/[cvs]/eggdrop1.9/testcode/sslmode.c
ViewVC logotype

Contents of /eggdrop1.9/testcode/sslmode.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.5 - (show annotations) (download) (as text)
Wed Jun 19 04:51:55 2002 UTC (17 years ago) by stdarg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.4: +41 -41 lines
File MIME type: text/x-chdr
* I think the sockbuf api is almost done

1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <unistd.h>
5 #include <openssl/ssl.h>
6
7 #include "sockbuf.h"
8
9 #define SSLMODE_LEVEL SOCKBUF_LEVEL_ENCRYPTION
10
11 typedef struct {
12 BIO *rbio, *wbio;
13 SSL *ssl;
14 char *old_data;
15 int old_len;
16 } sslmode_t;
17
18 static SSL_CTX *global_ctx;
19 static SSL_METHOD *global_method;
20
21 static void try_read(int idx, sslmode_t *sslinfo)
22 {
23 char buf[4096];
24 int len;
25
26 while ((len = SSL_read(sslinfo->ssl, buf, sizeof(buf))) > 0) {
27 sockbuf_on_read(idx, SSLMODE_LEVEL, buf, len);
28 }
29 }
30
31 static void try_write(int idx, sslmode_t *sslinfo)
32 {
33 char buf[4096];
34 int len;
35
36 while ((len = BIO_read(sslinfo->wbio, buf, sizeof(buf))) > 0) {
37 sockbuf_on_write(idx, SSLMODE_LEVEL, buf, len);
38 }
39 }
40
41 static int sslmode_read(void *client_data, int idx, char *data, int len)
42 {
43 sslmode_t *sslinfo = client_data;
44
45 /* Add this data to the ssl's input bio. */
46 BIO_write(sslinfo->rbio, data, len);
47 try_read(idx, sslinfo);
48
49 /* Check if old data can be written now. */
50 if (sslinfo->old_len) {
51 len = SSL_write(sslinfo->ssl, sslinfo->old_data, sslinfo->old_len);
52 if (len > 0) {
53 free(sslinfo->old_data);
54 sslinfo->old_data = NULL;
55 sslinfo->old_len = 0;
56 }
57 }
58
59 /* Check for new output bytes (like for renegotiation). */
60 try_write(idx, sslinfo);
61
62 return(0);
63 }
64
65 static int sslmode_eof(void *client_data, int idx, int err, const char *errmsg)
66 {
67 sslmode_t *sslinfo = client_data;
68
69 /* Pass on event for now (should clean up structs). */
70 sockbuf_on_eof(idx, SSLMODE_LEVEL, err, errmsg);
71 return(0);
72 }
73
74 static int sslmode_write(void *client_data, int idx, const char *data, int len)
75 {
76 sslmode_t *sslinfo = client_data;
77 char buf[4096];
78 int r;
79
80 r = SSL_write(sslinfo->ssl, data, len);
81 if (r < len) {
82 /* Save the data for later. */
83 /* Maybe the connection isn't negotiated yet. */
84 if (r < 0) r = 0;
85 sslinfo->old_data = (char *)realloc(sslinfo->old_data, sslinfo->old_len + len - r);
86 memcpy(sslinfo->old_data+sslinfo->old_len, data+r, len-r);
87 sslinfo->old_len += (len - r);
88 }
89
90 /* Pass on any output that was produced. */
91 try_write(idx, sslinfo);
92 return(0);
93 }
94
95 static sockbuf_filter_t sslmode_filter = {
96 "ssl-mode",
97 SSLMODE_LEVEL,
98 NULL, sslmode_eof, NULL,
99 sslmode_read, sslmode_write, NULL,
100 NULL, NULL
101 };
102
103 /* client_or_server = 0 for client, 1 for server */
104 int sslmode_on(int idx, int client_or_server)
105 {
106 sslmode_t *sslinfo;
107
108 sslinfo = (sslmode_t *)calloc(1, sizeof(*sslinfo));
109 sslinfo->ssl = SSL_new(global_ctx);
110 sslinfo->rbio = BIO_new(BIO_s_mem());
111 sslinfo->wbio = BIO_new(BIO_s_mem());
112 SSL_set_bio(sslinfo->ssl, sslinfo->rbio, sslinfo->wbio);
113 sockbuf_attach_filter(idx, &sslmode_filter, sslinfo);
114
115 /* Are we client or server? */
116 if (client_or_server) SSL_accept(sslinfo->ssl);
117 else SSL_connect(sslinfo->ssl);
118
119 try_write(idx, sslinfo);
120
121 return(0);
122 }
123
124 int sslmode_off(int idx)
125 {
126 return(0);
127 }
128
129 /* I think I got this prime from ssh code, but I don't remember. */
130 static unsigned char dh512_p[] = {
131 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
132 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
133 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
134 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
135 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
136 0x47,0x74,0xE8,0x33
137 };
138 /* Pretty standard generator. */
139 static unsigned char dh512_g[] = {
140 0x02
141 };
142 static DH *get_dh512(void) {
143 DH *dh=NULL;
144
145 if ((dh=DH_new()) == NULL) return(NULL);
146 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
147 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
148 if ((dh->p == NULL) || (dh->g == NULL))
149 return(NULL);
150 return(dh);
151 }
152
153 int sslmode_init()
154 {
155 DH *dh = NULL;
156
157 SSL_load_error_strings();
158 SSL_library_init();
159 global_method = SSLv23_method();
160 //global_method = SSLv23_client_method();
161 global_ctx = SSL_CTX_new(global_method);
162
163 /* Set up diffie-hellman parameters to use in case the certificate is
164 a DSA key. */
165 dh = get_dh512();
166 SSL_CTX_set_tmp_dh(global_ctx, dh);
167 DH_free(dh);
168 if (SSL_CTX_use_certificate_file(global_ctx, "private/cert.pem", SSL_FILETYPE_PEM) < 1) {
169 printf("Can't load certificate file\n");
170 ERR_print_errors_fp(stderr);
171 }
172 if (SSL_CTX_use_PrivateKey_file(global_ctx, "private/key.pem", SSL_FILETYPE_PEM) < 1) {
173 printf("Can't load private key file\n");
174 ERR_print_errors_fp(stderr);
175 }
176 SSL_CTX_set_verify(global_ctx, SSL_VERIFY_NONE, NULL);
177 return(0);
178 }

webmaster@eggheads.org
ViewVC Help
Powered by ViewVC 1.1.23