ssl.c revision 1.8
1 1.8 christos /* $NetBSD: ssl.c,v 1.8 2019/04/07 00:44:54 christos Exp $ */ 2 1.1 christos 3 1.1 christos /*- 4 1.1 christos * Copyright (c) 1998-2004 Dag-Erling Codan Smrgrav 5 1.1 christos * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg (at) NetBSD.org> 6 1.3 wiz * Copyright (c) 2015 Thomas Klausner <wiz (at) NetBSD.org> 7 1.1 christos * All rights reserved. 8 1.1 christos * 9 1.1 christos * Redistribution and use in source and binary forms, with or without 10 1.1 christos * modification, are permitted provided that the following conditions 11 1.1 christos * are met: 12 1.1 christos * 1. Redistributions of source code must retain the above copyright 13 1.1 christos * notice, this list of conditions and the following disclaimer 14 1.1 christos * in this position and unchanged. 15 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 christos * notice, this list of conditions and the following disclaimer in the 17 1.1 christos * documentation and/or other materials provided with the distribution. 18 1.1 christos * 3. The name of the author may not be used to endorse or promote products 19 1.1 christos * derived from this software without specific prior written permission 20 1.1 christos * 21 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 1.1 christos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 1.1 christos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 1.1 christos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 1.1 christos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 1.1 christos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 1.1 christos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 1.1 christos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 1.1 christos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 1.1 christos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 1.1 christos * 32 1.1 christos * $FreeBSD: common.c,v 1.53 2007/12/19 00:26:36 des Exp $ 33 1.1 christos */ 34 1.1 christos 35 1.1 christos #include <sys/cdefs.h> 36 1.1 christos #ifndef lint 37 1.8 christos __RCSID("$NetBSD: ssl.c,v 1.8 2019/04/07 00:44:54 christos Exp $"); 38 1.1 christos #endif 39 1.1 christos 40 1.1 christos #include <time.h> 41 1.1 christos #include <unistd.h> 42 1.6 christos #include <string.h> 43 1.1 christos #include <fcntl.h> 44 1.1 christos 45 1.1 christos #include <sys/param.h> 46 1.1 christos #include <sys/select.h> 47 1.1 christos #include <sys/uio.h> 48 1.1 christos 49 1.1 christos #include <netinet/tcp.h> 50 1.1 christos #include <netinet/in.h> 51 1.1 christos #include <openssl/crypto.h> 52 1.1 christos #include <openssl/x509.h> 53 1.1 christos #include <openssl/pem.h> 54 1.1 christos #include <openssl/ssl.h> 55 1.1 christos #include <openssl/err.h> 56 1.1 christos 57 1.1 christos #include "ssl.h" 58 1.1 christos 59 1.1 christos extern int quit_time, verbose, ftp_debug; 60 1.1 christos extern FILE *ttyout; 61 1.1 christos 62 1.1 christos struct fetch_connect { 63 1.1 christos int sd; /* file/socket descriptor */ 64 1.1 christos char *buf; /* buffer */ 65 1.1 christos size_t bufsize; /* buffer size */ 66 1.1 christos size_t bufpos; /* position of buffer */ 67 1.1 christos size_t buflen; /* length of buffer contents */ 68 1.1 christos struct { /* data cached after an 69 1.1 christos interrupted read */ 70 1.1 christos char *buf; 71 1.1 christos size_t size; 72 1.1 christos size_t pos; 73 1.1 christos size_t len; 74 1.1 christos } cache; 75 1.1 christos int issock; 76 1.1 christos int iserr; 77 1.1 christos int iseof; 78 1.1 christos SSL *ssl; /* SSL handle */ 79 1.1 christos }; 80 1.1 christos 81 1.1 christos /* 82 1.1 christos * Write a vector to a connection w/ timeout 83 1.1 christos * Note: can modify the iovec. 84 1.1 christos */ 85 1.1 christos static ssize_t 86 1.1 christos fetch_writev(struct fetch_connect *conn, struct iovec *iov, int iovcnt) 87 1.1 christos { 88 1.1 christos struct timeval now, timeout, delta; 89 1.1 christos fd_set writefds; 90 1.1 christos ssize_t len, total; 91 1.8 christos int fd = conn->sd; 92 1.1 christos int r; 93 1.1 christos 94 1.1 christos if (quit_time > 0) { 95 1.1 christos FD_ZERO(&writefds); 96 1.1 christos gettimeofday(&timeout, NULL); 97 1.1 christos timeout.tv_sec += quit_time; 98 1.1 christos } 99 1.1 christos 100 1.1 christos total = 0; 101 1.1 christos while (iovcnt > 0) { 102 1.8 christos while (quit_time > 0 && !FD_ISSET(fd, &writefds)) { 103 1.8 christos FD_SET(fd, &writefds); 104 1.1 christos gettimeofday(&now, NULL); 105 1.1 christos delta.tv_sec = timeout.tv_sec - now.tv_sec; 106 1.1 christos delta.tv_usec = timeout.tv_usec - now.tv_usec; 107 1.1 christos if (delta.tv_usec < 0) { 108 1.1 christos delta.tv_usec += 1000000; 109 1.1 christos delta.tv_sec--; 110 1.1 christos } 111 1.1 christos if (delta.tv_sec < 0) { 112 1.1 christos errno = ETIMEDOUT; 113 1.1 christos return -1; 114 1.1 christos } 115 1.1 christos errno = 0; 116 1.8 christos r = select(fd + 1, NULL, &writefds, NULL, &delta); 117 1.1 christos if (r == -1) { 118 1.1 christos if (errno == EINTR) 119 1.1 christos continue; 120 1.1 christos return -1; 121 1.1 christos } 122 1.1 christos } 123 1.1 christos errno = 0; 124 1.1 christos if (conn->ssl != NULL) 125 1.1 christos len = SSL_write(conn->ssl, iov->iov_base, iov->iov_len); 126 1.1 christos else 127 1.8 christos len = writev(fd, iov, iovcnt); 128 1.1 christos if (len == 0) { 129 1.1 christos /* we consider a short write a failure */ 130 1.1 christos /* XXX perhaps we shouldn't in the SSL case */ 131 1.1 christos errno = EPIPE; 132 1.1 christos return -1; 133 1.1 christos } 134 1.1 christos if (len < 0) { 135 1.8 christos if (errno == EINTR || errno == EAGAIN) 136 1.1 christos continue; 137 1.1 christos return -1; 138 1.1 christos } 139 1.1 christos total += len; 140 1.1 christos while (iovcnt > 0 && len >= (ssize_t)iov->iov_len) { 141 1.1 christos len -= iov->iov_len; 142 1.1 christos iov++; 143 1.1 christos iovcnt--; 144 1.1 christos } 145 1.1 christos if (iovcnt > 0) { 146 1.1 christos iov->iov_len -= len; 147 1.1 christos iov->iov_base = (char *)iov->iov_base + len; 148 1.1 christos } 149 1.1 christos } 150 1.1 christos return total; 151 1.1 christos } 152 1.1 christos 153 1.8 christos static ssize_t 154 1.8 christos fetch_write(const void *str, size_t len, struct fetch_connect *conn) 155 1.1 christos { 156 1.1 christos struct iovec iov[1]; 157 1.1 christos 158 1.1 christos iov[0].iov_base = (char *)__UNCONST(str); 159 1.1 christos iov[0].iov_len = len; 160 1.1 christos return fetch_writev(conn, iov, 1); 161 1.1 christos } 162 1.1 christos 163 1.1 christos /* 164 1.1 christos * Send a formatted line; optionally echo to terminal 165 1.1 christos */ 166 1.1 christos int 167 1.1 christos fetch_printf(struct fetch_connect *conn, const char *fmt, ...) 168 1.1 christos { 169 1.1 christos va_list ap; 170 1.1 christos size_t len; 171 1.1 christos char *msg; 172 1.1 christos int r; 173 1.1 christos 174 1.1 christos va_start(ap, fmt); 175 1.1 christos len = vasprintf(&msg, fmt, ap); 176 1.1 christos va_end(ap); 177 1.1 christos 178 1.1 christos if (msg == NULL) { 179 1.1 christos errno = ENOMEM; 180 1.1 christos return -1; 181 1.1 christos } 182 1.1 christos 183 1.8 christos r = fetch_write(msg, len, conn); 184 1.1 christos free(msg); 185 1.1 christos return r; 186 1.1 christos } 187 1.1 christos 188 1.1 christos int 189 1.1 christos fetch_fileno(struct fetch_connect *conn) 190 1.1 christos { 191 1.1 christos 192 1.1 christos return conn->sd; 193 1.1 christos } 194 1.1 christos 195 1.1 christos int 196 1.1 christos fetch_error(struct fetch_connect *conn) 197 1.1 christos { 198 1.1 christos 199 1.1 christos return conn->iserr; 200 1.1 christos } 201 1.1 christos 202 1.1 christos static void 203 1.1 christos fetch_clearerr(struct fetch_connect *conn) 204 1.1 christos { 205 1.1 christos 206 1.1 christos conn->iserr = 0; 207 1.1 christos } 208 1.1 christos 209 1.1 christos int 210 1.1 christos fetch_flush(struct fetch_connect *conn) 211 1.1 christos { 212 1.1 christos 213 1.1 christos if (conn->issock) { 214 1.8 christos int fd = conn->sd; 215 1.8 christos int v; 216 1.1 christos #ifdef TCP_NOPUSH 217 1.1 christos v = 0; 218 1.8 christos setsockopt(fd, IPPROTO_TCP, TCP_NOPUSH, &v, sizeof(v)); 219 1.1 christos #endif 220 1.1 christos v = 1; 221 1.8 christos setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &v, sizeof(v)); 222 1.1 christos } 223 1.1 christos return 0; 224 1.1 christos } 225 1.1 christos 226 1.1 christos /*ARGSUSED*/ 227 1.1 christos struct fetch_connect * 228 1.1 christos fetch_open(const char *fname, const char *fmode) 229 1.1 christos { 230 1.1 christos struct fetch_connect *conn; 231 1.1 christos int fd; 232 1.1 christos 233 1.1 christos fd = open(fname, O_RDONLY); /* XXX: fmode */ 234 1.1 christos if (fd < 0) 235 1.1 christos return NULL; 236 1.1 christos 237 1.1 christos if ((conn = calloc(1, sizeof(*conn))) == NULL) { 238 1.1 christos close(fd); 239 1.1 christos return NULL; 240 1.1 christos } 241 1.1 christos 242 1.1 christos conn->sd = fd; 243 1.1 christos conn->issock = 0; 244 1.1 christos return conn; 245 1.1 christos } 246 1.1 christos 247 1.1 christos /*ARGSUSED*/ 248 1.1 christos struct fetch_connect * 249 1.1 christos fetch_fdopen(int sd, const char *fmode) 250 1.1 christos { 251 1.1 christos struct fetch_connect *conn; 252 1.2 christos #if defined(SO_NOSIGPIPE) || defined(TCP_NOPUSH) 253 1.1 christos int opt = 1; 254 1.2 christos #endif 255 1.1 christos 256 1.1 christos if ((conn = calloc(1, sizeof(*conn))) == NULL) 257 1.1 christos return NULL; 258 1.1 christos 259 1.1 christos conn->sd = sd; 260 1.1 christos conn->issock = 1; 261 1.1 christos fcntl(sd, F_SETFD, FD_CLOEXEC); 262 1.2 christos #ifdef SO_NOSIGPIPE 263 1.1 christos setsockopt(sd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 264 1.2 christos #endif 265 1.1 christos #ifdef TCP_NOPUSH 266 1.1 christos setsockopt(sd, IPPROTO_TCP, TCP_NOPUSH, &opt, sizeof(opt)); 267 1.1 christos #endif 268 1.1 christos return conn; 269 1.1 christos } 270 1.1 christos 271 1.1 christos int 272 1.1 christos fetch_close(struct fetch_connect *conn) 273 1.1 christos { 274 1.8 christos if (conn == NULL) 275 1.8 christos return 0; 276 1.1 christos 277 1.8 christos fetch_flush(conn); 278 1.8 christos SSL_free(conn->ssl); 279 1.8 christos close(conn->sd); 280 1.8 christos free(conn->cache.buf); 281 1.8 christos free(conn->buf); 282 1.8 christos free(conn); 283 1.8 christos return 0; 284 1.1 christos } 285 1.1 christos 286 1.8 christos #define FETCH_WRITE_WAIT -3 287 1.1 christos #define FETCH_READ_WAIT -2 288 1.1 christos #define FETCH_READ_ERROR -1 289 1.1 christos 290 1.1 christos static ssize_t 291 1.1 christos fetch_ssl_read(SSL *ssl, void *buf, size_t len) 292 1.1 christos { 293 1.1 christos ssize_t rlen; 294 1.8 christos rlen = SSL_read(ssl, buf, len); 295 1.8 christos if (rlen >= 0) 296 1.8 christos return rlen; 297 1.1 christos 298 1.8 christos switch (SSL_get_error(ssl, rlen)) { 299 1.8 christos case SSL_ERROR_WANT_READ: 300 1.8 christos return FETCH_READ_WAIT; 301 1.8 christos case SSL_ERROR_WANT_WRITE: 302 1.8 christos return FETCH_WRITE_WAIT; 303 1.8 christos default: 304 1.1 christos ERR_print_errors_fp(ttyout); 305 1.1 christos return FETCH_READ_ERROR; 306 1.1 christos } 307 1.1 christos } 308 1.1 christos 309 1.1 christos static ssize_t 310 1.1 christos fetch_nonssl_read(int sd, void *buf, size_t len) 311 1.1 christos { 312 1.1 christos ssize_t rlen; 313 1.1 christos 314 1.1 christos rlen = read(sd, buf, len); 315 1.8 christos if (rlen == -1) { 316 1.1 christos if (errno == EAGAIN || errno == EINTR) 317 1.1 christos return FETCH_READ_WAIT; 318 1.1 christos return FETCH_READ_ERROR; 319 1.1 christos } 320 1.1 christos return rlen; 321 1.1 christos } 322 1.1 christos 323 1.1 christos /* 324 1.1 christos * Cache some data that was read from a socket but cannot be immediately 325 1.1 christos * returned because of an interrupted system call. 326 1.1 christos */ 327 1.1 christos static int 328 1.1 christos fetch_cache_data(struct fetch_connect *conn, char *src, size_t nbytes) 329 1.1 christos { 330 1.1 christos 331 1.1 christos if (conn->cache.size < nbytes) { 332 1.1 christos char *tmp = realloc(conn->cache.buf, nbytes); 333 1.1 christos if (tmp == NULL) 334 1.1 christos return -1; 335 1.1 christos 336 1.1 christos conn->cache.buf = tmp; 337 1.1 christos conn->cache.size = nbytes; 338 1.1 christos } 339 1.1 christos 340 1.1 christos memcpy(conn->cache.buf, src, nbytes); 341 1.1 christos conn->cache.len = nbytes; 342 1.1 christos conn->cache.pos = 0; 343 1.1 christos return 0; 344 1.1 christos } 345 1.1 christos 346 1.8 christos static int 347 1.8 christos fetch_wait(struct fetch_connect *conn, ssize_t rlen, struct timeval *timeout) 348 1.8 christos { 349 1.8 christos struct timeval now, delta; 350 1.8 christos int fd = conn->sd; 351 1.8 christos fd_set fds; 352 1.8 christos 353 1.8 christos FD_ZERO(&fds); 354 1.8 christos while (!FD_ISSET(fd, &fds)) { 355 1.8 christos FD_SET(fd, &fds); 356 1.8 christos if (quit_time > 0) { 357 1.8 christos gettimeofday(&now, NULL); 358 1.8 christos if (!timercmp(timeout, &now, >)) { 359 1.8 christos conn->iserr = ETIMEDOUT; 360 1.8 christos return -1; 361 1.8 christos } 362 1.8 christos timersub(timeout, &now, &delta); 363 1.8 christos } 364 1.8 christos errno = 0; 365 1.8 christos if (select(fd + 1, 366 1.8 christos rlen == FETCH_READ_WAIT ? &fds : NULL, 367 1.8 christos rlen == FETCH_WRITE_WAIT ? &fds : NULL, 368 1.8 christos NULL, quit_time > 0 ? &delta : NULL) < 0) { 369 1.8 christos if (errno == EINTR) 370 1.8 christos continue; 371 1.8 christos conn->iserr = errno; 372 1.8 christos return -1; 373 1.8 christos } 374 1.8 christos } 375 1.8 christos return 0; 376 1.8 christos } 377 1.8 christos 378 1.7 christos size_t 379 1.1 christos fetch_read(void *ptr, size_t size, size_t nmemb, struct fetch_connect *conn) 380 1.1 christos { 381 1.1 christos ssize_t rlen, total; 382 1.1 christos size_t len; 383 1.1 christos char *start, *buf; 384 1.8 christos struct timeval timeout; 385 1.1 christos 386 1.1 christos if (quit_time > 0) { 387 1.1 christos gettimeofday(&timeout, NULL); 388 1.1 christos timeout.tv_sec += quit_time; 389 1.1 christos } 390 1.1 christos 391 1.1 christos total = 0; 392 1.1 christos start = buf = ptr; 393 1.1 christos len = size * nmemb; 394 1.1 christos 395 1.1 christos if (conn->cache.len > 0) { 396 1.1 christos /* 397 1.1 christos * The last invocation of fetch_read was interrupted by a 398 1.1 christos * signal after some data had been read from the socket. Copy 399 1.1 christos * the cached data into the supplied buffer before trying to 400 1.1 christos * read from the socket again. 401 1.1 christos */ 402 1.1 christos total = (conn->cache.len < len) ? conn->cache.len : len; 403 1.1 christos memcpy(buf, conn->cache.buf, total); 404 1.1 christos 405 1.1 christos conn->cache.len -= total; 406 1.1 christos conn->cache.pos += total; 407 1.1 christos len -= total; 408 1.1 christos buf += total; 409 1.1 christos } 410 1.1 christos 411 1.1 christos while (len > 0) { 412 1.1 christos /* 413 1.1 christos * The socket is non-blocking. Instead of the canonical 414 1.1 christos * select() -> read(), we do the following: 415 1.1 christos * 416 1.1 christos * 1) call read() or SSL_read(). 417 1.1 christos * 2) if an error occurred, return -1. 418 1.1 christos * 3) if we received data but we still expect more, 419 1.1 christos * update our counters and loop. 420 1.1 christos * 4) if read() or SSL_read() signaled EOF, return. 421 1.1 christos * 5) if we did not receive any data but we're not at EOF, 422 1.1 christos * call select(). 423 1.1 christos * 424 1.1 christos * In the SSL case, this is necessary because if we 425 1.1 christos * receive a close notification, we have to call 426 1.1 christos * SSL_read() one additional time after we've read 427 1.1 christos * everything we received. 428 1.1 christos * 429 1.1 christos * In the non-SSL case, it may improve performance (very 430 1.1 christos * slightly) when reading small amounts of data. 431 1.1 christos */ 432 1.1 christos if (conn->ssl != NULL) 433 1.1 christos rlen = fetch_ssl_read(conn->ssl, buf, len); 434 1.1 christos else 435 1.1 christos rlen = fetch_nonssl_read(conn->sd, buf, len); 436 1.8 christos switch (rlen) { 437 1.8 christos case 0: 438 1.7 christos conn->iseof = 1; 439 1.8 christos return total; 440 1.8 christos case FETCH_READ_ERROR: 441 1.7 christos conn->iserr = errno; 442 1.1 christos if (errno == EINTR) 443 1.1 christos fetch_cache_data(conn, start, total); 444 1.7 christos return 0; 445 1.8 christos case FETCH_READ_WAIT: 446 1.8 christos case FETCH_WRITE_WAIT: 447 1.8 christos if (fetch_wait(conn, rlen, &timeout) == -1) 448 1.7 christos return 0; 449 1.8 christos break; 450 1.8 christos default: 451 1.8 christos len -= rlen; 452 1.8 christos buf += rlen; 453 1.8 christos total += rlen; 454 1.8 christos break; 455 1.1 christos } 456 1.1 christos } 457 1.1 christos return total; 458 1.1 christos } 459 1.1 christos 460 1.1 christos #define MIN_BUF_SIZE 1024 461 1.1 christos 462 1.1 christos /* 463 1.1 christos * Read a line of text from a connection w/ timeout 464 1.1 christos */ 465 1.1 christos char * 466 1.1 christos fetch_getln(char *str, int size, struct fetch_connect *conn) 467 1.1 christos { 468 1.1 christos size_t tmpsize; 469 1.7 christos size_t len; 470 1.1 christos char c; 471 1.1 christos 472 1.1 christos if (conn->buf == NULL) { 473 1.1 christos if ((conn->buf = malloc(MIN_BUF_SIZE)) == NULL) { 474 1.1 christos errno = ENOMEM; 475 1.1 christos conn->iserr = 1; 476 1.1 christos return NULL; 477 1.1 christos } 478 1.1 christos conn->bufsize = MIN_BUF_SIZE; 479 1.1 christos } 480 1.1 christos 481 1.1 christos if (conn->iserr || conn->iseof) 482 1.1 christos return NULL; 483 1.1 christos 484 1.1 christos if (conn->buflen - conn->bufpos > 0) 485 1.1 christos goto done; 486 1.1 christos 487 1.1 christos conn->buf[0] = '\0'; 488 1.1 christos conn->bufpos = 0; 489 1.1 christos conn->buflen = 0; 490 1.1 christos do { 491 1.1 christos len = fetch_read(&c, sizeof(c), 1, conn); 492 1.1 christos if (len == 0) { 493 1.7 christos if (conn->iserr) 494 1.7 christos return NULL; 495 1.7 christos if (conn->iseof) 496 1.7 christos break; 497 1.7 christos abort(); 498 1.1 christos } 499 1.1 christos conn->buf[conn->buflen++] = c; 500 1.1 christos if (conn->buflen == conn->bufsize) { 501 1.1 christos char *tmp = conn->buf; 502 1.1 christos tmpsize = conn->bufsize * 2 + 1; 503 1.1 christos if ((tmp = realloc(tmp, tmpsize)) == NULL) { 504 1.1 christos errno = ENOMEM; 505 1.1 christos conn->iserr = 1; 506 1.1 christos return NULL; 507 1.1 christos } 508 1.1 christos conn->buf = tmp; 509 1.1 christos conn->bufsize = tmpsize; 510 1.1 christos } 511 1.1 christos } while (c != '\n'); 512 1.1 christos 513 1.1 christos if (conn->buflen == 0) 514 1.1 christos return NULL; 515 1.1 christos done: 516 1.1 christos tmpsize = MIN(size - 1, (int)(conn->buflen - conn->bufpos)); 517 1.1 christos memcpy(str, conn->buf + conn->bufpos, tmpsize); 518 1.1 christos str[tmpsize] = '\0'; 519 1.1 christos conn->bufpos += tmpsize; 520 1.1 christos return str; 521 1.1 christos } 522 1.1 christos 523 1.1 christos int 524 1.1 christos fetch_getline(struct fetch_connect *conn, char *buf, size_t buflen, 525 1.1 christos const char **errormsg) 526 1.1 christos { 527 1.1 christos size_t len; 528 1.1 christos int rv; 529 1.1 christos 530 1.1 christos if (fetch_getln(buf, buflen, conn) == NULL) { 531 1.1 christos if (conn->iseof) { /* EOF */ 532 1.1 christos rv = -2; 533 1.1 christos if (errormsg) 534 1.1 christos *errormsg = "\nEOF received"; 535 1.1 christos } else { /* error */ 536 1.1 christos rv = -1; 537 1.1 christos if (errormsg) 538 1.1 christos *errormsg = "Error encountered"; 539 1.1 christos } 540 1.1 christos fetch_clearerr(conn); 541 1.1 christos return rv; 542 1.1 christos } 543 1.1 christos len = strlen(buf); 544 1.1 christos if (buf[len - 1] == '\n') { /* clear any trailing newline */ 545 1.1 christos buf[--len] = '\0'; 546 1.1 christos } else if (len == buflen - 1) { /* line too long */ 547 1.1 christos while (1) { 548 1.1 christos char c; 549 1.7 christos size_t rlen = fetch_read(&c, sizeof(c), 1, conn); 550 1.7 christos if (rlen == 0 || c == '\n') 551 1.1 christos break; 552 1.1 christos } 553 1.1 christos if (errormsg) 554 1.1 christos *errormsg = "Input line is too long"; 555 1.1 christos fetch_clearerr(conn); 556 1.1 christos return -3; 557 1.1 christos } 558 1.1 christos if (errormsg) 559 1.1 christos *errormsg = NULL; 560 1.1 christos return len; 561 1.1 christos } 562 1.1 christos 563 1.1 christos void * 564 1.3 wiz fetch_start_ssl(int sock, const char *servername) 565 1.1 christos { 566 1.1 christos SSL *ssl; 567 1.1 christos SSL_CTX *ctx; 568 1.1 christos int ret, ssl_err; 569 1.1 christos 570 1.1 christos /* Init the SSL library and context */ 571 1.1 christos if (!SSL_library_init()){ 572 1.1 christos fprintf(ttyout, "SSL library init failed\n"); 573 1.1 christos return NULL; 574 1.1 christos } 575 1.1 christos 576 1.1 christos SSL_load_error_strings(); 577 1.1 christos 578 1.1 christos ctx = SSL_CTX_new(SSLv23_client_method()); 579 1.1 christos SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); 580 1.1 christos 581 1.1 christos ssl = SSL_new(ctx); 582 1.1 christos if (ssl == NULL){ 583 1.1 christos fprintf(ttyout, "SSL context creation failed\n"); 584 1.1 christos SSL_CTX_free(ctx); 585 1.1 christos return NULL; 586 1.1 christos } 587 1.1 christos SSL_set_fd(ssl, sock); 588 1.5 joerg if (!SSL_set_tlsext_host_name(ssl, __UNCONST(servername))) { 589 1.4 wiz fprintf(ttyout, "SSL hostname setting failed\n"); 590 1.4 wiz SSL_CTX_free(ctx); 591 1.4 wiz return NULL; 592 1.3 wiz } 593 1.1 christos while ((ret = SSL_connect(ssl)) == -1) { 594 1.1 christos ssl_err = SSL_get_error(ssl, ret); 595 1.1 christos if (ssl_err != SSL_ERROR_WANT_READ && 596 1.1 christos ssl_err != SSL_ERROR_WANT_WRITE) { 597 1.1 christos ERR_print_errors_fp(ttyout); 598 1.1 christos SSL_free(ssl); 599 1.1 christos return NULL; 600 1.1 christos } 601 1.1 christos } 602 1.1 christos 603 1.1 christos if (ftp_debug && verbose) { 604 1.1 christos X509 *cert; 605 1.1 christos X509_NAME *name; 606 1.1 christos char *str; 607 1.1 christos 608 1.1 christos fprintf(ttyout, "SSL connection established using %s\n", 609 1.1 christos SSL_get_cipher(ssl)); 610 1.1 christos cert = SSL_get_peer_certificate(ssl); 611 1.1 christos name = X509_get_subject_name(cert); 612 1.1 christos str = X509_NAME_oneline(name, 0, 0); 613 1.1 christos fprintf(ttyout, "Certificate subject: %s\n", str); 614 1.1 christos free(str); 615 1.1 christos name = X509_get_issuer_name(cert); 616 1.1 christos str = X509_NAME_oneline(name, 0, 0); 617 1.1 christos fprintf(ttyout, "Certificate issuer: %s\n", str); 618 1.1 christos free(str); 619 1.1 christos } 620 1.1 christos 621 1.1 christos return ssl; 622 1.1 christos } 623 1.1 christos 624 1.1 christos 625 1.1 christos void 626 1.1 christos fetch_set_ssl(struct fetch_connect *conn, void *ssl) 627 1.1 christos { 628 1.1 christos conn->ssl = ssl; 629 1.1 christos } 630
Indexes created Wed Sep 24 15:09:51 GMT 2025