1: /*! \file ssl/ssl_lib.c
    2:  *  \brief Version independent SSL functions.
    3:  */
    4: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    5:  * All rights reserved.
    6:  *
    7:  * This package is an SSL implementation written
    8:  * by Eric Young (eay@cryptsoft.com).
    9:  * The implementation was written so as to conform with Netscapes SSL.
   10:  * 
   11:  * This library is free for commercial and non-commercial use as long as
   12:  * the following conditions are aheared to.  The following conditions
   13:  * apply to all code found in this distribution, be it the RC4, RSA,
   14:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   15:  * included with this distribution is covered by the same copyright terms
   16:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   17:  * 
   18:  * Copyright remains Eric Young's, and as such any Copyright notices in
   19:  * the code are not to be removed.
   20:  * If this package is used in a product, Eric Young should be given attribution
   21:  * as the author of the parts of the library used.
   22:  * This can be in the form of a textual message at program startup or
   23:  * in documentation (online or textual) provided with the package.
   24:  * 
   25:  * Redistribution and use in source and binary forms, with or without
   26:  * modification, are permitted provided that the following conditions
   27:  * are met:
   28:  * 1. Redistributions of source code must retain the copyright
   29:  *    notice, this list of conditions and the following disclaimer.
   30:  * 2. Redistributions in binary form must reproduce the above copyright
   31:  *    notice, this list of conditions and the following disclaimer in the
   32:  *    documentation and/or other materials provided with the distribution.
   33:  * 3. All advertising materials mentioning features or use of this software
   34:  *    must display the following acknowledgement:
   35:  *    "This product includes cryptographic software written by
   36:  *     Eric Young (eay@cryptsoft.com)"
   37:  *    The word 'cryptographic' can be left out if the rouines from the library
   38:  *    being used are not cryptographic related :-).
   39:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   40:  *    the apps directory (application code) you must include an acknowledgement:
   41:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   42:  * 
   43:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   44:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   45:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   46:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   47:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   48:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   49:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   50:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   51:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   52:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   53:  * SUCH DAMAGE.
   54:  * 
   55:  * The licence and distribution terms for any publically available version or
   56:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   57:  * copied and put under another distribution licence
   58:  * [including the GNU Public Licence.]
   59:  */
   60: /* ====================================================================
   61:  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
   62:  *
   63:  * Redistribution and use in source and binary forms, with or without
   64:  * modification, are permitted provided that the following conditions
   65:  * are met:
   66:  *
   67:  * 1. Redistributions of source code must retain the above copyright
   68:  *    notice, this list of conditions and the following disclaimer. 
   69:  *
   70:  * 2. Redistributions in binary form must reproduce the above copyright
   71:  *    notice, this list of conditions and the following disclaimer in
   72:  *    the documentation and/or other materials provided with the
   73:  *    distribution.
   74:  *
   75:  * 3. All advertising materials mentioning features or use of this
   76:  *    software must display the following acknowledgment:
   77:  *    "This product includes software developed by the OpenSSL Project
   78:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   79:  *
   80:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   81:  *    endorse or promote products derived from this software without
   82:  *    prior written permission. For written permission, please contact
   83:  *    openssl-core@openssl.org.
   84:  *
   85:  * 5. Products derived from this software may not be called "OpenSSL"
   86:  *    nor may "OpenSSL" appear in their names without prior written
   87:  *    permission of the OpenSSL Project.
   88:  *
   89:  * 6. Redistributions of any form whatsoever must retain the following
   90:  *    acknowledgment:
   91:  *    "This product includes software developed by the OpenSSL Project
   92:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   93:  *
   94:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   95:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   96:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   97:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   98:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   99:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  100:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  101:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  102:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  103:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  104:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  105:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  106:  * ====================================================================
  107:  *
  108:  * This product includes cryptographic software written by Eric Young
  109:  * (eay@cryptsoft.com).  This product includes software written by Tim
  110:  * Hudson (tjh@cryptsoft.com).
  111:  *
  112:  */
  113: /* ====================================================================
  114:  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  115:  * ECC cipher suite support in OpenSSL originally developed by 
  116:  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  117:  */
  118: 
  119: #ifdef REF_CHECK
  120: #  include <assert.h>
  121: #endif
  122: #include <stdio.h>
  123: #include "ssl_locl.h"
  124: #include "kssl_lcl.h"
  125: #include <openssl/objects.h>
  126: #include <openssl/lhash.h>
  127: #include <openssl/x509v3.h>
  128: #include <openssl/rand.h>
  129: #ifndef OPENSSL_NO_DH
  130: #include <openssl/dh.h>
  131: #endif
  132: 
  133: const char *SSL_version_str=OPENSSL_VERSION_TEXT;
  134: 
  135: SSL3_ENC_METHOD ssl3_undef_enc_method={
  136:         /* evil casts, but these functions are only called if there's a library bug */
  137:         (int (*)(SSL *,int))ssl_undefined_function,
  138:         (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
  139:         ssl_undefined_function,
  140:         (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
  141:         (int (*)(SSL*, int))ssl_undefined_function,
  142:         (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
  143:         0,     /* finish_mac_length */
  144:         (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
  145:         NULL,  /* client_finished_label */
  146:         0,     /* client_finished_label_len */
  147:         NULL,  /* server_finished_label */
  148:         0,     /* server_finished_label_len */
  149:         (int (*)(int))ssl_undefined_function
  150:         };
  151: 
  152: int SSL_clear(SSL *s)
  153:         {
  154: 
  155:         if (s->method == NULL)
  156:                 {
  157:                 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
  158:                 return(0);
  159:                 }
  160: 
  161:         if (ssl_clear_bad_session(s))
  162:                 {
  163:                 SSL_SESSION_free(s->session);
  164:                 s->session=NULL;
  165:                 }
  166: 
  167:         s->error=0;
  168:         s->hit=0;
  169:         s->shutdown=0;
  170: 
  171: #if 0 /* Disabled since version 1.10 of this file (early return not
  172:        * needed because SSL_clear is not called when doing renegotiation) */
  173:         /* This is set if we are doing dynamic renegotiation so keep
  174:          * the old cipher.  It is sort of a SSL_clear_lite :-) */
  175:         if (s->new_session) return(1);
  176: #else
  177:         if (s->new_session)
  178:                 {
  179:                 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
  180:                 return 0;
  181:                 }
  182: #endif
  183: 
  184:         s->type=0;
  185: 
  186:         s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
  187: 
  188:         s->version=s->method->version;
  189:         s->client_version=s->version;
  190:         s->rwstate=SSL_NOTHING;
  191:         s->rstate=SSL_ST_READ_HEADER;
  192: #if 0
  193:         s->read_ahead=s->ctx->read_ahead;
  194: #endif
  195: 
  196:         if (s->init_buf != NULL)
  197:                 {
  198:                 BUF_MEM_free(s->init_buf);
  199:                 s->init_buf=NULL;
  200:                 }
  201: 
  202:         ssl_clear_cipher_ctx(s);
  203: 
  204:         s->first_packet=0;
  205: 
  206: #if 1
  207:         /* Check to see if we were changed into a different method, if
  208:          * so, revert back if we are not doing session-id reuse. */
  209:         if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
  210:                 {
  211:                 s->method->ssl_free(s);
  212:                 s->method=s->ctx->method;
  213:                 if (!s->method->ssl_new(s))
  214:                         return(0);
  215:                 }
  216:         else
  217: #endif
  218:                 s->method->ssl_clear(s);
  219:         return(1);
  220:         }
  221: 
  222: /** Used to change an SSL_CTXs default SSL method type */
  223: int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
  224:         {
  225:         STACK_OF(SSL_CIPHER) *sk;
  226: 
  227:         ctx->method=meth;
  228: 
  229:         sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
  230:                 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
  231:         if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
  232:                 {
  233:                 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
  234:                 return(0);
  235:                 }
  236:         return(1);
  237:         }
  238: 
  239: SSL *SSL_new(SSL_CTX *ctx)
  240:         {
  241:         SSL *s;
  242: 
  243:         if (ctx == NULL)
  244:                 {
  245:                 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
  246:                 return(NULL);
  247:                 }
  248:         if (ctx->method == NULL)
  249:                 {
  250:                 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
  251:                 return(NULL);
  252:                 }
  253: 
  254:         s=(SSL *)OPENSSL_malloc(sizeof(SSL));
  255:         if (s == NULL) goto err;
  256:         memset(s,0,sizeof(SSL));
  257: 
  258: #ifndef OPENSSL_NO_KRB5
  259:         s->kssl_ctx = kssl_ctx_new();
  260: #endif  /* OPENSSL_NO_KRB5 */
  261: 
  262:         s->options=ctx->options;
  263:         s->mode=ctx->mode;
  264:         s->max_cert_list=ctx->max_cert_list;
  265: 
  266:         if (ctx->cert != NULL)
  267:                 {
  268:                 /* Earlier library versions used to copy the pointer to
  269:                  * the CERT, not its contents; only when setting new
  270:                  * parameters for the per-SSL copy, ssl_cert_new would be
  271:                  * called (and the direct reference to the per-SSL_CTX
  272:                  * settings would be lost, but those still were indirectly
  273:                  * accessed for various purposes, and for that reason they
  274:                  * used to be known as s->ctx->default_cert).
  275:                  * Now we don't look at the SSL_CTX's CERT after having
  276:                  * duplicated it once. */
  277: 
  278:                 s->cert = ssl_cert_dup(ctx->cert);
  279:                 if (s->cert == NULL)
  280:                         goto err;
  281:                 }
  282:         else
  283:                 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
  284: 
  285:         s->read_ahead=ctx->read_ahead;
  286:         s->msg_callback=ctx->msg_callback;
  287:         s->msg_callback_arg=ctx->msg_callback_arg;
  288:         s->verify_mode=ctx->verify_mode;
  289: #if 0
  290:         s->verify_depth=ctx->verify_depth;
  291: #endif
  292:         s->sid_ctx_length=ctx->sid_ctx_length;
  293:         OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
  294:         memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
  295:         s->verify_callback=ctx->default_verify_callback;
  296:         s->generate_session_id=ctx->generate_session_id;
  297: 
  298:         s->param = X509_VERIFY_PARAM_new();
  299:         if (!s->param)
  300:                 goto err;
  301:         X509_VERIFY_PARAM_inherit(s->param, ctx->param);
  302: #if 0
  303:         s->purpose = ctx->purpose;
  304:         s->trust = ctx->trust;
  305: #endif
  306:         s->quiet_shutdown=ctx->quiet_shutdown;
  307: 
  308:         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
  309:         s->ctx=ctx;
  310: #ifndef OPENSSL_NO_TLSEXT
  311:         s->tlsext_debug_cb = 0;
  312:         s->tlsext_debug_arg = NULL;
  313:         s->tlsext_ticket_expected = 0;
  314:         CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
  315:         s->initial_ctx=ctx;
  316: #endif
  317:         s->verify_result=X509_V_OK;
  318: 
  319:         s->method=ctx->method;
  320: 
  321:         if (!s->method->ssl_new(s))
  322:                 goto err;
  323: 
  324:         s->references=1;
  325:         s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
  326: 
  327:         SSL_clear(s);
  328: 
  329:         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  330: 
  331:         return(s);
  332: err:
  333:         if (s != NULL)
  334:                 {
  335:                 if (s->cert != NULL)
  336:                         ssl_cert_free(s->cert);
  337:                 if (s->ctx != NULL)
  338:                         SSL_CTX_free(s->ctx); /* decrement reference count */
  339:                 OPENSSL_free(s);
  340:                 }
  341:         SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
  342:         return(NULL);
  343:         }
  344: 
  345: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
  346:                                    unsigned int sid_ctx_len)
  347:     {
  348:     if(sid_ctx_len > sizeof ctx->sid_ctx)
  349:         {
  350:         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  351:         return 0;
  352:         }
  353:     ctx->sid_ctx_length=sid_ctx_len;
  354:     memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
  355: 
  356:     return 1;
  357:     }
  358: 
  359: int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
  360:                                unsigned int sid_ctx_len)
  361:     {
  362:     if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
  363:         {
  364:         SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
  365:         return 0;
  366:         }
  367:     ssl->sid_ctx_length=sid_ctx_len;
  368:     memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
  369: 
  370:     return 1;
  371:     }
  372: 
  373: int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
  374:         {
  375:         CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  376:         ctx->generate_session_id = cb;
  377:         CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  378:         return 1;
  379:         }
  380: 
  381: int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
  382:         {
  383:         CRYPTO_w_lock(CRYPTO_LOCK_SSL);
  384:         ssl->generate_session_id = cb;
  385:         CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
  386:         return 1;
  387:         }
  388: 
  389: int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
  390:                                 unsigned int id_len)
  391:         {
  392:         /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
  393:          * we can "construct" a session to give us the desired check - ie. to
  394:          * find if there's a session in the hash table that would conflict with
  395:          * any new session built out of this id/id_len and the ssl_version in
  396:          * use by this SSL. */
  397:         SSL_SESSION r, *p;
  398: 
  399:         if(id_len > sizeof r.session_id)
  400:                 return 0;
  401: 
  402:         r.ssl_version = ssl->version;
  403:         r.session_id_length = id_len;
  404:         memcpy(r.session_id, id, id_len);
  405:         /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
  406:          * callback is calling us to check the uniqueness of a shorter ID, it
  407:          * must be compared as a padded-out ID because that is what it will be
  408:          * converted to when the callback has finished choosing it. */
  409:         if((r.ssl_version == SSL2_VERSION) &&
  410:                         (id_len < SSL2_SSL_SESSION_ID_LENGTH))
  411:                 {
  412:                 memset(r.session_id + id_len, 0,
  413:                         SSL2_SSL_SESSION_ID_LENGTH - id_len);
  414:                 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
  415:                 }
  416: 
  417:         CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
  418:         p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
  419:         CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
  420:         return (p != NULL);
  421:         }
  422: 
  423: int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
  424:         {
  425:         return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  426:         }
  427: 
  428: int SSL_set_purpose(SSL *s, int purpose)
  429:         {
  430:         return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
  431:         }
  432: 
  433: int SSL_CTX_set_trust(SSL_CTX *s, int trust)
  434:         {
  435:         return X509_VERIFY_PARAM_set_trust(s->param, trust);
  436:         }
  437: 
  438: int SSL_set_trust(SSL *s, int trust)
  439:         {
  440:         return X509_VERIFY_PARAM_set_trust(s->param, trust);
  441:         }
  442: 
  443: void SSL_free(SSL *s)
  444:         {
  445:         int i;
  446: 
  447:         if(s == NULL)
  448:             return;
  449: 
  450:         i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
  451: #ifdef REF_PRINT
  452:         REF_PRINT("SSL",s);
  453: #endif
  454:         if (i > 0) return;
  455: #ifdef REF_CHECK
  456:         if (i < 0)
  457:                 {
  458:                 fprintf(stderr,"SSL_free, bad reference count\n");
  459:                 abort(); /* ok */
  460:                 }
  461: #endif
  462: 
  463:         if (s->param)
  464:                 X509_VERIFY_PARAM_free(s->param);
  465: 
  466:         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
  467: 
  468:         if (s->bbio != NULL)
  469:                 {
  470:                 /* If the buffering BIO is in place, pop it off */
  471:                 if (s->bbio == s->wbio)
  472:                         {
  473:                         s->wbio=BIO_pop(s->wbio);
  474:                         }
  475:                 BIO_free(s->bbio);
  476:                 s->bbio=NULL;
  477:                 }
  478:         if (s->rbio != NULL)
  479:                 BIO_free_all(s->rbio);
  480:         if ((s->wbio != NULL) && (s->wbio != s->rbio))
  481:                 BIO_free_all(s->wbio);
  482: 
  483:         if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
  484: 
  485:         /* add extra stuff */
  486:         if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
  487:         if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
  488: 
  489:         /* Make the next call work :-) */
  490:         if (s->session != NULL)
  491:                 {
  492:                 ssl_clear_bad_session(s);
  493:                 SSL_SESSION_free(s->session);
  494:                 }
  495: 
  496:         ssl_clear_cipher_ctx(s);
  497: 
  498:         if (s->cert != NULL) ssl_cert_free(s->cert);
  499:         /* Free up if allocated */
  500: 
  501:         if (s->ctx) SSL_CTX_free(s->ctx);
  502: #ifndef OPENSSL_NO_TLSEXT
  503:         if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
  504: #endif
  505:         if (s->client_CA != NULL)
  506:                 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
  507: 
  508:         if (s->method != NULL) s->method->ssl_free(s);
  509: 
  510: #ifndef OPENSSL_NO_KRB5
  511:         if (s->kssl_ctx != NULL)
  512:                 kssl_ctx_free(s->kssl_ctx);
  513: #endif  /* OPENSSL_NO_KRB5 */
  514: 
  515:         OPENSSL_free(s);
  516:         }
  517: 
  518: void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
  519:         {
  520:         /* If the output buffering BIO is still in place, remove it
  521:          */
  522:         if (s->bbio != NULL)
  523:                 {
  524:                 if (s->wbio == s->bbio)
  525:                         {
  526:                         s->wbio=s->wbio->next_bio;
  527:                         s->bbio->next_bio=NULL;
  528:                         }
  529:                 }
  530:         if ((s->rbio != NULL) && (s->rbio != rbio))
  531:                 BIO_free_all(s->rbio);
  532:         if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
  533:                 BIO_free_all(s->wbio);
  534:         s->rbio=rbio;
  535:         s->wbio=wbio;
  536:         }
  537: 
  538: BIO *SSL_get_rbio(const SSL *s)
  539:         { return(s->rbio); }
  540: 
  541: BIO *SSL_get_wbio(const SSL *s)
  542:         { return(s->wbio); }
  543: 
  544: int SSL_get_fd(const SSL *s)
  545:         {
  546:         return(SSL_get_rfd(s));
  547:         }
  548: 
  549: int SSL_get_rfd(const SSL *s)
  550:         {
  551:         int ret= -1;
  552:         BIO *b,*r;
  553: 
  554:         b=SSL_get_rbio(s);
  555:         r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
  556:         if (r != NULL)
  557:                 BIO_get_fd(r,&ret);
  558:         return(ret);
  559:         }
  560: 
  561: int SSL_get_wfd(const SSL *s)
  562:         {
  563:         int ret= -1;
  564:         BIO