ssl-bozo.c revision 1.1.1.4
1 1.1.1.4 mrg /* $eterna: ssl-bozo.c,v 1.11 2010/05/10 02:51:28 mrg Exp $ */ 2 1.1 tls 3 1.1 tls /* 4 1.1.1.4 mrg * Copyright (c) 1997-2010 Matthew R. Green 5 1.1 tls * All rights reserved. 6 1.1 tls * 7 1.1 tls * Redistribution and use in source and binary forms, with or without 8 1.1 tls * modification, are permitted provided that the following conditions 9 1.1 tls * are met: 10 1.1 tls * 1. Redistributions of source code must retain the above copyright 11 1.1 tls * notice, this list of conditions and the following disclaimer. 12 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer and 14 1.1 tls * dedication in the documentation and/or other materials provided 15 1.1 tls * with the distribution. 16 1.1 tls * 17 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 22 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 1.1 tls * SUCH DAMAGE. 28 1.1 tls * 29 1.1 tls */ 30 1.1 tls 31 1.1 tls /* this code implements SSL for bozohttpd */ 32 1.1 tls 33 1.1.1.4 mrg #include <stdarg.h> 34 1.1.1.4 mrg #include <stdio.h> 35 1.1 tls #include <unistd.h> 36 1.1 tls 37 1.1.1.4 mrg #include "bozohttpd.h" 38 1.1.1.4 mrg 39 1.1.1.4 mrg #ifndef NO_SSL_SUPPORT 40 1.1.1.4 mrg 41 1.1 tls #include <openssl/ssl.h> 42 1.1 tls #include <openssl/err.h> 43 1.1 tls 44 1.1.1.4 mrg #ifndef USE_ARG 45 1.1.1.4 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 46 1.1.1.4 mrg #endif 47 1.1.1.4 mrg 48 1.1.1.4 mrg /* this structure encapsulates the ssl info */ 49 1.1.1.4 mrg typedef struct sslinfo_t { 50 1.1.1.4 mrg SSL_CTX *ssl_context; 51 1.1.1.4 mrg const SSL_METHOD *ssl_method; 52 1.1.1.4 mrg SSL *bozossl; 53 1.1.1.4 mrg char *certificate_file; 54 1.1.1.4 mrg char *privatekey_file; 55 1.1.1.4 mrg } sslinfo_t; 56 1.1.1.4 mrg 57 1.1.1.4 mrg static int 58 1.1.1.4 mrg bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, ...) 59 1.1.1.4 mrg { 60 1.1.1.4 mrg sslinfo_t *sslinfo; 61 1.1.1.4 mrg va_list ap; 62 1.1.1.4 mrg char *buf; 63 1.1.1.4 mrg int nbytes; 64 1.1.1.4 mrg 65 1.1.1.4 mrg sslinfo = httpd->sslinfo; 66 1.1.1.4 mrg /* XXX we need more elegant/proper handling of SSL_write return */ 67 1.1.1.4 mrg va_start(ap, fmt); 68 1.1.1.4 mrg if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) 69 1.1.1.4 mrg SSL_write(sslinfo->bozossl, buf, nbytes); 70 1.1.1.4 mrg va_end(ap); 71 1.1.1.4 mrg 72 1.1.1.4 mrg free(buf); 73 1.1.1.4 mrg 74 1.1.1.4 mrg return nbytes; 75 1.1.1.4 mrg } 76 1.1.1.4 mrg 77 1.1.1.4 mrg static ssize_t 78 1.1.1.4 mrg bozo_ssl_read(bozohttpd_t *httpd, int fd, void *buf, size_t nbytes) 79 1.1.1.4 mrg { 80 1.1.1.4 mrg sslinfo_t *sslinfo; 81 1.1.1.4 mrg ssize_t rbytes; 82 1.1.1.4 mrg 83 1.1.1.4 mrg USE_ARG(fd); 84 1.1.1.4 mrg sslinfo = httpd->sslinfo; 85 1.1.1.4 mrg /* XXX we need elegant/proper handling of SSL_read return */ 86 1.1.1.4 mrg rbytes = (ssize_t)SSL_read(sslinfo->bozossl, buf, (int)nbytes); 87 1.1.1.4 mrg if (rbytes < 1) { 88 1.1.1.4 mrg if (SSL_get_error(sslinfo->bozossl, rbytes) == 89 1.1.1.4 mrg SSL_ERROR_WANT_READ) 90 1.1.1.4 mrg bozo_warn(httpd, "SSL_ERROR_WANT_READ"); 91 1.1.1.4 mrg else 92 1.1.1.4 mrg bozo_warn(httpd, "SSL_ERROR OTHER"); 93 1.1.1.4 mrg } 94 1.1.1.4 mrg 95 1.1.1.4 mrg return rbytes; 96 1.1.1.4 mrg } 97 1.1.1.4 mrg 98 1.1.1.4 mrg static ssize_t 99 1.1.1.4 mrg bozo_ssl_write(bozohttpd_t *httpd, int fd, const void *buf, size_t nbytes) 100 1.1.1.4 mrg { 101 1.1.1.4 mrg sslinfo_t *sslinfo; 102 1.1.1.4 mrg ssize_t wbytes; 103 1.1 tls 104 1.1.1.4 mrg USE_ARG(fd); 105 1.1.1.4 mrg sslinfo = httpd->sslinfo; 106 1.1.1.4 mrg /* XXX we need elegant/proper handling of SSL_write return */ 107 1.1.1.4 mrg wbytes = (ssize_t)SSL_write(sslinfo->bozossl, buf, (int)nbytes); 108 1.1.1.4 mrg 109 1.1.1.4 mrg return wbytes; 110 1.1.1.4 mrg } 111 1.1.1.4 mrg 112 1.1.1.4 mrg static int 113 1.1.1.4 mrg bozo_ssl_flush(bozohttpd_t *httpd, FILE *fp) 114 1.1.1.4 mrg { 115 1.1.1.4 mrg USE_ARG(httpd); 116 1.1.1.4 mrg USE_ARG(fp); 117 1.1.1.4 mrg /* nothing to see here, move right along */ 118 1.1.1.4 mrg return 0; 119 1.1.1.4 mrg } 120 1.1 tls 121 1.1 tls void 122 1.1.1.4 mrg bozo_ssl_init(bozohttpd_t *httpd) 123 1.1 tls { 124 1.1.1.4 mrg sslinfo_t *sslinfo; 125 1.1.1.4 mrg 126 1.1.1.4 mrg sslinfo = httpd->sslinfo; 127 1.1.1.4 mrg if (sslinfo == NULL || !sslinfo->certificate_file) 128 1.1 tls return; 129 1.1 tls SSL_library_init(); 130 1.1 tls SSL_load_error_strings(); 131 1.1 tls 132 1.1.1.4 mrg sslinfo->ssl_method = SSLv23_server_method(); 133 1.1.1.4 mrg sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method); 134 1.1 tls 135 1.1 tls /* XXX we need to learn how to check the SSL stack for more info */ 136 1.1.1.4 mrg if (sslinfo->ssl_context == NULL) 137 1.1.1.4 mrg bozo_err(httpd, 1, "SSL context initialization failed."); 138 1.1 tls 139 1.1.1.4 mrg SSL_CTX_use_certificate_file(sslinfo->ssl_context, 140 1.1.1.4 mrg sslinfo->certificate_file, SSL_FILETYPE_PEM); 141 1.1.1.4 mrg SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context, 142 1.1.1.4 mrg sslinfo->privatekey_file, SSL_FILETYPE_PEM); 143 1.1 tls 144 1.1 tls /* check consistency of key vs certificate */ 145 1.1.1.4 mrg if (!SSL_CTX_check_private_key(sslinfo->ssl_context)) 146 1.1.1.4 mrg bozo_err(httpd, 1, "check private key failed"); 147 1.1 tls } 148 1.1 tls 149 1.1 tls void 150 1.1.1.4 mrg bozo_ssl_accept(bozohttpd_t *httpd) 151 1.1 tls { 152 1.1.1.4 mrg sslinfo_t *sslinfo; 153 1.1.1.4 mrg 154 1.1.1.4 mrg sslinfo = httpd->sslinfo; 155 1.1.1.4 mrg if (sslinfo != NULL && sslinfo->ssl_context) { 156 1.1.1.4 mrg sslinfo->bozossl = SSL_new(sslinfo->ssl_context); 157 1.1.1.4 mrg SSL_set_rfd(sslinfo->bozossl, 0); 158 1.1.1.4 mrg SSL_set_wfd(sslinfo->bozossl, 1); 159 1.1.1.4 mrg SSL_accept(sslinfo->bozossl); 160 1.1 tls } 161 1.1 tls } 162 1.1 tls 163 1.1 tls void 164 1.1.1.4 mrg bozo_ssl_destroy(bozohttpd_t *httpd) 165 1.1 tls { 166 1.1.1.4 mrg sslinfo_t *sslinfo; 167 1.1.1.4 mrg 168 1.1.1.4 mrg sslinfo = httpd->sslinfo; 169 1.1.1.4 mrg if (sslinfo && sslinfo->bozossl) 170 1.1.1.4 mrg SSL_free(sslinfo->bozossl); 171 1.1 tls } 172 1.1 tls 173 1.1 tls void 174 1.1.1.4 mrg bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv) 175 1.1 tls { 176 1.1.1.4 mrg sslinfo_t *sslinfo; 177 1.1.1.4 mrg 178 1.1.1.4 mrg if ((sslinfo = httpd->sslinfo) == NULL) { 179 1.1.1.4 mrg sslinfo = bozomalloc(httpd, sizeof(*sslinfo)); 180 1.1.1.4 mrg if (sslinfo == NULL) { 181 1.1.1.4 mrg bozo_err(httpd, 1, "sslinfo allocation failed"); 182 1.1.1.4 mrg } 183 1.1.1.4 mrg httpd->sslinfo = sslinfo; 184 1.1.1.4 mrg } 185 1.1.1.4 mrg sslinfo->certificate_file = strdup(cert); 186 1.1.1.4 mrg sslinfo->privatekey_file = strdup(priv); 187 1.1.1.4 mrg debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s", 188 1.1.1.4 mrg sslinfo->certificate_file, 189 1.1.1.4 mrg sslinfo->privatekey_file)); 190 1.1.1.4 mrg if (!httpd->bindport) { 191 1.1.1.4 mrg httpd->bindport = strdup("https"); 192 1.1.1.4 mrg } 193 1.1 tls } 194 1.1 tls 195 1.1.1.4 mrg #endif /* NO_SSL_SUPPORT */ 196 1.1 tls 197 1.1.1.4 mrg int 198 1.1.1.4 mrg bozo_printf(bozohttpd_t *httpd, const char *fmt, ...) 199 1.1.1.4 mrg { 200 1.1.1.4 mrg va_list args; 201 1.1.1.4 mrg int cc; 202 1.1 tls 203 1.1.1.4 mrg va_start(args, fmt); 204 1.1.1.4 mrg #ifndef NO_SSL_SUPPORT 205 1.1.1.4 mrg if (httpd->sslinfo) { 206 1.1.1.4 mrg cc = bozo_ssl_printf(httpd, fmt, args); 207 1.1.1.4 mrg va_end(args); 208 1.1.1.4 mrg return cc; 209 1.1.1.4 mrg } 210 1.1.1.4 mrg #endif 211 1.1.1.4 mrg cc = vprintf(fmt, args); 212 1.1.1.4 mrg va_end(args); 213 1.1.1.4 mrg return cc; 214 1.1 tls } 215 1.1 tls 216 1.1.1.4 mrg ssize_t 217 1.1.1.4 mrg bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len) 218 1.1 tls { 219 1.1.1.4 mrg #ifndef NO_SSL_SUPPORT 220 1.1.1.4 mrg if (httpd->sslinfo) { 221 1.1.1.4 mrg return bozo_ssl_read(httpd, fd, buf, len); 222 1.1 tls } 223 1.1.1.4 mrg #endif 224 1.1.1.4 mrg return read(fd, buf, len); 225 1.1 tls } 226 1.1 tls 227 1.1.1.4 mrg ssize_t 228 1.1.1.4 mrg bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len) 229 1.1 tls { 230 1.1.1.4 mrg #ifndef NO_SSL_SUPPORT 231 1.1.1.4 mrg if (httpd->sslinfo) { 232 1.1.1.4 mrg return bozo_ssl_write(httpd, fd, buf, len); 233 1.1.1.4 mrg } 234 1.1.1.4 mrg #endif 235 1.1.1.4 mrg return write(fd, buf, len); 236 1.1 tls } 237 1.1 tls 238 1.1.1.4 mrg int 239 1.1.1.4 mrg bozo_flush(bozohttpd_t *httpd, FILE *fp) 240 1.1 tls { 241 1.1.1.4 mrg #ifndef NO_SSL_SUPPORT 242 1.1.1.4 mrg if (httpd->sslinfo) { 243 1.1.1.4 mrg return bozo_ssl_flush(httpd, fp); 244 1.1.1.4 mrg } 245 1.1.1.4 mrg #endif 246 1.1.1.4 mrg return fflush(fp); 247 1.1 tls } 248
Indexes created Thu Oct 02 14:10:14 GMT 2025