ssl-bozo.c revision 1.7
1 1.7 mrg /* $NetBSD: ssl-bozo.c,v 1.7 2010/05/10 03:37:45 mrg Exp $ */ 2 1.2 tls 3 1.7 mrg /* $eterna: ssl-bozo.c,v 1.11 2010/05/10 02:51:28 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.7 mrg * Copyright (c) 1997-2010 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this code implements SSL for bozohttpd */ 34 1.1 tls 35 1.7 mrg #include <stdarg.h> 36 1.7 mrg #include <stdio.h> 37 1.7 mrg #include <unistd.h> 38 1.7 mrg 39 1.7 mrg #include "bozohttpd.h" 40 1.7 mrg 41 1.1 tls #ifndef NO_SSL_SUPPORT 42 1.1 tls 43 1.1 tls #include <openssl/ssl.h> 44 1.1 tls #include <openssl/err.h> 45 1.1 tls 46 1.7 mrg #ifndef USE_ARG 47 1.7 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 48 1.7 mrg #endif 49 1.7 mrg 50 1.7 mrg /* this structure encapsulates the ssl info */ 51 1.7 mrg typedef struct sslinfo_t { 52 1.7 mrg SSL_CTX *ssl_context; 53 1.7 mrg const SSL_METHOD *ssl_method; 54 1.7 mrg SSL *bozossl; 55 1.7 mrg char *certificate_file; 56 1.7 mrg char *privatekey_file; 57 1.7 mrg } sslinfo_t; 58 1.7 mrg 59 1.7 mrg static int 60 1.7 mrg bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, ...) 61 1.7 mrg { 62 1.7 mrg sslinfo_t *sslinfo; 63 1.7 mrg va_list ap; 64 1.7 mrg char *buf; 65 1.7 mrg int nbytes; 66 1.7 mrg 67 1.7 mrg sslinfo = httpd->sslinfo; 68 1.7 mrg /* XXX we need more elegant/proper handling of SSL_write return */ 69 1.7 mrg va_start(ap, fmt); 70 1.7 mrg if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) 71 1.7 mrg SSL_write(sslinfo->bozossl, buf, nbytes); 72 1.7 mrg va_end(ap); 73 1.7 mrg 74 1.7 mrg free(buf); 75 1.7 mrg 76 1.7 mrg return nbytes; 77 1.7 mrg } 78 1.7 mrg 79 1.7 mrg static ssize_t 80 1.7 mrg bozo_ssl_read(bozohttpd_t *httpd, int fd, void *buf, size_t nbytes) 81 1.7 mrg { 82 1.7 mrg sslinfo_t *sslinfo; 83 1.7 mrg ssize_t rbytes; 84 1.7 mrg 85 1.7 mrg USE_ARG(fd); 86 1.7 mrg sslinfo = httpd->sslinfo; 87 1.7 mrg /* XXX we need elegant/proper handling of SSL_read return */ 88 1.7 mrg rbytes = (ssize_t)SSL_read(sslinfo->bozossl, buf, (int)nbytes); 89 1.7 mrg if (rbytes < 1) { 90 1.7 mrg if (SSL_get_error(sslinfo->bozossl, rbytes) == 91 1.7 mrg SSL_ERROR_WANT_READ) 92 1.7 mrg bozo_warn(httpd, "SSL_ERROR_WANT_READ"); 93 1.7 mrg else 94 1.7 mrg bozo_warn(httpd, "SSL_ERROR OTHER"); 95 1.7 mrg } 96 1.7 mrg 97 1.7 mrg return rbytes; 98 1.7 mrg } 99 1.7 mrg 100 1.7 mrg static ssize_t 101 1.7 mrg bozo_ssl_write(bozohttpd_t *httpd, int fd, const void *buf, size_t nbytes) 102 1.7 mrg { 103 1.7 mrg sslinfo_t *sslinfo; 104 1.7 mrg ssize_t wbytes; 105 1.7 mrg 106 1.7 mrg USE_ARG(fd); 107 1.7 mrg sslinfo = httpd->sslinfo; 108 1.7 mrg /* XXX we need elegant/proper handling of SSL_write return */ 109 1.7 mrg wbytes = (ssize_t)SSL_write(sslinfo->bozossl, buf, (int)nbytes); 110 1.1 tls 111 1.7 mrg return wbytes; 112 1.7 mrg } 113 1.7 mrg 114 1.7 mrg static int 115 1.7 mrg bozo_ssl_flush(bozohttpd_t *httpd, FILE *fp) 116 1.7 mrg { 117 1.7 mrg USE_ARG(httpd); 118 1.7 mrg USE_ARG(fp); 119 1.7 mrg /* nothing to see here, move right along */ 120 1.7 mrg return 0; 121 1.7 mrg } 122 1.1 tls 123 1.1 tls void 124 1.7 mrg bozo_ssl_init(bozohttpd_t *httpd) 125 1.1 tls { 126 1.7 mrg sslinfo_t *sslinfo; 127 1.7 mrg 128 1.7 mrg sslinfo = httpd->sslinfo; 129 1.7 mrg if (sslinfo == NULL || !sslinfo->certificate_file) 130 1.1 tls return; 131 1.1 tls SSL_library_init(); 132 1.1 tls SSL_load_error_strings(); 133 1.1 tls 134 1.7 mrg sslinfo->ssl_method = SSLv23_server_method(); 135 1.7 mrg sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method); 136 1.1 tls 137 1.1 tls /* XXX we need to learn how to check the SSL stack for more info */ 138 1.7 mrg if (sslinfo->ssl_context == NULL) 139 1.7 mrg bozo_err(httpd, 1, "SSL context initialization failed."); 140 1.1 tls 141 1.7 mrg SSL_CTX_use_certificate_file(sslinfo->ssl_context, 142 1.7 mrg sslinfo->certificate_file, SSL_FILETYPE_PEM); 143 1.7 mrg SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context, 144 1.7 mrg sslinfo->privatekey_file, SSL_FILETYPE_PEM); 145 1.1 tls 146 1.1 tls /* check consistency of key vs certificate */ 147 1.7 mrg if (!SSL_CTX_check_private_key(sslinfo->ssl_context)) 148 1.7 mrg bozo_err(httpd, 1, "check private key failed"); 149 1.1 tls } 150 1.1 tls 151 1.1 tls void 152 1.7 mrg bozo_ssl_accept(bozohttpd_t *httpd) 153 1.1 tls { 154 1.7 mrg sslinfo_t *sslinfo; 155 1.7 mrg 156 1.7 mrg sslinfo = httpd->sslinfo; 157 1.7 mrg if (sslinfo != NULL && sslinfo->ssl_context) { 158 1.7 mrg sslinfo->bozossl = SSL_new(sslinfo->ssl_context); 159 1.7 mrg SSL_set_rfd(sslinfo->bozossl, 0); 160 1.7 mrg SSL_set_wfd(sslinfo->bozossl, 1); 161 1.7 mrg SSL_accept(sslinfo->bozossl); 162 1.1 tls } 163 1.1 tls } 164 1.1 tls 165 1.1 tls void 166 1.7 mrg bozo_ssl_destroy(bozohttpd_t *httpd) 167 1.1 tls { 168 1.7 mrg sslinfo_t *sslinfo; 169 1.7 mrg 170 1.7 mrg sslinfo = httpd->sslinfo; 171 1.7 mrg if (sslinfo && sslinfo->bozossl) 172 1.7 mrg SSL_free(sslinfo->bozossl); 173 1.1 tls } 174 1.1 tls 175 1.1 tls void 176 1.7 mrg bozo_ssl_set_opts(bozohttpd_t *httpd, const char *cert, const char *priv) 177 1.1 tls { 178 1.7 mrg sslinfo_t *sslinfo; 179 1.7 mrg 180 1.7 mrg if ((sslinfo = httpd->sslinfo) == NULL) { 181 1.7 mrg sslinfo = bozomalloc(httpd, sizeof(*sslinfo)); 182 1.7 mrg if (sslinfo == NULL) { 183 1.7 mrg bozo_err(httpd, 1, "sslinfo allocation failed"); 184 1.7 mrg } 185 1.7 mrg httpd->sslinfo = sslinfo; 186 1.7 mrg } 187 1.7 mrg sslinfo->certificate_file = strdup(cert); 188 1.7 mrg sslinfo->privatekey_file = strdup(priv); 189 1.7 mrg debug((httpd, DEBUG_NORMAL, "using cert/priv files: %s & %s", 190 1.7 mrg sslinfo->certificate_file, 191 1.7 mrg sslinfo->privatekey_file)); 192 1.7 mrg if (!httpd->bindport) { 193 1.7 mrg httpd->bindport = strdup("https"); 194 1.7 mrg } 195 1.1 tls } 196 1.1 tls 197 1.7 mrg #endif /* NO_SSL_SUPPORT */ 198 1.7 mrg 199 1.7 mrg int 200 1.7 mrg bozo_printf(bozohttpd_t *httpd, const char *fmt, ...) 201 1.1 tls { 202 1.7 mrg va_list args; 203 1.7 mrg int cc; 204 1.1 tls 205 1.7 mrg va_start(args, fmt); 206 1.7 mrg #ifndef NO_SSL_SUPPORT 207 1.7 mrg if (httpd->sslinfo) { 208 1.7 mrg cc = bozo_ssl_printf(httpd, fmt, args); 209 1.7 mrg va_end(args); 210 1.7 mrg return cc; 211 1.7 mrg } 212 1.7 mrg #endif 213 1.7 mrg cc = vprintf(fmt, args); 214 1.7 mrg va_end(args); 215 1.7 mrg return cc; 216 1.1 tls } 217 1.1 tls 218 1.7 mrg ssize_t 219 1.7 mrg bozo_read(bozohttpd_t *httpd, int fd, void *buf, size_t len) 220 1.1 tls { 221 1.7 mrg #ifndef NO_SSL_SUPPORT 222 1.7 mrg if (httpd->sslinfo) { 223 1.7 mrg return bozo_ssl_read(httpd, fd, buf, len); 224 1.1 tls } 225 1.7 mrg #endif 226 1.7 mrg return read(fd, buf, len); 227 1.1 tls } 228 1.1 tls 229 1.7 mrg ssize_t 230 1.7 mrg bozo_write(bozohttpd_t *httpd, int fd, const void *buf, size_t len) 231 1.1 tls { 232 1.7 mrg #ifndef NO_SSL_SUPPORT 233 1.7 mrg if (httpd->sslinfo) { 234 1.7 mrg return bozo_ssl_write(httpd, fd, buf, len); 235 1.7 mrg } 236 1.7 mrg #endif 237 1.7 mrg return write(fd, buf, len); 238 1.1 tls } 239 1.1 tls 240 1.7 mrg int 241 1.7 mrg bozo_flush(bozohttpd_t *httpd, FILE *fp) 242 1.1 tls { 243 1.7 mrg #ifndef NO_SSL_SUPPORT 244 1.7 mrg if (httpd->sslinfo) { 245 1.7 mrg return bozo_ssl_flush(httpd, fp); 246 1.7 mrg } 247 1.7 mrg #endif 248 1.7 mrg return fflush(fp); 249 1.1 tls } 250
Indexes created Wed Sep 24 05:09:52 GMT 2025