/[cvs]/eggdrop1.9/testcode/sslmode.c
ViewVC logotype

Contents of /eggdrop1.9/testcode/sslmode.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (show annotations) (download) (as text)
Sun Mar 3 18:14:14 2002 UTC (17 years, 3 months ago) by stdarg
Branch: MAIN
Changes since 1.3: +2 -1 lines
File MIME type: text/x-chdr
*** empty log message ***

1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <unistd.h>
5 #include <openssl/ssl.h>
6
7 #include "sockbuf.h"
8
9 typedef struct {
10 BIO *rbio, *wbio;
11 SSL *ssl;
12 sockbuf_iobuf_t old;
13 } sslmode_t;
14
15 static SSL_CTX *global_ctx;
16 static SSL_METHOD *global_method;
17
18 static void try_read(int idx, int level, sslmode_t *sslinfo)
19 {
20 sockbuf_iobuf_t my_iobuf;
21 char buf[4096];
22
23 my_iobuf.data = buf;
24 my_iobuf.max = sizeof(buf);
25 while ((my_iobuf.len = SSL_read(sslinfo->ssl, buf, sizeof(buf))) > 0) {
26 sockbuf_filter(idx, SOCKBUF_READ, level, &my_iobuf);
27 }
28 }
29
30 static void try_write(int idx, int level, sslmode_t *sslinfo)
31 {
32 char buf[4096];
33 int len;
34
35 while ((len = BIO_read(sslinfo->wbio, buf, sizeof(buf))) > 0) {
36 sockbuf_write_filter(idx, level, buf, len);
37 }
38 }
39
40 static int sslmode_read(int idx, int event, int level, sockbuf_iobuf_t *new_data, sslmode_t *sslinfo)
41 {
42 int len;
43
44 /* Add this data to the ssl's input bio. */
45 BIO_write(sslinfo->rbio, new_data->data, new_data->len);
46 try_read(idx, level, sslinfo);
47
48 /* Check if old data can be written now. */
49 if (sslinfo->old.len) {
50 len = SSL_write(sslinfo->ssl, sslinfo->old.data, sslinfo->old.len);
51 if (len > 0) {
52 free(sslinfo->old.data);
53 memset(&sslinfo->old, 0, sizeof(sslinfo->old));
54 }
55 }
56
57 /* Check for new output bytes (like for renegotiation). */
58 try_write(idx, level, sslinfo);
59
60 return(0);
61 }
62
63 static int sslmode_eof_and_err(int idx, int event, int level, void *ignore, sslmode_t *sslinfo)
64 {
65 /* Pass on event for now (should clean up structs). */
66 sockbuf_filter(idx, event, level, ignore);
67 return(0);
68 }
69
70 static int sslmode_write(int idx, int event, int level, sockbuf_iobuf_t *data, sslmode_t *sslinfo)
71 {
72 char buf[4096];
73 int r;
74
75 r = SSL_write(sslinfo->ssl, data->data, data->len);
76 if (r < data->len) {
77 /* Save the data for later. */
78 /* Maybe the connection isn't negotiated yet. */
79 if (r < 0) r = 0;
80 sslinfo->old.data = (unsigned char *)realloc(sslinfo->old.data, sslinfo->old.len + data->len - r);
81 memcpy(sslinfo->old.data+sslinfo->old.len, data->data+r, data->len-r);
82 sslinfo->old.len += (data->len - r);
83 sslinfo->old.max = sslinfo->old.len;
84 }
85
86 /* Pass on any output that was produced. */
87 try_write(idx, level, sslinfo);
88 return(0);
89 }
90
91 static sockbuf_event_t sslmode_filter = {
92 (Function) 6,
93 (Function) "ssl-mode",
94 sslmode_read,
95 NULL,
96 sslmode_eof_and_err,
97 sslmode_eof_and_err,
98 NULL,
99 sslmode_write
100 };
101
102 /* client_or_server = 0 for client, 1 for server */
103 int sslmode_on(int idx, int client_or_server)
104 {
105 sslmode_t *sslinfo;
106 int level;
107
108 sslinfo = (sslmode_t *)calloc(sizeof(*sslinfo), 1);
109 sslinfo->ssl = SSL_new(global_ctx);
110 sslinfo->rbio = BIO_new(BIO_s_mem());
111 sslinfo->wbio = BIO_new(BIO_s_mem());
112 SSL_set_bio(sslinfo->ssl, sslinfo->rbio, sslinfo->wbio);
113 level = sockbuf_attach_filter(idx, sslmode_filter, sslinfo);
114
115 /* Are we client or server? */
116 if (client_or_server) SSL_accept(sslinfo->ssl);
117 else SSL_connect(sslinfo->ssl);
118
119 try_write(idx, level-1, sslinfo);
120
121 return(0);
122 }
123
124 int sslmode_off(int idx)
125 {
126 return(0);
127 }
128
129 /* I think I got this prime from ssh code, but I don't remember. */
130 static unsigned char dh512_p[] = {
131 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
132 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
133 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
134 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
135 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
136 0x47,0x74,0xE8,0x33
137 };
138 /* Pretty standard generator. */
139 static unsigned char dh512_g[] = {
140 0x02
141 };
142 static DH *get_dh512(void) {
143 DH *dh=NULL;
144
145 if ((dh=DH_new()) == NULL) return(NULL);
146 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
147 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
148 if ((dh->p == NULL) || (dh->g == NULL))
149 return(NULL);
150 return(dh);
151 }
152
153 int sslmode_init()
154 {
155 DH *dh = NULL;
156
157 SSL_load_error_strings();
158 SSL_library_init();
159 global_method = SSLv23_method();
160 //global_method = SSLv23_client_method();
161 global_ctx = SSL_CTX_new(global_method);
162
163 /* Set up diffie-hellman parameters to use in case the certificate is
164 a DSA key. */
165 dh = get_dh512();
166 SSL_CTX_set_tmp_dh(global_ctx, dh);
167 DH_free(dh);
168 if (SSL_CTX_use_certificate_file(global_ctx, "private/cert.pem", SSL_FILETYPE_PEM) < 1) {
169 printf("Can't load certificate file\n");
170 ERR_print_errors_fp(stderr);
171 }
172 if (SSL_CTX_use_PrivateKey_file(global_ctx, "private/key.pem", SSL_FILETYPE_PEM) < 1) {
173 printf("Can't load private key file\n");
174 ERR_print_errors_fp(stderr);
175 }
176 SSL_CTX_set_verify(global_ctx, SSL_VERIFY_NONE, NULL);
177 return(0);
178 }

webmaster@eggheads.org
ViewVC Help
Powered by ViewVC 1.1.23