From 159d901e7132eddbe22d4855ec4be440b1caab7c Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Fri, 16 Sep 2016 11:17:29 +0000 Subject: [PATCH] MbedTLS & OpenSSL: Purely cosmetic changes. This further reduces the diff between the backends. It does not change any of the logic in either backend. --- libratbox/src/mbedtls.c | 33 ++++++++++++--------------- libratbox/src/openssl.c | 49 ++++++++++++++++++++--------------------- 2 files changed, 38 insertions(+), 44 deletions(-) diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c index e15c38c3..81c42e2b 100644 --- a/libratbox/src/mbedtls.c +++ b/libratbox/src/mbedtls.c @@ -22,7 +22,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id$ */ #include @@ -259,7 +258,7 @@ rb_ssl_accept_common(rb_fde_t *const F, void *const data) } static void -rb_ssl_tryconn_cb(rb_fde_t *const F, void *const data) +rb_ssl_connect_common(rb_fde_t *const F, void *const data) { lrb_assert(F != NULL); lrb_assert(F->ssl != NULL); @@ -272,10 +271,10 @@ rb_ssl_tryconn_cb(rb_fde_t *const F, void *const data) F->handshake_count++; break; case MBEDTLS_ERR_SSL_WANT_READ: - rb_setselect(F, RB_SELECT_READ, rb_ssl_tryconn_cb, data); + rb_setselect(F, RB_SELECT_READ, rb_ssl_connect_common, data); return; case MBEDTLS_ERR_SSL_WANT_WRITE: - rb_setselect(F, RB_SELECT_WRITE, rb_ssl_tryconn_cb, data); + rb_setselect(F, RB_SELECT_WRITE, rb_ssl_connect_common, data); return; default: errno = EIO; @@ -559,17 +558,14 @@ rb_get_ssl_certfp(rb_fde_t *const F, uint8_t certfp[const RB_SSL_CERTFP_LEN], co } const mbedtls_x509_crt *const peer_cert = mbedtls_ssl_get_peer_cert(SSL_P(F)); - if(peer_cert == NULL) return 0; const mbedtls_md_info_t *const md_info = mbedtls_md_info_from_type(md_type); - if(md_info == NULL) return 0; int ret; - if((ret = mbedtls_md(md_info, peer_cert->raw.p, peer_cert->raw.len, certfp)) != 0) { rb_lib_log("%s: mbedtls_md: %s", __func__, rb_ssl_strerror(ret)); @@ -662,7 +658,6 @@ rb_ssl_write(rb_fde_t *const F, const void *const buf, const size_t count) /* * Internal library-agnostic code - * Mostly copied from the OpenSSL backend, with some optimisations and complete const-correctness */ static void @@ -672,6 +667,7 @@ rb_ssl_connect_realcb(rb_fde_t *const F, const int status, struct ssl_connect *c F->connect->callback = sconn->callback; F->connect->data = sconn->data; + rb_connect_callback(F, status); rb_free(sconn); } @@ -696,19 +692,19 @@ rb_ssl_tryconn(rb_fde_t *const F, const int status, void *const data) { lrb_assert(F != NULL); + struct ssl_connect *const sconn = data; + if(status != RB_OK) { - rb_ssl_connect_realcb(F, status, data); + rb_ssl_connect_realcb(F, status, sconn); return; } F->type |= RB_FD_SSL; - struct ssl_connect *const sconn = data; - rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT); - rb_ssl_tryconn_cb(F, sconn); + rb_ssl_connect_common(F, sconn); } static int @@ -741,7 +737,6 @@ rb_sock_net_xmit(void *const context_ptr, const unsigned char *const buf, const /* * External library-agnostic code - * Mostly copied from the OpenSSL backend, with some optimisations and const-correctness */ int @@ -826,19 +821,19 @@ rb_ssl_start_connected(rb_fde_t *const F, CNCB *const callback, void *const data if(F == NULL) return; - F->connect = rb_malloc(sizeof(struct conndata)); - F->connect->callback = callback; - F->connect->data = data; - F->type |= RB_FD_SSL; - struct ssl_connect *const sconn = rb_malloc(sizeof *sconn); sconn->data = data; sconn->callback = callback; sconn->timeout = timeout; + F->connect = rb_malloc(sizeof(struct conndata)); + F->connect->callback = callback; + F->connect->data = data; + F->type |= RB_FD_SSL; + rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT); - rb_ssl_tryconn_cb(F, sconn); + rb_ssl_connect_common(F, sconn); } #endif /* HAVE_MBEDTLS */ diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 0e362bfe..851668b8 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -143,7 +143,7 @@ rb_ssl_accept_common(rb_fde_t *const F, void *const data) } static void -rb_ssl_tryconn_cb(rb_fde_t *const F, void *const data) +rb_ssl_connect_common(rb_fde_t *const F, void *const data) { lrb_assert(F != NULL); lrb_assert(F->ssl != NULL); @@ -166,12 +166,12 @@ rb_ssl_tryconn_cb(rb_fde_t *const F, void *const data) } if(ret == -1 && err == SSL_ERROR_WANT_READ) { - rb_setselect(F, RB_SELECT_READ, rb_ssl_tryconn_cb, data); + rb_setselect(F, RB_SELECT_READ, rb_ssl_connect_common, data); return; } if(ret == -1 && err == SSL_ERROR_WANT_WRITE) { - rb_setselect(F, RB_SELECT_WRITE, rb_ssl_tryconn_cb, data); + rb_setselect(F, RB_SELECT_WRITE, rb_ssl_connect_common, data); return; } @@ -467,36 +467,35 @@ rb_get_ssl_strerror(rb_fde_t *const F) int rb_get_ssl_certfp(rb_fde_t *const F, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int method) { - if(F->ssl == NULL) + if(F == NULL || F->ssl == NULL) return 0; - const EVP_MD *evp; - unsigned int len; + const EVP_MD *md_type; + unsigned int hashlen; switch(method) { case RB_SSL_CERTFP_METH_SHA1: - evp = EVP_sha1(); - len = RB_SSL_CERTFP_LEN_SHA1; + md_type = EVP_sha1(); + hashlen = RB_SSL_CERTFP_LEN_SHA1; break; case RB_SSL_CERTFP_METH_SHA256: - evp = EVP_sha256(); - len = RB_SSL_CERTFP_LEN_SHA256; + md_type = EVP_sha256(); + hashlen = RB_SSL_CERTFP_LEN_SHA256; break; case RB_SSL_CERTFP_METH_SHA512: - evp = EVP_sha512(); - len = RB_SSL_CERTFP_LEN_SHA512; + md_type = EVP_sha512(); + hashlen = RB_SSL_CERTFP_LEN_SHA512; break; default: return 0; } - X509 *const cert = SSL_get_peer_certificate(SSL_P(F)); - if(cert == NULL) + X509 *const peer_cert = SSL_get_peer_certificate(SSL_P(F)); + if(peer_cert == NULL) return 0; - int res = SSL_get_verify_result(SSL_P(F)); - switch(res) + switch(SSL_get_verify_result(SSL_P(F))) { case X509_V_OK: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: @@ -506,14 +505,14 @@ rb_get_ssl_certfp(rb_fde_t *const F, uint8_t certfp[const RB_SSL_CERTFP_LEN], co case X509_V_ERR_CERT_UNTRUSTED: break; default: - X509_free(cert); + X509_free(peer_cert); return 0; } - X509_digest(cert, evp, certfp, &len); - X509_free(cert); + X509_digest(peer_cert, md_type, certfp, &hashlen); + X509_free(peer_cert); - return (int) len; + return (int) hashlen; } void @@ -580,7 +579,7 @@ rb_ssl_connect_realcb(rb_fde_t *const F, const int status, struct ssl_connect *c } static void -rb_ssl_timeout(rb_fde_t *const F, void *const notused) +rb_ssl_timeout_cb(rb_fde_t *const F, void *const data) { lrb_assert(F->accept != NULL); lrb_assert(F->accept->callback != NULL); @@ -611,7 +610,7 @@ rb_ssl_tryconn(rb_fde_t *const F, const int status, void *const data) rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT); - rb_ssl_tryconn_cb(F, sconn); + rb_ssl_connect_common(F, sconn); } @@ -649,7 +648,7 @@ rb_ssl_start_accepted(rb_fde_t *const F, ACCB *const cb, void *const data, const F->accept->addrlen = 0; (void) memset(&F->accept->S, 0x00, sizeof F->accept->S); - rb_settimeout(F, timeout, rb_ssl_timeout, NULL); + rb_settimeout(F, timeout, rb_ssl_timeout_cb, NULL); rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_IN); rb_ssl_accept_common(F, NULL); } @@ -666,7 +665,7 @@ rb_ssl_accept_setup(rb_fde_t *const srv_F, rb_fde_t *const cli_F, struct sockadd (void) memset(&cli_F->accept->S, 0x00, sizeof cli_F->accept->S); (void) memcpy(&cli_F->accept->S, st, (size_t) addrlen); - rb_settimeout(cli_F, 10, rb_ssl_timeout, NULL); + rb_settimeout(cli_F, 10, rb_ssl_timeout_cb, NULL); rb_ssl_init_fd(cli_F, RB_FD_TLS_DIRECTION_IN); rb_ssl_accept_common(cli_F, NULL); } @@ -714,7 +713,7 @@ rb_ssl_start_connected(rb_fde_t *const F, CNCB *const callback, void *const data rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT); - rb_ssl_tryconn_cb(F, sconn); + rb_ssl_connect_common(F, sconn); } #endif /* HAVE_OPENSSL */