doesnm/Cytoplasm
1
0
Fork 0
mirror of https://git.telodendria.io/Telodendria/Cytoplasm.git synced 2025-04-28 20:06:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

Import new Cytoplasm library based off of code from Telodendria.

Browse source 
Telodendria doesn't use this library yet, but it will soon.
This commit is contained in:
Jordan Bancino 2023-05-13 17:30:09 +00:00
commit 40eac30b5c
60 changed files with 15048 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

247
src/Tls/TlsLibreSSL.c Normal file
View file

@ -0,0 +1,247 @@
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <Tls.h>
#if TLS_IMPL == TLS_LIBRESSL
#include <Memory.h>
#include <Log.h>
#include <errno.h>
#include <tls.h> /* LibreSSL TLS */
typedef struct LibreSSLCookie
{
int fd;
struct tls *ctx;
struct tls *cctx;
struct tls_config *cfg;
} LibreSSLCookie;
void *
TlsInitClient(int fd, const char *serverName)
{
LibreSSLCookie *cookie = Malloc(sizeof(LibreSSLCookie));
if (!cookie)
{
return NULL;
}
cookie->ctx = tls_client();
cookie->cctx = NULL;
cookie->cfg = tls_config_new();
cookie->fd = fd;
if (!cookie->ctx || !cookie->cfg)
{
goto error;
}
if (tls_config_set_ca_file(cookie->cfg, tls_default_ca_cert_file()) == -1)
{
goto error;
}
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
{
goto error;
}
if (tls_connect_socket(cookie->ctx, fd, serverName) == -1)
{
goto error;
}
if (tls_handshake(cookie->ctx) == -1)
{
goto error;
}
return cookie;
error:
if (cookie->ctx)
{
if (tls_error(cookie->ctx))
{
Log(LOG_ERR, "TlsInitClient(): %s", tls_error(cookie->ctx));
}
tls_free(cookie->ctx);
}
if (cookie->cfg)
{
tls_config_free(cookie->cfg);
}
Free(cookie);
return NULL;
}
void *
TlsInitServer(int fd, const char *crt, const char *key)
{
LibreSSLCookie *cookie = Malloc(sizeof(LibreSSLCookie));
if (!cookie)
{
return NULL;
}
cookie->ctx = tls_server();
cookie->cctx = NULL;
cookie->cfg = tls_config_new();
cookie->fd = fd;
if (!cookie->ctx || !cookie->cfg)
{
goto error;
}
if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
{
goto error;
}
if (tls_config_set_key_file(cookie->cfg, key) == -1)
{
goto error;
}
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
{
goto error;
}
if (tls_accept_fds(cookie->ctx, &cookie->cctx, fd, fd) == -1)
{
goto error;
}
if (tls_handshake(cookie->cctx) == -1)
{
goto error;
}
return cookie;
error:
if (cookie->ctx)
{
if (tls_error(cookie->ctx))
{
Log(LOG_ERR, "TlsInitServer(): %s", tls_error(cookie->ctx));
}
tls_free(cookie->ctx);
}
if (cookie->cctx)
{
if (tls_error(cookie->cctx))
{
Log(LOG_ERR, "TlsInitServer(): %s", tls_error(cookie->cctx));
}
tls_free(cookie->cctx);
}
if (cookie->cfg)
{
tls_config_free(cookie->cfg);
}
Free(cookie);
return NULL;
}
ssize_t
TlsRead(void *cookie, void *buf, size_t nBytes)
{
LibreSSLCookie *tls = cookie;
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
ssize_t ret = tls_read(ctx, buf, nBytes);
if (ret == -1)
{
errno = EIO;
}
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
{
errno = EAGAIN;
ret = -1;
}
return ret;
}
ssize_t
TlsWrite(void *cookie, void *buf, size_t nBytes)
{
LibreSSLCookie *tls = cookie;
struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
ssize_t ret = tls_write(ctx, buf, nBytes);
if (ret == -1)
{
errno = EIO;
}
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
{
errno = EAGAIN;
ret = -1;
}
return ret;
}
int
TlsClose(void *cookie)
{
LibreSSLCookie *tls = cookie;
int tlsRet = tls_close(tls->cctx ? tls->cctx : tls->ctx);
int sdRet;
if (tls->cctx)
{
tls_free(tls->cctx);
}
tls_free(tls->ctx);
tls_config_free(tls->cfg);
sdRet = close(tls->fd);
Free(tls);
return (tlsRet == -1 || sdRet == -1) ? -1 : 0;
}
#endif

296
src/Tls/TlsOpenSSL.c Normal file
View file

@ -0,0 +1,296 @@
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <Tls.h>
#if TLS_IMPL == TLS_OPENSSL
#include <Memory.h>
#include <Log.h>
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
typedef struct OpenSSLCookie
{
int fd;
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
} OpenSSLCookie;
static char *
SSLErrorString(int err)
{
switch (err)
{
case SSL_ERROR_NONE:
return "No error.";
case SSL_ERROR_ZERO_RETURN:
return "The TLS/SSL connection has been closed.";
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
return "The operation did not complete.";
case SSL_ERROR_WANT_X509_LOOKUP:
return "X509 lookup failed.";
case SSL_ERROR_SYSCALL:
return "I/O Error.";
case SSL_ERROR_SSL:
return "SSL library error.";
}
return NULL;
}
void *
TlsInitClient(int fd, const char *serverName)
{
OpenSSLCookie *cookie;
char errorStr[256];
/*
* TODO: Seems odd that this isn't needed to make the
* connection... we should figure out how to verify the
* certificate matches the server we think we're
* connecting to.
*/
(void) serverName;
cookie = Malloc(sizeof(OpenSSLCookie));
if (!cookie)
{
return NULL;
}
memset(cookie, 0, sizeof(OpenSSLCookie));
cookie->method = TLS_client_method();
cookie->ctx = SSL_CTX_new(cookie->method);
if (!cookie->ctx)
{
goto error;
}
cookie->ssl = SSL_new(cookie->ctx);
if (!cookie->ssl)
{
goto error;
}
if (!SSL_set_fd(cookie->ssl, fd))
{
goto error;
}
if (SSL_connect(cookie->ssl) <= 0)
{
goto error;
}
return cookie;
error:
Log(LOG_ERR, "TlsClientInit(): %s", ERR_error_string(ERR_get_error(), errorStr));
if (cookie->ssl)
{
SSL_shutdown(cookie->ssl);
SSL_free(cookie->ssl);
}
close(cookie->fd);
if (cookie->ctx)
{
SSL_CTX_free(cookie->ctx);
}
return NULL;
}
void *
TlsInitServer(int fd, const char *crt, const char *key)
{
OpenSSLCookie *cookie;
char errorStr[256];
int acceptRet = 0;
cookie = Malloc(sizeof(OpenSSLCookie));
if (!cookie)
{
return NULL;
}
memset(cookie, 0, sizeof(OpenSSLCookie));
cookie->method = TLS_server_method();
cookie->ctx = SSL_CTX_new(cookie->method);
if (!cookie->ctx)
{
Log(LOG_ERR, "TlsInitServer(): Unable to create SSL Context.");
goto error;
}
if (SSL_CTX_use_certificate_file(cookie->ctx, crt, SSL_FILETYPE_PEM) <= 0)
{
Log(LOG_ERR, "TlsInitServer(): Unable to set certificate file: %s", crt);
goto error;
}
if (SSL_CTX_use_PrivateKey_file(cookie->ctx, key, SSL_FILETYPE_PEM) <= 0)
{
Log(LOG_ERR, "TlsInitServer(): Unable to set key file.");
goto error;
}
cookie->ssl = SSL_new(cookie->ctx);
if (!cookie->ssl)
{
Log(LOG_ERR, "TlsInitServer(): Unable to create SSL object.");
goto error;
}
if (!SSL_set_fd(cookie->ssl, fd))
{
Log(LOG_ERR, "TlsInitServer(): Unable to set file descriptor.");
goto error;
}
while ((acceptRet = SSL_accept(cookie->ssl)) <= 0)
{
switch (SSL_get_error(cookie->ssl, acceptRet))
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
continue;
default:
Log(LOG_ERR, "TlsInitServer(): Unable to accept connection.");
goto error;
}
}
return cookie;
error:
Log(LOG_ERR, "TlsServerInit(): %s", SSLErrorString(SSL_get_error(cookie->ssl, acceptRet)));
Log(LOG_ERR, "TlsServerInit(): %s", ERR_error_string(ERR_get_error(), errorStr));
if (cookie->ssl)
{
SSL_shutdown(cookie->ssl);
SSL_free(cookie->ssl);
}
close(cookie->fd);
if (cookie->ctx)
{
SSL_CTX_free(cookie->ctx);
}
Free(cookie);
return NULL;
}
ssize_t
TlsRead(void *cookie, void *buf, size_t nBytes)
{
OpenSSLCookie *ssl = cookie;
int ret = SSL_read(ssl->ssl, buf, nBytes);
if (ret <= 0)
{
switch (SSL_get_error(ssl->ssl, ret))
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
errno = EAGAIN;
break;
case SSL_ERROR_ZERO_RETURN:
ret = 0;
break;
default:
errno = EIO;
break;
}
ret = -1;
}
return ret;
}
ssize_t
TlsWrite(void *cookie, void *buf, size_t nBytes)
{
OpenSSLCookie *ssl = cookie;
int ret = SSL_write(ssl->ssl, buf, nBytes);
if (ret <= 0)
{
switch (SSL_get_error(ssl->ssl, ret))
{
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
errno = EAGAIN;
break;
case SSL_ERROR_ZERO_RETURN:
ret = 0;
break;
default:
errno = EIO;
break;
}
ret = -1;
}
return ret;
}
int
TlsClose(void *cookie)
{
OpenSSLCookie *ssl = cookie;
SSL_shutdown(ssl->ssl);
SSL_free(ssl->ssl);
close(ssl->fd);
SSL_CTX_free(ssl->ctx);
Free(ssl);
return 0;
}
#endif