Keep pulling openssl's tentacles out of protocol code

author: Dirk Engling <erdgeist@erdgeist.org> 2014-11-16 00:31:32 +0100
committer: Dirk Engling <erdgeist@erdgeist.org> 2014-11-16 00:31:32 +0100
commit: 4c635b85709b33f5161674fcea273d5739d484fe (patch)
tree: 50d8d6b398cc91c10109d12f6c2638c94e6814e5
parent: 279772cb4f3894f087b9e0389c6742c6ebb48062 (diff)
3 files changed, 72 insertions, 64 deletions
diff --git a/vchat-protocol.c b/vchat-protocol.c
index b077411..6532fbb 100755
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -24,11 +24,12 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <readline/readline.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
 #include <locale.h>
 #include <langinfo.h>
+// TO BE GONE
+#include <openssl/bio.h>
 /* local includes */
 #include "vchat.h"
 #include "vchat-user.h"
@@ -108,7 +109,7 @@ vcconnect (char *server, char *port)
  char *tildex = NULL;
  /* vchat connection x509 store */
-  vc_x509store_t vc_store;
+  vc_x509store_t *vc_store;
  /* pointer to tilde-expanded certificate/keyfile-names */
  char *certfile = NULL, *keyfile = NULL;
@@ -126,14 +127,9 @@ vcconnect (char *server, char *port)
  /* If SSL is requested, get our ssl-BIO running */
  if( server_conn && getintoption(CF_USESSL) ) {
-    static int sslinit;
+    vc_store = vc_init_x509store();
-    if( !sslinit++ ) {
+    // XXX TODO: Check error (with new API)
-      SSL_library_init ();
+    vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
-      SSL_load_error_strings();
-    }
-    vc_init_x509store(&vc_store);
-    vc_x509store_setflags(&vc_store, VC_X509S_SSL_VERIFY_PEER);
    /* get name of certificate file */
    certfile = getstroption (CF_CERTFILE);
@@ -145,8 +141,8 @@ vcconnect (char *server, char *port)
      else
        tildex = certfile;
-      vc_x509store_setflags(&vc_store, VC_X509S_USE_CERTIFICATE);
+      vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE);
-      vc_x509store_setcertfile(&vc_store, tildex);
+      vc_x509store_setcertfile(vc_store, tildex);
      /* get name of key file */
      keyfile = getstroption (CF_KEYFILE);
@@ -161,12 +157,12 @@ vcconnect (char *server, char *port)
      else
        tildex = keyfile;
-      vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt);
+      vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt);
-      vc_x509store_setkeyfile(&vc_store, tildex);
+      vc_x509store_setkeyfile(vc_store, tildex);
    }
    /* upgrade our plain BIO to ssl */
-    if( vc_connect_ssl( &server_conn, &vc_store ) ) {
+    if( vc_connect_ssl( &server_conn, vc_store ) ) {
      BIO_free_all( server_conn );
      server_conn = NULL;
      errno = EIO;
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 73a56fa..fab5ffe 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -34,6 +34,33 @@
 const char *vchat_ssl_version = "vchat-ssl.c      $Id$";
+typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
+struct vc_x509store_t {
+   char                 *cafile;
+   char                 *capath;
+   char                 *crlfile;
+   vc_x509verify_cb_t   callback;
+   vc_askpass_cb_t      askpass_callback;
+   STACK_OF(X509)       *certs;
+   STACK_OF(X509_CRL)   *crls;
+   char                 *use_certfile;
+   STACK_OF(X509)       *use_certs;
+   char                 *use_keyfile;
+   EVP_PKEY             *use_key;
+   int                  flags;
+};
+static void vc_cleanup_x509store(vc_x509store_t *); // Should not be static but is unused
+static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store );
+static int vc_verify_callback(int, X509_STORE_CTX *);
+static X509_STORE * vc_x509store_create(vc_x509store_t *);
+static void vc_x509store_clearflags(vc_x509store_t *, int);
+static void vc_x509store_setcafile(vc_x509store_t *, char *);
+static void vc_x509store_setcapath(vc_x509store_t *, char *);
+static void vc_x509store_setcrlfile(vc_x509store_t *, char *);
+static void vc_x509store_addcert(vc_x509store_t *, X509 *);
+static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
 #define VC_CTX_ERR_EXIT(se, cx) do { \
      snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
            ERR_error_string (ERR_get_error (), NULL)); \
@@ -51,7 +78,7 @@ const char *vchat_ssl_version = "vchat-ssl.c      $Id$";
      return(NULL); \
   } while(0)
-SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
+static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
 {
   int                  i                 = 0;
   int                  n                 = 0;
@@ -372,20 +399,31 @@ void vc_x509store_setcertfile(vc_x509store_t *store, char *file)
 }
-void vc_init_x509store(vc_x509store_t *s)
+vc_x509store_t *vc_init_x509store()
 {
-   s->cafile         = NULL;
+   vc_x509store_t *s = malloc(sizeof(vc_x509store_t));
-   s->capath         = NULL;
+   if (s) {
-   s->crlfile        = NULL;
-   s->callback       = NULL;
+       static int sslinit;
-   s->askpass_callback = NULL;
+       if( !sslinit++ ) {
-   s->certs          = sk_X509_new_null();
+           SSL_library_init ();
-   s->crls           = sk_X509_CRL_new_null();
+           SSL_load_error_strings();
-   s->use_certfile   = NULL;
+       }
-   s->use_certs      = sk_X509_new_null();
-   s->use_keyfile    = NULL;
+       s->cafile         = NULL;
-   s->use_key        = NULL;
+       s->capath         = NULL;
-   s->flags          = 0;
+       s->crlfile        = NULL;
+       s->callback       = NULL;
+       s->askpass_callback = NULL;
+       s->certs          = sk_X509_new_null();
+       s->crls           = sk_X509_CRL_new_null();
+       s->use_certfile   = NULL;
+       s->use_certs      = sk_X509_new_null();
+       s->use_keyfile    = NULL;
+       s->use_key        = NULL;
+       s->flags          = 0;
+   }
+   return s;
 }
 void vc_cleanup_x509store(vc_x509store_t *s)
diff --git a/vchat-ssl.h b/vchat-ssl.h
index 12d5fdb..8dc1bfc 100755
--- a/vchat-ssl.h
+++ b/vchat-ssl.h
@@ -1,42 +1,16 @@
-/* types */
+/* prototypes */
-typedef int (*vc_x509verify_cb_t)(int, X509_STORE_CTX *);
+struct vc_x509store_t;
+typedef struct vc_x509store_t vc_x509store_t;
 typedef int (*vc_askpass_cb_t)(char *, int, int, void *);
-typedef struct {
-   char                 *cafile;
-   char                 *capath;
-   char                 *crlfile;
-   vc_x509verify_cb_t   callback;
-   vc_askpass_cb_t      askpass_callback;
-   STACK_OF(X509)       *certs;
-   STACK_OF(X509_CRL)   *crls;
-   char                 *use_certfile;
-   STACK_OF(X509)       *use_certs;
-   char                 *use_keyfile;
-   EVP_PKEY             *use_key;
-   int                  flags;
-} vc_x509store_t;
-/* prototypes */
-int  vc_connect_ssl(BIO **conn, vc_x509store_t * );
+vc_x509store_t *vc_init_x509store();
-SSL_CTX * vc_create_sslctx( vc_x509store_t *);
+void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
-void vc_init_x509store(vc_x509store_t *);
-void vc_cleanup_x509store(vc_x509store_t *);
-void vc_x509store_setcafile(vc_x509store_t *, char *); 
-void vc_x509store_setcapath(vc_x509store_t *, char *); 
-void vc_x509store_setcrlfile(vc_x509store_t *, char *); 
-void vc_x509store_setkeyfile(vc_x509store_t *, char *); 
-void vc_x509store_setcertfile(vc_x509store_t *, char *); 
-void vc_x509store_addcert(vc_x509store_t *, X509 *);
-void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
-void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t); 
 void vc_x509store_setflags(vc_x509store_t *, int);
-void vc_x509store_clearflags(vc_x509store_t *, int);
+void vc_x509store_setkeyfile(vc_x509store_t *, char *);
-int vc_verify_callback(int, X509_STORE_CTX *);
+void vc_x509store_setcertfile(vc_x509store_t *, char *);
-X509_STORE * vc_x509store_create(vc_x509store_t *);
+int  vc_connect_ssl(BIO **conn, vc_x509store_t * );
-char *vc_ssl_version(char *, int);
 #define VC_X509S_NODEF_CAFILE                      0x01
 #define VC_X509S_NODEF_CAPATH                      0x02
author	Dirk Engling <erdgeist@erdgeist.org>	2014-11-16 00:31:32 +0100
committer	Dirk Engling <erdgeist@erdgeist.org>	2014-11-16 00:31:32 +0100
commit	4c635b85709b33f5161674fcea273d5739d484fe (patch)
tree	50d8d6b398cc91c10109d12f6c2638c94e6814e5
parent	279772cb4f3894f087b9e0389c6742c6ebb48062 (diff)

diff --git a/vchat-protocol.c b/vchat-protocol.c index b077411..6532fbb 100755 --- a/vchat-protocol.c +++ b/vchat-protocol.c
@@ -24,11 +24,12 @@
24	#include <sys/socket.h>	24	#include <sys/socket.h>
25	#include <netinet/in.h>	25	#include <netinet/in.h>
26	#include <readline/readline.h>	26	#include <readline/readline.h>
27	#include <openssl/ssl.h>
28	#include <openssl/err.h>
29	#include <locale.h>	27	#include <locale.h>
30	#include <langinfo.h>	28	#include <langinfo.h>
31		29
		30	// TO BE GONE
		31	#include <openssl/bio.h>
		32
32	/* local includes */	33	/* local includes */
33	#include "vchat.h"	34	#include "vchat.h"
34	#include "vchat-user.h"	35	#include "vchat-user.h"
@@ -108,7 +109,7 @@ vcconnect (char server, char port)
108	char *tildex = NULL;	109	char *tildex = NULL;
109		110
110	/* vchat connection x509 store */	111	/* vchat connection x509 store */
111	vc_x509store_t vc_store;	112	vc_x509store_t *vc_store;
112		113
113	/* pointer to tilde-expanded certificate/keyfile-names */	114	/* pointer to tilde-expanded certificate/keyfile-names */
114	char certfile = NULL, keyfile = NULL;	115	char certfile = NULL, keyfile = NULL;
@@ -126,14 +127,9 @@ vcconnect (char server, char port)
126		127
127	/* If SSL is requested, get our ssl-BIO running */	128	/* If SSL is requested, get our ssl-BIO running */
128	if( server_conn && getintoption(CF_USESSL) ) {	129	if( server_conn && getintoption(CF_USESSL) ) {
129	static int sslinit;	130	vc_store = vc_init_x509store();
130	if( !sslinit++ ) {	131	// XXX TODO: Check error (with new API)
131	SSL_library_init ();	132	vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
132	SSL_load_error_strings();
133	}
134
135	vc_init_x509store(&vc_store);
136	vc_x509store_setflags(&vc_store, VC_X509S_SSL_VERIFY_PEER);
137		133
138	/* get name of certificate file */	134	/* get name of certificate file */
139	certfile = getstroption (CF_CERTFILE);	135	certfile = getstroption (CF_CERTFILE);
@@ -145,8 +141,8 @@ vcconnect (char server, char port)
145	else	141	else
146	tildex = certfile;	142	tildex = certfile;
147		143
148	vc_x509store_setflags(&vc_store, VC_X509S_USE_CERTIFICATE);	144	vc_x509store_setflags(vc_store, VC_X509S_USE_CERTIFICATE);
149	vc_x509store_setcertfile(&vc_store, tildex);	145	vc_x509store_setcertfile(vc_store, tildex);
150		146
151	/* get name of key file */	147	/* get name of key file */
152	keyfile = getstroption (CF_KEYFILE);	148	keyfile = getstroption (CF_KEYFILE);
@@ -161,12 +157,12 @@ vcconnect (char server, char port)
161	else	157	else
162	tildex = keyfile;	158	tildex = keyfile;
163		159
164	vc_x509store_set_pkeycb(&vc_store, (vc_askpass_cb_t)passprompt);	160	vc_x509store_set_pkeycb(vc_store, (vc_askpass_cb_t)passprompt);
165	vc_x509store_setkeyfile(&vc_store, tildex);	161	vc_x509store_setkeyfile(vc_store, tildex);
166	}	162	}
167		163
168	/* upgrade our plain BIO to ssl */	164	/* upgrade our plain BIO to ssl */
169	if( vc_connect_ssl( &server_conn, &vc_store ) ) {	165	if( vc_connect_ssl( &server_conn, vc_store ) ) {
170	BIO_free_all( server_conn );	166	BIO_free_all( server_conn );
171	server_conn = NULL;	167	server_conn = NULL;
172	errno = EIO;	168	errno = EIO;


diff --git a/vchat-ssl.c b/vchat-ssl.c index 73a56fa..fab5ffe 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c
@@ -34,6 +34,33 @@
34		34
35	const char *vchat_ssl_version = "vchat-ssl.c $Id$";	35	const char *vchat_ssl_version = "vchat-ssl.c $Id$";
36		36
		37	typedef int (vc_x509verify_cb_t)(int, X509_STORE_CTX );
		38	struct vc_x509store_t {
		39	char *cafile;
		40	char *capath;
		41	char *crlfile;
		42	vc_x509verify_cb_t callback;
		43	vc_askpass_cb_t askpass_callback;
		44	STACK_OF(X509) *certs;
		45	STACK_OF(X509_CRL) *crls;
		46	char *use_certfile;
		47	STACK_OF(X509) *use_certs;
		48	char *use_keyfile;
		49	EVP_PKEY *use_key;
		50	int flags;
		51	};
		52
		53	static void vc_cleanup_x509store(vc_x509store_t *); // Should not be static but is unused
		54	static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store );
		55	static int vc_verify_callback(int, X509_STORE_CTX *);
		56	static X509_STORE * vc_x509store_create(vc_x509store_t *);
		57	static void vc_x509store_clearflags(vc_x509store_t *, int);
		58	static void vc_x509store_setcafile(vc_x509store_t , char );
		59	static void vc_x509store_setcapath(vc_x509store_t , char );
		60	static void vc_x509store_setcrlfile(vc_x509store_t , char );
		61	static void vc_x509store_addcert(vc_x509store_t , X509 );
		62	static void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
		63
37	#define VC_CTX_ERR_EXIT(se, cx) do { \	64	#define VC_CTX_ERR_EXIT(se, cx) do { \
38	snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \	65	snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
39	ERR_error_string (ERR_get_error (), NULL)); \	66	ERR_error_string (ERR_get_error (), NULL)); \
@@ -51,7 +78,7 @@ const char *vchat_ssl_version = "vchat-ssl.c $Id$";
51	return(NULL); \	78	return(NULL); \
52	} while(0)	79	} while(0)
53		80
54	SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )	81	static SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
55	{	82	{
56	int i = 0;	83	int i = 0;
57	int n = 0;	84	int n = 0;
@@ -372,20 +399,31 @@ void vc_x509store_setcertfile(vc_x509store_t store, char file)
372	}	399	}
373		400
374		401
375	void vc_init_x509store(vc_x509store_t *s)	402	vc_x509store_t *vc_init_x509store()
376	{	403	{
377	s->cafile = NULL;	404	vc_x509store_t *s = malloc(sizeof(vc_x509store_t));
378	s->capath = NULL;	405	if (s) {
379	s->crlfile = NULL;	406
380	s->callback = NULL;	407	static int sslinit;
381	s->askpass_callback = NULL;	408	if( !sslinit++ ) {
382	s->certs = sk_X509_new_null();	409	SSL_library_init ();
383	s->crls = sk_X509_CRL_new_null();	410	SSL_load_error_strings();
384	s->use_certfile = NULL;	411	}
385	s->use_certs = sk_X509_new_null();	412
386	s->use_keyfile = NULL;	413	s->cafile = NULL;
387	s->use_key = NULL;	414	s->capath = NULL;
388	s->flags = 0;	415	s->crlfile = NULL;
		416	s->callback = NULL;
		417	s->askpass_callback = NULL;
		418	s->certs = sk_X509_new_null();
		419	s->crls = sk_X509_CRL_new_null();
		420	s->use_certfile = NULL;
		421	s->use_certs = sk_X509_new_null();
		422	s->use_keyfile = NULL;
		423	s->use_key = NULL;
		424	s->flags = 0;
		425	}
		426	return s;
389	}	427	}
390		428
391	void vc_cleanup_x509store(vc_x509store_t *s)	429	void vc_cleanup_x509store(vc_x509store_t *s)


diff --git a/vchat-ssl.h b/vchat-ssl.h index 12d5fdb..8dc1bfc 100755 --- a/vchat-ssl.h +++ b/vchat-ssl.h
@@ -1,42 +1,16 @@
1		1
2	/* types */	2	/* prototypes */
3		3
4	typedef int (vc_x509verify_cb_t)(int, X509_STORE_CTX );	4	struct vc_x509store_t;
		5	typedef struct vc_x509store_t vc_x509store_t;
5	typedef int (vc_askpass_cb_t)(char , int, int, void *);	6	typedef int (vc_askpass_cb_t)(char , int, int, void *);
6	typedef struct {
7	char *cafile;
8	char *capath;
9	char *crlfile;
10	vc_x509verify_cb_t callback;
11	vc_askpass_cb_t askpass_callback;
12	STACK_OF(X509) *certs;
13	STACK_OF(X509_CRL) *crls;
14	char *use_certfile;
15	STACK_OF(X509) *use_certs;
16	char *use_keyfile;
17	EVP_PKEY *use_key;
18	int flags;
19	} vc_x509store_t;
20
21	/* prototypes */
22		7
23	int vc_connect_ssl(BIO *conn, vc_x509store_t );	8	vc_x509store_t *vc_init_x509store();
24	SSL_CTX * vc_create_sslctx( vc_x509store_t *);	9	void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
25	void vc_init_x509store(vc_x509store_t *);
26	void vc_cleanup_x509store(vc_x509store_t *);
27	void vc_x509store_setcafile(vc_x509store_t , char );
28	void vc_x509store_setcapath(vc_x509store_t , char );
29	void vc_x509store_setcrlfile(vc_x509store_t , char );
30	void vc_x509store_setkeyfile(vc_x509store_t , char );
31	void vc_x509store_setcertfile(vc_x509store_t , char );
32	void vc_x509store_addcert(vc_x509store_t , X509 );
33	void vc_x509store_setcb(vc_x509store_t *, vc_x509verify_cb_t);
34	void vc_x509store_set_pkeycb(vc_x509store_t *, vc_askpass_cb_t);
35	void vc_x509store_setflags(vc_x509store_t *, int);	10	void vc_x509store_setflags(vc_x509store_t *, int);
36	void vc_x509store_clearflags(vc_x509store_t *, int);	11	void vc_x509store_setkeyfile(vc_x509store_t , char );
37	int vc_verify_callback(int, X509_STORE_CTX *);	12	void vc_x509store_setcertfile(vc_x509store_t , char );
38	X509_STORE * vc_x509store_create(vc_x509store_t *);	13	int vc_connect_ssl(BIO *conn, vc_x509store_t );
39	char vc_ssl_version(char , int);
40		14
41	#define VC_X509S_NODEF_CAFILE 0x01	15	#define VC_X509S_NODEF_CAFILE 0x01
42	#define VC_X509S_NODEF_CAPATH 0x02	16	#define VC_X509S_NODEF_CAPATH 0x02