Attachment #458518 for bug #604492

View | Details | Raw Unified | Return to bug 604492
Collapse All | Expand All

Lines 44-49 Link Here

(-)a/lib/Net/SSLeay.pod (-2 / +36 lines)
44	to use at least 0.9.7 (as older versions are not tested during development). Some low level API functions	44	to use at least 0.9.7 (as older versions are not tested during development). Some low level API functions
45	may be available with certain openssl versions.	45	may be available with certain openssl versions.
46		46
		47	It is compatible with OpenSSL 1.0 and 1.1. Some functions are not available under OpenSSL 1.1.
		48
47	L<Net::SSLeay> module basically comprise of:	49	L<Net::SSLeay> module basically comprise of:
48		50
49	=over	51	=over
Lines 1844-1849 Link Here
1844	#	1846	#
1845	# returns: no return value	1847	# returns: no return value
1846		1848
		1849	Not available with OpenSSL 1.1 and later.
		1850	Code that previously used
		1851	SESSION_set_master_key must now set $secret in the session_secret
		1852	callback set with SSL_set_session_secret_cb.
		1853
1847	=item * SESSION_get_time	1854	=item * SESSION_get_time
1848		1855
1849	Returns the time at which the session s was established.	1856	Returns the time at which the session s was established.
Lines 2447-2452 Link Here
2447	#	2454	#
2448	# returns: result of SSL_CTRL_NEED_TMP_RSA command	2455	# returns: result of SSL_CTRL_NEED_TMP_RSA command
2449		2456
		2457	Not available with OpenSSL 1.1 and later.
		2458
2450	=item * CTX_new	2459	=item * CTX_new
2451		2460
2452	The same as L</CTX_v23_new>	2461	The same as L</CTX_v23_new>
Lines 2457-2462 Link Here
2457		2466
2458	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_new.html\|http://www.openssl.org/docs/ssl/SSL_CTX_new.html>	2467	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_new.html\|http://www.openssl.org/docs/ssl/SSL_CTX_new.html>
2459		2468
		2469	Not available with OpenSSL 1.1 and later.
		2470
2460	=item * CTX_v2_new	2471	=item * CTX_v2_new
2461		2472
2462	Creates a new SSL_CTX object - based on SSLv2_method() - as framework to establish TLS/SSL enabled connections.	2473	Creates a new SSL_CTX object - based on SSLv2_method() - as framework to establish TLS/SSL enabled connections.
Lines 2906-2911 Link Here
2906		2917
2907	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html\|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>	2918	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html\|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
2908		2919
		2920	Not available with OpenSSL 1.1 and later.
		2921
2909	=item * CTX_set_tmp_rsa_callback	2922	=item * CTX_set_tmp_rsa_callback
2910		2923
2911	Sets the callback function for ctx to be used when a temporary/ephemeral RSA key is required to $tmp_rsa_callback.	2924	Sets the callback function for ctx to be used when a temporary/ephemeral RSA key is required to $tmp_rsa_callback.
Lines 2920-2925 Link Here
2920		2933
2921	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html\|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>	2934	Check openssl doc L<http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html\|http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html>
2922		2935
		2936	Not available with OpenSSL 1.1 and later.
		2937
2923	=item * CTX_set_trust	2938	=item * CTX_set_trust
2924		2939
2925	my $rv = Net::SSLeay::CTX_set_trust($s, $trust);	2940	my $rv = Net::SSLeay::CTX_set_trust($s, $trust);
Lines 3436-3445 Link Here
3436		3451
3437	=item * get_keyblock_size	3452	=item * get_keyblock_size
3438		3453
		3454	Gets the length of the TLS keyblock.
		3455
3439	B<NOTE:> Does not exactly correspond to any low level API function.	3456	B<NOTE:> Does not exactly correspond to any low level API function.
3440		3457
3441	??? (more info needed)
3442
3443	my $rv = Net::SSLeay::get_keyblock_size($ssl);	3458	my $rv = Net::SSLeay::get_keyblock_size($ssl);
3444	# $ssl - value corresponding to openssl's SSL structure	3459	# $ssl - value corresponding to openssl's SSL structure
3445	#	3460	#
Lines 3680-3685 Link Here
3680		3695
3681	Net::SSLeay::set_state($ssl,Net::SSLeay::SSL_ST_ACCEPT());	3696	Net::SSLeay::set_state($ssl,Net::SSLeay::SSL_ST_ACCEPT());
3682		3697
		3698	Not available with OpenSSL 1.1 and later.
		3699
3683	=item * get_verify_depth	3700	=item * get_verify_depth
3684		3701
3685	Returns the verification depth limit currently set in $ssl.	3702	Returns the verification depth limit currently set in $ssl.
Lines 3829-3834 Link Here
3829	#	3846	#
3830	# returns: command result	3847	# returns: command result
3831		3848
		3849	Not available with OpenSSL 1.1 and later.
		3850
3832	=item * num_renegotiations	3851	=item * num_renegotiations
3833		3852
3834	Executes SSL_CTRL_GET_NUM_RENEGOTIATIONS command on $ssl.	3853	Executes SSL_CTRL_GET_NUM_RENEGOTIATIONS command on $ssl.
Lines 4131-4136 Link Here
4131	#	4150	#
4132	# returns: no return value	4151	# returns: no return value
4133		4152
		4153	The callback function will be called like:
		4154	callback_function($secret, $ciphers, $pref_cipher, $data);
		4155
		4156	# $secret is the current master session key, usually all 0s at the beginning of a session
		4157	# $ciphers is ref to an array of peer cipher names
		4158	# $pref_cipher is a ref to an index into the list of cipher names of
		4159	# the preferred cipher. Set it if you want to specify a preferred cipher
		4160	# $data is the data passed to set_session_secret_cb
		4161
		4162	The callback function should return 1 if it likes the suggested cipher (or has selected an alternative
		4163	by setting pref_cipher), else it should return 0 (in which case OpenSSL will select its own preferred cipher).
		4164
		4165	With OpenSSL 1.1 and later, callback_function can change the master key for the session by
		4166	altering $secret and returning 1.
		4167
4134	=item * set_shutdown	4168	=item * set_shutdown
4135		4169
4136	Sets the shutdown state of $ssl to $mode.	4170	Sets the shutdown state of $ssl to $mode.

Lines 237-244 Link Here

(-)a/SSLeay.xs (-64 / +216 lines)
237		237
238	#ifdef USE_ITHREADS	238	#ifdef USE_ITHREADS
239	static perl_mutex LIB_init_mutex;	239	static perl_mutex LIB_init_mutex;
		240	#if OPENSSL_VERSION_NUMBER < 0x10100000L
240	static perl_mutex *GLOBAL_openssl_mutex = NULL;	241	static perl_mutex *GLOBAL_openssl_mutex = NULL;
241	#endif	242	#endif
		243	#endif
242	static int LIB_initialized;	244	static int LIB_initialized;
243		245
244	UV get_my_thread_id(void) /* returns threads->tid() value */	246	UV get_my_thread_id(void) /* returns threads->tid() value */
Lines 277-282 Link Here
277	*/	279	*/
278	#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)	280	#if defined(USE_ITHREADS) && defined(OPENSSL_THREADS)
279		281
		282
		283	#if OPENSSL_VERSION_NUMBER < 0x10100000L
280	static void openssl_locking_function(int mode, int type, const char *file, int line)	284	static void openssl_locking_function(int mode, int type, const char *file, int line)
281	{	285	{
282	PR3("openssl_locking_function %d %d\n", mode, type);	286	PR3("openssl_locking_function %d %d\n", mode, type);
Lines 331-336 Link Here
331	MUTEX_DESTROY(&l->mutex);	335	MUTEX_DESTROY(&l->mutex);
332	Safefree(l);	336	Safefree(l);
333	}	337	}
		338	#endif
334		339
335	void openssl_threads_init(void)	340	void openssl_threads_init(void)
336	{	341	{
Lines 338-343 Link Here
338		343
339	PR1("STARTED: openssl_threads_init\n");	344	PR1("STARTED: openssl_threads_init\n");
340		345
		346	#if OPENSSL_VERSION_NUMBER < 0x10100000L
341	/* initialize static locking */	347	/* initialize static locking */
342	if ( !CRYPTO_get_locking_callback() ) {	348	if ( !CRYPTO_get_locking_callback() ) {
343	#if OPENSSL_VERSION_NUMBER < 0x10000000L	349	#if OPENSSL_VERSION_NUMBER < 0x10000000L
Lines 371-376 Link Here
371	CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);	377	CRYPTO_set_dynlock_lock_callback(openssl_dynlocking_lock_function);
372	CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);	378	CRYPTO_set_dynlock_destroy_callback(openssl_dynlocking_destroy_function);
373	}	379	}
		380	#endif
374	}	381	}
375		382
376	#endif	383	#endif
Lines 395-401 Link Here
395	if (!m) return; /* Skip aliases */	402	if (!m) return; /* Skip aliases */
396	mname = OBJ_nid2ln(EVP_MD_type(m));	403	mname = OBJ_nid2ln(EVP_MD_type(m));
397	if (strcmp(from, mname)) return; /* Skip shortnames */	404	if (strcmp(from, mname)) return; /* Skip shortnames */
		405	#if OPENSSL_VERSION_NUMBER < 0x10100000L
398	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */	406	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) return; /* Skip clones */
		407	#endif
399	if (strchr(mname, ' ')) mname= EVP_MD_name(m);	408	if (strchr(mname, ' ')) mname= EVP_MD_name(m);
400	av_push(arg, newSVpv(mname,0));	409	av_push(arg, newSVpv(mname,0));
401	}	410	}
Lines 799-804 Link Here
799	AV *ciphers = newAV();	808	AV *ciphers = newAV();
800	SV *pref_cipher = sv_newmortal();	809	SV *pref_cipher = sv_newmortal();
801	SV * cb_func, *cb_data;	810	SV * cb_func, *cb_data;
		811	SV * secretsv;
802		812
803	PR1("STARTED: ssleay_session_secret_cb_invoke\n");	813	PR1("STARTED: ssleay_session_secret_cb_invoke\n");
804	cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");	814	cb_func = cb_data_advanced_get(arg, "ssleay_session_secret_cb!!func");
Lines 811-818 Link Here
811	SAVETMPS;	821	SAVETMPS;
812		822
813	PUSHMARK(SP);	823	PUSHMARK(SP);
814		824	secretsv = sv_2mortal( newSVpv(secret, *secret_len));
815	XPUSHs( sv_2mortal( newSVpv(secret, *secret_len)) );	825	XPUSHs(secretsv);
816	for (i=0; i<sk_SSL_CIPHER_num(peer_ciphers); i++) {	826	for (i=0; i<sk_SSL_CIPHER_num(peer_ciphers); i++) {
817	SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);	827	SSL_CIPHER *c = sk_SSL_CIPHER_value(peer_ciphers,i);
818	av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));	828	av_store(ciphers, i, sv_2mortal(newSVpv(SSL_CIPHER_get_name(c), 0)));
Lines 835-840 Link Here
835	/* See if there is a preferred cipher selected, if so it is an index into the stack */	845	/* See if there is a preferred cipher selected, if so it is an index into the stack */
836	if (SvIOK(pref_cipher))	846	if (SvIOK(pref_cipher))
837	*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));	847	*cipher = sk_SSL_CIPHER_value(peer_ciphers, SvIV(pref_cipher));
		848
		849	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		850	/* Use any new master secret set by the callback function in secret */
		851	STRLEN newsecretlen;
		852	char* newsecretdata = SvPV(secretsv, newsecretlen);
		853	memcpy(secret, newsecretdata, newsecretlen);
		854	#endif
838	}	855	}
839		856
840	PUTBACK;	857	PUTBACK;
Lines 1404-1411 Link Here
1404	OUTPUT:	1421	OUTPUT:
1405	RETVAL	1422	RETVAL
1406		1423
1407	#ifndef OPENSSL_NO_SSL2
1408		1424
		1425	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		1426	#ifndef OPENSSL_NO_SSL2
		1427
1409	SSL_CTX *	1428	SSL_CTX *
1410	SSL_CTX_v2_new()	1429	SSL_CTX_v2_new()
1411	CODE:	1430	CODE:
Lines 1414-1420 Link Here
1414	RETVAL	1433	RETVAL
1415		1434
1416	#endif	1435	#endif
1417		1436	#endif
1418	#ifndef OPENSSL_NO_SSL3	1437	#ifndef OPENSSL_NO_SSL3
1419		1438
1420	SSL_CTX *	1439	SSL_CTX *
Lines 2105-2114 Link Here
2105	SSL_want(s)	2124	SSL_want(s)
2106	SSL * s	2125	SSL * s
2107		2126
		2127	#if OPENSSL_VERSION_NUMBER < 0x10100000L
2108	int	2128	int
2109	SSL_state(s)	2129	SSL_state(s)
2110	SSL * s	2130	SSL * s
2111		2131
		2132	int
		2133	SSL_get_state(ssl)
		2134	SSL * ssl
		2135	CODE:
		2136	RETVAL = SSL_state(ssl);
		2137	OUTPUT:
		2138	RETVAL
		2139
		2140
		2141	#else
		2142	int
		2143	SSL_state(s)
		2144	SSL * s
		2145	CODE:
		2146	RETVAL = SSL_get_state(s);
		2147	OUTPUT:
		2148	RETVAL
		2149
		2150
		2151	int
		2152	SSL_get_state(s)
		2153	SSL * s
		2154
		2155	#endif
2112	#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)	2156	#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
2113		2157
2114	long	2158	long
Lines 2734-2752 Link Here
2734	X509_ATTRIBUTE * att;	2778	X509_ATTRIBUTE * att;
2735	int count, i;	2779	int count, i;
2736	ASN1_STRING * s;	2780	ASN1_STRING * s;
		2781	ASN1_TYPE * t;
2737	PPCODE:	2782	PPCODE:
2738	att = X509_REQ_get_attr(req,n);	2783	att = X509_REQ_get_attr(req,n);
2739	if (att->single) {	2784	count = X509_ATTRIBUTE_count(att);
2740	s = (att->value.single->value.asn1_string);	2785	for (i=0; i<count; i++) {
		2786	t = X509_ATTRIBUTE_get0_type(att, i);
		2787	s = t->value.asn1_string;
2741	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));	2788	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
2742	}	2789	}
2743	else {
2744	count = sk_ASN1_TYPE_num(att->value.set);
2745	for (i=0; i<count; i++) {
2746	s = (sk_ASN1_TYPE_value(att->value.set, i)->value.asn1_string);
2747	XPUSHs(sv_2mortal(newSViv(PTR2IV(s))));
2748	}
2749	}
2750		2790
2751	#endif	2791	#endif
2752		2792
Lines 4439-4444 Link Here
4439	const unsigned char * sid_ctx	4479	const unsigned char * sid_ctx
4440	unsigned int sid_ctx_len	4480	unsigned int sid_ctx_len
4441		4481
		4482	#if OPENSSL_VERSION_NUMBER < 0x10100000L
4442	void	4483	void
4443	SSL_CTX_set_tmp_rsa_callback(ctx, cb)	4484	SSL_CTX_set_tmp_rsa_callback(ctx, cb)
4444	SSL_CTX * ctx	4485	SSL_CTX * ctx
Lines 4449-4454 Link Here
4449	SSL * ssl	4490	SSL * ssl
4450	cb_ssl_int_int_ret_RSA * cb	4491	cb_ssl_int_int_ret_RSA * cb
4451		4492
		4493	#endif
		4494
4452	void	4495	void
4453	SSL_CTX_set_tmp_dh_callback(ctx, dh)	4496	SSL_CTX_set_tmp_dh_callback(ctx, dh)
4454	SSL_CTX * ctx	4497	SSL_CTX * ctx
Lines 4526-4531 Link Here
4526	OUTPUT:	4569	OUTPUT:
4527	RETVAL	4570	RETVAL
4528		4571
		4572	#if OPENSSL_VERSION_NUMBER < 0x10100000L
4529	long	4573	long
4530	SSL_CTX_need_tmp_RSA(ctx)	4574	SSL_CTX_need_tmp_RSA(ctx)
4531	SSL_CTX * ctx	4575	SSL_CTX * ctx
Lines 4534-4539 Link Here
4534	OUTPUT:	4578	OUTPUT:
4535	RETVAL	4579	RETVAL
4536		4580
		4581	#endif
		4582
4537	int	4583	int
4538	SSL_CTX_set_app_data(ctx,arg)	4584	SSL_CTX_set_app_data(ctx,arg)
4539	SSL_CTX * ctx	4585	SSL_CTX * ctx
Lines 4575-4585 Link Here
4575	SSL_CTX * ctx	4621	SSL_CTX * ctx
4576	DH * dh	4622	DH * dh
4577		4623
		4624	#if OPENSSL_VERSION_NUMBER < 0x10100000L
4578	long	4625	long
4579	SSL_CTX_set_tmp_rsa(ctx,rsa)	4626	SSL_CTX_set_tmp_rsa(ctx,rsa)
4580	SSL_CTX * ctx	4627	SSL_CTX * ctx
4581	RSA * rsa	4628	RSA * rsa
4582		4629
		4630	#endif
		4631
4583	#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC	4632	#if OPENSSL_VERSION_NUMBER > 0x10000000L && !defined OPENSSL_NO_EC
4584		4633
4585	EC_KEY *	4634	EC_KEY *
Lines 4622-4646 Link Here
4622	OUTPUT:	4671	OUTPUT:
4623	RETVAL	4672	RETVAL
4624		4673
4625	int
4626	SSL_get_state(ssl)
4627	SSL * ssl
4628	CODE:
4629	RETVAL = SSL_state(ssl);
4630	OUTPUT:
4631	RETVAL
4632
4633	void	4674	void
4634	SSL_set_state(ssl,state)	4675	SSL_set_state(ssl,state)
4635	SSL * ssl	4676	SSL * ssl
4636	int state	4677	int state
4637	CODE:	4678	CODE:
4638	#ifdef OPENSSL_NO_SSL_INTERN	4679	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		4680	/* not available */
		4681	#elif defined(OPENSSL_NO_SSL_INTERN)
4639	SSL_set_state(ssl,state);	4682	SSL_set_state(ssl,state);
4640	#else	4683	#else
4641	ssl->state = state;	4684	ssl->state = state;
4642	#endif	4685	#endif
4643		4686
		4687	#if OPENSSL_VERSION_NUMBER < 0x10100000L
4644	long	4688	long
4645	SSL_need_tmp_RSA(ssl)	4689	SSL_need_tmp_RSA(ssl)
4646	SSL * ssl	4690	SSL * ssl
Lines 4649-4654 Link Here
4649	OUTPUT:	4693	OUTPUT:
4650	RETVAL	4694	RETVAL
4651		4695
		4696
		4697	#endif
		4698
4652	long	4699	long
4653	SSL_num_renegotiations(ssl)	4700	SSL_num_renegotiations(ssl)
4654	SSL * ssl	4701	SSL * ssl
Lines 4668-4677 Link Here
4668	long	4715	long
4669	SSL_session_reused(ssl)	4716	SSL_session_reused(ssl)
4670	SSL * ssl	4717	SSL * ssl
4671	CODE:
4672	RETVAL = SSL_ctrl(ssl,SSL_CTRL_GET_SESSION_REUSED,0,NULL);
4673	OUTPUT:
4674	RETVAL
4675		4718
4676	int	4719	int
4677	SSL_SESSION_set_app_data(s,a)	4720	SSL_SESSION_set_app_data(s,a)
Lines 4714-4719 Link Here
4714	SSL * ssl	4757	SSL * ssl
4715	DH * dh	4758	DH * dh
4716		4759
		4760	#if OPENSSL_VERSION_NUMBER < 0x10100000L
4717	long	4761	long
4718	SSL_set_tmp_rsa(ssl,rsa)	4762	SSL_set_tmp_rsa(ssl,rsa)
4719	SSL * ssl	4763	SSL * ssl
Lines 4723-4728 Link Here
4723	OUTPUT:	4767	OUTPUT:
4724	RETVAL	4768	RETVAL
4725		4769
		4770	#endif
4726		4771
4727	#ifdef __ANDROID__	4772	#ifdef __ANDROID__
4728		4773
Lines 4855-4867 Link Here
4855	OUTPUT:	4900	OUTPUT:
4856	RETVAL	4901	RETVAL
4857		4902
		4903	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
4858	void	4904	void
4859	SSL_SESSION_get_master_key(s)	4905	SSL_SESSION_get_master_key(s)
4860	SSL_SESSION * s	4906	SSL_SESSION * s
		4907	PREINIT:
		4908	size_t master_key_length;
		4909	unsigned char* master_key;
4861	CODE:	4910	CODE:
4862	ST(0) = sv_newmortal(); /* Undefined to start with */	4911	ST(0) = sv_newmortal(); /* Undefined to start with */
		4912	master_key_length = SSL_SESSION_get_master_key(s, 0, 0); /* get the length */
		4913	New(0, master_key, master_key_length, unsigned char);
		4914	SSL_SESSION_get_master_key(s, master_key, master_key_length);
		4915	sv_setpvn(ST(0), (const char*)master_key, master_key_length);
		4916	Safefree(master_key);
		4917
		4918	#else
		4919	void
		4920	SSL_SESSION_get_master_key(s)
		4921	SSL_SESSION * s
		4922	CODE:
		4923	ST(0) = sv_newmortal(); /* Undefined to start with */
4863	sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);	4924	sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
4864		4925
		4926	#endif
		4927
		4928	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		4929
4865	void	4930	void
4866	SSL_SESSION_set_master_key(s,key)	4931	SSL_SESSION_set_master_key(s,key)
4867	SSL_SESSION * s	4932	SSL_SESSION * s
Lines 4873-4896 Link Here
4873	memcpy(s->master_key, key, len);	4938	memcpy(s->master_key, key, len);
4874	s->master_key_length = len;	4939	s->master_key_length = len;
4875		4940
		4941	#endif
		4942
		4943	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		4944
4876	void	4945	void
4877	SSL_get_client_random(s)	4946	SSL_get_client_random(s)
4878	SSL * s	4947	SSL * s
		4948	PREINIT:
		4949	size_t random_length;
		4950	unsigned char* random_data;
4879	CODE:	4951	CODE:
4880	ST(0) = sv_newmortal(); /* Undefined to start with */	4952	ST(0) = sv_newmortal(); /* Undefined to start with */
		4953	random_length = SSL_get_client_random(s, 0, 0); /* get the length */
		4954	New(0, random_data, random_length, unsigned char);
		4955	SSL_get_client_random(s, random_data, random_length);
		4956	sv_setpvn(ST(0), (const char*)random_data, random_length);
		4957	Safefree(random_data);
		4958
		4959	#else
		4960
		4961	void
		4962	SSL_get_client_random(s)
		4963	SSL * s
		4964	CODE:
		4965	ST(0) = sv_newmortal(); /* Undefined to start with */
4881	sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);	4966	sv_setpvn(ST(0), (const char*)s->s3->client_random, SSL3_RANDOM_SIZE);
4882		4967
		4968	#endif
		4969
		4970	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		4971
4883	void	4972	void
4884	SSL_get_server_random(s)	4973	SSL_get_server_random(s)
4885	SSL * s	4974	SSL * s
		4975	PREINIT:
		4976	size_t random_length;
		4977	unsigned char* random_data;
4886	CODE:	4978	CODE:
4887	ST(0) = sv_newmortal(); /* Undefined to start with */	4979	ST(0) = sv_newmortal(); /* Undefined to start with */
		4980	random_length = SSL_get_server_random(s, 0, 0); /* get the length */
		4981	New(0, random_data, random_length, unsigned char);
		4982	SSL_get_server_random(s, random_data, random_length);
		4983	sv_setpvn(ST(0), (const char*)random_data, random_length);
		4984	Safefree(random_data);
		4985
		4986	#else
		4987
		4988	void
		4989	SSL_get_server_random(s)
		4990	SSL * s
		4991	CODE:
		4992	ST(0) = sv_newmortal(); /* Undefined to start with */
4888	sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);	4993	sv_setpvn(ST(0), (const char*)s->s3->server_random, SSL3_RANDOM_SIZE);
4889		4994
		4995	#endif
		4996
4890	int	4997	int
4891	SSL_get_keyblock_size(s)	4998	SSL_get_keyblock_size(s)
4892	SSL * s	4999	SSL * s
4893	CODE:	5000	CODE:
		5001	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		5002	const SSL_CIPHER *ssl_cipher;
		5003	int cipher, digest;
		5004	const EVP_CIPHER *c;
		5005	const EVP_MD *h;
		5006
		5007	ssl_cipher = SSL_get_current_cipher(s);
		5008	cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
		5009	digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
		5010	c = EVP_get_cipherbynid(cipher);
		5011	h = EVP_get_digestbynid(digest);
		5012	RETVAL = 2 * (EVP_CIPHER_key_length(c) + EVP_MD_size(h) +
		5013	EVP_CIPHER_iv_length(c));
		5014	#else
4894	if (s == NULL \|\|	5015	if (s == NULL \|\|
4895	s->enc_read_ctx == NULL \|\|	5016	s->enc_read_ctx == NULL \|\|
4896	s->enc_read_ctx->cipher == NULL \|\|	5017	s->enc_read_ctx->cipher == NULL \|\|
Lines 4919-4924 Link Here
4919	EVP_CIPHER_iv_length(c)))	5040	EVP_CIPHER_iv_length(c)))
4920	: -1;	5041	: -1;
4921	}	5042	}
		5043	#endif
		5044
4922	OUTPUT:	5045	OUTPUT:
4923	RETVAL	5046	RETVAL
4924		5047
Lines 4956-4964 Link Here
4956	else {	5079	else {
4957	cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));	5080	cb_data_advanced_put(s, "ssleay_session_secret_cb!!func", newSVsv(callback));
4958	cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));	5081	cb_data_advanced_put(s, "ssleay_session_secret_cb!!data", newSVsv(data));
4959	SSL_set_session_secret_cb(s, (int ()(SSL s, void secret, int secret_len,	5082	SSL_set_session_secret_cb(s, (tls_session_secret_cb_fn)&ssleay_session_secret_cb_invoke, s);
4960	STACK_OF(SSL_CIPHER) *peer_ciphers,
4961	SSL_CIPHER *cipher, void arg))&ssleay_session_secret_cb_invoke, s);
4962	}	5083	}
4963		5084
4964	#endif	5085	#endif
Lines 5382-5388 Link Here
5382	P_X509_get_signature_alg(x)	5503	P_X509_get_signature_alg(x)
5383	X509 * x	5504	X509 * x
5384	CODE:	5505	CODE:
		5506	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		5507	RETVAL = (X509_get0_tbs_sigalg(x)->algorithm);
		5508	#else
5385	RETVAL = (x->cert_info->signature->algorithm);	5509	RETVAL = (x->cert_info->signature->algorithm);
		5510	#endif
5386	OUTPUT:	5511	OUTPUT:
5387	RETVAL	5512	RETVAL
5388		5513
Lines 5389-5396 Link Here
5389	ASN1_OBJECT *	5514	ASN1_OBJECT *
5390	P_X509_get_pubkey_alg(x)	5515	P_X509_get_pubkey_alg(x)
5391	X509 * x	5516	X509 * x
		5517	PREINIT:
5392	CODE:	5518	CODE:
		5519	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		5520	{
		5521	X509_ALGOR * algor;
		5522	X509_PUBKEY_get0_param(0, 0, 0, &algor, X509_get_X509_PUBKEY(x));
		5523	RETVAL = (algor->algorithm);
		5524	}
		5525	#else
5393	RETVAL = (x->cert_info->key->algor->algorithm);	5526	RETVAL = (x->cert_info->key->algor->algorithm);
		5527	#endif
5394	OUTPUT:	5528	OUTPUT:
5395	RETVAL	5529	RETVAL
5396		5530
Lines 5705-5712 Link Here
5705	* response does not contain the chain up to the trusted root */	5839	* response does not contain the chain up to the trusted root */
5706	STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);	5840	STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
5707	for(i=0;i<sk_X509_num(chain);i++) {	5841	for(i=0;i<sk_X509_num(chain);i++) {
5708	if (!bsr->certs) bsr->certs = sk_X509_new_null();	5842	OCSP_basic_add1_cert(bsr, sk_X509_value(chain,i));
5709	sk_X509_push(bsr->certs,X509_dup(sk_X509_value(chain,i)));
5710	}	5843	}
5711	TRACE(1,"run basic verify");	5844	TRACE(1,"run basic verify");
5712	RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);	5845	RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
Lines 5718-5724 Link Here
5718	X509 *issuer;	5851	X509 *issuer;
5719	X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);	5852	X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
5720	if ( (issuer = find_issuer(last,store,chain))) {	5853	if ( (issuer = find_issuer(last,store,chain))) {
5721	sk_X509_push(bsr->certs,X509_dup(issuer));	5854	OCSP_basic_add1_cert(bsr, X509_dup(issuer));
5722	TRACE(1,"run OCSP_basic_verify with issuer for last chain element");	5855	TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
5723	RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);	5856	RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
5724	}	5857	}
Lines 5736-5742 Link Here
5736	OCSP_BASICRESP *bsr;	5869	OCSP_BASICRESP *bsr;
5737	int i,want_array;	5870	int i,want_array;
5738	time_t nextupd = 0;	5871	time_t nextupd = 0;
5739	STACK_OF(OCSP_SINGLERESP) *sks;
5740	int getall,sksn;	5872	int getall,sksn;
5741		5873
5742	bsr = OCSP_response_get1_basic(rsp);	5874	bsr = OCSP_response_get1_basic(rsp);
Lines 5744-5751 Link Here
5744		5876
5745	want_array = (GIMME == G_ARRAY);	5877	want_array = (GIMME == G_ARRAY);
5746	getall = (items <= 1);	5878	getall = (items <= 1);
5747	sks = bsr->tbsResponseData->responses;	5879	sksn = OCSP_resp_count(bsr);
5748	sksn = sk_OCSP_SINGLERESP_num(sks);
5749		5880
5750	for(i=0; i < (getall ? sksn : items-1); i++) {	5881	for(i=0; i < (getall ? sksn : items-1); i++) {
5751	const char *error = NULL;	5882	const char *error = NULL;
Lines 5754-5762 Link Here
5754	SV *idsv = NULL;	5885	SV *idsv = NULL;
5755		5886
5756	if(getall) {	5887	if(getall) {
5757	sir = sk_OCSP_SINGLERESP_value(sks,i);	5888	sir = OCSP_resp_get0(bsr,i);
5758	} else {	5889	} else {
5759	int k;
5760	STRLEN len;	5890	STRLEN len;
5761	const unsigned char *p;	5891	const unsigned char *p;
5762		5892
Lines 5767-5788 Link Here
5767	error = "failed to get OCSP certid from string";	5897	error = "failed to get OCSP certid from string";
5768	goto end;	5898	goto end;
5769	}	5899	}
5770	for(k=0;k<sksn;k++) {	5900	int first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
5771	if (!OCSP_id_cmp(certid,sk_OCSP_SINGLERESP_value(sks,k)->certId)) {	5901	if (first >= 0)
5772	sir = sk_OCSP_SINGLERESP_value(sks,k);	5902	{
5773	break;	5903	sir = OCSP_resp_get0(bsr,first);
5774	}	5904	break;
5775	}	5905	}
5776	}	5906	}
5777		5907
5778	if (!sir) {	5908	int status, revocationReason;
5779	error = "cannot find entry for certificate in OCSP response";	5909	ASN1_GENERALIZEDTIME revocationTime, thisupdate, *nextupdate;
5780	} else if (!OCSP_check_validity(sir->thisUpdate,sir->nextUpdate,0,-1)) {	5910	if (sir)
5781	error = "response not yet valid or expired";	5911	{
5782	} else if (sir->certStatus->type == V_OCSP_CERTSTATUS_REVOKED) {	5912	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
5783	error = "certificate status is revoked";	5913	status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
5784	} else if (sir->certStatus->type != V_OCSP_CERTSTATUS_GOOD) {	5914	#else
5785	error = "certificate status is unknown";	5915	status = sir->certStatus->type;
		5916	revocationTime = sir->certStatus->value.revoked->revocationTime;
		5917	thisupdate = sir->thisUpdate;
		5918	nextupdate = sir->nextUpdate;
		5919	#endif
		5920	if (status == V_OCSP_CERTSTATUS_REVOKED) {
		5921	error = "certificate status is revoked";
		5922	} else if (status != V_OCSP_CERTSTATUS_GOOD) {
		5923	error = "certificate status is unknown";
		5924	}
		5925	else if (!OCSP_check_validity(thisupdate, nextupdate, 0, -1)) {
		5926	error = "response not yet valid or expired";
		5927	}
		5928	} else {
		5929	error = "cannot find entry for certificate in OCSP response";
5786	}	5930	}
5787		5931
5788	end:	5932	end:
Lines 5791-5802 Link Here
5791	if (!idsv) {	5935	if (!idsv) {
5792	/* getall: create new SV with OCSP_CERTID */	5936	/* getall: create new SV with OCSP_CERTID */
5793	unsigned char pi,pc;	5937	unsigned char pi,pc;
		5938	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		5939	int len = i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),NULL);
		5940	#else
5794	int len = i2d_OCSP_CERTID(sir->certId,NULL);	5941	int len = i2d_OCSP_CERTID(sir->certId,NULL);
		5942	#endif
5795	if(!len) continue;	5943	if(!len) continue;
5796	Newx(pc,len,unsigned char);	5944	Newx(pc,len,unsigned char);
5797	if (!pc) croak("out of memory");	5945	if (!pc) croak("out of memory");
5798	pi = pc;	5946	pi = pc;
		5947	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		5948	i2d_OCSP_CERTID(OCSP_SINGLERESP_get0_id(sir),&pi);
		5949	#else
5799	i2d_OCSP_CERTID(sir->certId,&pi);	5950	i2d_OCSP_CERTID(sir->certId,&pi);
		5951	#endif
5800	idsv = newSVpv((char*)pc,len);	5952	idsv = newSVpv((char*)pc,len);
5801	Safefree(pc);	5953	Safefree(pc);
5802	} else {	5954	} else {
Lines 5809-5834 Link Here
5809	HV *details = newHV();	5961	HV *details = newHV();
5810	av_push(idav,newRV_noinc((SV*)details));	5962	av_push(idav,newRV_noinc((SV*)details));
5811	hv_store(details,"statusType",10,	5963	hv_store(details,"statusType",10,
5812	newSViv(sir->certStatus->type),0);	5964	newSViv(status),0);
5813	if (sir->nextUpdate) hv_store(details,"nextUpdate",10,	5965	if (nextupdate) hv_store(details,"nextUpdate",10,
5814	newSViv(ASN1_TIME_timet(sir->nextUpdate)),0);	5966	newSViv(ASN1_TIME_timet(nextupdate)),0);
5815	if (sir->thisUpdate) hv_store(details,"thisUpdate",10,	5967	if (thisupdate) hv_store(details,"thisUpdate",10,
5816	newSViv(ASN1_TIME_timet(sir->thisUpdate)),0);	5968	newSViv(ASN1_TIME_timet(thisupdate)),0);
5817	if (sir->certStatus->type == V_OCSP_CERTSTATUS_REVOKED) {	5969	if (status == V_OCSP_CERTSTATUS_REVOKED) {
		5970	#if OPENSSL_VERSION_NUMBER < 0x10100000L
5818	OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;	5971	OCSP_REVOKEDINFO *rev = sir->certStatus->value.revoked;
5819	hv_store(details,"revocationTime",14,newSViv(	5972	revocationReason = ASN1_ENUMERATED_get(rev->revocationReason);
5820	ASN1_TIME_timet(rev->revocationTime)),0);	5973	#endif
5821	hv_store(details,"revocationReason",16,newSViv(	5974	hv_store(details,"revocationTime",14,newSViv(ASN1_TIME_timet(revocationTime)),0);
5822	ASN1_ENUMERATED_get(rev->revocationReason)),0);	5975	hv_store(details,"revocationReason",16,newSViv(revocationReason),0);
5823	hv_store(details,"revocationReason_str",20,newSVpv(	5976	hv_store(details,"revocationReason_str",20,newSVpv(
5824	OCSP_crl_reason_str(ASN1_ENUMERATED_get(	5977	OCSP_crl_reason_str(revocationReason),0),0);
5825	rev->revocationReason)),0),0);
5826	}	5978	}
5827	}	5979	}
5828	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));	5980	XPUSHs(sv_2mortal(newRV_noinc((SV*)idav)));
5829	} else if (!error) {	5981	} else if (!error) {
5830	/* compute lowest nextUpdate */	5982	/* compute lowest nextUpdate */
5831	time_t nu = ASN1_TIME_timet(sir->nextUpdate);	5983	time_t nu = ASN1_TIME_timet(nextupdate);
5832	if (!nextupd \|\| nextupd>nu) nextupd = nu;	5984	if (!nextupd \|\| nextupd>nu) nextupd = nu;
5833	}	5985	}
5834		5986

Lines 175-181 Link Here

(-)a/t/local/32_x509_get_cert_info.t (-1 / +1 lines)
175	}	175	}
176		176
177	SKIP: {	177	SKIP: {
178	skip('crl_distribution_points requires 0.9.7+', scalar(@{$dump->{$f}->{cdp}})+1) unless Net::SSLeay::SSLeay >= 0x0090700f;	178	skip('crl_distribution_points requires 0.9.7+', int(@{$dump->{$f}->{cdp}})+1) unless Net::SSLeay::SSLeay >= 0x0090700f;
179	my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509);	179	my @cdp = Net::SSLeay::P_X509_get_crl_distribution_points($x509);
180	is(scalar(@cdp), scalar(@{$dump->{$f}->{cdp}}), "cdp size\t$f");	180	is(scalar(@cdp), scalar(@{$dump->{$f}->{cdp}}), "cdp size\t$f");
181	for my $i (0..$#cdp) {	181	for my $i (0..$#cdp) {

Lines 6-12 Link Here

(-)a/t/local/35_ephemeral.t (-1 / +1 lines)
6	use Net::SSLeay;	6	use Net::SSLeay;
7		7
8	BEGIN {	8	BEGIN {
9	plan skip_all => "libressl removed support for ephemeral/temporary RSA private keys" if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");	9	plan skip_all => "libressl and OpenSSL 1.1 removed support for ephemeral/temporary RSA private keys" if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") \|\| $Net::SSLeay::VERSION > 1.74;
10	}	10	}
11		11
12	plan tests => 3;	12	plan tests => 3;

Return to bug 604492