--- api/ssl/src/C/bglssl.c.orig 2015-12-21 05:31:11.000000000 -0700
+++ api/ssl/src/C/bglssl.c 2017-01-26 00:13:39.000000000 -0700
@@ -3,8 +3,8 @@
/* ------------------------------------------------------------- */
/* Author : Manuel Serrano & Stephane Epardaud */
/* Creation : Wed Mar 23 16:54:42 2005 */
-/* Last change : Wed Nov 18 05:25:26 2015 (serrano) */
-/* Copyright : 2005-15 Manuel Serrano */
+/* Last change : Wed Nov 30 07:40:42 2016 (serrano) */
+/* Copyright : 2005-16 Manuel Serrano */
/* ------------------------------------------------------------- */
/* SSL socket client-side support */
/*=====================================================================*/
@@ -190,21 +190,25 @@ bgl_ssl_init() {
#if( BGLSSL_HAVE_SSLV23 )
ctxc[ BGLSSL_SSLV23 ] = SSL_CTX_new( SSLv23_client_method() );
#endif
+#if( BGLSSL_HAVE_TLSV1 )
ctxc[ BGLSSL_TLSV1 ] = SSL_CTX_new( TLSv1_client_method() );
+#else
+ ctxc[ BGLSSL_TLSV1 ] = SSL_CTX_new( TLS_client_method() );
+#endif
#if( BGLSSL_HAVE_TLSV1_1 )
ctxc[ BGLSSL_TLSV1_1 ] = SSL_CTX_new( TLSv1_1_client_method() );
#else
- ctxc[ BGLSSL_TLSV1_1 ] = SSL_CTX_new( TLSv1_client_method() );
+ ctxc[ BGLSSL_TLSV1_1 ] = ctxc[ BGLSSL_TLSV1 ];
#endif
#if( BGLSSL_HAVE_TLSV1_2 )
ctxc[ BGLSSL_TLSV1_2 ] = SSL_CTX_new( TLSv1_2_client_method() );
#else
- ctxc[ BGLSSL_TLSV1_2 ] = SSL_CTX_new( TLSv1_client_method() );
+ ctxc[ BGLSSL_TLSV1_2 ] = ctxc[ BGLSSL_TLSV1 ];
#endif
#if( BGLSSL_HAVE_DTLS )
ctxc[ BGLSSL_DTLSV1 ] = SSL_CTX_new( DTLSv1_client_method() );
#else
- ctxc[ BGLSSL_DTLSV1 ] = 0;
+ ctxc[ BGLSSL_DTLSV1 ] = SSL_CTX_new( DTLS_client_method() );
#endif
#if( BGLSSL_HAVE_SSLV2 )
@@ -216,21 +220,25 @@ bgl_ssl_init() {
#if( BGLSSL_HAVE_SSLV23 )
ctxs[ BGLSSL_SSLV23 ] = SSL_CTX_new( SSLv23_server_method() );
#endif
+#if( BGLSSL_HAVE_TLSV1 )
ctxs[ BGLSSL_TLSV1 ] = SSL_CTX_new( TLSv1_server_method() );
+#else
+ ctxs[ BGLSSL_TLSV1 ] = SSL_CTX_new( TLS_server_method() );
+#endif
#if( BGLSSL_HAVE_TLSV1_1 )
ctxs[ BGLSSL_TLSV1_1 ] = SSL_CTX_new( TLSv1_1_server_method() );
#else
- ctxs[ BGLSSL_TLSV1_1 ] = SSL_CTX_new( TLSv1_server_method() );
+ ctxs[ BGLSSL_TLSV1_1 ] = ctxs[ BGLSSL_TLSV1 ];
#endif
#if( BGLSSL_HAVE_TLSV1_2 )
ctxs[ BGLSSL_TLSV1_2 ] = SSL_CTX_new( TLSv1_2_server_method() );
#else
- ctxs[ BGLSSL_TLSV1_2 ] = SSL_CTX_new( TLSv1_server_method() );
+ ctxs[ BGLSSL_TLSV1_2 ] = ctxs[ BGLSSL_TLSV1 ];
#endif
#if( BGLSSL_HAVE_DTLS )
ctxs[ BGLSSL_DTLSV1 ] = SSL_CTX_new( DTLSv1_server_method() );
#else
- ctxs[ BGLSSL_DTLSV1 ] = 0;
+ ctxs[ BGLSSL_DTLSV1 ] = SSL_CTX_new( DTLS_server_method() );
#endif
}
@@ -417,7 +425,7 @@ socket_enable_ssl( obj_t s, char accept,
/* keep the ca_list away from the GC */
drag = MAKE_PAIR( ca_list, drag );
- ctx = SSL_CTX_new( ctx->method );
+ ctx = SSL_CTX_new( BGL_SSL_CTX_get_ssl_method( ctx ) );
if( ctx == NULL )
C_SYSTEM_FAILURE( BGL_IO_ERROR,
"make-client-ssl-socket, cannot create SSL context",
@@ -890,7 +898,7 @@ SSL_CTX_use_certificate_chain( SSL_CTX *
x = PEM_read_bio_X509_AUX( in, NULL, NULL, NULL );
if( x == NULL ) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB );
+ SSLerr( SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB );
goto end;
}
@@ -908,10 +916,14 @@ SSL_CTX_use_certificate_chain( SSL_CTX *
int r;
unsigned long err;
- if( ctx->extra_certs != NULL ) {
- sk_X509_pop_free( ctx->extra_certs, X509_free );
- ctx->extra_certs = NULL;
- }
+ // MS 28 Novembre 2016: WARNING !!!
+ // before openssl 1.1, used to be
+ // if( ctx->extra_certs != NULL ) {
+ // sk_X509_pop_free( ctx->extra_certs, X509_free );
+ // ctx->extra_certs = NULL;
+ // }
+ // see bglss.h for the definition of BGL_SSL_CTX_clear_extra_chain_certs
+ BGL_SSL_CTX_clear_extra_chain_certs( ctx );
while( (ca = PEM_read_bio_X509( in, NULL, NULL, NULL )) ) {
r = SSL_CTX_add_extra_chain_cert( ctx, ca );
@@ -1732,9 +1744,12 @@ bgl_new_session_callback( SSL *ssl, SSL_
C_SYSTEM_FAILURE( BGL_TYPE_ERROR, "ssl-session",
"wrong callback arity", cb );
} else {
+ unsigned int sidlen;
+ const char *sid = BGL_SSL_SESSION_get_id( sess, sidlen );
+
PROCEDURE_ENTRY( cb )
( cb,
- string_to_bstring_len( sess->session_id, sess->session_id_length ),
+ string_to_bstring_len( (char *)sid, sidlen ),
serialized,
BEOA );
return 0;
@@ -2206,12 +2221,13 @@ bgl_ssl_connection_get_peer_certificate(
RSA *rsa = NULL;
if( NULL != (pkey = X509_get_pubkey( peer_cert ))
&& NULL != (rsa = EVP_PKEY_get1_RSA( pkey )) ) {
- BN_print( bio, rsa->n );
+ const BIGNUM *z;
+ BN_print( bio, BGL_RSA_N( rsa, z ) );
BIO_get_mem_ptr( bio, &mem );
info = MAKE_PAIR( cons( "modulus", mem ), info );
BIO_reset( bio );
- BN_print( bio, rsa->e );
+ BN_print( bio, BGL_RSA_E( rsa, z ) );
BIO_get_mem_ptr( bio, &mem );
info = MAKE_PAIR( cons( "exponent", mem ), info );
BIO_reset( bio );
@@ -2260,7 +2276,7 @@ bgl_ssl_connection_get_peer_certificate(
info );
}
- ASN1_OBJECT *eku =
+ STACK_OF(ASN1_OBJECT) *eku =
(ASN1_OBJECT *)X509_get_ext_d2i( peer_cert, NID_ext_key_usage, NULL, NULL );
if( eku != NULL ) {
char buf[ 256 ];
@@ -2404,11 +2420,23 @@ bgl_ssl_ctx_init( secure_context sc ) {
goto unsupported;
#endif
} else if( !strcmp( sslmethod, "TLSv1_method" ) ) {
+#if( BGLSSL_HAVE_TLSV1 )
sc->BgL_z42nativez42 = SSL_CTX_new( TLSv1_method() );
+#else
+ sc->BgL_z42nativez42 = SSL_CTX_new( TLS_method() );
+#endif
} else if( !strcmp( sslmethod, "TLSv1_server_method" ) ) {
+#if( BGLSSL_HAVE_TLSV1 )
sc->BgL_z42nativez42 = SSL_CTX_new( TLSv1_server_method() );
+#else
+ sc->BgL_z42nativez42 = SSL_CTX_new( TLS_server_method() );
+#endif
} else if( !strcmp( sslmethod, "TLSv1_client_method" ) ) {
+#if( BGLSSL_HAVE_TLSV1 )
sc->BgL_z42nativez42 = SSL_CTX_new( TLSv1_client_method() );
+#else
+ sc->BgL_z42nativez42 = SSL_CTX_new( TLS_client_method() );
+#endif
} else {
goto unsupported;
}
@@ -2513,12 +2541,24 @@ bgl_bn_bin2bn( char *s, int len ) {
}
/*---------------------------------------------------------------------*/
+/* BGL_RUNTIME_DEF void */
+/* bgl_dh_pub_priv_key_set ... */
+/*---------------------------------------------------------------------*/
+BGL_RUNTIME_DEF void
+bgl_dh_pub_priv_key_set( DH *dh, BIGNUM *pub, BIGNUM *priv ) {
+ if( pub != 0 && priv !=0 ) {
+ BGL_DH_SET_PUB_PRIV( dh, pub, priv );
+ }
+}
+
+/*---------------------------------------------------------------------*/
/* BIGNUM * */
/* bgl_dh_private_key ... */
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF BIGNUM *
bgl_dh_private_key( DH *dh ) {
- return dh->priv_key;
+ const BIGNUM *priv_key;
+ return (BIGNUM *)BGL_DH_GET_PRIV( dh, priv_key );
}
/*---------------------------------------------------------------------*/
@@ -2527,7 +2567,7 @@ bgl_dh_private_key( DH *dh ) {
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF void
bgl_dh_private_key_set( DH *dh, BIGNUM *v ) {
- dh->priv_key = v;
+ BGL_DH_SET_PRIV( dh, v );
}
/*---------------------------------------------------------------------*/
@@ -2536,7 +2576,8 @@ bgl_dh_private_key_set( DH *dh, BIGNUM *
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF BIGNUM *
bgl_dh_public_key( DH *dh ) {
- return dh->pub_key;
+ const BIGNUM *pub_key;
+ return (BIGNUM *)BGL_DH_GET_PUB( dh, pub_key );
}
/*---------------------------------------------------------------------*/
@@ -2545,7 +2586,18 @@ bgl_dh_public_key( DH *dh ) {
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF void
bgl_dh_public_key_set( DH *dh, BIGNUM *v ) {
- dh->pub_key = v;
+ BGL_DH_SET_PUB( dh, v );
+}
+
+/*---------------------------------------------------------------------*/
+/* void */
+/* bgl_dh_pqg_set ... */
+/*---------------------------------------------------------------------*/
+BGL_RUNTIME_DEF void
+bgl_dh_pqg_set( DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g ) {
+ if( p != 0 && g != 0 ) {
+ BGL_DH_SET_PQG( dh, p, q, g );
+ }
}
/*---------------------------------------------------------------------*/
@@ -2554,7 +2606,8 @@ bgl_dh_public_key_set( DH *dh, BIGNUM *v
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF BIGNUM *
bgl_dh_p( DH *dh ) {
- return dh->p;
+ const BIGNUM *key;
+ return (BIGNUM *)BGL_DH_GET_P( dh, key );
}
/*---------------------------------------------------------------------*/
@@ -2563,7 +2616,26 @@ bgl_dh_p( DH *dh ) {
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF void
bgl_dh_p_set( DH *dh, BIGNUM *v ) {
- dh->p = v;
+ BGL_DH_SET_P( dh, v );
+}
+
+/*---------------------------------------------------------------------*/
+/* BIGNUM * */
+/* bgl_dh_q ... */
+/*---------------------------------------------------------------------*/
+BGL_RUNTIME_DEF BIGNUM *
+bgl_dh_q( DH *dh ) {
+ const BIGNUM *key;
+ return (BIGNUM *)BGL_DH_GET_Q( dh, key );
+}
+
+/*---------------------------------------------------------------------*/
+/* void */
+/* bgl_dh_q_set ... */
+/*---------------------------------------------------------------------*/
+BGL_RUNTIME_DEF void
+bgl_dh_q_set( DH *dh, BIGNUM *v ) {
+ BGL_DH_SET_Q( dh, v );
}
/*---------------------------------------------------------------------*/
@@ -2572,7 +2644,8 @@ bgl_dh_p_set( DH *dh, BIGNUM *v ) {
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF BIGNUM *
bgl_dh_g( DH *dh ) {
- return dh->g;
+ const BIGNUM *key;
+ return (BIGNUM *)BGL_DH_GET_G( dh, key );
}
/*---------------------------------------------------------------------*/
@@ -2581,7 +2654,7 @@ bgl_dh_g( DH *dh ) {
/*---------------------------------------------------------------------*/
BGL_RUNTIME_DEF void
bgl_dh_g_set( DH *dh, BIGNUM *v ) {
- dh->g = v;
+ BGL_DH_SET_G( dh, v );
}
/*---------------------------------------------------------------------*/
@@ -2605,8 +2678,12 @@ bgl_ssl_get_ciphers() {
#else
bgl_ssl_init();
#endif
-
+
+#if( BGLSSL_HAVE_TLSV1 )
ctx = SSL_CTX_new( TLSv1_server_method() );
+#else
+ ctx = SSL_CTX_new( TLS_server_method() );
+#endif
if( ctx == NULL ) {
C_SYSTEM_FAILURE( BGL_IO_ERROR,
"ssl-get-ciphers",
@@ -2630,7 +2707,7 @@ bgl_ssl_get_ciphers() {
res = create_vector( sk_SSL_CIPHER_num( ciphers ) );
for( i = 0; i < sk_SSL_CIPHER_num( ciphers ); ++i ) {
- SSL_CIPHER *c = sk_SSL_CIPHER_value( ciphers, i );
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value( ciphers, i );
VECTOR_SET( res, i, string_to_bstring( (char *)SSL_CIPHER_get_name( c ) ) );
}
@@ -2719,7 +2796,8 @@ bgl_ssl_hash_init( ssl_hash hash ) {
(void *)EVP_get_digestbyname( (const char *)BSTRING_TO_STRING( hash->BgL_typez00 ) );
if( !(hash->BgL_z42mdz42) ) return 0;
- hash->BgL_z42mdzd2ctxz90 = GC_MALLOC( sizeof( EVP_MD_CTX ) );
+ hash->BgL_z42mdzd2ctxz90 = BGL_EVP_MD_CTX_new();
+
EVP_MD_CTX_init( hash->BgL_z42mdzd2ctxz90 );
EVP_DigestInit_ex( hash->BgL_z42mdzd2ctxz90, hash->BgL_z42mdz42, NULL );
@@ -2755,7 +2833,8 @@ bgl_ssl_hash_digest( ssl_hash hash ) {
unsigned int md_len;
EVP_DigestFinal_ex( hash->BgL_z42mdzd2ctxz90, md_value, &md_len );
- EVP_MD_CTX_cleanup( hash->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_reset( hash->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_free( hash->BgL_z42mdzd2ctxz90 );
hash->BgL_z42mdzd2ctxz90 = 0L;
return string_to_bstring_len( md_value, md_len );
@@ -2786,19 +2865,19 @@ bgl_ssl_hmac_init( ssl_hmac hmac, obj_t
(void *)EVP_get_digestbyname( (const char *)BSTRING_TO_STRING( type ) );
if( !(hmac->BgL_z42mdz42) ) return BFALSE;
- hmac->BgL_z42mdzd2ctxz90 = GC_MALLOC( sizeof( HMAC_CTX ) );
- HMAC_CTX_init( hmac->BgL_z42mdzd2ctxz90 );
+ hmac->BgL_z42mdzd2ctxz90 = BGL_HMAC_CTX_new();
+ BGL_HMAC_CTX_init( hmac->BgL_z42mdzd2ctxz90 );
if( !STRINGP( key ) ) {
- HMAC_Init( hmac->BgL_z42mdzd2ctxz90,
- "",
- 0,
- hmac->BgL_z42mdz42 );
+ BGL_HMAC_Init( hmac->BgL_z42mdzd2ctxz90,
+ "",
+ 0,
+ hmac->BgL_z42mdz42 );
} else {
- HMAC_Init( hmac->BgL_z42mdzd2ctxz90,
- BSTRING_TO_STRING( key ),
- STRING_LENGTH( key ),
- hmac->BgL_z42mdz42 );
+ BGL_HMAC_Init( hmac->BgL_z42mdzd2ctxz90,
+ BSTRING_TO_STRING( key ),
+ STRING_LENGTH( key ),
+ hmac->BgL_z42mdz42 );
}
return BTRUE;
}
@@ -2832,7 +2911,8 @@ bgl_ssl_hmac_digest( ssl_hmac hmac ) {
unsigned int md_len;
HMAC_Final( hmac->BgL_z42mdzd2ctxz90, md_value, &md_len );
- HMAC_CTX_cleanup( hmac->BgL_z42mdzd2ctxz90 );
+ BGL_HMAC_CTX_reset( hmac->BgL_z42mdzd2ctxz90 );
+ BGL_HMAC_CTX_free( hmac->BgL_z42mdzd2ctxz90 );
hmac->BgL_z42mdzd2ctxz90 = 0L;
return string_to_bstring_len( md_value, md_len );
@@ -2858,12 +2938,12 @@ bgl_ssl_sign_init( ssl_sign sign, obj_t
#else
bgl_ssl_init();
#endif
-
+
sign->BgL_z42mdz42 =
(void *)EVP_get_digestbyname( (const char *)BSTRING_TO_STRING( type ) );
if( !(sign->BgL_z42mdz42) ) return 0;
- sign->BgL_z42mdzd2ctxz90 = GC_MALLOC( sizeof( EVP_MD_CTX ) );
+ sign->BgL_z42mdzd2ctxz90 = BGL_EVP_MD_CTX_new();
EVP_MD_CTX_init( sign->BgL_z42mdzd2ctxz90 );
EVP_SignInit_ex( sign->BgL_z42mdzd2ctxz90, sign->BgL_z42mdz42, NULL );
@@ -2916,7 +2996,8 @@ bgl_ssl_sign_sign( ssl_sign sign, obj_t
return BFALSE;
}
- EVP_MD_CTX_cleanup( sign->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_reset( sign->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_free( sign->BgL_z42mdzd2ctxz90 );
sign->BgL_z42mdzd2ctxz90 = 0L;
EVP_PKEY_free( pkey );
@@ -2950,7 +3031,7 @@ bgl_ssl_verify_init( ssl_verify verify,
(void *)EVP_get_digestbyname( (const char *)BSTRING_TO_STRING( type ) );
if( !(verify->BgL_z42mdz42) ) return 0;
- verify->BgL_z42mdzd2ctxz90 = GC_MALLOC( sizeof( EVP_MD_CTX ) );
+ verify->BgL_z42mdzd2ctxz90 = BGL_EVP_MD_CTX_new();
EVP_MD_CTX_init( verify->BgL_z42mdzd2ctxz90 );
EVP_VerifyInit_ex( verify->BgL_z42mdzd2ctxz90, verify->BgL_z42mdz42, NULL );
@@ -3062,7 +3143,8 @@ bgl_ssl_verify_final( ssl_verify verify,
if( pkey ) EVP_PKEY_free( pkey );
if( x509 ) X509_free( x509 );
if( bp ) BIO_free( bp );
- EVP_MD_CTX_cleanup( verify->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_reset( verify->BgL_z42mdzd2ctxz90 );
+ BGL_EVP_MD_CTX_free( verify->BgL_z42mdzd2ctxz90 );
verify->BgL_z42mdzd2ctxz90 = 0;
return r && (r != -1);
@@ -3101,7 +3183,7 @@ bgl_ssl_cipher_init( ssl_cipher cipher,
EVP_md5(), NULL,
&(STRING_REF( keybuf, koffset )), klen,
1, key, iv );
- EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)GC_MALLOC( sizeof( EVP_CIPHER_CTX ) );
+ EVP_CIPHER_CTX *ctx = BGL_EVP_CIPHER_CTX_new();
cipher->BgL_z42cipherzd2ctxz90 = ctx;
EVP_CIPHER_CTX_init( ctx );
@@ -3110,7 +3192,8 @@ bgl_ssl_cipher_init( ssl_cipher cipher,
if( !EVP_CIPHER_CTX_set_key_length( ctx, key_len )) {
fprintf( stderr, "node-crypto : Invalid key length %d\n", klen );
- EVP_CIPHER_CTX_cleanup( ctx );
+ BGL_EVP_CIPHER_CTX_reset( ctx );
+ BGL_EVP_CIPHER_CTX_free( ctx );
return 0;
}
EVP_CipherInit_ex( ctx, NULL, NULL,
@@ -3131,7 +3214,7 @@ bgl_ssl_cipher_initiv( ssl_cipher cipher
obj_t iv, long ivoffset, long ivlen, bool_t enc ) {
#if( SSL_DEBUG )
BGL_MUTEX_LOCK( bigloo_mutex );
-
+
if( !init ) {
init = 1;
bgl_ssl_library_init();
@@ -3142,11 +3225,11 @@ bgl_ssl_cipher_initiv( ssl_cipher cipher
#else
bgl_ssl_init();
#endif
-
+
cipher->BgL_z42cipherz42 =
(void *)EVP_get_cipherbyname( (const char *)BSTRING_TO_STRING( type ) );
- if( !cipher ) {
+ if( !cipher->BgL_z42cipherz42 ) {
fprintf( stderr, "node-crypto : Unknown cipher %s\n",
(const char *)BSTRING_TO_STRING( type ));
return 0;
@@ -3160,15 +3243,16 @@ bgl_ssl_cipher_initiv( ssl_cipher cipher
fprintf( stderr, "node-crypto : Invalid IV length %d\n", ivlen );
return 0;
} else {
- EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)GC_MALLOC( sizeof( EVP_CIPHER_CTX ) );
+ EVP_CIPHER_CTX *ctx = BGL_EVP_CIPHER_CTX_new();
cipher->BgL_z42cipherzd2ctxz90 = ctx;
-
+
EVP_CIPHER_CTX_init( ctx );
- EVP_CipherInit_ex( ctx, cipher->BgL_z42cipherz42, NULL, NULL, NULL, 1 );
+ EVP_CipherInit_ex( ctx, cipher->BgL_z42cipherz42, NULL, NULL, NULL, enc );
if( !EVP_CIPHER_CTX_set_key_length( ctx, klen ) ) {
fprintf( stderr, "node-crypto : Invalid key length %d\n", klen );
- EVP_CIPHER_CTX_cleanup( ctx );
+ BGL_EVP_CIPHER_CTX_reset( ctx );
+ BGL_EVP_CIPHER_CTX_free( ctx );
return 0;
}
@@ -3176,6 +3260,7 @@ bgl_ssl_cipher_initiv( ssl_cipher cipher
&(STRING_REF( key, koffset )),
&(STRING_REF( iv, ivoffset )),
enc );
+
return 1;
}
}
@@ -3232,8 +3317,10 @@ bgl_cipher_final( ssl_cipher cipher ) {
obj_t obj = make_string( size, ' ' );
int r;
- r = EVP_CipherFinal_ex( ctx, &(STRING_REF( obj, 0 )), &size );
- EVP_CIPHER_CTX_cleanup( ctx );
+ r = EVP_CipherFinal_ex( ctx, BSTRING_TO_STRING( obj ), &size );
+
+ BGL_EVP_CIPHER_CTX_reset( ctx );
+ BGL_EVP_CIPHER_CTX_free( ctx );
cipher->BgL_z42cipherzd2ctxz90 = 0L;
if( r ) {
@@ -3269,3 +3356,14 @@ bgl_pkcs5_pbkdf2_hmac_sha1( obj_t pass,
}
}
+/*---------------------------------------------------------------------*/
+/* bgl_ssl_error_string */
+/*---------------------------------------------------------------------*/
+obj_t bgl_ssl_error_string() {
+ int err = ERR_get_error();
+ obj_t errmsg = make_string( 128, 0 );
+
+ ERR_error_string_n(err, BSTRING_TO_STRING( errmsg ), 128 );
+
+ return errmsg;
+}
--- api/ssl/src/C/bglssl.h.in.orig 2015-12-21 05:31:11.000000000 -0700
+++ api/ssl/src/C/bglssl.h.in 2017-02-11 16:43:49.192028737 -0700
@@ -21,6 +21,7 @@
#define BGLSSL_TLSV1_1 6
#define BGLSSL_TLSV1_2 7
+#define BGLSSL_HAVE_TLSV1 1
#define BGLSSL_HAVE_TLSV1_1 @HAVETLS1_1@
#define BGLSSL_HAVE_TLSV1_2 @HAVETLS1_2@
#define BGLSSL_HAVE_DTLS @HAVEDTLS@
@@ -29,5 +30,111 @@
#define BGLSSL_HAVE_SSLV23 @HAVEV23@
#define BGLSSL_HAVE_RAND_STATUS @HAVERANDSTATUS@
#define BGLSSL_HAVE_RAND_POLL @HAVERANDPOLL@
+#define BGLSSL_HAVE_GETTER 1
+#if( !defined( SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE ) )
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE \
+ SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_SSL_CTX_get_ssl_method( ctx ) SSL_CTX_get_ssl_method( ctx )
+#else
+# define BGL_SSL_CTX_get_ssl_method( ctx ) (ctx->method)
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_SSL_CTX_clear_extra_chain_certs( ctx ) \
+ SSL_CTX_clear_extra_chain_certs( ctx )
+#else
+# define BGL_SSL_CTX_clear_extra_chain_certs( ctx ) \
+ ((ctx->extra_certs != NULL) ? \
+ (sk_X509_pop_free( ctx->extra_certs, X509_free ), ctx->extra_certs = NULL) \
+ : 0)
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_SSL_SESSION_get_id( sess, len ) \
+ SSL_SESSION_get_id( sess, &len )
+#else
+# define BGL_SSL_SESSION_get_id( sess, len ) \
+ (len = sess->session_id_length, sess->session_id)
+#endif
+
+#if( !defined( STACK_OF ) )
+# define STACK_OF( type ) type
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_EVP_MD_CTX_new() EVP_MD_CTX_new()
+# define BGL_EVP_MD_CTX_free( evp ) EVP_MD_CTX_free( evp )
+# define BGL_EVP_MD_CTX_reset( evp ) EVP_MD_CTX_reset( evp )
+#else
+# define BGL_EVP_MD_CTX_new() ((EVP_MD_CTX *)GC_MALLOC( sizeof( EVP_MD_CTX ) ))
+# define BGL_EVP_MD_CTX_free( evp )
+# define BGL_EVP_MD_CTX_reset( evp ) EVP_MD_CTX_cleanup( evp )
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_EVP_CIPHER_CTX_new() EVP_CIPHER_CTX_new()
+# define BGL_EVP_CIPHER_CTX_free( evp ) EVP_CIPHER_CTX_free( evp )
+# define BGL_EVP_CIPHER_CTX_reset( evp ) EVP_CIPHER_CTX_reset( evp )
+#else
+# define BGL_EVP_CIPHER_CTX_new() ((EVP_CIPHER_CTX *)GC_MALLOC( sizeof( EVP_CIPHER_CTX ) ))
+# define BGL_EVP_CIPHER_CTX_free( evp )
+# define BGL_EVP_CIPHER_CTX_reset( evp ) EVP_CIPHER_CTX_cleanup( evp )
+#endif
+#if BGLSSL_HAVE_GETTER
+# define BGL_HMAC_CTX_new() HMAC_CTX_new()
+# define BGL_HMAC_CTX_init( hmac )
+# define BGL_HMAC_CTX_free( hmac ) HMAC_CTX_free( hmac )
+# define BGL_HMAC_CTX_reset( hmac ) HMAC_CTX_reset( hmac )
+# define BGL_HMAC_Init( c, k, l, m ) HMAC_Init_ex( c, k, l, m, 0 )
+#else
+# define BGL_HMAC_CTX_new() ((HMAC_CTX *)GC_MALLOC( sizeof( HMAC_CTX ) ))
+# define BGL_HMAC_CTX_init( hmac ) HMAC_CTX_init( hmac )
+# define BGL_HMAC_CTX_free( hmac)
+# define BGL_HMAC_CTX_reset( hmac ) HMAC_CTX_cleanup( hmac )
+# define BGL_HMAC_Init( c, k, l, m ) HMAC_Init( c, k, l, m )
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_DH_SET_PUB_PRIV( dh, pub, priv ) DH_set0_key( dh, pub, priv )
+# define BGL_DH_GET_PUB( dh, kres ) (DH_get0_key( dh, &kres, 0 ), kres)
+# define BGL_DH_GET_PRIV( dh, kres ) (DH_get0_key( dh, 0, &kres ), kres)
+# define BGL_DH_SET_PUB( dh, key ) DH_set0_key( dh, key, 0 )
+# define BGL_DH_SET_PRIV( dh, key ) DH_set0_key( dh, 0, key )
+# define BGL_DH_SET_PQG( dh, p, q, g ) DH_set0_pqg( dh, p, q, g )
+# define BGL_DH_GET_P( dh, kres ) (DH_get0_pqg( dh, &kres, 0, 0 ), kres)
+# define BGL_DH_SET_P( dh, key ) DH_set0_pqg( dh, key, 0, 0 )
+# define BGL_DH_GET_Q( dh, kres ) (DH_get0_pqg( dh, 0, &kres, 0 ), kres)
+# define BGL_DH_SET_Q( dh, key ) DH_set0_pqg( dh, 0, key, 0 )
+# define BGL_DH_GET_G( dh, kres ) (DH_get0_pqg( dh, 0, 0, &kres ), kres)
+# define BGL_DH_SET_G( dh, key ) DH_set0_pqg( dh, 0, 0, key )
+#else
+# define BGL_DH_SET_PUB_PRIV( dh, pub, priv ) \
+ (BGL_DH_SET_PUB( dh, pub ), BGL_DH_SET_PRIV( dh, priv ))
+# define BGL_DH_GET_PUB( dh, kres ) dh->pub_key
+# define BGL_DH_GET_PRIV( dh, kres ) dh->priv_key
+# define BGL_DH_SET_PUB( dh, key ) dh->pub_key = key
+# define BGL_DH_SET_PRIV( dh, key ) dh->priv_key = key
+# define BGL_DH_SET_PQG( dh, p, q, g ) \
+ (BGL_DH_SET_P( dh, p ), BGL_DH_SET_Q( dh, q ), BGL_DH_SET_G( dh, g ))
+# define BGL_DH_GET_P( dh, kres ) dh->p
+# define BGL_DH_SET_P( dh, key ) (dh->p = key)
+# define BGL_DH_GET_Q( dh, kres ) dh->q
+# define BGL_DH_SET_Q( dh, key ) (dh->q = key)
+# define BGL_DH_GET_G( dh, kres ) dh->g
+# define BGL_DH_SET_G( dh, key ) (dh->g = key)
+#endif
+
+#if BGLSSL_HAVE_GETTER
+# define BGL_RSA_N( rsa, kres ) (RSA_get0_key( rsa, &kres, 0, 0 ), kres)
+# define BGL_RSA_E( rsa, kres ) (RSA_get0_key( rsa, 0, &kres, 0 ), kres)
+# define BGL_RSA_D( rsa, kres ) (RSA_get0_key( rsa, 0, 0, &kres ), kres)
+#else
+# define BGL_RSA_N( rsa, kres ) (kres = rsa->n)
+# define BGL_RSA_E( rsa, kres ) (kres = rsa->e)
+# define BGL_RSA_D( rsa, kres ) (kres = rsa->d)
+#endif