From c8a04734fd79512def15b13761936b720aad23f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czerpak?= Date: Fri, 20 Feb 2015 11:40:52 +0100 Subject: [PATCH] 2015-02-20 11:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/hbssl/bio.c * contrib/hbssl/err.c * contrib/hbssl/evpciph.c * contrib/hbssl/evpmd.c * contrib/hbssl/hbssl.ch * contrib/hbssl/hbssl.hbc * contrib/hbssl/hbssl.hbm * contrib/hbssl/hbssl.hbx * contrib/hbssl/pem.c * contrib/hbssl/rand.c * contrib/hbssl/ssl.c * contrib/hbssl/ssl_hb.c * contrib/hbssl/sslctx.c * contrib/hbssl/x509.c ; synced with Viktor's branch: * favor openssl over libressl on darwin (2015-01-22 03:24 UTC+0100) * build against libressl on darwin, if installed (2015-01-22 03:24 UTC+0100) * deleted custom openssl option 'OPENSSL_NO_SEED' on darwin. (2015-01-22 03:24 UTC+0100) + AES/GCM ciphers added (couldn't make them work) (2014-12-26 01:53 UTC+0100) + added BIO_GET_CONN_INT_PORT() It's now fixed in OpenSSL, available in hbssl with OpenSSL 1.0.1 or upper (2014-03-03 00:45 UTC+0100) ! BIO object is now GC collected, solving the leak and hopefully some remaining memory problems around BIO_NEW_MEM_BUF() (2014-02-26 04:54 UTC+0100) ! SSL_SET_BIO(): fixed 3rd parameter (2014-02-26 04:54 UTC+0100) ! BIO_NEW_MEM_BUF(): fixed potential use-after-free. (2014-02-24 16:02) * formating and comments --- ChangeLog.txt | 35 +++++++++++++ contrib/hbssl/bio.c | 110 +++++++++++++++++++++++++++++++++------- contrib/hbssl/err.c | 14 +++++ contrib/hbssl/evpciph.c | 44 ++++++++++++++-- contrib/hbssl/evpmd.c | 30 +++++++++-- contrib/hbssl/hbssl.ch | 3 ++ contrib/hbssl/hbssl.hbc | 2 + contrib/hbssl/hbssl.hbm | 3 +- contrib/hbssl/hbssl.hbx | 1 + contrib/hbssl/pem.c | 9 ++-- contrib/hbssl/rand.c | 3 +- contrib/hbssl/ssl.c | 27 +++++----- contrib/hbssl/ssl_hb.c | 4 +- contrib/hbssl/sslctx.c | 4 +- contrib/hbssl/x509.c | 4 +- 15 files changed, 236 insertions(+), 57 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 042625db4d..350e2f3890 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -10,6 +10,41 @@ * Change, ! Fix, % Optimization, + Addition, - Removal, ; Comment */ +2015-02-20 11:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * contrib/hbssl/bio.c + * contrib/hbssl/err.c + * contrib/hbssl/evpciph.c + * contrib/hbssl/evpmd.c + * contrib/hbssl/hbssl.ch + * contrib/hbssl/hbssl.hbc + * contrib/hbssl/hbssl.hbm + * contrib/hbssl/hbssl.hbx + * contrib/hbssl/pem.c + * contrib/hbssl/rand.c + * contrib/hbssl/ssl.c + * contrib/hbssl/ssl_hb.c + * contrib/hbssl/sslctx.c + * contrib/hbssl/x509.c + ; synced with Viktor's branch: + * favor openssl over libressl on darwin (2015-01-22 03:24 UTC+0100) + * build against libressl on darwin, if installed + (2015-01-22 03:24 UTC+0100) + * deleted custom openssl option 'OPENSSL_NO_SEED' on darwin. + (2015-01-22 03:24 UTC+0100) + + AES/GCM ciphers added (couldn't make them work) + (2014-12-26 01:53 UTC+0100) + + added BIO_GET_CONN_INT_PORT() + It's now fixed in OpenSSL, available in hbssl with OpenSSL 1.0.1 or upper + (2014-03-03 00:45 UTC+0100) + ! BIO object is now GC collected, solving the leak and hopefully + some remaining memory problems around BIO_NEW_MEM_BUF() + (2014-02-26 04:54 UTC+0100) + ! SSL_SET_BIO(): fixed 3rd parameter + (2014-02-26 04:54 UTC+0100) + ! BIO_NEW_MEM_BUF(): fixed potential use-after-free. + (2014-02-24 16:02) + * formating and comments + 2015-02-20 10:53 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/hbodbc/odbc.c * contrib/sddodbc/core.c diff --git a/contrib/hbssl/bio.c b/contrib/hbssl/bio.c index 5ee53a84cc..917cff3d6f 100644 --- a/contrib/hbssl/bio.c +++ b/contrib/hbssl/bio.c @@ -47,20 +47,86 @@ */ #include "hbapi.h" +#include "hbapiitm.h" #include "hbapierr.h" #include "hbssl.h" -void * hb_BIO_is( int iParam ) +/* */ + +typedef struct { - return hb_parptr( iParam ); + BIO * bio; + char * pszBuffer; +} HB_BIO, * PHB_BIO; + +static PHB_BIO PHB_BIO_create( BIO * bio, char * pszBuffer ) +{ + PHB_BIO hb_bio = ( PHB_BIO ) hb_xgrab( sizeof( HB_BIO ) ); + + hb_bio->bio = bio; + hb_bio->pszBuffer = pszBuffer; + + return hb_bio; } +static void PHB_BIO_free( PHB_BIO hb_bio ) +{ + if( hb_bio->pszBuffer ) + hb_itemFreeC( hb_bio->pszBuffer ); + + hb_xfree( hb_bio ); +} + +/* HB_BIO GC handler */ + +/* BIO destructor, it's executed automatically */ +static HB_GARBAGE_FUNC( HB_BIO_Destructor ) +{ + /* Retrieve image pointer holder */ + HB_BIO ** ptr = ( HB_BIO ** ) Cargo; + + /* Check if pointer is not NULL to avoid multiple freeing */ + if( *ptr ) + { + PHB_BIO_free( *ptr ); + + /* set pointer to NULL to avoid multiple freeing */ + *ptr = NULL; + } +} + +static const HB_GC_FUNCS s_gcBIOFuncs = +{ + HB_BIO_Destructor, + hb_gcDummyMark +}; + BIO * hb_BIO_par( int iParam ) { - return ( BIO * ) hb_parptr( iParam ); + HB_BIO ** ptr = ( HB_BIO ** ) hb_parptrGC( &s_gcBIOFuncs, iParam ); + + return ptr ? ( *ptr )->bio : NULL; } +void * hb_BIO_is( int iParam ) +{ + HB_BIO ** ptr = ( HB_BIO ** ) hb_parptrGC( &s_gcBIOFuncs, iParam ); + + return ptr ? ( *ptr )->bio : NULL; +} + +static void hb_BIO_ret( BIO * bio, char * pszBuffer ) +{ + HB_BIO ** ptr = ( HB_BIO ** ) hb_gcAllocate( sizeof( HB_BIO * ), &s_gcBIOFuncs ); + + *ptr = PHB_BIO_create( bio, pszBuffer ); + + hb_retptrGC( ( void * ) ptr ); +} + +/* */ + static int hb_BIO_METHOD_is( int iParam ) { return HB_ISCHAR( iParam ); @@ -141,7 +207,7 @@ static int hb_BIO_METHOD_ptr_to_id( const BIO_METHOD * p ) HB_FUNC( BIO_NEW ) { if( hb_BIO_METHOD_is( 1 ) ) - hb_retptr( BIO_new( hb_BIO_METHOD_par( 1 ) ) ); + hb_BIO_ret( BIO_new( hb_BIO_METHOD_par( 1 ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -403,7 +469,7 @@ HB_FUNC( BIO_GET_CLOSE ) HB_FUNC( BIO_NEW_SOCKET ) { if( HB_ISNUM( 1 ) ) - hb_retptr( BIO_new_socket( hb_parni( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ) ); + hb_BIO_ret( BIO_new_socket( hb_parni( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -412,7 +478,7 @@ HB_FUNC( BIO_NEW_DGRAM ) { #ifndef OPENSSL_NO_DGRAM if( HB_ISNUM( 1 ) ) - hb_retptr( BIO_new_dgram( hb_parni( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ) ); + hb_BIO_ret( BIO_new_dgram( hb_parni( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); #else @@ -423,7 +489,7 @@ HB_FUNC( BIO_NEW_DGRAM ) HB_FUNC( BIO_NEW_FD ) { if( HB_ISNUM( 1 ) ) - hb_retptr( BIO_new_fd( hb_parnl( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ) ); + hb_BIO_ret( BIO_new_fd( hb_parnl( 1 ), hb_parnidef( 2, BIO_NOCLOSE ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -431,16 +497,21 @@ HB_FUNC( BIO_NEW_FD ) HB_FUNC( BIO_NEW_FILE ) { if( HB_ISCHAR( 1 ) ) - hb_retptr( BIO_new_file( hb_parc( 1 ), hb_parcx( 2 ) ) ); + hb_BIO_ret( BIO_new_file( hb_parc( 1 ), hb_parcx( 2 ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } HB_FUNC( BIO_NEW_MEM_BUF ) { - if( HB_ISCHAR( 1 ) ) - /* NOTE: Discarding 'const' */ - hb_retptr( BIO_new_mem_buf( ( char * ) hb_parc( 1 ), ( int ) hb_parclen( 1 ) ) ); + PHB_ITEM pBuffer = hb_param( 1, HB_IT_STRING ); + + if( pBuffer ) + { + char * pszBuffer = hb_itemGetC( pBuffer ); + + hb_BIO_ret( BIO_new_mem_buf( pszBuffer, ( int ) hb_itemGetCLen( pBuffer ) ), pszBuffer ); + } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -560,13 +631,13 @@ HB_FUNC( BIO_FREE_ALL ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } -/* ------------ connect ------------ */ +/* --- connect --- */ HB_FUNC( BIO_NEW_CONNECT ) { if( HB_ISCHAR( 1 ) ) - /* NOTE: Discarding 'const' */ - hb_retptr( BIO_new_connect( ( char * ) hb_parc( 1 ) ) ); + /* NOTE: Discarding 'const', OpenSSL will strdup() */ + hb_BIO_ret( BIO_new_connect( ( char * ) hb_parc( 1 ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -574,8 +645,8 @@ HB_FUNC( BIO_NEW_CONNECT ) HB_FUNC( BIO_NEW_ACCEPT ) { if( HB_ISCHAR( 1 ) ) - /* NOTE: Discarding 'const' */ - hb_retptr( BIO_new_accept( ( char * ) hb_parc( 1 ) ) ); + /* NOTE: Discarding 'const', OpenSSL will strdup() */ + hb_BIO_ret( BIO_new_accept( ( char * ) hb_parc( 1 ) ), NULL ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } @@ -657,18 +728,19 @@ HB_FUNC( BIO_GET_CONN_IP ) hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); } -#if 0 -/* NOTE: Commented due to bugs in OpenSSL declaration. Bug report sent #1989 */ HB_FUNC( BIO_GET_CONN_INT_PORT ) { +#if OPENSSL_VERSION_NUMBER >= 0x10001000L /* fixed here: https://rt.openssl.org/Ticket/Display.html?id=1989 */ BIO * bio = hb_BIO_par( 1 ); if( bio ) hb_retnl( BIO_get_conn_int_port( bio ) ); else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); -} +#else + hb_errRT_BASE( EG_UNSUPPORTED, 2001, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); #endif +} HB_FUNC( BIO_SET_NBIO ) { diff --git a/contrib/hbssl/err.c b/contrib/hbssl/err.c index 73e3326bf5..85e5ab438c 100644 --- a/contrib/hbssl/err.c +++ b/contrib/hbssl/err.c @@ -82,6 +82,8 @@ HB_FUNC( ERR_PEEK_LAST_ERROR ) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retnint( ERR_peek_last_error() ); +#else + hb_retnint( -1 ); #endif } @@ -143,6 +145,11 @@ HB_FUNC( ERR_PEEK_LAST_ERROR_LINE ) hb_storc( file, 1 ); hb_storni( line, 2 ); +#else + hb_retnint( -1 ); + + hb_storc( NULL, 1 ); + hb_storni( 0, 2 ); #endif } @@ -190,6 +197,13 @@ HB_FUNC( ERR_PEEK_LAST_ERROR_LINE_DATA ) hb_storni( line, 2 ); hb_storc( data, 3 ); hb_storni( flags, 4 ); +#else + hb_retnint( -1 ); + + hb_storc( NULL, 1 ); + hb_storni( 0, 2 ); + hb_storc( NULL, 3 ); + hb_storni( 0, 4 ); #endif } diff --git a/contrib/hbssl/evpciph.c b/contrib/hbssl/evpciph.c index 2945a96a48..199277e59e 100644 --- a/contrib/hbssl/evpciph.c +++ b/contrib/hbssl/evpciph.c @@ -187,6 +187,9 @@ const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam ) #endif #endif #ifndef OPENSSL_NO_AES +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + case HB_EVP_CIPHER_AES_128_GCM: p = EVP_aes_128_gcm(); break; +#endif case HB_EVP_CIPHER_AES_128_ECB: p = EVP_aes_128_ecb(); break; case HB_EVP_CIPHER_AES_128_CBC: p = EVP_aes_128_cbc(); break; #if OPENSSL_VERSION_NUMBER >= 0x00907050L @@ -196,6 +199,9 @@ const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam ) #endif case HB_EVP_CIPHER_AES_128_CFB: p = EVP_aes_128_cfb(); break; case HB_EVP_CIPHER_AES_128_OFB: p = EVP_aes_128_ofb(); break; +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + case HB_EVP_CIPHER_AES_192_GCM: p = EVP_aes_192_gcm(); break; +#endif case HB_EVP_CIPHER_AES_192_ECB: p = EVP_aes_192_ecb(); break; case HB_EVP_CIPHER_AES_192_CBC: p = EVP_aes_192_cbc(); break; #if OPENSSL_VERSION_NUMBER >= 0x00907050L @@ -205,6 +211,9 @@ const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam ) #endif case HB_EVP_CIPHER_AES_192_CFB: p = EVP_aes_192_cfb(); break; case HB_EVP_CIPHER_AES_192_OFB: p = EVP_aes_192_ofb(); break; +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + case HB_EVP_CIPHER_AES_256_GCM: p = EVP_aes_256_gcm(); break; +#endif case HB_EVP_CIPHER_AES_256_ECB: p = EVP_aes_256_ecb(); break; case HB_EVP_CIPHER_AES_256_CBC: p = EVP_aes_256_cbc(); break; #if OPENSSL_VERSION_NUMBER >= 0x00907050L @@ -455,7 +464,7 @@ HB_FUNC( EVP_CIPHER_KEY_MODE ) #if OPENSSL_VERSION_NUMBER < 0x00906040L /* fix for typo in macro definition in openssl/evp.h */ #undef EVP_CIPHER_mode - #define EVP_CIPHER_mode(e) ((e)->flags & EVP_CIPH_MODE) + #define EVP_CIPHER_mode(e) ((e)->flags & EVP_CIPH_MODE) #endif hb_retni( cipher ? EVP_CIPHER_mode( cipher ) : 0 ); } @@ -510,12 +519,16 @@ HB_FUNC( EVP_CIPHER_CTX_SET_PADDING ) { if( hb_EVP_CIPHER_CTX_is( 1 ) ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_CIPHER_CTX_set_padding( ctx, hb_parni( 2 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -600,16 +613,20 @@ HB_FUNC( EVP_ENCRYPTINIT_EX ) if( hb_EVP_CIPHER_CTX_is( 1 ) && cipher ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_EncryptInit_ex( ctx, cipher, ( ENGINE * ) hb_parptr( 3 ), ( const unsigned char * ) hb_parc( 4 ), ( const unsigned char * ) hb_parc( 5 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -701,6 +718,9 @@ HB_FUNC( EVP_ENCRYPTFINAL_EX ) hb_xfree( buffer ); hb_storc( NULL, 2 ); } +#else + hb_retni( 0 ); + hb_storc( NULL, 2 ); #endif } } @@ -732,16 +752,20 @@ HB_FUNC( EVP_DECRYPTINIT_EX ) if( hb_EVP_CIPHER_CTX_is( 1 ) && cipher ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_DecryptInit_ex( ctx, cipher, ( ENGINE * ) hb_parptr( 3 ), ( const unsigned char * ) hb_parc( 4 ), ( const unsigned char * ) hb_parc( 5 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -833,6 +857,9 @@ HB_FUNC( EVP_DECRYPTFINAL_EX ) hb_xfree( buffer ); hb_storc( NULL, 2 ); } +#else + hb_retni( 0 ); + hb_storc( NULL, 2 ); #endif } } @@ -865,17 +892,21 @@ HB_FUNC( EVP_CIPHERINIT_EX ) if( hb_EVP_CIPHER_CTX_is( 1 ) && cipher ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_CipherInit_ex( ctx, cipher, ( ENGINE * ) hb_parptr( 3 ), ( const unsigned char * ) hb_parc( 4 ), ( const unsigned char * ) hb_parc( 5 ), hb_parni( 6 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -967,6 +998,9 @@ HB_FUNC( EVP_CIPHERFINAL_EX ) hb_xfree( buffer ); hb_storc( NULL, 2 ); } +#else + hb_retni( 0 ); + hb_storc( NULL, 2 ); #endif } } diff --git a/contrib/hbssl/evpmd.c b/contrib/hbssl/evpmd.c index b58f76322b..1bdcdcc192 100644 --- a/contrib/hbssl/evpmd.c +++ b/contrib/hbssl/evpmd.c @@ -280,12 +280,16 @@ HB_FUNC( EVP_MD_CTX_CLEANUP ) { if( hb_EVP_MD_CTX_is( 1 ) ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_MD_CTX * ctx = hb_EVP_MD_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_MD_CTX_cleanup( ctx ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -322,13 +326,17 @@ HB_FUNC( EVP_MD_CTX_COPY_EX ) { if( hb_EVP_MD_CTX_is( 1 ) && hb_EVP_MD_CTX_is( 2 ) ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_MD_CTX * ctx_out = hb_EVP_MD_CTX_par( 1 ); EVP_MD_CTX * ctx_in = hb_EVP_MD_CTX_par( 2 ); if( ctx_out && ctx_in ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_MD_CTX_copy_ex( ctx_out, ctx_in ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -362,12 +370,16 @@ HB_FUNC( EVP_DIGESTINIT_EX ) if( hb_EVP_MD_CTX_is( 1 ) && md ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_MD_CTX * ctx = hb_EVP_MD_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_DigestInit_ex( ctx, md, ( ENGINE * ) hb_parptr( 3 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -479,12 +491,16 @@ HB_FUNC( EVP_SIGNINIT_EX ) if( hb_EVP_MD_CTX_is( 1 ) && md ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_MD_CTX * ctx = hb_EVP_MD_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_SignInit_ex( ctx, md, ( ENGINE * ) hb_parptr( 3 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); @@ -567,12 +583,16 @@ HB_FUNC( EVP_VERIFYINIT_EX ) if( hb_EVP_MD_CTX_is( 1 ) && md ) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L EVP_MD_CTX * ctx = hb_EVP_MD_CTX_par( 1 ); if( ctx ) + { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L hb_retni( EVP_VerifyInit_ex( ctx, md, ( ENGINE * ) hb_parptr( 3 ) ) ); +#else + hb_retni( 0 ); #endif + } } else hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); diff --git a/contrib/hbssl/hbssl.ch b/contrib/hbssl/hbssl.ch index 45575e21f6..7dd8ac2722 100644 --- a/contrib/hbssl/hbssl.ch +++ b/contrib/hbssl/hbssl.ch @@ -240,6 +240,7 @@ #define HB_EVP_CIPHER_RC5_32_12_16_CFB64 49 #define HB_EVP_CIPHER_RC5_32_12_16_CFB 50 #define HB_EVP_CIPHER_RC5_32_12_16_OFB 51 +#define HB_EVP_CIPHER_AES_128_GCM 99 #define HB_EVP_CIPHER_AES_128_ECB 52 #define HB_EVP_CIPHER_AES_128_CBC 53 #define HB_EVP_CIPHER_AES_128_CFB1 54 @@ -247,6 +248,7 @@ #define HB_EVP_CIPHER_AES_128_CFB128 56 #define HB_EVP_CIPHER_AES_128_CFB 57 #define HB_EVP_CIPHER_AES_128_OFB 58 +#define HB_EVP_CIPHER_AES_192_GCM 100 #define HB_EVP_CIPHER_AES_192_ECB 59 #define HB_EVP_CIPHER_AES_192_CBC 60 #define HB_EVP_CIPHER_AES_192_CFB1 61 @@ -255,6 +257,7 @@ #define HB_EVP_CIPHER_AES_192_CFB 64 #define HB_EVP_CIPHER_AES_192_OFB 65 #define HB_EVP_CIPHER_AES_256_ECB 66 +#define HB_EVP_CIPHER_AES_256_GCM 101 /* highest */ #define HB_EVP_CIPHER_AES_256_CBC 67 #define HB_EVP_CIPHER_AES_256_CFB1 68 #define HB_EVP_CIPHER_AES_256_CFB8 69 diff --git a/contrib/hbssl/hbssl.hbc b/contrib/hbssl/hbssl.hbc index 2c2e15fd58..433374dbea 100644 --- a/contrib/hbssl/hbssl.hbc +++ b/contrib/hbssl/hbssl.hbc @@ -1,5 +1,7 @@ description=OpenSSL wrapper (encryption) +# NOTE: use HB_STATIC_OPENSSL=yes envvar to link openssl lib statically + incpaths=. headers=${hb_name}.ch diff --git a/contrib/hbssl/hbssl.hbm b/contrib/hbssl/hbssl.hbm index d52547ffb2..7ac1d22e56 100644 --- a/contrib/hbssl/hbssl.hbm +++ b/contrib/hbssl/hbssl.hbm @@ -11,6 +11,8 @@ -depkeyhead=openssl:openssl/ssl.h -depcontrol=openssl:no{HB_BUILD_3RDEXT='no'} -depcontrol=openssl:${HB_WITH_OPENSSL} +-depincpath=openssl:/usr/local/opt/openssl/include +-depincpath=openssl:/usr/local/opt/libressl/include -depincpath=openssl:/usr/include -depincpath=openssl:/usr/local/include -depincpath=openssl:/usr/local/ssl/include @@ -21,7 +23,6 @@ {darwin}-cflag=-DOPENSSL_NO_SHA256 {darwin}-cflag=-DOPENSSL_NO_SHA512 {darwin}-cflag=-DOPENSSL_NO_CAMELLIA -{darwin}-cflag=-DOPENSSL_NO_SEED {darwin}-cflag=-DOPENSSL_NO_DGRAM {darwin}-cflag=-DHB_OPENSSL_OLD_OSX_ diff --git a/contrib/hbssl/hbssl.hbx b/contrib/hbssl/hbssl.hbx index bdec21756f..eb5be28a7a 100644 --- a/contrib/hbssl/hbssl.hbx +++ b/contrib/hbssl/hbssl.hbx @@ -32,6 +32,7 @@ DYNAMIC BIO_free_all DYNAMIC BIO_gets DYNAMIC BIO_get_close DYNAMIC BIO_get_conn_hostname +DYNAMIC BIO_get_conn_int_port DYNAMIC BIO_get_conn_ip DYNAMIC BIO_get_conn_port DYNAMIC BIO_get_fd diff --git a/contrib/hbssl/pem.c b/contrib/hbssl/pem.c index 4cd15d4542..a5f2126184 100644 --- a/contrib/hbssl/pem.c +++ b/contrib/hbssl/pem.c @@ -54,7 +54,6 @@ #include "hbssl.h" /* Callback */ -/* -------- */ static int hb_ssl_pem_password_cb( char * buf, int size, int rwflag, void * userdata ) { @@ -97,8 +96,8 @@ static void hb_PEM_read_bio( PEM_READ_BIO * func ) { BIO * bio; - if( HB_ISPOINTER( 1 ) ) - bio = ( BIO * ) hb_parptr( 1 ); + if( hb_BIO_is( 1 ) ) + bio = hb_BIO_par( 1 ); else if( HB_ISCHAR( 1 ) ) bio = BIO_new_file( hb_parc( 1 ), "r" ); else if( HB_ISNUM( 1 ) ) @@ -108,7 +107,7 @@ static void hb_PEM_read_bio( PEM_READ_BIO * func ) if( bio ) { - PHB_ITEM pPassCallback = hb_param( 2, HB_IT_BLOCK | HB_IT_SYMBOL ); + PHB_ITEM pPassCallback = hb_param( 2, HB_IT_EVALITEM ); if( pPassCallback ) { @@ -120,7 +119,7 @@ static void hb_PEM_read_bio( PEM_READ_BIO * func ) hb_retptr( ( *func )( bio, NULL, NULL, ( void * ) hb_parc( 2 ) ) ); } - if( ! HB_ISPOINTER( 1 ) ) + if( ! hb_BIO_is( 1 ) ) BIO_free( bio ); } else diff --git a/contrib/hbssl/rand.c b/contrib/hbssl/rand.c index 2205295ed8..a76e4c6b71 100644 --- a/contrib/hbssl/rand.c +++ b/contrib/hbssl/rand.c @@ -47,7 +47,6 @@ */ #include "hbapi.h" -#include "hbapierr.h" #include "hbssl.h" @@ -73,7 +72,7 @@ HB_FUNC( RAND_EVENT ) #if defined( HB_OS_WIN ) && ! defined( __CYGWIN__ ) hb_retni( RAND_event( hb_parni( 1 ), ( WPARAM ) hb_parnint( 2 ), ( LPARAM ) hb_parnint( 3 ) ) ); #else - hb_retni( 0 ); + hb_retni( 1 ); #endif } diff --git a/contrib/hbssl/ssl.c b/contrib/hbssl/ssl.c index c2d229687d..454c80c11d 100644 --- a/contrib/hbssl/ssl.c +++ b/contrib/hbssl/ssl.c @@ -48,11 +48,11 @@ /* for applink.c */ #if ! defined( HB_OPENSSL_STATIC ) -# if defined( _MSC_VER ) -# ifndef _CRT_SECURE_NO_WARNINGS -# define _CRT_SECURE_NO_WARNINGS -# endif -# endif + #if defined( _MSC_VER ) + #ifndef _CRT_SECURE_NO_WARNINGS + #define _CRT_SECURE_NO_WARNINGS + #endif + #endif #endif #include "hbapi.h" @@ -61,8 +61,8 @@ #include "hbvm.h" #if defined( HB_OS_WIN ) -# include -# include + #include + #include #endif #include "hbssl.h" @@ -75,9 +75,9 @@ Warning W8065 openssl/applink.c 40: Call to function '_setmode' with no prototype in function app_fsetmod Error E2451 openssl/applink.c 82: Undefined symbol '_lseek' in function OPENSSL_Applink */ -# if ! defined( __BORLANDC__ ) -# include "openssl/applink.c" -# endif + #if ! defined( __BORLANDC__ ) + #include "openssl/applink.c" + #endif #endif HB_FUNC( SSL_INIT ) @@ -241,8 +241,8 @@ HB_FUNC( SSL_PENDING ) HB_FUNC( SSL_SET_BIO ) { - BIO * rbio = ( BIO * ) hb_parptr( 2 ); - BIO * wbio = ( BIO * ) hb_parptr( 2 ); + BIO * rbio = hb_BIO_par( 2 ); + BIO * wbio = hb_BIO_par( 3 ); if( hb_SSL_is( 1 ) && rbio && wbio ) { @@ -1505,7 +1505,6 @@ HB_FUNC( SSL_USE_PRIVATEKEY ) } /* Callback */ -/* -------- */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L static void hb_ssl_msg_callback( int write_p, int version, int content_type, const void * buf, size_t len, SSL * ssl, void * userdata ) @@ -1536,7 +1535,7 @@ HB_FUNC( SSL_SET_MSG_CALLBACK ) if( ssl ) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L - PHB_ITEM pCallback = hb_param( 2, HB_IT_BLOCK | HB_IT_SYMBOL ); + PHB_ITEM pCallback = hb_param( 2, HB_IT_EVALITEM ); if( pCallback ) { diff --git a/contrib/hbssl/ssl_hb.c b/contrib/hbssl/ssl_hb.c index ffc9ce51a8..f302b59a78 100644 --- a/contrib/hbssl/ssl_hb.c +++ b/contrib/hbssl/ssl_hb.c @@ -70,7 +70,7 @@ HB_FUNC( HB_SSL_READ_ALL ) int iAllocated = 0; char * retval = NULL; - for(;; ) + for( ;; ) { char buffer[ 1 ]; int iLen; @@ -140,7 +140,7 @@ HB_FUNC( HB_SSL_READ_LINE ) int iAllocated = 0; char * retval = NULL; - for(;; ) + for( ;; ) { char buffer[ 1 ]; int iLen; diff --git a/contrib/hbssl/sslctx.c b/contrib/hbssl/sslctx.c index ddc8f47554..97581741e4 100644 --- a/contrib/hbssl/sslctx.c +++ b/contrib/hbssl/sslctx.c @@ -51,8 +51,8 @@ #include "hbapiitm.h" #if defined( HB_OS_WIN ) -# include -# include + #include + #include #endif #include "hbssl.h" diff --git a/contrib/hbssl/x509.c b/contrib/hbssl/x509.c index 1ed2dbf869..9fc26e686d 100644 --- a/contrib/hbssl/x509.c +++ b/contrib/hbssl/x509.c @@ -50,8 +50,8 @@ #include "hbapierr.h" #if defined( HB_OS_WIN ) -# include -# include + #include + #include #endif #include "hbssl.h"