1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/bio_ssl.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,628 @@
1.4 +/* ssl/bio_ssl.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +/*
1.62 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.63 + */
1.64 +
1.65 +#include <stdio.h>
1.66 +#include <stdlib.h>
1.67 +#include <string.h>
1.68 +#include <errno.h>
1.69 +#include <openssl/crypto.h>
1.70 +#include <openssl/bio.h>
1.71 +#include <openssl/err.h>
1.72 +#include <openssl/ssl.h>
1.73 +
1.74 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.75 +#include "libssl_wsd.h"
1.76 +#endif
1.77 +
1.78 +static int ssl_write(BIO *h, const char *buf, int num);
1.79 +static int ssl_read(BIO *h, char *buf, int size);
1.80 +static int ssl_puts(BIO *h, const char *str);
1.81 +static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
1.82 +static int ssl_new(BIO *h);
1.83 +static int ssl_free(BIO *data);
1.84 +static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
1.85 +typedef struct bio_ssl_st
1.86 + {
1.87 + SSL *ssl; /* The ssl handle :-) */
1.88 + /* re-negotiate every time the total number of bytes is this size */
1.89 + int num_renegotiates;
1.90 + unsigned long renegotiate_count;
1.91 + unsigned long byte_count;
1.92 + unsigned long renegotiate_timeout;
1.93 + unsigned long last_time;
1.94 + } BIO_SSL;
1.95 +
1.96 +#ifdef __cplusplus
1.97 +extern "C"
1.98 +{
1.99 +#endif
1.100 +#ifndef EMULATOR
1.101 +
1.102 + static BIO_METHOD methods_sslp=
1.103 +#else
1.104 + const BIO_METHOD temp_methods_sslp=
1.105 +
1.106 +#endif
1.107 + {
1.108 + BIO_TYPE_SSL,"ssl",
1.109 + ssl_write,
1.110 + ssl_read,
1.111 + ssl_puts,
1.112 + NULL, /* ssl_gets, */
1.113 + ssl_ctrl,
1.114 + ssl_new,
1.115 + ssl_free,
1.116 + ssl_callback_ctrl,
1.117 + };
1.118 +#ifdef __cplusplus
1.119 +}
1.120 +#endif
1.121 +
1.122 +#ifdef EMULATOR
1.123 +
1.124 +GET_STATIC_VAR_FROM_TLS(methods_sslp,bio_ssl,BIO_METHOD)
1.125 +
1.126 +#define methods_sslp (*GET_WSD_VAR_NAME(methods_sslp,bio_ssl,s)())
1.127 +
1.128 +#endif //EMULATOR
1.129 +
1.130 +
1.131 +
1.132 +EXPORT_C BIO_METHOD *BIO_f_ssl(void)
1.133 + {
1.134 + return(&methods_sslp);
1.135 + }
1.136 +
1.137 +static int ssl_new(BIO *bi)
1.138 + {
1.139 + BIO_SSL *bs;
1.140 +
1.141 + bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
1.142 + if (bs == NULL)
1.143 + {
1.144 + BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
1.145 + return(0);
1.146 + }
1.147 + memset(bs,0,sizeof(BIO_SSL));
1.148 + bi->init=0;
1.149 + bi->ptr=(char *)bs;
1.150 + bi->flags=0;
1.151 + return(1);
1.152 + }
1.153 +
1.154 +static int ssl_free(BIO *a)
1.155 + {
1.156 + BIO_SSL *bs;
1.157 +
1.158 + if (a == NULL) return(0);
1.159 + bs=(BIO_SSL *)a->ptr;
1.160 + if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
1.161 + if (a->shutdown)
1.162 + {
1.163 + if (a->init && (bs->ssl != NULL))
1.164 + SSL_free(bs->ssl);
1.165 + a->init=0;
1.166 + a->flags=0;
1.167 + }
1.168 + if (a->ptr != NULL)
1.169 + OPENSSL_free(a->ptr);
1.170 + return(1);
1.171 + }
1.172 +
1.173 +static int ssl_read(BIO *b, char *out, int outl)
1.174 + {
1.175 + int ret=1;
1.176 + BIO_SSL *sb;
1.177 + SSL *ssl;
1.178 + int retry_reason=0;
1.179 + int r=0;
1.180 +
1.181 + if (out == NULL) return(0);
1.182 + sb=(BIO_SSL *)b->ptr;
1.183 + ssl=sb->ssl;
1.184 +
1.185 + BIO_clear_retry_flags(b);
1.186 +
1.187 +#if 0
1.188 + if (!SSL_is_init_finished(ssl))
1.189 + {
1.190 +/* ret=SSL_do_handshake(ssl); */
1.191 + if (ret > 0)
1.192 + {
1.193 +
1.194 + outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
1.195 + ret= -1;
1.196 + goto end;
1.197 + }
1.198 + }
1.199 +#endif
1.200 +/* if (ret > 0) */
1.201 + ret=SSL_read(ssl,out,outl);
1.202 +
1.203 + switch (SSL_get_error(ssl,ret))
1.204 + {
1.205 + case SSL_ERROR_NONE:
1.206 + if (ret <= 0) break;
1.207 + if (sb->renegotiate_count > 0)
1.208 + {
1.209 + sb->byte_count+=ret;
1.210 + if (sb->byte_count > sb->renegotiate_count)
1.211 + {
1.212 + sb->byte_count=0;
1.213 + sb->num_renegotiates++;
1.214 + SSL_renegotiate(ssl);
1.215 + r=1;
1.216 + }
1.217 + }
1.218 + if ((sb->renegotiate_timeout > 0) && (!r))
1.219 + {
1.220 + unsigned long tm;
1.221 +
1.222 + tm=(unsigned long)time(NULL);
1.223 + if (tm > sb->last_time+sb->renegotiate_timeout)
1.224 + {
1.225 + sb->last_time=tm;
1.226 + sb->num_renegotiates++;
1.227 + SSL_renegotiate(ssl);
1.228 + }
1.229 + }
1.230 +
1.231 + break;
1.232 + case SSL_ERROR_WANT_READ:
1.233 + BIO_set_retry_read(b);
1.234 + break;
1.235 + case SSL_ERROR_WANT_WRITE:
1.236 + BIO_set_retry_write(b);
1.237 + break;
1.238 + case SSL_ERROR_WANT_X509_LOOKUP:
1.239 + BIO_set_retry_special(b);
1.240 + retry_reason=BIO_RR_SSL_X509_LOOKUP;
1.241 + break;
1.242 + case SSL_ERROR_WANT_ACCEPT:
1.243 + BIO_set_retry_special(b);
1.244 + retry_reason=BIO_RR_ACCEPT;
1.245 + break;
1.246 + case SSL_ERROR_WANT_CONNECT:
1.247 + BIO_set_retry_special(b);
1.248 + retry_reason=BIO_RR_CONNECT;
1.249 + break;
1.250 + case SSL_ERROR_SYSCALL:
1.251 + case SSL_ERROR_SSL:
1.252 + case SSL_ERROR_ZERO_RETURN:
1.253 + default:
1.254 + break;
1.255 + }
1.256 +
1.257 + b->retry_reason=retry_reason;
1.258 + return(ret);
1.259 + }
1.260 +
1.261 +static int ssl_write(BIO *b, const char *out, int outl)
1.262 + {
1.263 + int ret,r=0;
1.264 + int retry_reason=0;
1.265 + SSL *ssl;
1.266 + BIO_SSL *bs;
1.267 +
1.268 + if (out == NULL) return(0);
1.269 + bs=(BIO_SSL *)b->ptr;
1.270 + ssl=bs->ssl;
1.271 +
1.272 + BIO_clear_retry_flags(b);
1.273 +
1.274 +/* ret=SSL_do_handshake(ssl);
1.275 + if (ret > 0) */
1.276 + ret=SSL_write(ssl,out,outl);
1.277 +
1.278 + switch (SSL_get_error(ssl,ret))
1.279 + {
1.280 + case SSL_ERROR_NONE:
1.281 + if (ret <= 0) break;
1.282 + if (bs->renegotiate_count > 0)
1.283 + {
1.284 + bs->byte_count+=ret;
1.285 + if (bs->byte_count > bs->renegotiate_count)
1.286 + {
1.287 + bs->byte_count=0;
1.288 + bs->num_renegotiates++;
1.289 + SSL_renegotiate(ssl);
1.290 + r=1;
1.291 + }
1.292 + }
1.293 + if ((bs->renegotiate_timeout > 0) && (!r))
1.294 + {
1.295 + unsigned long tm;
1.296 +
1.297 + tm=(unsigned long)time(NULL);
1.298 + if (tm > bs->last_time+bs->renegotiate_timeout)
1.299 + {
1.300 + bs->last_time=tm;
1.301 + bs->num_renegotiates++;
1.302 + SSL_renegotiate(ssl);
1.303 + }
1.304 + }
1.305 + break;
1.306 + case SSL_ERROR_WANT_WRITE:
1.307 + BIO_set_retry_write(b);
1.308 + break;
1.309 + case SSL_ERROR_WANT_READ:
1.310 + BIO_set_retry_read(b);
1.311 + break;
1.312 + case SSL_ERROR_WANT_X509_LOOKUP:
1.313 + BIO_set_retry_special(b);
1.314 + retry_reason=BIO_RR_SSL_X509_LOOKUP;
1.315 + break;
1.316 + case SSL_ERROR_WANT_CONNECT:
1.317 + BIO_set_retry_special(b);
1.318 + retry_reason=BIO_RR_CONNECT;
1.319 + case SSL_ERROR_SYSCALL:
1.320 + case SSL_ERROR_SSL:
1.321 + default:
1.322 + break;
1.323 + }
1.324 +
1.325 + b->retry_reason=retry_reason;
1.326 + return(ret);
1.327 + }
1.328 +
1.329 +static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
1.330 + {
1.331 + SSL **sslp,*ssl;
1.332 + BIO_SSL *bs;
1.333 + BIO *dbio,*bio;
1.334 + long ret=1;
1.335 +
1.336 + bs=(BIO_SSL *)b->ptr;
1.337 + ssl=bs->ssl;
1.338 + if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
1.339 + return(0);
1.340 + switch (cmd)
1.341 + {
1.342 + case BIO_CTRL_RESET:
1.343 + SSL_shutdown(ssl);
1.344 +
1.345 + if (ssl->handshake_func == ssl->method->ssl_connect)
1.346 + SSL_set_connect_state(ssl);
1.347 + else if (ssl->handshake_func == ssl->method->ssl_accept)
1.348 + SSL_set_accept_state(ssl);
1.349 +
1.350 + SSL_clear(ssl);
1.351 +
1.352 + if (b->next_bio != NULL)
1.353 + ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
1.354 + else if (ssl->rbio != NULL)
1.355 + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
1.356 + else
1.357 + ret=1;
1.358 + break;
1.359 + case BIO_CTRL_INFO:
1.360 + ret=0;
1.361 + break;
1.362 + case BIO_C_SSL_MODE:
1.363 + if (num) /* client mode */
1.364 + SSL_set_connect_state(ssl);
1.365 + else
1.366 + SSL_set_accept_state(ssl);
1.367 + break;
1.368 + case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
1.369 + ret=bs->renegotiate_timeout;
1.370 + if (num < 60) num=5;
1.371 + bs->renegotiate_timeout=(unsigned long)num;
1.372 + bs->last_time=(unsigned long)time(NULL);
1.373 + break;
1.374 + case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
1.375 + ret=bs->renegotiate_count;
1.376 + if ((long)num >=512)
1.377 + bs->renegotiate_count=(unsigned long)num;
1.378 + break;
1.379 + case BIO_C_GET_SSL_NUM_RENEGOTIATES:
1.380 + ret=bs->num_renegotiates;
1.381 + break;
1.382 + case BIO_C_SET_SSL:
1.383 + if (ssl != NULL)
1.384 + ssl_free(b);
1.385 + b->shutdown=(int)num;
1.386 + ssl=(SSL *)ptr;
1.387 + ((BIO_SSL *)b->ptr)->ssl=ssl;
1.388 + bio=SSL_get_rbio(ssl);
1.389 + if (bio != NULL)
1.390 + {
1.391 + if (b->next_bio != NULL)
1.392 + BIO_push(bio,b->next_bio);
1.393 + b->next_bio=bio;
1.394 + CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
1.395 + }
1.396 + b->init=1;
1.397 + break;
1.398 + case BIO_C_GET_SSL:
1.399 + if (ptr != NULL)
1.400 + {
1.401 + sslp=(SSL **)ptr;
1.402 + *sslp=ssl;
1.403 + }
1.404 + else
1.405 + ret=0;
1.406 + break;
1.407 + case BIO_CTRL_GET_CLOSE:
1.408 + ret=b->shutdown;
1.409 + break;
1.410 + case BIO_CTRL_SET_CLOSE:
1.411 + b->shutdown=(int)num;
1.412 + break;
1.413 + case BIO_CTRL_WPENDING:
1.414 + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
1.415 + break;
1.416 + case BIO_CTRL_PENDING:
1.417 + ret=SSL_pending(ssl);
1.418 + if (ret == 0)
1.419 + ret=BIO_pending(ssl->rbio);
1.420 + break;
1.421 + case BIO_CTRL_FLUSH:
1.422 + BIO_clear_retry_flags(b);
1.423 + ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
1.424 + BIO_copy_next_retry(b);
1.425 + break;
1.426 + case BIO_CTRL_PUSH:
1.427 + if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
1.428 + {
1.429 + SSL_set_bio(ssl,b->next_bio,b->next_bio);
1.430 + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
1.431 + }
1.432 + break;
1.433 + case BIO_CTRL_POP:
1.434 + /* ugly bit of a hack */
1.435 + if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
1.436 + {
1.437 + BIO_free_all(ssl->wbio);
1.438 + }
1.439 + if (b->next_bio != NULL)
1.440 + {
1.441 + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
1.442 + }
1.443 + ssl->wbio=NULL;
1.444 + ssl->rbio=NULL;
1.445 + break;
1.446 + case BIO_C_DO_STATE_MACHINE:
1.447 + BIO_clear_retry_flags(b);
1.448 +
1.449 + b->retry_reason=0;
1.450 + ret=(int)SSL_do_handshake(ssl);
1.451 +
1.452 + switch (SSL_get_error(ssl,(int)ret))
1.453 + {
1.454 + case SSL_ERROR_WANT_READ:
1.455 + BIO_set_flags(b,
1.456 + BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
1.457 + break;
1.458 + case SSL_ERROR_WANT_WRITE:
1.459 + BIO_set_flags(b,
1.460 + BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
1.461 + break;
1.462 + case SSL_ERROR_WANT_CONNECT:
1.463 + BIO_set_flags(b,
1.464 + BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
1.465 + b->retry_reason=b->next_bio->retry_reason;
1.466 + break;
1.467 + default:
1.468 + break;
1.469 + }
1.470 + break;
1.471 + case BIO_CTRL_DUP:
1.472 + dbio=(BIO *)ptr;
1.473 + if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
1.474 + SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
1.475 + ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
1.476 + ((BIO_SSL *)dbio->ptr)->renegotiate_count=
1.477 + ((BIO_SSL *)b->ptr)->renegotiate_count;
1.478 + ((BIO_SSL *)dbio->ptr)->byte_count=
1.479 + ((BIO_SSL *)b->ptr)->byte_count;
1.480 + ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
1.481 + ((BIO_SSL *)b->ptr)->renegotiate_timeout;
1.482 + ((BIO_SSL *)dbio->ptr)->last_time=
1.483 + ((BIO_SSL *)b->ptr)->last_time;
1.484 + ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
1.485 + break;
1.486 + case BIO_C_GET_FD:
1.487 + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
1.488 + break;
1.489 + case BIO_CTRL_SET_CALLBACK:
1.490 + {
1.491 +#if 0 /* FIXME: Should this be used? -- Richard Levitte */
1.492 + SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.493 + ret = -1;
1.494 +#else
1.495 + ret=0;
1.496 +#endif
1.497 + }
1.498 + break;
1.499 + case BIO_CTRL_GET_CALLBACK:
1.500 + {
1.501 + void (**fptr)(const SSL *xssl,int type,int val);
1.502 +
1.503 + fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
1.504 + *fptr=SSL_get_info_callback(ssl);
1.505 + }
1.506 + break;
1.507 + default:
1.508 + ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
1.509 + break;
1.510 + }
1.511 + return(ret);
1.512 + }
1.513 +
1.514 +static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
1.515 + {
1.516 + SSL *ssl;
1.517 + BIO_SSL *bs;
1.518 + long ret=1;
1.519 +
1.520 + bs=(BIO_SSL *)b->ptr;
1.521 + ssl=bs->ssl;
1.522 + switch (cmd)
1.523 + {
1.524 + case BIO_CTRL_SET_CALLBACK:
1.525 + {
1.526 + /* FIXME: setting this via a completely different prototype
1.527 + seems like a crap idea */
1.528 + SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
1.529 + }
1.530 + break;
1.531 + default:
1.532 + ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
1.533 + break;
1.534 + }
1.535 + return(ret);
1.536 + }
1.537 +
1.538 +static int ssl_puts(BIO *bp, const char *str)
1.539 + {
1.540 + int n,ret;
1.541 +
1.542 + n=strlen(str);
1.543 + ret=BIO_write(bp,str,n);
1.544 + return(ret);
1.545 + }
1.546 +
1.547 +EXPORT_C BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
1.548 + {
1.549 +#ifndef OPENSSL_NO_SOCK
1.550 + BIO *ret=NULL,*buf=NULL,*ssl=NULL;
1.551 +
1.552 + if ((buf=BIO_new(BIO_f_buffer())) == NULL)
1.553 + return(NULL);
1.554 + if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
1.555 + goto err;
1.556 + if ((ret=BIO_push(buf,ssl)) == NULL)
1.557 + goto err;
1.558 + return(ret);
1.559 +err:
1.560 + if (buf != NULL) BIO_free(buf);
1.561 + if (ssl != NULL) BIO_free(ssl);
1.562 +#endif
1.563 + return(NULL);
1.564 + }
1.565 +
1.566 +EXPORT_C BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
1.567 + {
1.568 + BIO *ret=NULL,*con=NULL,*ssl=NULL;
1.569 +
1.570 + if ((con=BIO_new(BIO_s_connect())) == NULL)
1.571 + return(NULL);
1.572 + if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
1.573 + goto err;
1.574 + if ((ret=BIO_push(ssl,con)) == NULL)
1.575 + goto err;
1.576 + return(ret);
1.577 +err:
1.578 + if (con != NULL) BIO_free(con);
1.579 + if (ret != NULL) BIO_free(ret);
1.580 + return(NULL);
1.581 + }
1.582 +
1.583 +EXPORT_C BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
1.584 + {
1.585 + BIO *ret;
1.586 + SSL *ssl;
1.587 +
1.588 + if ((ret=BIO_new(BIO_f_ssl())) == NULL)
1.589 + return(NULL);
1.590 + if ((ssl=SSL_new(ctx)) == NULL)
1.591 + {
1.592 + BIO_free(ret);
1.593 + return(NULL);
1.594 + }
1.595 + if (client)
1.596 + SSL_set_connect_state(ssl);
1.597 + else
1.598 + SSL_set_accept_state(ssl);
1.599 +
1.600 + BIO_set_ssl(ret,ssl,BIO_CLOSE);
1.601 + return(ret);
1.602 + }
1.603 +
1.604 +EXPORT_C int BIO_ssl_copy_session_id(BIO *t, BIO *f)
1.605 + {
1.606 + t=BIO_find_type(t,BIO_TYPE_SSL);
1.607 + f=BIO_find_type(f,BIO_TYPE_SSL);
1.608 + if ((t == NULL) || (f == NULL))
1.609 + return(0);
1.610 + if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
1.611 + (((BIO_SSL *)f->ptr)->ssl == NULL))
1.612 + return(0);
1.613 + SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
1.614 + return(1);
1.615 + }
1.616 +
1.617 +EXPORT_C void BIO_ssl_shutdown(BIO *b)
1.618 + {
1.619 + SSL *s;
1.620 +
1.621 + while (b != NULL)
1.622 + {
1.623 + if (b->method->type == BIO_TYPE_SSL)
1.624 + {
1.625 + s=((BIO_SSL *)b->ptr)->ssl;
1.626 + SSL_shutdown(s);
1.627 + break;
1.628 + }
1.629 + b=b->next_bio;
1.630 + }
1.631 + }