/*! \file ssl/ssl_lib.c
 *  \brief Version independent SSL functions.
 */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#ifdef REF_CHECK
#  include <assert.h>
#endif
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif

const char *SSL_version_str=OPENSSL_VERSION_TEXT;

SSL3_ENC_METHOD ssl3_undef_enc_method={
	/* evil casts, but these functions are only called if there's a library bug */
	(int (*)(SSL *,int))ssl_undefined_function,
	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
	ssl_undefined_function,
	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
	(int (*)(SSL*, int))ssl_undefined_function,
	(int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
	0,	/* finish_mac_length */
	(int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
	NULL,	/* client_finished_label */
	0,	/* client_finished_label_len */
	NULL,	/* server_finished_label */
	0,	/* server_finished_label_len */
	(int (*)(int))ssl_undefined_function
	};

int SSL_clear(SSL *s)
	{

	if (s->method == NULL)
		{
		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
		return(0);
		}

	if (ssl_clear_bad_session(s))
		{
		SSL_SESSION_free(s->session);
		s->session=NULL;
		}

	s->error=0;
	s->hit=0;
	s->shutdown=0;

#if 0 /* Disabled since version 1.10 of this file (early return not
       * needed because SSL_clear is not called when doing renegotiation) */
	/* This is set if we are doing dynamic renegotiation so keep
	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
	if (s->new_session) return(1);
#else
	if (s->new_session)
		{
		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
		return 0;
		}
#endif

	s->type=0;

	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);

	s->version=s->method->version;
	s->client_version=s->version;
	s->rwstate=SSL_NOTHING;
	s->rstate=SSL_ST_READ_HEADER;
#if 0
	s->read_ahead=s->ctx->read_ahead;
#endif

	if (s->init_buf != NULL)
		{
		BUF_MEM_free(s->init_buf);
		s->init_buf=NULL;
		}

	ssl_clear_cipher_ctx(s);

	s->first_packet=0;

#if 1
	/* Check to see if we were changed into a different method, if
	 * so, revert back if we are not doing session-id reuse. */
	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
		{
		s->method->ssl_free(s);
		s->method=s->ctx->method;
		if (!s->method->ssl_new(s))
			return(0);
		}
	else
#endif
		s->method->ssl_clear(s);
	return(1);
	}

/** Used to change an SSL_CTXs default SSL method type */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
	{
	STACK_OF(SSL_CIPHER) *sk;

	ctx->method=meth;

	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
		{
		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
		return(0);
		}
	return(1);
	}

SSL *SSL_new(SSL_CTX *ctx)
	{
	SSL *s;

	if (ctx == NULL)
		{
		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
		return(NULL);
		}
	if (ctx->method == NULL)
		{
		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
		return(NULL);
		}

	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
	if (s == NULL) goto err;
	memset(s,0,sizeof(SSL));

#ifndef	OPENSSL_NO_KRB5
	s->kssl_ctx = kssl_ctx_new();
#endif	/* OPENSSL_NO_KRB5 */

	s->options=ctx->options;
	s->mode=ctx->mode;
	s->max_cert_list=ctx->max_cert_list;

	if (ctx->cert != NULL)
		{
		/* Earlier library versions used to copy the pointer to
		 * the CERT, not its contents; only when setting new
		 * parameters for the per-SSL copy, ssl_cert_new would be
		 * called (and the direct reference to the per-SSL_CTX
		 * settings would be lost, but those still were indirectly
		 * accessed for various purposes, and for that reason they
		 * used to be known as s->ctx->default_cert).
		 * Now we don't look at the SSL_CTX's CERT after having
		 * duplicated it once. */

		s->cert = ssl_cert_dup(ctx->cert);
		if (s->cert == NULL)
			goto err;
		}
	else
		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */

	s->read_ahead=ctx->read_ahead;
	s->msg_callback=ctx->msg_callback;
	s->msg_callback_arg=ctx->msg_callback_arg;
	s->verify_mode=ctx->verify_mode;
#if 0
	s->verify_depth=ctx->verify_depth;
#endif
	s->sid_ctx_length=ctx->sid_ctx_length;
	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
	s->verify_callback=ctx->default_verify_callback;
	s->generate_session_id=ctx->generate_session_id;

	s->param = X509_VERIFY_PARAM_new();
	if (!s->param)
		goto err;
	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
#if 0
	s->purpose = ctx->purpose;
	s->trust = ctx->trust;
#endif
	s->quiet_shutdown=ctx->quiet_shutdown;

	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
	s->ctx=ctx;

	s->verify_result=X509_V_OK;

	s->method=ctx->method;

	if (!s->method->ssl_new(s))
		goto err;

	s->references=1;
	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;

	SSL_clear(s);

	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

	return(s);
err:
	if (s != NULL)
		{
		if (s->cert != NULL)
			ssl_cert_free(s->cert);
		if (s->ctx != NULL)
			SSL_CTX_free(s->ctx); /* decrement reference count */
		OPENSSL_free(s);
		}
	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
	return(NULL);
	}

int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
				   unsigned int sid_ctx_len)
    {
    if(sid_ctx_len > sizeof ctx->sid_ctx)
	{
	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
	return 0;
	}
    ctx->sid_ctx_length=sid_ctx_len;
    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);

    return 1;
    }

int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
			       unsigned int sid_ctx_len)
    {
    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
	{
	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
	return 0;
	}
    ssl->sid_ctx_length=sid_ctx_len;
    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);

    return 1;
    }

int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
	{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
	ctx->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
	return 1;
	}

int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
	{
	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
	ssl->generate_session_id = cb;
	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
	return 1;
	}

int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
				unsigned int id_len)
	{
	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
	 * we can "construct" a session to give us the desired check - ie. to
	 * find if there's a session in the hash table that would conflict with
	 * any new session built out of this id/id_len and the ssl_version in
	 * use by this SSL. */
	SSL_SESSION r, *p;

	if(id_len > sizeof r.session_id)
		return 0;

	r.ssl_version = ssl->version;
	r.session_id_length = id_len;
	memcpy(r.session_id, id, id_len);
	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
	 * callback is calling us to check the uniqueness of a shorter ID, it
	 * must be compared as a padded-out ID because that is what it will be
	 * converted to when the callback has finished choosing it. */
	if((r.ssl_version == SSL2_VERSION) &&
			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
		{
		memset(r.session_id + id_len, 0,
			SSL2_SSL_SESSION_ID_LENGTH - id_len);
		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
		}

	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
	p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
	return (p != NULL);
	}

int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
	{
	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
	}

int SSL_set_purpose(SSL *s, int purpose)
	{
	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
	}

int SSL_CTX_set_trust(SSL_CTX *s, int trust)
	{
	return X509_VERIFY_PARAM_set_trust(s->param, trust);
	}

int SSL_set_trust(SSL *s, int trust)
	{
	return X509_VERIFY_PARAM_set_trust(s->param, trust);
	}

void SSL_free(SSL *s)
	{
	int i;

	if(s == NULL)
	    return;

	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
#ifdef REF_PRINT
	REF_PRINT("SSL",s);
#endif
	if (i > 0) return;
#ifdef REF_CHECK
	if (i < 0)
		{
		fprintf(stderr,"SSL_free, bad reference count\n");
		abort(); /* ok */
		}
#endif

	if (s->param)
		X509_VERIFY_PARAM_free(s->param);

	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);

	if (s->bbio != NULL)
		{
		/* If the buffering BIO is in place, pop it off */
		if (s->bbio == s->wbio)
			{
			s->wbio=BIO_pop(s->wbio);
			}
		BIO_free(s->bbio);
		s->bbio=NULL;
		}
	if (s->rbio != NULL)
		BIO_free_all(s->rbio);
	if ((s->wbio != NULL) && (s->wbio != s->rbio))
		BIO_free_all(s->wbio);

	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);

	/* add extra stuff */
	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);

	/* Make the next call work :-) */
	if (s->session != NULL)
		{
		ssl_clear_bad_session(s);
		SSL_SESSION_free(s->session);
		}

	ssl_clear_cipher_ctx(s);

	if (s->cert != NULL) ssl_cert_free(s->cert);
	/* Free up if allocated */

	if (s->ctx) SSL_CTX_free(s->ctx);

	if (s->client_CA != NULL)
		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);

	if (s->method != NULL) s->method->ssl_free(s);

#ifndef	OPENSSL_NO_KRB5
	if (s->kssl_ctx != NULL)
		kssl_ctx_free(s->kssl_ctx);
#endif	/* OPENSSL_NO_KRB5 */

	OPENSSL_free(s);
	}

void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
	{
	/* If the output buffering BIO is still in place, remove it
	 */
	if (s->bbio != NULL)
		{
		if (s->wbio == s->bbio)
			{
			s->wbio=s->wbio->next_bio;
			s->bbio->next_bio=NULL;
			}
		}
	if ((s->rbio != NULL) && (s->rbio != rbio))
		BIO_free_all(s->rbio);
	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
		BIO_free_all(s->wbio);
	s->rbio=rbio;
	s->wbio=wbio;
	}

BIO *SSL_get_rbio(const SSL *s)
	{ return(s->rbio); }

BIO *SSL_get_wbio(const SSL *s)
	{ return(s->wbio); }

int SSL_get_fd(const SSL *s)
	{
	return(SSL_get_rfd(s));
	}

int SSL_get_rfd(const SSL *s)
	{
	int ret= -1;
	BIO *b,*r;

	b=SSL_get_rbio(s);
	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
	if (r != NULL)
		BIO_get_fd(r,&ret);
	return(ret);
	}

int SSL_get_wfd(const SSL *s)
	{
	int ret= -1;
	BIO *b,*r;

	b=SSL_get_wbio(s);
	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
	if (r != NULL)
		BIO_get_fd(r,&ret);
	return(ret);
	}

#ifndef OPENSSL_NO_SOCK
int SSL_set_fd(SSL *s,int fd)
	{
	int ret=0;
	BIO *bio=NULL;

	bio=BIO_new(BIO_s_socket());

	if (bio == NULL)
		{
		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
		goto err;
		}
	BIO_set_fd(bio,fd,BIO_NOCLOSE);
	SSL_set_bio(s,bio,bio);
	ret=1;
err:
	return(ret);
	}

int SSL_set_wfd(SSL *s,int fd)
	{
	int ret=0;
	BIO *bio=NULL;

	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
		{
		bio=BIO_new(BIO_s_socket());

		if (bio == NULL)
			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
		BIO_set_fd(bio,fd,BIO_NOCLOSE);
		SSL_set_bio(s,SSL_get_rbio(s),bio);
		}
	else
		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
	ret=1;
err:
	return(ret);
	}

int SSL_set_rfd(SSL *s,int fd)
	{
	int ret=0;
	BIO *bio=NULL;

	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
		{
		bio=BIO_new(BIO_s_socket());

		if (bio == NULL)
			{
			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
			goto err;
			}
		BIO_set_fd(bio,fd,BIO_NOCLOSE);
		SSL_set_bio(s,bio,SSL_get_wbio(s));
		}
	else
		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
	ret=1;
err:
	return(ret);
	}
#endif


/* return length of latest Finished message we sent, copy to 'buf' */
size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
	{
	size_t ret = 0;
	
	if (s->s3 != NULL)
		{
		ret = s->s3->tmp.finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, s->s3->tmp.finish_md, count);
		}
	return ret;
	}

/* return length of latest Finished message we expected, copy to 'buf' */
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
	{
	size_t ret = 0;
	
	if (s->s3 != NULL)
		{
		ret = s->s3->tmp.peer_finish_md_len;
		if (count > ret)
			count = ret;
		memcpy(buf, s->s3->tmp.peer_finish_md, count);
		}
	return ret;
	}


int SSL_get_verify_mode(const SSL *s)
	{
	return(s->verify_mode);
	}

int SSL_get_verify_depth(const SSL *s)
	{
	return X509_VERIFY_PARAM_get_depth(s->param);
	}

int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
	{
	return(s->verify_callback);
	}

int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
	{
	return(ctx->verify_mode);
	}

int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
	{
	return X509_VERIFY_PARAM_get_depth(ctx->param);
	}

int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
	{
	return(ctx->default_verify_callback);
	}

void SSL_set_verify(SSL *s,int mode,
		    int (*callback)(int ok,X509_STORE_CTX *ctx))
	{
	s->verify_mode=mode;
	if (callback != NULL)
		s->verify_callback=callback;
	}

void SSL_set_verify_depth(SSL *s,int depth)
	{
	X509_VERIFY_PARAM_set_depth(s->param, depth);
	}

void SSL_set_read_ahead(SSL *s,int yes)
	{
	s->read_ahead=yes;
	}

int SSL_get_read_ahead(const SSL *s)
	{
	return(s->read_ahead);
	}

int SSL_pending(const SSL *s)
	{
	/* SSL_pending cannot work properly if read-ahead is enabled
	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
	 * and it is impossible to fix since SSL_pending cannot report
	 * errors that may be observed while scanning the new data.
	 * (Note that SSL_pending() is often used as a boolean value,
	 * so we'd better not return -1.)
	 */
	return(s->method->ssl_pending(s));
	}

X509 *SSL_get_peer_certificate(const SSL *s)
	{
	X509 *r;
	
	if ((s == NULL) || (s->session == NULL))
		r=NULL;
	else
		r=s->session->peer;

	if (r == NULL) return(r);

	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);

	return(r);
	}

STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
	{
	STACK_OF(X509) *r;
	
	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
		r=NULL;
	else
		r=s->session->sess_cert->cert_chain;

	/* If we are a client, cert_chain includes the peer's own
	 * certificate; if we are a server, it does not. */
	
	return(r);
	}

/* Now in theory, since the calling process own 't' it should be safe to
 * modify.  We need to be able to read f without being hassled */
void SSL_copy_session_id(SSL *t,const SSL *f)
	{
	CERT *tmp;

	/* Do we need to to SSL locking? */
	SSL_set_session(t,SSL_get_session(f));

	/* what if we are setup as SSLv2 but want to talk SSLv3 or
	 * vice-versa */
	if (t->method != f->method)
		{
		t->method->ssl_free(t);	/* cleanup current */
		t->method=f->method;	/* change method */
		t->method->ssl_new(t);	/* setup new */
		}

	tmp=t->cert;
	if (f->cert != NULL)
		{
		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
		t->cert=f->cert;
		}
	else
		t->cert=NULL;
	if (tmp != NULL) ssl_cert_free(tmp);
	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
	}

/* Fix this so it checks all the valid key/cert options */
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
	{
	if (	(ctx == NULL) ||
		(ctx->cert == NULL) ||
		(ctx->cert->key->x509 == NULL))
		{
		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
		return(0);
		}
	if 	(ctx->cert->key->privatekey == NULL)
		{
		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return(0);
		}
	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
	}

/* Fix this function so that it takes an optional type parameter */
int SSL_check_private_key(const SSL *ssl)
	{
	if (ssl == NULL)
		{
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
		return(0);
		}
	if (ssl->cert == NULL)
		{
                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
		return 0;
		}
	if (ssl->cert->key->x509 == NULL)
		{
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
		return(0);
		}
	if (ssl->cert->key->privatekey == NULL)
		{
		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
		return(0);
		}
	return(X509_check_private_key(ssl->cert->key->x509,
		ssl->cert->key->privatekey));
	}

int SSL_accept(SSL *s)
	{
	if (s->handshake_func == 0)
		/* Not properly initialized yet */
		SSL_set_accept_state(s);

	return(s->method->ssl_accept(s));
	}

int SSL_connect(SSL *s)
	{
	if (s->handshake_func == 0)
		/* Not properly initialized yet */
		SSL_set_connect_state(s);

	return(s->method->ssl_connect(s));
	}

long SSL_get_default_timeout(const SSL *s)
	{
	return(s->method->get_timeout());
	}

int SSL_read(SSL *s,void *buf,int num)
	{
	if (s->handshake_func == 0)
		{
		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
		return -1;
		}

	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
		{
		s->rwstate=SSL_NOTHING;
		return(0);
		}
	return(s->method->ssl_read(s,buf,num));
	}

int SSL_peek(SSL *s,void *buf,int num)
	{
	if (s->handshake_func == 0)
		{
		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
		return -1;
		}

	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
		{
		return(0);
		}
	return(s->method->ssl_peek(s,buf,num));
	}

int SSL_write(SSL *s,const void *buf,int num)
	{
	if (s->handshake_func == 0)
		{
		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
		return -1;
		}

	if (s->shutdown & SSL_SENT_SHUTDOWN)
		{
		s->rwstate=SSL_NOTHING;
		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
		return(-1);
		}
	return(s->method->ssl_write(s,buf,num));
	}

int SSL_shutdown(SSL *s)
	{
	/* Note that this function behaves differently from what one might
	 * expect.  Return values are 0 for no success (yet),
	 * 1 for success; but calling it once is usually not enough,
	 * even if blocking I/O is used (see ssl3_shutdown).
	 */

	if (s->handshake_func == 0)
		{
		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
		return -1;
		}

	if ((s != NULL) && !SSL_in_init(s))
		return(s->method->ssl_shutdown(s));
	else
		return(1);
	}

int SSL_renegotiate(SSL *s)
	{
	if (s->new_session == 0)
		{
		s->new_session=1;
		}
	return(s->method->ssl_renegotiate(s));
	}

int SSL_renegotiate_pending(SSL *s)
	{
	/* becomes true when negotiation is requested;
	 * false again once a handshake has finished */
	return (s->new_session != 0);
	}

long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
	{
	long l;

	switch (cmd)
		{
	case SSL_CTRL_GET_READ_AHEAD:
		return(s->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l=s->read_ahead;
		s->read_ahead=larg;
		return(l);

	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		s->msg_callback_arg = parg;
		return 1;

	case SSL_CTRL_OPTIONS:
		return(s->options|=larg);
	case SSL_CTRL_MODE:
		return(s->mode|=larg);
	case SSL_CTRL_GET_MAX_CERT_LIST:
		return(s->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l=s->max_cert_list;
		s->max_cert_list=larg;
		return(l);
	case SSL_CTRL_SET_MTU:
		if (SSL_version(s) == DTLS1_VERSION)
			{
			s->d1->mtu = larg;
			return larg;
			}
		return 0;
	default:
		return(s->method->ssl_ctrl(s,cmd,larg,parg));
		}
	}

long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
	{
	switch(cmd)
		{
	case SSL_CTRL_SET_MSG_CALLBACK:
		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
		return 1;
		
	default:
		return(s->method->ssl_callback_ctrl(s,cmd,fp));
		}
	}

struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
	{
	return ctx->sessions;
	}

long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
	{
	long l;

	switch (cmd)
		{
	case SSL_CTRL_GET_READ_AHEAD:
		return(ctx->read_ahead);
	case SSL_CTRL_SET_READ_AHEAD:
		l=ctx->read_ahead;
		ctx->read_ahead=larg;
		return(l);
		
	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
		ctx->msg_callback_arg = parg;
		return 1;

	case SSL_CTRL_GET_MAX_CERT_LIST:
		return(ctx->max_cert_list);
	case SSL_CTRL_SET_MAX_CERT_LIST:
		l=ctx->max_cert_list;
		ctx->max_cert_list=larg;
		return(l);

	case SSL_CTRL_SET_SESS_CACHE_SIZE:
		l=ctx->session_cache_size;
		ctx->session_cache_size=larg;
		return(l);
	case SSL_CTRL_GET_SESS_CACHE_SIZE:
		return(ctx->session_cache_size);
	case SSL_CTRL_SET_SESS_CACHE_MODE:
		l=ctx->session_cache_mode;
		ctx->session_cache_mode=larg;
		return(l);
	case SSL_CTRL_GET_SESS_CACHE_MODE:
		return(ctx->session_cache_mode);

	case SSL_CTRL_SESS_NUMBER:
		return(ctx->sessions->num_items);
	case SSL_CTRL_SESS_CONNECT:
		return(ctx->stats.sess_connect);
	case SSL_CTRL_SESS_CONNECT_GOOD:
		return(ctx->stats.sess_connect_good);
	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
		return(ctx->stats.sess_connect_renegotiate);
	case SSL_CTRL_SESS_ACCEPT:
		return(ctx->stats.sess_accept);
	case SSL_CTRL_SESS_ACCEPT_GOOD:
		return(ctx->stats.sess_accept_good);
	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
		return(ctx->stats.sess_accept_renegotiate);
	case SSL_CTRL_SESS_HIT:
		return(ctx->stats.sess_hit);
	case SSL_CTRL_SESS_CB_HIT:
		return(ctx->stats.sess_cb_hit);
	case SSL_CTRL_SESS_MISSES:
		return(ctx->stats.sess_miss);
	case SSL_CTRL_SESS_TIMEOUTS:
		return(ctx->stats.sess_timeout);
	case SSL_CTRL_SESS_CACHE_FULL:
		return(ctx->stats.sess_cache_full);
	case SSL_CTRL_OPTIONS:
		return(ctx->options|=larg);
	case SSL_CTRL_MODE:
		return(ctx->mode|=larg);
	default:
		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
		}
	}

long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
	{
	switch(cmd)
		{
	case SSL_CTRL_SET_MSG_CALLBACK:
		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
		return 1;

	default:
		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
		}
	}

int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
	{
	long l;

	l=a->id-b->id;
	if (l == 0L)
		return(0);
	else
		return((l > 0)?1:-1);
	}

int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
			const SSL_CIPHER * const *bp)
	{
	long l;

	l=(*ap)->id-(*bp)->id;
	if (l == 0L)
		return(0);
	else
		return((l > 0)?1:-1);
	}

/** return a STACK of the ciphers available for the SSL and in order of
 * preference */
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
	{
	if (s != NULL)
		{
		if (s->cipher_list != NULL)
			{
			return(s->cipher_list);
			}
		else if ((s->ctx != NULL) &&
			(s->ctx->cipher_list != NULL))
			{
			return(s->ctx->cipher_list);
			}
		}
	return(NULL);
	}

/** return a STACK of the ciphers available for the SSL and in order of
 * algorithm id */
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
	{
	if (s != NULL)
		{
		if (s->cipher_list_by_id != NULL)
			{
			return(s->cipher_list_by_id);
			}
		else if ((s->ctx != NULL) &&
			(s->ctx->cipher_list_by_id != NULL))
			{
			return(s->ctx->cipher_list_<style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="cm">/* ssl/ssl_sess.c */</span>
<span class="cm">/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)</span>
<span class="cm"> * All rights reserved.</span>
<span class="cm"> *</span>
<span class="cm"> * This package is an SSL implementation written</span>
<span class="cm"> * by Eric Young (eay@cryptsoft.com).</span>
<span class="cm"> * The implementation was written so as to conform with Netscapes SSL.</span>
<span class="cm"> * </span>
<span class="cm"> * This library is free for commercial and non-commercial use as long as</span>
<span class="cm"> * the following conditions are aheared to.  The following conditions</span>
<span class="cm"> * apply to all code found in this distribution, be it the RC4, RSA,</span>
<span class="cm"> * lhash, DES, etc., code; not just the SSL code.  The SSL documentation</span>
<span class="cm"> * included with this distribution is covered by the same copyright terms</span>
<span class="cm"> * except that the holder is Tim Hudson (tjh@cryptsoft.com).</span>
<span class="cm"> * </span>
<span class="cm"> * Copyright remains Eric Young&#39;s, and as such any Copyright notices in</span>
<span class="cm"> * the code are not to be removed.</span>
<span class="cm"> * If this package is used in a product, Eric Young should be given attribution</span>
<span class="cm"> * as the author of the parts of the library used.</span>
<span class="cm"> * This can be in the form of a textual message at program startup or</span>
<span class="cm"> * in documentation (online or textual) provided with the package.</span>
<span class="cm"> * </span>
<span class="cm"> * Redistribution and use in source and binary forms, with or without</span>
<span class="cm"> * modification, are permitted provided that the following conditions</span>
<span class="cm"> * are met:</span>
<span class="cm"> * 1. Redistributions of source code must retain the copyright</span>
<span class="cm"> *    notice, this list of conditions and the following disclaimer.</span>
<span class="cm"> * 2. Redistributions in binary form must reproduce the above copyright</span>
<span class="cm"> *    notice, this list of conditions and the following disclaimer in the</span>
<span class="cm"> *    documentation and/or other materials provided with the distribution.</span>
<span class="cm"> * 3. All advertising materials mentioning features or use of this software</span>
<span class="cm"> *    must display the following acknowledgement:</span>
<span class="cm"> *    &quot;This product includes cryptographic software written by</span>
<span class="cm"> *     Eric Young (eay@cryptsoft.com)&quot;</span>
<span class="cm"> *    The word &#39;cryptographic&#39; can be left out if the rouines from the library</span>
<span class="cm"> *    being used are not cryptographic related :-).</span>
<span class="cm"> * 4. If you include any Windows specific code (or a derivative thereof) from </span>
<span class="cm"> *    the apps directory (application code) you must include an acknowledgement:</span>
<span class="cm"> *    &quot;This product includes software written by Tim Hudson (tjh@cryptsoft.com)&quot;</span>
<span class="cm"> * </span>
<span class="cm"> * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS&#39;&#39; AND</span>
<span class="cm"> * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE</span>
<span class="cm"> * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE</span>
<span class="cm"> * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE</span>
<span class="cm"> * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL</span>
<span class="cm"> * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS</span>
<span class="cm"> * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)</span>
<span class="cm"> * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT</span>
<span class="cm"> * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY</span>
<span class="cm"> * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF</span>
<span class="cm"> * SUCH DAMAGE.</span>
<span class="cm"> * </span>
<span class="cm"> * The licence and distribution terms for any publically available version or</span>
<span class="cm"> * derivative of this code cannot be changed.  i.e. this code cannot simply be</span>
<span class="cm"> * copied and put under another distribution licence</span>
<span class="cm"> * [including the GNU Public Licence.]</span>
<span class="cm"> */</span>

<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;stdio.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/lhash.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/rand.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&quot;ssl_locl.h&quot;</span>

<span class="k">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">);</span>
<span class="k">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">SSL_SESSION_list_add</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">);</span>
<span class="k">static</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="nf">remove_session_lock</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">c</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">lck</span><span class="p">);</span>

<span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="nf">SSL_get_session</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">ssl</span><span class="p">)</span>
<span class="cm">/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">ssl</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="nf">SSL_get1_session</span><span class="p">(</span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">ssl</span><span class="p">)</span>
<span class="cm">/* variant of SSL_get_session: caller really gets something */</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">sess</span><span class="p">;</span>
<span class="w">	</span><span class="cm">/* Need to lock this all up rather than just use CRYPTO_add so that</span>
<span class="cm">	 * somebody doesn&#39;t free ssl-&gt;session between when we check it&#39;s</span>
<span class="cm">	 * non-null and when we up the reference count. */</span>
<span class="w">	</span><span class="n">CRYPTO_w_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="w">	</span><span class="n">sess</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ssl</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">;</span>
<span class="w">	</span><span class="k">if</span><span class="p">(</span><span class="n">sess</span><span class="p">)</span>
<span class="w">		</span><span class="n">sess</span><span class="o">-&gt;</span><span class="n">references</span><span class="o">++</span><span class="p">;</span>
<span class="w">	</span><span class="n">CRYPTO_w_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">sess</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">SSL_SESSION_get_ex_new_index</span><span class="p">(</span><span class="kt">long</span><span class="w"> </span><span class="n">argl</span><span class="p">,</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="o">*</span><span class="n">argp</span><span class="p">,</span><span class="w"> </span><span class="n">CRYPTO_EX_new</span><span class="w"> </span><span class="o">*</span><span class="n">new_func</span><span class="p">,</span>
<span class="w">	     </span><span class="n">CRYPTO_EX_dup</span><span class="w"> </span><span class="o">*</span><span class="n">dup_func</span><span class="p">,</span><span class="w"> </span><span class="n">CRYPTO_EX_free</span><span class="w"> </span><span class="o">*</span><span class="n">free_func</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">return</span><span class="w"> </span><span class="n">CRYPTO_get_ex_new_index</span><span class="p">(</span><span class="n">CRYPTO_EX_INDEX_SSL_SESSION</span><span class="p">,</span><span class="w"> </span><span class="n">argl</span><span class="p">,</span><span class="w"> </span><span class="n">argp</span><span class="p">,</span>
<span class="w">			</span><span class="n">new_func</span><span class="p">,</span><span class="w"> </span><span class="n">dup_func</span><span class="p">,</span><span class="w"> </span><span class="n">free_func</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">SSL_SESSION_set_ex_data</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">idx</span><span class="p">,</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="o">*</span><span class="n">arg</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">CRYPTO_set_ex_data</span><span class="p">(</span><span class="o">&amp;</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ex_data</span><span class="p">,</span><span class="n">idx</span><span class="p">,</span><span class="n">arg</span><span class="p">));</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">void</span><span class="w"> </span><span class="o">*</span><span class="nf">SSL_SESSION_get_ex_data</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">idx</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">CRYPTO_get_ex_data</span><span class="p">(</span><span class="o">&amp;</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ex_data</span><span class="p">,</span><span class="n">idx</span><span class="p">));</span>
<span class="w">	</span><span class="p">}</span>

<span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="nf">SSL_SESSION_new</span><span class="p">(</span><span class="kt">void</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">ss</span><span class="p">;</span>

<span class="w">	</span><span class="n">ss</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">OPENSSL_malloc</span><span class="p">(</span><span class="k">sizeof</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="p">));</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ss</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_SESSION_NEW</span><span class="p">,</span><span class="n">ERR_R_MALLOC_FAILURE</span><span class="p">);</span>
<span class="w">		</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="n">memset</span><span class="p">(</span><span class="n">ss</span><span class="p">,</span><span class="mi">0</span><span class="p">,</span><span class="k">sizeof</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="p">));</span>

<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="p">;</span><span class="w"> </span><span class="cm">/* avoid 0 (= X509_V_OK) just in case */</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">references</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="mi">60</span><span class="o">*</span><span class="mi">5</span><span class="o">+</span><span class="mi">4</span><span class="p">;</span><span class="w"> </span><span class="cm">/* 5 minute timeout by default */</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">time</span><span class="o">=</span><span class="p">(</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">long</span><span class="p">)</span><span class="n">time</span><span class="p">(</span><span class="nb">NULL</span><span class="p">);</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">compress_meth</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="n">CRYPTO_new_ex_data</span><span class="p">(</span><span class="n">CRYPTO_EX_INDEX_SSL_SESSION</span><span class="p">,</span><span class="w"> </span><span class="n">ss</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ex_data</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="k">const</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">char</span><span class="w"> </span><span class="o">*</span><span class="nf">SSL_SESSION_get_id</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="o">*</span><span class="n">len</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="p">(</span><span class="n">len</span><span class="p">)</span>
<span class="w">		</span><span class="o">*</span><span class="n">len</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="p">;</span>
<span class="w">	</span><span class="p">}</span>

<span class="cm">/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1</span>
<span class="cm"> * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly</span>
<span class="cm"> * until we have no conflict is going to complete in one iteration pretty much</span>
<span class="cm"> * &quot;most&quot; of the time (btw: understatement). So, if it takes us 10 iterations</span>
<span class="cm"> * and we still can&#39;t avoid a conflict - well that&#39;s a reasonable point to call</span>
<span class="cm"> * it quits. Either the RAND code is broken or someone is trying to open roughly</span>
<span class="cm"> * very close to 2^128 (or 2^256) SSL sessions to our server. How you might</span>
<span class="cm"> * store that many sessions is perhaps a more interesting question ... */</span>

<span class="cp">#define MAX_SESS_ID_ATTEMPTS 10</span>
<span class="k">static</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="nf">def_generate_session_id</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">ssl</span><span class="p">,</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">char</span><span class="w"> </span><span class="o">*</span><span class="n">id</span><span class="p">,</span>
<span class="w">				</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="o">*</span><span class="n">id_len</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">	</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">retry</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="k">do</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">RAND_pseudo_bytes</span><span class="p">(</span><span class="n">id</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">id_len</span><span class="p">)</span><span class="w"> </span><span class="o">&lt;=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">			</span><span class="k">return</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="k">while</span><span class="p">(</span><span class="n">SSL_has_matching_session_id</span><span class="p">(</span><span class="n">ssl</span><span class="p">,</span><span class="w"> </span><span class="n">id</span><span class="p">,</span><span class="w"> </span><span class="o">*</span><span class="n">id_len</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">		</span><span class="p">(</span><span class="o">++</span><span class="n">retry</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">MAX_SESS_ID_ATTEMPTS</span><span class="p">));</span>
<span class="w">	</span><span class="k">if</span><span class="p">(</span><span class="n">retry</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">MAX_SESS_ID_ATTEMPTS</span><span class="p">)</span>
<span class="w">		</span><span class="k">return</span><span class="w"> </span><span class="mi">1</span><span class="p">;</span>
<span class="w">	</span><span class="cm">/* else - woops a session_id match */</span>
<span class="w">	</span><span class="cm">/* XXX We should also check the external cache --</span>
<span class="cm">	 * but the probability of a collision is negligible, and</span>
<span class="cm">	 * we could not prevent the concurrent creation of sessions</span>
<span class="cm">	 * with identical IDs since we currently don&#39;t have means</span>
<span class="cm">	 * to atomically check whether a session ID already exists</span>
<span class="cm">	 * and make a reservation for it if it does not</span>
<span class="cm">	 * (this problem applies to the internal cache as well).</span>
<span class="cm">	 */</span>
<span class="w">	</span><span class="k">return</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">ssl_get_new_session</span><span class="p">(</span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">session</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="cm">/* This gets used by clients and servers. */</span>

<span class="w">	</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">tmp</span><span class="p">;</span>
<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">ss</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">	</span><span class="n">GEN_SESSION_CB</span><span class="w"> </span><span class="n">cb</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">def_generate_session_id</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">ss</span><span class="o">=</span><span class="n">SSL_SESSION_new</span><span class="p">())</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>

<span class="w">	</span><span class="cm">/* If the context has a default timeout, use it */</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">		</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="n">SSL_get_default_timeout</span><span class="p">(</span><span class="n">s</span><span class="p">);</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">session</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">SSL2_VERSION</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">SSL2_VERSION</span><span class="p">;</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="o">=</span><span class="n">SSL2_SSL_SESSION_ID_LENGTH</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">SSL3_VERSION</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">SSL3_VERSION</span><span class="p">;</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="o">=</span><span class="n">SSL3_SSL_SESSION_ID_LENGTH</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">TLS1_VERSION</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">TLS1_VERSION</span><span class="p">;</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="o">=</span><span class="n">SSL3_SSL_SESSION_ID_LENGTH</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">DTLS1_VERSION</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">DTLS1_VERSION</span><span class="p">;</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="o">=</span><span class="n">SSL3_SSL_SESSION_ID_LENGTH</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_NEW_SESSION</span><span class="p">,</span><span class="n">SSL_R_UNSUPPORTED_SSL_VERSION</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">			</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="cm">/* Choose which callback will set the session ID */</span>
<span class="w">		</span><span class="n">CRYPTO_r_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">generate_session_id</span><span class="p">)</span>
<span class="w">			</span><span class="n">cb</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">generate_session_id</span><span class="p">;</span>
<span class="w">		</span><span class="k">else</span><span class="w"> </span><span class="k">if</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">generate_session_id</span><span class="p">)</span>
<span class="w">			</span><span class="n">cb</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">generate_session_id</span><span class="p">;</span>
<span class="w">		</span><span class="n">CRYPTO_r_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">		</span><span class="cm">/* Choose a session ID */</span>
<span class="w">		</span><span class="n">tmp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="p">;</span>
<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">cb</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">tmp</span><span class="p">))</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="cm">/* The callback failed */</span>
<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_NEW_SESSION</span><span class="p">,</span>
<span class="w">				</span><span class="n">SSL_R_SSL_SESSION_ID_CALLBACK_FAILED</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">			</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="cm">/* Don&#39;t allow the callback to set the session length to zero.</span>
<span class="cm">		 * nor set it higher than it was. */</span>
<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">tmp</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="p">(</span><span class="n">tmp</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="p">))</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="cm">/* The callback set an illegal length */</span>
<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_NEW_SESSION</span><span class="p">,</span>
<span class="w">				</span><span class="n">SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">			</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="cm">/* If the session length was shrunk and we&#39;re SSLv2, pad it */</span>
<span class="w">		</span><span class="k">if</span><span class="p">((</span><span class="n">tmp</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">SSL2_VERSION</span><span class="p">))</span>
<span class="w">			</span><span class="n">memset</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">tmp</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">tmp</span><span class="p">);</span>
<span class="w">		</span><span class="k">else</span>
<span class="w">			</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">tmp</span><span class="p">;</span>
<span class="w">		</span><span class="cm">/* Finally, check for a conflict */</span>
<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="n">SSL_has_matching_session_id</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="p">,</span>
<span class="w">						</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="p">))</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_NEW_SESSION</span><span class="p">,</span>
<span class="w">				</span><span class="n">SSL_R_SSL_SESSION_ID_CONFLICT</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">			</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="k">sizeof</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">sid_ctx</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_NEW_SESSION</span><span class="p">,</span><span class="w"> </span><span class="n">ERR_R_INTERNAL_ERROR</span><span class="p">);</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">		</span><span class="k">return</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="n">memcpy</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">sid_ctx</span><span class="p">,</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx</span><span class="p">,</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="p">);</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="p">;</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">=</span><span class="n">ss</span><span class="p">;</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="p">;</span>
<span class="w">	</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">X509_V_OK</span><span class="p">;</span>

<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">ssl_get_prev_session</span><span class="p">(</span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">char</span><span class="w"> </span><span class="o">*</span><span class="n">session_id</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">len</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="cm">/* This is used only by servers. */</span>

<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">ret</span><span class="o">=</span><span class="nb">NULL</span><span class="p">,</span><span class="n">data</span><span class="p">;</span>
<span class="w">	</span><span class="kt">int</span><span class="w"> </span><span class="n">fatal</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>

<span class="w">	</span><span class="n">data</span><span class="p">.</span><span class="n">ssl_version</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">version</span><span class="p">;</span>
<span class="w">	</span><span class="n">data</span><span class="p">.</span><span class="n">session_id_length</span><span class="o">=</span><span class="n">len</span><span class="p">;</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="n">SSL_MAX_SSL_SESSION_ID_LENGTH</span><span class="p">)</span>
<span class="w">		</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">	</span><span class="n">memcpy</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">session_id</span><span class="p">,</span><span class="n">session_id</span><span class="p">,</span><span class="n">len</span><span class="p">);</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_mode</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">SSL_SESS_CACHE_NO_INTERNAL_LOOKUP</span><span class="p">))</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">CRYPTO_r_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">lh_retrieve</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">sessions</span><span class="p">,</span><span class="o">&amp;</span><span class="n">data</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		    </span><span class="cm">/* don&#39;t allow other threads to steal it: */</span>
<span class="w">		    </span><span class="n">CRYPTO_add</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">references</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="w">		</span><span class="n">CRYPTO_r_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="kt">int</span><span class="w"> </span><span class="n">copy</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">	</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">stats</span><span class="p">.</span><span class="n">sess_miss</span><span class="o">++</span><span class="p">;</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">get_session_cb</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span>
<span class="w">		    </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">get_session_cb</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="n">session_id</span><span class="p">,</span><span class="n">len</span><span class="p">,</span><span class="o">&amp;</span><span class="n">copy</span><span class="p">))</span>
<span class="w">		       </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">stats</span><span class="p">.</span><span class="n">sess_cb_hit</span><span class="o">++</span><span class="p">;</span>

<span class="w">			</span><span class="cm">/* Increment reference count now if the session callback</span>
<span class="cm">			 * asks us to do so (note that if the session structures</span>
<span class="cm">			 * returned by the callback are shared between threads,</span>
<span class="cm">			 * it must handle the reference count itself [i.e. copy == 0],</span>
<span class="cm">			 * or things won&#39;t be thread-safe). */</span>
<span class="w">			</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">copy</span><span class="p">)</span>
<span class="w">				</span><span class="n">CRYPTO_add</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">references</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>

<span class="w">			</span><span class="cm">/* Add the externally cached session to the internal</span>
<span class="cm">			 * cache as well if and only if we are supposed to. */</span>
<span class="w">			</span><span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_mode</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">SSL_SESS_CACHE_NO_INTERNAL_STORE</span><span class="p">))</span>
<span class="w">				</span><span class="cm">/* The following should not return 1, otherwise,</span>
<span class="cm">				 * things are very strange */</span>
<span class="w">				</span><span class="n">SSL_CTX_add_session</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="p">,</span><span class="n">ret</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="cm">/* Now ret is non-NULL, and we own one of its reference counts. */</span>

<span class="w">	</span><span class="k">if</span><span class="p">((</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">verify_mode</span><span class="o">&amp;</span><span class="n">SSL_VERIFY_PEER</span><span class="p">)</span>
<span class="w">	   </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span>
<span class="w">	       </span><span class="o">||</span><span class="w"> </span><span class="n">memcmp</span><span class="p">(</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">sid_ctx</span><span class="p">,</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx</span><span class="p">,</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="p">)))</span>
<span class="w">	    </span><span class="p">{</span>
<span class="w">		</span><span class="cm">/* We&#39;ve found the session named by the client, but we don&#39;t</span>
<span class="cm">		 * want to use it in this context. */</span>
<span class="w">		</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sid_ctx_length</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="cm">/* application should have used SSL[_CTX]_set_session_id_context</span>
<span class="cm">			 * -- we could tolerate this and just pretend we never heard</span>
<span class="cm">			 * of this session, but then applications could effectively</span>
<span class="cm">			 * disable the session cache by accident without anyone noticing */</span>

<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_GET_PREV_SESSION</span><span class="p">,</span><span class="n">SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED</span><span class="p">);</span>
<span class="w">			</span><span class="n">fatal</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">1</span><span class="p">;</span>
<span class="w">			</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span>
<span class="w">			</span><span class="p">{</span>
<span class="cp">#if 0</span><span class="c"> /* The client cannot always know when a session is not appropriate,</span>
<span class="c">	   * so we shouldn&#39;t generate an error message. */</span>

<span class="c">			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);</span>
<span class="cp">#endif</span>
<span class="w">			</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span><span class="w"> </span><span class="cm">/* treat like cache miss */</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">cipher</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">char</span><span class="w"> </span><span class="n">buf</span><span class="p">[</span><span class="mi">5</span><span class="p">],</span><span class="o">*</span><span class="n">p</span><span class="p">;</span>
<span class="w">		</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">l</span><span class="p">;</span>

<span class="w">		</span><span class="n">p</span><span class="o">=</span><span class="n">buf</span><span class="p">;</span>
<span class="w">		</span><span class="n">l</span><span class="o">=</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">cipher_id</span><span class="p">;</span>
<span class="w">		</span><span class="n">l2n</span><span class="p">(</span><span class="n">l</span><span class="p">,</span><span class="n">p</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="o">&gt;&gt;</span><span class="mi">8</span><span class="p">)</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">SSL3_VERSION_MAJOR</span><span class="p">)</span>
<span class="w">			</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">cipher</span><span class="o">=</span><span class="n">ssl_get_cipher_by_char</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="o">&amp;</span><span class="p">(</span><span class="n">buf</span><span class="p">[</span><span class="mi">2</span><span class="p">]));</span>
<span class="w">		</span><span class="k">else</span><span class="w"> </span>
<span class="w">			</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">cipher</span><span class="o">=</span><span class="n">ssl_get_cipher_by_char</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="o">&amp;</span><span class="p">(</span><span class="n">buf</span><span class="p">[</span><span class="mi">1</span><span class="p">]));</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">cipher</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>


<span class="cp">#if 0</span><span class="c"> /* This is way too late. */</span>

<span class="c">	/* If a thread got the session, then &#39;swaped&#39;, and another got</span>
<span class="c">	 * it and then due to a time-out decided to &#39;OPENSSL_free&#39; it we could</span>
<span class="c">	 * be in trouble.  So I&#39;ll increment it now, then double decrement</span>
<span class="c">	 * later - am I speaking rubbish?. */</span>
<span class="c">	CRYPTO_add(&amp;ret-&gt;references,1,CRYPTO_LOCK_SSL_SESSION);</span>
<span class="cp">#endif</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="p">(</span><span class="kt">long</span><span class="p">)(</span><span class="n">time</span><span class="p">(</span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">ret</span><span class="o">-&gt;</span><span class="n">time</span><span class="p">))</span><span class="w"> </span><span class="cm">/* timeout */</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">stats</span><span class="p">.</span><span class="n">sess_timeout</span><span class="o">++</span><span class="p">;</span>
<span class="w">		</span><span class="cm">/* remove it from the cache */</span>
<span class="w">		</span><span class="n">SSL_CTX_remove_session</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="p">,</span><span class="n">ret</span><span class="p">);</span>
<span class="w">		</span><span class="k">goto</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>

<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">stats</span><span class="p">.</span><span class="n">sess_hit</span><span class="o">++</span><span class="p">;</span>

<span class="w">	</span><span class="cm">/* ret-&gt;time=time(NULL); */</span><span class="w"> </span><span class="cm">/* rezero timeout? */</span>
<span class="w">	</span><span class="cm">/* again, just leave the session </span>
<span class="cm">	 * if it is the same session, we have just incremented and</span>
<span class="cm">	 * then decremented the reference count :-) */</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">=</span><span class="n">ret</span><span class="p">;</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>

<span class="w"> </span><span class="nl">err</span><span class="p">:</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">ret</span><span class="p">);</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">fatal</span><span class="p">)</span>
<span class="w">		</span><span class="k">return</span><span class="w"> </span><span class="mi">-1</span><span class="p">;</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="k">return</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">SSL_CTX_add_session</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">c</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="kt">int</span><span class="w"> </span><span class="n">ret</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">;</span>

<span class="w">	</span><span class="cm">/* add just 1 reference count for the SSL_CTX&#39;s session cache</span>
<span class="cm">	 * even though it has two ways of access: each session is in a</span>
<span class="cm">	 * doubly linked list and an lhash */</span>
<span class="w">	</span><span class="n">CRYPTO_add</span><span class="p">(</span><span class="o">&amp;</span><span class="n">c</span><span class="o">-&gt;</span><span class="n">references</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="w">	</span><span class="cm">/* if session c is in already in cache, we take back the increment later */</span>

<span class="w">	</span><span class="n">CRYPTO_w_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">	</span><span class="n">s</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">lh_insert</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">sessions</span><span class="p">,</span><span class="n">c</span><span class="p">);</span>
<span class="w">	</span>
<span class="w">	</span><span class="cm">/* s != NULL iff we already had a session with the given PID.</span>
<span class="cm">	 * In this case, s == c should hold (then we did not really modify</span>
<span class="cm">	 * ctx-&gt;sessions), or we&#39;re in trouble. */</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="n">s</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">c</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="cm">/* We *are* in trouble ... */</span>
<span class="w">		</span><span class="n">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="cm">/* ... so pretend the other session did not exist in cache</span>
<span class="cm">		 * (we cannot handle two SSL_SESSION structures with identical</span>
<span class="cm">		 * session ID in the same cache, which could happen e.g. when</span>
<span class="cm">		 * two threads concurrently obtain the same session from an external</span>
<span class="cm">		 * cache) */</span>
<span class="w">		</span><span class="n">s</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>

<span class="w"> 	</span><span class="cm">/* Put at the head of the queue unless it is already in the cache */</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="n">SSL_SESSION_list_add</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="n">c</span><span class="p">);</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="cm">/* existing cache entry -- decrement previously incremented reference</span>
<span class="cm">		 * count because it already takes into account the cache */</span>

<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="p">);</span><span class="w"> </span><span class="cm">/* s == c */</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="cm">/* new cache entry -- remove old ones if cache has become too large */</span>
<span class="w">		</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>

<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_CTX_sess_get_cache_size</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="k">while</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_CTX_sess_number</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span><span class="w"> </span><span class="o">&gt;</span>
<span class="w">				</span><span class="n">SSL_CTX_sess_get_cache_size</span><span class="p">(</span><span class="n">ctx</span><span class="p">))</span>
<span class="w">				</span><span class="p">{</span>
<span class="w">				</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">remove_session_lock</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span>
<span class="w">					</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">))</span>
<span class="w">					</span><span class="k">break</span><span class="p">;</span>
<span class="w">				</span><span class="k">else</span>
<span class="w">					</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">stats</span><span class="p">.</span><span class="n">sess_cache_full</span><span class="o">++</span><span class="p">;</span>
<span class="w">				</span><span class="p">}</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="n">CRYPTO_w_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">ret</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">SSL_CTX_remove_session</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">c</span><span class="p">)</span>
<span class="p">{</span>
<span class="w">	</span><span class="k">return</span><span class="w"> </span><span class="n">remove_session_lock</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">c</span><span class="p">,</span><span class="w"> </span><span class="mi">1</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="nf">remove_session_lock</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">c</span><span class="p">,</span><span class="w"> </span><span class="kt">int</span><span class="w"> </span><span class="n">lck</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">r</span><span class="p">;</span>
<span class="w">	</span><span class="kt">int</span><span class="w"> </span><span class="n">ret</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">c</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">c</span><span class="o">-&gt;</span><span class="n">session_id_length</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="p">))</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="n">lck</span><span class="p">)</span><span class="w"> </span><span class="n">CRYPTO_w_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">r</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">lh_retrieve</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">sessions</span><span class="p">,</span><span class="n">c</span><span class="p">))</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="n">c</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ret</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">			</span><span class="n">r</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">lh_delete</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">sessions</span><span class="p">,</span><span class="n">c</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="n">c</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>

<span class="w">		</span><span class="k">if</span><span class="p">(</span><span class="n">lck</span><span class="p">)</span><span class="w"> </span><span class="n">CRYPTO_w_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>

<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ret</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">r</span><span class="o">-&gt;</span><span class="n">not_resumable</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">			</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">remove_session_cb</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">				</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">remove_session_cb</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="n">r</span><span class="p">);</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">r</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">ret</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">void</span><span class="w"> </span><span class="nf">SSL_SESSION_free</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">ss</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="kt">int</span><span class="w"> </span><span class="n">i</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="p">(</span><span class="n">ss</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">	    </span><span class="k">return</span><span class="p">;</span>

<span class="w">	</span><span class="n">i</span><span class="o">=</span><span class="n">CRYPTO_add</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">references</span><span class="p">,</span><span class="mi">-1</span><span class="p">,</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="cp">#ifdef REF_PRINT</span>
<span class="w">	</span><span class="n">REF_PRINT</span><span class="p">(</span><span class="s">&quot;SSL_SESSION&quot;</span><span class="p">,</span><span class="n">ss</span><span class="p">);</span>
<span class="cp">#endif</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">i</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">;</span>
<span class="cp">#ifdef REF_CHECK</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">i</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span><span class="s">&quot;SSL_SESSION_free, bad reference count</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">);</span>
<span class="w">		</span><span class="n">abort</span><span class="p">();</span><span class="w"> </span><span class="cm">/* ok */</span>
<span class="w">		</span><span class="p">}</span>
<span class="cp">#endif</span>

<span class="w">	</span><span class="n">CRYPTO_free_ex_data</span><span class="p">(</span><span class="n">CRYPTO_EX_INDEX_SSL_SESSION</span><span class="p">,</span><span class="w"> </span><span class="n">ss</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ex_data</span><span class="p">);</span>

<span class="w">	</span><span class="n">OPENSSL_cleanse</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">key_arg</span><span class="p">,</span><span class="k">sizeof</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">key_arg</span><span class="p">);</span>
<span class="w">	</span><span class="n">OPENSSL_cleanse</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">master_key</span><span class="p">,</span><span class="k">sizeof</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">master_key</span><span class="p">);</span>
<span class="w">	</span><span class="n">OPENSSL_cleanse</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="p">,</span><span class="k">sizeof</span><span class="w"> </span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">session_id</span><span class="p">);</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">sess_cert</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="n">ssl_sess_cert_free</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">sess_cert</span><span class="p">);</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">peer</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="n">X509_free</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">peer</span><span class="p">);</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ciphers</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="n">sk_SSL_CIPHER_free</span><span class="p">(</span><span class="n">ss</span><span class="o">-&gt;</span><span class="n">ciphers</span><span class="p">);</span>
<span class="w">	</span><span class="n">OPENSSL_cleanse</span><span class="p">(</span><span class="n">ss</span><span class="p">,</span><span class="k">sizeof</span><span class="p">(</span><span class="o">*</span><span class="n">ss</span><span class="p">));</span>
<span class="w">	</span><span class="n">OPENSSL_free</span><span class="p">(</span><span class="n">ss</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="nf">SSL_set_session</span><span class="p">(</span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">session</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="kt">int</span><span class="w"> </span><span class="n">ret</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="n">SSL_METHOD</span><span class="w"> </span><span class="o">*</span><span class="n">meth</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">meth</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">method</span><span class="o">-&gt;</span><span class="n">get_ssl_method</span><span class="p">(</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">meth</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="n">meth</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">method</span><span class="o">-&gt;</span><span class="n">get_ssl_method</span><span class="p">(</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">ssl_version</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">meth</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">SSLerr</span><span class="p">(</span><span class="n">SSL_F_SSL_SET_SESSION</span><span class="p">,</span><span class="n">SSL_R_UNABLE_TO_FIND_SSL_METHOD</span><span class="p">);</span>
<span class="w">			</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>

<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">meth</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">method</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">SSL_set_ssl_method</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="n">meth</span><span class="p">))</span>
<span class="w">				</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">				</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="n">SSL_get_default_timeout</span><span class="p">(</span><span class="n">s</span><span class="p">);</span>
<span class="w">			</span><span class="k">else</span>
<span class="w">				</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>

<span class="cp">#ifndef OPENSSL_NO_KRB5</span>
<span class="w">                </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">kssl_ctx</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="o">!</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">kssl_ctx</span><span class="o">-&gt;</span><span class="n">client_princ</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">                    </span><span class="n">session</span><span class="o">-&gt;</span><span class="n">krb5_client_princ_len</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span>
<span class="w">                </span><span class="p">{</span>
<span class="w">                    </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">kssl_ctx</span><span class="o">-&gt;</span><span class="n">client_princ</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="kt">char</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="n">malloc</span><span class="p">(</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">krb5_client_princ_len</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">1</span><span class="p">);</span>
<span class="w">                    </span><span class="n">memcpy</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">kssl_ctx</span><span class="o">-&gt;</span><span class="n">client_princ</span><span class="p">,</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">krb5_client_princ</span><span class="p">,</span>
<span class="w">                            </span><span class="n">session</span><span class="o">-&gt;</span><span class="n">krb5_client_princ_len</span><span class="p">);</span>
<span class="w">                    </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">kssl_ctx</span><span class="o">-&gt;</span><span class="n">client_princ</span><span class="p">[</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">krb5_client_princ_len</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sc">&#39;\0&#39;</span><span class="p">;</span>
<span class="w">                </span><span class="p">}</span>
<span class="cp">#endif </span><span class="cm">/* OPENSSL_NO_KRB5 */</span>

<span class="w">		</span><span class="cm">/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/</span>
<span class="w">		</span><span class="n">CRYPTO_add</span><span class="p">(</span><span class="o">&amp;</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">references</span><span class="p">,</span><span class="mi">1</span><span class="p">,</span><span class="n">CRYPTO_LOCK_SSL_SESSION</span><span class="p">);</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">=</span><span class="n">session</span><span class="p">;</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">-&gt;</span><span class="n">verify_result</span><span class="p">;</span>
<span class="w">		</span><span class="cm">/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>

<span class="w">		</span><span class="n">meth</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">method</span><span class="p">;</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">meth</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="n">s</span><span class="o">-&gt;</span><span class="n">method</span><span class="p">)</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">SSL_set_ssl_method</span><span class="p">(</span><span class="n">s</span><span class="p">,</span><span class="n">meth</span><span class="p">))</span>
<span class="w">				</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="n">ret</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">ret</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_SESSION_set_timeout</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">t</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="o">=</span><span class="n">t</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_SESSION_get_timeout</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_SESSION_get_time</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">time</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_SESSION_set_time</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">t</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">time</span><span class="o">=</span><span class="n">t</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">t</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_CTX_set_timeout</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">t</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="kt">long</span><span class="w"> </span><span class="n">l</span><span class="p">;</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="n">l</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="p">;</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="o">=</span><span class="n">t</span><span class="p">;</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">l</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">long</span><span class="w"> </span><span class="nf">SSL_CTX_get_timeout</span><span class="p">(</span><span class="k">const</span><span class="w"> </span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="k">return</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session_timeout</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="k">typedef</span><span class="w"> </span><span class="k">struct</span><span class="w"> </span><span class="nc">timeout_param_st</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">;</span>
<span class="w">	</span><span class="kt">long</span><span class="w"> </span><span class="n">time</span><span class="p">;</span>
<span class="w">	</span><span class="n">LHASH</span><span class="w"> </span><span class="o">*</span><span class="n">cache</span><span class="p">;</span>
<span class="w">	</span><span class="p">}</span><span class="w"> </span><span class="n">TIMEOUT_PARAM</span><span class="p">;</span>

<span class="k">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">timeout</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="n">TIMEOUT_PARAM</span><span class="w"> </span><span class="o">*</span><span class="n">p</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">time</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">time</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">time</span><span class="o">+</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">timeout</span><span class="p">)))</span><span class="w"> </span><span class="cm">/* timeout */</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="cm">/* The reason we don&#39;t call SSL_CTX_remove_session() is to</span>
<span class="cm">		 * save on locking overhead */</span>
<span class="w">		</span><span class="n">lh_delete</span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">cache</span><span class="p">,</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="n">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="p">,</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">not_resumable</span><span class="o">=</span><span class="mi">1</span><span class="p">;</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">remove_session_cb</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">			</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">remove_session_cb</span><span class="p">(</span><span class="n">p</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="p">,</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="n">SSL_SESSION_free</span><span class="p">(</span><span class="n">s</span><span class="p">);</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="n">IMPLEMENT_LHASH_DOALL_ARG_FN</span><span class="p">(</span><span class="n">timeout</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">,</span><span class="w"> </span><span class="n">TIMEOUT_PARAM</span><span class="w"> </span><span class="o">*</span><span class="p">)</span>

<span class="kt">void</span><span class="w"> </span><span class="n">SSL_CTX_flush_sessions</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">,</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">t</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="kt">unsigned</span><span class="w"> </span><span class="kt">long</span><span class="w"> </span><span class="n">i</span><span class="p">;</span>
<span class="w">	</span><span class="n">TIMEOUT_PARAM</span><span class="w"> </span><span class="n">tp</span><span class="p">;</span>

<span class="w">	</span><span class="n">tp</span><span class="p">.</span><span class="n">ctx</span><span class="o">=</span><span class="n">s</span><span class="p">;</span>
<span class="w">	</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">sessions</span><span class="p">;</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="k">return</span><span class="p">;</span>
<span class="w">	</span><span class="n">tp</span><span class="p">.</span><span class="n">time</span><span class="o">=</span><span class="n">t</span><span class="p">;</span>
<span class="w">	</span><span class="n">CRYPTO_w_lock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">	</span><span class="n">i</span><span class="o">=</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="o">-&gt;</span><span class="n">down_load</span><span class="p">;</span>
<span class="w">	</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="o">-&gt;</span><span class="n">down_load</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span>
<span class="w">	</span><span class="n">lh_doall_arg</span><span class="p">(</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="p">,</span><span class="w"> </span><span class="n">LHASH_DOALL_ARG_FN</span><span class="p">(</span><span class="n">timeout</span><span class="p">),</span><span class="w"> </span><span class="o">&amp;</span><span class="n">tp</span><span class="p">);</span>
<span class="w">	</span><span class="n">tp</span><span class="p">.</span><span class="n">cache</span><span class="o">-&gt;</span><span class="n">down_load</span><span class="o">=</span><span class="n">i</span><span class="p">;</span>
<span class="w">	</span><span class="n">CRYPTO_w_unlock</span><span class="p">(</span><span class="n">CRYPTO_LOCK_SSL_CTX</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="kt">int</span><span class="w"> </span><span class="n">ssl_clear_bad_session</span><span class="p">(</span><span class="n">SSL</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w">	</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">		</span><span class="o">!</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">shutdown</span><span class="w"> </span><span class="o">&amp;</span><span class="w"> </span><span class="n">SSL_SENT_SHUTDOWN</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span>
<span class="w">		</span><span class="o">!</span><span class="p">(</span><span class="n">SSL_in_init</span><span class="p">(</span><span class="n">s</span><span class="p">)</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="n">SSL_in_before</span><span class="p">(</span><span class="n">s</span><span class="p">)))</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">SSL_CTX_remove_session</span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">ctx</span><span class="p">,</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">session</span><span class="p">);</span>
<span class="w">		</span><span class="k">return</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="k">return</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span>
<span class="w">	</span><span class="p">}</span>

<span class="cm">/* locked by SSL_CTX in the calling function */</span>
<span class="k">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="n">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">))</span><span class="w"> </span><span class="k">return</span><span class="p">;</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="p">))</span>
<span class="w">		</span><span class="p">{</span><span class="w"> </span><span class="cm">/* last element in list */</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">))</span>
<span class="w">			</span><span class="p">{</span><span class="w"> </span><span class="cm">/* only one element in list */</span>
<span class="w">			</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">			</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span>
<span class="w">			</span><span class="p">{</span>
<span class="w">			</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="p">;</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">))</span>
<span class="w">			</span><span class="p">{</span><span class="w"> </span><span class="cm">/* first element in list */</span>
<span class="w">			</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="p">;</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">);</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="k">else</span>
<span class="w">			</span><span class="p">{</span><span class="w"> </span><span class="cm">/* middle of list */</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="p">;</span>
<span class="w">			</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="p">;</span>
<span class="w">			</span><span class="p">}</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="nb">NULL</span><span class="p">;</span>
<span class="w">	</span><span class="p">}</span>

<span class="k">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="n">SSL_SESSION_list_add</span><span class="p">(</span><span class="n">SSL_CTX</span><span class="w"> </span><span class="o">*</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="n">s</span><span class="p">)</span>
<span class="w">	</span><span class="p">{</span>
<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">((</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="p">(</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">))</span>
<span class="w">		</span><span class="n">SSL_SESSION_list_remove</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="n">s</span><span class="p">);</span>

<span class="w">	</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="o">=</span><span class="n">s</span><span class="p">;</span>
<span class="w">		</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="o">=</span><span class="n">s</span><span class="p">;</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">);</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_tail</span><span class="p">);</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="k">else</span>
<span class="w">		</span><span class="p">{</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">=</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">;</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">next</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="n">s</span><span class="p">;</span>
<span class="w">		</span><span class="n">s</span><span class="o">-&gt;</span><span class="n">prev</span><span class="o">=</span><span class="p">(</span><span class="n">SSL_SESSION</span><span class="w"> </span><span class="o">*</span><span class="p">)</span><span class="o">&amp;</span><span class="p">(</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="p">);</span>
<span class="w">		</span><span class="n">ctx</span><span class="o">-&gt;</span><span class="n">session_cache_head</span><span class="o">=</span><span class="n">s</span><span class="p">;</span>
<span class="w">		</span><span class="p">}</span>
<span class="w">	</span><span class="p">}</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2025-05-25 07:56:51 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>