summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-04-14 14:59:47 +0000
committerjsing <>2014-04-14 14:59:47 +0000
commit6c233db50b8fc1d31e373868a83572c35271ca51 (patch)
treea613b7964e408b54e3b920c398c5ee1eafbf9c2f /src
parent22169334b0f0f94cdfd64ac4e1891d9ccaba905b (diff)
downloadopenbsd-6c233db50b8fc1d31e373868a83572c35271ca51.tar.gz
openbsd-6c233db50b8fc1d31e373868a83572c35271ca51.tar.bz2
openbsd-6c233db50b8fc1d31e373868a83572c35271ca51.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/bio_ssl.c545
-rw-r--r--src/lib/libssl/src/ssl/LPdir_unix.c102
-rw-r--r--src/lib/libssl/src/ssl/bio_ssl.c545
-rw-r--r--src/lib/libssl/src/ssl/tls_srp.c388
4 files changed, 784 insertions, 796 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index e9552caee2..65077aaa00 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -72,8 +72,7 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h); 72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data); 73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st 75typedef struct bio_ssl_st {
76 {
77 SSL *ssl; /* The ssl handle :-) */ 76 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */ 77 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates; 78 int num_renegotiates;
@@ -81,11 +80,10 @@ typedef struct bio_ssl_st
81 unsigned long byte_count; 80 unsigned long byte_count;
82 unsigned long renegotiate_timeout; 81 unsigned long renegotiate_timeout;
83 unsigned long last_time; 82 unsigned long last_time;
84 } BIO_SSL; 83} BIO_SSL;
85 84
86static BIO_METHOD methods_sslp= 85static BIO_METHOD methods_sslp = {
87 { 86 BIO_TYPE_SSL, "ssl",
88 BIO_TYPE_SSL,"ssl",
89 ssl_write, 87 ssl_write,
90 ssl_read, 88 ssl_read,
91 ssl_puts, 89 ssl_puts,
@@ -94,106 +92,105 @@ static BIO_METHOD methods_sslp=
94 ssl_new, 92 ssl_new,
95 ssl_free, 93 ssl_free,
96 ssl_callback_ctrl, 94 ssl_callback_ctrl,
97 }; 95};
98 96
99BIO_METHOD *BIO_f_ssl(void) 97BIO_METHOD
100 { 98*BIO_f_ssl(void)
101 return(&methods_sslp); 99{
102 } 100 return (&methods_sslp);
101}
103 102
104static int ssl_new(BIO *bi) 103static int
105 { 104ssl_new(BIO *bi)
105{
106 BIO_SSL *bs; 106 BIO_SSL *bs;
107 107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); 108 bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL) 109 if (bs == NULL) {
110 { 110 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 111 return (0);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 } 112 }
120 113 memset(bs, 0, sizeof(BIO_SSL));
121static int ssl_free(BIO *a) 114 bi->init = 0;
122 { 115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs; 123 BIO_SSL *bs;
124 124
125 if (a == NULL) return(0); 125 if (a == NULL)
126 bs=(BIO_SSL *)a->ptr; 126 return (0);
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl); 127 bs = (BIO_SSL *)a->ptr;
128 if (a->shutdown) 128 if (bs->ssl != NULL)
129 { 129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
130 if (a->init && (bs->ssl != NULL)) 131 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl); 132 SSL_free(bs->ssl);
132 a->init=0; 133 a->init = 0;
133 a->flags=0; 134 a->flags = 0;
134 } 135 }
135 if (a->ptr != NULL) 136 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr); 137 OPENSSL_free(a->ptr);
137 return(1); 138 return (1);
138 } 139}
139 140
140static int ssl_read(BIO *b, char *out, int outl) 141static int
141 { 142ssl_read(BIO *b, char *out, int outl)
142 int ret=1; 143{
144 int ret = 1;
143 BIO_SSL *sb; 145 BIO_SSL *sb;
144 SSL *ssl; 146 SSL *ssl;
145 int retry_reason=0; 147 int retry_reason = 0;
146 int r=0; 148 int r = 0;
147 149
148 if (out == NULL) return(0); 150 if (out == NULL)
149 sb=(BIO_SSL *)b->ptr; 151 return (0);
150 ssl=sb->ssl; 152 sb = (BIO_SSL *)b->ptr;
153 ssl = sb->ssl;
151 154
152 BIO_clear_retry_flags(b); 155 BIO_clear_retry_flags(b);
153 156
154#if 0 157#if 0
155 if (!SSL_is_init_finished(ssl)) 158 if (!SSL_is_init_finished(ssl)) {
156 {
157/* ret=SSL_do_handshake(ssl); */ 159/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0) 160 if (ret > 0) {
159 {
160 161
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 162 outflags = (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1; 163 ret = -1;
163 goto end; 164 goto end;
164 }
165 } 165 }
166 }
166#endif 167#endif
167/* if (ret > 0) */ 168/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl); 169 ret = SSL_read(ssl, out, outl);
169 170
170 switch (SSL_get_error(ssl,ret)) 171 switch (SSL_get_error(ssl, ret)) {
171 {
172 case SSL_ERROR_NONE: 172 case SSL_ERROR_NONE:
173 if (ret <= 0) break; 173 if (ret <= 0)
174 if (sb->renegotiate_count > 0) 174 break;
175 { 175 if (sb->renegotiate_count > 0) {
176 sb->byte_count+=ret; 176 sb->byte_count += ret;
177 if (sb->byte_count > sb->renegotiate_count) 177 if (sb->byte_count > sb->renegotiate_count) {
178 { 178 sb->byte_count = 0;
179 sb->byte_count=0;
180 sb->num_renegotiates++; 179 sb->num_renegotiates++;
181 SSL_renegotiate(ssl); 180 SSL_renegotiate(ssl);
182 r=1; 181 r = 1;
183 }
184 } 182 }
185 if ((sb->renegotiate_timeout > 0) && (!r)) 183 }
186 { 184 if ((sb->renegotiate_timeout > 0) && (!r)) {
187 unsigned long tm; 185 unsigned long tm;
188 186
189 tm=(unsigned long)time(NULL); 187 tm = (unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout) 188 if (tm > sb->last_time + sb->renegotiate_timeout) {
191 { 189 sb->last_time = tm;
192 sb->last_time=tm;
193 sb->num_renegotiates++; 190 sb->num_renegotiates++;
194 SSL_renegotiate(ssl); 191 SSL_renegotiate(ssl);
195 }
196 } 192 }
193 }
197 194
198 break; 195 break;
199 case SSL_ERROR_WANT_READ: 196 case SSL_ERROR_WANT_READ:
@@ -204,71 +201,69 @@ static int ssl_read(BIO *b, char *out, int outl)
204 break; 201 break;
205 case SSL_ERROR_WANT_X509_LOOKUP: 202 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b); 203 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP; 204 retry_reason = BIO_RR_SSL_X509_LOOKUP;
208 break; 205 break;
209 case SSL_ERROR_WANT_ACCEPT: 206 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b); 207 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT; 208 retry_reason = BIO_RR_ACCEPT;
212 break; 209 break;
213 case SSL_ERROR_WANT_CONNECT: 210 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b); 211 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT; 212 retry_reason = BIO_RR_CONNECT;
216 break; 213 break;
217 case SSL_ERROR_SYSCALL: 214 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL: 215 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN: 216 case SSL_ERROR_ZERO_RETURN:
220 default: 217 default:
221 break; 218 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 } 219 }
227 220
228static int ssl_write(BIO *b, const char *out, int outl) 221 b->retry_reason = retry_reason;
229 { 222 return (ret);
230 int ret,r=0; 223}
231 int retry_reason=0; 224
225static int
226ssl_write(BIO *b, const char *out, int outl)
227{
228 int ret, r = 0;
229 int retry_reason = 0;
232 SSL *ssl; 230 SSL *ssl;
233 BIO_SSL *bs; 231 BIO_SSL *bs;
234 232
235 if (out == NULL) return(0); 233 if (out == NULL)
236 bs=(BIO_SSL *)b->ptr; 234 return (0);
237 ssl=bs->ssl; 235 bs = (BIO_SSL *)b->ptr;
236 ssl = bs->ssl;
238 237
239 BIO_clear_retry_flags(b); 238 BIO_clear_retry_flags(b);
240 239
241/* ret=SSL_do_handshake(ssl); 240/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */ 241 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl); 242 ret = SSL_write(ssl, out, outl);
244 243
245 switch (SSL_get_error(ssl,ret)) 244 switch (SSL_get_error(ssl, ret)) {
246 {
247 case SSL_ERROR_NONE: 245 case SSL_ERROR_NONE:
248 if (ret <= 0) break; 246 if (ret <= 0)
249 if (bs->renegotiate_count > 0) 247 break;
250 { 248 if (bs->renegotiate_count > 0) {
251 bs->byte_count+=ret; 249 bs->byte_count += ret;
252 if (bs->byte_count > bs->renegotiate_count) 250 if (bs->byte_count > bs->renegotiate_count) {
253 { 251 bs->byte_count = 0;
254 bs->byte_count=0;
255 bs->num_renegotiates++; 252 bs->num_renegotiates++;
256 SSL_renegotiate(ssl); 253 SSL_renegotiate(ssl);
257 r=1; 254 r = 1;
258 }
259 } 255 }
260 if ((bs->renegotiate_timeout > 0) && (!r)) 256 }
261 { 257 if ((bs->renegotiate_timeout > 0) && (!r)) {
262 unsigned long tm; 258 unsigned long tm;
263 259
264 tm=(unsigned long)time(NULL); 260 tm = (unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout) 261 if (tm > bs->last_time + bs->renegotiate_timeout) {
266 { 262 bs->last_time = tm;
267 bs->last_time=tm;
268 bs->num_renegotiates++; 263 bs->num_renegotiates++;
269 SSL_renegotiate(ssl); 264 SSL_renegotiate(ssl);
270 }
271 } 265 }
266 }
272 break; 267 break;
273 case SSL_ERROR_WANT_WRITE: 268 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b); 269 BIO_set_retry_write(b);
@@ -278,34 +273,34 @@ static int ssl_write(BIO *b, const char *out, int outl)
278 break; 273 break;
279 case SSL_ERROR_WANT_X509_LOOKUP: 274 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b); 275 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP; 276 retry_reason = BIO_RR_SSL_X509_LOOKUP;
282 break; 277 break;
283 case SSL_ERROR_WANT_CONNECT: 278 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b); 279 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT; 280 retry_reason = BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL: 281 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL: 282 case SSL_ERROR_SSL:
288 default: 283 default:
289 break; 284 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 } 285 }
295 286
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) 287 b->retry_reason = retry_reason;
297 { 288 return (ret);
298 SSL **sslp,*ssl; 289}
290
291static long
292ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
293{
294 SSL **sslp, *ssl;
299 BIO_SSL *bs; 295 BIO_SSL *bs;
300 BIO *dbio,*bio; 296 BIO *dbio, *bio;
301 long ret=1; 297 long ret = 1;
302 298
303 bs=(BIO_SSL *)b->ptr; 299 bs = (BIO_SSL *)b->ptr;
304 ssl=bs->ssl; 300 ssl = bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) 301 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0); 302 return (0);
307 switch (cmd) 303 switch (cmd) {
308 {
309 case BIO_CTRL_RESET: 304 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl); 305 SSL_shutdown(ssl);
311 306
@@ -317,14 +312,14 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
317 SSL_clear(ssl); 312 SSL_clear(ssl);
318 313
319 if (b->next_bio != NULL) 314 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 315 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
321 else if (ssl->rbio != NULL) 316 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 317 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
323 else 318 else
324 ret=1; 319 ret = 1;
325 break; 320 break;
326 case BIO_CTRL_INFO: 321 case BIO_CTRL_INFO:
327 ret=0; 322 ret = 0;
328 break; 323 break;
329 case BIO_C_SSL_MODE: 324 case BIO_C_SSL_MODE:
330 if (num) /* client mode */ 325 if (num) /* client mode */
@@ -333,273 +328,273 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
333 SSL_set_accept_state(ssl); 328 SSL_set_accept_state(ssl);
334 break; 329 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: 330 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout; 331 ret = bs->renegotiate_timeout;
337 if (num < 60) num=5; 332 if (num < 60)
338 bs->renegotiate_timeout=(unsigned long)num; 333 num = 5;
339 bs->last_time=(unsigned long)time(NULL); 334 bs->renegotiate_timeout = (unsigned long)num;
335 bs->last_time = (unsigned long)time(NULL);
340 break; 336 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES: 337 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count; 338 ret = bs->renegotiate_count;
343 if ((long)num >=512) 339 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num; 340 bs->renegotiate_count = (unsigned long)num;
345 break; 341 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES: 342 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates; 343 ret = bs->num_renegotiates;
348 break; 344 break;
349 case BIO_C_SET_SSL: 345 case BIO_C_SET_SSL:
350 if (ssl != NULL) 346 if (ssl != NULL) {
351 {
352 ssl_free(b); 347 ssl_free(b);
353 if (!ssl_new(b)) 348 if (!ssl_new(b))
354 return 0; 349 return 0;
355 } 350 }
356 b->shutdown=(int)num; 351 b->shutdown = (int)num;
357 ssl=(SSL *)ptr; 352 ssl = (SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl; 353 ((BIO_SSL *)b->ptr)->ssl = ssl;
359 bio=SSL_get_rbio(ssl); 354 bio = SSL_get_rbio(ssl);
360 if (bio != NULL) 355 if (bio != NULL) {
361 {
362 if (b->next_bio != NULL) 356 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio); 357 BIO_push(bio, b->next_bio);
364 b->next_bio=bio; 358 b->next_bio = bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); 359 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
366 } 360 }
367 b->init=1; 361 b->init = 1;
368 break; 362 break;
369 case BIO_C_GET_SSL: 363 case BIO_C_GET_SSL:
370 if (ptr != NULL) 364 if (ptr != NULL) {
371 { 365 sslp = (SSL **)ptr;
372 sslp=(SSL **)ptr; 366 *sslp = ssl;
373 *sslp=ssl; 367 } else
374 } 368 ret = 0;
375 else
376 ret=0;
377 break; 369 break;
378 case BIO_CTRL_GET_CLOSE: 370 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown; 371 ret = b->shutdown;
380 break; 372 break;
381 case BIO_CTRL_SET_CLOSE: 373 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num; 374 b->shutdown = (int)num;
383 break; 375 break;
384 case BIO_CTRL_WPENDING: 376 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 377 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
386 break; 378 break;
387 case BIO_CTRL_PENDING: 379 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl); 380 ret = SSL_pending(ssl);
389 if (ret == 0) 381 if (ret == 0)
390 ret=BIO_pending(ssl->rbio); 382 ret = BIO_pending(ssl->rbio);
391 break; 383 break;
392 case BIO_CTRL_FLUSH: 384 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b); 385 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 386 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
395 BIO_copy_next_retry(b); 387 BIO_copy_next_retry(b);
396 break; 388 break;
397 case BIO_CTRL_PUSH: 389 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) 390 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
399 { 391 SSL_set_bio(ssl, b->next_bio, b->next_bio);
400 SSL_set_bio(ssl,b->next_bio,b->next_bio); 392 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); 393 }
402 }
403 break; 394 break;
404 case BIO_CTRL_POP: 395 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */ 396 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr) 397 if (b == ptr) {
407 {
408 /* Shouldn't happen in practice because the 398 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed. 399 * rbio and wbio are the same when pushed.
410 */ 400 */
411 if (ssl->rbio != ssl->wbio) 401 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio); 402 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL) 403 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); 404 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL; 405 ssl->wbio = NULL;
416 ssl->rbio=NULL; 406 ssl->rbio = NULL;
417 } 407 }
418 break; 408 break;
419 case BIO_C_DO_STATE_MACHINE: 409 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b); 410 BIO_clear_retry_flags(b);
421 411
422 b->retry_reason=0; 412 b->retry_reason = 0;
423 ret=(int)SSL_do_handshake(ssl); 413 ret = (int)SSL_do_handshake(ssl);
424 414
425 switch (SSL_get_error(ssl,(int)ret)) 415 switch (SSL_get_error(ssl,(int)ret)) {
426 {
427 case SSL_ERROR_WANT_READ: 416 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b, 417 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 418 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break; 419 break;
431 case SSL_ERROR_WANT_WRITE: 420 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b, 421 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); 422 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break; 423 break;
435 case SSL_ERROR_WANT_CONNECT: 424 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b, 425 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); 426 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason; 427 b->retry_reason = b->next_bio->retry_reason;
439 break; 428 break;
440 default: 429 default:
441 break; 430 break;
442 } 431 }
443 break; 432 break;
444 case BIO_CTRL_DUP: 433 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr; 434 dbio = (BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL) 435 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl); 436 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); 437 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count= 438 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
450 ((BIO_SSL *)b->ptr)->renegotiate_count; 439 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count= 440 ((BIO_SSL *)dbio->ptr)->byte_count =
452 ((BIO_SSL *)b->ptr)->byte_count; 441 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= 442 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout; 443 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time= 444 ((BIO_SSL *)dbio->ptr)->last_time =
456 ((BIO_SSL *)b->ptr)->last_time; 445 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); 446 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break; 447 break;
459 case BIO_C_GET_FD: 448 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 449 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
461 break; 450 break;
462 case BIO_CTRL_SET_CALLBACK: 451 case BIO_CTRL_SET_CALLBACK:
463 { 452 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */ 453#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 454 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1; 455 ret = -1;
467#else 456#else
468 ret=0; 457 ret = 0;
469#endif 458#endif
470 } 459 }
471 break; 460 break;
472 case BIO_CTRL_GET_CALLBACK: 461 case BIO_CTRL_GET_CALLBACK:
473 { 462 {
474 void (**fptr)(const SSL *xssl,int type,int val); 463 void (**fptr)(const SSL *xssl, int type, int val);
475 464
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr; 465 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
477 *fptr=SSL_get_info_callback(ssl); 466 *fptr = SSL_get_info_callback(ssl);
478 } 467 }
479 break; 468 break;
480 default: 469 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 470 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
482 break; 471 break;
483 }
484 return(ret);
485 } 472 }
473 return (ret);
474}
486 475
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) 476static long
488 { 477ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
478{
489 SSL *ssl; 479 SSL *ssl;
490 BIO_SSL *bs; 480 BIO_SSL *bs;
491 long ret=1; 481 long ret = 1;
492 482
493 bs=(BIO_SSL *)b->ptr; 483 bs = (BIO_SSL *)b->ptr;
494 ssl=bs->ssl; 484 ssl = bs->ssl;
495 switch (cmd) 485 switch (cmd) {
496 {
497 case BIO_CTRL_SET_CALLBACK: 486 case BIO_CTRL_SET_CALLBACK:
498 { 487 {
499 /* FIXME: setting this via a completely different prototype 488 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */ 489 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); 490 SSL_set_info_callback(ssl,(void (*)(const SSL *, int, int))fp);
502 } 491 }
503 break; 492 break;
504 default: 493 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); 494 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
506 break; 495 break;
507 }
508 return(ret);
509 } 496 }
510 497 return (ret);
511static int ssl_puts(BIO *bp, const char *str) 498}
512 { 499
513 int n,ret; 500static int
514 501ssl_puts(BIO *bp, const char *str)
515 n=strlen(str); 502{
516 ret=BIO_write(bp,str,n); 503 int n, ret;
517 return(ret); 504
518 } 505 n = strlen(str);
519 506 ret = BIO_write(bp, str, n);
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) 507 return (ret);
521 { 508}
509
510BIO
511*BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
512{
522#ifndef OPENSSL_NO_SOCK 513#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL; 514 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
524 515
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL) 516 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL); 517 return (NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) 518 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
528 goto err; 519 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL) 520 if ((ret = BIO_push(buf, ssl)) == NULL)
530 goto err; 521 goto err;
531 return(ret); 522 return (ret);
532err: 523err:
533 if (buf != NULL) BIO_free(buf); 524 if (buf != NULL)
534 if (ssl != NULL) BIO_free(ssl); 525 BIO_free(buf);
526 if (ssl != NULL)
527 BIO_free(ssl);
535#endif 528#endif
536 return(NULL); 529 return (NULL);
537 } 530}
538 531
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx) 532BIO
540 { 533*BIO_new_ssl_connect(SSL_CTX *ctx)
534{
541#ifndef OPENSSL_NO_SOCK 535#ifndef OPENSSL_NO_SOCK
542 BIO *ret=NULL,*con=NULL,*ssl=NULL; 536 BIO *ret = NULL, *con = NULL, *ssl = NULL;
543 537
544 if ((con=BIO_new(BIO_s_connect())) == NULL) 538 if ((con = BIO_new(BIO_s_connect())) == NULL)
545 return(NULL); 539 return (NULL);
546 if ((ssl=BIO_new_ssl(ctx,1)) == NULL) 540 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
547 goto err; 541 goto err;
548 if ((ret=BIO_push(ssl,con)) == NULL) 542 if ((ret = BIO_push(ssl, con)) == NULL)
549 goto err; 543 goto err;
550 return(ret); 544 return (ret);
551err: 545err:
552 if (con != NULL) BIO_free(con); 546 if (con != NULL)
547 BIO_free(con);
553#endif 548#endif
554 return(NULL); 549 return (NULL);
555 } 550}
556 551
557BIO *BIO_new_ssl(SSL_CTX *ctx, int client) 552BIO
558 { 553*BIO_new_ssl(SSL_CTX *ctx, int client)
554{
559 BIO *ret; 555 BIO *ret;
560 SSL *ssl; 556 SSL *ssl;
561 557
562 if ((ret=BIO_new(BIO_f_ssl())) == NULL) 558 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
563 return(NULL); 559 return (NULL);
564 if ((ssl=SSL_new(ctx)) == NULL) 560 if ((ssl = SSL_new(ctx)) == NULL) {
565 {
566 BIO_free(ret); 561 BIO_free(ret);
567 return(NULL); 562 return (NULL);
568 } 563 }
569 if (client) 564 if (client)
570 SSL_set_connect_state(ssl); 565 SSL_set_connect_state(ssl);
571 else 566 else
572 SSL_set_accept_state(ssl); 567 SSL_set_accept_state(ssl);
573
574 BIO_set_ssl(ret,ssl,BIO_CLOSE);
575 return(ret);
576 }
577 568
578int BIO_ssl_copy_session_id(BIO *t, BIO *f) 569 BIO_set_ssl(ret, ssl, BIO_CLOSE);
579 { 570 return (ret);
580 t=BIO_find_type(t,BIO_TYPE_SSL); 571}
581 f=BIO_find_type(f,BIO_TYPE_SSL); 572
573int
574BIO_ssl_copy_session_id(BIO *t, BIO *f)
575{
576 t = BIO_find_type(t, BIO_TYPE_SSL);
577 f = BIO_find_type(f, BIO_TYPE_SSL);
582 if ((t == NULL) || (f == NULL)) 578 if ((t == NULL) || (f == NULL))
583 return(0); 579 return (0);
584 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || 580 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
585 (((BIO_SSL *)f->ptr)->ssl == NULL)) 581 (((BIO_SSL *)f->ptr)->ssl == NULL))
586 return(0); 582 return (0);
587 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); 583 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
588 return(1); 584 return (1);
589 } 585}
590 586
591void BIO_ssl_shutdown(BIO *b) 587void
592 { 588BIO_ssl_shutdown(BIO *b)
589{
593 SSL *s; 590 SSL *s;
594 591
595 while (b != NULL) 592 while (b != NULL) {
596 { 593 if (b->method->type == BIO_TYPE_SSL) {
597 if (b->method->type == BIO_TYPE_SSL) 594 s = ((BIO_SSL *)b->ptr)->ssl;
598 {
599 s=((BIO_SSL *)b->ptr)->ssl;
600 SSL_shutdown(s); 595 SSL_shutdown(s);
601 break; 596 break;
602 }
603 b=b->next_bio;
604 } 597 }
598 b = b->next_bio;
605 } 599 }
600}
diff --git a/src/lib/libssl/src/ssl/LPdir_unix.c b/src/lib/libssl/src/ssl/LPdir_unix.c
index b004cd99e8..000a1bd819 100644
--- a/src/lib/libssl/src/ssl/LPdir_unix.c
+++ b/src/lib/libssl/src/ssl/LPdir_unix.c
@@ -56,72 +56,66 @@
56# define LP_ENTRY_SIZE 255 56# define LP_ENTRY_SIZE 255
57#endif 57#endif
58 58
59struct LP_dir_context_st 59struct LP_dir_context_st {
60{ 60 DIR *dir;
61 DIR *dir; 61 char entry_name[LP_ENTRY_SIZE + 1];
62 char entry_name[LP_ENTRY_SIZE+1];
63}; 62};
64 63
65const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) 64const char
65*LP_find_file(LP_DIR_CTX **ctx, const char *directory)
66{ 66{
67 struct dirent *direntry = NULL; 67 struct dirent *direntry = NULL;
68
69 if (ctx == NULL || directory == NULL)
70 {
71 errno = EINVAL;
72 return 0;
73 }
74 68
75 errno = 0; 69 if (ctx == NULL || directory == NULL) {
76 if (*ctx == NULL) 70 errno = EINVAL;
77 { 71 return 0;
78 *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
79 if (*ctx == NULL)
80 {
81 errno = ENOMEM;
82 return 0;
83 } 72 }
84 memset(*ctx, '\0', sizeof(LP_DIR_CTX));
85 73
86 (*ctx)->dir = opendir(directory); 74 errno = 0;
87 if ((*ctx)->dir == NULL) 75 if (*ctx == NULL) {
88 { 76 *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
89 int save_errno = errno; /* Probably not needed, but I'm paranoid */ 77 if (*ctx == NULL) {
90 free(*ctx); 78 errno = ENOMEM;
91 *ctx = NULL; 79 return 0;
92 errno = save_errno; 80 }
93 return 0; 81 memset(*ctx, '\0', sizeof(LP_DIR_CTX));
82
83 (*ctx)->dir = opendir(directory);
84 if ((*ctx)->dir == NULL) {
85 int save_errno = errno; /* Probably not needed, but I'm paranoid */
86 free(*ctx);
87 *ctx = NULL;
88 errno = save_errno;
89 return 0;
90 }
94 } 91 }
95 }
96 92
97 direntry = readdir((*ctx)->dir); 93 direntry = readdir((*ctx)->dir);
98 if (direntry == NULL) 94 if (direntry == NULL) {
99 { 95 return 0;
100 return 0; 96 }
101 }
102 97
103 strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); 98 strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
104 (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; 99 (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
105 return (*ctx)->entry_name; 100 return (*ctx)->entry_name;
106} 101}
107 102
108int LP_find_file_end(LP_DIR_CTX **ctx) 103int
104LP_find_file_end(LP_DIR_CTX **ctx)
109{ 105{
110 if (ctx != NULL && *ctx != NULL) 106 if (ctx != NULL && *ctx != NULL) {
111 { 107 int ret = closedir((*ctx)->dir);
112 int ret = closedir((*ctx)->dir);
113 108
114 free(*ctx); 109 free(*ctx);
115 switch (ret) 110 switch (ret) {
116 { 111 case 0:
117 case 0: 112 return 1;
118 return 1; 113 case -1:
119 case -1: 114 return 0;
120 return 0; 115 default:
121 default: 116 break;
122 break; 117 }
123 } 118 }
124 } 119 errno = EINVAL;
125 errno = EINVAL; 120 return 0;
126 return 0;
127} 121}
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index e9552caee2..65077aaa00 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -72,8 +72,7 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h); 72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data); 73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st 75typedef struct bio_ssl_st {
76 {
77 SSL *ssl; /* The ssl handle :-) */ 76 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */ 77 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates; 78 int num_renegotiates;
@@ -81,11 +80,10 @@ typedef struct bio_ssl_st
81 unsigned long byte_count; 80 unsigned long byte_count;
82 unsigned long renegotiate_timeout; 81 unsigned long renegotiate_timeout;
83 unsigned long last_time; 82 unsigned long last_time;
84 } BIO_SSL; 83} BIO_SSL;
85 84
86static BIO_METHOD methods_sslp= 85static BIO_METHOD methods_sslp = {
87 { 86 BIO_TYPE_SSL, "ssl",
88 BIO_TYPE_SSL,"ssl",
89 ssl_write, 87 ssl_write,
90 ssl_read, 88 ssl_read,
91 ssl_puts, 89 ssl_puts,
@@ -94,106 +92,105 @@ static BIO_METHOD methods_sslp=
94 ssl_new, 92 ssl_new,
95 ssl_free, 93 ssl_free,
96 ssl_callback_ctrl, 94 ssl_callback_ctrl,
97 }; 95};
98 96
99BIO_METHOD *BIO_f_ssl(void) 97BIO_METHOD
100 { 98*BIO_f_ssl(void)
101 return(&methods_sslp); 99{
102 } 100 return (&methods_sslp);
101}
103 102
104static int ssl_new(BIO *bi) 103static int
105 { 104ssl_new(BIO *bi)
105{
106 BIO_SSL *bs; 106 BIO_SSL *bs;
107 107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); 108 bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL) 109 if (bs == NULL) {
110 { 110 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 111 return (0);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 } 112 }
120 113 memset(bs, 0, sizeof(BIO_SSL));
121static int ssl_free(BIO *a) 114 bi->init = 0;
122 { 115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs; 123 BIO_SSL *bs;
124 124
125 if (a == NULL) return(0); 125 if (a == NULL)
126 bs=(BIO_SSL *)a->ptr; 126 return (0);
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl); 127 bs = (BIO_SSL *)a->ptr;
128 if (a->shutdown) 128 if (bs->ssl != NULL)
129 { 129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
130 if (a->init && (bs->ssl != NULL)) 131 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl); 132 SSL_free(bs->ssl);
132 a->init=0; 133 a->init = 0;
133 a->flags=0; 134 a->flags = 0;
134 } 135 }
135 if (a->ptr != NULL) 136 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr); 137 OPENSSL_free(a->ptr);
137 return(1); 138 return (1);
138 } 139}
139 140
140static int ssl_read(BIO *b, char *out, int outl) 141static int
141 { 142ssl_read(BIO *b, char *out, int outl)
142 int ret=1; 143{
144 int ret = 1;
143 BIO_SSL *sb; 145 BIO_SSL *sb;
144 SSL *ssl; 146 SSL *ssl;
145 int retry_reason=0; 147 int retry_reason = 0;
146 int r=0; 148 int r = 0;
147 149
148 if (out == NULL) return(0); 150 if (out == NULL)
149 sb=(BIO_SSL *)b->ptr; 151 return (0);
150 ssl=sb->ssl; 152 sb = (BIO_SSL *)b->ptr;
153 ssl = sb->ssl;
151 154
152 BIO_clear_retry_flags(b); 155 BIO_clear_retry_flags(b);
153 156
154#if 0 157#if 0
155 if (!SSL_is_init_finished(ssl)) 158 if (!SSL_is_init_finished(ssl)) {
156 {
157/* ret=SSL_do_handshake(ssl); */ 159/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0) 160 if (ret > 0) {
159 {
160 161
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 162 outflags = (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1; 163 ret = -1;
163 goto end; 164 goto end;
164 }
165 } 165 }
166 }
166#endif 167#endif
167/* if (ret > 0) */ 168/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl); 169 ret = SSL_read(ssl, out, outl);
169 170
170 switch (SSL_get_error(ssl,ret)) 171 switch (SSL_get_error(ssl, ret)) {
171 {
172 case SSL_ERROR_NONE: 172 case SSL_ERROR_NONE:
173 if (ret <= 0) break; 173 if (ret <= 0)
174 if (sb->renegotiate_count > 0) 174 break;
175 { 175 if (sb->renegotiate_count > 0) {
176 sb->byte_count+=ret; 176 sb->byte_count += ret;
177 if (sb->byte_count > sb->renegotiate_count) 177 if (sb->byte_count > sb->renegotiate_count) {
178 { 178 sb->byte_count = 0;
179 sb->byte_count=0;
180 sb->num_renegotiates++; 179 sb->num_renegotiates++;
181 SSL_renegotiate(ssl); 180 SSL_renegotiate(ssl);
182 r=1; 181 r = 1;
183 }
184 } 182 }
185 if ((sb->renegotiate_timeout > 0) && (!r)) 183 }
186 { 184 if ((sb->renegotiate_timeout > 0) && (!r)) {
187 unsigned long tm; 185 unsigned long tm;
188 186
189 tm=(unsigned long)time(NULL); 187 tm = (unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout) 188 if (tm > sb->last_time + sb->renegotiate_timeout) {
191 { 189 sb->last_time = tm;
192 sb->last_time=tm;
193 sb->num_renegotiates++; 190 sb->num_renegotiates++;
194 SSL_renegotiate(ssl); 191 SSL_renegotiate(ssl);
195 }
196 } 192 }
193 }
197 194
198 break; 195 break;
199 case SSL_ERROR_WANT_READ: 196 case SSL_ERROR_WANT_READ:
@@ -204,71 +201,69 @@ static int ssl_read(BIO *b, char *out, int outl)
204 break; 201 break;
205 case SSL_ERROR_WANT_X509_LOOKUP: 202 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b); 203 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP; 204 retry_reason = BIO_RR_SSL_X509_LOOKUP;
208 break; 205 break;
209 case SSL_ERROR_WANT_ACCEPT: 206 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b); 207 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT; 208 retry_reason = BIO_RR_ACCEPT;
212 break; 209 break;
213 case SSL_ERROR_WANT_CONNECT: 210 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b); 211 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT; 212 retry_reason = BIO_RR_CONNECT;
216 break; 213 break;
217 case SSL_ERROR_SYSCALL: 214 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL: 215 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN: 216 case SSL_ERROR_ZERO_RETURN:
220 default: 217 default:
221 break; 218 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 } 219 }
227 220
228static int ssl_write(BIO *b, const char *out, int outl) 221 b->retry_reason = retry_reason;
229 { 222 return (ret);
230 int ret,r=0; 223}
231 int retry_reason=0; 224
225static int
226ssl_write(BIO *b, const char *out, int outl)
227{
228 int ret, r = 0;
229 int retry_reason = 0;
232 SSL *ssl; 230 SSL *ssl;
233 BIO_SSL *bs; 231 BIO_SSL *bs;
234 232
235 if (out == NULL) return(0); 233 if (out == NULL)
236 bs=(BIO_SSL *)b->ptr; 234 return (0);
237 ssl=bs->ssl; 235 bs = (BIO_SSL *)b->ptr;
236 ssl = bs->ssl;
238 237
239 BIO_clear_retry_flags(b); 238 BIO_clear_retry_flags(b);
240 239
241/* ret=SSL_do_handshake(ssl); 240/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */ 241 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl); 242 ret = SSL_write(ssl, out, outl);
244 243
245 switch (SSL_get_error(ssl,ret)) 244 switch (SSL_get_error(ssl, ret)) {
246 {
247 case SSL_ERROR_NONE: 245 case SSL_ERROR_NONE:
248 if (ret <= 0) break; 246 if (ret <= 0)
249 if (bs->renegotiate_count > 0) 247 break;
250 { 248 if (bs->renegotiate_count > 0) {
251 bs->byte_count+=ret; 249 bs->byte_count += ret;
252 if (bs->byte_count > bs->renegotiate_count) 250 if (bs->byte_count > bs->renegotiate_count) {
253 { 251 bs->byte_count = 0;
254 bs->byte_count=0;
255 bs->num_renegotiates++; 252 bs->num_renegotiates++;
256 SSL_renegotiate(ssl); 253 SSL_renegotiate(ssl);
257 r=1; 254 r = 1;
258 }
259 } 255 }
260 if ((bs->renegotiate_timeout > 0) && (!r)) 256 }
261 { 257 if ((bs->renegotiate_timeout > 0) && (!r)) {
262 unsigned long tm; 258 unsigned long tm;
263 259
264 tm=(unsigned long)time(NULL); 260 tm = (unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout) 261 if (tm > bs->last_time + bs->renegotiate_timeout) {
266 { 262 bs->last_time = tm;
267 bs->last_time=tm;
268 bs->num_renegotiates++; 263 bs->num_renegotiates++;
269 SSL_renegotiate(ssl); 264 SSL_renegotiate(ssl);
270 }
271 } 265 }
266 }
272 break; 267 break;
273 case SSL_ERROR_WANT_WRITE: 268 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b); 269 BIO_set_retry_write(b);
@@ -278,34 +273,34 @@ static int ssl_write(BIO *b, const char *out, int outl)
278 break; 273 break;
279 case SSL_ERROR_WANT_X509_LOOKUP: 274 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b); 275 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP; 276 retry_reason = BIO_RR_SSL_X509_LOOKUP;
282 break; 277 break;
283 case SSL_ERROR_WANT_CONNECT: 278 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b); 279 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT; 280 retry_reason = BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL: 281 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL: 282 case SSL_ERROR_SSL:
288 default: 283 default:
289 break; 284 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 } 285 }
295 286
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) 287 b->retry_reason = retry_reason;
297 { 288 return (ret);
298 SSL **sslp,*ssl; 289}
290
291static long
292ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
293{
294 SSL **sslp, *ssl;
299 BIO_SSL *bs; 295 BIO_SSL *bs;
300 BIO *dbio,*bio; 296 BIO *dbio, *bio;
301 long ret=1; 297 long ret = 1;
302 298
303 bs=(BIO_SSL *)b->ptr; 299 bs = (BIO_SSL *)b->ptr;
304 ssl=bs->ssl; 300 ssl = bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) 301 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0); 302 return (0);
307 switch (cmd) 303 switch (cmd) {
308 {
309 case BIO_CTRL_RESET: 304 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl); 305 SSL_shutdown(ssl);
311 306
@@ -317,14 +312,14 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
317 SSL_clear(ssl); 312 SSL_clear(ssl);
318 313
319 if (b->next_bio != NULL) 314 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 315 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
321 else if (ssl->rbio != NULL) 316 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 317 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
323 else 318 else
324 ret=1; 319 ret = 1;
325 break; 320 break;
326 case BIO_CTRL_INFO: 321 case BIO_CTRL_INFO:
327 ret=0; 322 ret = 0;
328 break; 323 break;
329 case BIO_C_SSL_MODE: 324 case BIO_C_SSL_MODE:
330 if (num) /* client mode */ 325 if (num) /* client mode */
@@ -333,273 +328,273 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
333 SSL_set_accept_state(ssl); 328 SSL_set_accept_state(ssl);
334 break; 329 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: 330 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout; 331 ret = bs->renegotiate_timeout;
337 if (num < 60) num=5; 332 if (num < 60)
338 bs->renegotiate_timeout=(unsigned long)num; 333 num = 5;
339 bs->last_time=(unsigned long)time(NULL); 334 bs->renegotiate_timeout = (unsigned long)num;
335 bs->last_time = (unsigned long)time(NULL);
340 break; 336 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES: 337 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count; 338 ret = bs->renegotiate_count;
343 if ((long)num >=512) 339 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num; 340 bs->renegotiate_count = (unsigned long)num;
345 break; 341 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES: 342 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates; 343 ret = bs->num_renegotiates;
348 break; 344 break;
349 case BIO_C_SET_SSL: 345 case BIO_C_SET_SSL:
350 if (ssl != NULL) 346 if (ssl != NULL) {
351 {
352 ssl_free(b); 347 ssl_free(b);
353 if (!ssl_new(b)) 348 if (!ssl_new(b))
354 return 0; 349 return 0;
355 } 350 }
356 b->shutdown=(int)num; 351 b->shutdown = (int)num;
357 ssl=(SSL *)ptr; 352 ssl = (SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl; 353 ((BIO_SSL *)b->ptr)->ssl = ssl;
359 bio=SSL_get_rbio(ssl); 354 bio = SSL_get_rbio(ssl);
360 if (bio != NULL) 355 if (bio != NULL) {
361 {
362 if (b->next_bio != NULL) 356 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio); 357 BIO_push(bio, b->next_bio);
364 b->next_bio=bio; 358 b->next_bio = bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); 359 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
366 } 360 }
367 b->init=1; 361 b->init = 1;
368 break; 362 break;
369 case BIO_C_GET_SSL: 363 case BIO_C_GET_SSL:
370 if (ptr != NULL) 364 if (ptr != NULL) {
371 { 365 sslp = (SSL **)ptr;
372 sslp=(SSL **)ptr; 366 *sslp = ssl;
373 *sslp=ssl; 367 } else
374 } 368 ret = 0;
375 else
376 ret=0;
377 break; 369 break;
378 case BIO_CTRL_GET_CLOSE: 370 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown; 371 ret = b->shutdown;
380 break; 372 break;
381 case BIO_CTRL_SET_CLOSE: 373 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num; 374 b->shutdown = (int)num;
383 break; 375 break;
384 case BIO_CTRL_WPENDING: 376 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 377 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
386 break; 378 break;
387 case BIO_CTRL_PENDING: 379 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl); 380 ret = SSL_pending(ssl);
389 if (ret == 0) 381 if (ret == 0)
390 ret=BIO_pending(ssl->rbio); 382 ret = BIO_pending(ssl->rbio);
391 break; 383 break;
392 case BIO_CTRL_FLUSH: 384 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b); 385 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 386 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
395 BIO_copy_next_retry(b); 387 BIO_copy_next_retry(b);
396 break; 388 break;
397 case BIO_CTRL_PUSH: 389 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) 390 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
399 { 391 SSL_set_bio(ssl, b->next_bio, b->next_bio);
400 SSL_set_bio(ssl,b->next_bio,b->next_bio); 392 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); 393 }
402 }
403 break; 394 break;
404 case BIO_CTRL_POP: 395 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */ 396 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr) 397 if (b == ptr) {
407 {
408 /* Shouldn't happen in practice because the 398 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed. 399 * rbio and wbio are the same when pushed.
410 */ 400 */
411 if (ssl->rbio != ssl->wbio) 401 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio); 402 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL) 403 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); 404 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL; 405 ssl->wbio = NULL;
416 ssl->rbio=NULL; 406 ssl->rbio = NULL;
417 } 407 }
418 break; 408 break;
419 case BIO_C_DO_STATE_MACHINE: 409 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b); 410 BIO_clear_retry_flags(b);
421 411
422 b->retry_reason=0; 412 b->retry_reason = 0;
423 ret=(int)SSL_do_handshake(ssl); 413 ret = (int)SSL_do_handshake(ssl);
424 414
425 switch (SSL_get_error(ssl,(int)ret)) 415 switch (SSL_get_error(ssl,(int)ret)) {
426 {
427 case SSL_ERROR_WANT_READ: 416 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b, 417 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 418 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break; 419 break;
431 case SSL_ERROR_WANT_WRITE: 420 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b, 421 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); 422 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break; 423 break;
435 case SSL_ERROR_WANT_CONNECT: 424 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b, 425 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); 426 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason; 427 b->retry_reason = b->next_bio->retry_reason;
439 break; 428 break;
440 default: 429 default:
441 break; 430 break;
442 } 431 }
443 break; 432 break;
444 case BIO_CTRL_DUP: 433 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr; 434 dbio = (BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL) 435 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl); 436 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); 437 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count= 438 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
450 ((BIO_SSL *)b->ptr)->renegotiate_count; 439 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count= 440 ((BIO_SSL *)dbio->ptr)->byte_count =
452 ((BIO_SSL *)b->ptr)->byte_count; 441 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= 442 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout; 443 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time= 444 ((BIO_SSL *)dbio->ptr)->last_time =
456 ((BIO_SSL *)b->ptr)->last_time; 445 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); 446 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break; 447 break;
459 case BIO_C_GET_FD: 448 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 449 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
461 break; 450 break;
462 case BIO_CTRL_SET_CALLBACK: 451 case BIO_CTRL_SET_CALLBACK:
463 { 452 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */ 453#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 454 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1; 455 ret = -1;
467#else 456#else
468 ret=0; 457 ret = 0;
469#endif 458#endif
470 } 459 }
471 break; 460 break;
472 case BIO_CTRL_GET_CALLBACK: 461 case BIO_CTRL_GET_CALLBACK:
473 { 462 {
474 void (**fptr)(const SSL *xssl,int type,int val); 463 void (**fptr)(const SSL *xssl, int type, int val);
475 464
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr; 465 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
477 *fptr=SSL_get_info_callback(ssl); 466 *fptr = SSL_get_info_callback(ssl);
478 } 467 }
479 break; 468 break;
480 default: 469 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 470 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
482 break; 471 break;
483 }
484 return(ret);
485 } 472 }
473 return (ret);
474}
486 475
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) 476static long
488 { 477ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
478{
489 SSL *ssl; 479 SSL *ssl;
490 BIO_SSL *bs; 480 BIO_SSL *bs;
491 long ret=1; 481 long ret = 1;
492 482
493 bs=(BIO_SSL *)b->ptr; 483 bs = (BIO_SSL *)b->ptr;
494 ssl=bs->ssl; 484 ssl = bs->ssl;
495 switch (cmd) 485 switch (cmd) {
496 {
497 case BIO_CTRL_SET_CALLBACK: 486 case BIO_CTRL_SET_CALLBACK:
498 { 487 {
499 /* FIXME: setting this via a completely different prototype 488 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */ 489 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); 490 SSL_set_info_callback(ssl,(void (*)(const SSL *, int, int))fp);
502 } 491 }
503 break; 492 break;
504 default: 493 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); 494 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
506 break; 495 break;
507 }
508 return(ret);
509 } 496 }
510 497 return (ret);
511static int ssl_puts(BIO *bp, const char *str) 498}
512 { 499
513 int n,ret; 500static int
514 501ssl_puts(BIO *bp, const char *str)
515 n=strlen(str); 502{
516 ret=BIO_write(bp,str,n); 503 int n, ret;
517 return(ret); 504
518 } 505 n = strlen(str);
519 506 ret = BIO_write(bp, str, n);
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) 507 return (ret);
521 { 508}
509
510BIO
511*BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
512{
522#ifndef OPENSSL_NO_SOCK 513#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL; 514 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
524 515
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL) 516 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL); 517 return (NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) 518 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
528 goto err; 519 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL) 520 if ((ret = BIO_push(buf, ssl)) == NULL)
530 goto err; 521 goto err;
531 return(ret); 522 return (ret);
532err: 523err:
533 if (buf != NULL) BIO_free(buf); 524 if (buf != NULL)
534 if (ssl != NULL) BIO_free(ssl); 525 BIO_free(buf);
526 if (ssl != NULL)
527 BIO_free(ssl);
535#endif 528#endif
536 return(NULL); 529 return (NULL);
537 } 530}
538 531
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx) 532BIO
540 { 533*BIO_new_ssl_connect(SSL_CTX *ctx)
534{
541#ifndef OPENSSL_NO_SOCK 535#ifndef OPENSSL_NO_SOCK
542 BIO *ret=NULL,*con=NULL,*ssl=NULL; 536 BIO *ret = NULL, *con = NULL, *ssl = NULL;
543 537
544 if ((con=BIO_new(BIO_s_connect())) == NULL) 538 if ((con = BIO_new(BIO_s_connect())) == NULL)
545 return(NULL); 539 return (NULL);
546 if ((ssl=BIO_new_ssl(ctx,1)) == NULL) 540 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
547 goto err; 541 goto err;
548 if ((ret=BIO_push(ssl,con)) == NULL) 542 if ((ret = BIO_push(ssl, con)) == NULL)
549 goto err; 543 goto err;
550 return(ret); 544 return (ret);
551err: 545err:
552 if (con != NULL) BIO_free(con); 546 if (con != NULL)
547 BIO_free(con);
553#endif 548#endif
554 return(NULL); 549 return (NULL);
555 } 550}
556 551
557BIO *BIO_new_ssl(SSL_CTX *ctx, int client) 552BIO
558 { 553*BIO_new_ssl(SSL_CTX *ctx, int client)
554{
559 BIO *ret; 555 BIO *ret;
560 SSL *ssl; 556 SSL *ssl;
561 557
562 if ((ret=BIO_new(BIO_f_ssl())) == NULL) 558 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
563 return(NULL); 559 return (NULL);
564 if ((ssl=SSL_new(ctx)) == NULL) 560 if ((ssl = SSL_new(ctx)) == NULL) {
565 {
566 BIO_free(ret); 561 BIO_free(ret);
567 return(NULL); 562 return (NULL);
568 } 563 }
569 if (client) 564 if (client)
570 SSL_set_connect_state(ssl); 565 SSL_set_connect_state(ssl);
571 else 566 else
572 SSL_set_accept_state(ssl); 567 SSL_set_accept_state(ssl);
573
574 BIO_set_ssl(ret,ssl,BIO_CLOSE);
575 return(ret);
576 }
577 568
578int BIO_ssl_copy_session_id(BIO *t, BIO *f) 569 BIO_set_ssl(ret, ssl, BIO_CLOSE);
579 { 570 return (ret);
580 t=BIO_find_type(t,BIO_TYPE_SSL); 571}
581 f=BIO_find_type(f,BIO_TYPE_SSL); 572
573int
574BIO_ssl_copy_session_id(BIO *t, BIO *f)
575{
576 t = BIO_find_type(t, BIO_TYPE_SSL);
577 f = BIO_find_type(f, BIO_TYPE_SSL);
582 if ((t == NULL) || (f == NULL)) 578 if ((t == NULL) || (f == NULL))
583 return(0); 579 return (0);
584 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || 580 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
585 (((BIO_SSL *)f->ptr)->ssl == NULL)) 581 (((BIO_SSL *)f->ptr)->ssl == NULL))
586 return(0); 582 return (0);
587 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); 583 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
588 return(1); 584 return (1);
589 } 585}
590 586
591void BIO_ssl_shutdown(BIO *b) 587void
592 { 588BIO_ssl_shutdown(BIO *b)
589{
593 SSL *s; 590 SSL *s;
594 591
595 while (b != NULL) 592 while (b != NULL) {
596 { 593 if (b->method->type == BIO_TYPE_SSL) {
597 if (b->method->type == BIO_TYPE_SSL) 594 s = ((BIO_SSL *)b->ptr)->ssl;
598 {
599 s=((BIO_SSL *)b->ptr)->ssl;
600 SSL_shutdown(s); 595 SSL_shutdown(s);
601 break; 596 break;
602 }
603 b=b->next_bio;
604 } 597 }
598 b = b->next_bio;
605 } 599 }
600}
diff --git a/src/lib/libssl/src/ssl/tls_srp.c b/src/lib/libssl/src/ssl/tls_srp.c
index 2315a7c0a2..25ab73af9d 100644
--- a/src/lib/libssl/src/ssl/tls_srp.c
+++ b/src/lib/libssl/src/ssl/tls_srp.c
@@ -63,8 +63,8 @@
63#include <openssl/srp.h> 63#include <openssl/srp.h>
64#include <openssl/err.h> 64#include <openssl/err.h>
65 65
66int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) 66int
67 { 67SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) {
68 if (ctx == NULL) 68 if (ctx == NULL)
69 return 0; 69 return 0;
70 OPENSSL_free(ctx->srp_ctx.login); 70 OPENSSL_free(ctx->srp_ctx.login);
@@ -93,10 +93,10 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
93 ctx->srp_ctx.strength = SRP_MINIMAL_N; 93 ctx->srp_ctx.strength = SRP_MINIMAL_N;
94 ctx->srp_ctx.srp_Mask = 0; 94 ctx->srp_ctx.srp_Mask = 0;
95 return (1); 95 return (1);
96 } 96}
97 97
98int SSL_SRP_CTX_free(struct ssl_st *s) 98int
99 { 99SSL_SRP_CTX_free(struct ssl_st *s) {
100 if (s == NULL) 100 if (s == NULL)
101 return 0; 101 return 0;
102 OPENSSL_free(s->srp_ctx.login); 102 OPENSSL_free(s->srp_ctx.login);
@@ -125,10 +125,10 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
125 s->srp_ctx.strength = SRP_MINIMAL_N; 125 s->srp_ctx.strength = SRP_MINIMAL_N;
126 s->srp_ctx.srp_Mask = 0; 126 s->srp_ctx.srp_Mask = 0;
127 return (1); 127 return (1);
128 } 128}
129 129
130int SSL_SRP_CTX_init(struct ssl_st *s) 130int
131 { 131SSL_SRP_CTX_init(struct ssl_st *s) {
132 SSL_CTX *ctx; 132 SSL_CTX *ctx;
133 133
134 if ((s == NULL) || ((ctx = s->ctx) == NULL)) 134 if ((s == NULL) || ((ctx = s->ctx) == NULL))
@@ -154,31 +154,29 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
154 s->srp_ctx.strength = ctx->srp_ctx.strength; 154 s->srp_ctx.strength = ctx->srp_ctx.strength;
155 155
156 if (((ctx->srp_ctx.N != NULL) && 156 if (((ctx->srp_ctx.N != NULL) &&
157 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || 157 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
158 ((ctx->srp_ctx.g != NULL) && 158 ((ctx->srp_ctx.g != NULL) &&
159 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || 159 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
160 ((ctx->srp_ctx.s != NULL) && 160 ((ctx->srp_ctx.s != NULL) &&
161 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || 161 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
162 ((ctx->srp_ctx.B != NULL) && 162 ((ctx->srp_ctx.B != NULL) &&
163 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || 163 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
164 ((ctx->srp_ctx.A != NULL) && 164 ((ctx->srp_ctx.A != NULL) &&
165 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || 165 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
166 ((ctx->srp_ctx.a != NULL) && 166 ((ctx->srp_ctx.a != NULL) &&
167 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || 167 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
168 ((ctx->srp_ctx.v != NULL) && 168 ((ctx->srp_ctx.v != NULL) &&
169 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || 169 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
170 ((ctx->srp_ctx.b != NULL) && 170 ((ctx->srp_ctx.b != NULL) &&
171 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) 171 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
172 { 172 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
173 SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_BN_LIB);
174 goto err; 173 goto err;
175 } 174 }
176 if ((ctx->srp_ctx.login != NULL) && 175 if ((ctx->srp_ctx.login != NULL) &&
177 ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) 176 ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) {
178 { 177 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
179 SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_INTERNAL_ERROR);
180 goto err; 178 goto err;
181 } 179 }
182 s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; 180 s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
183 181
184 return (1); 182 return (1);
@@ -193,10 +191,10 @@ err:
193 BN_free(s->srp_ctx.b); 191 BN_free(s->srp_ctx.b);
194 BN_free(s->srp_ctx.v); 192 BN_free(s->srp_ctx.v);
195 return (0); 193 return (0);
196 } 194}
197 195
198int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) 196int
199 { 197SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) {
200 if (ctx == NULL) 198 if (ctx == NULL)
201 return 0; 199 return 0;
202 200
@@ -222,134 +220,119 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
222 ctx->srp_ctx.strength = SRP_MINIMAL_N; 220 ctx->srp_ctx.strength = SRP_MINIMAL_N;
223 221
224 return (1); 222 return (1);
225 } 223}
226 224
227/* server side */ 225/* server side */
228int SSL_srp_server_param_with_username(SSL *s, int *ad) 226int
229 { 227SSL_srp_server_param_with_username(SSL *s, int *ad)
228{
230 unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; 229 unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
231 int al; 230 int al;
232 231
233 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; 232 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
234 if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) && 233 if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
235 ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE)) 234 ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
236 return al; 235 s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE))
236 return al;
237 237
238 *ad = SSL_AD_INTERNAL_ERROR; 238 *ad = SSL_AD_INTERNAL_ERROR;
239 if ((s->srp_ctx.N == NULL) || 239 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
240 (s->srp_ctx.g == NULL) || 240 (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
241 (s->srp_ctx.s == NULL) ||
242 (s->srp_ctx.v == NULL))
243 return SSL3_AL_FATAL; 241 return SSL3_AL_FATAL;
244 242
245 if (RAND_bytes(b, sizeof(b)) <= 0) 243 if (RAND_bytes(b, sizeof(b)) <= 0)
246 return SSL3_AL_FATAL; 244 return SSL3_AL_FATAL;
247 s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL); 245 s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
248 OPENSSL_cleanse(b,sizeof(b)); 246 OPENSSL_cleanse(b, sizeof(b));
249 247
250 /* Calculate: B = (kv + g^b) % N */ 248 /* Calculate: B = (kv + g^b) % N */
251 249
252 return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL)? 250 return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
253 SSL_ERROR_NONE:SSL3_AL_FATAL; 251}
254 }
255 252
256/* If the server just has the raw password, make up a verifier entry on the fly */ 253/* If the server just has the raw password, make up a verifier entry on the fly */
257int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp) 254int
258 { 255SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp)
256{
259 SRP_gN *GN = SRP_get_default_gN(grp); 257 SRP_gN *GN = SRP_get_default_gN(grp);
260 if(GN == NULL) return -1; 258 if (GN == NULL)
259 return -1;
261 s->srp_ctx.N = BN_dup(GN->N); 260 s->srp_ctx.N = BN_dup(GN->N);
262 s->srp_ctx.g = BN_dup(GN->g); 261 s->srp_ctx.g = BN_dup(GN->g);
263 if(s->srp_ctx.v != NULL) 262 if (s->srp_ctx.v != NULL) {
264 {
265 BN_clear_free(s->srp_ctx.v); 263 BN_clear_free(s->srp_ctx.v);
266 s->srp_ctx.v = NULL; 264 s->srp_ctx.v = NULL;
267 } 265 }
268 if(s->srp_ctx.s != NULL) 266 if (s->srp_ctx.s != NULL) {
269 {
270 BN_clear_free(s->srp_ctx.s); 267 BN_clear_free(s->srp_ctx.s);
271 s->srp_ctx.s = NULL; 268 s->srp_ctx.s = NULL;
272 }
273 if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1;
274
275 return 1;
276 } 269 }
270 if (!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v,
271 GN->N, GN->g))
272 return -1;
277 273
278int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 274 return 1;
279 BIGNUM *sa, BIGNUM *v, char *info) 275}
280 { 276
281 if (N!= NULL) 277int
282 { 278SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
283 if (s->srp_ctx.N != NULL) 279 BIGNUM *sa, BIGNUM *v, char *info)
284 { 280{
285 if (!BN_copy(s->srp_ctx.N,N)) 281 if (N != NULL) {
286 { 282 if (s->srp_ctx.N != NULL) {
283 if (!BN_copy(s->srp_ctx.N, N)) {
287 BN_free(s->srp_ctx.N); 284 BN_free(s->srp_ctx.N);
288 s->srp_ctx.N = NULL; 285 s->srp_ctx.N = NULL;
289 }
290 } 286 }
291 else 287 } else
292 s->srp_ctx.N = BN_dup(N); 288 s->srp_ctx.N = BN_dup(N);
293 } 289 }
294 if (g!= NULL) 290 if (g != NULL) {
295 { 291 if (s->srp_ctx.g != NULL) {
296 if (s->srp_ctx.g != NULL) 292 if (!BN_copy(s->srp_ctx.g, g)) {
297 {
298 if (!BN_copy(s->srp_ctx.g,g))
299 {
300 BN_free(s->srp_ctx.g); 293 BN_free(s->srp_ctx.g);
301 s->srp_ctx.g = NULL; 294 s->srp_ctx.g = NULL;
302 }
303 } 295 }
304 else 296 } else
305 s->srp_ctx.g = BN_dup(g); 297 s->srp_ctx.g = BN_dup(g);
306 } 298 }
307 if (sa!= NULL) 299 if (sa != NULL) {
308 { 300 if (s->srp_ctx.s != NULL) {
309 if (s->srp_ctx.s != NULL) 301 if (!BN_copy(s->srp_ctx.s, sa)) {
310 {
311 if (!BN_copy(s->srp_ctx.s,sa))
312 {
313 BN_free(s->srp_ctx.s); 302 BN_free(s->srp_ctx.s);
314 s->srp_ctx.s = NULL; 303 s->srp_ctx.s = NULL;
315 }
316 } 304 }
317 else 305 } else
318 s->srp_ctx.s = BN_dup(sa); 306 s->srp_ctx.s = BN_dup(sa);
319 } 307 }
320 if (v!= NULL) 308 if (v != NULL) {
321 { 309 if (s->srp_ctx.v != NULL) {
322 if (s->srp_ctx.v != NULL) 310 if (!BN_copy(s->srp_ctx.v, v)) {
323 {
324 if (!BN_copy(s->srp_ctx.v,v))
325 {
326 BN_free(s->srp_ctx.v); 311 BN_free(s->srp_ctx.v);
327 s->srp_ctx.v = NULL; 312 s->srp_ctx.v = NULL;
328 }
329 } 313 }
330 else 314 } else
331 s->srp_ctx.v = BN_dup(v); 315 s->srp_ctx.v = BN_dup(v);
332 } 316 }
333 s->srp_ctx.info = info; 317 s->srp_ctx.info = info;
334 318
335 if (!(s->srp_ctx.N) || 319 if (!(s->srp_ctx.N) || !(s->srp_ctx.g) ||
336 !(s->srp_ctx.g) || 320 !(s->srp_ctx.s) || !(s->srp_ctx.v))
337 !(s->srp_ctx.s) ||
338 !(s->srp_ctx.v))
339 return -1; 321 return -1;
340 322
341 return 1; 323 return 1;
342 } 324}
343 325
344int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key) 326int
345 { 327SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
328{
346 BIGNUM *K = NULL, *u = NULL; 329 BIGNUM *K = NULL, *u = NULL;
347 int ret = -1, tmp_len; 330 int ret = -1, tmp_len;
348 unsigned char *tmp = NULL; 331 unsigned char *tmp = NULL;
349 332
350 if (!SRP_Verify_A_mod_N(s->srp_ctx.A,s->srp_ctx.N)) 333 if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
351 goto err; 334 goto err;
352 if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) 335 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
353 goto err; 336 goto err;
354 if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N))) 337 if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)))
355 goto err; 338 goto err;
@@ -358,21 +341,21 @@ int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key)
358 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) 341 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
359 goto err; 342 goto err;
360 BN_bn2bin(K, tmp); 343 BN_bn2bin(K, tmp);
361 ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 344 ret = s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, tmp_len);
362err: 345err:
363 if (tmp) 346 if (tmp) {
364 { 347 OPENSSL_cleanse(tmp, tmp_len);
365 OPENSSL_cleanse(tmp,tmp_len) ;
366 OPENSSL_free(tmp); 348 OPENSSL_free(tmp);
367 } 349 }
368 BN_clear_free(K); 350 BN_clear_free(K);
369 BN_clear_free(u); 351 BN_clear_free(u);
370 return ret; 352 return ret;
371 } 353}
372 354
373/* client side */ 355/* client side */
374int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key) 356int
375 { 357SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
358{
376 BIGNUM *x = NULL, *u = NULL, *K = NULL; 359 BIGNUM *x = NULL, *u = NULL, *K = NULL;
377 int ret = -1, tmp_len; 360 int ret = -1, tmp_len;
378 char *passwd = NULL; 361 char *passwd = NULL;
@@ -380,128 +363,149 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key)
380 363
381 /* Checks if b % n == 0 364 /* Checks if b % n == 0
382 */ 365 */
383 if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err; 366 if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0)
384 if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err; 367 goto err;
385 if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err; 368 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
386 if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err; 369 goto err;
387 if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err; 370 if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL)
388 if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err; 371 goto err;
372 if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
373 s->srp_ctx.SRP_cb_arg)))
374 goto err;
375 if (!(x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)))
376 goto err;
377 if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g,
378 x, s->srp_ctx.a, u)))
379 goto err;
389 380
390 tmp_len = BN_num_bytes(K); 381 tmp_len = BN_num_bytes(K);
391 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err; 382 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err;
392 BN_bn2bin(K, tmp); 383 BN_bn2bin(K, tmp);
393 ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 384 ret = s->method->ssl3_enc->generate_master_secret(s, master_key,
385 tmp, tmp_len);
394err: 386err:
395 if (tmp) 387 if (tmp) {
396 { 388 OPENSSL_cleanse(tmp, tmp_len);
397 OPENSSL_cleanse(tmp,tmp_len) ;
398 OPENSSL_free(tmp); 389 OPENSSL_free(tmp);
399 } 390 }
400 BN_clear_free(K); 391 BN_clear_free(K);
401 BN_clear_free(x); 392 BN_clear_free(x);
402 if (passwd) 393 if (passwd) {
403 { 394 OPENSSL_cleanse(passwd, strlen(passwd));
404 OPENSSL_cleanse(passwd,strlen(passwd)) ;
405 OPENSSL_free(passwd); 395 OPENSSL_free(passwd);
406 } 396 }
407 BN_clear_free(u); 397 BN_clear_free(u);
408 return ret; 398 return ret;
409 } 399}
410 400
411int SRP_Calc_A_param(SSL *s) 401int
412 { 402SRP_Calc_A_param(SSL *s)
403{
413 unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; 404 unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
414 405
415 if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength) 406 if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
416 return -1; 407 return -1;
417 408
418 if (s->srp_ctx.SRP_verify_param_callback ==NULL && 409 if (s->srp_ctx.SRP_verify_param_callback ==NULL &&
419 !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N)) 410 !SRP_check_known_gN_param(s->srp_ctx.g, s->srp_ctx.N))
420 return -1 ; 411 return -1;
421 412
422 RAND_bytes(rnd, sizeof(rnd)); 413 RAND_bytes(rnd, sizeof(rnd));
423 s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); 414 s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
424 OPENSSL_cleanse(rnd, sizeof(rnd)); 415 OPENSSL_cleanse(rnd, sizeof(rnd));
425 416
426 if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) 417 if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N,
418 s->srp_ctx.g)))
427 return -1; 419 return -1;
428 420
429 /* We can have a callback to verify SRP param!! */ 421 /* We can have a callback to verify SRP param!! */
430 if (s->srp_ctx.SRP_verify_param_callback !=NULL) 422 if (s->srp_ctx.SRP_verify_param_callback !=NULL)
431 return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg); 423 return s->srp_ctx.SRP_verify_param_callback(s,
424 s->srp_ctx.SRP_cb_arg);
432 425
433 return 1; 426 return 1;
434 } 427}
435 428
436BIGNUM *SSL_get_srp_g(SSL *s) 429BIGNUM
437 { 430*SSL_get_srp_g(SSL *s)
431{
438 if (s->srp_ctx.g != NULL) 432 if (s->srp_ctx.g != NULL)
439 return s->srp_ctx.g; 433 return s->srp_ctx.g;
440 return s->ctx->srp_ctx.g; 434 return s->ctx->srp_ctx.g;
441 } 435}
442 436
443BIGNUM *SSL_get_srp_N(SSL *s) 437BIGNUM
444 { 438*SSL_get_srp_N(SSL *s)
439{
445 if (s->srp_ctx.N != NULL) 440 if (s->srp_ctx.N != NULL)
446 return s->srp_ctx.N; 441 return s->srp_ctx.N;
447 return s->ctx->srp_ctx.N; 442 return s->ctx->srp_ctx.N;
448 } 443}
449 444
450char *SSL_get_srp_username(SSL *s) 445char
451 { 446*SSL_get_srp_username(SSL *s)
447{
452 if (s->srp_ctx.login != NULL) 448 if (s->srp_ctx.login != NULL)
453 return s->srp_ctx.login; 449 return s->srp_ctx.login;
454 return s->ctx->srp_ctx.login; 450 return s->ctx->srp_ctx.login;
455 } 451}
456 452
457char *SSL_get_srp_userinfo(SSL *s) 453char
458 { 454*SSL_get_srp_userinfo(SSL *s)
455{
459 if (s->srp_ctx.info != NULL) 456 if (s->srp_ctx.info != NULL)
460 return s->srp_ctx.info; 457 return s->srp_ctx.info;
461 return s->ctx->srp_ctx.info; 458 return s->ctx->srp_ctx.info;
462 } 459}
463 460
464#define tls1_ctx_ctrl ssl3_ctx_ctrl 461#define tls1_ctx_ctrl ssl3_ctx_ctrl
465#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl 462#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
466 463
467int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name) 464int
468 { 465SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
469 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME,0,name); 466{
470 } 467 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
471 468}
472int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password) 469
473 { 470int
474 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD,0,password); 471SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
475 } 472{
476 473 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
477int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) 474}
478 { 475
476int
477SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
478{
479 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, 479 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
480 NULL); 480 NULL);
481 } 481}
482 482
483int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *,void *)) 483int
484 { 484SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *))
485 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, 485{
486 (void (*)(void))cb); 486 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
487 } 487 (void (*)(void))cb);
488 488}
489int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) 489
490 { 490int
491 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_SRP_ARG,0,arg); 491SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
492 } 492{
493 493 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
494int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 494}
495 int (*cb)(SSL *,int *,void *)) 495
496 { 496int
497 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, 497SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
498 (void (*)(void))cb); 498 int (*cb)(SSL *, int *, void *))
499 } 499{
500 500 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
501int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *)) 501 (void (*)(void))cb);
502 { 502}
503 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, 503
504 (void (*)(void))cb); 504int
505 } 505SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *))
506{
507 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
508 (void (*)(void))cb);
509}
506 510
507#endif 511#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:33:02 +0000