summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/bio_ssl.c545
-rw-r--r--src/lib/libssl/src/ssl/LPdir_unix.c102
-rw-r--r--src/lib/libssl/src/ssl/bio_ssl.c545
-rw-r--r--src/lib/libssl/src/ssl/tls_srp.c388
4 files changed, 784 insertions, 796 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index e9552caee2..65077aaa00 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -72,8 +72,7 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h); 72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data); 73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st 75typedef struct bio_ssl_st {
76 {
77 SSL *ssl; /* The ssl handle :-) */ 76 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */ 77 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates; 78 int num_renegotiates;
@@ -81,11 +80,10 @@ typedef struct bio_ssl_st
81 unsigned long byte_count; 80 unsigned long byte_count;
82 unsigned long renegotiate_timeout; 81 unsigned long renegotiate_timeout;
83 unsigned long last_time; 82 unsigned long last_time;
84 } BIO_SSL; 83} BIO_SSL;
85 84
86static BIO_METHOD methods_sslp= 85static BIO_METHOD methods_sslp = {
87 { 86 BIO_TYPE_SSL, "ssl",
88 BIO_TYPE_SSL,"ssl",
89 ssl_write, 87 ssl_write,
90 ssl_read, 88 ssl_read,
91 ssl_puts, 89 ssl_puts,
@@ -94,106 +92,105 @@ static BIO_METHOD methods_sslp=
94 ssl_new, 92 ssl_new,
95 ssl_free, 93 ssl_free,
96 ssl_callback_ctrl, 94 ssl_callback_ctrl,
97 }; 95};
98 96
99BIO_METHOD *BIO_f_ssl(void) 97BIO_METHOD
100 { 98*BIO_f_ssl(void)
101 return(&methods_sslp); 99{
102 } 100 return (&methods_sslp);
101}
103 102
104static int ssl_new(BIO *bi) 103static int
105 { 104ssl_new(BIO *bi)
105{
106 BIO_SSL *bs; 106 BIO_SSL *bs;
107 107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); 108 bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL) 109 if (bs == NULL) {
110 { 110 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 111 return (0);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 } 112 }
120 113 memset(bs, 0, sizeof(BIO_SSL));
121static int ssl_free(BIO *a) 114 bi->init = 0;
122 { 115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs; 123 BIO_SSL *bs;
124 124
125 if (a == NULL) return(0); 125 if (a == NULL)
126 bs=(BIO_SSL *)a->ptr; 126 return (0);
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl); 127 bs = (BIO_SSL *)a->ptr;
128 if (a->shutdown) 128 if (bs->ssl != NULL)
129 { 129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
130 if (a->init && (bs->ssl != NULL)) 131 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl); 132 SSL_free(bs->ssl);
132 a->init=0; 133 a->init = 0;
133 a->flags=0; 134 a->flags = 0;
134 } 135 }
135 if (a->ptr != NULL) 136 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr); 137 OPENSSL_free(a->ptr);
137 return(1); 138 return (1);
138 } 139}
139 140
140static int ssl_read(BIO *b, char *out, int outl) 141static int
141 { 142ssl_read(BIO *b, char *out, int outl)
142 int ret=1; 143{
144 int ret = 1;
143 BIO_SSL *sb; 145 BIO_SSL *sb;
144 SSL *ssl; 146 SSL *ssl;
145 int retry_reason=0; 147 int retry_reason = 0;
146 int r=0; 148 int r = 0;
147 149
148 if (out == NULL) return(0); 150 if (out == NULL)
149 sb=(BIO_SSL *)b->ptr; 151 return (0);
150 ssl=sb->ssl; 152 sb = (BIO_SSL *)b->ptr;
153 ssl = sb->ssl;
151 154
152 BIO_clear_retry_flags(b); 155 BIO_clear_retry_flags(b);
153 156
154#if 0 157#if 0
155 if (!SSL_is_init_finished(ssl)) 158 if (!SSL_is_init_finished(ssl)) {
156 {
157/* ret=SSL_do_handshake(ssl); */ 159/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0) 160 if (ret > 0) {
159 {
160 161
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 162 outflags = (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1; 163 ret = -1;
163 goto end; 164 goto end;
164 }
165 } 165 }
166 }
166#endif 167#endif
167/* if (ret > 0) */ 168/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl); 169 ret = SSL_read(ssl, out, outl);
169 170
170 switch (SSL_get_error(ssl,ret)) 171 switch (SSL_get_error(ssl, ret)) {
171 {
172 case SSL_ERROR_NONE: 172 case SSL_ERROR_NONE:
173 if (ret <= 0) break; 173 if (ret <= 0)
174 if (sb->renegotiate_count > 0) 174 break;
175 { 175 if (sb->renegotiate_count > 0) {
176 sb->byte_count+=ret; 176 sb->byte_count += ret;
177 if (sb->byte_count > sb->renegotiate_count) 177 if (sb->byte_count > sb->renegotiate_count) {
178 { 178 sb->byte_count = 0;
179 sb->byte_count=0;
180 sb->num_renegotiates++; 179 sb->num_renegotiates++;
181 SSL_renegotiate(ssl); 180 SSL_renegotiate(ssl);
182 r=1; 181 r = 1;
183 }
184 } 182 }
185 if ((sb->renegotiate_timeout > 0) && (!r)) 183 }
186 { 184 if ((sb->renegotiate_timeout > 0) && (!r)) {
187 unsigned long tm; 185 unsigned long tm;
188 186
189 tm=(unsigned long)time(NULL); 187 tm = (unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout) 188 if (tm > sb->last_time + sb->renegotiate_timeout) {
191 { 189 sb->last_time = tm;
192 sb->last_time=tm;
193 sb->num_renegotiates++; 190 sb->num_renegotiates++;
194 SSL_renegotiate(ssl); 191 SSL_renegotiate(ssl);
195 }
196 } 192 }
193 }
197 194
198 break; 195 break;
199 case SSL_ERROR_WANT_READ: 196 case SSL_ERROR_WANT_READ:
@@ -204,71 +201,69 @@ static int ssl_read(BIO *b, char *out, int outl)
204 break; 201 break;
205 case SSL_ERROR_WANT_X509_LOOKUP: 202 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b); 203 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP; 204 retry_reason = BIO_RR_SSL_X509_LOOKUP;
208 break; 205 break;
209 case SSL_ERROR_WANT_ACCEPT: 206 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b); 207 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT; 208 retry_reason = BIO_RR_ACCEPT;
212 break; 209 break;
213 case SSL_ERROR_WANT_CONNECT: 210 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b); 211 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT; 212 retry_reason = BIO_RR_CONNECT;
216 break; 213 break;
217 case SSL_ERROR_SYSCALL: 214 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL: 215 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN: 216 case SSL_ERROR_ZERO_RETURN:
220 default: 217 default:
221 break; 218 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 } 219 }
227 220
228static int ssl_write(BIO *b, const char *out, int outl) 221 b->retry_reason = retry_reason;
229 { 222 return (ret);
230 int ret,r=0; 223}
231 int retry_reason=0; 224
225static int
226ssl_write(BIO *b, const char *out, int outl)
227{
228 int ret, r = 0;
229 int retry_reason = 0;
232 SSL *ssl; 230 SSL *ssl;
233 BIO_SSL *bs; 231 BIO_SSL *bs;
234 232
235 if (out == NULL) return(0); 233 if (out == NULL)
236 bs=(BIO_SSL *)b->ptr; 234 return (0);
237 ssl=bs->ssl; 235 bs = (BIO_SSL *)b->ptr;
236 ssl = bs->ssl;
238 237
239 BIO_clear_retry_flags(b); 238 BIO_clear_retry_flags(b);
240 239
241/* ret=SSL_do_handshake(ssl); 240/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */ 241 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl); 242 ret = SSL_write(ssl, out, outl);
244 243
245 switch (SSL_get_error(ssl,ret)) 244 switch (SSL_get_error(ssl, ret)) {
246 {
247 case SSL_ERROR_NONE: 245 case SSL_ERROR_NONE:
248 if (ret <= 0) break; 246 if (ret <= 0)
249 if (bs->renegotiate_count > 0) 247 break;
250 { 248 if (bs->renegotiate_count > 0) {
251 bs->byte_count+=ret; 249 bs->byte_count += ret;
252 if (bs->byte_count > bs->renegotiate_count) 250 if (bs->byte_count > bs->renegotiate_count) {
253 { 251 bs->byte_count = 0;
254 bs->byte_count=0;
255 bs->num_renegotiates++; 252 bs->num_renegotiates++;
256 SSL_renegotiate(ssl); 253 SSL_renegotiate(ssl);
257 r=1; 254 r = 1;
258 }
259 } 255 }
260 if ((bs->renegotiate_timeout > 0) && (!r)) 256 }
261 { 257 if ((bs->renegotiate_timeout > 0) && (!r)) {
262 unsigned long tm; 258 unsigned long tm;
263 259
264 tm=(unsigned long)time(NULL); 260 tm = (unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout) 261 if (tm > bs->last_time + bs->renegotiate_timeout) {
266 { 262 bs->last_time = tm;
267 bs->last_time=tm;
268 bs->num_renegotiates++; 263 bs->num_renegotiates++;
269 SSL_renegotiate(ssl); 264 SSL_renegotiate(ssl);
270 }
271 } 265 }
266 }
272 break; 267 break;
273 case SSL_ERROR_WANT_WRITE: 268 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b); 269 BIO_set_retry_write(b);
@@ -278,34 +273,34 @@ static int ssl_write(BIO *b, const char *out, int outl)
278 break; 273 break;
279 case SSL_ERROR_WANT_X509_LOOKUP: 274 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b); 275 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP; 276 retry_reason = BIO_RR_SSL_X509_LOOKUP;
282 break; 277 break;
283 case SSL_ERROR_WANT_CONNECT: 278 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b); 279 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT; 280 retry_reason = BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL: 281 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL: 282 case SSL_ERROR_SSL:
288 default: 283 default:
289 break; 284 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 } 285 }
295 286
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) 287 b->retry_reason = retry_reason;
297 { 288 return (ret);
298 SSL **sslp,*ssl; 289}
290
291static long
292ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
293{
294 SSL **sslp, *ssl;
299 BIO_SSL *bs; 295 BIO_SSL *bs;
300 BIO *dbio,*bio; 296 BIO *dbio, *bio;
301 long ret=1; 297 long ret = 1;
302 298
303 bs=(BIO_SSL *)b->ptr; 299 bs = (BIO_SSL *)b->ptr;
304 ssl=bs->ssl; 300 ssl = bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) 301 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0); 302 return (0);
307 switch (cmd) 303 switch (cmd) {
308 {
309 case BIO_CTRL_RESET: 304 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl); 305 SSL_shutdown(ssl);
311 306
@@ -317,14 +312,14 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
317 SSL_clear(ssl); 312 SSL_clear(ssl);
318 313
319 if (b->next_bio != NULL) 314 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 315 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
321 else if (ssl->rbio != NULL) 316 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 317 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
323 else 318 else
324 ret=1; 319 ret = 1;
325 break; 320 break;
326 case BIO_CTRL_INFO: 321 case BIO_CTRL_INFO:
327 ret=0; 322 ret = 0;
328 break; 323 break;
329 case BIO_C_SSL_MODE: 324 case BIO_C_SSL_MODE:
330 if (num) /* client mode */ 325 if (num) /* client mode */
@@ -333,273 +328,273 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
333 SSL_set_accept_state(ssl); 328 SSL_set_accept_state(ssl);
334 break; 329 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: 330 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout; 331 ret = bs->renegotiate_timeout;
337 if (num < 60) num=5; 332 if (num < 60)
338 bs->renegotiate_timeout=(unsigned long)num; 333 num = 5;
339 bs->last_time=(unsigned long)time(NULL); 334 bs->renegotiate_timeout = (unsigned long)num;
335 bs->last_time = (unsigned long)time(NULL);
340 break; 336 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES: 337 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count; 338 ret = bs->renegotiate_count;
343 if ((long)num >=512) 339 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num; 340 bs->renegotiate_count = (unsigned long)num;
345 break; 341 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES: 342 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates; 343 ret = bs->num_renegotiates;
348 break; 344 break;
349 case BIO_C_SET_SSL: 345 case BIO_C_SET_SSL:
350 if (ssl != NULL) 346 if (ssl != NULL) {
351 {
352 ssl_free(b); 347 ssl_free(b);
353 if (!ssl_new(b)) 348 if (!ssl_new(b))
354 return 0; 349 return 0;
355 } 350 }
356 b->shutdown=(int)num; 351 b->shutdown = (int)num;
357 ssl=(SSL *)ptr; 352 ssl = (SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl; 353 ((BIO_SSL *)b->ptr)->ssl = ssl;
359 bio=SSL_get_rbio(ssl); 354 bio = SSL_get_rbio(ssl);
360 if (bio != NULL) 355 if (bio != NULL) {
361 {
362 if (b->next_bio != NULL) 356 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio); 357 BIO_push(bio, b->next_bio);
364 b->next_bio=bio; 358 b->next_bio = bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); 359 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
366 } 360 }
367 b->init=1; 361 b->init = 1;
368 break; 362 break;
369 case BIO_C_GET_SSL: 363 case BIO_C_GET_SSL:
370 if (ptr != NULL) 364 if (ptr != NULL) {
371 { 365 sslp = (SSL **)ptr;
372 sslp=(SSL **)ptr; 366 *sslp = ssl;
373 *sslp=ssl; 367 } else
374 } 368 ret = 0;
375 else
376 ret=0;
377 break; 369 break;
378 case BIO_CTRL_GET_CLOSE: 370 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown; 371 ret = b->shutdown;
380 break; 372 break;
381 case BIO_CTRL_SET_CLOSE: 373 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num; 374 b->shutdown = (int)num;
383 break; 375 break;
384 case BIO_CTRL_WPENDING: 376 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 377 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
386 break; 378 break;
387 case BIO_CTRL_PENDING: 379 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl); 380 ret = SSL_pending(ssl);
389 if (ret == 0) 381 if (ret == 0)
390 ret=BIO_pending(ssl->rbio); 382 ret = BIO_pending(ssl->rbio);
391 break; 383 break;
392 case BIO_CTRL_FLUSH: 384 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b); 385 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 386 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
395 BIO_copy_next_retry(b); 387 BIO_copy_next_retry(b);
396 break; 388 break;
397 case BIO_CTRL_PUSH: 389 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) 390 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
399 { 391 SSL_set_bio(ssl, b->next_bio, b->next_bio);
400 SSL_set_bio(ssl,b->next_bio,b->next_bio); 392 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); 393 }
402 }
403 break; 394 break;
404 case BIO_CTRL_POP: 395 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */ 396 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr) 397 if (b == ptr) {
407 {
408 /* Shouldn't happen in practice because the 398 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed. 399 * rbio and wbio are the same when pushed.
410 */ 400 */
411 if (ssl->rbio != ssl->wbio) 401 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio); 402 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL) 403 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); 404 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL; 405 ssl->wbio = NULL;
416 ssl->rbio=NULL; 406 ssl->rbio = NULL;
417 } 407 }
418 break; 408 break;
419 case BIO_C_DO_STATE_MACHINE: 409 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b); 410 BIO_clear_retry_flags(b);
421 411
422 b->retry_reason=0; 412 b->retry_reason = 0;
423 ret=(int)SSL_do_handshake(ssl); 413 ret = (int)SSL_do_handshake(ssl);
424 414
425 switch (SSL_get_error(ssl,(int)ret)) 415 switch (SSL_get_error(ssl,(int)ret)) {
426 {
427 case SSL_ERROR_WANT_READ: 416 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b, 417 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 418 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break; 419 break;
431 case SSL_ERROR_WANT_WRITE: 420 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b, 421 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); 422 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break; 423 break;
435 case SSL_ERROR_WANT_CONNECT: 424 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b, 425 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); 426 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason; 427 b->retry_reason = b->next_bio->retry_reason;
439 break; 428 break;
440 default: 429 default:
441 break; 430 break;
442 } 431 }
443 break; 432 break;
444 case BIO_CTRL_DUP: 433 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr; 434 dbio = (BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL) 435 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl); 436 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); 437 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count= 438 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
450 ((BIO_SSL *)b->ptr)->renegotiate_count; 439 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count= 440 ((BIO_SSL *)dbio->ptr)->byte_count =
452 ((BIO_SSL *)b->ptr)->byte_count; 441 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= 442 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout; 443 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time= 444 ((BIO_SSL *)dbio->ptr)->last_time =
456 ((BIO_SSL *)b->ptr)->last_time; 445 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); 446 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break; 447 break;
459 case BIO_C_GET_FD: 448 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 449 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
461 break; 450 break;
462 case BIO_CTRL_SET_CALLBACK: 451 case BIO_CTRL_SET_CALLBACK:
463 { 452 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */ 453#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 454 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1; 455 ret = -1;
467#else 456#else
468 ret=0; 457 ret = 0;
469#endif 458#endif
470 } 459 }
471 break; 460 break;
472 case BIO_CTRL_GET_CALLBACK: 461 case BIO_CTRL_GET_CALLBACK:
473 { 462 {
474 void (**fptr)(const SSL *xssl,int type,int val); 463 void (**fptr)(const SSL *xssl, int type, int val);
475 464
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr; 465 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
477 *fptr=SSL_get_info_callback(ssl); 466 *fptr = SSL_get_info_callback(ssl);
478 } 467 }
479 break; 468 break;
480 default: 469 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 470 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
482 break; 471 break;
483 }
484 return(ret);
485 } 472 }
473 return (ret);
474}
486 475
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) 476static long
488 { 477ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
478{
489 SSL *ssl; 479 SSL *ssl;
490 BIO_SSL *bs; 480 BIO_SSL *bs;
491 long ret=1; 481 long ret = 1;
492 482
493 bs=(BIO_SSL *)b->ptr; 483 bs = (BIO_SSL *)b->ptr;
494 ssl=bs->ssl; 484 ssl = bs->ssl;
495 switch (cmd) 485 switch (cmd) {
496 {
497 case BIO_CTRL_SET_CALLBACK: 486 case BIO_CTRL_SET_CALLBACK:
498 { 487 {
499 /* FIXME: setting this via a completely different prototype 488 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */ 489 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); 490 SSL_set_info_callback(ssl,(void (*)(const SSL *, int, int))fp);
502 } 491 }
503 break; 492 break;
504 default: 493 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); 494 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
506 break; 495 break;
507 }
508 return(ret);
509 } 496 }
510 497 return (ret);
511static int ssl_puts(BIO *bp, const char *str) 498}
512 { 499
513 int n,ret; 500static int
514 501ssl_puts(BIO *bp, const char *str)
515 n=strlen(str); 502{
516 ret=BIO_write(bp,str,n); 503 int n, ret;
517 return(ret); 504
518 } 505 n = strlen(str);
519 506 ret = BIO_write(bp, str, n);
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) 507 return (ret);
521 { 508}
509
510BIO
511*BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
512{
522#ifndef OPENSSL_NO_SOCK 513#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL; 514 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
524 515
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL) 516 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL); 517 return (NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) 518 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
528 goto err; 519 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL) 520 if ((ret = BIO_push(buf, ssl)) == NULL)
530 goto err; 521 goto err;
531 return(ret); 522 return (ret);
532err: 523err:
533 if (buf != NULL) BIO_free(buf); 524 if (buf != NULL)
534 if (ssl != NULL) BIO_free(ssl); 525 BIO_free(buf);
526 if (ssl != NULL)
527 BIO_free(ssl);
535#endif 528#endif
536 return(NULL); 529 return (NULL);
537 } 530}
538 531
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx) 532BIO
540 { 533*BIO_new_ssl_connect(SSL_CTX *ctx)
534{
541#ifndef OPENSSL_NO_SOCK 535#ifndef OPENSSL_NO_SOCK
542 BIO *ret=NULL,*con=NULL,*ssl=NULL; 536 BIO *ret = NULL, *con = NULL, *ssl = NULL;
543 537
544 if ((con=BIO_new(BIO_s_connect())) == NULL) 538 if ((con = BIO_new(BIO_s_connect())) == NULL)
545 return(NULL); 539 return (NULL);
546 if ((ssl=BIO_new_ssl(ctx,1)) == NULL) 540 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
547 goto err; 541 goto err;
548 if ((ret=BIO_push(ssl,con)) == NULL) 542 if ((ret = BIO_push(ssl, con)) == NULL)
549 goto err; 543 goto err;
550 return(ret); 544 return (ret);
551err: 545err:
552 if (con != NULL) BIO_free(con); 546 if (con != NULL)
547 BIO_free(con);
553#endif 548#endif
554 return(NULL); 549 return (NULL);
555 } 550}
556 551
557BIO *BIO_new_ssl(SSL_CTX *ctx, int client) 552BIO
558 { 553*BIO_new_ssl(SSL_CTX *ctx, int client)
554{
559 BIO *ret; 555 BIO *ret;
560 SSL *ssl; 556 SSL *ssl;
561 557
562 if ((ret=BIO_new(BIO_f_ssl())) == NULL) 558 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
563 return(NULL); 559 return (NULL);
564 if ((ssl=SSL_new(ctx)) == NULL) 560 if ((ssl = SSL_new(ctx)) == NULL) {
565 {
566 BIO_free(ret); 561 BIO_free(ret);
567 return(NULL); 562 return (NULL);
568 } 563 }
569 if (client) 564 if (client)
570 SSL_set_connect_state(ssl); 565 SSL_set_connect_state(ssl);
571 else 566 else
572 SSL_set_accept_state(ssl); 567 SSL_set_accept_state(ssl);
573
574 BIO_set_ssl(ret,ssl,BIO_CLOSE);
575 return(ret);
576 }
577 568
578int BIO_ssl_copy_session_id(BIO *t, BIO *f) 569 BIO_set_ssl(ret, ssl, BIO_CLOSE);
579 { 570 return (ret);
580 t=BIO_find_type(t,BIO_TYPE_SSL); 571}
581 f=BIO_find_type(f,BIO_TYPE_SSL); 572
573int
574BIO_ssl_copy_session_id(BIO *t, BIO *f)
575{
576 t = BIO_find_type(t, BIO_TYPE_SSL);
577 f = BIO_find_type(f, BIO_TYPE_SSL);
582 if ((t == NULL) || (f == NULL)) 578 if ((t == NULL) || (f == NULL))
583 return(0); 579 return (0);
584 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || 580 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
585 (((BIO_SSL *)f->ptr)->ssl == NULL)) 581 (((BIO_SSL *)f->ptr)->ssl == NULL))
586 return(0); 582 return (0);
587 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); 583 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
588 return(1); 584 return (1);
589 } 585}
590 586
591void BIO_ssl_shutdown(BIO *b) 587void
592 { 588BIO_ssl_shutdown(BIO *b)
589{
593 SSL *s; 590 SSL *s;
594 591
595 while (b != NULL) 592 while (b != NULL) {
596 { 593 if (b->method->type == BIO_TYPE_SSL) {
597 if (b->method->type == BIO_TYPE_SSL) 594 s = ((BIO_SSL *)b->ptr)->ssl;
598 {
599 s=((BIO_SSL *)b->ptr)->ssl;
600 SSL_shutdown(s); 595 SSL_shutdown(s);
601 break; 596 break;
602 }
603 b=b->next_bio;
604 } 597 }
598 b = b->next_bio;
605 } 599 }
600}
diff --git a/src/lib/libssl/src/ssl/LPdir_unix.c b/src/lib/libssl/src/ssl/LPdir_unix.c
index b004cd99e8..000a1bd819 100644
--- a/src/lib/libssl/src/ssl/LPdir_unix.c
+++ b/src/lib/libssl/src/ssl/LPdir_unix.c
@@ -56,72 +56,66 @@
56# define LP_ENTRY_SIZE 255 56# define LP_ENTRY_SIZE 255
57#endif 57#endif
58 58
59struct LP_dir_context_st 59struct LP_dir_context_st {
60{ 60 DIR *dir;
61 DIR *dir; 61 char entry_name[LP_ENTRY_SIZE + 1];
62 char entry_name[LP_ENTRY_SIZE+1];
63}; 62};
64 63
65const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) 64const char
65*LP_find_file(LP_DIR_CTX **ctx, const char *directory)
66{ 66{
67 struct dirent *direntry = NULL; 67 struct dirent *direntry = NULL;
68
69 if (ctx == NULL || directory == NULL)
70 {
71 errno = EINVAL;
72 return 0;
73 }
74 68
75 errno = 0; 69 if (ctx == NULL || directory == NULL) {
76 if (*ctx == NULL) 70 errno = EINVAL;
77 { 71 return 0;
78 *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
79 if (*ctx == NULL)
80 {
81 errno = ENOMEM;
82 return 0;
83 } 72 }
84 memset(*ctx, '\0', sizeof(LP_DIR_CTX));
85 73
86 (*ctx)->dir = opendir(directory); 74 errno = 0;
87 if ((*ctx)->dir == NULL) 75 if (*ctx == NULL) {
88 { 76 *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
89 int save_errno = errno; /* Probably not needed, but I'm paranoid */ 77 if (*ctx == NULL) {
90 free(*ctx); 78 errno = ENOMEM;
91 *ctx = NULL; 79 return 0;
92 errno = save_errno; 80 }
93 return 0; 81 memset(*ctx, '\0', sizeof(LP_DIR_CTX));
82
83 (*ctx)->dir = opendir(directory);
84 if ((*ctx)->dir == NULL) {
85 int save_errno = errno; /* Probably not needed, but I'm paranoid */
86 free(*ctx);
87 *ctx = NULL;
88 errno = save_errno;
89 return 0;
90 }
94 } 91 }
95 }
96 92
97 direntry = readdir((*ctx)->dir); 93 direntry = readdir((*ctx)->dir);
98 if (direntry == NULL) 94 if (direntry == NULL) {
99 { 95 return 0;
100 return 0; 96 }
101 }
102 97
103 strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); 98 strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
104 (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; 99 (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
105 return (*ctx)->entry_name; 100 return (*ctx)->entry_name;
106} 101}
107 102
108int LP_find_file_end(LP_DIR_CTX **ctx) 103int
104LP_find_file_end(LP_DIR_CTX **ctx)
109{ 105{
110 if (ctx != NULL && *ctx != NULL) 106 if (ctx != NULL && *ctx != NULL) {
111 { 107 int ret = closedir((*ctx)->dir);
112 int ret = closedir((*ctx)->dir);
113 108
114 free(*ctx); 109 free(*ctx);
115 switch (ret) 110 switch (ret) {
116 { 111 case 0:
117 case 0: 112 return 1;
118 return 1; 113 case -1:
119 case -1: 114 return 0;
120 return 0; 115 default:
121 default: 116 break;
122 break; 117 }
123 } 118 }
124 } 119 errno = EINVAL;
125 errno = EINVAL; 120 return 0;
126 return 0;
127} 121}
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c
index e9552caee2..65077aaa00 100644
--- a/src/lib/libssl/src/ssl/bio_ssl.c
+++ b/src/lib/libssl/src/ssl/bio_ssl.c
@@ -72,8 +72,7 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h); 72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data); 73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st 75typedef struct bio_ssl_st {
76 {
77 SSL *ssl; /* The ssl handle :-) */ 76 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */ 77 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates; 78 int num_renegotiates;
@@ -81,11 +80,10 @@ typedef struct bio_ssl_st
81 unsigned long byte_count; 80 unsigned long byte_count;
82 unsigned long renegotiate_timeout; 81 unsigned long renegotiate_timeout;
83 unsigned long last_time; 82 unsigned long last_time;
84 } BIO_SSL; 83} BIO_SSL;
85 84
86static BIO_METHOD methods_sslp= 85static BIO_METHOD methods_sslp = {
87 { 86 BIO_TYPE_SSL, "ssl",
88 BIO_TYPE_SSL,"ssl",
89 ssl_write, 87 ssl_write,
90 ssl_read, 88 ssl_read,
91 ssl_puts, 89 ssl_puts,
@@ -94,106 +92,105 @@ static BIO_METHOD methods_sslp=
94 ssl_new, 92 ssl_new,
95 ssl_free, 93 ssl_free,
96 ssl_callback_ctrl, 94 ssl_callback_ctrl,
97 }; 95};
98 96
99BIO_METHOD *BIO_f_ssl(void) 97BIO_METHOD
100 { 98*BIO_f_ssl(void)
101 return(&methods_sslp); 99{
102 } 100 return (&methods_sslp);
101}
103 102
104static int ssl_new(BIO *bi) 103static int
105 { 104ssl_new(BIO *bi)
105{
106 BIO_SSL *bs; 106 BIO_SSL *bs;
107 107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); 108 bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL) 109 if (bs == NULL) {
110 { 110 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); 111 return (0);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 } 112 }
120 113 memset(bs, 0, sizeof(BIO_SSL));
121static int ssl_free(BIO *a) 114 bi->init = 0;
122 { 115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs; 123 BIO_SSL *bs;
124 124
125 if (a == NULL) return(0); 125 if (a == NULL)
126 bs=(BIO_SSL *)a->ptr; 126 return (0);
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl); 127 bs = (BIO_SSL *)a->ptr;
128 if (a->shutdown) 128 if (bs->ssl != NULL)
129 { 129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
130 if (a->init && (bs->ssl != NULL)) 131 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl); 132 SSL_free(bs->ssl);
132 a->init=0; 133 a->init = 0;
133 a->flags=0; 134 a->flags = 0;
134 } 135 }
135 if (a->ptr != NULL) 136 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr); 137 OPENSSL_free(a->ptr);
137 return(1); 138 return (1);
138 } 139}
139 140
140static int ssl_read(BIO *b, char *out, int outl) 141static int
141 { 142ssl_read(BIO *b, char *out, int outl)
142 int ret=1; 143{
144 int ret = 1;
143 BIO_SSL *sb; 145 BIO_SSL *sb;
144 SSL *ssl; 146 SSL *ssl;
145 int retry_reason=0; 147 int retry_reason = 0;
146 int r=0; 148 int r = 0;
147 149
148 if (out == NULL) return(0); 150 if (out == NULL)
149 sb=(BIO_SSL *)b->ptr; 151 return (0);
150 ssl=sb->ssl; 152 sb = (BIO_SSL *)b->ptr;
153 ssl = sb->ssl;
151 154
152 BIO_clear_retry_flags(b); 155 BIO_clear_retry_flags(b);
153 156
154#if 0 157#if 0
155 if (!SSL_is_init_finished(ssl)) 158 if (!SSL_is_init_finished(ssl)) {
156 {
157/* ret=SSL_do_handshake(ssl); */ 159/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0) 160 if (ret > 0) {
159 {
160 161
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 162 outflags = (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1; 163 ret = -1;
163 goto end; 164 goto end;
164 }
165 } 165 }
166 }
166#endif 167#endif
167/* if (ret > 0) */ 168/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl); 169 ret = SSL_read(ssl, out, outl);
169 170
170 switch (SSL_get_error(ssl,ret)) 171 switch (SSL_get_error(ssl, ret)) {
171 {
172 case SSL_ERROR_NONE: 172 case SSL_ERROR_NONE:
173 if (ret <= 0) break; 173 if (ret <= 0)
174 if (sb->renegotiate_count > 0) 174 break;
175 { 175 if (sb->renegotiate_count > 0) {
176 sb->byte_count+=ret; 176 sb->byte_count += ret;
177 if (sb->byte_count > sb->renegotiate_count) 177 if (sb->byte_count > sb->renegotiate_count) {
178 { 178 sb->byte_count = 0;
179 sb->byte_count=0;
180 sb->num_renegotiates++; 179 sb->num_renegotiates++;
181 SSL_renegotiate(ssl); 180 SSL_renegotiate(ssl);
182 r=1; 181 r = 1;
183 }
184 } 182 }
185 if ((sb->renegotiate_timeout > 0) && (!r)) 183 }
186 { 184 if ((sb->renegotiate_timeout > 0) && (!r)) {
187 unsigned long tm; 185 unsigned long tm;
188 186
189 tm=(unsigned long)time(NULL); 187 tm = (unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout) 188 if (tm > sb->last_time + sb->renegotiate_timeout) {
191 { 189 sb->last_time = tm;
192 sb->last_time=tm;
193 sb->num_renegotiates++; 190 sb->num_renegotiates++;
194 SSL_renegotiate(ssl); 191 SSL_renegotiate(ssl);
195 }
196 } 192 }
193 }
197 194
198 break; 195 break;
199 case SSL_ERROR_WANT_READ: 196 case SSL_ERROR_WANT_READ:
@@ -204,71 +201,69 @@ static int ssl_read(BIO *b, char *out, int outl)
204 break; 201 break;
205 case SSL_ERROR_WANT_X509_LOOKUP: 202 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b); 203 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP; 204 retry_reason = BIO_RR_SSL_X509_LOOKUP;
208 break; 205 break;
209 case SSL_ERROR_WANT_ACCEPT: 206 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b); 207 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT; 208 retry_reason = BIO_RR_ACCEPT;
212 break; 209 break;
213 case SSL_ERROR_WANT_CONNECT: 210 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b); 211 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT; 212 retry_reason = BIO_RR_CONNECT;
216 break; 213 break;
217 case SSL_ERROR_SYSCALL: 214 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL: 215 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN: 216 case SSL_ERROR_ZERO_RETURN:
220 default: 217 default:
221 break; 218 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 } 219 }
227 220
228static int ssl_write(BIO *b, const char *out, int outl) 221 b->retry_reason = retry_reason;
229 { 222 return (ret);
230 int ret,r=0; 223}
231 int retry_reason=0; 224
225static int
226ssl_write(BIO *b, const char *out, int outl)
227{
228 int ret, r = 0;
229 int retry_reason = 0;
232 SSL *ssl; 230 SSL *ssl;
233 BIO_SSL *bs; 231 BIO_SSL *bs;
234 232
235 if (out == NULL) return(0); 233 if (out == NULL)
236 bs=(BIO_SSL *)b->ptr; 234 return (0);
237 ssl=bs->ssl; 235 bs = (BIO_SSL *)b->ptr;
236 ssl = bs->ssl;
238 237
239 BIO_clear_retry_flags(b); 238 BIO_clear_retry_flags(b);
240 239
241/* ret=SSL_do_handshake(ssl); 240/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */ 241 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl); 242 ret = SSL_write(ssl, out, outl);
244 243
245 switch (SSL_get_error(ssl,ret)) 244 switch (SSL_get_error(ssl, ret)) {
246 {
247 case SSL_ERROR_NONE: 245 case SSL_ERROR_NONE:
248 if (ret <= 0) break; 246 if (ret <= 0)
249 if (bs->renegotiate_count > 0) 247 break;
250 { 248 if (bs->renegotiate_count > 0) {
251 bs->byte_count+=ret; 249 bs->byte_count += ret;
252 if (bs->byte_count > bs->renegotiate_count) 250 if (bs->byte_count > bs->renegotiate_count) {
253 { 251 bs->byte_count = 0;
254 bs->byte_count=0;
255 bs->num_renegotiates++; 252 bs->num_renegotiates++;
256 SSL_renegotiate(ssl); 253 SSL_renegotiate(ssl);
257 r=1; 254 r = 1;
258 }
259 } 255 }
260 if ((bs->renegotiate_timeout > 0) && (!r)) 256 }
261 { 257 if ((bs->renegotiate_timeout > 0) && (!r)) {
262 unsigned long tm; 258 unsigned long tm;
263 259
264 tm=(unsigned long)time(NULL); 260 tm = (unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout) 261 if (tm > bs->last_time + bs->renegotiate_timeout) {
266 { 262 bs->last_time = tm;
267 bs->last_time=tm;
268 bs->num_renegotiates++; 263 bs->num_renegotiates++;
269 SSL_renegotiate(ssl); 264 SSL_renegotiate(ssl);
270 }
271 } 265 }
266 }
272 break; 267 break;
273 case SSL_ERROR_WANT_WRITE: 268 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b); 269 BIO_set_retry_write(b);
@@ -278,34 +273,34 @@ static int ssl_write(BIO *b, const char *out, int outl)
278 break; 273 break;
279 case SSL_ERROR_WANT_X509_LOOKUP: 274 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b); 275 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP; 276 retry_reason = BIO_RR_SSL_X509_LOOKUP;
282 break; 277 break;
283 case SSL_ERROR_WANT_CONNECT: 278 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b); 279 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT; 280 retry_reason = BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL: 281 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL: 282 case SSL_ERROR_SSL:
288 default: 283 default:
289 break; 284 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 } 285 }
295 286
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) 287 b->retry_reason = retry_reason;
297 { 288 return (ret);
298 SSL **sslp,*ssl; 289}
290
291static long
292ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
293{
294 SSL **sslp, *ssl;
299 BIO_SSL *bs; 295 BIO_SSL *bs;
300 BIO *dbio,*bio; 296 BIO *dbio, *bio;
301 long ret=1; 297 long ret = 1;
302 298
303 bs=(BIO_SSL *)b->ptr; 299 bs = (BIO_SSL *)b->ptr;
304 ssl=bs->ssl; 300 ssl = bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) 301 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0); 302 return (0);
307 switch (cmd) 303 switch (cmd) {
308 {
309 case BIO_CTRL_RESET: 304 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl); 305 SSL_shutdown(ssl);
311 306
@@ -317,14 +312,14 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
317 SSL_clear(ssl); 312 SSL_clear(ssl);
318 313
319 if (b->next_bio != NULL) 314 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 315 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
321 else if (ssl->rbio != NULL) 316 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 317 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
323 else 318 else
324 ret=1; 319 ret = 1;
325 break; 320 break;
326 case BIO_CTRL_INFO: 321 case BIO_CTRL_INFO:
327 ret=0; 322 ret = 0;
328 break; 323 break;
329 case BIO_C_SSL_MODE: 324 case BIO_C_SSL_MODE:
330 if (num) /* client mode */ 325 if (num) /* client mode */
@@ -333,273 +328,273 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
333 SSL_set_accept_state(ssl); 328 SSL_set_accept_state(ssl);
334 break; 329 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: 330 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout; 331 ret = bs->renegotiate_timeout;
337 if (num < 60) num=5; 332 if (num < 60)
338 bs->renegotiate_timeout=(unsigned long)num; 333 num = 5;
339 bs->last_time=(unsigned long)time(NULL); 334 bs->renegotiate_timeout = (unsigned long)num;
335 bs->last_time = (unsigned long)time(NULL);
340 break; 336 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES: 337 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count; 338 ret = bs->renegotiate_count;
343 if ((long)num >=512) 339 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num; 340 bs->renegotiate_count = (unsigned long)num;
345 break; 341 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES: 342 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates; 343 ret = bs->num_renegotiates;
348 break; 344 break;
349 case BIO_C_SET_SSL: 345 case BIO_C_SET_SSL:
350 if (ssl != NULL) 346 if (ssl != NULL) {
351 {
352 ssl_free(b); 347 ssl_free(b);
353 if (!ssl_new(b)) 348 if (!ssl_new(b))
354 return 0; 349 return 0;
355 } 350 }
356 b->shutdown=(int)num; 351 b->shutdown = (int)num;
357 ssl=(SSL *)ptr; 352 ssl = (SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl; 353 ((BIO_SSL *)b->ptr)->ssl = ssl;
359 bio=SSL_get_rbio(ssl); 354 bio = SSL_get_rbio(ssl);
360 if (bio != NULL) 355 if (bio != NULL) {
361 {
362 if (b->next_bio != NULL) 356 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio); 357 BIO_push(bio, b->next_bio);
364 b->next_bio=bio; 358 b->next_bio = bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); 359 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
366 } 360 }
367 b->init=1; 361 b->init = 1;
368 break; 362 break;
369 case BIO_C_GET_SSL: 363 case BIO_C_GET_SSL:
370 if (ptr != NULL) 364 if (ptr != NULL) {
371 { 365 sslp = (SSL **)ptr;
372 sslp=(SSL **)ptr; 366 *sslp = ssl;
373 *sslp=ssl; 367 } else
374 } 368 ret = 0;
375 else
376 ret=0;
377 break; 369 break;
378 case BIO_CTRL_GET_CLOSE: 370 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown; 371 ret = b->shutdown;
380 break; 372 break;
381 case BIO_CTRL_SET_CLOSE: 373 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num; 374 b->shutdown = (int)num;
383 break; 375 break;
384 case BIO_CTRL_WPENDING: 376 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 377 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
386 break; 378 break;
387 case BIO_CTRL_PENDING: 379 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl); 380 ret = SSL_pending(ssl);
389 if (ret == 0) 381 if (ret == 0)
390 ret=BIO_pending(ssl->rbio); 382 ret = BIO_pending(ssl->rbio);
391 break; 383 break;
392 case BIO_CTRL_FLUSH: 384 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b); 385 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); 386 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
395 BIO_copy_next_retry(b); 387 BIO_copy_next_retry(b);
396 break; 388 break;
397 case BIO_CTRL_PUSH: 389 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) 390 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
399 { 391 SSL_set_bio(ssl, b->next_bio, b->next_bio);
400 SSL_set_bio(ssl,b->next_bio,b->next_bio); 392 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); 393 }
402 }
403 break; 394 break;
404 case BIO_CTRL_POP: 395 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */ 396 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr) 397 if (b == ptr) {
407 {
408 /* Shouldn't happen in practice because the 398 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed. 399 * rbio and wbio are the same when pushed.
410 */ 400 */
411 if (ssl->rbio != ssl->wbio) 401 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio); 402 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL) 403 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO); 404 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL; 405 ssl->wbio = NULL;
416 ssl->rbio=NULL; 406 ssl->rbio = NULL;
417 } 407 }
418 break; 408 break;
419 case BIO_C_DO_STATE_MACHINE: 409 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b); 410 BIO_clear_retry_flags(b);
421 411
422 b->retry_reason=0; 412 b->retry_reason = 0;
423 ret=(int)SSL_do_handshake(ssl); 413 ret = (int)SSL_do_handshake(ssl);
424 414
425 switch (SSL_get_error(ssl,(int)ret)) 415 switch (SSL_get_error(ssl,(int)ret)) {
426 {
427 case SSL_ERROR_WANT_READ: 416 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b, 417 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); 418 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break; 419 break;
431 case SSL_ERROR_WANT_WRITE: 420 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b, 421 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); 422 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break; 423 break;
435 case SSL_ERROR_WANT_CONNECT: 424 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b, 425 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); 426 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason; 427 b->retry_reason = b->next_bio->retry_reason;
439 break; 428 break;
440 default: 429 default:
441 break; 430 break;
442 } 431 }
443 break; 432 break;
444 case BIO_CTRL_DUP: 433 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr; 434 dbio = (BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL) 435 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl); 436 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); 437 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count= 438 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
450 ((BIO_SSL *)b->ptr)->renegotiate_count; 439 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count= 440 ((BIO_SSL *)dbio->ptr)->byte_count =
452 ((BIO_SSL *)b->ptr)->byte_count; 441 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= 442 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout; 443 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time= 444 ((BIO_SSL *)dbio->ptr)->last_time =
456 ((BIO_SSL *)b->ptr)->last_time; 445 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); 446 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break; 447 break;
459 case BIO_C_GET_FD: 448 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 449 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
461 break; 450 break;
462 case BIO_CTRL_SET_CALLBACK: 451 case BIO_CTRL_SET_CALLBACK:
463 { 452 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */ 453#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 454 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1; 455 ret = -1;
467#else 456#else
468 ret=0; 457 ret = 0;
469#endif 458#endif
470 } 459 }
471 break; 460 break;
472 case BIO_CTRL_GET_CALLBACK: 461 case BIO_CTRL_GET_CALLBACK:
473 { 462 {
474 void (**fptr)(const SSL *xssl,int type,int val); 463 void (**fptr)(const SSL *xssl, int type, int val);
475 464
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr; 465 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
477 *fptr=SSL_get_info_callback(ssl); 466 *fptr = SSL_get_info_callback(ssl);
478 } 467 }
479 break; 468 break;
480 default: 469 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); 470 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
482 break; 471 break;
483 }
484 return(ret);
485 } 472 }
473 return (ret);
474}
486 475
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) 476static long
488 { 477ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
478{
489 SSL *ssl; 479 SSL *ssl;
490 BIO_SSL *bs; 480 BIO_SSL *bs;
491 long ret=1; 481 long ret = 1;
492 482
493 bs=(BIO_SSL *)b->ptr; 483 bs = (BIO_SSL *)b->ptr;
494 ssl=bs->ssl; 484 ssl = bs->ssl;
495 switch (cmd) 485 switch (cmd) {
496 {
497 case BIO_CTRL_SET_CALLBACK: 486 case BIO_CTRL_SET_CALLBACK:
498 { 487 {
499 /* FIXME: setting this via a completely different prototype 488 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */ 489 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); 490 SSL_set_info_callback(ssl,(void (*)(const SSL *, int, int))fp);
502 } 491 }
503 break; 492 break;
504 default: 493 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); 494 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
506 break; 495 break;
507 }
508 return(ret);
509 } 496 }
510 497 return (ret);
511static int ssl_puts(BIO *bp, const char *str) 498}
512 { 499
513 int n,ret; 500static int
514 501ssl_puts(BIO *bp, const char *str)
515 n=strlen(str); 502{
516 ret=BIO_write(bp,str,n); 503 int n, ret;
517 return(ret); 504
518 } 505 n = strlen(str);
519 506 ret = BIO_write(bp, str, n);
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) 507 return (ret);
521 { 508}
509
510BIO
511*BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
512{
522#ifndef OPENSSL_NO_SOCK 513#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL; 514 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
524 515
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL) 516 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL); 517 return (NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) 518 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
528 goto err; 519 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL) 520 if ((ret = BIO_push(buf, ssl)) == NULL)
530 goto err; 521 goto err;
531 return(ret); 522 return (ret);
532err: 523err:
533 if (buf != NULL) BIO_free(buf); 524 if (buf != NULL)
534 if (ssl != NULL) BIO_free(ssl); 525 BIO_free(buf);
526 if (ssl != NULL)
527 BIO_free(ssl);
535#endif 528#endif
536 return(NULL); 529 return (NULL);
537 } 530}
538 531
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx) 532BIO
540 { 533*BIO_new_ssl_connect(SSL_CTX *ctx)
534{
541#ifndef OPENSSL_NO_SOCK 535#ifndef OPENSSL_NO_SOCK
542 BIO *ret=NULL,*con=NULL,*ssl=NULL; 536 BIO *ret = NULL, *con = NULL, *ssl = NULL;
543 537
544 if ((con=BIO_new(BIO_s_connect())) == NULL) 538 if ((con = BIO_new(BIO_s_connect())) == NULL)
545 return(NULL); 539 return (NULL);
546 if ((ssl=BIO_new_ssl(ctx,1)) == NULL) 540 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
547 goto err; 541 goto err;
548 if ((ret=BIO_push(ssl,con)) == NULL) 542 if ((ret = BIO_push(ssl, con)) == NULL)
549 goto err; 543 goto err;
550 return(ret); 544 return (ret);
551err: 545err:
552 if (con != NULL) BIO_free(con); 546 if (con != NULL)
547 BIO_free(con);
553#endif 548#endif
554 return(NULL); 549 return (NULL);
555 } 550}
556 551
557BIO *BIO_new_ssl(SSL_CTX *ctx, int client) 552BIO
558 { 553*BIO_new_ssl(SSL_CTX *ctx, int client)
554{
559 BIO *ret; 555 BIO *ret;
560 SSL *ssl; 556 SSL *ssl;
561 557
562 if ((ret=BIO_new(BIO_f_ssl())) == NULL) 558 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
563 return(NULL); 559 return (NULL);
564 if ((ssl=SSL_new(ctx)) == NULL) 560 if ((ssl = SSL_new(ctx)) == NULL) {
565 {
566 BIO_free(ret); 561 BIO_free(ret);
567 return(NULL); 562 return (NULL);
568 } 563 }
569 if (client) 564 if (client)
570 SSL_set_connect_state(ssl); 565 SSL_set_connect_state(ssl);
571 else 566 else
572 SSL_set_accept_state(ssl); 567 SSL_set_accept_state(ssl);
573
574 BIO_set_ssl(ret,ssl,BIO_CLOSE);
575 return(ret);
576 }
577 568
578int BIO_ssl_copy_session_id(BIO *t, BIO *f) 569 BIO_set_ssl(ret, ssl, BIO_CLOSE);
579 { 570 return (ret);
580 t=BIO_find_type(t,BIO_TYPE_SSL); 571}
581 f=BIO_find_type(f,BIO_TYPE_SSL); 572
573int
574BIO_ssl_copy_session_id(BIO *t, BIO *f)
575{
576 t = BIO_find_type(t, BIO_TYPE_SSL);
577 f = BIO_find_type(f, BIO_TYPE_SSL);
582 if ((t == NULL) || (f == NULL)) 578 if ((t == NULL) || (f == NULL))
583 return(0); 579 return (0);
584 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || 580 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
585 (((BIO_SSL *)f->ptr)->ssl == NULL)) 581 (((BIO_SSL *)f->ptr)->ssl == NULL))
586 return(0); 582 return (0);
587 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); 583 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
588 return(1); 584 return (1);
589 } 585}
590 586
591void BIO_ssl_shutdown(BIO *b) 587void
592 { 588BIO_ssl_shutdown(BIO *b)
589{
593 SSL *s; 590 SSL *s;
594 591
595 while (b != NULL) 592 while (b != NULL) {
596 { 593 if (b->method->type == BIO_TYPE_SSL) {
597 if (b->method->type == BIO_TYPE_SSL) 594 s = ((BIO_SSL *)b->ptr)->ssl;
598 {
599 s=((BIO_SSL *)b->ptr)->ssl;
600 SSL_shutdown(s); 595 SSL_shutdown(s);
601 break; 596 break;
602 }
603 b=b->next_bio;
604 } 597 }
598 b = b->next_bio;
605 } 599 }
600}
diff --git a/src/lib/libssl/src/ssl/tls_srp.c b/src/lib/libssl/src/ssl/tls_srp.c
index 2315a7c0a2..25ab73af9d 100644
--- a/src/lib/libssl/src/ssl/tls_srp.c
+++ b/src/lib/libssl/src/ssl/tls_srp.c
@@ -63,8 +63,8 @@
63#include <openssl/srp.h> 63#include <openssl/srp.h>
64#include <openssl/err.h> 64#include <openssl/err.h>
65 65
66int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) 66int
67 { 67SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) {
68 if (ctx == NULL) 68 if (ctx == NULL)
69 return 0; 69 return 0;
70 OPENSSL_free(ctx->srp_ctx.login); 70 OPENSSL_free(ctx->srp_ctx.login);
@@ -93,10 +93,10 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
93 ctx->srp_ctx.strength = SRP_MINIMAL_N; 93 ctx->srp_ctx.strength = SRP_MINIMAL_N;
94 ctx->srp_ctx.srp_Mask = 0; 94 ctx->srp_ctx.srp_Mask = 0;
95 return (1); 95 return (1);
96 } 96}
97 97
98int SSL_SRP_CTX_free(struct ssl_st *s) 98int
99 { 99SSL_SRP_CTX_free(struct ssl_st *s) {
100 if (s == NULL) 100 if (s == NULL)
101 return 0; 101 return 0;
102 OPENSSL_free(s->srp_ctx.login); 102 OPENSSL_free(s->srp_ctx.login);
@@ -125,10 +125,10 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
125 s->srp_ctx.strength = SRP_MINIMAL_N; 125 s->srp_ctx.strength = SRP_MINIMAL_N;
126 s->srp_ctx.srp_Mask = 0; 126 s->srp_ctx.srp_Mask = 0;
127 return (1); 127 return (1);
128 } 128}
129 129
130int SSL_SRP_CTX_init(struct ssl_st *s) 130int
131 { 131SSL_SRP_CTX_init(struct ssl_st *s) {
132 SSL_CTX *ctx; 132 SSL_CTX *ctx;
133 133
134 if ((s == NULL) || ((ctx = s->ctx) == NULL)) 134 if ((s == NULL) || ((ctx = s->ctx) == NULL))
@@ -154,31 +154,29 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
154 s->srp_ctx.strength = ctx->srp_ctx.strength; 154 s->srp_ctx.strength = ctx->srp_ctx.strength;
155 155
156 if (((ctx->srp_ctx.N != NULL) && 156 if (((ctx->srp_ctx.N != NULL) &&
157 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || 157 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
158 ((ctx->srp_ctx.g != NULL) && 158 ((ctx->srp_ctx.g != NULL) &&
159 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || 159 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
160 ((ctx->srp_ctx.s != NULL) && 160 ((ctx->srp_ctx.s != NULL) &&
161 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || 161 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
162 ((ctx->srp_ctx.B != NULL) && 162 ((ctx->srp_ctx.B != NULL) &&
163 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || 163 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
164 ((ctx->srp_ctx.A != NULL) && 164 ((ctx->srp_ctx.A != NULL) &&
165 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || 165 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
166 ((ctx->srp_ctx.a != NULL) && 166 ((ctx->srp_ctx.a != NULL) &&
167 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || 167 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
168 ((ctx->srp_ctx.v != NULL) && 168 ((ctx->srp_ctx.v != NULL) &&
169 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || 169 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
170 ((ctx->srp_ctx.b != NULL) && 170 ((ctx->srp_ctx.b != NULL) &&
171 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) 171 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
172 { 172 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
173 SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_BN_LIB);
174 goto err; 173 goto err;
175 } 174 }
176 if ((ctx->srp_ctx.login != NULL) && 175 if ((ctx->srp_ctx.login != NULL) &&
177 ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) 176 ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) {
178 { 177 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
179 SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_INTERNAL_ERROR);
180 goto err; 178 goto err;
181 } 179 }
182 s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; 180 s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
183 181
184 return (1); 182 return (1);
@@ -193,10 +191,10 @@ err:
193 BN_free(s->srp_ctx.b); 191 BN_free(s->srp_ctx.b);
194 BN_free(s->srp_ctx.v); 192 BN_free(s->srp_ctx.v);
195 return (0); 193 return (0);
196 } 194}
197 195
198int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) 196int
199 { 197SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) {
200 if (ctx == NULL) 198 if (ctx == NULL)
201 return 0; 199 return 0;
202 200
@@ -222,134 +220,119 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
222 ctx->srp_ctx.strength = SRP_MINIMAL_N; 220 ctx->srp_ctx.strength = SRP_MINIMAL_N;
223 221
224 return (1); 222 return (1);
225 } 223}
226 224
227/* server side */ 225/* server side */
228int SSL_srp_server_param_with_username(SSL *s, int *ad) 226int
229 { 227SSL_srp_server_param_with_username(SSL *s, int *ad)
228{
230 unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; 229 unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
231 int al; 230 int al;
232 231
233 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; 232 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
234 if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) && 233 if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
235 ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE)) 234 ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
236 return al; 235 s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE))
236 return al;
237 237
238 *ad = SSL_AD_INTERNAL_ERROR; 238 *ad = SSL_AD_INTERNAL_ERROR;
239 if ((s->srp_ctx.N == NULL) || 239 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
240 (s->srp_ctx.g == NULL) || 240 (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
241 (s->srp_ctx.s == NULL) ||
242 (s->srp_ctx.v == NULL))
243 return SSL3_AL_FATAL; 241 return SSL3_AL_FATAL;
244 242
245 if (RAND_bytes(b, sizeof(b)) <= 0) 243 if (RAND_bytes(b, sizeof(b)) <= 0)
246 return SSL3_AL_FATAL; 244 return SSL3_AL_FATAL;
247 s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL); 245 s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
248 OPENSSL_cleanse(b,sizeof(b)); 246 OPENSSL_cleanse(b, sizeof(b));
249 247
250 /* Calculate: B = (kv + g^b) % N */ 248 /* Calculate: B = (kv + g^b) % N */
251 249
252 return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL)? 250 return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
253 SSL_ERROR_NONE:SSL3_AL_FATAL; 251}
254 }
255 252
256/* If the server just has the raw password, make up a verifier entry on the fly */ 253/* If the server just has the raw password, make up a verifier entry on the fly */
257int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp) 254int
258 { 255SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp)
256{
259 SRP_gN *GN = SRP_get_default_gN(grp); 257 SRP_gN *GN = SRP_get_default_gN(grp);
260 if(GN == NULL) return -1; 258 if (GN == NULL)
259 return -1;
261 s->srp_ctx.N = BN_dup(GN->N); 260 s->srp_ctx.N = BN_dup(GN->N);
262 s->srp_ctx.g = BN_dup(GN->g); 261 s->srp_ctx.g = BN_dup(GN->g);
263 if(s->srp_ctx.v != NULL) 262 if (s->srp_ctx.v != NULL) {
264 {
265 BN_clear_free(s->srp_ctx.v); 263 BN_clear_free(s->srp_ctx.v);
266 s->srp_ctx.v = NULL; 264 s->srp_ctx.v = NULL;
267 } 265 }
268 if(s->srp_ctx.s != NULL) 266 if (s->srp_ctx.s != NULL) {
269 {
270 BN_clear_free(s->srp_ctx.s); 267 BN_clear_free(s->srp_ctx.s);
271 s->srp_ctx.s = NULL; 268 s->srp_ctx.s = NULL;
272 }
273 if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1;
274
275 return 1;
276 } 269 }
270 if (!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v,
271 GN->N, GN->g))
272 return -1;
277 273
278int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 274 return 1;
279 BIGNUM *sa, BIGNUM *v, char *info) 275}
280 { 276
281 if (N!= NULL) 277int
282 { 278SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
283 if (s->srp_ctx.N != NULL) 279 BIGNUM *sa, BIGNUM *v, char *info)
284 { 280{
285 if (!BN_copy(s->srp_ctx.N,N)) 281 if (N != NULL) {
286 { 282 if (s->srp_ctx.N != NULL) {
283 if (!BN_copy(s->srp_ctx.N, N)) {
287 BN_free(s->srp_ctx.N); 284 BN_free(s->srp_ctx.N);
288 s->srp_ctx.N = NULL; 285 s->srp_ctx.N = NULL;
289 }
290 } 286 }
291 else 287 } else
292 s->srp_ctx.N = BN_dup(N); 288 s->srp_ctx.N = BN_dup(N);
293 } 289 }
294 if (g!= NULL) 290 if (g != NULL) {
295 { 291 if (s->srp_ctx.g != NULL) {
296 if (s->srp_ctx.g != NULL) 292 if (!BN_copy(s->srp_ctx.g, g)) {
297 {
298 if (!BN_copy(s->srp_ctx.g,g))
299 {
300 BN_free(s->srp_ctx.g); 293 BN_free(s->srp_ctx.g);
301 s->srp_ctx.g = NULL; 294 s->srp_ctx.g = NULL;
302 }
303 } 295 }
304 else 296 } else
305 s->srp_ctx.g = BN_dup(g); 297 s->srp_ctx.g = BN_dup(g);
306 } 298 }
307 if (sa!= NULL) 299 if (sa != NULL) {
308 { 300 if (s->srp_ctx.s != NULL) {
309 if (s->srp_ctx.s != NULL) 301 if (!BN_copy(s->srp_ctx.s, sa)) {
310 {
311 if (!BN_copy(s->srp_ctx.s,sa))
312 {
313 BN_free(s->srp_ctx.s); 302 BN_free(s->srp_ctx.s);
314 s->srp_ctx.s = NULL; 303 s->srp_ctx.s = NULL;
315 }
316 } 304 }
317 else 305 } else
318 s->srp_ctx.s = BN_dup(sa); 306 s->srp_ctx.s = BN_dup(sa);
319 } 307 }
320 if (v!= NULL) 308 if (v != NULL) {
321 { 309 if (s->srp_ctx.v != NULL) {
322 if (s->srp_ctx.v != NULL) 310 if (!BN_copy(s->srp_ctx.v, v)) {
323 {
324 if (!BN_copy(s->srp_ctx.v,v))
325 {
326 BN_free(s->srp_ctx.v); 311 BN_free(s->srp_ctx.v);
327 s->srp_ctx.v = NULL; 312 s->srp_ctx.v = NULL;
328 }
329 } 313 }
330 else 314 } else
331 s->srp_ctx.v = BN_dup(v); 315 s->srp_ctx.v = BN_dup(v);
332 } 316 }
333 s->srp_ctx.info = info; 317 s->srp_ctx.info = info;
334 318
335 if (!(s->srp_ctx.N) || 319 if (!(s->srp_ctx.N) || !(s->srp_ctx.g) ||
336 !(s->srp_ctx.g) || 320 !(s->srp_ctx.s) || !(s->srp_ctx.v))
337 !(s->srp_ctx.s) ||
338 !(s->srp_ctx.v))
339 return -1; 321 return -1;
340 322
341 return 1; 323 return 1;
342 } 324}
343 325
344int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key) 326int
345 { 327SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
328{
346 BIGNUM *K = NULL, *u = NULL; 329 BIGNUM *K = NULL, *u = NULL;
347 int ret = -1, tmp_len; 330 int ret = -1, tmp_len;
348 unsigned char *tmp = NULL; 331 unsigned char *tmp = NULL;
349 332
350 if (!SRP_Verify_A_mod_N(s->srp_ctx.A,s->srp_ctx.N)) 333 if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
351 goto err; 334 goto err;
352 if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) 335 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
353 goto err; 336 goto err;
354 if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N))) 337 if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)))
355 goto err; 338 goto err;
@@ -358,21 +341,21 @@ int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key)
358 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) 341 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
359 goto err; 342 goto err;
360 BN_bn2bin(K, tmp); 343 BN_bn2bin(K, tmp);
361 ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 344 ret = s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, tmp_len);
362err: 345err:
363 if (tmp) 346 if (tmp) {
364 { 347 OPENSSL_cleanse(tmp, tmp_len);
365 OPENSSL_cleanse(tmp,tmp_len) ;
366 OPENSSL_free(tmp); 348 OPENSSL_free(tmp);
367 } 349 }
368 BN_clear_free(K); 350 BN_clear_free(K);
369 BN_clear_free(u); 351 BN_clear_free(u);
370 return ret; 352 return ret;
371 } 353}
372 354
373/* client side */ 355/* client side */
374int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key) 356int
375 { 357SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
358{
376 BIGNUM *x = NULL, *u = NULL, *K = NULL; 359 BIGNUM *x = NULL, *u = NULL, *K = NULL;
377 int ret = -1, tmp_len; 360 int ret = -1, tmp_len;
378 char *passwd = NULL; 361 char *passwd = NULL;
@@ -380,128 +363,149 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key)
380 363
381 /* Checks if b % n == 0 364 /* Checks if b % n == 0
382 */ 365 */
383 if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err; 366 if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0)
384 if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err; 367 goto err;
385 if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err; 368 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
386 if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err; 369 goto err;
387 if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err; 370 if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL)
388 if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err; 371 goto err;
372 if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
373 s->srp_ctx.SRP_cb_arg)))
374 goto err;
375 if (!(x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)))
376 goto err;
377 if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g,
378 x, s->srp_ctx.a, u)))
379 goto err;
389 380
390 tmp_len = BN_num_bytes(K); 381 tmp_len = BN_num_bytes(K);
391 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err; 382 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err;
392 BN_bn2bin(K, tmp); 383 BN_bn2bin(K, tmp);
393 ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 384 ret = s->method->ssl3_enc->generate_master_secret(s, master_key,
385 tmp, tmp_len);
394err: 386err:
395 if (tmp) 387 if (tmp) {
396 { 388 OPENSSL_cleanse(tmp, tmp_len);
397 OPENSSL_cleanse(tmp,tmp_len) ;
398 OPENSSL_free(tmp); 389 OPENSSL_free(tmp);
399 } 390 }
400 BN_clear_free(K); 391 BN_clear_free(K);
401 BN_clear_free(x); 392 BN_clear_free(x);
402 if (passwd) 393 if (passwd) {
403 { 394 OPENSSL_cleanse(passwd, strlen(passwd));
404 OPENSSL_cleanse(passwd,strlen(passwd)) ;
405 OPENSSL_free(passwd); 395 OPENSSL_free(passwd);
406 } 396 }
407 BN_clear_free(u); 397 BN_clear_free(u);
408 return ret; 398 return ret;
409 } 399}
410 400
411int SRP_Calc_A_param(SSL *s) 401int
412 { 402SRP_Calc_A_param(SSL *s)
403{
413 unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; 404 unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
414 405
415 if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength) 406 if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
416 return -1; 407 return -1;
417 408
418 if (s->srp_ctx.SRP_verify_param_callback ==NULL && 409 if (s->srp_ctx.SRP_verify_param_callback ==NULL &&
419 !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N)) 410 !SRP_check_known_gN_param(s->srp_ctx.g, s->srp_ctx.N))
420 return -1 ; 411 return -1;
421 412
422 RAND_bytes(rnd, sizeof(rnd)); 413 RAND_bytes(rnd, sizeof(rnd));
423 s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); 414 s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
424 OPENSSL_cleanse(rnd, sizeof(rnd)); 415 OPENSSL_cleanse(rnd, sizeof(rnd));
425 416
426 if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) 417 if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N,
418 s->srp_ctx.g)))
427 return -1; 419 return -1;
428 420
429 /* We can have a callback to verify SRP param!! */ 421 /* We can have a callback to verify SRP param!! */
430 if (s->srp_ctx.SRP_verify_param_callback !=NULL) 422 if (s->srp_ctx.SRP_verify_param_callback !=NULL)
431 return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg); 423 return s->srp_ctx.SRP_verify_param_callback(s,
424 s->srp_ctx.SRP_cb_arg);
432 425
433 return 1; 426 return 1;
434 } 427}
435 428
436BIGNUM *SSL_get_srp_g(SSL *s) 429BIGNUM
437 { 430*SSL_get_srp_g(SSL *s)
431{
438 if (s->srp_ctx.g != NULL) 432 if (s->srp_ctx.g != NULL)
439 return s->srp_ctx.g; 433 return s->srp_ctx.g;
440 return s->ctx->srp_ctx.g; 434 return s->ctx->srp_ctx.g;
441 } 435}
442 436
443BIGNUM *SSL_get_srp_N(SSL *s) 437BIGNUM
444 { 438*SSL_get_srp_N(SSL *s)
439{
445 if (s->srp_ctx.N != NULL) 440 if (s->srp_ctx.N != NULL)
446 return s->srp_ctx.N; 441 return s->srp_ctx.N;
447 return s->ctx->srp_ctx.N; 442 return s->ctx->srp_ctx.N;
448 } 443}
449 444
450char *SSL_get_srp_username(SSL *s) 445char
451 { 446*SSL_get_srp_username(SSL *s)
447{
452 if (s->srp_ctx.login != NULL) 448 if (s->srp_ctx.login != NULL)
453 return s->srp_ctx.login; 449 return s->srp_ctx.login;
454 return s->ctx->srp_ctx.login; 450 return s->ctx->srp_ctx.login;
455 } 451}
456 452
457char *SSL_get_srp_userinfo(SSL *s) 453char
458 { 454*SSL_get_srp_userinfo(SSL *s)
455{
459 if (s->srp_ctx.info != NULL) 456 if (s->srp_ctx.info != NULL)
460 return s->srp_ctx.info; 457 return s->srp_ctx.info;
461 return s->ctx->srp_ctx.info; 458 return s->ctx->srp_ctx.info;
462 } 459}
463 460
464#define tls1_ctx_ctrl ssl3_ctx_ctrl 461#define tls1_ctx_ctrl ssl3_ctx_ctrl
465#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl 462#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
466 463
467int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name) 464int
468 { 465SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
469 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME,0,name); 466{
470 } 467 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
471 468}
472int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password) 469
473 { 470int
474 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD,0,password); 471SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
475 } 472{
476 473 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
477int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) 474}
478 { 475
476int
477SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
478{
479 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, 479 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
480 NULL); 480 NULL);
481 } 481}
482 482
483int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *,void *)) 483int
484 { 484SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *))
485 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, 485{
486 (void (*)(void))cb); 486 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
487 } 487 (void (*)(void))cb);
488 488}
489int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) 489
490 { 490int
491 return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_SRP_ARG,0,arg); 491SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
492 } 492{
493 493 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
494int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 494}
495 int (*cb)(SSL *,int *,void *)) 495
496 { 496int
497 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, 497SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
498 (void (*)(void))cb); 498 int (*cb)(SSL *, int *, void *))
499 } 499{
500 500 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
501int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *)) 501 (void (*)(void))cb);
502 { 502}
503 return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, 503
504 (void (*)(void))cb); 504int
505 } 505SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *))
506{
507 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
508 (void (*)(void))cb);
509}
506 510
507#endif 511#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 19:25:49 +0000