PR: 2748

	if ((fd = open_dev_crypto()) == -1)

		return (-1);

#ifndef CRIOGET_NOT_NEEDED

	if (ioctl(fd, CRIOGET, &retfd) == -1)

		return (-1);

		close(retfd);

		return (-1);

	}

#else

        retfd = fd;

#endif

	return (retfd);

}

static void put_dev_crypto(int fd)

{

#ifndef CRIOGET_NOT_NEEDED

	close(fd);

#endif

}

/* Caching version for asym operations */

static int

get_asym_dev_crypto(void)

		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)

			nids[count++] = ciphers[i].nid;

	}

	close(fd);

	put_dev_crypto(fd);

	if (count > 0)

		*cnids = nids;

		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)

			nids[count++] = digests[i].nid;

	}

	close(fd);

	put_dev_crypto(fd);

	if (count > 0)

		*cnids = nids;

	sess->cipher = cipher;

	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {

		close(state->d_fd);

		put_dev_crypto(state->d_fd);

		state->d_fd = -1;

		return (0);

	}

	} else {

		ret = 1;

	}

	close(state->d_fd);

	put_dev_crypto(state->d_fd);

	state->d_fd = -1;

	return (ret);

	 * find out what asymmetric crypto algorithms we support

	 */

	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {

		close(fd);

		put_dev_crypto(fd);

		ENGINE_free(engine);

		return;

	}

	close(fd);

	put_dev_crypto(fd);

	if (!ENGINE_set_id(engine, "cryptodev") ||

	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||

      goto done;

  }

  /*

   * Check for inverted range.

   */

  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;

  {

    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);

    ASN1_INTEGER *a_min, *a_max;

    if (a != NULL && a->type == ASIdOrRange_range) {

      extract_min_max(a, &a_min, &a_max);

      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)

	goto done;

    }

  }

  ret = 1;

 done:

    return 1;

  /*

   * We have a list.  Sort it.

   * If not a list, or if empty list, it's broken.

   */

  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||

      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {

    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,

	      X509V3_R_EXTENSION_VALUE_ERROR);

    return 0;

  }

  /*

   * We have a non-empty list.  Sort it.

   */

  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);

  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);

  /*

     */

    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);

    /*

     * Punt inverted ranges.

     */

    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||

	ASN1_INTEGER_cmp(b_min, b_max) > 0)

      goto done;

    /*

     * Check for overlaps.

     */

			       struct v3_ext_ctx *ctx,

			       STACK_OF(CONF_VALUE) *values)

{

  ASN1_INTEGER *min = NULL, *max = NULL;

  ASIdentifiers *asid = NULL;

  int i;

  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {

    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);

    ASN1_INTEGER *min = NULL, *max = NULL;

    int i1, i2, i3, is_range, which;

    /*

      max = s2i_ASN1_INTEGER(NULL, s + i2);

      OPENSSL_free(s);

      if (min == NULL || max == NULL) {

	ASN1_INTEGER_free(min);

	ASN1_INTEGER_free(max);

	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

	goto err;

      }

      if (ASN1_INTEGER_cmp(min, max) > 0) {

	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);

	goto err;

      }

    }

    if (!v3_asid_add_id_or_range(asid, which, min, max)) {

      ASN1_INTEGER_free(min);

      ASN1_INTEGER_free(max);

      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);

      goto err;

    }

    min = max = NULL;

  }

  /*

 err:

  ASIdentifiers_free(asid);

  ASN1_INTEGER_free(min);

  ASN1_INTEGER_free(max);

  return NULL;

}

			if (ret <= 0) goto end;

			else

				{

				dtls1_stop_timer(s);

				if (s->hit)

					s->state=SSL3_ST_CR_FINISHED_A;

				else

		case SSL3_ST_CR_SRVR_DONE_B:

			ret=ssl3_get_server_done(s);

			if (ret <= 0) goto end;

			dtls1_stop_timer(s);

			if (s->s3->tmp.cert_req)

				s->state=SSL3_ST_CW_CERT_A;

			else

			ret = ssl3_check_client_hello(s);

			if (ret <= 0)

				goto end;

			dtls1_stop_timer(s);

			if (ret == 2)

				{

				dtls1_stop_timer(s);

				s->state = SSL3_ST_SR_CLNT_HELLO_C;

				}

			else {

				/* could be sent for a DH cert, even if we

				 * have not asked for it :-) */

				ret=ssl3_get_client_certificate(s);

				if (ret <= 0) goto end;

				dtls1_stop_timer(s);

				s->init_num=0;

				s->state=SSL3_ST_SR_KEY_EXCH_A;

			}

		case SSL3_ST_SR_KEY_EXCH_B:

			ret=ssl3_get_client_key_exchange(s);

			if (ret <= 0) goto end;

			dtls1_stop_timer(s);

			s->state=SSL3_ST_SR_CERT_VRFY_A;

			s->init_num=0;

			/* we should decide if we expected this one */

			ret=ssl3_get_cert_verify(s);

			if (ret <= 0) goto end;

			dtls1_stop_timer(s);

			s->state=SSL3_ST_SR_FINISHED_A;

			s->init_num=0;