9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

GNUTLS: Break off TLS setup from callbacks to a dedicated function

Browse source 
This is in line with the other backends; eventually those callbacks
will be moved to a library-agnostic section.
This commit is contained in:
Aaron Jones 2016-09-16 13:27:40 +00:00
parent 4618ec248e
commit 3f32d48dab
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5
1 changed files with 47 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
libratbox/src/gnutls.c
View file

@ -41,6 +41,12 @@
#define SSL_P(x) *((gnutls_session_t *) ((x)->ssl)) #define SSL_P(x) *((gnutls_session_t *) ((x)->ssl))
typedef enum
{
RB_FD_TLS_DIRECTION_IN = 0,
RB_FD_TLS_DIRECTION_OUT = 1
} rb_fd_tls_direction;
// Server side variables // Server side variables
@ -105,6 +111,40 @@ rb_ssl_cert_auth_cb(gnutls_session_t session,
return 0; return 0;
} }
static void
rb_ssl_init_fd(rb_fde_t *const F, const rb_fd_tls_direction dir)
{
F->ssl = rb_malloc(sizeof(gnutls_session_t));
if(F->ssl == NULL)
{
rb_lib_log("%s: rb_malloc: allocation failure", __func__);
rb_close(F);
return;
}
unsigned int init_flags = 0;
switch(dir)
{
case RB_FD_TLS_DIRECTION_IN:
init_flags |= GNUTLS_SERVER;
break;
case RB_FD_TLS_DIRECTION_OUT:
init_flags |= GNUTLS_CLIENT;
break;
}
gnutls_init((gnutls_session_t *) F->ssl, init_flags);
gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, server_cert_key);
gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_priority_set(SSL_P(F), default_priority);
if(dir == RB_FD_TLS_DIRECTION_IN)
gnutls_certificate_server_set_request(SSL_P(F), GNUTLS_CERT_REQUEST);
}
void void
rb_ssl_shutdown(rb_fde_t *const F) rb_ssl_shutdown(rb_fde_t *const F)
{ {
@ -181,11 +221,12 @@ rb_ssl_accept_common(rb_fde_t *F, void *data)
if(ret == 0) if(ret == 0)
return; return;
struct acceptdata *const ad = F->accept;
F->accept = NULL;
rb_settimeout(F, 0, NULL, NULL); rb_settimeout(F, 0, NULL, NULL);
rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL); rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
struct acceptdata *const ad = F->accept;
F->accept = NULL;
if(ret > 0) if(ret > 0)
ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data); ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
else else
@ -205,16 +246,8 @@ rb_ssl_start_accepted(rb_fde_t *const F, ACCB *const cb, void *const data, const
F->accept->addrlen = 0; F->accept->addrlen = 0;
(void) memset(&F->accept->S, 0x00, sizeof F->accept->S); (void) memset(&F->accept->S, 0x00, sizeof F->accept->S);
F->ssl = rb_malloc(sizeof(gnutls_session_t));
gnutls_init((gnutls_session_t *) F->ssl, GNUTLS_SERVER);
gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, server_cert_key);
gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)rb_get_fd(F));
gnutls_certificate_server_set_request(SSL_P(F), GNUTLS_CERT_REQUEST);
gnutls_priority_set(SSL_P(F), default_priority);
rb_settimeout(F, timeout, rb_ssl_timeout_cb, NULL); rb_settimeout(F, timeout, rb_ssl_timeout_cb, NULL);
rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_IN);
rb_ssl_accept_common(F, NULL); rb_ssl_accept_common(F, NULL);
} }
@ -230,16 +263,8 @@ rb_ssl_accept_setup(rb_fde_t *const srv_F, rb_fde_t *const cli_F, struct sockadd
(void) memset(&cli_F->accept->S, 0x00, sizeof cli_F->accept->S); (void) memset(&cli_F->accept->S, 0x00, sizeof cli_F->accept->S);
(void) memcpy(&cli_F->accept->S, st, (size_t) addrlen); (void) memcpy(&cli_F->accept->S, st, (size_t) addrlen);
cli_F->ssl = rb_malloc(sizeof(gnutls_session_t));
gnutls_init((gnutls_session_t *) cli_F->ssl, GNUTLS_SERVER);
gnutls_set_default_priority(SSL_P(cli_F));
gnutls_credentials_set(SSL_P(cli_F), GNUTLS_CRD_CERTIFICATE, server_cert_key);
gnutls_dh_set_prime_bits(SSL_P(cli_F), 1024);
gnutls_transport_set_ptr(SSL_P(cli_F), (gnutls_transport_ptr_t) (long int)rb_get_fd(cli_F));
gnutls_certificate_server_set_request(SSL_P(cli_F), GNUTLS_CERT_REQUEST);
gnutls_priority_set(SSL_P(cli_F), default_priority);
rb_settimeout(cli_F, 10, rb_ssl_timeout_cb, NULL); rb_settimeout(cli_F, 10, rb_ssl_timeout_cb, NULL);
rb_ssl_init_fd(cli_F, RB_FD_TLS_DIRECTION_IN);
rb_ssl_accept_common(cli_F, NULL); rb_ssl_accept_common(cli_F, NULL);
} }
@ -505,15 +530,8 @@ rb_ssl_tryconn(rb_fde_t *F, int status, void *data)
F->type |= RB_FD_SSL; F->type |= RB_FD_SSL;
F->ssl = rb_malloc(sizeof(gnutls_session_t));
gnutls_init(F->ssl, GNUTLS_CLIENT);
gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, server_cert_key);
gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
gnutls_priority_set(SSL_P(F), default_priority);
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT);
rb_ssl_connect_common(F, sconn); rb_ssl_connect_common(F, sconn);
} }
@ -549,15 +567,8 @@ rb_ssl_start_connected(rb_fde_t *const F, CNCB *const callback, void *const data
F->type |= RB_FD_SSL; F->type |= RB_FD_SSL;
F->ssl = rb_malloc(sizeof(gnutls_session_t));
gnutls_init(F->ssl, GNUTLS_CLIENT);
gnutls_set_default_priority(SSL_P(F));
gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, server_cert_key);
gnutls_dh_set_prime_bits(SSL_P(F), 1024);
gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
gnutls_priority_set(SSL_P(F), default_priority);
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
rb_ssl_init_fd(F, RB_FD_TLS_DIRECTION_OUT);
rb_ssl_connect_common(F, sconn); rb_ssl_connect_common(F, sconn);
} }