diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2015-07-28 11:46:38 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2015-07-28 11:46:38 -0400 |
| commit | 5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch) | |
| tree | 2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/bio | |
| parent | 69ba24ff72921ecabbb47178de40dc5a79350040 (diff) | |
| download | efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip | |
Update openssl to 1.0.2d
Also update Cryptlib to edk2 r17731
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/bio')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/b_dump.c | 25 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/b_print.c | 384 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/b_sock.c | 962 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 6 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 33 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bio_err.c | 4 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bio_lcl.h | 52 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 40 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_acpt.c | 463 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 18 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_conn.c | 603 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 1494 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 89 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_file.c | 60 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_log.c | 85 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 19 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/bio/bss_sock.c | 287 |
17 files changed, 4192 insertions, 432 deletions
diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c index 3293c724..ed8e5214 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c @@ -182,3 +182,28 @@ int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) { return BIO_dump_indent_cb(write_bio, bp, s, len, indent); } + +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen) +{ + int i, j = 0; + + if (datalen < 1) + return 1; + + for (i = 0; i < datalen - 1; i++) { + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + + BIO_printf(out, "%02X:", data[i]); + + j = (j + 1) % width; + if (!j) + BIO_printf(out, "\n"); + } + + if (i && !j) + BIO_printf(out, "%*s", indent, ""); + BIO_printf(out, "%02X", data[datalen - 1]); + return 1; +} diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c index b8b630c3..9091d56d 100644 --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ # endif #endif -/* +/* * Stolen from tjh's ssl/ssl_trc.c stuff. */ @@ -74,7 +74,7 @@ #include <limits.h> #include "cryptlib.h" #ifndef NO_SYS_TYPES_H -#include <sys/types.h> +# include <sys/types.h> #endif #include <openssl/bn.h> /* To get BN_LLONG properly defined */ #include <openssl/bio.h> @@ -94,7 +94,7 @@ * on all source code distributions. */ -/* +/*- * This code contains numerious changes and enhancements which were * made by lots of contributors over the last years to Patrick Powell's * original code: @@ -110,33 +110,33 @@ */ #ifdef HAVE_LONG_DOUBLE -#define LDOUBLE long double +# define LDOUBLE long double #else -#define LDOUBLE double +# define LDOUBLE double #endif -#if HAVE_LONG_LONG -# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -# define LLONG __int64 +#ifdef HAVE_LONG_LONG +# if defined(_WIN32) && !defined(__GNUC__) +# define LLONG __int64 # else -# define LLONG long long +# define LLONG long long # endif #else -#define LLONG long +# define LLONG long #endif -static void fmtstr (char **, char **, size_t *, size_t *, - const char *, int, int, int); -static void fmtint (char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); +static void fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); +static void fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); #ifndef OPENSSL_SYS_UEFI -static void fmtfp (char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int); +static void fmtfp(char **, char **, size_t *, size_t *, + LDOUBLE, int, int, int); #endif -static void doapr_outch (char **, char **, size_t *, size_t *, int); +static void doapr_outch(char **, char **, size_t *, size_t *, int); static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -168,14 +168,10 @@ static void _dopr(char **sbuffer, char **buffer, #define OSSL_MAX(p,q) ((p >= q) ? p : q) static void -_dopr( - char **sbuffer, - char **buffer, - size_t *maxlen, - size_t *retlen, - int *truncated, - const char *format, - va_list args) +_dopr(char **sbuffer, + char **buffer, + size_t *maxlen, + size_t *retlen, int *truncated, const char *format, va_list args) { char ch; LLONG value; @@ -204,7 +200,7 @@ _dopr( if (ch == '%') state = DP_S_FLAGS; else - doapr_outch(sbuffer,buffer, &currlen, maxlen, ch); + doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); ch = *format++; break; case DP_S_FLAGS: @@ -283,10 +279,12 @@ _dopr( cflags = DP_C_LLONG; ch = *format++; break; +#ifndef OPENSSL_SYS_UEFI case 'L': cflags = DP_C_LDOUBLE; ch = *format++; break; +#endif default: break; } @@ -325,15 +323,13 @@ _dopr( value = (unsigned short int)va_arg(args, unsigned int); break; case DP_C_LONG: - value = (LLONG) va_arg(args, - unsigned long int); + value = (LLONG) va_arg(args, unsigned long int); break; case DP_C_LLONG: value = va_arg(args, unsigned LLONG); break; default: - value = (LLONG) va_arg(args, - unsigned int); + value = (LLONG) va_arg(args, unsigned int); break; } fmtint(sbuffer, buffer, &currlen, maxlen, value, @@ -368,25 +364,25 @@ _dopr( #endif case 'c': doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); + va_arg(args, int)); break; case 's': strvalue = va_arg(args, char *); if (max < 0) { - if (buffer) - max = INT_MAX; - else - max = *maxlen; - } + if (buffer) + max = INT_MAX; + else + max = *maxlen; + } fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, flags, min, max); break; case 'p': value = (long)va_arg(args, void *); fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags|DP_F_NUM); + value, 16, min, max, flags | DP_F_NUM); break; - case 'n': /* XXX */ + case 'n': /* XXX */ if (cflags == DP_C_SHORT) { short int *num; num = va_arg(args, short int *); @@ -394,13 +390,13 @@ _dopr( } else if (cflags == DP_C_LONG) { /* XXX */ long int *num; num = va_arg(args, long int *); - *num = (long int) currlen; + *num = (long int)currlen; } else if (cflags == DP_C_LLONG) { /* XXX */ LLONG *num; num = va_arg(args, LLONG *); *num = (LLONG) currlen; } else { - int *num; + int *num; num = va_arg(args, int *); *num = currlen; } @@ -436,23 +432,17 @@ _dopr( } static void -fmtstr( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - const char *value, - int flags, - int min, - int max) +fmtstr(char **sbuffer, + char **buffer, + size_t *currlen, + size_t *maxlen, const char *value, int flags, int min, int max) { int padlen, strln; int cnt = 0; if (value == 0) value = "<NULL>"; - for (strln = 0; value[strln]; ++strln) - ; + for (strln = 0; value[strln]; ++strln) ; padlen = min - strln; if (padlen < 0) padlen = 0; @@ -476,21 +466,15 @@ fmtstr( } static void -fmtint( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - LLONG value, - int base, - int min, - int max, - int flags) +fmtint(char **sbuffer, + char **buffer, + size_t *currlen, + size_t *maxlen, LLONG value, int base, int min, int max, int flags) { int signvalue = 0; const char *prefix = ""; unsigned LLONG uvalue; - char convert[DECIMAL_SIZE(value)+3]; + char convert[DECIMAL_SIZE(value) + 3]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -509,23 +493,25 @@ fmtint( signvalue = ' '; } if (flags & DP_F_NUM) { - if (base == 8) prefix = "0"; - if (base == 16) prefix = "0x"; + if (base == 8) + prefix = "0"; + if (base == 16) + prefix = "0x"; } if (flags & DP_F_UP) caps = 1; do { - convert[place++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [uvalue % (unsigned) base]; - uvalue = (uvalue / (unsigned) base); + convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef") + [uvalue % (unsigned)base]; + uvalue = (uvalue / (unsigned)base); } while (uvalue && (place < (int)sizeof(convert))); if (place == sizeof(convert)) place--; convert[place] = 0; zpadlen = max - place; - spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); + spadlen = + min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) @@ -549,8 +535,8 @@ fmtint( /* prefix */ while (*prefix) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); - prefix++; + doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + prefix++; } /* zeros */ @@ -573,8 +559,7 @@ fmtint( } #ifndef OPENSSL_SYS_UEFI -static LDOUBLE -abs_val(LDOUBLE value) +static LDOUBLE abs_val(LDOUBLE value) { LDOUBLE result = value; if (value < 0) @@ -582,8 +567,7 @@ abs_val(LDOUBLE value) return result; } -static LDOUBLE -pow_10(int in_exp) +static LDOUBLE pow_10(int in_exp) { LDOUBLE result = 1; while (in_exp) { @@ -593,11 +577,10 @@ pow_10(int in_exp) return result; } -static long -roundv(LDOUBLE value) +static long roundv(LDOUBLE value) { long intpart; - intpart = (long) value; + intpart = (long)value; value = value - intpart; if (value >= 0.5) intpart++; @@ -605,15 +588,10 @@ roundv(LDOUBLE value) } static void -fmtfp( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - LDOUBLE fvalue, - int min, - int max, - int flags) +fmtfp(char **sbuffer, + char **buffer, + size_t *currlen, + size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags) { int signvalue = 0; LDOUBLE ufvalue; @@ -623,7 +601,6 @@ fmtfp( int fplace = 0; int padlen = 0; int zpadlen = 0; - int caps = 0; long intpart; long fracpart; long max10; @@ -640,13 +617,17 @@ fmtfp( intpart = (long)ufvalue; - /* sorry, we only support 9 digits past the decimal because of our - conversion method */ + /* + * sorry, we only support 9 digits past the decimal because of our + * conversion method + */ if (max > 9) max = 9; - /* we "cheat" by converting the fractional part to integer by - multiplying by a factor of 10 */ + /* + * we "cheat" by converting the fractional part to integer by multiplying + * by a factor of 10 + */ max10 = roundv(pow_10(max)); fracpart = roundv(pow_10(max) * (ufvalue - intpart)); @@ -657,9 +638,7 @@ fmtfp( /* convert integer part */ do { - iconvert[iplace++] = - (caps ? "0123456789ABCDEF" - : "0123456789abcdef")[intpart % 10]; + iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); if (iplace == sizeof iconvert) @@ -668,9 +647,7 @@ fmtfp( /* convert fractional part */ do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" - : "0123456789abcdef")[fracpart % 10]; + fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); if (fplace == sizeof fconvert) @@ -731,41 +708,42 @@ fmtfp( #endif static void -doapr_outch( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - int c) +doapr_outch(char **sbuffer, + char **buffer, size_t *currlen, size_t *maxlen, int c) { /* If we haven't at least one buffer, someone has doe a big booboo */ assert(*sbuffer != NULL || buffer != NULL); - if (buffer) { - while (*currlen >= *maxlen) { - if (*buffer == NULL) { - if (*maxlen == 0) - *maxlen = 1024; - *buffer = OPENSSL_malloc(*maxlen); - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - *maxlen += 1024; - *buffer = OPENSSL_realloc(*buffer, *maxlen); - } - } - /* What to do if *buffer is NULL? */ - assert(*sbuffer != NULL || *buffer != NULL); + /* |currlen| must always be <= |*maxlen| */ + assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { + *maxlen += 1024; + if (*buffer == NULL) { + *buffer = OPENSSL_malloc(*maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } + if (*currlen > 0) { + assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); + } + *sbuffer = NULL; + } else { + *buffer = OPENSSL_realloc(*buffer, *maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } + } } if (*currlen < *maxlen) { - if (*sbuffer) - (*sbuffer)[(*currlen)++] = (char)c; - else - (*buffer)[(*currlen)++] = (char)c; + if (*sbuffer) + (*sbuffer)[(*currlen)++] = (char)c; + else + (*buffer)[(*currlen)++] = (char)c; } return; @@ -773,78 +751,78 @@ doapr_outch( /***************************************************************************/ -int BIO_printf (BIO *bio, const char *format, ...) - { - va_list args; - int ret; - - va_start(args, format); - - ret = BIO_vprintf(bio, format, args); - - va_end(args); - return(ret); - } - -int BIO_vprintf (BIO *bio, const char *format, va_list args) - { - int ret; - size_t retlen; - char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable - in small-stack environments, like threads - or DOS programs. */ - char *hugebufp = hugebuf; - size_t hugebufsize = sizeof(hugebuf); - char *dynbuf = NULL; - int ignored; - - dynbuf = NULL; - CRYPTO_push_info("doapr()"); - _dopr(&hugebufp, &dynbuf, &hugebufsize, - &retlen, &ignored, format, args); - if (dynbuf) - { - ret=BIO_write(bio, dynbuf, (int)retlen); - OPENSSL_free(dynbuf); - } - else - { - ret=BIO_write(bio, hugebuf, (int)retlen); - } - CRYPTO_pop_info(); - return(ret); - } - -/* As snprintf is not available everywhere, we provide our own implementation. - * This function has nothing to do with BIOs, but it's closely related - * to BIO_printf, and we need *some* name prefix ... - * (XXX the function should be renamed, but to what?) */ +int BIO_printf(BIO *bio, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + + ret = BIO_vprintf(bio, format, args); + + va_end(args); + return (ret); +} + +int BIO_vprintf(BIO *bio, const char *format, va_list args) +{ + int ret; + size_t retlen; + char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable + * in small-stack environments, like threads + * or DOS programs. */ + char *hugebufp = hugebuf; + size_t hugebufsize = sizeof(hugebuf); + char *dynbuf = NULL; + int ignored; + + dynbuf = NULL; + CRYPTO_push_info("doapr()"); + _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); + if (dynbuf) { + ret = BIO_write(bio, dynbuf, (int)retlen); + OPENSSL_free(dynbuf); + } else { + ret = BIO_write(bio, hugebuf, (int)retlen); + } + CRYPTO_pop_info(); + return (ret); +} + +/* + * As snprintf is not available everywhere, we provide our own + * implementation. This function has nothing to do with BIOs, but it's + * closely related to BIO_printf, and we need *some* name prefix ... (XXX the + * function should be renamed, but to what?) + */ int BIO_snprintf(char *buf, size_t n, const char *format, ...) - { - va_list args; - int ret; +{ + va_list args; + int ret; - va_start(args, format); + va_start(args, format); - ret = BIO_vsnprintf(buf, n, format, args); + ret = BIO_vsnprintf(buf, n, format, args); - va_end(args); - return(ret); - } + va_end(args); + return (ret); +} int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - { - size_t retlen; - int truncated; - - _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); - - if (truncated) - /* In case of truncation, return -1 like traditional snprintf. - * (Current drafts for ISO/IEC 9899 say snprintf should return - * the number of characters that would have been written, - * had the buffer been large enough.) */ - return -1; - else - return (retlen <= INT_MAX) ? (int)retlen : -1; - } +{ + size_t retlen; + int truncated; + + _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); + + if (truncated) + /* + * In case of truncation, return -1 like traditional snprintf. + * (Current drafts for ISO/IEC 9899 say snprintf should return the + * number of characters that would have been written, had the buffer + * been large enough.) + */ + return -1; + else + return (retlen <= INT_MAX) ? (int)retlen : -1; +} diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock.c b/Cryptlib/OpenSSL/crypto/bio/b_sock.c new file mode 100644 index 00000000..5bad0a2b --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/bio/b_sock.c @@ -0,0 +1,962 @@ +/* crypto/bio/b_sock.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#define USE_SOCKETS +#include "cryptlib.h" +#include <openssl/bio.h> +#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) +# include <netdb.h> +# if defined(NETWARE_CLIB) +# include <sys/ioctl.h> +NETDB_DEFINE_CONTEXT +# endif +#endif +#ifndef OPENSSL_NO_SOCK +# include <openssl/dso.h> +# define SOCKET_PROTOCOL IPPROTO_TCP +# ifdef SO_MAXCONN +# define MAX_LISTEN SO_MAXCONN +# elif defined(SOMAXCONN) +# define MAX_LISTEN SOMAXCONN +# else +# define MAX_LISTEN 32 +# endif +# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) +static int wsa_init_done = 0; +# endif + +/* + * WSAAPI specifier is required to make indirect calls to run-time + * linked WinSock 2 functions used in this module, to be specific + * [get|free]addrinfo and getnameinfo. This is because WinSock uses + * uses non-C calling convention, __stdcall vs. __cdecl, on x86 + * Windows. On non-WinSock platforms WSAAPI needs to be void. + */ +# ifndef WSAAPI +# define WSAAPI +# endif + +# if 0 +static unsigned long BIO_ghbn_hits = 0L; +static unsigned long BIO_ghbn_miss = 0L; + +# define GHBN_NUM 4 +static struct ghbn_cache_st { + char name[129]; + struct hostent *ent; + unsigned long order; +} ghbn_cache[GHBN_NUM]; +# endif + +static int get_ip(const char *str, unsigned char *ip); +# if 0 +static void ghbn_free(struct hostent *a); +static struct hostent *ghbn_dup(struct hostent *a); +# endif +int BIO_get_host_ip(const char *str, unsigned char *ip) +{ + int i; + int err = 1; + int locked = 0; + struct hostent *he; + + i = get_ip(str, ip); + if (i < 0) { + BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS); + goto err; + } + + /* + * At this point, we have something that is most probably correct in some + * way, so let's init the socket. + */ + if (BIO_sock_init() != 1) + return 0; /* don't generate another error code here */ + + /* + * If the string actually contained an IP address, we need not do + * anything more + */ + if (i > 0) + return (1); + + /* do a gethostbyname */ + CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); + locked = 1; + he = BIO_gethostbyname(str); + if (he == NULL) { + BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); + goto err; + } + + /* cast to short because of win16 winsock definition */ + if ((short)he->h_addrtype != AF_INET) { + BIOerr(BIO_F_BIO_GET_HOST_IP, + BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); + goto err; + } + for (i = 0; i < 4; i++) + ip[i] = he->h_addr_list[0][i]; + err = 0; + + err: + if (locked) + CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); + if (err) { + ERR_add_error_data(2, "host=", str); + return 0; + } else + return 1; +} + +int BIO_get_port(const char *str, unsigned short *port_ptr) +{ + int i; + struct servent *s; + + if (str == NULL) { + BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED); + return (0); + } + i = atoi(str); + if (i != 0) + *port_ptr = (unsigned short)i; + else { + CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); + /* + * Note: under VMS with SOCKETSHR, it seems like the first parameter + * is 'char *', instead of 'const char *' + */ +# ifndef CONST_STRICT + s = getservbyname((char *)str, "tcp"); +# else + s = getservbyname(str, "tcp"); +# endif + if (s != NULL) + *port_ptr = ntohs((unsigned short)s->s_port); + CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); + if (s == NULL) { + if (strcmp(str, "http") == 0) + *port_ptr = 80; + else if (strcmp(str, "telnet") == 0) + *port_ptr = 23; + else if (strcmp(str, "socks") == 0) + *port_ptr = 1080; + else if (strcmp(str, "https") == 0) + *port_ptr = 443; + else if (strcmp(str, "ssl") == 0) + *port_ptr = 443; + else if (strcmp(str, "ftp") == 0) + *port_ptr = 21; + else if (strcmp(str, "gopher") == 0) + *port_ptr = 70; +# if 0 + else if (strcmp(str, "wais") == 0) + *port_ptr = 21; +# endif + else { + SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error()); + ERR_add_error_data(3, "service='", str, "'"); + return (0); + } + } + } + return (1); +} + +int BIO_sock_error(int sock) +{ + int j, i; + union { + size_t s; + int i; + } size; + +# if defined(OPENSSL_SYS_BEOS_R5) + return 0; +# endif + + /* heuristic way to adapt for platforms that expect 64-bit optlen */ + size.s = 0, size.i = sizeof(j); + /* + * Note: under Windows the third parameter is of type (char *) whereas + * under other systems it is (void *) if you don't have a cast it will + * choke the compiler: if you do have a cast then you can either go for + * (char *) or (void *). + */ + i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size); + if (i < 0) + return (1); + else + return (j); +} + +# if 0 +long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) +{ + int i; + char **p; + + switch (cmd) { + case BIO_GHBN_CTRL_HITS: + return (BIO_ghbn_hits); + /* break; */ + case BIO_GHBN_CTRL_MISSES: + return (BIO_ghbn_miss); + /* break; */ + case BIO_GHBN_CTRL_CACHE_SIZE: + return (GHBN_NUM); + /* break; */ + case BIO_GHBN_CTRL_GET_ENTRY: + if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) { + p = (char **)parg; + if (p == NULL) + return (0); + *p = ghbn_cache[iarg].name; + ghbn_cache[iarg].name[128] = '\0'; + return (1); + } + return (0); + /* break; */ + case BIO_GHBN_CTRL_FLUSH: + for (i = 0; i < GHBN_NUM; i++) + ghbn_cache[i].order = 0; + break; + default: + return (0); + } + return (1); +} +# endif + +# if 0 +static struct hostent *ghbn_dup(struct hostent *a) +{ + struct hostent *ret; + int i, j; + + MemCheck_off(); + ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); + if (ret == NULL) + return (NULL); + memset(ret, 0, sizeof(struct hostent)); + + for (i = 0; a->h_aliases[i] != NULL; i++) ; + i++; + ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *)); + if (ret->h_aliases == NULL) + goto err; + memset(ret->h_aliases, 0, i * sizeof(char *)); + + for (i = 0; a->h_addr_list[i] != NULL; i++) ; + i++; + ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *)); + if (ret->h_addr_list == NULL) + goto err; + memset(ret->h_addr_list, 0, i * sizeof(char *)); + + j = strlen(a->h_name) + 1; + if ((ret->h_name = OPENSSL_malloc(j)) == NULL) + goto err; + memcpy((char *)ret->h_name, a->h_name, j); + for (i = 0; a->h_aliases[i] != NULL; i++) { + j = strlen(a->h_aliases[i]) + 1; + if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL) + goto err; + memcpy(ret->h_aliases[i], a->h_aliases[i], j); + } + ret->h_length = a->h_length; + ret->h_addrtype = a->h_addrtype; + for (i = 0; a->h_addr_list[i] != NULL; i++) { + if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL) + goto err; + memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length); + } + if (0) { + err: + if (ret != NULL) + ghbn_free(ret); + ret = NULL; + } + MemCheck_on(); + return (ret); +} + +static void ghbn_free(struct hostent *a) +{ + int i; + + if (a == NULL) + return; + + if (a->h_aliases != NULL) { + for (i = 0; a->h_aliases[i] != NULL; i++) + OPENSSL_free(a->h_aliases[i]); + OPENSSL_free(a->h_aliases); + } + if (a->h_addr_list != NULL) { + for (i = 0; a->h_addr_list[i] != NULL; i++) + OPENSSL_free(a->h_addr_list[i]); + OPENSSL_free(a->h_addr_list); + } + if (a->h_name != NULL) + OPENSSL_free(a->h_name); + OPENSSL_free(a); +} + +# endif + +struct hostent *BIO_gethostbyname(const char *name) +{ +# if 1 + /* + * Caching gethostbyname() results forever is wrong, so we have to let + * the true gethostbyname() worry about this + */ +# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) + return gethostbyname((char *)name); +# else + return gethostbyname(name); +# endif +# else + struct hostent *ret; + int i, lowi = 0, j; + unsigned long low = (unsigned long)-1; + +# if 0 + /* + * It doesn't make sense to use locking here: The function interface is + * not thread-safe, because threads can never be sure when some other + * thread destroys the data they were given a pointer to. + */ + CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); +# endif + j = strlen(name); + if (j < 128) { + for (i = 0; i < GHBN_NUM; i++) { + if (low > ghbn_cache[i].order) { + low = ghbn_cache[i].order; + lowi = i; + } + if (ghbn_cache[i].order > 0) { + if (strncmp(name, ghbn_cache[i].name, 128) == 0) + break; + } + } + } else + i = GHBN_NUM; + + if (i == GHBN_NUM) { /* no hit */ + BIO_ghbn_miss++; + /* + * Note: under VMS with SOCKETSHR, it seems like the first parameter + * is 'char *', instead of 'const char *' + */ +# ifndef CONST_STRICT + ret = gethostbyname((char *)name); +# else + ret = gethostbyname(name); +# endif + + if (ret == NULL) + goto end; + if (j > 128) { /* too big to cache */ +# if 0 + /* + * If we were trying to make this function thread-safe (which is + * bound to fail), we'd have to give up in this case (or allocate + * more memory). + */ + ret = NULL; +# endif + goto end; + } + + /* else add to cache */ + if (ghbn_cache[lowi].ent != NULL) + ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ + ghbn_cache[lowi].name[0] = '\0'; + + if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) { + BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE); + goto end; + } + strncpy(ghbn_cache[lowi].name, name, 128); + ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits; + } else { + BIO_ghbn_hits++; + ret = ghbn_cache[i].ent; + ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits; + } + end: +# if 0 + CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); +# endif + return (ret); +# endif +} + +int BIO_sock_init(void) +{ +# ifdef OPENSSL_SYS_WINDOWS + static struct WSAData wsa_state; + + if (!wsa_init_done) { + int err; + + wsa_init_done = 1; + memset(&wsa_state, 0, sizeof(wsa_state)); + /* + * Not making wsa_state available to the rest of the code is formally + * wrong. But the structures we use are [beleived to be] invariable + * among Winsock DLLs, while API availability is [expected to be] + * probed at run-time with DSO_global_lookup. + */ + if (WSAStartup(0x0202, &wsa_state) != 0) { + err = WSAGetLastError(); + SYSerr(SYS_F_WSASTARTUP, err); + BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); + return (-1); + } + } +# endif /* OPENSSL_SYS_WINDOWS */ +# ifdef WATT32 + extern int _watt_do_exit; + _watt_do_exit = 0; /* don't make sock_init() call exit() */ + if (sock_init()) + return (-1); +# endif + +# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) { + wsa_init_done = 1; + wVerReq = MAKEWORD(2, 0); + err = WSAStartup(wVerReq, &wsaData); + if (err != 0) { + SYSerr(SYS_F_WSASTARTUP, err); + BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); + return (-1); + } + } +# endif + + return (1); +} + +void BIO_sock_cleanup(void) +{ +# ifdef OPENSSL_SYS_WINDOWS + if (wsa_init_done) { + wsa_init_done = 0; +# if 0 /* this call is claimed to be non-present in + * Winsock2 */ + WSACancelBlockingCall(); +# endif + WSACleanup(); + } +# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + if (wsa_init_done) { + wsa_init_done = 0; + WSACleanup(); + } +# endif +} + +# if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 + +int BIO_socket_ioctl(int fd, long type, void *arg) +{ + int i; + +# ifdef __DJGPP__ + i = ioctlsocket(fd, type, (char *)arg); +# else +# if defined(OPENSSL_SYS_VMS) + /*- + * 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ +# if __INITIAL_POINTER_SIZE == 64 +# define ARG arg_32p +# pragma pointer_size save +# pragma pointer_size 32 + unsigned long arg_32; + unsigned long *arg_32p; +# pragma pointer_size restore + arg_32p = &arg_32; + arg_32 = *((unsigned long *)arg); +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define ARG arg +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# else /* defined(OPENSSL_SYS_VMS) */ +# define ARG arg +# endif /* defined(OPENSSL_SYS_VMS) [else] */ + + i = ioctlsocket(fd, type, ARG); +# endif /* __DJGPP__ */ + if (i < 0) + SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error()); + return (i); +} +# endif /* __VMS_VER */ + +/* + * The reason I have implemented this instead of using sscanf is because + * Visual C 1.52c gives an unresolved external when linking a DLL :-( + */ +static int get_ip(const char *str, unsigned char ip[4]) +{ + unsigned int tmp[4]; + int num = 0, c, ok = 0; + + tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0; + + for (;;) { + c = *(str++); + if ((c >= '0') && (c <= '9')) { + ok = 1; + tmp[num] = tmp[num] * 10 + c - '0'; + if (tmp[num] > 255) + return (0); + } else if (c == '.') { + if (!ok) + return (-1); + if (num == 3) + return (0); + num++; + ok = 0; + } else if (c == '\0' && (num == 3) && ok) + break; + else + return (0); + } + ip[0] = tmp[0]; + ip[1] = tmp[1]; + ip[2] = tmp[2]; + ip[3] = tmp[3]; + return (1); +} + +int BIO_get_accept_socket(char *host, int bind_mode) +{ + int ret = 0; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +# endif + } server, client; + int s = INVALID_SOCKET, cs, addrlen; + unsigned char ip[4]; + unsigned short port; + char *str = NULL, *e; + char *h, *p; + unsigned long l; + int err_num; + + if (BIO_sock_init() != 1) + return (INVALID_SOCKET); + + if ((str = BUF_strdup(host)) == NULL) + return (INVALID_SOCKET); + + h = p = NULL; + h = str; + for (e = str; *e; e++) { + if (*e == ':') { + p = e; + } else if (*e == '/') { + *e = '\0'; + break; + } + } + if (p) + *p++ = '\0'; /* points at last ':', '::port' is special + * [see below] */ + else + p = h, h = NULL; + +# ifdef EAI_FAMILY + do { + static union { + void *p; + int (WSAAPI *f) (const char *, const char *, + const struct addrinfo *, struct addrinfo **); + } p_getaddrinfo = { + NULL + }; + static union { + void *p; + void (WSAAPI *f) (struct addrinfo *); + } p_freeaddrinfo = { + NULL + }; + struct addrinfo *res, hint; + + if (p_getaddrinfo.p == NULL) { + if ((p_getaddrinfo.p = DSO_global_lookup("getaddrinfo")) == NULL + || (p_freeaddrinfo.p = + DSO_global_lookup("freeaddrinfo")) == NULL) + p_getaddrinfo.p = (void *)-1; + } + if (p_getaddrinfo.p == (void *)-1) + break; + + /* + * '::port' enforces IPv6 wildcard listener. Some OSes, e.g. Solaris, + * default to IPv6 without any hint. Also note that commonly IPv6 + * wildchard socket can service IPv4 connections just as well... + */ + memset(&hint, 0, sizeof(hint)); + hint.ai_flags = AI_PASSIVE; + if (h) { + if (strchr(h, ':')) { + if (h[1] == '\0') + h = NULL; +# if OPENSSL_USE_IPV6 + hint.ai_family = AF_INET6; +# else + h = NULL; +# endif + } else if (h[0] == '*' && h[1] == '\0') { + hint.ai_family = AF_INET; + h = NULL; + } + } + + if ((*p_getaddrinfo.f) (h, p, &hint, &res)) + break; + + addrlen = res->ai_addrlen <= sizeof(server) ? + res->ai_addrlen : sizeof(server); + memcpy(&server, res->ai_addr, addrlen); + + (*p_freeaddrinfo.f) (res); + goto again; + } while (0); +# endif + + if (!BIO_get_port(p, &port)) + goto err; + + memset((char *)&server, 0, sizeof(server)); + server.sa_in.sin_family = AF_INET; + server.sa_in.sin_port = htons(port); + addrlen = sizeof(server.sa_in); + + if (h == NULL || strcmp(h, "*") == 0) + server.sa_in.sin_addr.s_addr = INADDR_ANY; + else { + if (!BIO_get_host_ip(h, &(ip[0]))) + goto err; + l = (unsigned long) + ((unsigned long)ip[0] << 24L) | + ((unsigned long)ip[1] << 16L) | + ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); + server.sa_in.sin_addr.s_addr = htonl(l); + } + + again: + s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); + if (s == INVALID_SOCKET) { + SYSerr(SYS_F_SOCKET, get_last_socket_error()); + ERR_add_error_data(3, "port='", host, "'"); + BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); + goto err; + } +# ifdef SO_REUSEADDR + if (bind_mode == BIO_BIND_REUSEADDR) { + int i = 1; + + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i)); + bind_mode = BIO_BIND_NORMAL; + } +# endif + if (bind(s, &server.sa, addrlen) == -1) { +# ifdef SO_REUSEADDR + err_num = get_last_socket_error(); + if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && +# ifdef OPENSSL_SYS_WINDOWS + /* + * Some versions of Windows define EADDRINUSE to a dummy value. + */ + (err_num == WSAEADDRINUSE)) +# else + (err_num == EADDRINUSE)) +# endif + { + client = server; + if (h == NULL || strcmp(h, "*") == 0) { +# if OPENSSL_USE_IPV6 + if (client.sa.sa_family == AF_INET6) { + memset(&client.sa_in6.sin6_addr, 0, + sizeof(client.sa_in6.sin6_addr)); + client.sa_in6.sin6_addr.s6_addr[15] = 1; + } else +# endif + if (client.sa.sa_family == AF_INET) { + client.sa_in.sin_addr.s_addr = htonl(0x7F000001); + } else + goto err; + } + cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); + if (cs != INVALID_SOCKET) { + int ii; + ii = connect(cs, &client.sa, addrlen); + closesocket(cs); + if (ii == INVALID_SOCKET) { + bind_mode = BIO_BIND_REUSEADDR; + closesocket(s); + goto again; + } + /* else error */ + } + /* else error */ + } +# endif + SYSerr(SYS_F_BIND, err_num); + ERR_add_error_data(3, "port='", host, "'"); + BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET); + goto err; + } + if (listen(s, MAX_LISTEN) == -1) { + SYSerr(SYS_F_BIND, get_last_socket_error()); + ERR_add_error_data(3, "port='", host, "'"); + BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET); + goto err; + } + ret = 1; + err: + if (str != NULL) + OPENSSL_free(str); + if ((ret == 0) && (s != INVALID_SOCKET)) { + closesocket(s); + s = INVALID_SOCKET; + } + return (s); +} + +int BIO_accept(int sock, char **addr) +{ + int ret = INVALID_SOCKET; + unsigned long l; + unsigned short port; + char *p; + + struct { + /* + * As for following union. Trouble is that there are platforms + * that have socklen_t and there are platforms that don't, on + * some platforms socklen_t is int and on some size_t. So what + * one can do? One can cook #ifdef spaghetti, which is nothing + * but masochistic. Or one can do union between int and size_t. + * One naturally does it primarily for 64-bit platforms where + * sizeof(int) != sizeof(size_t). But would it work? Note that + * if size_t member is initialized to 0, then later int member + * assignment naturally does the job on little-endian platforms + * regardless accept's expectations! What about big-endians? + * If accept expects int*, then it works, and if size_t*, then + * length value would appear as unreasonably large. But this + * won't prevent it from filling in the address structure. The + * trouble of course would be if accept returns more data than + * actual buffer can accomodate and overwrite stack... That's + * where early OPENSSL_assert comes into picture. Besides, the + * only 64-bit big-endian platform found so far that expects + * size_t* is HP-UX, where stack grows towards higher address. + * <appro> + */ + union { + size_t s; + int i; + } len; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +# endif + } from; + } sa; + + sa.len.s = 0; + sa.len.i = sizeof(sa.from); + memset(&sa.from, 0, sizeof(sa.from)); + ret = accept(sock, &sa.from.sa, (void *)&sa.len); + if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { + OPENSSL_assert(sa.len.s <= sizeof(sa.from)); + sa.len.i = (int)sa.len.s; + /* use sa.len.i from this point */ + } + if (ret == INVALID_SOCKET) { + if (BIO_sock_should_retry(ret)) + return -2; + SYSerr(SYS_F_ACCEPT, get_last_socket_error()); + BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); + goto end; + } + + if (addr == NULL) + goto end; + +# ifdef EAI_FAMILY + do { + char h[NI_MAXHOST], s[NI_MAXSERV]; + size_t nl; + static union { + void *p; + int (WSAAPI *f) (const struct sockaddr *, size_t /* socklen_t */ , + char *, size_t, char *, size_t, int); + } p_getnameinfo = { + NULL + }; + /* + * 2nd argument to getnameinfo is specified to be socklen_t. + * Unfortunately there is a number of environments where socklen_t is + * not defined. As it's passed by value, it's safe to pass it as + * size_t... <appro> + */ + + if (p_getnameinfo.p == NULL) { + if ((p_getnameinfo.p = DSO_global_lookup("getnameinfo")) == NULL) + p_getnameinfo.p = (void *)-1; + } + if (p_getnameinfo.p == (void *)-1) + break; + + if ((*p_getnameinfo.f) (&sa.from.sa, sa.len.i, h, sizeof(h), s, + sizeof(s), NI_NUMERICHOST | NI_NUMERICSERV)) + break; + nl = strlen(h) + strlen(s) + 2; + p = *addr; + if (p) { + *p = '\0'; + p = OPENSSL_realloc(p, nl); + } else { + p = OPENSSL_malloc(nl); + } + if (p == NULL) { + BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); + goto end; + } + *addr = p; + BIO_snprintf(*addr, nl, "%s:%s", h, s); + goto end; + } while (0); +# endif + if (sa.from.sa.sa_family != AF_INET) + goto end; + l = ntohl(sa.from.sa_in.sin_addr.s_addr); + port = ntohs(sa.from.sa_in.sin_port); + if (*addr == NULL) { + if ((p = OPENSSL_malloc(24)) == NULL) { + BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); + goto end; + } + *addr = p; + } + BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d", + (unsigned char)(l >> 24L) & 0xff, + (unsigned char)(l >> 16L) & 0xff, + (unsigned char)(l >> 8L) & 0xff, + (unsigned char)(l) & 0xff, port); + end: + return (ret); +} + +int BIO_set_tcp_ndelay(int s, int on) +{ + int ret = 0; +# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) + int opt; + +# ifdef SOL_TCP + opt = SOL_TCP; +# else +# ifdef IPPROTO_TCP + opt = IPPROTO_TCP; +# endif +# endif + + ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on)); +# endif + return (ret == 0); +} + +int BIO_socket_nbio(int s, int mode) +{ + int ret = -1; + int l; + + l = mode; +# ifdef FIONBIO + ret = BIO_socket_ioctl(s, FIONBIO, &l); +# endif + return (ret == 0); +} +#endif diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c index da88a8a1..a04f32a0 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c @@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); #if 1 - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 0x07); if (outl > num) @@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl) num = nt->lwn; nt->lwn = 0; } else { - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 7); } diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c index b24daf7b..d3e86068 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c @@ -70,42 +70,49 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, MS_STATIC char buf[256]; char *p; long r = 1; + int len; size_t p_maxlen; if (BIO_CB_RETURN & cmd) r = ret; - BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); - p = &(buf[14]); - p_maxlen = sizeof buf - 14; + len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + + p = buf + len; + p_maxlen = sizeof(buf) - len; + switch (cmd) { case BIO_CB_FREE: BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n", - bio->num, argi, bio->method->name, bio->num); + BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n", + bio->num, (unsigned long)argi, + bio->method->name, bio->num); else - BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n", - bio->num, argi, bio->method->name); + BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n", + bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n", - bio->num, argi, bio->method->name, bio->num); + BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n", + bio->num, (unsigned long)argi, + bio->method->name, bio->num); else - BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n", - bio->num, argi, bio->method->name); + BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n", + bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_PUTS: BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name); break; case BIO_CB_GETS: - BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name); + BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi, + bio->method->name); break; case BIO_CB_CTRL: - BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name); + BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi, + bio->method->name); break; case BIO_CB_RETURN | BIO_CB_READ: BIO_snprintf(p, p_maxlen, "read return %ld\n", ret); diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c index 3a838ff6..d9007aa3 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c +++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* crypto/bio/bio_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,8 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h index dba2919d..741884da 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h +++ b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h @@ -2,27 +2,35 @@ #if BIO_FLAGS_UPLINK==0 /* Shortcut UPLINK calls on most platforms... */ -#define UP_stdin stdin -#define UP_stdout stdout -#define UP_stderr stderr -#define UP_fprintf fprintf -#define UP_fgets fgets -#define UP_fread fread -#define UP_fwrite fwrite -#undef UP_fsetmod -#define UP_feof feof -#define UP_fclose fclose +# define UP_stdin stdin +# define UP_stdout stdout +# define UP_stderr stderr +# define UP_fprintf fprintf +# define UP_fgets fgets +# define UP_fread fread +# define UP_fwrite fwrite +# undef UP_fsetmod +# define UP_feof feof +# define UP_fclose fclose -#define UP_fopen fopen -#define UP_fseek fseek -#define UP_ftell ftell -#define UP_fflush fflush -#define UP_ferror ferror -#define UP_fileno fileno - -#define UP_open open -#define UP_read read -#define UP_write write -#define UP_lseek lseek -#define UP_close close +# define UP_fopen fopen +# define UP_fseek fseek +# define UP_ftell ftell +# define UP_fflush fflush +# define UP_ferror ferror +# ifdef _WIN32 +# define UP_fileno _fileno +# define UP_open _open +# define UP_read _read +# define UP_write _write +# define UP_lseek _lseek +# define UP_close _close +# else +# define UP_fileno fileno +# define UP_open open +# define UP_read read +# define UP_write write +# define UP_lseek lseek +# define UP_close close +# endif #endif diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c index bb284be3..07934f8a 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c @@ -420,7 +420,7 @@ BIO *BIO_push(BIO *b, BIO *bio) if (bio != NULL) bio->prev_bio = lb; /* called to do internal processing */ - BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL); + BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb); return (b); } @@ -433,7 +433,7 @@ BIO *BIO_pop(BIO *b) return (NULL); ret = b->next_bio; - BIO_ctrl(b, BIO_CTRL_POP, 0, NULL); + BIO_ctrl(b, BIO_CTRL_POP, 0, b); if (b->prev_bio != NULL) b->prev_bio->next_bio = b->next_bio; @@ -515,42 +515,44 @@ void BIO_free_all(BIO *bio) BIO *BIO_dup_chain(BIO *in) { - BIO *ret = NULL, *eoc = NULL, *bio, *new; + BIO *ret = NULL, *eoc = NULL, *bio, *new_bio; for (bio = in; bio != NULL; bio = bio->next_bio) { - if ((new = BIO_new(bio->method)) == NULL) + if ((new_bio = BIO_new(bio->method)) == NULL) goto err; - new->callback = bio->callback; - new->cb_arg = bio->cb_arg; - new->init = bio->init; - new->shutdown = bio->shutdown; - new->flags = bio->flags; + new_bio->callback = bio->callback; + new_bio->cb_arg = bio->cb_arg; + new_bio->init = bio->init; + new_bio->shutdown = bio->shutdown; + new_bio->flags = bio->flags; /* This will let SSL_s_sock() work with stdin/stdout */ - new->num = bio->num; + new_bio->num = bio->num; - if (!BIO_dup_state(bio, (char *)new)) { - BIO_free(new); + if (!BIO_dup_state(bio, (char *)new_bio)) { + BIO_free(new_bio); goto err; } /* copy app data */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, - &bio->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { - eoc = new; + eoc = new_bio; ret = eoc; } else { - BIO_push(eoc, new); - eoc = new; + BIO_push(eoc, new_bio); + eoc = new_bio; } } return (ret); err: - if (ret != NULL) - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c new file mode 100644 index 00000000..4a5e39bd --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c @@ -0,0 +1,463 @@ +/* crypto/bio/bss_acpt.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <errno.h> +#define USE_SOCKETS +#include "cryptlib.h" +#include <openssl/bio.h> + +#ifndef OPENSSL_NO_SOCK + +# ifdef OPENSSL_SYS_WIN16 +# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +# else +# define SOCKET_PROTOCOL IPPROTO_TCP +# endif + +# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +# undef FIONBIO +# endif + +typedef struct bio_accept_st { + int state; + char *param_addr; + int accept_sock; + int accept_nbio; + char *addr; + int nbio; + /* + * If 0, it means normal, if 1, do a connect on bind failure, and if + * there is no-one listening, bind with SO_REUSEADDR. If 2, always use + * SO_REUSEADDR. + */ + int bind_mode; + BIO *bio_chain; +} BIO_ACCEPT; + +static int acpt_write(BIO *h, const char *buf, int num); +static int acpt_read(BIO *h, char *buf, int size); +static int acpt_puts(BIO *h, const char *str); +static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int acpt_new(BIO *h); +static int acpt_free(BIO *data); +static int acpt_state(BIO *b, BIO_ACCEPT *c); +static void acpt_close_socket(BIO *data); +static BIO_ACCEPT *BIO_ACCEPT_new(void); +static void BIO_ACCEPT_free(BIO_ACCEPT *a); + +# define ACPT_S_BEFORE 1 +# define ACPT_S_GET_ACCEPT_SOCKET 2 +# define ACPT_S_OK 3 + +static BIO_METHOD methods_acceptp = { + BIO_TYPE_ACCEPT, + "socket accept", + acpt_write, + acpt_read, + acpt_puts, + NULL, /* connect_gets, */ + acpt_ctrl, + acpt_new, + acpt_free, + NULL, +}; + +BIO_METHOD *BIO_s_accept(void) +{ + return (&methods_acceptp); +} + +static int acpt_new(BIO *bi) +{ + BIO_ACCEPT *ba; + + bi->init = 0; + bi->num = INVALID_SOCKET; + bi->flags = 0; + if ((ba = BIO_ACCEPT_new()) == NULL) + return (0); + bi->ptr = (char *)ba; + ba->state = ACPT_S_BEFORE; + bi->shutdown = 1; + return (1); +} + +static BIO_ACCEPT *BIO_ACCEPT_new(void) +{ + BIO_ACCEPT *ret; + + if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) + return (NULL); + + memset(ret, 0, sizeof(BIO_ACCEPT)); + ret->accept_sock = INVALID_SOCKET; + ret->bind_mode = BIO_BIND_NORMAL; + return (ret); +} + +static void BIO_ACCEPT_free(BIO_ACCEPT *a) +{ + if (a == NULL) + return; + + if (a->param_addr != NULL) + OPENSSL_free(a->param_addr); + if (a->addr != NULL) + OPENSSL_free(a->addr); + if (a->bio_chain != NULL) + BIO_free(a->bio_chain); + OPENSSL_free(a); +} + +static void acpt_close_socket(BIO *bio) +{ + BIO_ACCEPT *c; + + c = (BIO_ACCEPT *)bio->ptr; + if (c->accept_sock != INVALID_SOCKET) { + shutdown(c->accept_sock, 2); + closesocket(c->accept_sock); + c->accept_sock = INVALID_SOCKET; + bio->num = INVALID_SOCKET; + } +} + +static int acpt_free(BIO *a) +{ + BIO_ACCEPT *data; + + if (a == NULL) + return (0); + data = (BIO_ACCEPT *)a->ptr; + + if (a->shutdown) { + acpt_close_socket(a); + BIO_ACCEPT_free(data); + a->ptr = NULL; + a->flags = 0; + a->init = 0; + } + return (1); +} + +static int acpt_state(BIO *b, BIO_ACCEPT *c) +{ + BIO *bio = NULL, *dbio; + int s = -1; + int i; + + again: + switch (c->state) { + case ACPT_S_BEFORE: + if (c->param_addr == NULL) { + BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED); + return (-1); + } + s = BIO_get_accept_socket(c->param_addr, c->bind_mode); + if (s == INVALID_SOCKET) + return (-1); + + if (c->accept_nbio) { + if (!BIO_socket_nbio(s, 1)) { + closesocket(s); + BIOerr(BIO_F_ACPT_STATE, + BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); + return (-1); + } + } + c->accept_sock = s; + b->num = s; + c->state = ACPT_S_GET_ACCEPT_SOCKET; + return (1); + /* break; */ + case ACPT_S_GET_ACCEPT_SOCKET: + if (b->next_bio != NULL) { + c->state = ACPT_S_OK; + goto again; + } + BIO_clear_retry_flags(b); + b->retry_reason = 0; + i = BIO_accept(c->accept_sock, &(c->addr)); + + /* -2 return means we should retry */ + if (i == -2) { + BIO_set_retry_special(b); + b->retry_reason = BIO_RR_ACCEPT; + return -1; + } + + if (i < 0) + return (i); + + bio = BIO_new_socket(i, BIO_CLOSE); + if (bio == NULL) + goto err; + + BIO_set_callback(bio, BIO_get_callback(b)); + BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); + + if (c->nbio) { + if (!BIO_socket_nbio(i, 1)) { + BIOerr(BIO_F_ACPT_STATE, + BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); + goto err; + } + } + + /* + * If the accept BIO has an bio_chain, we dup it and put the new + * socket at the end. + */ + if (c->bio_chain != NULL) { + if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) + goto err; + if (!BIO_push(dbio, bio)) + goto err; + bio = dbio; + } + if (BIO_push(b, bio) == NULL) + goto err; + + c->state = ACPT_S_OK; + return (1); + err: + if (bio != NULL) + BIO_free(bio); + else if (s >= 0) + closesocket(s); + return (0); + /* break; */ + case ACPT_S_OK: + if (b->next_bio == NULL) { + c->state = ACPT_S_GET_ACCEPT_SOCKET; + goto again; + } + return (1); + /* break; */ + default: + return (0); + /* break; */ + } + +} + +static int acpt_read(BIO *b, char *out, int outl) +{ + int ret = 0; + BIO_ACCEPT *data; + + BIO_clear_retry_flags(b); + data = (BIO_ACCEPT *)b->ptr; + + while (b->next_bio == NULL) { + ret = acpt_state(b, data); + if (ret <= 0) + return (ret); + } + + ret = BIO_read(b->next_bio, out, outl); + BIO_copy_next_retry(b); + return (ret); +} + +static int acpt_write(BIO *b, const char *in, int inl) +{ + int ret; + BIO_ACCEPT *data; + + BIO_clear_retry_flags(b); + data = (BIO_ACCEPT *)b->ptr; + + while (b->next_bio == NULL) { + ret = acpt_state(b, data); + if (ret <= 0) + return (ret); + } + + ret = BIO_write(b->next_bio, in, inl); + BIO_copy_next_retry(b); + return (ret); +} + +static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + int *ip; + long ret = 1; + BIO_ACCEPT *data; + char **pp; + + data = (BIO_ACCEPT *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: + ret = 0; + data->state = ACPT_S_BEFORE; + acpt_close_socket(b); + b->flags = 0; + break; + case BIO_C_DO_STATE_MACHINE: + /* use this one to start the connection */ + ret = (long)acpt_state(b, data); + break; + case BIO_C_SET_ACCEPT: + if (ptr != NULL) { + if (num == 0) { + b->init = 1; + if (data->param_addr != NULL) + OPENSSL_free(data->param_addr); + data->param_addr = BUF_strdup(ptr); + } else if (num == 1) { + data->accept_nbio = (ptr != NULL); + } else if (num == 2) { + if (data->bio_chain != NULL) + BIO_free(data->bio_chain); + data->bio_chain = (BIO *)ptr; + } + } + break; + case BIO_C_SET_NBIO: + data->nbio = (int)num; + break; + case BIO_C_SET_FD: + b->init = 1; + b->num = *((int *)ptr); + data->accept_sock = b->num; + data->state = ACPT_S_GET_ACCEPT_SOCKET; + b->shutdown = (int)num; + b->init = 1; + break; + case BIO_C_GET_FD: + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = data->accept_sock; + ret = data->accept_sock; + } else + ret = -1; + break; + case BIO_C_GET_ACCEPT: + if (b->init) { + if (ptr != NULL) { + pp = (char **)ptr; + *pp = data->param_addr; + } else + ret = -1; + } else + ret = -1; + break; + case BIO_CTRL_GET_CLOSE: + ret = b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; + case BIO_CTRL_PENDING: + case BIO_CTRL_WPENDING: + ret = 0; + break; + case BIO_CTRL_FLUSH: + break; + case BIO_C_SET_BIND_MODE: + data->bind_mode = (int)num; + break; + case BIO_C_GET_BIND_MODE: + ret = (long)data->bind_mode; + break; + case BIO_CTRL_DUP: +/*- dbio=(BIO *)ptr; + if (data->param_port) EAY EAY + BIO_set_port(dbio,data->param_port); + if (data->param_hostname) + BIO_set_hostname(dbio,data->param_hostname); + BIO_set_nbio(dbio,data->nbio); */ + break; + + default: + ret = 0; + break; + } + return (ret); +} + +static int acpt_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = acpt_write(bp, str, n); + return (ret); +} + +BIO *BIO_new_accept(const char *str) +{ + BIO *ret; + + ret = BIO_new(BIO_s_accept()); + if (ret == NULL) + return (NULL); + if (BIO_set_accept_port(ret, str)) + return (ret); + else { + BIO_free(ret); + return (NULL); + } +} + +#endif diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c index 87955f08..d629a37a 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c @@ -270,10 +270,10 @@ static int bio_read(BIO *bio, char *buf, int size_) * WARNING: The non-copying interface is largely untested as of yet and may * contain bugs. */ -static ssize_t bio_nread0(BIO *bio, char **buf) +static ossl_ssize_t bio_nread0(BIO *bio, char **buf) { struct bio_bio_st *b, *peer_b; - ssize_t num; + ossl_ssize_t num; BIO_clear_retry_flags(bio); @@ -307,15 +307,15 @@ static ssize_t bio_nread0(BIO *bio, char **buf) return num; } -static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) +static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_) { struct bio_bio_st *b, *peer_b; - ssize_t num, available; + ossl_ssize_t num, available; if (num_ > SSIZE_MAX) num = SSIZE_MAX; else - num = (ssize_t) num_; + num = (ossl_ssize_t) num_; available = bio_nread0(bio, buf); if (num > available) @@ -415,7 +415,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() * or just bio_nwrite(), write to buffer) */ -static ssize_t bio_nwrite0(BIO *bio, char **buf) +static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf) { struct bio_bio_st *b; size_t num; @@ -463,15 +463,15 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf) return num; } -static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) +static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) { struct bio_bio_st *b; - ssize_t num, space; + ossl_ssize_t num, space; if (num_ > SSIZE_MAX) num = SSIZE_MAX; else - num = (ssize_t) num_; + num = (ossl_ssize_t) num_; space = bio_nwrite0(bio, buf); if (num > space) diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c new file mode 100644 index 00000000..42d0afff --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c @@ -0,0 +1,603 @@ +/* crypto/bio/bss_conn.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <errno.h> +#define USE_SOCKETS +#include "cryptlib.h" +#include <openssl/bio.h> + +#ifndef OPENSSL_NO_SOCK + +# ifdef OPENSSL_SYS_WIN16 +# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +# else +# define SOCKET_PROTOCOL IPPROTO_TCP +# endif + +# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) +/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ +# undef FIONBIO +# endif + +typedef struct bio_connect_st { + int state; + char *param_hostname; + char *param_port; + int nbio; + unsigned char ip[4]; + unsigned short port; + struct sockaddr_in them; + /* + * int socket; this will be kept in bio->num so that it is compatible + * with the bss_sock bio + */ + /* + * called when the connection is initially made callback(BIO,state,ret); + * The callback should return 'ret'. state is for compatibility with the + * ssl info_callback + */ + int (*info_callback) (const BIO *bio, int state, int ret); +} BIO_CONNECT; + +static int conn_write(BIO *h, const char *buf, int num); +static int conn_read(BIO *h, char *buf, int size); +static int conn_puts(BIO *h, const char *str); +static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int conn_new(BIO *h); +static int conn_free(BIO *data); +static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); + +static int conn_state(BIO *b, BIO_CONNECT *c); +static void conn_close_socket(BIO *data); +BIO_CONNECT *BIO_CONNECT_new(void); +void BIO_CONNECT_free(BIO_CONNECT *a); + +static BIO_METHOD methods_connectp = { + BIO_TYPE_CONNECT, + "socket connect", + conn_write, + conn_read, + conn_puts, + NULL, /* connect_gets, */ + conn_ctrl, + conn_new, + conn_free, + conn_callback_ctrl, +}; + +static int conn_state(BIO *b, BIO_CONNECT *c) +{ + int ret = -1, i; + unsigned long l; + char *p, *q; + int (*cb) (const BIO *, int, int) = NULL; + + if (c->info_callback != NULL) + cb = c->info_callback; + + for (;;) { + switch (c->state) { + case BIO_CONN_S_BEFORE: + p = c->param_hostname; + if (p == NULL) { + BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED); + goto exit_loop; + } + for (; *p != '\0'; p++) { + if ((*p == ':') || (*p == '/')) + break; + } + + i = *p; + if ((i == ':') || (i == '/')) { + + *(p++) = '\0'; + if (i == ':') { + for (q = p; *q; q++) + if (*q == '/') { + *q = '\0'; + break; + } + if (c->param_port != NULL) + OPENSSL_free(c->param_port); + c->param_port = BUF_strdup(p); + } + } + + if (c->param_port == NULL) { + BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED); + ERR_add_error_data(2, "host=", c->param_hostname); + goto exit_loop; + } + c->state = BIO_CONN_S_GET_IP; + break; + + case BIO_CONN_S_GET_IP: + if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0) + goto exit_loop; + c->state = BIO_CONN_S_GET_PORT; + break; + + case BIO_CONN_S_GET_PORT: + if (c->param_port == NULL) { + /* abort(); */ + goto exit_loop; + } else if (BIO_get_port(c->param_port, &c->port) <= 0) + goto exit_loop; + c->state = BIO_CONN_S_CREATE_SOCKET; + break; + + case BIO_CONN_S_CREATE_SOCKET: + /* now setup address */ + memset((char *)&c->them, 0, sizeof(c->them)); + c->them.sin_family = AF_INET; + c->them.sin_port = htons((unsigned short)c->port); + l = (unsigned long) + ((unsigned long)c->ip[0] << 24L) | + ((unsigned long)c->ip[1] << 16L) | + ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]); + c->them.sin_addr.s_addr = htonl(l); + c->state = BIO_CONN_S_CREATE_SOCKET; + + ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); + if (ret == INVALID_SOCKET) { + SYSerr(SYS_F_SOCKET, get_last_socket_error()); + ERR_add_error_data(4, "host=", c->param_hostname, + ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); + goto exit_loop; + } + b->num = ret; + c->state = BIO_CONN_S_NBIO; + break; + + case BIO_CONN_S_NBIO: + if (c->nbio) { + if (!BIO_socket_nbio(b->num, 1)) { + BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO); + ERR_add_error_data(4, "host=", + c->param_hostname, ":", c->param_port); + goto exit_loop; + } + } + c->state = BIO_CONN_S_CONNECT; + +# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) + i = 1; + i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, + sizeof(i)); + if (i < 0) { + SYSerr(SYS_F_SOCKET, get_last_socket_error()); + ERR_add_error_data(4, "host=", c->param_hostname, + ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE); + goto exit_loop; + } +# endif + break; + + case BIO_CONN_S_CONNECT: + BIO_clear_retry_flags(b); + ret = connect(b->num, + (struct sockaddr *)&c->them, sizeof(c->them)); + b->retry_reason = 0; + if (ret < 0) { + if (BIO_sock_should_retry(ret)) { + BIO_set_retry_special(b); + c->state = BIO_CONN_S_BLOCKED_CONNECT; + b->retry_reason = BIO_RR_CONNECT; + } else { + SYSerr(SYS_F_CONNECT, get_last_socket_error()); + ERR_add_error_data(4, "host=", + c->param_hostname, ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + } + goto exit_loop; + } else + c->state = BIO_CONN_S_OK; + break; + + case BIO_CONN_S_BLOCKED_CONNECT: + i = BIO_sock_error(b->num); + if (i) { + BIO_clear_retry_flags(b); + SYSerr(SYS_F_CONNECT, i); + ERR_add_error_data(4, "host=", + c->param_hostname, ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR); + ret = 0; + goto exit_loop; + } else + c->state = BIO_CONN_S_OK; + break; + + case BIO_CONN_S_OK: + ret = 1; + goto exit_loop; + default: + /* abort(); */ + goto exit_loop; + } + + if (cb != NULL) { + if (!(ret = cb((BIO *)b, c->state, ret))) + goto end; + } + } + + /* Loop does not exit */ + exit_loop: + if (cb != NULL) + ret = cb((BIO *)b, c->state, ret); + end: + return (ret); +} + +BIO_CONNECT *BIO_CONNECT_new(void) +{ + BIO_CONNECT *ret; + + if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) + return (NULL); + ret->state = BIO_CONN_S_BEFORE; + ret->param_hostname = NULL; + ret->param_port = NULL; + ret->info_callback = NULL; + ret->nbio = 0; + ret->ip[0] = 0; + ret->ip[1] = 0; + ret->ip[2] = 0; + ret->ip[3] = 0; + ret->port = 0; + memset((char *)&ret->them, 0, sizeof(ret->them)); + return (ret); +} + +void BIO_CONNECT_free(BIO_CONNECT *a) +{ + if (a == NULL) + return; + + if (a->param_hostname != NULL) + OPENSSL_free(a->param_hostname); + if (a->param_port != NULL) + OPENSSL_free(a->param_port); + OPENSSL_free(a); +} + +BIO_METHOD *BIO_s_connect(void) +{ + return (&methods_connectp); +} + +static int conn_new(BIO *bi) +{ + bi->init = 0; + bi->num = INVALID_SOCKET; + bi->flags = 0; + if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) + return (0); + else + return (1); +} + +static void conn_close_socket(BIO *bio) +{ + BIO_CONNECT *c; + + c = (BIO_CONNECT *)bio->ptr; + if (bio->num != INVALID_SOCKET) { + /* Only do a shutdown if things were established */ + if (c->state == BIO_CONN_S_OK) + shutdown(bio->num, 2); + closesocket(bio->num); + bio->num = INVALID_SOCKET; + } +} + +static int conn_free(BIO *a) +{ + BIO_CONNECT *data; + + if (a == NULL) + return (0); + data = (BIO_CONNECT *)a->ptr; + + if (a->shutdown) { + conn_close_socket(a); + BIO_CONNECT_free(data); + a->ptr = NULL; + a->flags = 0; + a->init = 0; + } + return (1); +} + +static int conn_read(BIO *b, char *out, int outl) +{ + int ret = 0; + BIO_CONNECT *data; + + data = (BIO_CONNECT *)b->ptr; + if (data->state != BIO_CONN_S_OK) { + ret = conn_state(b, data); + if (ret <= 0) + return (ret); + } + + if (out != NULL) { + clear_socket_error(); + ret = readsocket(b->num, out, outl); + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_read(b); + } + } + return (ret); +} + +static int conn_write(BIO *b, const char *in, int inl) +{ + int ret; + BIO_CONNECT *data; + + data = (BIO_CONNECT *)b->ptr; + if (data->state != BIO_CONN_S_OK) { + ret = conn_state(b, data); + if (ret <= 0) + return (ret); + } + + clear_socket_error(); + ret = writesocket(b->num, in, inl); + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_write(b); + } + return (ret); +} + +static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO *dbio; + int *ip; + const char **pptr; + long ret = 1; + BIO_CONNECT *data; + + data = (BIO_CONNECT *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: + ret = 0; + data->state = BIO_CONN_S_BEFORE; + conn_close_socket(b); + b->flags = 0; + break; + case BIO_C_DO_STATE_MACHINE: + /* use this one to start the connection */ + if (data->state != BIO_CONN_S_OK) + ret = (long)conn_state(b, data); + else + ret = 1; + break; + case BIO_C_GET_CONNECT: + if (ptr != NULL) { + pptr = (const char **)ptr; + if (num == 0) { + *pptr = data->param_hostname; + + } else if (num == 1) { + *pptr = data->param_port; + } else if (num == 2) { + *pptr = (char *)&(data->ip[0]); + } else if (num == 3) { + *((int *)ptr) = data->port; + } + if ((!b->init) || (ptr == NULL)) + *pptr = "not initialized"; + ret = 1; + } + break; + case BIO_C_SET_CONNECT: + if (ptr != NULL) { + b->init = 1; + if (num == 0) { + if (data->param_hostname != NULL) + OPENSSL_free(data->param_hostname); + data->param_hostname = BUF_strdup(ptr); + } else if (num == 1) { + if (data->param_port != NULL) + OPENSSL_free(data->param_port); + data->param_port = BUF_strdup(ptr); + } else if (num == 2) { + char buf[16]; + unsigned char *p = ptr; + + BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); + if (data->param_hostname != NULL) + OPENSSL_free(data->param_hostname); + data->param_hostname = BUF_strdup(buf); + memcpy(&(data->ip[0]), ptr, 4); + } else if (num == 3) { + char buf[DECIMAL_SIZE(int) + 1]; + + BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); + if (data->param_port != NULL) + OPENSSL_free(data->param_port); + data->param_port = BUF_strdup(buf); + data->port = *(int *)ptr; + } + } + break; + case BIO_C_SET_NBIO: + data->nbio = (int)num; + break; + case BIO_C_GET_FD: + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = b->num; + ret = b->num; + } else + ret = -1; + break; + case BIO_CTRL_GET_CLOSE: + ret = b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; + case BIO_CTRL_PENDING: + case BIO_CTRL_WPENDING: + ret = 0; + break; + case BIO_CTRL_FLUSH: + break; + case BIO_CTRL_DUP: + { + dbio = (BIO *)ptr; + if (data->param_port) + BIO_set_conn_port(dbio, data->param_port); + if (data->param_hostname) + BIO_set_conn_hostname(dbio, data->param_hostname); + BIO_set_nbio(dbio, data->nbio); + /* + * FIXME: the cast of the function seems unlikely to be a good + * idea + */ + (void)BIO_set_info_callback(dbio, + (bio_info_cb *)data->info_callback); + } + break; + case BIO_CTRL_SET_CALLBACK: + { +# if 0 /* FIXME: Should this be used? -- Richard + * Levitte */ + BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ret = -1; +# else + ret = 0; +# endif + } + break; + case BIO_CTRL_GET_CALLBACK: + { + int (**fptr) (const BIO *bio, int state, int xret); + + fptr = (int (**)(const BIO *bio, int state, int xret))ptr; + *fptr = data->info_callback; + } + break; + default: + ret = 0; + break; + } + return (ret); +} + +static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; + BIO_CONNECT *data; + + data = (BIO_CONNECT *)b->ptr; + + switch (cmd) { + case BIO_CTRL_SET_CALLBACK: + { + data->info_callback = + (int (*)(const struct bio_st *, int, int))fp; + } + break; + default: + ret = 0; + break; + } + return (ret); +} + +static int conn_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = conn_write(bp, str, n); + return (ret); +} + +BIO *BIO_new_connect(const char *str) +{ + BIO *ret; + + ret = BIO_new(BIO_s_connect()); + if (ret == NULL) + return (NULL); + if (BIO_set_conn_hostname(ret, str)) + return (ret); + else { + BIO_free(ret); + return (NULL); + } +} + +#endif diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c index 405190f0..7fcd831d 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c @@ -65,14 +65,35 @@ #include <openssl/bio.h> #ifndef OPENSSL_NO_DGRAM -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +# if defined(OPENSSL_SYS_VMS) # include <sys/timeb.h> # endif -# ifdef OPENSSL_SYS_LINUX +# ifndef OPENSSL_NO_SCTP +# include <netinet/sctp.h> +# include <fcntl.h> +# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 +# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 +# endif + +# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) # define IP_MTU 14 /* linux is lame */ # endif +# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) +# define IPPROTO_IPV6 41 /* windows is lame */ +# endif + +# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) +/* Standard definition causes type-punning problems. */ +# undef IN6_IS_ADDR_V4MAPPED +# define s6_addr32 __u6_addr.__u6_addr32 +# define IN6_IS_ADDR_V4MAPPED(a) \ + (((a)->s6_addr32[0] == 0) && \ + ((a)->s6_addr32[1] == 0) && \ + ((a)->s6_addr32[2] == htonl(0x0000ffff))) +# endif + # ifdef WATT32 # define sock_write SockWrite /* Watt-32 uses same names */ # define sock_read SockRead @@ -87,6 +108,19 @@ static int dgram_new(BIO *h); static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); +# ifndef OPENSSL_NO_SCTP +static int dgram_sctp_write(BIO *h, const char *buf, int num); +static int dgram_sctp_read(BIO *h, char *buf, int size); +static int dgram_sctp_puts(BIO *h, const char *str); +static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int dgram_sctp_new(BIO *h); +static int dgram_sctp_free(BIO *data); +# ifdef SCTP_AUTHENTICATION_EVENT +static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification + *snp); +# endif +# endif + static int BIO_dgram_should_retry(int s); static void get_current_time(struct timeval *t); @@ -104,8 +138,29 @@ static BIO_METHOD methods_dgramp = { NULL, }; +# ifndef OPENSSL_NO_SCTP +static BIO_METHOD methods_dgramp_sctp = { + BIO_TYPE_DGRAM_SCTP, + "datagram sctp socket", + dgram_sctp_write, + dgram_sctp_read, + dgram_sctp_puts, + NULL, /* dgram_gets, */ + dgram_sctp_ctrl, + dgram_sctp_new, + dgram_sctp_free, + NULL, +}; +# endif + typedef struct bio_dgram_data_st { - struct sockaddr peer; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +# endif + } peer; unsigned int connected; unsigned int _errno; unsigned int mtu; @@ -113,6 +168,38 @@ typedef struct bio_dgram_data_st { struct timeval socket_timeout; } bio_dgram_data; +# ifndef OPENSSL_NO_SCTP +typedef struct bio_dgram_sctp_save_message_st { + BIO *bio; + char *data; + int length; +} bio_dgram_sctp_save_message; + +typedef struct bio_dgram_sctp_data_st { + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +# endif + } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; + struct bio_dgram_sctp_sndinfo sndinfo; + struct bio_dgram_sctp_rcvinfo rcvinfo; + struct bio_dgram_sctp_prinfo prinfo; + void (*handle_notifications) (BIO *bio, void *context, void *buf); + void *notification_context; + int in_handshake; + int ccs_rcvd; + int ccs_sent; + int save_shutdown; + int peer_auth_tested; + bio_dgram_sctp_save_message saved_message; +} bio_dgram_sctp_data; +# endif + BIO_METHOD *BIO_s_datagram(void) { return (&methods_dgramp); @@ -179,7 +266,12 @@ static void dgram_adjust_rcv_timeout(BIO *b) { # if defined(SO_RCVTIMEO) bio_dgram_data *data = (bio_dgram_data *)b->ptr; - int sz = sizeof(int); + union { + size_t s; + int i; + } sz = { + 0 + }; /* Is a timer active? */ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { @@ -188,18 +280,22 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Read current socket timeout */ # ifdef OPENSSL_SYS_WINDOWS int timeout; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { + (void *)&timeout, &sz.i) < 0) { perror("getsockopt"); } else { data->socket_timeout.tv_sec = timeout / 1000; data->socket_timeout.tv_usec = (timeout % 1000) * 1000; } # else + sz.i = sizeof(data->socket_timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), (void *)&sz) < 0) { perror("getsockopt"); - } + } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) + OPENSSL_assert(sz.s <= sizeof(data->socket_timeout)); # endif /* Get current time */ @@ -207,16 +303,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* @@ -275,22 +372,38 @@ static int dgram_read(BIO *b, char *out, int outl) int ret = 0; bio_dgram_data *data = (bio_dgram_data *)b->ptr; - struct sockaddr peer; - int peerlen = sizeof(peer); + struct { + /* + * See commentary in b_sock.c. <appro> + */ + union { + size_t s; + int i; + } len; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +# endif + } peer; + } sa; + + sa.len.s = 0; + sa.len.i = sizeof(sa.peer); if (out != NULL) { clear_socket_error(); - memset(&peer, 0x00, peerlen); - /* - * Last arg in recvfrom is signed on some platforms and unsigned on - * others. It is of type socklen_t on some but this is not universal. - * Cast to (void *) to avoid compiler warnings. - */ + memset(&sa.peer, 0x00, sizeof(sa.peer)); dgram_adjust_rcv_timeout(b); - ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen); + ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len); + if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { + OPENSSL_assert(sa.len.s <= sizeof(sa.peer)); + sa.len.i = (int)sa.len.s; + } if (!data->connected && ret >= 0) - BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); + BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); BIO_clear_retry_flags(b); if (ret < 0) { @@ -313,14 +426,21 @@ static int dgram_write(BIO *b, const char *in, int inl) if (data->connected) ret = writesocket(b->num, in, inl); - else + else { + int peerlen = sizeof(data->peer); + + if (data->peer.sa.sa_family == AF_INET) + peerlen = sizeof(data->peer.sa_in); +# if OPENSSL_USE_IPV6 + else if (data->peer.sa.sa_family == AF_INET6) + peerlen = sizeof(data->peer.sa_in6); +# endif # if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) - ret = - sendto(b->num, (char *)in, inl, 0, &data->peer, - sizeof(data->peer)); + ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen); # else - ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); + ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); # endif + } BIO_clear_retry_flags(b); if (ret <= 0) { @@ -339,19 +459,59 @@ static int dgram_write(BIO *b, const char *in, int inl) return (ret); } +static long dgram_get_mtu_overhead(bio_dgram_data *data) +{ + long ret; + + switch (data->peer.sa.sa_family) { + case AF_INET: + /* + * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP + */ + ret = 28; + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: +# ifdef IN6_IS_ADDR_V4MAPPED + if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) + /* + * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP + */ + ret = 28; + else +# endif + /* + * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP + */ + ret = 48; + break; +# endif + default: + /* We don't know. Go with the historical default */ + ret = 28; + break; + } + return ret; +} + static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret = 1; int *ip; struct sockaddr *to = NULL; bio_dgram_data *data = NULL; -# if defined(IP_MTU_DISCOVER) || defined(IP_MTU) - long sockopt_val = 0; - unsigned int sockopt_len = 0; -# endif -# ifdef OPENSSL_SYS_LINUX + int sockopt_val = 0; +# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ socklen_t addr_len; - struct sockaddr_storage addr; + union { + struct sockaddr sa; + struct sockaddr_in s4; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 s6; +# endif + } addr; # endif data = (bio_dgram_data *)b->ptr; @@ -403,34 +563,47 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; } else { # endif - memcpy(&(data->peer), to, sizeof(struct sockaddr)); + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; +# endif + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } # if 0 } # endif break; /* (Linux)kernel sets DF bit on outgoing IP packets */ case BIO_CTRL_DGRAM_MTU_DISCOVER: -# ifdef OPENSSL_SYS_LINUX - addr_len = (socklen_t) sizeof(struct sockaddr_storage); - memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); - if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { +# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) + addr_len = (socklen_t) sizeof(addr); + memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; } - sockopt_len = sizeof(sockopt_val); - switch (addr.ss_family) { + switch (addr.sa.sa_family) { case AF_INET: sockopt_val = IP_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) perror("setsockopt"); break; +# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) case AF_INET6: sockopt_val = IPV6_PMTUDISC_DO; if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) perror("setsockopt"); break; +# endif default: ret = -1; break; @@ -440,15 +613,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; # endif case BIO_CTRL_DGRAM_QUERY_MTU: -# ifdef OPENSSL_SYS_LINUX - addr_len = (socklen_t) sizeof(struct sockaddr_storage); - memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); - if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { +# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) + addr_len = (socklen_t) sizeof(addr); + memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; } sockopt_len = sizeof(sockopt_val); - switch (addr.ss_family) { + switch (addr.sa.sa_family) { case AF_INET: if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, @@ -463,6 +636,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = data->mtu; } break; +# if OPENSSL_USE_IPV6 && defined(IPV6_MTU) case AF_INET6: if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, @@ -478,6 +652,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = data->mtu; } break; +# endif default: ret = 0; break; @@ -487,7 +662,25 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) # endif break; case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = 576 - 20 - 8; + ret = -dgram_get_mtu_overhead(data); + switch (data->peer.sa.sa_family) { + case AF_INET: + ret += 576; + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: +# ifdef IN6_IS_ADDR_V4MAPPED + if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) + ret += 576; + else +# endif + ret += 1280; + break; +# endif + default: + ret += 576; + break; + } break; case BIO_CTRL_DGRAM_GET_MTU: return data->mtu; @@ -501,22 +694,57 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) if (to != NULL) { data->connected = 1; - memcpy(&(data->peer), to, sizeof(struct sockaddr)); + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; +# endif + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } } else { data->connected = 0; - memset(&(data->peer), 0x00, sizeof(struct sockaddr)); + memset(&(data->peer), 0x00, sizeof(data->peer)); } break; case BIO_CTRL_DGRAM_GET_PEER: - to = (struct sockaddr *)ptr; - - memcpy(to, &(data->peer), sizeof(struct sockaddr)); - ret = sizeof(struct sockaddr); + switch (data->peer.sa.sa_family) { + case AF_INET: + ret = sizeof(data->peer.sa_in); + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: + ret = sizeof(data->peer.sa_in6); + break; +# endif + default: + ret = sizeof(data->peer.sa); + break; + } + if (num == 0 || num > ret) + num = ret; + memcpy(ptr, &data->peer, (ret = num)); break; case BIO_CTRL_DGRAM_SET_PEER: to = (struct sockaddr *)ptr; - - memcpy(&(data->peer), to, sizeof(struct sockaddr)); + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; +# endif + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } break; case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); @@ -542,12 +770,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) # endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { + size_t s; + int i; + } sz = { + 0 + }; +# ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { + (void *)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -555,14 +791,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } # else - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - ptr, (void *)&ret) < 0) { - perror("getsockopt"); - ret = -1; - } + sz.i = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + ptr, (void *)&sz) < 0) { + perror("getsockopt"); + ret = -1; + } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) { + OPENSSL_assert(sz.s <= sizeof(struct timeval)); + ret = (int)sz.s; + } else + ret = sz.i; # endif + } break; # endif # if defined(SO_SNDTIMEO) @@ -586,12 +827,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) # endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS { - int timeout, sz = sizeof(timeout); + union { + size_t s; + int i; + } sz = { + 0 + }; +# ifdef OPENSSL_SYS_WINDOWS + int timeout; struct timeval *tv = (struct timeval *)ptr; + + sz.i = sizeof(timeout); if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void *)&timeout, &sz) < 0) { + (void *)&timeout, &sz.i) < 0) { perror("getsockopt"); ret = -1; } else { @@ -599,14 +848,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) tv->tv_usec = (timeout % 1000) * 1000; ret = sizeof(*tv); } - } # else - if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - ptr, (void *)&ret) < 0) { - perror("getsockopt"); - ret = -1; - } + sz.i = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + ptr, (void *)&sz) < 0) { + perror("getsockopt"); + ret = -1; + } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) { + OPENSSL_assert(sz.s <= sizeof(struct timeval)); + ret = (int)sz.s; + } else + ret = sz.i; # endif + } break; # endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: @@ -632,6 +886,64 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; # endif + case BIO_CTRL_DGRAM_SET_DONT_FRAG: + sockopt_val = num ? 1 : 0; + + switch (data->peer.sa.sa_family) { + case AF_INET: +# if defined(IP_DONTFRAG) + if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, + &sockopt_val, sizeof(sockopt_val))) < 0) { + perror("setsockopt"); + ret = -1; + } +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) + if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), + (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) { + perror("setsockopt"); + ret = -1; + } +# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) + if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, + (const char *)&sockopt_val, + sizeof(sockopt_val))) < 0) { + perror("setsockopt"); + ret = -1; + } +# else + ret = -1; +# endif + break; +# if OPENSSL_USE_IPV6 + case AF_INET6: +# if defined(IPV6_DONTFRAG) + if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, + (const void *)&sockopt_val, + sizeof(sockopt_val))) < 0) { + perror("setsockopt"); + ret = -1; + } +# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) + if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), + (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) { + perror("setsockopt"); + ret = -1; + } +# else + ret = -1; +# endif + break; +# endif + default: + ret = -1; + break; + } + break; + case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: + ret = dgram_get_mtu_overhead(data); + break; default: ret = 0; break; @@ -648,6 +960,1023 @@ static int dgram_puts(BIO *bp, const char *str) return (ret); } +# ifndef OPENSSL_NO_SCTP +BIO_METHOD *BIO_s_datagram_sctp(void) +{ + return (&methods_dgramp_sctp); +} + +BIO *BIO_new_dgram_sctp(int fd, int close_flag) +{ + BIO *bio; + int ret, optval = 20000; + int auth_data = 0, auth_forward = 0; + unsigned char *p; + struct sctp_authchunk auth; + struct sctp_authchunks *authchunks; + socklen_t sockopt_len; +# ifdef SCTP_AUTHENTICATION_EVENT +# ifdef SCTP_EVENT + struct sctp_event event; +# else + struct sctp_event_subscribe event; +# endif +# endif + + bio = BIO_new(BIO_s_datagram_sctp()); + if (bio == NULL) + return (NULL); + BIO_set_fd(bio, fd, close_flag); + + /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ + auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; + ret = + setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, + sizeof(struct sctp_authchunk)); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } + auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; + ret = + setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, + sizeof(struct sctp_authchunk)); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } + + /* + * Test if activation was successful. When using accept(), SCTP-AUTH has + * to be activated for the listening socket already, otherwise the + * connected socket won't use it. + */ + sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); + authchunks = OPENSSL_malloc(sockopt_len); + if (!authchunks) { + BIO_vfree(bio); + return (NULL); + } + memset(authchunks, 0, sizeof(sockopt_len)); + ret = + getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, + &sockopt_len); + + if (ret < 0) { + OPENSSL_free(authchunks); + BIO_vfree(bio); + return (NULL); + } + + for (p = (unsigned char *)authchunks->gauth_chunks; + p < (unsigned char *)authchunks + sockopt_len; + p += sizeof(uint8_t)) { + if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) + auth_data = 1; + if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) + auth_forward = 1; + } + + OPENSSL_free(authchunks); + + OPENSSL_assert(auth_data); + OPENSSL_assert(auth_forward); + +# ifdef SCTP_AUTHENTICATION_EVENT +# ifdef SCTP_EVENT + memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_AUTHENTICATION_EVENT; + event.se_on = 1; + ret = + setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } +# else + sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); + ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } + + event.sctp_authentication_event = 1; + + ret = + setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } +# endif +# endif + + /* + * Disable partial delivery by setting the min size larger than the max + * record size of 2^14 + 2048 + 13 + */ + ret = + setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, + sizeof(optval)); + if (ret < 0) { + BIO_vfree(bio); + return (NULL); + } + + return (bio); +} + +int BIO_dgram_is_sctp(BIO *bio) +{ + return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); +} + +static int dgram_sctp_new(BIO *bi) +{ + bio_dgram_sctp_data *data = NULL; + + bi->init = 0; + bi->num = 0; + data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data)); + if (data == NULL) + return 0; + memset(data, 0x00, sizeof(bio_dgram_sctp_data)); +# ifdef SCTP_PR_SCTP_NONE + data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; +# endif + bi->ptr = data; + + bi->flags = 0; + return (1); +} + +static int dgram_sctp_free(BIO *a) +{ + bio_dgram_sctp_data *data; + + if (a == NULL) + return (0); + if (!dgram_clear(a)) + return 0; + + data = (bio_dgram_sctp_data *) a->ptr; + if (data != NULL) { + if (data->saved_message.data != NULL) + OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } + + return (1); +} + +# ifdef SCTP_AUTHENTICATION_EVENT +void dgram_sctp_handle_auth_free_key_event(BIO *b, + union sctp_notification *snp) +{ + int ret; + struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; + + if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { + struct sctp_authkeyid authkeyid; + + /* delete key */ + authkeyid.scact_keynumber = authkeyevent->auth_keynumber; + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, + &authkeyid, sizeof(struct sctp_authkeyid)); + } +} +# endif + +static int dgram_sctp_read(BIO *b, char *out, int outl) +{ + int ret = 0, n = 0, i, optval; + socklen_t optlen; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + union sctp_notification *snp; + struct msghdr msg; + struct iovec iov; + struct cmsghdr *cmsg; + char cmsgbuf[512]; + + if (out != NULL) { + clear_socket_error(); + + do { + memset(&data->rcvinfo, 0x00, + sizeof(struct bio_dgram_sctp_rcvinfo)); + iov.iov_base = out; + iov.iov_len = outl; + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = cmsgbuf; + msg.msg_controllen = 512; + msg.msg_flags = 0; + n = recvmsg(b->num, &msg, 0); + + if (n <= 0) { + if (n < 0) + ret = n; + break; + } + + if (msg.msg_controllen > 0) { + for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; + cmsg = CMSG_NXTHDR(&msg, cmsg)) { + if (cmsg->cmsg_level != IPPROTO_SCTP) + continue; +# ifdef SCTP_RCVINFO + if (cmsg->cmsg_type == SCTP_RCVINFO) { + struct sctp_rcvinfo *rcvinfo; + + rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); + data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; + data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; + data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; + data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; + data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; + data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; + data->rcvinfo.rcv_context = rcvinfo->rcv_context; + } +# endif +# ifdef SCTP_SNDRCV + if (cmsg->cmsg_type == SCTP_SNDRCV) { + struct sctp_sndrcvinfo *sndrcvinfo; + + sndrcvinfo = + (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); + data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; + data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; + data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; + data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; + data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; + data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; + data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; + } +# endif + } + } + + if (msg.msg_flags & MSG_NOTIFICATION) { + snp = (union sctp_notification *)out; + if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { +# ifdef SCTP_EVENT + struct sctp_event event; +# else + struct sctp_event_subscribe event; + socklen_t eventsize; +# endif + /* + * If a message has been delayed until the socket is dry, + * it can be sent now. + */ + if (data->saved_message.length > 0) { + dgram_sctp_write(data->saved_message.bio, + data->saved_message.data, + data->saved_message.length); + OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; + data->saved_message.length = 0; + } + + /* disable sender dry event */ +# ifdef SCTP_EVENT + memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 0; + i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); + if (i < 0) { + ret = i; + break; + } +# else + eventsize = sizeof(struct sctp_event_subscribe); + i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + &eventsize); + if (i < 0) { + ret = i; + break; + } + + event.sctp_sender_dry_event = 0; + + i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); + if (i < 0) { + ret = i; + break; + } +# endif + } +# ifdef SCTP_AUTHENTICATION_EVENT + if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) + dgram_sctp_handle_auth_free_key_event(b, snp); +# endif + + if (data->handle_notifications != NULL) + data->handle_notifications(b, data->notification_context, + (void *)out); + + memset(out, 0, outl); + } else + ret += n; + } + while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) + && (ret < outl)); + + if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { + /* Partial message read, this should never happen! */ + + /* + * The buffer was too small, this means the peer sent a message + * that was larger than allowed. + */ + if (ret == outl) + return -1; + + /* + * Test if socket buffer can handle max record size (2^14 + 2048 + * + 13) + */ + optlen = (socklen_t) sizeof(int); + ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); + if (ret >= 0) + OPENSSL_assert(optval >= 18445); + + /* + * Test if SCTP doesn't partially deliver below max record size + * (2^14 + 2048 + 13) + */ + optlen = (socklen_t) sizeof(int); + ret = + getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, + &optval, &optlen); + if (ret >= 0) + OPENSSL_assert(optval >= 18445); + + /* + * Partially delivered notification??? Probably a bug.... + */ + OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); + + /* + * Everything seems ok till now, so it's most likely a message + * dropped by PR-SCTP. + */ + memset(out, 0, outl); + BIO_set_retry_read(b); + return -1; + } + + BIO_clear_retry_flags(b); + if (ret < 0) { + if (BIO_dgram_should_retry(ret)) { + BIO_set_retry_read(b); + data->_errno = get_last_socket_error(); + } + } + + /* Test if peer uses SCTP-AUTH before continuing */ + if (!data->peer_auth_tested) { + int ii, auth_data = 0, auth_forward = 0; + unsigned char *p; + struct sctp_authchunks *authchunks; + + optlen = + (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); + authchunks = OPENSSL_malloc(optlen); + if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); + return -1; + } + memset(authchunks, 0, sizeof(optlen)); + ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, + authchunks, &optlen); + + if (ii >= 0) + for (p = (unsigned char *)authchunks->gauth_chunks; + p < (unsigned char *)authchunks + optlen; + p += sizeof(uint8_t)) { + if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) + auth_data = 1; + if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) + auth_forward = 1; + } + + OPENSSL_free(authchunks); + + if (!auth_data || !auth_forward) { + BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR); + return -1; + } + + data->peer_auth_tested = 1; + } + } + return (ret); +} + +static int dgram_sctp_write(BIO *b, const char *in, int inl) +{ + int ret; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); + struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); + struct bio_dgram_sctp_sndinfo handshake_sinfo; + struct iovec iov[1]; + struct msghdr msg; + struct cmsghdr *cmsg; +# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) + char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + + CMSG_SPACE(sizeof(struct sctp_prinfo))]; + struct sctp_sndinfo *sndinfo; + struct sctp_prinfo *prinfo; +# else + char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; + struct sctp_sndrcvinfo *sndrcvinfo; +# endif + + clear_socket_error(); + + /* + * If we're send anything else than application data, disable all user + * parameters and flags. + */ + if (in[0] != 23) { + memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo)); +# ifdef SCTP_SACK_IMMEDIATELY + handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; +# endif + sinfo = &handshake_sinfo; + } + + /* + * If we have to send a shutdown alert message and the socket is not dry + * yet, we have to save it and send it as soon as the socket gets dry. + */ + if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { + char *tmp; + data->saved_message.bio = b; + if (!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); + return -1; + } + if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); + data->saved_message.data = tmp; + memcpy(data->saved_message.data, in, inl); + data->saved_message.length = inl; + return inl; + } + + iov[0].iov_base = (char *)in; + iov[0].iov_len = inl; + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = iov; + msg.msg_iovlen = 1; + msg.msg_control = (caddr_t) cmsgbuf; + msg.msg_controllen = 0; + msg.msg_flags = 0; +# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) + cmsg = (struct cmsghdr *)cmsgbuf; + cmsg->cmsg_level = IPPROTO_SCTP; + cmsg->cmsg_type = SCTP_SNDINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); + sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); + memset(sndinfo, 0, sizeof(struct sctp_sndinfo)); + sndinfo->snd_sid = sinfo->snd_sid; + sndinfo->snd_flags = sinfo->snd_flags; + sndinfo->snd_ppid = sinfo->snd_ppid; + sndinfo->snd_context = sinfo->snd_context; + msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); + + cmsg = + (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; + cmsg->cmsg_level = IPPROTO_SCTP; + cmsg->cmsg_type = SCTP_PRINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); + prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); + memset(prinfo, 0, sizeof(struct sctp_prinfo)); + prinfo->pr_policy = pinfo->pr_policy; + prinfo->pr_value = pinfo->pr_value; + msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); +# else + cmsg = (struct cmsghdr *)cmsgbuf; + cmsg->cmsg_level = IPPROTO_SCTP; + cmsg->cmsg_type = SCTP_SNDRCV; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); + sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); + memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); + sndrcvinfo->sinfo_stream = sinfo->snd_sid; + sndrcvinfo->sinfo_flags = sinfo->snd_flags; +# ifdef __FreeBSD__ + sndrcvinfo->sinfo_flags |= pinfo->pr_policy; +# endif + sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; + sndrcvinfo->sinfo_context = sinfo->snd_context; + sndrcvinfo->sinfo_timetolive = pinfo->pr_value; + msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); +# endif + + ret = sendmsg(b->num, &msg, 0); + + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_dgram_should_retry(ret)) { + BIO_set_retry_write(b); + data->_errno = get_last_socket_error(); + } + } + return (ret); +} + +static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; + bio_dgram_sctp_data *data = NULL; + socklen_t sockopt_len = 0; + struct sctp_authkeyid authkeyid; + struct sctp_authkey *authkey = NULL; + + data = (bio_dgram_sctp_data *) b->ptr; + + switch (cmd) { + case BIO_CTRL_DGRAM_QUERY_MTU: + /* + * Set to maximum (2^14) and ignore user input to enable transport + * protocol fragmentation. Returns always 2^14. + */ + data->mtu = 16384; + ret = data->mtu; + break; + case BIO_CTRL_DGRAM_SET_MTU: + /* + * Set to maximum (2^14) and ignore input to enable transport + * protocol fragmentation. Returns always 2^14. + */ + data->mtu = 16384; + ret = data->mtu; + break; + case BIO_CTRL_DGRAM_SET_CONNECTED: + case BIO_CTRL_DGRAM_CONNECT: + /* Returns always -1. */ + ret = -1; + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + /* + * SCTP doesn't need the DTLS timer Returns always 1. + */ + break; + case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: + /* + * We allow transport protocol fragmentation so this is irrelevant + */ + ret = 0; + break; + case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: + if (num > 0) + data->in_handshake = 1; + else + data->in_handshake = 0; + + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, + &data->in_handshake, sizeof(int)); + break; + case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: + /* + * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. + */ + + /* Get active key */ + sockopt_len = sizeof(struct sctp_authkeyid); + ret = + getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, + &sockopt_len); + if (ret < 0) + break; + + /* Add new key */ + sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); + authkey = OPENSSL_malloc(sockopt_len); + if (authkey == NULL) { + ret = -1; + break; + } + memset(authkey, 0x00, sockopt_len); + authkey->sca_keynumber = authkeyid.scact_keynumber + 1; +# ifndef __FreeBSD__ + /* + * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 + * and higher work without it. + */ + authkey->sca_keylength = 64; +# endif + memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); + + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, + sockopt_len); + OPENSSL_free(authkey); + authkey = NULL; + if (ret < 0) + break; + + /* Reset active key */ + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, sizeof(struct sctp_authkeyid)); + if (ret < 0) + break; + + break; + case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: + /* Returns 0 on success, -1 otherwise. */ + + /* Get active key */ + sockopt_len = sizeof(struct sctp_authkeyid); + ret = + getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, + &sockopt_len); + if (ret < 0) + break; + + /* Set active key */ + authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, sizeof(struct sctp_authkeyid)); + if (ret < 0) + break; + + /* + * CCS has been sent, so remember that and fall through to check if + * we need to deactivate an old key + */ + data->ccs_sent = 1; + + case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: + /* Returns 0 on success, -1 otherwise. */ + + /* + * Has this command really been called or is this just a + * fall-through? + */ + if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) + data->ccs_rcvd = 1; + + /* + * CSS has been both, received and sent, so deactivate an old key + */ + if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { + /* Get active key */ + sockopt_len = sizeof(struct sctp_authkeyid); + ret = + getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, + &authkeyid, &sockopt_len); + if (ret < 0) + break; + + /* + * Deactivate key or delete second last key if + * SCTP_AUTHENTICATION_EVENT is not available. + */ + authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; +# ifdef SCTP_AUTH_DEACTIVATE_KEY + sockopt_len = sizeof(struct sctp_authkeyid); + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, + &authkeyid, sockopt_len); + if (ret < 0) + break; +# endif +# ifndef SCTP_AUTHENTICATION_EVENT + if (authkeyid.scact_keynumber > 0) { + authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; + ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, + &authkeyid, sizeof(struct sctp_authkeyid)); + if (ret < 0) + break; + } +# endif + + data->ccs_rcvd = 0; + data->ccs_sent = 0; + } + break; + case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) + num = sizeof(struct bio_dgram_sctp_sndinfo); + + memcpy(ptr, &(data->sndinfo), num); + ret = num; + break; + case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) + num = sizeof(struct bio_dgram_sctp_sndinfo); + + memcpy(&(data->sndinfo), ptr, num); + break; + case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) + num = sizeof(struct bio_dgram_sctp_rcvinfo); + + memcpy(ptr, &data->rcvinfo, num); + + ret = num; + break; + case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) + num = sizeof(struct bio_dgram_sctp_rcvinfo); + + memcpy(&(data->rcvinfo), ptr, num); + break; + case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) + num = sizeof(struct bio_dgram_sctp_prinfo); + + memcpy(ptr, &(data->prinfo), num); + ret = num; + break; + case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: + /* Returns the size of the copied struct. */ + if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) + num = sizeof(struct bio_dgram_sctp_prinfo); + + memcpy(&(data->prinfo), ptr, num); + break; + case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: + /* Returns always 1. */ + if (num > 0) + data->save_shutdown = 1; + else + data->save_shutdown = 0; + break; + + default: + /* + * Pass to default ctrl function to process SCTP unspecific commands + */ + ret = dgram_ctrl(b, cmd, num, ptr); + break; + } + return (ret); +} + +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void + *context, + void *buf), + void *context) +{ + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + + if (handle_notifications != NULL) { + data->handle_notifications = handle_notifications; + data->notification_context = context; + } else + return -1; + + return 0; +} + +int BIO_dgram_sctp_wait_for_dry(BIO *b) +{ + int is_dry = 0; + int n, sockflags, ret; + union sctp_notification snp; + struct msghdr msg; + struct iovec iov; +# ifdef SCTP_EVENT + struct sctp_event event; +# else + struct sctp_event_subscribe event; + socklen_t eventsize; +# endif + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + + /* set sender dry event */ +# ifdef SCTP_EVENT + memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 1; + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); +# else + eventsize = sizeof(struct sctp_event_subscribe); + ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); + if (ret < 0) + return -1; + + event.sctp_sender_dry_event = 1; + + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); +# endif + if (ret < 0) + return -1; + + /* peek for notification */ + memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + + n = recvmsg(b->num, &msg, MSG_PEEK); + if (n <= 0) { + if ((n < 0) && (get_last_socket_error() != EAGAIN) + && (get_last_socket_error() != EWOULDBLOCK)) + return -1; + else + return 0; + } + + /* if we find a notification, process it and try again if necessary */ + while (msg.msg_flags & MSG_NOTIFICATION) { + memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + + n = recvmsg(b->num, &msg, 0); + if (n <= 0) { + if ((n < 0) && (get_last_socket_error() != EAGAIN) + && (get_last_socket_error() != EWOULDBLOCK)) + return -1; + else + return is_dry; + } + + if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { + is_dry = 1; + + /* disable sender dry event */ +# ifdef SCTP_EVENT + memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 0; + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, + sizeof(struct sctp_event)); +# else + eventsize = (socklen_t) sizeof(struct sctp_event_subscribe); + ret = + getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + &eventsize); + if (ret < 0) + return -1; + + event.sctp_sender_dry_event = 0; + + ret = + setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, + sizeof(struct sctp_event_subscribe)); +# endif + if (ret < 0) + return -1; + } +# ifdef SCTP_AUTHENTICATION_EVENT + if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) + dgram_sctp_handle_auth_free_key_event(b, &snp); +# endif + + if (data->handle_notifications != NULL) + data->handle_notifications(b, data->notification_context, + (void *)&snp); + + /* found notification, peek again */ + memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + + /* if we have seen the dry already, don't wait */ + if (is_dry) { + sockflags = fcntl(b->num, F_GETFL, 0); + fcntl(b->num, F_SETFL, O_NONBLOCK); + } + + n = recvmsg(b->num, &msg, MSG_PEEK); + + if (is_dry) { + fcntl(b->num, F_SETFL, sockflags); + } + + if (n <= 0) { + if ((n < 0) && (get_last_socket_error() != EAGAIN) + && (get_last_socket_error() != EWOULDBLOCK)) + return -1; + else + return is_dry; + } + } + + /* read anything else */ + return is_dry; +} + +int BIO_dgram_sctp_msg_waiting(BIO *b) +{ + int n, sockflags; + union sctp_notification snp; + struct msghdr msg; + struct iovec iov; + bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; + + /* Check if there are any messages waiting to be read */ + do { + memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + + sockflags = fcntl(b->num, F_GETFL, 0); + fcntl(b->num, F_SETFL, O_NONBLOCK); + n = recvmsg(b->num, &msg, MSG_PEEK); + fcntl(b->num, F_SETFL, sockflags); + + /* if notification, process and try again */ + if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { +# ifdef SCTP_AUTHENTICATION_EVENT + if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) + dgram_sctp_handle_auth_free_key_event(b, &snp); +# endif + + memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; + msg.msg_namelen = 0; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + n = recvmsg(b->num, &msg, 0); + + if (data->handle_notifications != NULL) + data->handle_notifications(b, data->notification_context, + (void *)&snp); + } + + } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); + + /* Return 1 if there is a message to be read, return 0 otherwise. */ + if (n > 0) + return 1; + else + return 0; +} + +static int dgram_sctp_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = dgram_sctp_write(bp, str, n); + return (ret); +} +# endif + static int BIO_dgram_should_retry(int i) { int err; @@ -725,11 +2054,22 @@ int BIO_dgram_non_fatal_error(int err) static void get_current_time(struct timeval *t) { -# ifdef OPENSSL_SYS_WIN32 - struct _timeb tb; - _ftime(&tb); - t->tv_sec = (long)tb.time; - t->tv_usec = (long)tb.millitm * 1000; +# if defined(_WIN32) + SYSTEMTIME st; + union { + unsigned __int64 ul; + FILETIME ft; + } now; + + GetSystemTime(&st); + SystemTimeToFileTime(&st, &now.ft); +# ifdef __MINGW32__ + now.ul -= 116444736000000000ULL; +# else + now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ +# endif + t->tv_sec = (long)(now.ul / 10000000); + t->tv_usec = ((int)(now.ul % 10000000)) / 10; # elif defined(OPENSSL_SYS_VMS) struct timeb tb; ftime(&tb); diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c index ad554dfc..5f4e3448 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c @@ -60,6 +60,31 @@ #include <errno.h> #define USE_SOCKETS #include "cryptlib.h" + +#if defined(OPENSSL_NO_POSIX_IO) +/* + * Dummy placeholder for BIO_s_fd... + */ +BIO *BIO_new_fd(int fd, int close_flag) +{ + return NULL; +} + +int BIO_fd_non_fatal_error(int err) +{ + return 0; +} + +int BIO_fd_should_retry(int i) +{ + return 0; +} + +BIO_METHOD *BIO_s_fd(void) +{ + return NULL; +} +#else /* * As for unconditional usage of "UPLINK" interface in this module. * Trouble is that unlike Unix file descriptors [which are indexes @@ -72,11 +97,12 @@ * file descriptors can only be provided by application. Therefore * "UPLINK" calls are due... */ -#include "bio_lcl.h" +# include "bio_lcl.h" static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); static int fd_puts(BIO *h, const char *str); +static int fd_gets(BIO *h, char *buf, int size); static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int fd_new(BIO *h); static int fd_free(BIO *data); @@ -87,7 +113,7 @@ static BIO_METHOD methods_fdp = { fd_write, fd_read, fd_puts, - NULL, /* fd_gets, */ + fd_gets, fd_ctrl, fd_new, fd_free, @@ -221,6 +247,22 @@ static int fd_puts(BIO *bp, const char *str) return (ret); } +static int fd_gets(BIO *bp, char *buf, int size) +{ + int ret = 0; + char *ptr = buf; + char *end = buf + size - 1; + + while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) + ptr++; + + ptr[0] = '\0'; + + if (buf[0] != '\0') + ret = strlen(buf); + return (ret); +} + int BIO_fd_should_retry(int i) { int err; @@ -228,11 +270,11 @@ int BIO_fd_should_retry(int i) if ((i == 0) || (i == -1)) { err = get_last_sys_error(); -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps +# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps * not? Ben 4/1/99 */ if ((i == -1) && (err == 0)) return (1); -#endif +# endif return (BIO_fd_non_fatal_error(err)); } @@ -243,41 +285,41 @@ int BIO_fd_non_fatal_error(int err) { switch (err) { -#ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK +# ifdef EWOULDBLOCK +# ifdef WSAEWOULDBLOCK +# if WSAEWOULDBLOCK != EWOULDBLOCK case EWOULDBLOCK: -# endif -# else +# endif +# else case EWOULDBLOCK: +# endif # endif -#endif -#if defined(ENOTCONN) +# if defined(ENOTCONN) case ENOTCONN: -#endif +# endif -#ifdef EINTR +# ifdef EINTR case EINTR: -#endif +# endif -#ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN +# ifdef EAGAIN +# if EWOULDBLOCK != EAGAIN case EAGAIN: +# endif # endif -#endif -#ifdef EPROTO +# ifdef EPROTO case EPROTO: -#endif +# endif -#ifdef EINPROGRESS +# ifdef EINPROGRESS case EINPROGRESS: -#endif +# endif -#ifdef EALREADY +# ifdef EALREADY case EALREADY: -#endif +# endif return (1); /* break; */ default: @@ -285,3 +327,4 @@ int BIO_fd_non_fatal_error(int err) } return (0); } +#endif diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c index 81e5b940..153b6fa2 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c @@ -118,9 +118,53 @@ static BIO_METHOD methods_filep = { BIO *BIO_new_file(const char *filename, const char *mode) { BIO *ret; - FILE *file; - - if ((file = fopen(filename, mode)) == NULL) { + FILE *file = NULL; + +# if defined(_WIN32) && defined(CP_UTF8) + int sz, len_0 = (int)strlen(filename) + 1; + DWORD flags; + + /* + * Basically there are three cases to cover: a) filename is + * pure ASCII string; b) actual UTF-8 encoded string and + * c) locale-ized string, i.e. one containing 8-bit + * characters that are meaningful in current system locale. + * If filename is pure ASCII or real UTF-8 encoded string, + * MultiByteToWideChar succeeds and _wfopen works. If + * filename is locale-ized string, chances are that + * MultiByteToWideChar fails reporting + * ERROR_NO_UNICODE_TRANSLATION, in which case we fall + * back to fopen... + */ + if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), + filename, len_0, NULL, 0)) > 0 || + (GetLastError() == ERROR_INVALID_FLAGS && + (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), + filename, len_0, NULL, 0)) > 0) + ) { + WCHAR wmode[8]; + WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); + + if (MultiByteToWideChar(CP_UTF8, flags, + filename, len_0, wfilename, sz) && + MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, + wmode, sizeof(wmode) / sizeof(wmode[0])) && + (file = _wfopen(wfilename, wmode)) == NULL && + (errno == ENOENT || errno == EBADF) + ) { + /* + * UTF-8 decode succeeded, but no file, filename + * could still have been locale-ized... + */ + file = fopen(filename, mode); + } + } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { + file = fopen(filename, mode); + } +# else + file = fopen(filename, mode); +# endif + if (file == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT) @@ -129,7 +173,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); return (NULL); } - if ((ret = BIO_new(BIO_s_file_internal())) == NULL) { + if ((ret = BIO_new(BIO_s_file())) == NULL) { fclose(file); return (NULL); } @@ -284,9 +328,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd, _O_BINARY); # elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) int fd = fileno((FILE *)ptr); - /* - * Under CLib there are differences in file modes - */ + /* Under CLib there are differences in file modes */ if (num & BIO_FP_TEXT) setmode(fd, O_TEXT); else @@ -304,7 +346,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) } else _setmode(fd, _O_BINARY); } -# elif defined(OPENSSL_SYS_OS2) +# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE *)ptr); if (num & BIO_FP_TEXT) setmode(fd, O_TEXT); @@ -418,7 +460,7 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str) return (ret); } -#else +# else BIO_METHOD *BIO_s_file(void) { diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c index 679d205f..1283a525 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c @@ -69,12 +69,21 @@ #if defined(OPENSSL_SYS_WINCE) #elif defined(OPENSSL_SYS_WIN32) -# include <process.h> #elif defined(OPENSSL_SYS_VMS) # include <opcdef.h> # include <descrip.h> # include <lib$routines.h> # include <starlet.h> +/* Some compiler options may mask the declaration of "_malloc32". */ +# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +void *_malloc32(__size_t); +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ +# endif /* __INITIAL_POINTER_SIZE && defined + * _ANSI_C_SOURCE */ #elif defined(__ultrix) # include <sys/syslog.h> #elif defined(OPENSSL_SYS_NETWARE) @@ -121,18 +130,6 @@ static int MS_CALLBACK slg_free(BIO *data); static void xopenlog(BIO *bp, char *name, int level); static void xsyslog(BIO *bp, int priority, const char *string); static void xcloselog(BIO *bp); -# ifdef OPENSSL_SYS_WIN32 -LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx; -HANDLE(WINAPI *register_event_source) () = NULL; -BOOL(WINAPI *deregister_event_source) () = NULL; -BOOL(WINAPI *report_event) () = NULL; -# define DL_PROC(m,f) (GetProcAddress( m, f )) -# ifdef UNICODE -# define DL_PROC_X(m,f) DL_PROC( m, f "W" ) -# else -# define DL_PROC_X(m,f) DL_PROC( m, f "A" ) -# endif -# endif static BIO_METHOD methods_slg = { BIO_TYPE_MEM, "syslog", @@ -174,7 +171,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) char *buf; char *pp; int priority, i; - static struct { + static const struct { int strl; char str[10]; int log_level; @@ -286,32 +283,20 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str) static void xopenlog(BIO *bp, char *name, int level) { - if (!register_event_source) { - HANDLE advapi; - if (!(advapi = GetModuleHandle("advapi32"))) - return; - register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi, - "RegisterEventSource"); - deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi, - "DeregisterEventSource"); - report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent"); - if (!(register_event_source && deregister_event_source && - report_event)) { - register_event_source = NULL; - deregister_event_source = NULL; - report_event = NULL; - return; - } - } - bp->ptr = (char *)register_event_source(NULL, name); + if (check_winnt()) + bp->ptr = RegisterEventSourceA(NULL, name); + else + bp->ptr = NULL; } static void xsyslog(BIO *bp, int priority, const char *string) { LPCSTR lpszStrings[2]; WORD evtype = EVENTLOG_ERROR_TYPE; - int pid = _getpid(); - char pidbuf[DECIMAL_SIZE(pid) + 4]; + char pidbuf[DECIMAL_SIZE(DWORD) + 4]; + + if (bp->ptr == NULL) + return; switch (priority) { case LOG_EMERG: @@ -337,18 +322,17 @@ static void xsyslog(BIO *bp, int priority, const char *string) break; } - sprintf(pidbuf, "[%d] ", pid); + sprintf(pidbuf, "[%u] ", GetCurrentProcessId()); lpszStrings[0] = pidbuf; lpszStrings[1] = string; - if (report_event && bp->ptr) - report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); + ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); } static void xcloselog(BIO *bp) { - if (deregister_event_source && bp->ptr) - deregister_event_source((HANDLE) (bp->ptr)); + if (bp->ptr) + DeregisterEventSource((HANDLE) (bp->ptr)); bp->ptr = NULL; } @@ -364,7 +348,24 @@ static void xopenlog(BIO *bp, char *name, int level) static void xsyslog(BIO *bp, int priority, const char *string) { struct dsc$descriptor_s opc_dsc; + +/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size save +# pragma pointer_size 32 +# define OPCDEF_TYPE __char_ptr32 +# define OPCDEF_MALLOC _malloc32 +# else /* __INITIAL_POINTER_SIZE == 64 */ +# define OPCDEF_TYPE char * +# define OPCDEF_MALLOC OPENSSL_malloc +# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ + struct opcdef *opcdef_p; + +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +# endif /* __INITIAL_POINTER_SIZE == 64 */ + char buf[10240]; unsigned int len; struct dsc$descriptor_s buf_dsc; @@ -405,8 +406,8 @@ static void xsyslog(BIO *bp, int priority, const char *string) lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); - /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len); + /* We know there's an 8-byte header. That's documented. */ + opcdef_p = OPCDEF_MALLOC(8 + len); opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); opcdef_p->opc$l_ms_rqstid = 0; @@ -414,7 +415,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; + opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; opc_dsc.dsc$w_length = len + 8; sys$sndopr(opc_dsc, 0); diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c index 9e6f097a..d190765d 100644 --- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c @@ -95,18 +95,19 @@ BIO *BIO_new_mem_buf(void *buf, int len) { BIO *ret; BUF_MEM *b; + size_t sz; + if (!buf) { BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); return NULL; } - if (len == -1) - len = strlen(buf); + sz = (len < 0) ? strlen(buf) : (size_t)len; if (!(ret = BIO_new(BIO_s_mem()))) return NULL; b = (BUF_MEM *)ret->ptr; b->data = buf; - b->length = len; - b->max = len; + b->length = sz; + b->max = sz; ret->flags |= BIO_FLAGS_MEM_RDONLY; /* Since this is static data retrying wont help */ ret->num = 0; @@ -147,23 +148,17 @@ static int mem_read(BIO *b, char *out, int outl) { int ret = -1; BUF_MEM *bm; - int i; - char *from, *to; bm = (BUF_MEM *)b->ptr; BIO_clear_retry_flags(b); - ret = (outl > bm->length) ? bm->length : outl; + ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; if ((out != NULL) && (ret > 0)) { memcpy(out, bm->data, ret); bm->length -= ret; - /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ if (b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; else { - from = (char *)&(bm->data[ret]); - to = (char *)&(bm->data[0]); - for (i = 0; i < bm->length; i++) - to[i] = from[i]; + memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); } } else if (bm->length == 0) { ret = b->num; diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c new file mode 100644 index 00000000..6194d2c0 --- /dev/null +++ b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c @@ -0,0 +1,287 @@ +/* crypto/bio/bss_sock.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <errno.h> +#define USE_SOCKETS +#include "cryptlib.h" + +#ifndef OPENSSL_NO_SOCK + +# include <openssl/bio.h> + +# ifdef WATT32 +# define sock_write SockWrite /* Watt-32 uses same names */ +# define sock_read SockRead +# define sock_puts SockPuts +# endif + +static int sock_write(BIO *h, const char *buf, int num); +static int sock_read(BIO *h, char *buf, int size); +static int sock_puts(BIO *h, const char *str); +static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int sock_new(BIO *h); +static int sock_free(BIO *data); +int BIO_sock_should_retry(int s); + +static BIO_METHOD methods_sockp = { + BIO_TYPE_SOCKET, + "socket", + sock_write, + sock_read, + sock_puts, + NULL, /* sock_gets, */ + sock_ctrl, + sock_new, + sock_free, + NULL, +}; + +BIO_METHOD *BIO_s_socket(void) +{ + return (&methods_sockp); +} + +BIO *BIO_new_socket(int fd, int close_flag) +{ + BIO *ret; + + ret = BIO_new(BIO_s_socket()); + if (ret == NULL) + return (NULL); + BIO_set_fd(ret, fd, close_flag); + return (ret); +} + +static int sock_new(BIO *bi) +{ + bi->init = 0; + bi->num = 0; + bi->ptr = NULL; + bi->flags = 0; + return (1); +} + +static int sock_free(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if (a->init) { + SHUTDOWN2(a->num); + } + a->init = 0; + a->flags = 0; + } + return (1); +} + +static int sock_read(BIO *b, char *out, int outl) +{ + int ret = 0; + + if (out != NULL) { + clear_socket_error(); + ret = readsocket(b->num, out, outl); + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_read(b); + } + } + return (ret); +} + +static int sock_write(BIO *b, const char *in, int inl) +{ + int ret; + + clear_socket_error(); + ret = writesocket(b->num, in, inl); + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_sock_should_retry(ret)) + BIO_set_retry_write(b); + } + return (ret); +} + +static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; + int *ip; + + switch (cmd) { + case BIO_C_SET_FD: + sock_free(b); + b->num = *((int *)ptr); + b->shutdown = (int)num; + b->init = 1; + break; + case BIO_C_GET_FD: + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = b->num; + ret = b->num; + } else + ret = -1; + break; + case BIO_CTRL_GET_CLOSE: + ret = b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; + case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: + ret = 1; + break; + default: + ret = 0; + break; + } + return (ret); +} + +static int sock_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = sock_write(bp, str, n); + return (ret); +} + +int BIO_sock_should_retry(int i) +{ + int err; + + if ((i == 0) || (i == -1)) { + err = get_last_socket_error(); + +# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps + * not? Ben 4/1/99 */ + if ((i == -1) && (err == 0)) + return (1); +# endif + + return (BIO_sock_non_fatal_error(err)); + } + return (0); +} + +int BIO_sock_non_fatal_error(int err) +{ + switch (err) { +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) +# if defined(WSAEWOULDBLOCK) + case WSAEWOULDBLOCK: +# endif + +# if 0 /* This appears to always be an error */ +# if defined(WSAENOTCONN) + case WSAENOTCONN: +# endif +# endif +# endif + +# ifdef EWOULDBLOCK +# ifdef WSAEWOULDBLOCK +# if WSAEWOULDBLOCK != EWOULDBLOCK + case EWOULDBLOCK: +# endif +# else + case EWOULDBLOCK: +# endif +# endif + +# if defined(ENOTCONN) + case ENOTCONN: +# endif + +# ifdef EINTR + case EINTR: +# endif + +# ifdef EAGAIN +# if EWOULDBLOCK != EAGAIN + case EAGAIN: +# endif +# endif + +# ifdef EPROTO + case EPROTO: +# endif + +# ifdef EINPROGRESS + case EINPROGRESS: +# endif + +# ifdef EALREADY + case EALREADY: +# endif + return (1); + /* break; */ + default: + break; + } + return (0); +} + +#endif /* #ifndef OPENSSL_NO_SOCK */ |