "ssleay_ctx_cert_verify_cb!!data", newSVsv(data));
5439			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
5440	1		SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, ctx);
5441			#else
5442			SSL_CTX_set_cert_verify_callback(ctx, ssleay_ctx_cert_verify_cb_invoke, (char*)ctx);
5443			#endif
5444			}
5445
5446			X509_NAME_STACK *
5447			SSL_CTX_get_client_CA_list(ctx)
5448			SSL_CTX *ctx
5449
5450			void
5451			SSL_CTX_set_client_CA_list(ctx,list)
5452			SSL_CTX * ctx
5453			X509_NAME_STACK * list
5454
5455			void
5456			SSL_CTX_set_default_passwd_cb(ctx,callback=&PL_sv_undef)
5457			SSL_CTX * ctx
5458			SV * callback
5459			CODE:
5460	4	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5461	0		SSL_CTX_set_default_passwd_cb(ctx, NULL);
5462	0		SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
5463	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", NULL);
5464			}
5465			else {
5466	4		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!func", newSVsv(callback));
5467	4		SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)ctx);
5468	4		SSL_CTX_set_default_passwd_cb(ctx, &ssleay_ctx_passwd_cb_invoke);
5469			}
5470
5471			void
5472			SSL_CTX_set_default_passwd_cb_userdata(ctx,data=&PL_sv_undef)
5473			SSL_CTX * ctx
5474			SV * data
5475			CODE:
5476			/* SSL_CTX_set_default_passwd_cb_userdata is set in SSL_CTX_set_default_passwd_cb */
5477	2	50	if (data==NULL \|\| !SvOK(data)) {
		50
		0
		0
5478	0		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", NULL);
5479			}
5480			else {
5481	2		cb_data_advanced_put(ctx, "ssleay_ctx_passwd_cb!!data", newSVsv(data));
5482			}
5483
5484			int
5485			SSL_CTX_set_ex_data(ssl,idx,data)
5486			SSL_CTX * ssl
5487			int idx
5488			void * data
5489
5490			int
5491			SSL_CTX_set_purpose(s,purpose)
5492			SSL_CTX * s
5493			int purpose
5494
5495			void
5496			SSL_CTX_set_quiet_shutdown(ctx,mode)
5497			SSL_CTX * ctx
5498			int mode
5499
5500			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5501
5502			int
5503			SSL_CTX_set_ssl_version(ctx,meth)
5504			SSL_CTX * ctx
5505			SSL_METHOD * meth
5506
5507			#else
5508
5509			int
5510			SSL_CTX_set_ssl_version(ctx,meth)
5511			SSL_CTX * ctx
5512			const SSL_METHOD * meth
5513
5514			#endif
5515
5516			long
5517			SSL_CTX_set_timeout(ctx,t)
5518			SSL_CTX * ctx
5519			long t
5520
5521			int
5522			SSL_CTX_set_trust(s,trust)
5523			SSL_CTX * s
5524			int trust
5525
5526			void
5527			SSL_CTX_set_verify_depth(ctx,depth)
5528			SSL_CTX * ctx
5529			int depth
5530
5531			int
5532			SSL_CTX_use_certificate(ctx,x)
5533			SSL_CTX * ctx
5534			X509 * x
5535
5536			int
5537			SSL_CTX_use_certificate_chain_file(ctx,file)
5538			SSL_CTX * ctx
5539			const char * file
5540
5541
5542			#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
5543
5544			int
5545			SSL_use_certificate_chain_file(ssl,file)
5546			SSL * ssl
5547			const char * file
5548
5549			#endif /* OpenSSL 1.1.0 */
5550
5551			int
5552			SSL_CTX_use_PrivateKey(ctx,pkey)
5553			SSL_CTX * ctx
5554			EVP_PKEY * pkey
5555
5556			int
5557			SSL_CTX_use_RSAPrivateKey(ctx,rsa)
5558			SSL_CTX * ctx
5559			RSA * rsa
5560
5561			int
5562			SSL_do_handshake(s)
5563			SSL * s
5564
5565			SSL *
5566			SSL_dup(ssl)
5567			SSL * ssl
5568
5569			const SSL_CIPHER *
5570			SSL_get_current_cipher(s)
5571			SSL * s
5572
5573			long
5574			SSL_get_default_timeout(s)
5575			SSL * s
5576
5577			void *
5578			SSL_get_ex_data(ssl,idx)
5579			SSL * ssl
5580			int idx
5581
5582			size_t
5583			SSL_get_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5584			SSL *ssl
5585			SV *buf
5586			size_t count
5587			PREINIT:
5588			unsigned char *finished;
5589			size_t finished_len;
5590			CODE:
5591	4		Newx(finished, count, unsigned char);
5592	4		finished_len = SSL_get_finished(ssl, finished, count);
5593	4	100	if (count > finished_len)
5594	3		count = finished_len;
5595	4		sv_setpvn(buf, (const char *)finished, count);
5596	4		Safefree(finished);
5597	4		RETVAL = finished_len;
5598			OUTPUT:
5599			RETVAL
5600
5601			size_t
5602			SSL_get_peer_finished(ssl,buf,count=2*EVP_MAX_MD_SIZE)
5603			SSL *ssl
5604			SV *buf
5605			size_t count
5606			PREINIT:
5607			unsigned char *finished;
5608			size_t finished_len;
5609			CODE:
5610	4		Newx(finished, count, unsigned char);
5611	4		finished_len = SSL_get_peer_finished(ssl, finished, count);
5612	4	100	if (count > finished_len)
5613	3		count = finished_len;
5614	4		sv_setpvn(buf, (const char *)finished, count);
5615	4		Safefree(finished);
5616	4		RETVAL = finished_len;
5617			OUTPUT:
5618			RETVAL
5619
5620			int
5621			SSL_get_quiet_shutdown(ssl)
5622			SSL * ssl
5623
5624			int
5625			SSL_get_shutdown(ssl)
5626			SSL * ssl
5627
5628			int
5629			SSL_get_verify_depth(s)
5630			SSL * s
5631
5632			int
5633			SSL_get_verify_mode(s)
5634			SSL * s
5635
5636			long
5637			SSL_get_verify_result(ssl)
5638			SSL * ssl
5639
5640			int
5641			SSL_renegotiate(s)
5642			SSL * s
5643
5644			#if OPENSSL_VERSION_NUMBER < 0x10000000L
5645
5646			int
5647			SSL_SESSION_cmp(a,b)
5648			SSL_SESSION * a
5649			SSL_SESSION * b
5650
5651			#endif
5652
5653			void *
5654			SSL_SESSION_get_ex_data(ss,idx)
5655			SSL_SESSION * ss
5656			int idx
5657
5658			long
5659			SSL_SESSION_get_time(s)
5660			SSL_SESSION * s
5661
5662			long
5663			SSL_SESSION_get_timeout(s)
5664			SSL_SESSION * s
5665
5666			int
5667			SSL_SESSION_print_fp(fp,ses)
5668			FILE * fp
5669			SSL_SESSION * ses
5670
5671			int
5672			SSL_SESSION_set_ex_data(ss,idx,data)
5673			SSL_SESSION * ss
5674			int idx
5675			void * data
5676
5677			long
5678			SSL_SESSION_set_time(s,t)
5679			SSL_SESSION * s
5680			long t
5681
5682			long
5683			SSL_SESSION_set_timeout(s,t)
5684			SSL_SESSION * s
5685			long t
5686
5687			void
5688			SSL_set_accept_state(s)
5689			SSL * s
5690
5691			void
5692			sk_X509_NAME_free(sk)
5693			X509_NAME_STACK *sk
5694
5695			int
5696			sk_X509_NAME_num(sk)
5697			X509_NAME_STACK *sk
5698
5699			X509_NAME *
5700			sk_X509_NAME_value(sk,i)
5701			X509_NAME_STACK *sk
5702			int i
5703
5704			X509_NAME_STACK *
5705			SSL_get_client_CA_list(s)
5706			SSL * s
5707
5708			void
5709			SSL_set_client_CA_list(s,list)
5710			SSL * s
5711			X509_NAME_STACK * list
5712
5713			void
5714			SSL_set_connect_state(s)
5715			SSL * s
5716
5717			int
5718			SSL_set_ex_data(ssl,idx,data)
5719			SSL * ssl
5720			int idx
5721			void * data
5722
5723
5724			void
5725			SSL_set_info_callback(ssl,callback,data=&PL_sv_undef)
5726			SSL * ssl
5727			SV * callback
5728			SV * data
5729			CODE:
5730	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5731	0		SSL_set_info_callback(ssl, NULL);
5732	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", NULL);
5733	0		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", NULL);
5734			} else {
5735	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!func", newSVsv(callback));
5736	1		cb_data_advanced_put(ssl, "ssleay_info_cb!!data", newSVsv(data));
5737	1		SSL_set_info_callback(ssl, ssleay_info_cb_invoke);
5738			}
5739
5740			void
5741			SSL_CTX_set_info_callback(ctx,callback,data=&PL_sv_undef)
5742			SSL_CTX * ctx
5743			SV * callback
5744			SV * data
5745			CODE:
5746	148	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
5747	0		SSL_CTX_set_info_callback(ctx, NULL);
5748	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", NULL);
5749	0		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", NULL);
5750			} else {
5751	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!func", newSVsv(callback));
5752	148		cb_data_advanced_put(ctx, "ssleay_ctx_info_cb!!data", newSVsv(data));
5753	148		SSL_CTX_set_info_callback(ctx, ssleay_ctx_info_cb_invoke);
5754			}
5755
5756			void
5757			SSL_set_msg_callback(ssl,callback,data=&PL_sv_undef)
5758			SSL * ssl
5759			SV * callback
5760			SV * data
5761			CODE:
5762	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5763	1		SSL_set_msg_callback(ssl, NULL);
5764	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", NULL);
5765	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", NULL);
5766			} else {
5767	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!func", newSVsv(callback));
5768	1		cb_data_advanced_put(ssl, "ssleay_msg_cb!!data", newSVsv(data));
5769	1		SSL_set_msg_callback(ssl, ssleay_msg_cb_invoke);
5770			}
5771
5772			void
5773			SSL_CTX_set_msg_callback(ctx,callback,data=&PL_sv_undef)
5774			SSL_CTX * ctx
5775			SV * callback
5776			SV * data
5777			CODE:
5778	2	50	if (callback==NULL \|\| !SvOK(callback)) {
		100
		50
		50
5779	1		SSL_CTX_set_msg_callback(ctx, NULL);
5780	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", NULL);
5781	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", NULL);
5782			} else {
5783	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!func", newSVsv(callback));
5784	1		cb_data_advanced_put(ctx, "ssleay_ctx_msg_cb!!data", newSVsv(data));
5785	1		SSL_CTX_set_msg_callback(ctx, ssleay_ctx_msg_cb_invoke);
5786			}
5787
5788
5789			#if OPENSSL_VERSION_NUMBER >= 0x10101001 && !defined(LIBRESSL_VERSION_NUMBER)
5790
5791			void
5792			SSL_CTX_set_keylog_callback(SSL_CTX ctx, SV callback)
5793			CODE:
5794			if (callback==NULL \|\| !SvOK(callback)) {
5795			SSL_CTX_set_keylog_callback(ctx, NULL);
5796			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", NULL);
5797			} else {
5798			cb_data_advanced_put(ctx, "ssleay_ssl_ctx_keylog_callback!!func", newSVsv(callback));
5799			SSL_CTX_set_keylog_callback(ctx, ssl_ctx_keylog_cb_func_invoke);
5800			}
5801
5802			SV *
5803			SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
5804			CODE:
5805			SV *func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_keylog_callback!!func");
5806			/* without increment the reference will go away and ssl_ctx_keylog_cb_func_invoke croaks */
5807			SvREFCNT_inc(func);
5808			RETVAL = func;
5809			OUTPUT:
5810			RETVAL
5811
5812			#endif
5813
5814
5815			int
5816			SSL_set_purpose(s,purpose)
5817			SSL * s
5818			int purpose
5819
5820			void
5821			SSL_set_quiet_shutdown(ssl,mode)
5822			SSL * ssl
5823			int mode
5824
5825			void
5826			SSL_set_shutdown(ssl,mode)
5827			SSL * ssl
5828			int mode
5829
5830			int
5831			SSL_set_trust(s,trust)
5832			SSL * s
5833			int trust
5834
5835			void
5836			SSL_set_verify_depth(s,depth)
5837			SSL * s
5838			int depth
5839
5840			void
5841			SSL_set_verify_result(ssl,v)
5842			SSL * ssl
5843			long v
5844
5845			int
5846			SSL_shutdown(s)
5847			SSL * s
5848
5849			const char *
5850			SSL_get_version(ssl)
5851			const SSL * ssl
5852
5853			int
5854			SSL_version(ssl)
5855			SSL * ssl
5856
5857			#if OPENSSL_VERSION_NUMBER >= 0x10100006L && !defined(LIBRESSL_VERSION_NUMBER) /* 1.1.0-pre6 */
5858
5859			int
5860			SSL_client_version(ssl)
5861			const SSL * ssl
5862
5863			int
5864			SSL_is_dtls(ssl)
5865			const SSL * ssl
5866
5867			#endif
5868
5869			#define REM_MANUALLY_ADDED_1_09
5870
5871			X509_NAME_STACK *
5872			SSL_load_client_CA_file(file)
5873			const char * file
5874
5875			int
5876			SSL_add_file_cert_subjects_to_stack(stackCAs,file)
5877			X509_NAME_STACK * stackCAs
5878			const char * file
5879
5880			#ifndef WIN32
5881			#ifndef VMS
5882			#ifndef MAC_OS_pre_X
5883
5884			int
5885			SSL_add_dir_cert_subjects_to_stack(stackCAs,dir)
5886			X509_NAME_STACK * stackCAs
5887			const char * dir
5888
5889			#endif
5890			#endif
5891			#endif
5892
5893			int
5894			SSL_CTX_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5895			long argl
5896			void * argp
5897			CRYPTO_EX_new * new_func
5898			CRYPTO_EX_dup * dup_func
5899			CRYPTO_EX_free * free_func
5900
5901			int
5902			SSL_CTX_set_session_id_context(ctx,sid_ctx,sid_ctx_len)
5903			SSL_CTX * ctx
5904			const unsigned char * sid_ctx
5905			unsigned int sid_ctx_len
5906
5907			int
5908			SSL_set_session_id_context(ssl,sid_ctx,sid_ctx_len)
5909			SSL * ssl
5910			const unsigned char * sid_ctx
5911			unsigned int sid_ctx_len
5912
5913			#if OPENSSL_VERSION_NUMBER < 0x10100000L
5914			void
5915			SSL_CTX_set_tmp_rsa_callback(ctx, cb)
5916			SSL_CTX * ctx
5917			cb_ssl_int_int_ret_RSA * cb
5918
5919			void
5920			SSL_set_tmp_rsa_callback(ssl, cb)
5921			SSL * ssl
5922			cb_ssl_int_int_ret_RSA * cb
5923
5924			#endif
5925
5926			void
5927			SSL_CTX_set_tmp_dh_callback(ctx, dh)
5928			SSL_CTX * ctx
5929			cb_ssl_int_int_ret_DH * dh
5930
5931			void
5932			SSL_set_tmp_dh_callback(ssl,dh)
5933			SSL * ssl
5934			cb_ssl_int_int_ret_DH * dh
5935
5936			int
5937			SSL_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5938			long argl
5939			void * argp
5940			CRYPTO_EX_new * new_func
5941			CRYPTO_EX_dup * dup_func
5942			CRYPTO_EX_free * free_func
5943
5944			int
5945			SSL_SESSION_get_ex_new_index(argl,argp=NULL,new_func=NULL,dup_func=NULL,free_func=NULL)
5946			long argl
5947			void * argp
5948			CRYPTO_EX_new * new_func
5949			CRYPTO_EX_dup * dup_func
5950			CRYPTO_EX_free * free_func
5951
5952			#define REM_SEMIAUTOMATIC_MACRO_GEN_1_09
5953
5954			long
5955			SSL_clear_num_renegotiations(ssl)
5956			SSL * ssl
5957			CODE:
5958	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL);
5959			OUTPUT:
5960			RETVAL
5961
5962			long
5963			SSL_CTX_add_extra_chain_cert(ctx,x509)
5964			SSL_CTX * ctx
5965			X509 * x509
5966			CODE:
5967	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char*)x509);
5968			OUTPUT:
5969			RETVAL
5970
5971			void *
5972			SSL_CTX_get_app_data(ctx)
5973			SSL_CTX * ctx
5974			CODE:
5975	0		RETVAL = SSL_CTX_get_ex_data(ctx,0);
5976			OUTPUT:
5977			RETVAL
5978
5979			long
5980			SSL_CTX_get_mode(ctx)
5981			SSL_CTX * ctx
5982			CODE:
5983	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL);
5984			OUTPUT:
5985			RETVAL
5986
5987			long
5988			SSL_CTX_get_read_ahead(ctx)
5989			SSL_CTX * ctx
5990			CODE:
5991	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL);
5992			OUTPUT:
5993			RETVAL
5994
5995			long
5996			SSL_CTX_get_session_cache_mode(ctx)
5997			SSL_CTX * ctx
5998			CODE:
5999	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL);
6000			OUTPUT:
6001			RETVAL
6002
6003			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6004			long
6005			SSL_CTX_need_tmp_RSA(ctx)
6006			SSL_CTX * ctx
6007			CODE:
6008	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6009			OUTPUT:
6010			RETVAL
6011
6012			#endif
6013
6014			int
6015			SSL_CTX_set_app_data(ctx,arg)
6016			SSL_CTX * ctx
6017			char * arg
6018			CODE:
6019	0		RETVAL = SSL_CTX_set_ex_data(ctx,0,arg);
6020			OUTPUT:
6021			RETVAL
6022
6023			long
6024			SSL_CTX_set_mode(ctx,op)
6025			SSL_CTX * ctx
6026			long op
6027			CODE:
6028	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL);
6029			OUTPUT:
6030			RETVAL
6031
6032			long
6033			SSL_CTX_set_read_ahead(ctx,m)
6034			SSL_CTX * ctx
6035			long m
6036			CODE:
6037	0		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL);
6038			OUTPUT:
6039			RETVAL
6040
6041			long
6042			SSL_CTX_set_session_cache_mode(ctx,m)
6043			SSL_CTX * ctx
6044			long m
6045			CODE:
6046	6		RETVAL = SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL);
6047			OUTPUT:
6048			RETVAL
6049
6050			long
6051			SSL_CTX_set_tmp_dh(ctx,dh)
6052			SSL_CTX * ctx
6053			DH * dh
6054
6055			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6056			long
6057			SSL_CTX_set_tmp_rsa(ctx,rsa)
6058			SSL_CTX * ctx
6059			RSA * rsa
6060
6061			#endif
6062
6063			#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
6064
6065			EC_KEY *
6066			EC_KEY_new_by_curve_name(nid)
6067			int nid
6068
6069			void
6070			EC_KEY_free(key)
6071			EC_KEY * key
6072
6073			long
6074			SSL_CTX_set_tmp_ecdh(ctx,ecdh)
6075			SSL_CTX * ctx
6076			EC_KEY * ecdh
6077
6078			int
6079			EVP_PKEY_assign_EC_KEY(pkey,key)
6080			EVP_PKEY * pkey
6081			EC_KEY * key
6082
6083
6084			EC_KEY *
6085			EC_KEY_generate_key(curve)
6086			SV *curve;
6087			CODE:
6088	1		EC_GROUP *group = NULL;
6089	1		EC_KEY *eckey = NULL;
6090			int nid;
6091
6092	1		RETVAL = 0;
6093	1	50	if (SvIOK(curve)) {
6094	0	0	nid = SvIV(curve);
6095			} else {
6096	1	50	nid = OBJ_sn2nid(SvPV_nolen(curve));
6097			#if OPENSSL_VERSION_NUMBER > 0x10002000L
6098	1	50	if (!nid) nid = EC_curve_nist2nid(SvPV_nolen(curve));
		0
6099			#endif
6100	1	50	if (!nid) croak("unknown curve %s",SvPV_nolen(curve));
		0
6101			}
6102
6103	1		group = EC_GROUP_new_by_curve_name(nid);
6104	1	50	if (!group) croak("unknown curve nid=%d",nid);
6105	1		EC_GROUP_set_asn1_flag(group,OPENSSL_EC_NAMED_CURVE);
6106
6107	1		eckey = EC_KEY_new();
6108	1	50	if ( eckey
6109	1	50	&& EC_KEY_set_group(eckey, group)
6110	1	50	&& EC_KEY_generate_key(eckey)) {
6111	1		RETVAL = eckey;
6112			} else {
6113	0	0	if (eckey) EC_KEY_free(eckey);
6114			}
6115	1	50	if (group) EC_GROUP_free(group);
6116
6117			OUTPUT:
6118			RETVAL
6119
6120
6121			#ifdef SSL_CTRL_SET_ECDH_AUTO
6122
6123			long
6124			SSL_CTX_set_ecdh_auto(ctx,onoff)
6125			SSL_CTX * ctx
6126			int onoff
6127
6128			long
6129			SSL_set_ecdh_auto(ssl,onoff)
6130			SSL * ssl
6131			int onoff
6132
6133			#endif
6134
6135			#ifdef SSL_CTRL_SET_CURVES_LIST
6136
6137			long
6138			SSL_CTX_set1_curves_list(ctx,list)
6139			SSL_CTX * ctx
6140			char * list
6141
6142			long
6143			SSL_set1_curves_list(ssl,list)
6144			SSL * ssl
6145			char * list
6146
6147			#endif
6148
6149			#if SSL_CTRL_SET_GROUPS_LIST
6150
6151			long
6152			SSL_CTX_set1_groups_list(ctx,list)
6153			SSL_CTX * ctx
6154			char * list
6155
6156			long
6157			SSL_set1_groups_list(ssl,list)
6158			SSL * ssl
6159			char * list
6160
6161			#endif
6162
6163
6164
6165			#endif
6166
6167			void *
6168			SSL_get_app_data(s)
6169			SSL * s
6170			CODE:
6171	0		RETVAL = SSL_get_ex_data(s,0);
6172			OUTPUT:
6173			RETVAL
6174
6175			int
6176			SSL_get_cipher_bits(s,np=NULL)
6177			SSL * s
6178			int * np
6179			CODE:
6180	0		RETVAL = SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np);
6181			OUTPUT:
6182			RETVAL
6183
6184			long
6185			SSL_get_mode(ssl)
6186			SSL * ssl
6187			CODE:
6188	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL);
6189			OUTPUT:
6190			RETVAL
6191
6192			void
6193			SSL_set_state(ssl,state)
6194			SSL * ssl
6195			int state
6196			CODE:
6197			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
6198			/* not available */
6199			#elif defined(OPENSSL_NO_SSL_INTERN)
6200			SSL_set_state(ssl,state);
6201			#else
6202	0		ssl->state = state;
6203			#endif
6204
6205			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6206			long
6207			SSL_need_tmp_RSA(ssl)
6208			SSL * ssl
6209			CODE:
6210	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL);
6211			OUTPUT:
6212			RETVAL
6213
6214
6215			#endif
6216
6217			long
6218			SSL_num_renegotiations(ssl)
6219			SSL * ssl
6220			CODE:
6221	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL);
6222			OUTPUT:
6223			RETVAL
6224
6225			void *
6226			SSL_SESSION_get_app_data(ses)
6227			SSL_SESSION * ses
6228			CODE:
6229	0		RETVAL = SSL_SESSION_get_ex_data(ses,0);
6230			OUTPUT:
6231			RETVAL
6232
6233			long
6234			SSL_session_reused(ssl)
6235			SSL * ssl
6236
6237			int
6238			SSL_SESSION_set_app_data(s,a)
6239			SSL_SESSION * s
6240			void * a
6241			CODE:
6242	0		RETVAL = SSL_SESSION_set_ex_data(s,0,(char *)a);
6243			OUTPUT:
6244			RETVAL
6245
6246			int
6247			SSL_set_app_data(s,arg)
6248			SSL * s
6249			void * arg
6250			CODE:
6251	0		RETVAL = SSL_set_ex_data(s,0,(char *)arg);
6252			OUTPUT:
6253			RETVAL
6254
6255			long
6256			SSL_set_mode(ssl,op)
6257			SSL * ssl
6258			long op
6259			CODE:
6260	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL);
6261			OUTPUT:
6262			RETVAL
6263
6264			int
6265			SSL_set_pref_cipher(s,n)
6266			SSL * s
6267			const char * n
6268			CODE:
6269	0		RETVAL = SSL_set_cipher_list(s,n);
6270			OUTPUT:
6271			RETVAL
6272
6273			long
6274			SSL_set_tmp_dh(ssl,dh)
6275			SSL * ssl
6276			DH * dh
6277
6278			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6279			long
6280			SSL_set_tmp_rsa(ssl,rsa)
6281			SSL * ssl
6282			char * rsa
6283			CODE:
6284	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa);
6285			OUTPUT:
6286			RETVAL
6287
6288			#endif
6289
6290			BIGNUM *
6291			BN_dup(const BIGNUM *from)
6292
6293			void
6294			BN_clear(BIGNUM *bn)
6295
6296			void
6297			BN_clear_free(BIGNUM *bn)
6298
6299			void
6300			BN_free(BIGNUM *bn)
6301
6302			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6303
6304			RSA *
6305			RSA_generate_key(bits,ee,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6306			int bits
6307			unsigned long ee
6308			SV* perl_cb
6309			SV* perl_data
6310			PREINIT:
6311	8		simple_cb_data_t* cb_data = NULL;
6312			CODE:
6313			/* openssl 0.9.8 deprecated RSA_generate_key. */
6314			/* This equivalent was contributed by Brian Fraser for Android, */
6315			/* but was not portable to old OpenSSLs where RSA_generate_key_ex is not available. */
6316			/* It should now be more versatile. */
6317			/* as of openssl 1.1.0-pre1 it is not possible anymore to generate the BN_GENCB structure directly. */
6318			/* instead BN_EGNCB_new() has to be used. */
6319			int rc;
6320			RSA * ret;
6321			BIGNUM *e;
6322	8		e = BN_new();
6323	8	50	if(!e)
6324	0		croak("Net::SSLeay: RSA_generate_key perl function could not create BN structure.\n");
6325	8		BN_set_word(e, ee);
6326	8		cb_data = simple_cb_data_new(perl_cb, perl_data);
6327
6328	8		ret = RSA_new();
6329	8	50	if(!ret) {
6330	0		simple_cb_data_free(cb_data);
6331	0		BN_free(e);
6332	0		croak("Net::SSLeay: RSA_generate_key perl function could not create RSA structure.\n");
6333			}
6334			#if (OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6335			BN_GENCB *new_cb;
6336			new_cb = BN_GENCB_new();
6337			if(!new_cb) {
6338			simple_cb_data_free(cb_data);
6339			BN_free(e);
6340			RSA_free(ret);
6341			croak("Net::SSLeay: RSA_generate_key perl function could not create BN_GENCB structure.\n");
6342			}
6343			BN_GENCB_set_old(new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6344			rc = RSA_generate_key_ex(ret, bits, e, new_cb);
6345			BN_GENCB_free(new_cb);
6346			#else
6347			BN_GENCB new_cb;
6348	8		BN_GENCB_set_old(&new_cb, ssleay_RSA_generate_key_cb_invoke, cb_data);
6349	8		rc = RSA_generate_key_ex(ret, bits, e, &new_cb);
6350			#endif
6351	7		simple_cb_data_free(cb_data);
6352	7		BN_free(e);
6353	7	50	if (rc == -1 \|\| ret == NULL) {
		50
6354	0	0	if (ret) RSA_free(ret);
6355	0		croak("Net::SSLeay: Couldn't generate RSA key");
6356			}
6357	7		e = NULL;
6358	7		RETVAL = ret;
6359			OUTPUT:
6360			RETVAL
6361
6362			#else
6363
6364			RSA *
6365			RSA_generate_key(bits,e,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6366			int bits
6367			unsigned long e
6368			SV* perl_cb
6369			SV* perl_data
6370			PREINIT:
6371			simple_cb_data_t* cb = NULL;
6372			CODE:
6373			cb = simple_cb_data_new(perl_cb, perl_data);
6374			RETVAL = RSA_generate_key(bits, e, ssleay_RSA_generate_key_cb_invoke, cb);
6375			simple_cb_data_free(cb);
6376			OUTPUT:
6377			RETVAL
6378
6379			#endif
6380
6381			void
6382			RSA_get_key_parameters(rsa)
6383			RSA * rsa
6384			PREINIT:
6385			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6386			const BIGNUM n, e, *d;
6387			const BIGNUM p, q;
6388			const BIGNUM dmp1, dmq1, *iqmp;
6389			#endif
6390			PPCODE:
6391			{
6392			#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL)) \|\| (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
6393			RSA_get0_key(rsa, &n, &e, &d);
6394			RSA_get0_factors(rsa, &p, &q);
6395			RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
6396			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6397			XPUSHs(bn2sv(n));
6398			XPUSHs(bn2sv(e));
6399			XPUSHs(bn2sv(d));
6400			XPUSHs(bn2sv(p));
6401			XPUSHs(bn2sv(q));
6402			XPUSHs(bn2sv(dmp1));
6403			XPUSHs(bn2sv(dmq1));
6404			XPUSHs(bn2sv(iqmp));
6405			#else
6406			/* Caution: returned list consists of SV pointers to BIGNUMs, which would need to be blessed as Crypt::OpenSSL::Bignum for further use */
6407	1	50	XPUSHs(bn2sv(rsa->n));
6408	1	50	XPUSHs(bn2sv(rsa->e));
6409	1	50	XPUSHs(bn2sv(rsa->d));
6410	1	50	XPUSHs(bn2sv(rsa->p));
6411	1	50	XPUSHs(bn2sv(rsa->q));
6412	1	50	XPUSHs(bn2sv(rsa->dmp1));
6413	1	50	XPUSHs(bn2sv(rsa->dmq1));
6414	1	50	XPUSHs(bn2sv(rsa->iqmp));
6415			#endif
6416			}
6417
6418			void
6419			RSA_free(r)
6420			RSA * r
6421
6422			X509 *
6423			X509_new()
6424
6425			void
6426			X509_free(a)
6427			X509 * a
6428
6429			X509_CRL *
6430			d2i_X509_CRL_bio(BIO bp,void unused=NULL)
6431
6432			X509_REQ *
6433			d2i_X509_REQ_bio(BIO bp,void unused=NULL)
6434
6435			X509 *
6436			d2i_X509_bio(BIO bp,void unused=NULL)
6437
6438			DH *
6439			PEM_read_bio_DHparams(bio,x=NULL,cb=NULL,u=NULL)
6440			BIO * bio
6441			void * x
6442			pem_password_cb * cb
6443			void * u
6444
6445			X509_CRL *
6446			PEM_read_bio_X509_CRL(bio,x=NULL,cb=NULL,u=NULL)
6447			BIO * bio
6448			void * x
6449			pem_password_cb * cb
6450			void * u
6451
6452			X509 *
6453			PEM_read_bio_X509(BIO bio,void x=NULL,void cb=NULL,void u=NULL)
6454
6455			STACK_OF(X509_INFO) *
6456			PEM_X509_INFO_read_bio(bio, stack=NULL, cb=NULL, u=NULL)
6457			BIO * bio
6458			STACK_OF(X509_INFO) * stack
6459			pem_password_cb * cb
6460			void * u
6461
6462			int
6463			sk_X509_INFO_num(stack)
6464			STACK_OF(X509_INFO) * stack
6465
6466			X509_INFO *
6467			sk_X509_INFO_value(stack, index)
6468			const STACK_OF(X509_INFO) * stack
6469			int index
6470
6471			void
6472			sk_X509_INFO_free(stack)
6473			STACK_OF(X509_INFO) * stack
6474
6475			STACK_OF(X509) *
6476			sk_X509_new_null()
6477
6478			void
6479			sk_X509_free(stack)
6480			STACK_OF(X509) * stack
6481
6482			int
6483			sk_X509_push(stack, data)
6484			STACK_OF(X509) * stack
6485			X509 * data
6486
6487			X509 *
6488			sk_X509_pop(stack)
6489			STACK_OF(X509) * stack
6490
6491			X509 *
6492			sk_X509_shift(stack)
6493			STACK_OF(X509) * stack
6494
6495			int
6496			sk_X509_unshift(stack,x509)
6497			STACK_OF(X509) * stack
6498			X509 * x509
6499
6500			int
6501			sk_X509_insert(stack,x509,index)
6502			STACK_OF(X509) * stack
6503			X509 * x509
6504			int index
6505
6506			X509 *
6507			sk_X509_delete(stack,index)
6508			STACK_OF(X509) * stack
6509			int index
6510
6511			X509 *
6512			sk_X509_value(stack,index)
6513			STACK_OF(X509) * stack
6514			int index
6515
6516			int
6517			sk_X509_num(stack)
6518			STACK_OF(X509) * stack
6519
6520			X509 *
6521			P_X509_INFO_get_x509(info)
6522			X509_INFO * info
6523			CODE:
6524	3		RETVAL = info->x509;
6525			OUTPUT:
6526			RETVAL
6527
6528			X509_REQ *
6529			PEM_read_bio_X509_REQ(BIO bio,void x=NULL,pem_password_cb cb=NULL,void u=NULL)
6530
6531			EVP_PKEY *
6532			PEM_read_bio_PrivateKey(bio,perl_cb=&PL_sv_undef,perl_data=&PL_sv_undef)
6533			BIO *bio
6534			SV* perl_cb
6535			SV* perl_data
6536			PREINIT:
6537	8		simple_cb_data_t* cb = NULL;
6538			CODE:
6539	8		RETVAL = 0;
6540	8	100	if (SvOK(perl_cb)) {
		50
		50
6541			/* setup our callback */
6542	2		cb = simple_cb_data_new(perl_cb, perl_data);
6543	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, pem_password_cb_invoke, (void*)cb);
6544	2		simple_cb_data_free(cb);
6545			}
6546	6	50	else if (!SvOK(perl_cb) && SvOK(perl_data) && SvPOK(perl_data)) {
		50
		50
		100
		50
		50
		50
6547			/* use perl_data as the password */
6548	2		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, SvPVX(perl_data));
6549			}
6550	4	50	else if (!SvOK(perl_cb) && !SvOK(perl_data)) {
		50
		50
		50
		50
		50
6551			/* will trigger default password callback */
6552	4		RETVAL = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
6553			}
6554			OUTPUT:
6555			RETVAL
6556
6557			void
6558			DH_free(dh)
6559			DH * dh
6560
6561			long
6562			SSL_total_renegotiations(ssl)
6563			SSL * ssl
6564			CODE:
6565	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL);
6566			OUTPUT:
6567			RETVAL
6568
6569			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6570			void
6571			SSL_SESSION_get_master_key(s)
6572			SSL_SESSION * s
6573			PREINIT:
6574			size_t master_key_length;
6575			unsigned char* master_key;
6576			CODE:
6577			ST(0) = sv_newmortal(); /* Undefined to start with */
6578			master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
6579			New(0, master_key, master_key_length, unsigned char);
6580			SSL_SESSION_get_master_key(s, master_key, master_key_length);
6581			sv_setpvn(ST(0), (const char*)master_key, master_key_length);
6582			Safefree(master_key);
6583
6584			#else
6585			void
6586			SSL_SESSION_get_master_key(s)
6587			SSL_SESSION * s
6588			CODE:
6589	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6590	0		sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
6591
6592			#endif
6593
6594			#if OPENSSL_VERSION_NUMBER < 0x10100000L
6595
6596			void
6597			SSL_SESSION_set_master_key(s,key)
6598			SSL_SESSION * s
6599			PREINIT:
6600			STRLEN len;
6601			INPUT:
6602			char * key = SvPV(ST(1), len);
6603			CODE:
6604	0		memcpy(s->master_key, key, len);
6605	0		s->master_key_length = len;
6606
6607			#endif
6608
6609			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6610
6611			void
6612			SSL_get_client_random(s)
6613			SSL * s
6614			PREINIT:
6615			size_t random_length;
6616			unsigned char* random_data;
6617			CODE:
6618			ST(0) = sv_newmortal(); /* Undefined to start with */
6619			random_length = SSL_get_client_random(s, 0, 0); /* get the length */
6620			New(0, random_data, random_length, unsigned char);
6621			SSL_get_client_random(s, random_data, random_length);
6622			sv_setpvn(ST(0), (const char*)random_data, random_length);
6623			Safefree(random_data);
6624
6625			#else
6626
6627			void
6628			SSL_get_client_random(s)
6629			SSL * s
6630			CODE:
6631	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6632	0		sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
6633
6634			#endif
6635
6636			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6637
6638			void
6639			SSL_get_server_random(s)
6640			SSL * s
6641			PREINIT:
6642			size_t random_length;
6643			unsigned char* random_data;
6644			CODE:
6645			ST(0) = sv_newmortal(); /* Undefined to start with */
6646			random_length = SSL_get_server_random(s, 0, 0); /* get the length */
6647			New(0, random_data, random_length, unsigned char);
6648			SSL_get_server_random(s, random_data, random_length);
6649			sv_setpvn(ST(0), (const char*)random_data, random_length);
6650			Safefree(random_data);
6651
6652			#else
6653
6654			void
6655			SSL_get_server_random(s)
6656			SSL * s
6657			CODE:
6658	0		ST(0) = sv_newmortal(); /* Undefined to start with */
6659	0		sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
6660
6661			#endif
6662
6663			int
6664			SSL_get_keyblock_size(s)
6665			SSL * s
6666			CODE:
6667			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
6668			const SSL_CIPHER *ssl_cipher;
6669			int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
6670			const EVP_CIPHER *c = NULL;
6671			const EVP_MD *h = NULL;
6672
6673			ssl_cipher = SSL_get_current_cipher(s);
6674			if (ssl_cipher)
6675			cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
6676			if (cipher != NID_undef)
6677			c = EVP_get_cipherbynid(cipher);
6678
6679			if (ssl_cipher)
6680			digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
6681			if (digest != NID_undef) /* No digest if e.g., AEAD cipher */
6682			h = EVP_get_digestbynid(digest);
6683			if (h)
6684			mac_secret_size = EVP_MD_size(h);
6685
6686			RETVAL = -1;
6687			if (c)
6688			RETVAL = 2 * (EVP_CIPHER_key_length(c) + mac_secret_size +
6689			EVP_CIPHER_iv_length(c));
6690			#else
6691	1	50	if (s == NULL \|\|
		50
6692	1	50	s->enc_read_ctx == NULL \|\|
6693	1	50	s->enc_read_ctx->cipher == NULL \|\|
6694	1		s->read_hash == NULL)
6695			{
6696	0		RETVAL = -1;
6697			}
6698			else
6699			{
6700			const EVP_CIPHER *c;
6701			const EVP_MD *h;
6702	1		int md_size = -1;
6703	1		c = s->enc_read_ctx->cipher;
6704			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
6705	1		h = NULL;
6706	1	50	if (s->s3)
6707	1		md_size = s->s3->tmp.new_mac_secret_size;
6708			#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
6709			h = EVP_MD_CTX_md(s->read_hash);
6710			md_size = EVP_MD_size(h);
6711			#else
6712			h = s->read_hash;
6713			md_size = EVP_MD_size(h);
6714			#endif
6715			/* No digest if e.g., AEAD cipher */
6716	2		RETVAL = (md_size >= 0) ? (2 * (EVP_CIPHER_key_length(c) +
6717	1		md_size +
6718	1		EVP_CIPHER_iv_length(c)))
6719	2	50	: -1;
6720			}
6721			#endif
6722
6723			OUTPUT:
6724			RETVAL
6725
6726
6727
6728			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION)
6729			int
6730			SSL_set_hello_extension(s, type, data)
6731			SSL * s
6732			int type
6733			PREINIT:
6734			STRLEN len;
6735			INPUT:
6736			char * data = SvPV( ST(2), len);
6737			CODE:
6738			RETVAL = SSL_set_hello_extension(s, type, data, len);
6739			OUTPUT:
6740			RETVAL
6741
6742			#endif
6743
6744			#if defined(SSL_F_SSL_SET_HELLO_EXTENSION) \|\| defined(SSL_F_SSL_SET_SESSION_TICKET_EXT)
6745
6746			void
6747			SSL_set_session_secret_cb(s,callback=&PL_sv_undef,data=&PL_sv_undef)
6748			SSL * s
6749			SV * callback
6750			SV * data
6751			CODE:
6752	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6753	0		SSL_set_session_secret_cb(s, NULL, NULL);
6754	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", NULL);
6755	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", NULL);
6756			}
6757			else {
6758	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
6759	0		cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
6760	0		SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
6761			}
6762
6763			#endif
6764
6765			#ifdef NET_SSLEAY_CAN_PSK_CLIENT_CALLBACK
6766
6767			void
6768			SSL_set_psk_client_callback(s,callback=&PL_sv_undef)
6769			SSL * s
6770			SV * callback
6771			CODE:
6772	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6773	0		SSL_set_psk_client_callback(s, NULL);
6774	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", NULL);
6775			}
6776			else {
6777	0		cb_data_advanced_put(s, "ssleay_set_psk_client_callback!!func", newSVsv(callback));
6778	0		SSL_set_psk_client_callback(s, ssleay_set_psk_client_callback_invoke);
6779			}
6780
6781			void
6782			SSL_CTX_set_psk_client_callback(ctx,callback=&PL_sv_undef)
6783			SSL_CTX * ctx
6784			SV * callback
6785			CODE:
6786	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
6787	0		SSL_CTX_set_psk_client_callback(ctx, NULL);
6788	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", NULL);
6789			}
6790			else {
6791	0		cb_data_advanced_put(ctx, "ssleay_ctx_set_psk_client_callback!!func", newSVsv(callback));
6792	0		SSL_CTX_set_psk_client_callback(ctx, ssleay_ctx_set_psk_client_callback_invoke);
6793			}
6794
6795			#endif
6796
6797			#ifdef NET_SSLEAY_CAN_TICKET_KEY_CB
6798
6799			void
6800			SSL_CTX_set_tlsext_ticket_getkey_cb(ctx,callback=&PL_sv_undef,data=&PL_sv_undef)
6801			SSL_CTX * ctx
6802			SV * callback
6803			SV * data
6804			CODE:
6805	3	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
6806	0		SSL_CTX_set_tlsext_ticket_key_cb(ctx, NULL);
6807	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", NULL);
6808	0		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", NULL);
6809			}
6810			else {
6811	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!func", newSVsv(callback));
6812	3		cb_data_advanced_put(ctx, "tlsext_ticket_key_cb!!data", newSVsv(data));
6813	3		SSL_CTX_set_tlsext_ticket_key_cb(ctx, &tlsext_ticket_key_cb_invoke);
6814			}
6815
6816
6817			#endif
6818
6819
6820			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
6821			#define REM11 "NOTE: before 0.9.7"
6822
6823			int EVP_add_digest(EVP_MD *digest)
6824
6825			#else
6826
6827			int EVP_add_digest(const EVP_MD *digest)
6828
6829			#endif
6830
6831			#ifndef OPENSSL_NO_SHA
6832
6833			const EVP_MD *EVP_sha1()
6834
6835			#endif
6836			#if !defined(OPENSSL_NO_SHA256) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6837
6838			const EVP_MD *EVP_sha256()
6839
6840			#endif
6841			#if !defined(OPENSSL_NO_SHA512) && OPENSSL_VERSION_NUMBER >= 0x0090800fL
6842
6843			const EVP_MD *EVP_sha512()
6844
6845			#endif
6846			void OpenSSL_add_all_digests()
6847
6848			const EVP_MD * EVP_get_digestbyname(const char *name)
6849
6850			int EVP_MD_type(const EVP_MD *md)
6851
6852			int EVP_MD_size(const EVP_MD *md)
6853
6854			#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
6855
6856			SV*
6857			P_EVP_MD_list_all()
6858			INIT:
6859			AV * results;
6860			CODE:
6861	2		results = (AV )sv_2mortal((SV )newAV());
6862	2		EVP_MD_do_all_sorted(handler_list_md_fn, results);
6863	2		RETVAL = newRV((SV *)results);
6864			OUTPUT:
6865			RETVAL
6866
6867			#endif
6868
6869			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6870			#define REM16 "NOTE: requires 0.9.7+"
6871
6872			const EVP_MD EVP_MD_CTX_md(const EVP_MD_CTX ctx)
6873
6874			EVP_MD_CTX *EVP_MD_CTX_create()
6875
6876			int EVP_DigestInit(EVP_MD_CTX ctx, const EVP_MD type)
6877
6878			int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
6879
6880			void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
6881
6882			void
6883			EVP_DigestUpdate(ctx,data)
6884			PREINIT:
6885			STRLEN len;
6886			INPUT:
6887			EVP_MD_CTX ctx = INT2PTR(EVP_MD_CTX , SvIV(ST(0)));
6888			unsigned char data = (unsigned char ) SvPV(ST(1), len);
6889			CODE:
6890	9138		XSRETURN_IV(EVP_DigestUpdate(ctx,data,len));
6891
6892			void
6893			EVP_DigestFinal(ctx)
6894			EVP_MD_CTX *ctx
6895			INIT:
6896			unsigned char md[EVP_MAX_MD_SIZE];
6897			unsigned int md_size;
6898			CODE:
6899	57	50	if (EVP_DigestFinal(ctx,md,&md_size))
6900	57		XSRETURN_PVN((char *)md, md_size);
6901			else
6902	57		XSRETURN_UNDEF;
6903
6904			void
6905			EVP_DigestFinal_ex(ctx)
6906			EVP_MD_CTX *ctx
6907			INIT:
6908			unsigned char md[EVP_MAX_MD_SIZE];
6909			unsigned int md_size;
6910			CODE:
6911	9	50	if (EVP_DigestFinal_ex(ctx,md,&md_size))
6912	9		XSRETURN_PVN((char *)md, md_size);
6913			else
6914	9		XSRETURN_UNDEF;
6915
6916			void
6917			EVP_Digest(...)
6918			PREINIT:
6919			STRLEN len;
6920			unsigned char md[EVP_MAX_MD_SIZE];
6921			unsigned int md_size;
6922			INPUT:
6923			unsigned char data = (unsigned char ) SvPV(ST(0), len);
6924			EVP_MD type = INT2PTR(EVP_MD , SvIV(ST(1)));
6925			ENGINE impl = (items>2 && SvOK(ST(2))) ? INT2PTR(ENGINE , SvIV(ST(2))) : NULL;
6926			CODE:
6927	48	50	if (EVP_Digest(data,len,md,&md_size,type,impl))
6928	48		XSRETURN_PVN((char *)md, md_size);
6929			else
6930	48		XSRETURN_UNDEF;
6931
6932			#endif
6933
6934			const EVP_CIPHER *
6935			EVP_get_cipherbyname(const char *name)
6936
6937			void
6938			OpenSSL_add_all_algorithms()
6939
6940			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
6941
6942			void
6943			OPENSSL_add_all_algorithms_noconf()
6944
6945			void
6946			OPENSSL_add_all_algorithms_conf()
6947
6948			#endif
6949
6950			#if OPENSSL_VERSION_NUMBER >= 0x10000003L
6951
6952			int
6953			SSL_CTX_set1_param(ctx, vpm)
6954			SSL_CTX * ctx
6955			X509_VERIFY_PARAM *vpm
6956
6957			int
6958			SSL_set1_param(ctx, vpm)
6959			SSL * ctx
6960			X509_VERIFY_PARAM *vpm
6961
6962			#endif
6963
6964			#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
6965
6966			X509_VERIFY_PARAM *
6967			X509_VERIFY_PARAM_new()
6968
6969			void
6970			X509_VERIFY_PARAM_free(param)
6971			X509_VERIFY_PARAM *param
6972
6973			int
6974			X509_VERIFY_PARAM_inherit(to, from)
6975			X509_VERIFY_PARAM *to
6976			X509_VERIFY_PARAM *from
6977
6978			int
6979			X509_VERIFY_PARAM_set1(to, from)
6980			X509_VERIFY_PARAM *to
6981			X509_VERIFY_PARAM *from
6982
6983			int
6984			X509_VERIFY_PARAM_set1_name(param, name)
6985			X509_VERIFY_PARAM *param
6986			const char *name
6987
6988			int
6989			X509_VERIFY_PARAM_set_flags(param, flags)
6990			X509_VERIFY_PARAM *param
6991			unsigned long flags
6992
6993			#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
6994			#define REM13 "NOTE: requires 0.9.8a+"
6995
6996			int
6997			X509_VERIFY_PARAM_clear_flags(param, flags)
6998			X509_VERIFY_PARAM *param
6999			unsigned long flags
7000
7001			unsigned long
7002			X509_VERIFY_PARAM_get_flags(param)
7003			X509_VERIFY_PARAM *param
7004
7005			#endif
7006
7007			int
7008			X509_VERIFY_PARAM_set_purpose(param, purpose)
7009			X509_VERIFY_PARAM *param
7010			int purpose
7011
7012			int
7013			X509_VERIFY_PARAM_set_trust(param, trust)
7014			X509_VERIFY_PARAM *param
7015			int trust
7016
7017			void
7018			X509_VERIFY_PARAM_set_depth(param, depth)
7019			X509_VERIFY_PARAM *param
7020			int depth
7021
7022			void
7023			X509_VERIFY_PARAM_set_time(param, t)
7024			X509_VERIFY_PARAM *param
7025			time_t t
7026
7027			int
7028			X509_VERIFY_PARAM_add0_policy(param, policy)
7029			X509_VERIFY_PARAM *param
7030			ASN1_OBJECT *policy
7031
7032			int
7033			X509_VERIFY_PARAM_set1_policies(param, policies)
7034			X509_VERIFY_PARAM *param
7035			STACK_OF(ASN1_OBJECT) *policies
7036
7037			int
7038			X509_VERIFY_PARAM_get_depth(param)
7039			X509_VERIFY_PARAM *param
7040
7041			int
7042			X509_VERIFY_PARAM_add0_table(param)
7043			X509_VERIFY_PARAM *param
7044
7045			const X509_VERIFY_PARAM *
7046			X509_VERIFY_PARAM_lookup(name)
7047			const char *name
7048
7049			void
7050			X509_VERIFY_PARAM_table_cleanup()
7051
7052			#if (OPENSSL_VERSION_NUMBER >= 0x10002001L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7053
7054			X509_VERIFY_PARAM *
7055			SSL_CTX_get0_param(ctx)
7056			SSL_CTX * ctx
7057
7058			X509_VERIFY_PARAM *
7059			SSL_get0_param(ssl)
7060			SSL * ssl
7061
7062			int
7063			X509_VERIFY_PARAM_set1_host(param, name)
7064			X509_VERIFY_PARAM *param
7065			PREINIT:
7066			STRLEN namelen;
7067			INPUT:
7068			const char * name = SvPV(ST(1), namelen);
7069			CODE:
7070	2		RETVAL = X509_VERIFY_PARAM_set1_host(param, name, namelen);
7071			OUTPUT:
7072			RETVAL
7073
7074			int
7075			X509_VERIFY_PARAM_set1_email(param, email)
7076			X509_VERIFY_PARAM *param
7077			PREINIT:
7078			STRLEN emaillen;
7079			INPUT:
7080			const char * email = SvPV(ST(1), emaillen);
7081			CODE:
7082	2		RETVAL = X509_VERIFY_PARAM_set1_email(param, email, emaillen);
7083			OUTPUT:
7084			RETVAL
7085
7086			int
7087			X509_VERIFY_PARAM_set1_ip(param, ip)
7088			X509_VERIFY_PARAM *param
7089			PREINIT:
7090			STRLEN iplen;
7091			INPUT:
7092			const unsigned char * ip = (const unsigned char *)SvPV(ST(1), iplen);
7093			CODE:
7094	6		RETVAL = X509_VERIFY_PARAM_set1_ip(param, ip, iplen);
7095			OUTPUT:
7096			RETVAL
7097
7098			int
7099			X509_VERIFY_PARAM_set1_ip_asc(param, ipasc)
7100			X509_VERIFY_PARAM *param
7101			const char *ipasc
7102
7103			#endif /* OpenSSL 1.0.2-beta1, LibreSSL 2.7.0 */
7104
7105			#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7106
7107			int
7108			X509_VERIFY_PARAM_add1_host(param, name)
7109			X509_VERIFY_PARAM *param
7110			PREINIT:
7111			STRLEN namelen;
7112			INPUT:
7113			const char * name = SvPV(ST(1), namelen);
7114			CODE:
7115	1		RETVAL = X509_VERIFY_PARAM_add1_host(param, name, namelen);
7116			OUTPUT:
7117			RETVAL
7118
7119			void
7120			X509_VERIFY_PARAM_set_hostflags(param, flags)
7121			X509_VERIFY_PARAM *param
7122			unsigned int flags
7123
7124			char *
7125			X509_VERIFY_PARAM_get0_peername(param)
7126			X509_VERIFY_PARAM *param
7127
7128			#endif /* OpenSSL 1.0.2-beta2, LibreSSL 2.7.0 */
7129
7130			void
7131			X509_policy_tree_free(tree)
7132			X509_POLICY_TREE *tree
7133
7134			int
7135			X509_policy_tree_level_count(tree)
7136			X509_POLICY_TREE *tree
7137
7138			X509_POLICY_LEVEL *
7139			X509_policy_tree_get0_level(tree, i)
7140			X509_POLICY_TREE *tree
7141			int i
7142
7143			STACK_OF(X509_POLICY_NODE) *
7144			X509_policy_tree_get0_policies(tree)
7145			X509_POLICY_TREE *tree
7146
7147			STACK_OF(X509_POLICY_NODE) *
7148			X509_policy_tree_get0_user_policies(tree)
7149			X509_POLICY_TREE *tree
7150
7151			int
7152			X509_policy_level_node_count(level)
7153			X509_POLICY_LEVEL *level
7154
7155			X509_POLICY_NODE *
7156			X509_policy_level_get0_node(level, i)
7157			X509_POLICY_LEVEL *level
7158			int i
7159
7160			const ASN1_OBJECT *
7161			X509_policy_node_get0_policy(node)
7162			const X509_POLICY_NODE *node
7163
7164			STACK_OF(POLICYQUALINFO) *
7165			X509_policy_node_get0_qualifiers(node)
7166			X509_POLICY_NODE *node
7167
7168			const X509_POLICY_NODE *
7169			X509_policy_node_get0_parent(node)
7170			const X509_POLICY_NODE *node
7171
7172			#endif
7173
7174			ASN1_OBJECT *
7175			OBJ_dup(o)
7176			ASN1_OBJECT *o
7177
7178			ASN1_OBJECT *
7179			OBJ_nid2obj(n)
7180			int n
7181
7182			const char *
7183			OBJ_nid2ln(n)
7184			int n
7185
7186			const char *
7187			OBJ_nid2sn(n)
7188			int n
7189
7190			int
7191			OBJ_obj2nid(o)
7192			ASN1_OBJECT *o
7193
7194			ASN1_OBJECT *
7195			OBJ_txt2obj(s, no_name=0)
7196			const char *s
7197			int no_name
7198
7199			void
7200			OBJ_obj2txt(a, no_name=0)
7201			ASN1_OBJECT *a
7202			int no_name
7203			PREINIT:
7204			char buf[100]; /* openssl doc: a buffer length of 80 should be more than enough to handle any OID encountered in practice */
7205			int len;
7206			CODE:
7207	73		len = OBJ_obj2txt(buf, sizeof(buf), a, no_name);
7208	73		ST(0) = sv_newmortal();
7209	73		sv_setpvn(ST(0), buf, len);
7210
7211			#if OPENSSL_VERSION_NUMBER < 0x0090700fL
7212			#define REM14 "NOTE: before 0.9.7"
7213
7214			int
7215			OBJ_txt2nid(s)
7216			char *s
7217
7218			#else
7219
7220			int
7221			OBJ_txt2nid(s)
7222			const char *s
7223
7224			#endif
7225
7226			int
7227			OBJ_ln2nid(s)
7228			const char *s
7229
7230			int
7231			OBJ_sn2nid(s)
7232			const char *s
7233
7234			int
7235			OBJ_cmp(a, b)
7236			ASN1_OBJECT *a
7237			ASN1_OBJECT *b
7238
7239			#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
7240
7241			void
7242			X509_pubkey_digest(data,type)
7243			const X509 *data
7244			const EVP_MD *type
7245			PREINIT:
7246			unsigned char md[EVP_MAX_MD_SIZE];
7247			unsigned int md_size;
7248			PPCODE:
7249	4	50	if (X509_pubkey_digest(data,type,md,&md_size))
7250	4		XSRETURN_PVN((char *)md, md_size);
7251			else
7252	4		XSRETURN_UNDEF;
7253
7254			#endif
7255
7256			void
7257			X509_digest(data,type)
7258			const X509 *data
7259			const EVP_MD *type
7260			PREINIT:
7261			unsigned char md[EVP_MAX_MD_SIZE];
7262			unsigned int md_size;
7263			PPCODE:
7264	4	50	if (X509_digest(data,type,md,&md_size))
7265	4		XSRETURN_PVN((char *)md, md_size);
7266	4		XSRETURN_UNDEF;
7267
7268			void
7269			X509_CRL_digest(data,type)
7270			const X509_CRL *data
7271			const EVP_MD *type
7272			PREINIT:
7273			unsigned char md[EVP_MAX_MD_SIZE];
7274			unsigned int md_size;
7275			PPCODE:
7276	1	50	if (X509_CRL_digest(data,type,md,&md_size))
7277	1		XSRETURN_PVN((char *)md, md_size);
7278	1		XSRETURN_UNDEF;
7279
7280			void
7281			X509_REQ_digest(data,type)
7282			const X509_REQ *data
7283			const EVP_MD *type
7284			PREINIT:
7285			unsigned char md[EVP_MAX_MD_SIZE];
7286			unsigned int md_size;
7287			PPCODE:
7288	1	50	if (X509_REQ_digest(data,type,md,&md_size))
7289	1		XSRETURN_PVN((char *)md, md_size);
7290	1		XSRETURN_UNDEF;
7291
7292			void
7293			X509_NAME_digest(data,type)
7294			const X509_NAME *data
7295			const EVP_MD *type
7296			PREINIT:
7297			unsigned char md[EVP_MAX_MD_SIZE];
7298			unsigned int md_size;
7299			PPCODE:
7300	0	0	if (X509_NAME_digest(data,type,md,&md_size))
7301	0		XSRETURN_PVN((char *)md, md_size);
7302	0		XSRETURN_UNDEF;
7303
7304			unsigned long
7305			X509_subject_name_hash(X509 *x)
7306
7307			unsigned long
7308			X509_issuer_name_hash(X509 *a)
7309
7310			unsigned long
7311			X509_issuer_and_serial_hash(X509 *a)
7312
7313			ASN1_OBJECT *
7314			P_X509_get_signature_alg(x)
7315			X509 * x
7316			CODE:
7317			#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7318			RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
7319			#else
7320	4		RETVAL = (x->cert_info->signature->algorithm);
7321			#endif
7322			OUTPUT:
7323			RETVAL
7324
7325			ASN1_OBJECT *
7326			P_X509_get_pubkey_alg(x)
7327			X509 * x
7328			PREINIT:
7329			CODE:
7330			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7331			{
7332			X509_ALGOR * algor;
7333			X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
7334			RETVAL = (algor->algorithm);
7335			}
7336			#else
7337	4		RETVAL = (x->cert_info->key->algor->algorithm);
7338			#endif
7339			OUTPUT:
7340			RETVAL
7341
7342			void
7343			X509_get_X509_PUBKEY(x)
7344			const X509 *x
7345			PPCODE:
7346			X509_PUBKEY *pkey;
7347			STRLEN len;
7348			unsigned char pc, pi;
7349	1	50	if (!(pkey = X509_get_X509_PUBKEY(x))) croak("invalid certificate");
7350	1	50	if (!(len = i2d_X509_PUBKEY(pkey, NULL))) croak("invalid certificate public key");
7351	1		Newx(pc,len,unsigned char);
7352	1	50	if (!pc) croak("out of memory");
7353	1		pi = pc;
7354	1		i2d_X509_PUBKEY(pkey, &pi);
7355	1	50	if (pi-pc != len) croak("invalid encoded length");
7356	1	50	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7357	1		Safefree(pc);
7358
7359			#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) && !defined(LIBRESSL_VERSION_NUMBER)
7360
7361			int
7362			SSL_CTX_set_next_protos_advertised_cb(ctx,callback,data=&PL_sv_undef)
7363			SSL_CTX * ctx
7364			SV * callback
7365			SV * data
7366			CODE:
7367	1		RETVAL = 1;
7368	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7369	0		SSL_CTX_set_next_protos_advertised_cb(ctx, NULL, NULL);
7370	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7371	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", NULL);
7372			PR1("SSL_CTX_set_next_protos_advertised_cb - undef\n");
7373			}
7374	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7375			/* callback param array ref like ['proto1','proto2'] */
7376	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", NULL);
7377	1		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(callback));
7378	1		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7379			PR2("SSL_CTX_set_next_protos_advertised_cb - simple ctx=%p\n",ctx);
7380			}
7381	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7382	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!func", newSVsv(callback));
7383	0		cb_data_advanced_put(ctx, "next_protos_advertised_cb!!data", newSVsv(data));
7384	0		SSL_CTX_set_next_protos_advertised_cb(ctx, next_protos_advertised_cb_invoke, ctx);
7385			PR2("SSL_CTX_set_next_protos_advertised_cb - advanced ctx=%p\n",ctx);
7386			}
7387			else {
7388	0		RETVAL = 0;
7389			}
7390			OUTPUT:
7391			RETVAL
7392
7393			int
7394			SSL_CTX_set_next_proto_select_cb(ctx,callback,data=&PL_sv_undef)
7395			SSL_CTX * ctx
7396			SV * callback
7397			SV * data
7398			CODE:
7399	1		RETVAL = 1;
7400	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7401	0		SSL_CTX_set_next_proto_select_cb(ctx, NULL, NULL);
7402	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7403	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", NULL);
7404			PR1("SSL_CTX_set_next_proto_select_cb - undef\n");
7405			}
7406	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7407			/* callback param array ref like ['proto1','proto2'] */
7408	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", NULL);
7409	1		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(callback));
7410	1		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7411			PR2("SSL_CTX_set_next_proto_select_cb - simple ctx=%p\n",ctx);
7412			}
7413	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7414	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!func", newSVsv(callback));
7415	0		cb_data_advanced_put(ctx, "next_proto_select_cb!!data", newSVsv(data));
7416	0		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_select_cb_invoke, ctx);
7417			PR2("SSL_CTX_set_next_proto_select_cb - advanced ctx=%p\n",ctx);
7418			}
7419			else {
7420	0		RETVAL = 0;
7421			}
7422			OUTPUT:
7423			RETVAL
7424
7425			void
7426			P_next_proto_negotiated(s)
7427			const SSL *s
7428			PREINIT:
7429			const unsigned char *data;
7430			unsigned int len;
7431			PPCODE:
7432	2		SSL_get0_next_proto_negotiated(s, &data, &len);
7433	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7434
7435			void
7436			P_next_proto_last_status(s)
7437			const SSL *s
7438			PPCODE:
7439	1	50	XPUSHs(sv_2mortal(newSVsv(cb_data_advanced_get((void*)s, "next_proto_select_cb!!last_status"))));
7440
7441			#endif
7442
7443			#if OPENSSL_VERSION_NUMBER >= 0x10000000L
7444
7445			#if !defined(OPENSSL_NO_TLSEXT)
7446
7447			int
7448			SSL_set_tlsext_status_type(SSL *ssl,int cmd)
7449
7450			long
7451			SSL_set_tlsext_status_ocsp_resp(ssl,staple)
7452			SSL * ssl
7453			PREINIT:
7454			char * p;
7455			STRLEN staplelen;
7456			INPUT:
7457			char * staple = SvPV( ST(1), staplelen);
7458			CODE:
7459			/* OpenSSL will free the memory */
7460	0		New(0, p, staplelen, char);
7461	0		memcpy(p, staple, staplelen);
7462	0		RETVAL = SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,staplelen,(void *)p);
7463			OUTPUT:
7464			RETVAL
7465
7466			int
7467			SSL_CTX_set_tlsext_status_cb(ctx,callback,data=&PL_sv_undef)
7468			SSL_CTX * ctx
7469			SV * callback
7470			SV * data
7471			CODE:
7472	0		RETVAL = 1;
7473	0	0	if (callback==NULL \|\| !SvOK(callback)) {
		0
		0
		0
7474	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", NULL);
7475	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", NULL);
7476	0		SSL_CTX_set_tlsext_status_cb(ctx, NULL);
7477	0	0	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7478	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!func", newSVsv(callback));
7479	0		cb_data_advanced_put(ctx, "tlsext_status_cb!!data", newSVsv(data));
7480	0		SSL_CTX_set_tlsext_status_cb(ctx, tlsext_status_cb_invoke);
7481			} else {
7482	0		croak("argument must be code reference");
7483			}
7484			OUTPUT:
7485			RETVAL
7486
7487			int
7488			SSL_set_session_ticket_ext_cb(ssl,callback,data=&PL_sv_undef)
7489			SSL * ssl
7490			SV * callback
7491			SV * data
7492			CODE:
7493	1		RETVAL = 1;
7494	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7495	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", NULL);
7496	0		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", NULL);
7497	0		SSL_set_session_ticket_ext_cb(ssl, NULL, NULL);
7498	1	50	} else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		50
7499	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!func", newSVsv(callback));
7500	1		cb_data_advanced_put(ssl, "session_ticket_ext_cb!!data", newSVsv(data));
7501	1		SSL_set_session_ticket_ext_cb(ssl, (tls_session_ticket_ext_cb_fn)&session_ticket_ext_cb_invoke, ssl);
7502			} else {
7503	0		croak("argument must be code reference");
7504			}
7505			OUTPUT:
7506			RETVAL
7507
7508			int
7509			SSL_set_session_ticket_ext(ssl,ticket)
7510			SSL *ssl
7511			PREINIT:
7512			unsigned char * p;
7513			STRLEN ticketlen;
7514			INPUT:
7515			unsigned char * ticket = (unsigned char *)SvPV( ST(1), ticketlen);
7516			CODE:
7517	1		RETVAL = 0;
7518	1	50	if (ticketlen > 0) {
7519	1		Newx(p, ticketlen, unsigned char);
7520	1	50	if (!p)
7521	0		croak("Net::SSLeay: set_session_ticket_ext could not allocate memory.\n");
7522	1		memcpy(p, ticket, ticketlen);
7523	1		RETVAL = SSL_set_session_ticket_ext(ssl, p, ticketlen);
7524	1		Safefree(p);
7525			}
7526			OUTPUT:
7527			RETVAL
7528
7529			#endif
7530
7531			OCSP_RESPONSE *
7532			d2i_OCSP_RESPONSE(pv)
7533			SV *pv
7534			CODE:
7535	0		RETVAL = NULL;
7536	0	0	if (SvPOK(pv)) {
7537			const unsigned char *p;
7538			STRLEN len;
7539	0	0	p = (unsigned char*)SvPV(pv,len);
7540	0		RETVAL = d2i_OCSP_RESPONSE(NULL,&p,len);
7541			}
7542			OUTPUT:
7543			RETVAL
7544
7545			void
7546			i2d_OCSP_RESPONSE(r)
7547			OCSP_RESPONSE * r
7548			PPCODE:
7549			STRLEN len;
7550			unsigned char pc,pi;
7551	0	0	if (!(len = i2d_OCSP_RESPONSE(r,NULL))) croak("invalid OCSP response");
7552	0		Newx(pc,len,unsigned char);
7553	0	0	if (!pc) croak("out of memory");
7554	0		pi = pc;
7555	0		i2d_OCSP_RESPONSE(r,&pi);
7556	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7557	0		Safefree(pc);
7558
7559			void
7560			OCSP_RESPONSE_free(r)
7561			OCSP_RESPONSE * r
7562
7563
7564			OCSP_REQUEST *
7565			d2i_OCSP_REQUEST(pv)
7566			SV *pv
7567			CODE:
7568	0		RETVAL = NULL;
7569	0	0	if (SvPOK(pv)) {
7570			const unsigned char *p;
7571			STRLEN len;
7572	0	0	p = (unsigned char*)SvPV(pv,len);
7573	0		RETVAL = d2i_OCSP_REQUEST(NULL,&p,len);
7574			}
7575			OUTPUT:
7576			RETVAL
7577
7578			void
7579			i2d_OCSP_REQUEST(r)
7580			OCSP_REQUEST * r
7581			PPCODE:
7582			STRLEN len;
7583			unsigned char pc,pi;
7584	0	0	if (!(len = i2d_OCSP_REQUEST(r,NULL))) croak("invalid OCSP request");
7585	0		Newx(pc,len,unsigned char);
7586	0	0	if (!pc) croak("out of memory");
7587	0		pi = pc;
7588	0		i2d_OCSP_REQUEST(r,&pi);
7589	0	0	XPUSHs(sv_2mortal(newSVpv((char*)pc,len)));
7590	0		Safefree(pc);
7591
7592
7593			void
7594			OCSP_REQUEST_free(r)
7595			OCSP_REQUEST * r
7596
7597
7598			const char *
7599			OCSP_response_status_str(long status)
7600
7601			long
7602			OCSP_response_status(OCSP_RESPONSE *r)
7603
7604			void
7605			SSL_OCSP_cert2ids(ssl,...)
7606			SSL *ssl
7607			PPCODE:
7608			SSL_CTX *ctx;
7609			X509_STORE *store;
7610			STACK_OF(X509) *chain;
7611			X509 cert,issuer;
7612			OCSP_CERTID *id;
7613			int i;
7614			STRLEN len;
7615			unsigned char *pi;
7616
7617	0	0	if (!ssl) croak("not a SSL object");
7618	0		ctx = SSL_get_SSL_CTX(ssl);
7619	0	0	if (!ctx) croak("invalid SSL object - no context");
7620	0		store = SSL_CTX_get_cert_store(ctx);
7621	0		chain = SSL_get_peer_cert_chain(ssl);
7622
7623	0	0	for(i=0;i
7624	0	0	cert = INT2PTR(X509*,SvIV(ST(i+1)));
7625	0	0	if (X509_check_issued(cert,cert) == X509_V_OK)
7626	0		croak("no OCSP request for self-signed certificate");
7627	0	0	if (!(issuer = find_issuer(cert,store,chain)))
7628	0		croak("cannot find issuer certificate");
7629	0		id = OCSP_cert_to_id(EVP_sha1(),cert,issuer);
7630	0		X509_free(issuer);
7631	0	0	if (!id)
7632	0		croak("out of memory for generating OCSP certid");
7633
7634	0		pi = NULL;
7635	0	0	if (!(len = i2d_OCSP_CERTID(id,&pi)))
7636	0		croak("OCSP certid has no length");
7637	0	0	XPUSHs(sv_2mortal(newSVpvn((char *)pi, len)));
7638
7639	0		OPENSSL_free(pi);
7640	0		OCSP_CERTID_free(id);
7641			}
7642
7643
7644			OCSP_REQUEST *
7645			OCSP_ids2req(...)
7646			CODE:
7647			OCSP_REQUEST *req;
7648			OCSP_CERTID *id;
7649			int i;
7650
7651	0		req = OCSP_REQUEST_new();
7652	0	0	if (!req) croak("out of memory");
7653	0		OCSP_request_add1_nonce(req,NULL,-1);
7654
7655	0	0	for(i=0;i
7656			STRLEN len;
7657	0	0	const unsigned char p = (unsigned char)SvPV(ST(i),len);
7658	0		id = d2i_OCSP_CERTID(NULL,&p,len);
7659	0	0	if (!id) {
7660	0		OCSP_REQUEST_free(req);
7661	0		croak("failed to get OCSP certid from string");
7662			}
7663	0		OCSP_request_add0_id(req,id);
7664			}
7665	0		RETVAL = req;
7666			OUTPUT:
7667			RETVAL
7668
7669
7670
7671			int
7672			SSL_OCSP_response_verify(ssl,rsp,svreq=NULL,flags=0)
7673			SSL *ssl
7674			OCSP_RESPONSE *rsp
7675			SV *svreq
7676			unsigned long flags
7677			PREINIT:
7678			SSL_CTX *ctx;
7679			X509_STORE *store;
7680			OCSP_BASICRESP *bsr;
7681	0		OCSP_REQUEST *req = NULL;
7682			int i;
7683			CODE:
7684	0	0	if (!ssl) croak("not a SSL object");
7685	0		ctx = SSL_get_SSL_CTX(ssl);
7686	0	0	if (!ctx) croak("invalid SSL object - no context");
7687
7688	0		bsr = OCSP_response_get1_basic(rsp);
7689	0	0	if (!bsr) croak("invalid OCSP response");
7690
7691			/* if we get a nonce it should match our nonce, if we get no nonce
7692			* it was probably pre-signed */
7693	0	0	if (svreq && SvOK(svreq) &&
		0
		0
		0
		0
7694	0	0	(req = INT2PTR(OCSP_REQUEST*,SvIV(svreq)))) {
7695	0		i = OCSP_check_nonce(req,bsr);
7696	0	0	if ( i <= 0 ) {
7697	0	0	if (i == -1) {
7698	0		TRACE(2,"SSL_OCSP_response_verify: no nonce in response");
7699			} else {
7700	0		OCSP_BASICRESP_free(bsr);
7701	0		croak("nonce in OCSP response does not match request");
7702			}
7703			}
7704			}
7705
7706	0		RETVAL = 0;
7707	0	0	if ((store = SSL_CTX_get_cert_store(ctx))) {
7708			/* add the SSL uchain to the uchain of the OCSP basic response, this
7709			* looks like the easiest way to handle the case where the OCSP
7710			* response does not contain the chain up to the trusted root */
7711	0		STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
7712	0	0	for(i=0;i
7713	0		OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
7714			}
7715	0		TRACE(1,"run basic verify");
7716	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7717	0	0	if (chain && !RETVAL) {
		0
7718			/* some CAs don't add a certificate to their OCSP responses and
7719			* openssl does not include the trusted CA which signed the
7720			* lowest chain certificate when looking for the signer.
7721			* So find this CA ourself and retry verification. */
7722			X509 *issuer;
7723	0		X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
7724	0		ERR_clear_error(); /* clear error from last OCSP_basic_verify */
7725	0	0	if (last && (issuer = find_issuer(last,store,chain))) {
		0
7726	0		OCSP_basic_add1_cert(bsr, issuer);
7727	0		X509_free(issuer);
7728	0		TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
7729	0		RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
7730			}
7731			}
7732			}
7733	0		OCSP_BASICRESP_free(bsr);
7734			OUTPUT:
7735			RETVAL
7736
7737
7738			void
7739			OCSP_response_results(rsp,...)
7740			OCSP_RESPONSE *rsp
7741			PPCODE:
7742			OCSP_BASICRESP *bsr;
7743			int i,want_array;
7744	0		time_t nextupd = 0;
7745	0		time_t gmtoff = -1;
7746			int getall,sksn;
7747
7748	0		bsr = OCSP_response_get1_basic(rsp);
7749	0	0	if (!bsr) croak("invalid OCSP response");
7750
7751	0	0	want_array = (GIMME == G_ARRAY);
7752	0		getall = (items <= 1);
7753	0		sksn = OCSP_resp_count(bsr);
7754
7755	0	0	for(i=0; i < (getall ? sksn : items-1); i++) {
		0
7756	0		const char *error = NULL;
7757	0		OCSP_SINGLERESP *sir = NULL;
7758	0		OCSP_CERTID *certid = NULL;
7759	0		SV *idsv = NULL;
7760			int first, status, revocationReason;
7761			ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
7762
7763	0	0	if(getall) {
7764	0		sir = OCSP_resp_get0(bsr,i);
7765			} else {
7766			STRLEN len;
7767			const unsigned char *p;
7768
7769	0		idsv = ST(i+1);
7770	0	0	if (!SvOK(idsv)) croak("undefined certid in arguments");
		0
		0
7771	0	0	p = (unsigned char*)SvPV(idsv,len);
7772	0	0	if (!(certid = d2i_OCSP_CERTID(NULL,&p,len))) {
7773	0		error = "failed to get OCSP certid from string";
7774	0		goto end;
7775			}
7776	0		first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
7777	0	0	if (first >= 0)
7778	0		sir = OCSP_resp_get0(bsr,first);
7779			}
7780
7781	0	0	if (sir)
7782			{
7783			#if OPENSSL_VERSION_NUMBER >= 0x10100000L
7784			status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
7785			#else
7786	0		status = sir->certStatus->type;
7787	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED)
7788	0		revocationTime = sir->certStatus->value.revoked->revocationTime;
7789	0		thisupdate = sir->thisUpdate;
7790	0		nextupdate = sir->nextUpdate;
7791			#endif
7792	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7793	0		error = "certificate status is revoked";
7794	0	0	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
7795	0		error = "certificate status is unknown";
7796			}
7797	0	0	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
7798	0		error = "response not yet valid or expired";
7799			}
7800			} else {
7801	0		error = "cannot find entry for certificate in OCSP response";
7802			}
7803
7804			end:
7805	0	0	if (want_array) {
7806	0		AV *idav = newAV();
7807	0	0	if (!idsv) {
7808			/* getall: create new SV with OCSP_CERTID */
7809			unsigned char pi,pc;
7810			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7811			int len = i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),NULL);
7812			#else
7813	0		int len = i2d_OCSP_CERTID(sir->certId,NULL);
7814			#endif
7815	0	0	if(!len) continue;
7816	0		Newx(pc,len,unsigned char);
7817	0	0	if (!pc) croak("out of memory");
7818	0		pi = pc;
7819			#if (OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)) \|\| (LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
7820			i2d_OCSP_CERTID((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sir),&pi);
7821			#else
7822	0		i2d_OCSP_CERTID(sir->certId,&pi);
7823			#endif
7824	0		idsv = newSVpv((char*)pc,len);
7825	0		Safefree(pc);
7826			} else {
7827			/* reuse idsv from ST(..), but increment refcount */
7828	0		idsv = SvREFCNT_inc(idsv);
7829			}
7830	0		av_push(idav, idsv);
7831	0	0	av_push(idav, error ? newSVpv(error,0) : newSV(0));
7832	0	0	if (sir) {
7833	0		HV *details = newHV();
7834	0		av_push(idav,newRV_noinc((SV*)details));
7835	0		hv_store(details,"statusType",10,
7836			newSViv(status),0);
7837	0	0	if (nextupdate) hv_store(details,"nextUpdate",10,
7838			newSViv(ASN1_TIME_timet(nextupdate, &gmtoff)),0);
7839	0	0	if (thisupdate) hv_store(details,"thisUpdate",10,
7840			newSViv(ASN1_TIME_timet(thisupdate, &gmtoff)),0);
7841	0	0	if (status == V_OCSP_CERTSTATUS_REVOKED) {
7842			#if OPENSSL_VERSION_NUMBER < 0x10100000L
7843	0		OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
7844	0		revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
7845			#endif
7846	0		hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime, &gmtoff)),0);
7847	0		hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
7848	0		hv_store(details,"revocationReason_str",20,newSVpv(
7849			OCSP_crl_reason_str(revocationReason),0),0);
7850			}
7851			}
7852	0	0	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
7853	0	0	} else if (!error) {
7854			/* compute lowest nextUpdate */
7855	0		time_t nu = ASN1_TIME_timet(nextupdate, &gmtoff);
7856	0	0	if (!nextupd \|\| nextupd>nu) nextupd = nu;
		0
7857			}
7858
7859	0	0	if (certid) OCSP_CERTID_free(certid);
7860	0	0	if (error && !want_array) {
		0
7861	0		OCSP_BASICRESP_free(bsr);
7862	0		croak("%s", error);
7863			}
7864			}
7865	0		OCSP_BASICRESP_free(bsr);
7866	0	0	if (!want_array)
7867	0	0	XPUSHs(sv_2mortal(newSViv(nextupd)));
7868
7869
7870
7871			#endif
7872
7873			#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
7874
7875			int
7876			SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
7877			SSL_CTX * ctx
7878			SV * callback
7879			SV * data
7880			CODE:
7881	1		RETVAL = 1;
7882	1	50	if (callback==NULL \|\| !SvOK(callback)) {
		50
		0
		0
7883	0		SSL_CTX_set_alpn_select_cb(ctx, NULL, NULL);
7884	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7885	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", NULL);
7886			PR1("SSL_CTX_set_alpn_select_cb - undef\n");
7887			}
7888	1	50	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVAV)) {
		50
7889			/* callback param array ref like ['proto1','proto2'] */
7890	1		cb_data_advanced_put(ctx, "alpn_select_cb!!func", NULL);
7891	1		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(callback));
7892	1		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7893			PR2("SSL_CTX_set_alpn_select_cb - simple ctx=%p\n",ctx);
7894			}
7895	0	0	else if (SvROK(callback) && (SvTYPE(SvRV(callback)) == SVt_PVCV)) {
		0
7896	0		cb_data_advanced_put(ctx, "alpn_select_cb!!func", newSVsv(callback));
7897	0		cb_data_advanced_put(ctx, "alpn_select_cb!!data", newSVsv(data));
7898	0		SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb_invoke, ctx);
7899			PR2("SSL_CTX_set_alpn_select_cb - advanced ctx=%p\n",ctx);
7900			}
7901			else {
7902	0		RETVAL = 0;
7903			}
7904			OUTPUT:
7905			RETVAL
7906
7907			int
7908			SSL_CTX_set_alpn_protos(ctx,data=&PL_sv_undef)
7909			SSL_CTX * ctx
7910			SV * data
7911			PREINIT:
7912			unsigned char *alpn_data;
7913			unsigned char alpn_len;
7914
7915			CODE:
7916	1		RETVAL = -1;
7917
7918	1	50	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		50
7919	0		croak("Net::SSLeay: CTX_set_alpn_protos needs a single array reference.\n");
7920	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7921	1		Newx(alpn_data, alpn_len, unsigned char);
7922	1	50	if (!alpn_data)
7923	0		croak("Net::SSLeay: CTX_set_alpn_protos could not allocate memory.\n");
7924	1		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7925	1		RETVAL = SSL_CTX_set_alpn_protos(ctx, alpn_data, alpn_len);
7926	1		Safefree(alpn_data);
7927
7928			OUTPUT:
7929			RETVAL
7930
7931			int
7932			SSL_set_alpn_protos(ssl,data=&PL_sv_undef)
7933			SSL * ssl
7934			SV * data
7935			PREINIT:
7936			unsigned char *alpn_data;
7937			unsigned char alpn_len;
7938
7939			CODE:
7940	0		RETVAL = -1;
7941
7942	0	0	if (!SvROK(data) \|\| (SvTYPE(SvRV(data)) != SVt_PVAV))
		0
7943	0		croak("Net::SSLeay: set_alpn_protos needs a single array reference.\n");
7944	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), NULL);
7945	0		Newx(alpn_data, alpn_len, unsigned char);
7946	0	0	if (!alpn_data)
7947	0		croak("Net::SSLeay: set_alpn_protos could not allocate memory.\n");
7948	0		alpn_len = next_proto_helper_AV2protodata((AV*)SvRV(data), alpn_data);
7949	0		RETVAL = SSL_set_alpn_protos(ssl, alpn_data, alpn_len);
7950	0		Safefree(alpn_data);
7951
7952			OUTPUT:
7953			RETVAL
7954
7955			void
7956			P_alpn_selected(s)
7957			const SSL *s
7958			PREINIT:
7959			const unsigned char *data;
7960			unsigned int len;
7961			PPCODE:
7962	2		SSL_get0_alpn_selected(s, &data, &len);
7963	2	50	XPUSHs(sv_2mortal(newSVpv((char *)data, len)));
7964
7965			#endif
7966
7967			#if OPENSSL_VERSION_NUMBER >= 0x10001000L
7968
7969			void
7970			SSL_export_keying_material(ssl, outlen, label, context=&PL_sv_undef)
7971			SSL * ssl
7972			int outlen
7973			SV * context
7974			PREINIT:
7975			unsigned char * out;
7976			STRLEN llen;
7977	15		STRLEN contextlen = 0;
7978	15		char *context_arg = NULL;
7979	15		int use_context = 0;
7980			int ret;
7981			INPUT:
7982			char * label = SvPV( ST(2), llen);
7983			PPCODE:
7984	15		Newx(out, outlen, unsigned char);
7985
7986	15	100	if (context != &PL_sv_undef) {
7987	9		use_context = 1;
7988	9	50	context_arg = SvPV( ST(3), contextlen);
7989			}
7990	15		ret = SSL_export_keying_material(ssl, out, outlen, label, llen, (unsigned char*)context_arg, contextlen, use_context);
7991	15	50	PUSHs(sv_2mortal(ret>0 ? newSVpvn((const char *)out, outlen) : newSV(0)));
7992	15	50	EXTEND(SP, 1);
7993	15		Safefree(out);
7994
7995			#endif
7996
7997			#if OPENSSL_VERSION_NUMBER >= 0x30000000L
7998
7999			OSSL_LIB_CTX *
8000			OSSL_LIB_CTX_get0_global_default()
8001
8002
8003			OSSL_PROVIDER *
8004			OSSL_PROVIDER_load(SV libctx, const char name)
8005			CODE:
8006			OSSL_LIB_CTX *ctx = NULL;
8007			if (libctx != &PL_sv_undef)
8008			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8009			RETVAL = OSSL_PROVIDER_load(ctx, name);
8010			if (RETVAL == NULL)
8011			XSRETURN_UNDEF;
8012			OUTPUT:
8013			RETVAL
8014
8015			OSSL_PROVIDER *
8016			OSSL_PROVIDER_try_load(SV libctx, const char name, int retain_fallbacks)
8017			CODE:
8018			OSSL_LIB_CTX *ctx = NULL;
8019			if (libctx != &PL_sv_undef)
8020			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8021			RETVAL = OSSL_PROVIDER_try_load(ctx, name, retain_fallbacks);
8022			if (RETVAL == NULL)
8023			XSRETURN_UNDEF;
8024			OUTPUT:
8025			RETVAL
8026
8027			int
8028			OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
8029
8030			int
8031			OSSL_PROVIDER_available(SV libctx, const char name)
8032			CODE:
8033			OSSL_LIB_CTX *ctx = NULL;
8034			if (libctx != &PL_sv_undef)
8035			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8036			RETVAL = OSSL_PROVIDER_available(ctx, name);
8037			OUTPUT:
8038			RETVAL
8039
8040			int
8041			OSSL_PROVIDER_do_all(SV libctx, SV perl_cb, SV *perl_cbdata = &PL_sv_undef)
8042			PREINIT:
8043			simple_cb_data_t* cbdata = NULL;
8044			CODE:
8045			OSSL_LIB_CTX *ctx = NULL;
8046			if (libctx != &PL_sv_undef)
8047			ctx = INT2PTR(OSSL_LIB_CTX *, SvIV(libctx));
8048
8049			/* setup our callback */
8050			cbdata = simple_cb_data_new(perl_cb, perl_cbdata);
8051			RETVAL = OSSL_PROVIDER_do_all(ctx, ossl_provider_do_all_cb_invoke, cbdata);
8052			simple_cb_data_free(cbdata);
8053			OUTPUT:
8054			RETVAL
8055
8056			const char *
8057			OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov)
8058
8059			int
8060			OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
8061
8062			#endif
8063
8064			#define REM_EOF "/* EOF - SSLeay.xs */"