ssl.c

The major functionality added in this release includes: - Rootless mode in X11 - Widget Templt

/*
 * ssl.c v0.0.3
 * Copyright (C) 2000  --  DaP <profeta@freemail.c3.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

#include <openssl/ssl.h>		  /* SSL_() */
#include <openssl/err.h>		  /* ERR_() */
#include <time.h>					  /* asctime() */
#include <string.h>				  /* strncpy() */
#include "ssl.h"					  /* struct cert_info */
#include "../../config.h"		  /* HAVE_SNPRINTF */

#ifndef HAVE_SNPRINTF
#define snprintf g_snprintf
#endif

/* globals */
static struct chiper_info chiper_info;		/* static buffer for _SSL_get_cipher_info() */
static char err_buf[256];			/* generic error buffer */


/* +++++ Internal functions +++++ */


#if 0
static void *
mmalloc(size_t size)
{
	void *addr;


	if (!(addr = malloc(size))) {
		perror("malloc");
		/* FATAL */
		exit(1);
	}
	return (addr);
}
#endif


static void
__SSL_fill_err_buf (char *funcname)
{
	int err;
	char buf[256];


	err = ERR_get_error ();
	ERR_error_string (err, buf);
	snprintf (err_buf, sizeof (err_buf), "%s: %s (%d)\n", funcname, buf, err);
}


static void
__SSL_critical_error (char *funcname)
{
	__SSL_fill_err_buf (funcname);
	fprintf (stderr, "%s\n", err_buf);

	exit (1);
}


/* +++++ Cipher functions +++++ */


/*
int
_SSL_EVP_encode(char *data, int len)
{
	EVP_ENCODE_CTX ctx;
	int i, j, n, outl;
	char tbuf[PEM_BUFSIZE * 5];
	char *buf;
	char *pt;


	buf = malloc(len);
	*buf = 0;

	EVP_EncodeInit(&ctx);
	i = j = 0;
	while (len > 0) {
		n = (len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len;
		EVP_EncodeUpdate(&ctx, tbuf, &outl, &(data[j]), n);

fprintf(stderr, "_SSL_EVP_encode :: loop give %d bytes\n", outl);
		if (!outl) {
			free (buf);
			return (0);
		}
		strcat(buf, tbuf);

		i += outl;
		len -= n;
		j += n;
	}
	EVP_EncodeFinal(&ctx, tbuf, &outl);
fprintf(stderr, "_SSL_EVP_encode :: encoded data is %d bytes\n", i);
	for (pt = buf; *pt; pt++)
		if (*pt == '\n')
			*pt = '_';

	memcpy(data, buf, i + 1);	// + NULL
	free (buf);

	return (1);
}
*/


#if 0
#define	ALG	EVP_des_ede3_cbc()
#define	MAXBLK	512
/* FIXME */
static int
_SSL_do_cipher(char *buf, int buf_len, char *key, int operation, char **pt)
{
	EVP_CIPHER_CTX ectx;
        unsigned char iv[EVP_MAX_IV_LENGTH];
	char ebuf[MAXBLK];
	int ebuflen;
	int n;
	int i;


	memset(iv, 0, EVP_MAX_IV_LENGTH);
	EVP_CipherInit(&ectx, ALG, key, iv, operation);

	*pt = mmalloc(buf_len + EVP_CIPHER_CTX_block_size(&ectx));	/* + PAD */

	i = 0;
	while (buf_len - i > 0) {
		n = (buf_len - i < MAXBLK) ? buf_len - i : MAXBLK;
		EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf + i, n);
		printf("EVP_CipherUpdate[%d] ebl %d i %d T %d (%d)\n", operation, ebuflen, i, buf_len, n);

		if (!ebuflen)	/* last block needs padding */
			break;

		memcpy(*pt + i, ebuf, ebuflen);
		i += ebuflen;
break;
	}
	/* append/check CRC block */
        if (!EVP_CipherFinal(&ectx, ebuf, &ebuflen))
		fprintf(stderr, "_SSL_do_cipher :: EVP_CipherFinal failed\n");
	memcpy(*pt + i, ebuf, ebuflen);
	i += ebuflen;
	printf("EVP_CipherFinal %d (%d)\n", ebuflen, i);

	return (i);
}
#endif


#if 0
static char *
_SSL_do_cipher_base64(char *buf, int buf_len, char *key, int operation)
{
	char *pt;
	char *pt2;
	int i;


	if (operation) {
		i = _SSL_do_cipher(buf, buf_len, key, operation, &pt);
		pt2 = mmalloc(i * 2 + 1);		/* + NULL */
		memset(pt2, 0, i * 2 + 1);	/* FIXME: need it? */
		if ((i = EVP_EncodeBlock(pt2, pt, i)) == -1) {
			fprintf(stderr, "_SSL_do_cipher_base64 :: EVP_EncodeBlock failed\n");
			exit(1);
		}
fprintf(stderr, "_SSL_do_cipher_base64 :: EVP_EncodeBlock %d [%24s]\n", i, key);
	} else {
		pt = mmalloc(buf_len / 2 * 2 + 1);		/* + NULL */
		memset(pt, 0, buf_len / 2 * 2 + 1);	/* FIXME: need it? */
		if ((i = EVP_DecodeBlock(pt, buf, buf_len)) == -1) {
			fprintf(stderr, "_SSL_do_cipher_base64 :: EVP_DecodeBlock failed\n");
			exit(1);
		}
fprintf(stderr, "_SSL_do_cipher_base64 :: EVP_DecodeBlock %d [%24s]\n", i, key);
		i -= i % 8;	/* cut padding */
		i = _SSL_do_cipher(pt, i, key, operation, &pt2);
	}
	free (pt);

	return (pt2);
}
#endif


/* +++++ Object functions +++++ */


#if 0
static void *
_SSL_get_sess_obj(SSL *ssl, int type)
{
	void *obj = NULL;


	switch (type) {
	    case 0:
		obj = X509_get_pubkey(SSL_get_certificate(ssl));
		break;
	    case 1:
		obj = SSL_get_privatekey(ssl);
		break;
	    case 2:
		obj = SSL_get_certificate(ssl);
		break;
	}
	return (obj);
}
#endif


#if 0
static char *
_SSL_get_obj_base64(void *s, int type)
{
	unsigned char *pt, *ppt;
	unsigned char *t;
	int len = 0;
	int i;


	switch (type) {
	    case 0:
		len = i2d_PublicKey(s, NULL);
		break;
	    case 1:
		len = i2d_PrivateKey(s, NULL);
		break;
	    case 2:
		len = i2d_X509(s, NULL);
		break;
	}
	if (len < 0)
		return (NULL);

	pt = ppt = mmalloc(len);

	switch (type) {
	    case 0:
		i2d_PublicKey(s, &pt);
		break;
	    case 1:
		i2d_PrivateKey(s, &pt);
		break;
	    case 2:
		i2d_X509(s, &pt);
		break;
	}

	t = mmalloc(len * 2 + 1);	/* + NULL */
	if ((i = EVP_EncodeBlock(t, ppt, len)) == -1) {
		fprintf(stderr, "_SSL_get_key_base64 :: EVP_EncodeBlock failed\n");
		exit(1);
	}
	free (ppt);

	return (t);
}
#endif


#if 0
static char *
_SSL_get_ctx_obj_base64(SSL_CTX *ctx, int type)
{
	void *obj;
	unsigned char *pt;
	SSL *ssl;


	if (!(ssl = SSL_new(ctx)))
		__SSL_critical_error("_SSL_get_ctx_obj_base64 :: SSL_new");

	obj = _SSL_get_sess_obj(ssl, type);	/* it's just a pointer into ssl! */
	pt = _SSL_get_obj_base64(obj, type);

	SSL_free(ssl);

	return (pt);
}
#endif


#if 0
static int
_SSL_verify_x509(X509 *x509)
{
	X509_STORE *cert_ctx = NULL;
	X509_LOOKUP *lookup = NULL;
	X509_STORE_CTX csc;
	int i;


	if (!(cert_ctx = X509_STORE_new())) {
		fprintf(stderr, "_SSL_verify_x509 :: X509_STORE_new failed\n");
		exit(1);
	}
	/* X509_STORE_set_verify_cb_func(cert_ctx, cb); */

/*
	if (!(lookup = X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()))) {
		fprintf(stderr, "_SSL_verify_x509 :: X509_STORE_add_lookup failed\n");
		exit(1);
	}
	if (!X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT)) {
		fprintf(stderr, "_SSL_verify_x509 :: X509_LOOKUP_load_file failed\n");
		exit(1);
	}
*/

	if (!(lookup = X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir()))) {
		fprintf(stderr, "_SSL_verify_x509 :: X509_STORE_add_lookup failed\n");
		exit(1);
	}
	if (!!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
		fprintf(stderr, "_SSL_verify_x509 :: X509_LOOKUP_add_dir failed\n");
		exit(1);
	}

	/* ... */
	X509_STORE_CTX_init(&csc, cert_ctx, x509, NULL);
	i = X509_verify_cert(&csc);
	X509_STORE_CTX_cleanup(&csc);
	/* ... */

	X509_STORE_free(cert_ctx);

	return (i);
}
#endif


/* +++++ SSL functions +++++ */


SSL_CTX *
_SSL_context_init (void (*info_cb_func), int server)
{
	SSL_CTX *ctx;
#ifdef WIN32
	int i, r;
#endif

	SSLeay_add_ssl_algorithms ();
	SSL_load_error_strings ();
	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());

	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
	SSL_CTX_set_timeout (ctx, 300);

	/* used in SSL_connect(), SSL_accept() */
	SSL_CTX_set_info_callback (ctx, info_cb_func);

#ifdef WIN32
	/* under win32, OpenSSL needs to be seeded with some randomness */
	srand (time (0));
	for (i = 0; i < 128; i++)
	{
		r = rand ();