ds.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345
  1. #include <malloc.h>
  2. #include <unistd.h>
  3. #include <string.h>
  4. //#include <sys/select.h>
  5. #include <sys/types.h>
  6. #include <sys/socket.h>
  7. #include <sys/stat.h>
  8. #include <fcntl.h>
  9. #include <netinet/in.h>
  10. #include <errno.h>
  11. #include <openssl/bio.h>
  12. #include <openssl/ssl.h>
  13. #include <openssl/err.h>
  14. #include <pthread.h>
  15. #include "ds.h"
  16. int openSslLoaded = 0;
  17. char *availableCiphers = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:"
  18. "+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:"
  19. "!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA";
  20. void *clear(void *ptr){
  21. int e = errno;
  22. if(ptr){
  23. free(ptr);
  24. }
  25. errno = e;
  26. return NULL;
  27. }
  28. pthread_mutex_t loadLock;
  29. void loadOpenSSL(const char *dh){
  30. if(openSslLoaded)
  31. return;
  32. pthread_mutex_lock(&loadLock);
  33. if(!openSslLoaded){
  34. SSL_load_error_strings();
  35. ERR_load_BIO_strings();
  36. ERR_load_crypto_strings();
  37. SSL_library_init();
  38. OpenSSL_add_all_algorithms();
  39. openSslLoaded = 1;
  40. }
  41. pthread_mutex_unlock(&loadLock);
  42. }
  43. void copy6addr(unsigned char d[16], const unsigned char s[16]){
  44. int i;
  45. for(i = 0; i < 16; i++)
  46. d[i] = s[i];
  47. }
  48. void zero6addr(unsigned char d[16]){
  49. int i;
  50. for(i = 0; i < 16; i++)
  51. d[i] = 0;
  52. }
  53. nethandler getNethandler(const int ipv6, const int port){
  54. nethandler h = (nethandler)malloc(sizeof(s_nethandler));
  55. h->ipv6 = ipv6;
  56. if(ipv6){
  57. h->fd = socket(AF_INET6, SOCK_STREAM, 0);
  58. }else{
  59. h->fd = socket(AF_INET, SOCK_STREAM, 0);
  60. }
  61. int optval = 1;
  62. setsockopt(h->fd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
  63. int e, en;
  64. if(ipv6){
  65. struct sockaddr_in6 add;
  66. add.sin6_family = AF_INET6;
  67. zero6addr(add.sin6_addr.s6_addr);
  68. add.sin6_port = htons(port);
  69. e = bind(h->fd, (struct sockaddr*) &add, sizeof(add));
  70. }else{
  71. struct sockaddr_in add;
  72. add.sin_family = AF_INET;
  73. add.sin_addr.s_addr = INADDR_ANY;
  74. add.sin_port = htons(port);
  75. e = bind(h->fd, (struct sockaddr*) &add, sizeof(add));
  76. }
  77. if(e)
  78. return clear(h);
  79. e = listen(h->fd, DEFAULT_LISTENNING_QUEUE);
  80. if(e)
  81. return clear(h);
  82. return h;
  83. }
  84. nethandler getIPv4Port(const int port){
  85. return getNethandler(0, port);
  86. }
  87. nethandler getPort(const int port){
  88. return getNethandler(1, port);
  89. }
  90. ds createFromFile(int f){
  91. ds d = (ds)malloc(sizeof(s_ds));
  92. d->eof = 0;
  93. d->tp = file;
  94. d->fd = f;
  95. return d;
  96. }
  97. ds createFromFileName(const char *f){
  98. int fd = open(f, O_CREAT | O_RDWR, 0666);
  99. if(fd == -1){
  100. return NULL;
  101. }
  102. return createFromFile(fd);
  103. }
  104. ds createFromHandler(nethandler h){
  105. ds d = (ds)malloc(sizeof(s_ds));
  106. d->eof = 0;
  107. d->tp = sock;
  108. unsigned int s = sizeof(d->peer);
  109. d->fd = accept(h->fd, (struct sockaddr*)&(d->peer), &s);
  110. if(d->fd <= 0)
  111. return clear(d);
  112. d->ipv6 = d->peer.ss_family == AF_INET6;
  113. d->server = 1;
  114. return d;
  115. }
  116. ds createToHost(struct sockaddr *add, const int add_size, const int ipv6){
  117. ds d = (ds)malloc(sizeof(s_ds));
  118. d->eof = 0;
  119. d->tp = sock;
  120. if(ipv6){
  121. d->fd = socket(AF_INET6, SOCK_STREAM, 0);
  122. }else{
  123. d->fd = socket(AF_INET, SOCK_STREAM, 0);
  124. }
  125. if(connect(d->fd, add, add_size) < 0){
  126. int e = errno;
  127. free(d);
  128. errno = e;
  129. return NULL;
  130. }
  131. d->server = 0;
  132. return d;
  133. }
  134. ds createToIPv4Host(const unsigned long host, const int port){
  135. struct sockaddr_in add;
  136. add.sin_family = AF_INET;
  137. add.sin_port = htons(port);
  138. add.sin_addr.s_addr = host;
  139. return createToHost((struct sockaddr*) &add, sizeof(add), 0);
  140. }
  141. ds createToIPv6Host(const unsigned char host[16], const int port){
  142. struct sockaddr_in6 add;
  143. add.sin6_family = AF_INET6;
  144. add.sin6_port = htons(port);
  145. add.sin6_flowinfo = 0;
  146. copy6addr(add.sin6_addr.s6_addr, host);
  147. add.sin6_scope_id = 0;
  148. return createToHost((struct sockaddr*) &add, sizeof(add), 1);
  149. }
  150. int getPeer(ds d, unsigned long *ipv4peer, unsigned char ipv6peer[16], int *ipv6){
  151. int port = 0;
  152. struct sockaddr_storage peer;
  153. int peer_size = sizeof(peer);
  154. if(getpeername(d->fd, (struct sockaddr*)&peer, &peer_size)){
  155. return 0;
  156. }
  157. if(peer.ss_family == AF_INET){
  158. struct sockaddr_in *a = (struct sockaddr_in*)&(peer);
  159. zero6addr(ipv6peer);
  160. *ipv6 = -1;
  161. *ipv4peer = a->sin_addr.s_addr;
  162. port = a->sin_port;
  163. }else{
  164. struct sockaddr_in6 *a = (struct sockaddr_in6*)&(peer);
  165. *ipv4peer = 0;
  166. *ipv6 = 1;
  167. copy6addr(ipv6peer, a->sin6_addr.s6_addr);
  168. port = a->sin6_port;
  169. }
  170. return port;
  171. }
  172. int *getStd(){
  173. return (int*) malloc(sizeof(int));
  174. }
  175. void closeStd(int *d){
  176. free(d);
  177. }
  178. int sendDs(ds d, const char *b, const int s){
  179. return write(d->fd, b, s);
  180. }
  181. int tlsDsSend(tlsDs d, const char *b, const int s){
  182. return SSL_write(d->s, b, s);
  183. }
  184. int stdDsSend(const char *b, const int s){
  185. return write(1, b, s);
  186. }
  187. int recvDs(ds d, char *b, const int s){
  188. int v = read(d->fd, b, s);
  189. d->eof = v == 0;
  190. return v;
  191. }
  192. int tlsDsRecv(tlsDs d, char *b, const int s){
  193. return SSL_read(d->s, b, s);
  194. }
  195. int stdDsRecv(int *d, char *b, const int s){
  196. int v = read(0, b, s);
  197. *d = v == 0;
  198. return v;
  199. }
  200. int prepareToClose(ds d){
  201. int fd = d->fd;
  202. free(d);
  203. return fd;
  204. }
  205. ds closeTls(tlsDs d){
  206. ds original = d->original;
  207. SSL_shutdown(d->s);
  208. //No bidirectional shutdown supported
  209. //SSL_shutdown(d->s);
  210. SSL_free(d->s);
  211. free(d);
  212. return original;
  213. }
  214. void closeHandler(nethandler h){
  215. close(h->fd);
  216. free(h);
  217. }
  218. tlsDs startSockTls(ds d, const char *cert, const char *key, const char *dh){
  219. loadOpenSSL(dh);
  220. SSL_CTX * ctx = NULL;
  221. if(d->server)
  222. ctx = SSL_CTX_new(TLSv1_1_server_method());
  223. else
  224. ctx = SSL_CTX_new(TLSv1_1_client_method());
  225. if(!ctx)
  226. return NULL;
  227. if(d->server){
  228. FILE *dhfile = fopen(dh, "r");
  229. DH *dhdt = PEM_read_DHparams(dhfile, NULL, NULL, NULL);
  230. fclose(dhfile);
  231. if(SSL_CTX_set_tmp_dh(ctx, dhdt) <= 0){
  232. int f = prepareToClose(d);
  233. closeFd(f);
  234. clear(dhdt);
  235. return clear(ctx);
  236. }
  237. }
  238. SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
  239. if(cert)
  240. if(SSL_CTX_use_certificate_chain_file(ctx, cert) != 1){
  241. int f = prepareToClose(d);
  242. closeFd(f);
  243. return clear(ctx);
  244. }
  245. if(key)
  246. if(SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != 1){
  247. int f = prepareToClose(d);
  248. closeFd(f);
  249. return clear(ctx);
  250. }
  251. if(SSL_CTX_set_cipher_list(ctx, availableCiphers) <= 0){
  252. int f = prepareToClose(d);
  253. closeFd(f);
  254. return clear(ctx);
  255. }
  256. tlsDs t = (tlsDs)malloc(sizeof(s_tlsDs));
  257. t->eof = 0;
  258. t->original = d;
  259. if(!(t->s = SSL_new(ctx))){
  260. int f = prepareToClose(d);
  261. closeFd(f);
  262. clear(ctx);
  263. return clear(t);
  264. }
  265. if(!SSL_set_fd(t->s, d->fd)){
  266. closeTls(t);
  267. return NULL;
  268. }
  269. int retry = 1;
  270. int e;
  271. while(retry){
  272. retry = 0;
  273. if(d->server){
  274. SSL_set_accept_state(t->s);
  275. e = SSL_accept(t->s);
  276. }else{
  277. SSL_set_connect_state(t->s);
  278. e = SSL_connect(t->s);
  279. }
  280. if(e <= 0){
  281. unsigned long erval = SSL_get_error(t->s, e);
  282. //char ertxt[300];
  283. //ERR_error_string(erval, ertxt);
  284. //fprintf(stderr, "SSL Error: %s\n", ertxt);
  285. if((erval == SSL_ERROR_WANT_READ) || (erval == SSL_ERROR_WANT_WRITE)){
  286. //Here goes support to non-blocking IO, once it's supported
  287. //retry = 1;
  288. }else{
  289. closeTls(t);
  290. return NULL;
  291. }
  292. }
  293. }
  294. return t;
  295. }
  296. int getFd(ds d){
  297. return d->fd;
  298. }
  299. int getTlsFd(tlsDs t){
  300. ds d = t->original;
  301. return d->fd;
  302. }
  303. void closeFd(int fd){
  304. close(fd);
  305. }
  306. int isStdEof(int *d){
  307. return *d;
  308. }
  309. int isDsEof(ds d){
  310. return d-> eof;
  311. }
  312. int isTlsEof(tlsDs d){
  313. return d-> eof;
  314. }