diff options
Diffstat (limited to 'smtpd/libressl.c')
-rw-r--r-- | smtpd/libressl.c | 213 |
1 files changed, 0 insertions, 213 deletions
diff --git a/smtpd/libressl.c b/smtpd/libressl.c deleted file mode 100644 index 57d74389..00000000 --- a/smtpd/libressl.c +++ /dev/null @@ -1,213 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * SSL operations needed when running in a privilege separated environment. - * Adapted from openssl's ssl_rsa.c by Pierre-Yves Ritschard . - */ - -#include "includes.h" - -#include <sys/types.h> - -#include <limits.h> -#include <unistd.h> -#include <stdio.h> - -#include <openssl/err.h> -#include <openssl/bio.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/pem.h> -#include <openssl/ssl.h> - -#include "log.h" -#include "ssl.h" - -#define SSL_ECDH_CURVE "prime256v1" - -/* - * Read a bio that contains our certificate in "PEM" format, - * possibly followed by a sequence of CA certificates that should be - * sent to the peer in the Certificate message. - */ -static int -ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) -{ - int ret = 0; - X509 *x = NULL; - - ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ - - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); - if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); - goto end; - } - - ret = SSL_CTX_use_certificate(ctx, x); - - if (ERR_peek_error() != 0) - ret = 0; - /* Key/certificate mismatch doesn't imply ret==0 ... */ - if (ret) { - /* - * If we could set up our certificate, now proceed to - * the CA certificates. - */ - X509 *ca; - int r; - unsigned long err; - - if (ctx->extra_certs != NULL) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } - - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) != NULL) { - r = SSL_CTX_add_extra_chain_cert(ctx, ca); - if (!r) { - X509_free(ca); - ret = 0; - goto end; - } - /* - * Note that we must not free r if it was successfully - * added to the chain (while we must free the main - * certificate, since its reference count is increased - * by SSL_CTX_use_certificate). - */ - } - - /* When the while loop ends, it's usually just EOF. */ - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - ERR_clear_error(); - else - ret = 0; /* some real error */ - } - -end: - if (x != NULL) - X509_free(x); - return (ret); -} - -int -SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) -{ - BIO *in; - int ret = 0; - - in = BIO_new_mem_buf(buf, len); - if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); - goto end; - } - - ret = ssl_ctx_use_certificate_chain_bio(ctx, in); - -end: - BIO_free(in); - return (ret); -} - -#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO -void -SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int enable) -{ - int nid; - EC_KEY *ecdh; - - if (!enable) - return; - - if ((nid = OBJ_sn2nid(SSL_ECDH_CURVE)) == 0) { - ssl_error("ssl_set_ecdh_auto"); - fatal("ssl_set_ecdh_auto: unknown curve name " - SSL_ECDH_CURVE); - } - - if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { - ssl_error("ssl_set_ecdh_auto"); - fatal("ssl_set_ecdh_auto: unable to create curve " - SSL_ECDH_CURVE); - } - - SSL_CTX_set_tmp_ecdh(ctx, ecdh); - SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); - EC_KEY_free(ecdh); -} -#endif - -#ifndef HAVE_SSL_CTX_SET_DH_AUTO -void -SSL_CTX_set_dh_auto(SSL_CTX *ctx, int enable) -{ - if (!enable) - return; - - /* stub until OpenSSL catches up with this ... */ - log_warnx("OpenSSL does not support SSL_CTX_set_dh_auto (yet ?)"); - return; -} -#endif |