static int win32_unload(DSO *dso)
{
HINSTANCE *p;
if(dso == NULL)
{
DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
return(0);
}
if(sk_num(dso->meth_data) < 1)
return(1);
p = (HINSTANCE *)sk_pop(dso->meth_data);
if(p == NULL)
{
DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
return(0);
}
if(!FreeLibrary(*p))
{
DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
/* We should push the value back onto the stack in
* case of a retry. */
sk_push(dso->meth_data, (char *)p);
return(0);
}
/* Cleanup */
OPENSSL_free(p);
return(1);
}
static int beos_unload (DSO * dso)
{
image_id id;
if (dso == NULL)
{
DSOerr (DSO_F_BEOS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
if (sk_num (dso->meth_data) < 1)
return (1);
id = (image_id) sk_pop (dso->meth_data);
if (id < 1)
{
DSOerr (DSO_F_BEOS_UNLOAD, DSO_R_NULL_HANDLE);
return (0);
}
if (unload_add_on (id) != B_OK)
{
DSOerr (DSO_F_BEOS_UNLOAD, DSO_R_UNLOAD_FAILED);
/* We should push the value back onto the stack in
* case of a retry. */
sk_push (dso->meth_data, (char *) id);
return (0);
}
return (1);
}
void st_destroyAll(){
STNODE* n;
STACKNODE *sn = NULL;
while((sn = sk_top(&st_mem)) != NULL){
if(sn->data1 != NULL) free(sn->data1);
sk_pop(&st_mem);
}
}
void
cga_free_keystack(_STACK *sk)
{
EVP_PKEY *k;
while ((k = (EVP_PKEY *)sk_pop(sk)) != NULL) {
EVP_PKEY_free(k);
}
sk_free(sk);
}
/* Note that this doesn't actually unload the shared image, as there is no
* such thing in VMS. Next time it get loaded again, a new copy will
* actually be loaded.
*/
static int vms_unload(DSO *dso)
{
DSO_VMS_INTERNAL *p;
if(dso == NULL)
{
DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
return(0);
}
if(sk_num(dso->meth_data) < 1)
return(1);
p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
if(p == NULL)
{
DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
return(0);
}
/* Cleanup */
OPENSSL_free(p);
return(1);
}
static int dl_unload(DSO *dso)
{
shl_t ptr;
if (dso == NULL) {
DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
if (sk_num(dso->meth_data) < 1)
return (1);
/* Is this statement legal? */
ptr = (shl_t) sk_pop(dso->meth_data);
if (ptr == NULL) {
DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
/*
* Should push the value back onto the stack in case of a retry.
*/
sk_push(dso->meth_data, (char *)ptr);
return (0);
}
shl_unload(ptr);
return (1);
}
static int dlfcn_unload(DSO *dso)
{
void *ptr;
if(dso == NULL)
{
DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
return(0);
}
if(sk_num(dso->meth_data) < 1)
return(1);
ptr = (void *)sk_pop(dso->meth_data);
if(ptr == NULL)
{
DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
/* Should push the value back onto the stack in
* case of a retry. */
sk_push(dso->meth_data, (char *)ptr);
return(0);
}
/* For now I'm not aware of any errors associated with dlclose() */
dlclose(ptr);
return(1);
}
/* Switch on a filedescriptor */
int ggz_tls_enable_fd(int fd, GGZTLSType mode, GGZTLSVerificationType verify)
{
int ret, ret2;
STACK_OF(SSL_CIPHER) *stack;
SSL_CIPHER *cipher;
int bits;
char *cipherlist;
SSL *_tls;
int _tls_active;
struct list_entry *entry;
_state = 1;
_tls_active = 0;
if((mode != GGZ_TLS_CLIENT) && (mode != GGZ_TLS_SERVER))
{
TLSERROR("Wrong mode.");
return 0;
}
if(!_tlsctx) tls_init(verify);
_tls = SSL_new(_tlsctx);
if(_tls)
{
cipherlist = NULL;
stack = SSL_get_ciphers(_tls);
while((cipher = (SSL_CIPHER*)sk_pop(stack)) != NULL)
{
printf("* Cipher: %s\n", SSL_CIPHER_get_name(cipher));
printf(" Bits: %i\n", SSL_CIPHER_get_bits(cipher, &bits));
printf(" Used bits: %i\n", bits);
printf(" Version: %s\n", SSL_CIPHER_get_version(cipher));
printf(" Description: %s\n", SSL_CIPHER_description(cipher, NULL, 0));
if(cipherlist)
{
cipherlist = (char*)realloc(cipherlist, (strlen(cipherlist) + 1) + strlen(SSL_CIPHER_get_name(cipher)) + 1);
strcat(cipherlist, ":");
strcat(cipherlist, SSL_CIPHER_get_name(cipher));
}
else
{
cipherlist = (char*)malloc(strlen(SSL_CIPHER_get_name(cipher)) + 1);
strcpy(cipherlist, SSL_CIPHER_get_name(cipher));
}
}
printf("Available ciphers: %s\n", cipherlist);
ret = SSL_set_cipher_list(_tls, cipherlist);
if(!ret) TLSERROR("Cipher selection failed.");
ret = SSL_set_fd(_tls, fd);
if(!ret) TLSERROR("Assignment to connection failed.");
else
{
SSL_set_read_ahead(_tls, 1);
if(mode == GGZ_TLS_SERVER)
{
tls_certkey(_tls);
if(_state)
{
SSL_set_accept_state(_tls);
ret = SSL_accept(_tls);
}
}
else
{
SSL_set_connect_state(_tls);
ret = SSL_connect(_tls);
}
if((ret != 1) || (!_state))
{
printf("Ret: %i, State: %i\n", ret, _state);
TLSERROR("Handshake failed.");
ret2 = ERR_get_error();
printf("EXT: %s\n%s\n%s\n%s\n%s\n", tls_exterror(_tls, ret), ERR_error_string(ret2, NULL),
ERR_lib_error_string(ret2), ERR_func_error_string(ret2), ERR_reason_error_string(ret2));
}
else
{
printf(">>>>> Handshake successful.\n");
if((mode == GGZ_TLS_SERVER) || (verify == GGZ_TLS_VERIFY_NONE)) _tls_active = 1;
else
{
printf(">>>>> Client side, thus checking Certificate.\n");
printf("Negotiated cipher: %s\n", SSL_get_cipher(_tls));
printf("Shared ciphers: %s\n", SSL_get_shared_ciphers(_tls, NULL, 0));
if(SSL_get_peer_certificate(_tls))
{
if(SSL_get_verify_result(_tls) == X509_V_OK)
{
_tls_active = 1;
}
else
{
printf("Error code: %li\n", SSL_get_verify_result(_tls));
TLSERROR("Invalid certificate, or certificate is not self-signed.");
}
}
else TLSERROR("Couldn't get certificate.");
}
}
entry = (struct list_entry*)ggz_malloc(sizeof(struct list_entry));
entry->tls = _tls;
entry->fd = fd;
entry->active = _tls_active;
ggz_list_insert(openssllist, entry);
return 1;
}
}
return 0;
}
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx)
{
int flags, aclass;
int ret;
const unsigned char *p, *q;
if (!val)
return 0;
flags = tt->flags;
aclass = flags & ASN1_TFLG_TAG_CLASS;
p = *in;
q = p;
if (flags & ASN1_TFLG_SK_MASK)
{
/* SET OF, SEQUENCE OF */
int sktag, skaclass;
char sk_eoc;
/* First work out expected inner tag value */
if (flags & ASN1_TFLG_IMPTAG)
{
sktag = tt->tag;
skaclass = aclass;
}
else
{
skaclass = V_ASN1_UNIVERSAL;
if (flags & ASN1_TFLG_SET_OF)
sktag = V_ASN1_SET;
else
sktag = V_ASN1_SEQUENCE;
}
/* Get the tag */
ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
&p, len, sktag, skaclass, opt, ctx);
if (!ret)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
return 0;
}
else if (ret == -1)
return -1;
if (!*val)
*val = (ASN1_VALUE *)sk_new_null();
else
{
/* We've got a valid STACK: free up any items present */
STACK *sktmp = (STACK *)*val;
ASN1_VALUE *vtmp;
while(sk_num(sktmp) > 0)
{
vtmp = (ASN1_VALUE *)sk_pop(sktmp);
ASN1_item_ex_free(&vtmp,
ASN1_ITEM_ptr(tt->item));
}
}
if (!*val)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_MALLOC_FAILURE);
goto err;
}
/* Read as many items as we can */
while(len > 0)
{
ASN1_VALUE *skfield;
q = p;
/* See if EOC found */
if (asn1_check_eoc(&p, len))
{
if (!sk_eoc)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ASN1_R_UNEXPECTED_EOC);
goto err;
}
len -= p - q;
sk_eoc = 0;
break;
}
skfield = NULL;
if (!ASN1_item_ex_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item),
-1, 0, 0, ctx))
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
}
len -= p - q;
if (!sk_push((STACK *)*val, (char *)skfield))
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_MALLOC_FAILURE);
goto err;
}
}
if (sk_eoc)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
goto err;
}
}
else if (flags & ASN1_TFLG_IMPTAG)
{
/* IMPLICIT tagging */
ret = ASN1_item_ex_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
if (!ret)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
}
else if (ret == -1)
return -1;
}
else
{
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, opt, ctx);
if (!ret)
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
}
else if (ret == -1)
return -1;
}
*in = p;
return 1;
err:
ASN1_template_free(val, tt);
return 0;
}
NOEXPORT int compression_init(GLOBAL_OPTIONS *global) {
STACK_OF(SSL_COMP) *methods;
methods=SSL_COMP_get_compression_methods();
if(!methods) {
if(global->compression==COMP_NONE) {
s_log(LOG_NOTICE, "Failed to get compression methods");
return 0; /* ignore */
} else {
s_log(LOG_ERR, "Failed to get compression methods");
return 1;
}
}
if(global->compression==COMP_NONE ||
SSLeay()<0x00908051L /* 0.9.8e-beta1 */) {
/* delete OpenSSL defaults (empty the SSL_COMP stack) */
/* cannot use sk_SSL_COMP_pop_free,
* as it also destroys the stack itself */
/* only leave the standard RFC 1951 (DEFLATE) algorithm,
* if any of the private algorithms is enabled */
/* only allow DEFLATE with OpenSSL 0.9.8 or later
* with OpenSSL #1468 zlib memory leak fixed */
while(sk_SSL_COMP_num(methods))
#if OPENSSL_VERSION_NUMBER>=0x10100000L
/* FIXME: remove when sk_SSL_COMP_pop() works again */
OPENSSL_free(sk_pop((void *)methods));
#else
OPENSSL_free(sk_SSL_COMP_pop(methods));
#endif
}
if(global->compression==COMP_NONE) {
s_log(LOG_DEBUG, "Compression disabled");
return 0; /* success */
}
/* also insert the obsolete ZLIB algorithm */
if(global->compression==COMP_ZLIB) {
/* 224 - within the private range (193 to 255) */
COMP_METHOD *meth=COMP_zlib();
#if OPENSSL_VERSION_NUMBER>=0x10100000L
if(!meth || COMP_get_type(meth)==NID_undef) {
#else
if(!meth || meth->type==NID_undef) {
#endif
s_log(LOG_ERR, "ZLIB compression is not supported");
return 1;
}
SSL_COMP_add_compression_method(0xe0, meth);
}
s_log(LOG_INFO, "Compression enabled: %d method(s)",
sk_SSL_COMP_num(methods));
return 0; /* success */
}
#endif /* OPENSSL_NO_COMP */
NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
int totbytes=0;
char filename[256];
#ifndef USE_WIN32
int bytes;
#endif
filename[0]='\0';
/* if they specify a rand file on the command line we
assume that they really do want it, so try it first */
if(global->rand_file) {
totbytes+=add_rand_file(global, global->rand_file);
if(RAND_status())
return 0; /* success */
}
/* try the $RANDFILE or $HOME/.rnd files */
RAND_file_name(filename, 256);
if(filename[0]) {
totbytes+=add_rand_file(global, filename);
if(RAND_status())
return 0; /* success */
}
#ifdef RANDOM_FILE
totbytes+=add_rand_file(global, RANDOM_FILE);
if(RAND_status())
return 0; /* success */
#endif
#ifdef USE_WIN32
RAND_screen();
if(RAND_status()) {
s_log(LOG_DEBUG, "Seeded PRNG with RAND_screen");
return 0; /* success */
}
s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
#else
if(global->egd_sock) {
if((bytes=RAND_egd(global->egd_sock))==-1) {
s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
bytes=0;
} else {
totbytes+=bytes;
s_log(LOG_DEBUG, "Snagged %d random bytes from EGD Socket %s",
bytes, global->egd_sock);
return 0; /* OpenSSL always gets what it needs or fails,
so no need to check if seeded sufficiently */
}
}
/* try the good-old default /dev/urandom, if available */
totbytes+=add_rand_file(global, "/dev/urandom");
if(RAND_status())
return 0; /* success */
#endif /* USE_WIN32 */
/* random file specified during configure */
s_log(LOG_ERR, "PRNG seeded with %d bytes total", totbytes);
s_log(LOG_ERR, "PRNG was not seeded with enough random bytes");
return 1; /* FAILED */
}
