From d2bd6440679c4bc60f88fb2ff3a1b897fe19b097 Mon Sep 17 00:00:00 2001 From: Martin Pieuchot Date: Sun, 13 Apr 2014 21:11:20 +0000 Subject: Do not include "e_os.h" anymore. Simply pull in the necessary headers. ok miod@, deraadt@ --- lib/libssl/src/ssl/d1_clnt.c | 2 +- lib/libssl/src/ssl/d1_lib.c | 339 ++++++++++++++++++++++++++++++++++++++---- lib/libssl/src/ssl/d1_pkt.c | 1 - lib/libssl/src/ssl/d1_srvr.c | 2 +- lib/libssl/src/ssl/s23_clnt.c | 2 +- lib/libssl/src/ssl/s23_lib.c | 6 +- lib/libssl/src/ssl/s23_pkt.c | 1 - lib/libssl/src/ssl/s23_srvr.c | 2 +- lib/libssl/src/ssl/s2_clnt.c | 2 +- lib/libssl/src/ssl/s2_pkt.c | 9 +- lib/libssl/src/ssl/s2_srvr.c | 4 +- lib/libssl/src/ssl/s3_clnt.c | 2 +- lib/libssl/src/ssl/s3_lib.c | 4 +- lib/libssl/src/ssl/s3_pkt.c | 4 +- lib/libssl/src/ssl/s3_srvr.c | 2 +- lib/libssl/src/ssl/ssl_cert.c | 12 +- lib/libssl/src/ssl/ssl_locl.h | 8 +- lib/libssl/src/ssl/ssl_task.c | 7 +- lib/libssl/src/ssl/ssltest.c | 28 ++-- 19 files changed, 362 insertions(+), 75 deletions(-) diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 48e5e06bdeb..eb6ea6c0ec8 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -158,7 +158,7 @@ int dtls1_connect(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c index fc088b41489..7565ce7e366 100644 --- a/lib/libssl/src/ssl/d1_lib.c +++ b/lib/libssl/src/ssl/d1_lib.c @@ -57,11 +57,22 @@ * */ +#include +#include + +#include + #include #include #include "ssl_locl.h" +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#include +#endif + +static void get_current_time(struct timeval *t); const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; +int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, @@ -75,6 +86,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, + tls1_export_keying_material, }; long dtls1_default_timeout(void) @@ -84,11 +96,6 @@ long dtls1_default_timeout(void) return(60*60*2); } -IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, - ssl_undefined_function, - ssl_undefined_function, - ssl_bad_method) - int dtls1_new(SSL *s) { DTLS1_STATE *d1; @@ -98,21 +105,12 @@ int dtls1_new(SSL *s) memset(d1,0, sizeof *d1); /* d1->handshake_epoch=0; */ -#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST) - d1->bitmap.length=64; -#else - d1->bitmap.length=sizeof(d1->bitmap.map) * 8; -#endif - pq_64bit_init(&(d1->bitmap.map)); - pq_64bit_init(&(d1->bitmap.max_seq_num)); - - pq_64bit_init(&(d1->next_bitmap.map)); - pq_64bit_init(&(d1->next_bitmap.max_seq_num)); d1->unprocessed_rcds.q=pqueue_new(); d1->processed_rcds.q=pqueue_new(); d1->buffered_messages = pqueue_new(); d1->sent_messages=pqueue_new(); + d1->buffered_app_data.q=pqueue_new(); if ( s->server) { @@ -120,12 +118,13 @@ int dtls1_new(SSL *s) } if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q - || ! d1->buffered_messages || ! d1->sent_messages) + || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) { if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); if ( d1->sent_messages) pqueue_free(d1->sent_messages); + if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); OPENSSL_free(d1); return (0); } @@ -135,26 +134,33 @@ int dtls1_new(SSL *s) return(1); } -void dtls1_free(SSL *s) +static void dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; - - ssl3_free(s); + DTLS1_RECORD_DATA *rdata; while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } OPENSSL_free(item->data); pitem_free(item); } - pqueue_free(s->d1->unprocessed_rcds.q); while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } OPENSSL_free(item->data); pitem_free(item); } - pqueue_free(s->d1->processed_rcds.q); while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { @@ -163,7 +169,6 @@ void dtls1_free(SSL *s) OPENSSL_free(frag); pitem_free(item); } - pqueue_free(s->d1->buffered_messages); while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { @@ -172,21 +177,102 @@ void dtls1_free(SSL *s) OPENSSL_free(frag); pitem_free(item); } - pqueue_free(s->d1->sent_messages); - pq_64bit_free(&(s->d1->bitmap.map)); - pq_64bit_free(&(s->d1->bitmap.max_seq_num)); + while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) + { + frag = (hm_fragment *)item->data; + OPENSSL_free(frag->fragment); + OPENSSL_free(frag); + pitem_free(item); + } + } + +void dtls1_free(SSL *s) + { + ssl3_free(s); - pq_64bit_free(&(s->d1->next_bitmap.map)); - pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); + dtls1_clear_queues(s); + + pqueue_free(s->d1->unprocessed_rcds.q); + pqueue_free(s->d1->processed_rcds.q); + pqueue_free(s->d1->buffered_messages); + pqueue_free(s->d1->sent_messages); + pqueue_free(s->d1->buffered_app_data.q); OPENSSL_free(s->d1); + s->d1 = NULL; } void dtls1_clear(SSL *s) { + pqueue unprocessed_rcds; + pqueue processed_rcds; + pqueue buffered_messages; + pqueue sent_messages; + pqueue buffered_app_data; + unsigned int mtu; + + if (s->d1) + { + unprocessed_rcds = s->d1->unprocessed_rcds.q; + processed_rcds = s->d1->processed_rcds.q; + buffered_messages = s->d1->buffered_messages; + sent_messages = s->d1->sent_messages; + buffered_app_data = s->d1->buffered_app_data.q; + mtu = s->d1->mtu; + + dtls1_clear_queues(s); + + memset(s->d1, 0, sizeof(*(s->d1))); + + if (s->server) + { + s->d1->cookie_len = sizeof(s->d1->cookie); + } + + if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) + { + s->d1->mtu = mtu; + } + + s->d1->unprocessed_rcds.q = unprocessed_rcds; + s->d1->processed_rcds.q = processed_rcds; + s->d1->buffered_messages = buffered_messages; + s->d1->sent_messages = sent_messages; + s->d1->buffered_app_data.q = buffered_app_data; + } + ssl3_clear(s); - s->version=DTLS1_VERSION; + if (s->options & SSL_OP_CISCO_ANYCONNECT) + s->version=DTLS1_BAD_VER; + else + s->version=DTLS1_VERSION; + } + +long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) + { + int ret=0; + + switch (cmd) + { + case DTLS_CTRL_GET_TIMEOUT: + if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) + { + ret = 1; + } + break; + case DTLS_CTRL_HANDLE_TIMEOUT: + ret = dtls1_handle_timeout(s); + break; + case DTLS_CTRL_LISTEN: + ret = dtls1_listen(s, parg); + break; + + default: + ret = ssl3_ctrl(s, cmd, larg, parg); + break; + } + return(ret); } /* @@ -196,15 +282,206 @@ void dtls1_clear(SSL *s) * to explicitly list their SSL_* codes. Currently RC4 is the only one * available, but if new ones emerge, they will have to be added... */ -SSL_CIPHER *dtls1_get_cipher(unsigned int u) +const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { - SSL_CIPHER *ciph = ssl3_get_cipher(u); + const SSL_CIPHER *ciph = ssl3_get_cipher(u); if (ciph != NULL) { - if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + if (ciph->algorithm_enc == SSL_RC4) return NULL; } return ciph; } + +void dtls1_start_timer(SSL *s) + { +#ifndef OPENSSL_NO_SCTP + /* Disable timer for SCTP */ + if (BIO_dgram_is_sctp(SSL_get_wbio(s))) + { + memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + return; + } +#endif + + /* If timer is not set, initialize duration with 1 second */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + s->d1->timeout_duration = 1; + } + + /* Set timeout to current time */ + get_current_time(&(s->d1->next_timeout)); + + /* Add duration to current time */ + s->d1->next_timeout.tv_sec += s->d1->timeout_duration; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + } + +struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) + { + struct timeval timenow; + + /* If no timeout is set, just return NULL */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + return NULL; + } + + /* Get current time */ + get_current_time(&timenow); + + /* If timer already expired, set remaining time to 0 */ + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || + (s->d1->next_timeout.tv_sec == timenow.tv_sec && + s->d1->next_timeout.tv_usec <= timenow.tv_usec)) + { + memset(timeleft, 0, sizeof(struct timeval)); + return timeleft; + } + + /* Calculate time left until timer expires */ + memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); + timeleft->tv_sec -= timenow.tv_sec; + timeleft->tv_usec -= timenow.tv_usec; + if (timeleft->tv_usec < 0) + { + timeleft->tv_sec--; + timeleft->tv_usec += 1000000; + } + + /* If remaining time is less than 15 ms, set it to 0 + * to prevent issues because of small devergences with + * socket timeouts. + */ + if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) + { + memset(timeleft, 0, sizeof(struct timeval)); + } + + + return timeleft; + } + +int dtls1_is_timer_expired(SSL *s) + { + struct timeval timeleft; + + /* Get time left until timeout, return false if no timer running */ + if (dtls1_get_timeout(s, &timeleft) == NULL) + { + return 0; + } + + /* Return false if timer is not expired yet */ + if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) + { + return 0; + } + + /* Timer expired, so return true */ + return 1; + } + +void dtls1_double_timeout(SSL *s) + { + s->d1->timeout_duration *= 2; + if (s->d1->timeout_duration > 60) + s->d1->timeout_duration = 60; + dtls1_start_timer(s); + } + +void dtls1_stop_timer(SSL *s) + { + /* Reset everything */ + memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + s->d1->timeout_duration = 1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + /* Clear retransmission buffer */ + dtls1_clear_record_buffer(s); + } + +int dtls1_check_timeout_num(SSL *s) + { + s->d1->timeout.num_alerts++; + + /* Reduce MTU after 2 unsuccessful retransmissions */ + if (s->d1->timeout.num_alerts > 2) + { + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + } + + if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) + { + /* fail the connection, enough alerts have been sent */ + SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); + return -1; + } + + return 0; + } + +int dtls1_handle_timeout(SSL *s) + { + /* if no timer is expired, don't do anything */ + if (!dtls1_is_timer_expired(s)) + { + return 0; + } + + dtls1_double_timeout(s); + + if (dtls1_check_timeout_num(s) < 0) + return -1; + + s->d1->timeout.read_timeouts++; + if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) + { + s->d1->timeout.read_timeouts = 1; + } + +#ifndef OPENSSL_NO_HEARTBEATS + if (s->tlsext_hb_pending) + { + s->tlsext_hb_pending = 0; + return dtls1_heartbeat(s); + } +#endif + + dtls1_start_timer(s); + return dtls1_retransmit_buffered_messages(s); + } + +static void get_current_time(struct timeval *t) +{ +#ifdef OPENSSL_SYS_WIN32 + struct _timeb tb; + _ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#elif defined(OPENSSL_SYS_VMS) + struct timeb tb; + ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#else + gettimeofday(t, NULL); +#endif +} + +int dtls1_listen(SSL *s, struct sockaddr *client) + { + int ret; + + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + s->d1->listen = 1; + + ret = SSL_accept(s); + if (ret <= 0) return ret; + + (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); + return 1; + } diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c index 8186462d4a6..52f7fc022fe 100644 --- a/lib/libssl/src/ssl/d1_pkt.c +++ b/lib/libssl/src/ssl/d1_pkt.c @@ -115,7 +115,6 @@ #include #include -#define USE_SOCKETS #include "ssl_locl.h" #include #include diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 9975e20873c..aacf8fd380d 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -158,7 +158,7 @@ int dtls1_accept(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c index 2b93c639dd2..6315e9d8765 100644 --- a/lib/libssl/src/ssl/s23_clnt.c +++ b/lib/libssl/src/ssl/s23_clnt.c @@ -152,7 +152,7 @@ int ssl23_connect(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/s23_lib.c b/lib/libssl/src/ssl/s23_lib.c index 3bf728318a4..a6285b767fb 100644 --- a/lib/libssl/src/ssl/s23_lib.c +++ b/lib/libssl/src/ssl/s23_lib.c @@ -121,7 +121,7 @@ int ssl23_read(SSL *s, void *buf, int len) { int n; - clear_sys_error(); + errno = 0; if (SSL_in_init(s) && (!s->in_handshake)) { n=s->handshake_func(s); @@ -144,7 +144,7 @@ int ssl23_peek(SSL *s, void *buf, int len) { int n; - clear_sys_error(); + errno = 0; if (SSL_in_init(s) && (!s->in_handshake)) { n=s->handshake_func(s); @@ -167,7 +167,7 @@ int ssl23_write(SSL *s, const void *buf, int len) { int n; - clear_sys_error(); + errno = 0; if (SSL_in_init(s) && (!s->in_handshake)) { n=s->handshake_func(s); diff --git a/lib/libssl/src/ssl/s23_pkt.c b/lib/libssl/src/ssl/s23_pkt.c index 4ca6a1b2584..eba8d9d8fcd 100644 --- a/lib/libssl/src/ssl/s23_pkt.c +++ b/lib/libssl/src/ssl/s23_pkt.c @@ -58,7 +58,6 @@ #include #include -#define USE_SOCKETS #include "ssl_locl.h" #include #include diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c index 48778490135..2ac8786c626 100644 --- a/lib/libssl/src/ssl/s23_srvr.c +++ b/lib/libssl/src/ssl/s23_srvr.c @@ -154,7 +154,7 @@ int ssl23_accept(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/s2_clnt.c b/lib/libssl/src/ssl/s2_clnt.c index 03b6cf96738..15fbef9c778 100644 --- a/lib/libssl/src/ssl/s2_clnt.c +++ b/lib/libssl/src/ssl/s2_clnt.c @@ -152,7 +152,7 @@ int ssl2_connect(SSL *s) RAND_add(&l,sizeof(l),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/s2_pkt.c b/lib/libssl/src/ssl/s2_pkt.c index 8bb6ab8baa3..7efad40153b 100644 --- a/lib/libssl/src/ssl/s2_pkt.c +++ b/lib/libssl/src/ssl/s2_pkt.c @@ -113,7 +113,6 @@ #ifndef OPENSSL_NO_SSL2 #include #include -#define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); @@ -144,7 +143,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) } } - clear_sys_error(); + errno = 0; s->rwstate=SSL_NOTHING; if (len <= 0) return(len); @@ -372,7 +371,7 @@ static int read_n(SSL *s, unsigned int n, unsigned int max, s->packet=s->s2->rbuf; while (newb < (int)n) { - clear_sys_error(); + errno = 0; if (s->rbio != NULL) { s->rwstate=SSL_READING; @@ -438,7 +437,7 @@ int ssl2_write(SSL *s, const void *_buf, int len) return(-1); } - clear_sys_error(); + errno = 0; s->rwstate=SSL_NOTHING; if (len <= 0) return(len); @@ -483,7 +482,7 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) for (;;) { - clear_sys_error(); + errno = 0; if (s->wbio != NULL) { s->rwstate=SSL_WRITING; diff --git a/lib/libssl/src/ssl/s2_srvr.c b/lib/libssl/src/ssl/s2_srvr.c index 2cba426bb7e..cac405db7c7 100644 --- a/lib/libssl/src/ssl/s2_srvr.c +++ b/lib/libssl/src/ssl/s2_srvr.c @@ -153,7 +153,7 @@ int ssl2_accept(SSL *s) RAND_add(&l,sizeof(l),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; @@ -170,7 +170,7 @@ int ssl2_accept(SSL *s) return(-1); } - clear_sys_error(); + errno = 0; for (;;) { state=s->state; diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index a6b3c01afa1..64e7be8d67a 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -193,7 +193,7 @@ int ssl3_connect(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 6b2739161de..fd1e7b80d8c 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -4167,7 +4167,7 @@ int ssl3_write(SSL *s, const void *buf, int len) return(0); } #endif - clear_sys_error(); + errno = 0; if (s->s3->renegotiate) ssl3_renegotiate_check(s); /* This is an experimental flag that sends the @@ -4213,7 +4213,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { int ret; - clear_sys_error(); + errno = 0; if (s->s3->renegotiate) ssl3_renegotiate_check(s); s->s3->in_read_app_data=1; ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 96ba63262e4..6b55d21a3e9 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -232,7 +232,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * and need to read in more until we have len+n (up to * len+max if possible) */ - clear_sys_error(); + errno = 0; if (s->rbio != NULL) { s->rwstate=SSL_READING; @@ -874,7 +874,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, for (;;) { - clear_sys_error(); + errno = 0; if (s->wbio != NULL) { s->rwstate=SSL_WRITING; diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 9ac19c05f22..518dfcd5e28 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -220,7 +220,7 @@ int ssl3_accept(SSL *s) RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); - clear_sys_error(); + errno = 0; if (s->info_callback != NULL) cb=s->info_callback; diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index 5123a89182e..6d144077f9f 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -114,13 +114,13 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#include +#include -#include "e_os.h" -#ifndef NO_SYS_TYPES_H -# include -#endif +#include +#include +#include +#include #include "o_dir.h" #include #include @@ -837,7 +837,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, if (errno) { - SYSerr(SYS_F_OPENDIR, get_last_sys_error()); + SYSerr(SYS_F_OPENDIR, errno); ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); goto err; diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index e4859077481..e7fecbc3cb6 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -142,13 +142,17 @@ #ifndef HEADER_SSL_LOCL_H #define HEADER_SSL_LOCL_H + +#include + #include #include #include #include +#include -#include "e_os.h" - +#include +#include #include #ifndef OPENSSL_NO_COMP #include diff --git a/lib/libssl/src/ssl/ssl_task.c b/lib/libssl/src/ssl/ssl_task.c index 416fb16743b..366204f097a 100644 --- a/lib/libssl/src/ssl/ssl_task.c +++ b/lib/libssl/src/ssl/ssl_task.c @@ -114,6 +114,8 @@ * Author: Dave Jones * Date: 22-JUL-1996 */ +#include + #include #include #include /* VMS IO$_ definitions */ @@ -123,9 +125,10 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); #include /* from ssltest.c */ #include +#include -#include "e_os.h" - +#include +#include #include #include #include diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index 8a602cc551b..1e285a5c52d 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -142,17 +142,21 @@ #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#include +#include +#include + +#include #include #include #include +#include #include #include #include #include - -#define USE_SOCKETS -#include "e_os.h" +#include #ifdef OPENSSL_SYS_VMS #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on @@ -161,6 +165,8 @@ #include +#include +#include #include #include #include @@ -586,7 +592,7 @@ int main(int argc, char *argv[]) fips_mode=1; #else fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); - EXIT(0); + exit(0); #endif } else if (strcmp(*argv,"-server_auth") == 0) @@ -785,7 +791,7 @@ bad: { /* ensure that the cipher list are correctly sorted and exit */ if (do_test_cipherlist() == 0) - EXIT(1); + exit(1); ret = 0; goto end; } @@ -796,7 +802,7 @@ bad: "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); - EXIT(1); + exit(1); } #ifdef OPENSSL_FIPS @@ -806,7 +812,7 @@ bad: { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - EXIT(1); + exit(1); } else fprintf(stderr,"*** IN FIPS MODE ***\n"); @@ -1150,7 +1156,7 @@ end: EVP_cleanup(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) BIO_free(bio_err); - EXIT(ret); + exit(ret); return ret; } @@ -2144,7 +2150,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26], default: fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" " STOPPING\n"); - EXIT(1); + exit(1); } } break; @@ -2207,7 +2213,7 @@ static int process_proxy_cond_adders(unsigned int letters[26], default: fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" " STOPPING\n"); - EXIT(1); + exit(1); } } break; @@ -2306,7 +2312,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) cb_arg->proxy_cond, &cond_end); if (ok < 0) - EXIT(3); + exit(3); if (*cond_end) { fprintf(stderr, "Stopped processing condition before it's end.\n"); -- cgit v1.2.3