--- Makefile.in 2004-03-27 06:50:00.000000000 +0000 +++ Makefile.in 2004-03-27 06:50:00.000000000 +0000 @@ -62,6 +62,10 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ +# Stuff for SSL +XSSL_LIBS = @SSL_LIBS@ +XSSL_INCLUDE = @SSL_INCLUDE@ + # Stuff for Tcl TCLLIB = @TCLLIB@ TCLLIBFN = @TCLLIBFN@ @@ -95,7 +99,8 @@ MAKE_MODEGG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(MOD_CC)' 'LD=$(MOD_LD)' \ 'STRIP=$(MOD_STRIP)' 'RANLIB=$(RANLIB)' 'CFLGS=$(CFLGS)' \ 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \ -'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(standard build)' 'MODOBJS=' +'XSSL_LIBS=$(XSSL_LIBS)' 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' \ +'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'EGGBUILD=' 'MODOBJS=' MAKE_MODULES = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(SHLIB_CC)' 'LD=$(SHLIB_LD)' \ 'STRIP=$(SHLIB_STRIP)' 'CFLGS=$(CFLGS)' 'XLIBS=$(XLIBS)' \ @@ -105,12 +110,13 @@ 'STRIP=$(STRIP)' 'RANLIB=$(RANLIB)' 'CFLGS=$(CFLGS) -DSTATIC' \ 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \ 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(static version)' \ -'MODOBJS=mod/*.o' +'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'XSSL_LIBS=$(XSSL_LIBS)' 'MODOBJS=mod/*.o' MAKE_DEBEGG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(MOD_CC)' 'LD=$(MOD_LD)' \ 'STRIP=touch' 'RANLIB=$(RANLIB)' 'CFLGS=$(DEBCFLGS) $(CFLGS)' \ 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \ -'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(debug version)' 'MODOBJS=' +'XSSL_LIBS=$(XSSL_LIBS)' 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' \ +'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'EGGBUILD=(debug version)' 'MODOBJS=' MAKE_DEBMODULES = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(SHLIB_CC)' 'LD=$(SHLIB_LD)' \ 'XLIBS=$(XLIBS)' 'STRIP=touch' 'CFLGS=$(DEBCFLGS) $(CFLGS)' \ @@ -119,7 +125,8 @@ MAKE_SDEBUG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(CC)' 'LD=$(LD)' \ 'STRIP=touch' 'RANLIB=$(RANLIB)' 'CFLGS=$(DEBCFLGS) $(CFLGS) -DSTATIC' \ 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' 'XLIBS=$(XLIBS)' \ -'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(static debug version)' 'MODOBJS=mod/*.o' +'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'XSSL_LIBS=$(XSSL_LIBS)' 'EGGEXEC=$(EGGEXEC)' \ +'EGGBUILD=(static and debug version)' 'MODOBJS=mod/*.o' MAKE_DEPEND = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(CC)' --- aclocal.m4 2004-03-27 06:50:00.000000000 +0000 +++ aclocal.m4 2012-03-31 19:46:26.881862392 +0300 @@ -37,6 +37,64 @@ ]) +dnl EGG_SSL_CRAP() +dnl +AC_DEFUN(EGG_SSL_CRAP, [dnl +#ssl checks +AC_MSG_CHECKING(whether to include SSL support) +AC_ARG_WITH(ssl, +[ --with-ssl[=PATH] Include SSL support (DIR is OpenSSL's install dir).], +[ + case "$withval" in + no) + AC_MSG_RESULT(no) ;; + yes) + AC_MSG_RESULT(yes) + AC_CHECK_LIB(ssl,SSL_accept,[AC_DEFINE(EGG_SSL_EXT) + SSL_LIBS="-lssl -lcrypto"],[AC_MSG_ERROR([You requested SSL support, but OpenSSL was not found. Please supply a pathname to OpenSSL])],-lcrypto) + ;; + *) +dnl A whole whack of possible places where this might be + test -f $withval/openssl/ssl.h && SSL_INCLUDE="$withval" + test -f $withval/include/openssl/ssl.h && SSL_INCLUDE="$withval/include" + + test -f $withval/lib/libssl.a && SSL_LIB="$withval/lib" + test -f $withval/lib/ssl/libssl.a && SSL_LIB="$withval/lib/ssl" + test -f $withval/lib/openssl/libssl.a && SSL_LIB="$withval/lib/openssl/ssl" + test -f $withval/libssl.a && SSL_LIB="$withval" + test -f $withval/ssl/libssl.a && SSL_LIB="$withval/ssl" + test -f $withval/openssl/libssl.a && SSL_LIB="$withval/openssl" + + test -f $withval/lib/libcrypto.a && CRYPTO_LIB="$withval/lib" + test -f $withval/lib/ssl/libcrypto.a && CRYPTO_LIB="$withval/lib/ssl" + test -f $withval/lib/openssl/libcrypto.a && CRYPTO_LIB="$withval/lib/openssl/ssl" + test -f $withval/libcrypto.a && CRYPTO_LIB="$withval" + test -f $withval/ssl/libcrypto.a && CRYPTO_LIB="$withval/ssl" + test -f $withval/openssl/libcrypto.a && CRYPTO_LIB="$withval/openssl" + + if test -n "$SSL_INCLUDE" && test -n "$SSL_LIB" && test -n "$CRYPTO_LIB"; then + SSL_LIBS="-lssl -lcrypto -L$SSL_LIB -L$CRYPTO_LIB"; + AC_DEFINE([EGG_SSL_EXT], [], [SSL support]) + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + AC_MSG_ERROR([You requested SSL support, but OpenSSL was not found. Please supply a pathname to OpenSSL]) + fi ;; + esac +],[ + AC_MSG_RESULT(will try to find) + AC_CHECK_LIB(ssl,SSL_accept,[AC_DEFINE(EGG_SSL_EXT) + SSL_LIBS="-lssl -lcrypto"],[AC_MSG_ERROR([OpenSSL was not found. Please supply a pathname to OpenSSL])],-lcrypto) + AC_CHECK_HEADERS("openssl/ssl.h",,[AC_MSG_ERROR([OpenSSL was not found. Please supply a pathname to OpenSSL])],) + + AC_SUBST(SSL_LIBS)dnl + AC_SUBST(SSL_INCLUDE)dnl +]) + +#end of ssl checks +])dnl + + dnl EGG_MSG_CONFIGURE_END() dnl AC_DEFUN([EGG_MSG_CONFIGURE_END], --- config.h.in 2004-03-27 06:50:00.000000000 +0000 +++ config.h.in 2004-03-27 06:50:00.000000000 +0000 @@ -62,6 +62,9 @@ */ #undef HAVE_DECL_TZNAME +/* Defines ssl mode */ +#undef EGG_SSL_EXT + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H --- configure.ac 2004-03-27 06:50:00.000000000 +0000 +++ configure.ac 2004-03-27 06:50:00.000000000 +0000 @@ -151,6 +151,7 @@ /usr/local/pkgs/tcl/include /sys/include \ /usr/pkg/lib /beos/system/include /beos/devel/include $HOME" +EGG_SSL_CRAP # We save the cache (if used) here to speed things up if we can't find Tcl. AC_CACHE_SAVE --- src/Makefile.in 2004-03-27 06:50:00.000000000 +0000 +++ src/Makefile.in 2004-03-27 06:50:00.000000000 +0000 @@ -11,6 +11,8 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ +XSSL_LIBS = @SSL_LIBS@ +XSSL_INCLUDE = @SSL_INCLUDE@ CC = @CC@ LD = @CC@ @@ -37,7 +39,7 @@ @echo "Linking eggdrop $(EGGBUILD)." @echo "" @touch mod/mod.xlibs - $(LD) -o ../$(EGGEXEC) $(eggdrop_objs) $(MODOBJS) $(XLIBS) md5/md5c.o compat/*.o `cat mod/mod.xlibs` + $(LD) -o ../$(EGGEXEC) $(eggdrop_objs) $(MODOBJS) $(XLIBS) md5/md5c.o compat/*.o `cat mod/mod.xlibs` $(XSSL_LIBS) $(XSSL_INCLUDE) $(STRIP) ../$(EGGEXEC) @echo "" @echo "Successful compile: $(EGGEXEC)" --- src/dcc.c 2004-03-27 06:50:00.000000000 +0000 +++ src/dcc.c 2004-03-27 06:50:00.000000000 +0000 @@ -32,7 +32,11 @@ #include "tandem.h" /* Includes for botnet md5 challenge/response code */ +#ifndef EGG_SSL_EXT #include "md5/md5.h" +#else +#include "openssl/md5.h" +#endif extern struct userrec *userlist; extern struct chanset_t *chanset; --- src/dccutil.c 2004-03-27 06:50:00.000000000 +0000 +++ src/dccutil.c 2004-03-27 06:50:00.000000000 +0000 @@ -33,6 +33,7 @@ #include "chan.h" #include "modules.h" #include "tandem.h" +#include "net.h" extern struct dcc_t *dcc; extern int dcc_total, dcc_flood_thr, backgrd, copy_to_tmp, max_socks; --- src/eggdrop.h 2004-03-27 06:50:00.000000000 +0000 +++ src/eggdrop.h 2004-03-27 06:50:00.000000000 +0000 @@ -678,15 +678,6 @@ ClientData cd; }; -typedef struct sock_list { - int sock; - short flags; - union { - struct sock_handler sock; - struct tclsock_handler tclsock; - } handler; -} sock_list; - enum { EGG_OPTION_SET = 1, /* Set option(s). */ EGG_OPTION_UNSET = 2 /* Unset option(s). */ --- src/main.c 2004-03-27 06:50:00.000000000 +0000 +++ src/main.c 2004-03-27 06:50:00.000000000 +0000 @@ -164,6 +164,10 @@ int cx_ptr = 0; #endif +#ifdef EGG_SSL_EXT +void init_ssl(); +int clean_ssl(); +#endif void fatal(const char *s, int recoverable) { @@ -174,6 +178,9 @@ for (i = 0; i < dcc_total; i++) if (dcc[i].sock >= 0) killsock(dcc[i].sock); + #ifdef EGG_SSL_EXT + clean_ssl(); + #endif unlink(pid_file); if (!recoverable) { bg_send_quit(BG_ABORT); @@ -1029,6 +1036,9 @@ init_userent(); init_misc(); init_bots(); +#ifdef EGG_SSL_EXT + init_ssl(); +#endif init_modules(); if (backgrd) bg_prepare_split(); --- src/md5/md5.h 2004-03-27 06:50:00.000000000 +0000 +++ src/md5/md5.h 2004-03-27 06:50:00.000000000 +0000 @@ -5,6 +5,9 @@ * Written by Solar Designer in 2001, and placed in * the public domain. See md5c.c for more information. */ +#include "../config.h" +#ifndef EGG_SSL_EXT + #ifndef _MD5_H #define _MD5_H @@ -24,3 +27,4 @@ extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); #endif +#endif --- src/md5/md5c.c 2004-03-27 06:50:00.000000000 +0000 +++ src/md5/md5c.c 2004-03-27 06:50:00.000000000 +0000 @@ -17,9 +17,23 @@ #include +#ifndef EGG_SSL_EXT #include "md5.h" +#else +#include "openssl/md5.h" +#endif + #include "compat/compat.h" +typedef unsigned long MD5_u32plus; + +typedef struct { + MD5_u32plus lo, hi; + MD5_u32plus a, b, c, d; + unsigned char buffer[64]; + MD5_u32plus block[16]; +} MD5_CTX; + /* * The basic MD5 functions. * --- src/mod/compress.mod/compress.c 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/compress.mod/compress.c 2004-03-27 06:50:00.000000000 +0000 @@ -36,6 +36,8 @@ #include "src/mod/module.h" #include "share.mod/share.h" +#include + #ifdef HAVE_MMAP # undef panic # include --- src/mod/irc.mod/chan.c 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/irc.mod/chan.c 2004-03-27 06:50:00.000000000 +0000 @@ -991,10 +991,10 @@ q = strchr(p, ' '); if (q != NULL) { *q = 0; - set_key(chan, p); + set_keyegg(chan, p); strcpy(p, q + 1); } else { - set_key(chan, p); + set_keyegg(chan, p); *p = 0; } } --- src/mod/irc.mod/irc.c 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/irc.mod/irc.c 2004-03-27 06:50:00.000000000 +0000 @@ -256,7 +256,7 @@ /* Set the key. */ -static void set_key(struct chanset_t *chan, char *k) +static void set_keyegg(struct chanset_t *chan, char *k) { nfree(chan->channel.key); if (k == NULL) { --- src/mod/irc.mod/irc.h 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/irc.mod/irc.h 2004-03-27 06:50:00.000000000 +0000 @@ -68,7 +68,7 @@ static void reset_chan_info(struct chanset_t *, int); static void recheck_channel(struct chanset_t *, int); -static void set_key(struct chanset_t *, char *); +static void set_keyegg(struct chanset_t *, char *); static void maybe_revenge(struct chanset_t *, char *, char *, int); static int detect_chan_flood(char *, char *, char *, struct chanset_t *, int, char *); --- src/mod/irc.mod/mode.c 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/irc.mod/mode.c 2004-03-27 06:50:00.000000000 +0000 @@ -1209,7 +1209,7 @@ if (!(chan = modebind_refresh(ch, from, &user, NULL, NULL))) return 0; if (ms2[0] == '+') { - set_key(chan, op); + set_keyegg(chan, op); if (channel_active(chan)) got_key(chan, nick, from, op); } else { @@ -1220,7 +1220,7 @@ !chan_master(user) && !match_my_nick(nick)) add_mode(chan, '+', 'k', chan->key_prot); } - set_key(chan, NULL); + set_keyegg(chan, NULL); } break; case 'o': --- src/mod/module.h~ 2012-03-31 15:38:27.000000000 +0300 +++ src/mod/module.h 2012-03-31 15:44:10.254563119 +0300 @@ -473,8 +473,13 @@ /* 284 - 287 */ #define quiet_reject (*(int *)(global[284])) #define file_readable ((int (*) (char *))global[285]) +#ifdef EGG_SSL_EXT +#define net_switch_to_ssl ((int (*)(int))global[286]) +#define ssl_use (*(int *)global[287]) /* kyotou */ +#else /* IPv6 leftovers: 286 */ /* IPv6 leftovers: 287 */ +#endif /* 288 - 291 */ /* IPv6 leftovers: 288 */ #define strip_mirc_codes ((void (*)(int, char *))global[289]) --- src/mod/server.mod/servmsg.c 2004-03-27 06:50:00.000000000 +0000 +++ src/mod/server.mod/servmsg.c 2004-03-27 06:50:00.000000000 +0000 @@ -1360,6 +1360,14 @@ fatal("NO SERVERS WILL ACCEPT MY CONNECTION.", 0); } else { dcc[servidx].sock = serv; + #ifdef EGG_SSL_EXT + if (ssl_use) { + if (net_switch_to_ssl(serv)==0) { + putlog(LOG_SERV, "*", "SSL %s %s (Error while switching to SSL)", IRC_FAILEDCONNECT, dcc[servidx].host); + lostdcc(servidx); + } + } + #endif /* Queue standard login */ dcc[servidx].timeval = now; SERVER_SOCKET.timeout_val = &server_timeout; --- src/modules.c 2004-03-27 06:50:00.000000000 +0000 +++ src/modules.c 2004-03-27 06:50:00.000000000 +0000 @@ -29,9 +29,17 @@ #include "main.h" #include "modules.h" #include "tandem.h" + +#ifndef EGG_SSL_EXT #include "md5/md5.h" +#else +#include "openssl/md5.h" +#endif + #include "users.h" +#include "net.h" + #ifndef STATIC # ifdef MOD_USE_SHL # include @@ -94,6 +102,10 @@ password_timeout, force_expire, protect_readonly, reserved_port_min, reserved_port_max, copy_to_tmp, quiet_reject; +#ifdef EGG_SSL_EXT +extern int ssl_use; +#endif + extern party_t *party; extern time_t now, online_since; extern tand_t *tandbot; @@ -128,6 +140,10 @@ } #endif /* STATIC */ +#ifdef EGG_SSL_EXT +int net_switch_to_ssl(int); +#endif + /* The null functions */ void null_func() @@ -561,8 +576,13 @@ /* 284 - 287 */ (Function) & quiet_reject, /* int */ (Function) file_readable, +#ifdef EGG_SSL_EXT + (Function) net_switch_to_ssl, /* 286 */ + (Function) &ssl_use, /* 287 kyotou */ +#else (Function) 0, /* IPv6 leftovers: 286 */ (Function) 0, /* IPv6 leftovers: 287 */ +#endif /* 288 - 291 */ (Function) 0, /* IPv6 leftovers: 288 */ (Function) strip_mirc_codes, --- src/net.c 2004-03-27 06:50:00.000000000 +0000 +++ src/net.c 2004-03-27 06:50:00.000000000 +0000 @@ -52,6 +52,18 @@ # endif #endif +#ifdef EGG_SSL_EXT +# ifndef EGG_SSL_INCS +# include +# include +# include +# define EGG_SSL_INCS 1 +# endif +#endif + +#include "net.h" + + extern struct dcc_t *dcc; extern int backgrd, use_stderr, resolve_timeout, dcc_total; extern unsigned long otraffic_irc_today, otraffic_bn_today, otraffic_dcc_today, @@ -64,7 +76,11 @@ int firewallport = 1080; /* Default port of socks 4/5 firewalls. */ char botuser[21] = "eggdrop"; /* Username of the user running the bot. */ int dcc_sanitycheck = 0; /* Do some sanity checking on dcc connections. */ - +#ifdef EGG_SSL_EXT +SSL_CTX *ssl_ctx=NULL; +char *tls_rand_file = NULL; +int ssl_use = 0; +#endif sock_list *socklist = NULL; /* Enough to be safe. */ sigjmp_buf alarmret; /* Env buffer for alarm() returns. */ @@ -87,6 +103,73 @@ return ret; } +#ifdef EGG_SSL_EXT +int seed_PRNG(void) +{ + char stackdata[1024]; + static char rand_file[300]; + FILE *fh; + +#if OPENSSL_VERSION_NUMBER >= 0x00905100 + if (RAND_status()) + return 0; /* PRNG already good seeded */ +#endif + /* if the device '/dev/urandom' is present, OpenSSL uses it by default. + * check if it's present, else we have to make random data ourselfs. + */ + if ((fh = fopen("/dev/urandom", "r"))) { + fclose(fh); + return 0; + } + if (RAND_file_name(rand_file, sizeof(rand_file))) + tls_rand_file = rand_file; + else + return 1; + if (!RAND_load_file(rand_file, 1024)) { + /* no .rnd file found, create new seed */ + unsigned int c; + c = time(NULL); + RAND_seed(&c, sizeof(c)); + c = getpid(); + RAND_seed(&c, sizeof(c)); + RAND_seed(stackdata, sizeof(stackdata)); + } +#if OPENSSL_VERSION_NUMBER >= 0x00905100 + if (!RAND_status()) + return 2; /* PRNG still badly seeded */ +#endif + return 0; +} + +void init_ssl() +{ + int i; + struct threaddata *td = threaddata(); + + for (i = 0; i < td->MAXSOCKS; i++) { + td->socklist[i].ssl = NULL; + } + + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + ssl_ctx=SSL_CTX_new(SSLv23_client_method()); + if (!ssl_ctx) + fatal("SSL_CTX_new() failed",0); + if (seed_PRNG()) + fatal("Wasn't able to properly seed the PRNG!",0); +} + +int clean_ssl() { + if (ssl_ctx) { + SSL_CTX_free(ssl_ctx); + ssl_ctx = NULL; + } + if (tls_rand_file) + RAND_write_file(tls_rand_file); + return 0; +} +#endif + int expmem_net() { int i, tot = 0; @@ -249,6 +332,7 @@ td->socklist[i].handler.sock.outbuflen = 0; td->socklist[i].flags = options; td->socklist[i].sock = sock; + td->socklist[i].ssl = NULL; return i; } } @@ -345,6 +429,13 @@ for (i = 0; i < td->MAXSOCKS; i++) { if ((td->socklist[i].sock == sock) && !(td->socklist[i].flags & SOCK_UNUSED)) { +#ifdef EGG_SSL_EXT + if (td->socklist[i].ssl) { + SSL_shutdown(td->socklist[i].ssl); + SSL_free(td->socklist[i].ssl); + td->socklist[i].ssl = NULL; + } +#endif if (!(td->socklist[i].flags & SOCK_TCL)) { /* nothing to free for tclsocks */ close(td->socklist[i].sock); if (td->socklist[i].handler.sock.inbuf != NULL) { @@ -508,6 +599,65 @@ return sock; } +#ifdef EGG_SSL_EXT +int net_switch_to_ssl(int sock) { +int err; +int i=0; +struct threaddata *td = threaddata(); + + debug0("net_switch_to_ssl()"); + while (i < td->MAXSOCKS) { + if (td->socklist[i].sock==sock) { + break; + } + i++; + } + if (i == td->MAXSOCKS) { + debug0("Error while swithing to SSL - sock not found in list"); + return 0; + } + + if (td->socklist[i].ssl) { + debug0("Error while swithing to SSL - already in ssl"); + return 0; + } + td->socklist[i].ssl = SSL_new(ssl_ctx); + if (!td->socklist[i].ssl) { + debug0("Error while swithing to SSL - SSL_new() error"); + return 0; + } + + SSL_set_fd(td->socklist[i].ssl, td->socklist[i].sock); + err = SSL_connect(td->socklist[i].ssl); + + while (err <= 0) { + int errs; + errs=SSL_get_error(td->socklist[i].ssl,err); + if ((errs!=SSL_ERROR_WANT_READ)&&(errs!=SSL_ERROR_WANT_WRITE)&& + (errs!=SSL_ERROR_WANT_X509_LOOKUP)) { + putlog(LOG_DEBUG,"*", "SSL_connect() = %d, %s", err, + (char *)ERR_error_string(ERR_get_error(), NULL)); + SSL_shutdown(td->socklist[i].ssl); + SSL_free(td->socklist[i].ssl); + td->socklist[i].ssl = NULL; + return 0; + } + usleep(1000); + err = SSL_connect(td->socklist[i].ssl); + } + + if (err==1) { + debug0("SSL_connect() success"); + return 1; + } + debug0("Error while SSL_connect()"); + SSL_shutdown(td->socklist[i].ssl); + SSL_free(td->socklist[i].ssl); + td->socklist[i].ssl = NULL; + return 0; +} +#endif + /* Ordinary non-binary connection attempt */ int open_telnet(char *server, int port) { @@ -715,6 +865,9 @@ for (i = 0; i < slistmax; i++) { if (!tclonly && ((!(slist[i].flags & (SOCK_UNUSED | SOCK_TCL))) && ((FD_ISSET(slist[i].sock, &fdr)) || +#ifdef EGG_SSL_EXT + ((slist[i].ssl)&&(SSL_pending(slist[i].ssl))) || +#endif ((slist[i].sock == STDOUT) && (!backgrd) && (FD_ISSET(STDIN, &fdr)))))) { if (slist[i].flags & (SOCK_LISTEN | SOCK_CONNECT)) { @@ -739,7 +892,33 @@ if ((slist[i].sock == STDOUT) && !backgrd) x = read(STDIN, s, grab); else - x = read(slist[i].sock, s, grab); +#ifdef EGG_SSL_EXT + { + if (slist[i].ssl) { + x = SSL_read(slist[i].ssl, s, grab); + + if (x < 0) { + int err = SSL_get_error(slist[i].ssl, x); + x = -1; + + switch (err) { + case SSL_ERROR_WANT_READ: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_WRITE: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + errno = EAGAIN; + break; + } + } + } else + x = read(slist[i].sock, s, grab); + } +#else + x = read(slist[i].sock, s, grab); +#endif if (x <= 0) { /* eof */ if (errno != EAGAIN) { /* EAGAIN happens when the operation would * block on a non-blocking socket, if the @@ -1046,6 +1225,26 @@ socklist[i].handler.sock.outbuflen += len; return; } +#ifdef EGG_SSL_EXT + if (socklist[i].ssl) { + x=SSL_write(socklist[i].ssl,s,len); + if (x < 0) { + int err = SSL_get_error(socklist[i].ssl, x); + x = -1; + switch (err) { + case SSL_ERROR_WANT_READ: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_WRITE: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + errno = EAGAIN; + break; + } + } + } else +#endif /* Try. */ x = write(z, s, len); if (x == -1) @@ -1113,6 +1312,29 @@ (socklist[i].handler.sock.outbuf != NULL) && (FD_ISSET(socklist[i].sock, &wfds))) { /* Trick tputs into doing the work */ errno = 0; +#ifdef EGG_SSL_EXT + if (socklist[i].ssl) { + x = write(socklist[i].sock, socklist[i].handler.sock.outbuf, + socklist[i].handler.sock.outbuflen); + + if (x < 0) { + int err = SSL_get_error(socklist[i].ssl, x); + x = -1; + + switch (err) { + case SSL_ERROR_WANT_READ: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_WRITE: + errno = EAGAIN; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + errno = EAGAIN; + break; + } + } + } else +#endif x = write(socklist[i].sock, socklist[i].handler.sock.outbuf, socklist[i].handler.sock.outbuflen); if ((x < 0) && (errno != EAGAIN) #ifdef EBADSLT --- src/net.h 1970-01-01 01:00:00.000000000 +0100 +++ src/net.h 2004-03-27 06:50:00.000000000 +0000 @@ -0,0 +1,26 @@ +#ifndef _EGG_NET_H +#define _EGG_NET_H +#ifdef EGG_SSL_EXT +# ifndef EGG_SSL_INCS +# include +# include +# include +# define EGG_SSL_INCS 1 +# endif +#endif + +/* This is used by the net module to keep track of sockets and what's + * queued on them + */ +typedef struct sock_list { + int sock; +#ifdef EGG_SSL_EXT + SSL *ssl; +#endif + short flags; + union { + struct sock_handler sock; + struct tclsock_handler tclsock; + } handler; +} sock_list; +#endif /* _EGG_NET_H */ --- src/patch.h 2004-03-27 06:50:00.000000000 +0000 +++ src/patch.h 2004-03-27 06:50:00.000000000 +0000 @@ -36,7 +36,9 @@ * * */ -/* PATCH GOES HERE */ +#ifdef EGG_SSL_EXT + patch("SSL"); +#endif /* * * --- src/proto.h 2004-03-27 06:50:00.000000000 +0000 +++ src/proto.h 2004-03-27 06:50:00.000000000 +0000 @@ -33,6 +33,7 @@ #include "lush.h" #include "misc_file.h" +#include "net.h" #define dprintf dprintf_eggdrop --- src/tcl.c 2004-03-27 06:50:00.000000000 +0000 +++ src/tcl.c 2004-03-27 06:50:00.000000000 +0000 @@ -44,6 +44,9 @@ extern time_t online_since; +#ifdef EGG_SSL_EXT +extern int ssl_use; +#endif extern char origbotname[], botuser[], motdfile[], admin[], userfile[], firewall[], helpdir[], notify_new[], hostname[], myip[], moddir[], @@ -553,6 +556,9 @@ {"enable-simul", &enable_simul, 0}, /* compat */ {"debug-output", &debug_output, 0}, /* compat */ {"use-console-r", &use_console_r, 0}, /* compat */ +#ifdef EGG_SSL_EXT + {"use-ssl", &ssl_use, 0}, +#endif {NULL, NULL, 0} }; --- src/tclhash.h 2004-03-27 06:50:00.000000000 +0000 +++ src/tclhash.h 2004-03-27 06:50:00.000000000 +0000 @@ -25,6 +25,7 @@ #ifndef _EGG_TCLHASH_H #define _EGG_TCLHASH_H +#include "net.h" #define TC_DELETED 0x0001 /* This command/trigger was deleted. */ --- src/tclmisc.c 2004-03-27 06:50:00.000000000 +0000 +++ src/tclmisc.c 2004-03-27 06:50:00.000000000 +0000 @@ -26,7 +26,12 @@ #include "main.h" #include "modules.h" #include "tandem.h" + +#ifndef EGG_SSL_EXT #include "md5/md5.h" +#else +#include "openssl/md5.h" +#endif #ifdef TIME_WITH_SYS_TIME # include