diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-11-21 11:58:44 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-11-21 11:58:44 +0000 |
commit | fb76faf56aca9b79648d776896a4a4fae7c978cf (patch) | |
tree | 77aed5d588534a742b7795fa9f8406469e067414 /src/tls/s6-tlsd-io.c | |
parent | 7f2cd05720e721c7e8131d4a4762d97a29fbf7b4 (diff) | |
download | s6-networking-fb76faf56aca9b79648d776896a4a4fae7c978cf.tar.xz |
Move all tls stuff into its own subdir
Diffstat (limited to 'src/tls/s6-tlsd-io.c')
-rw-r--r-- | src/tls/s6-tlsd-io.c | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c new file mode 100644 index 0000000..0b42b3b --- /dev/null +++ b/src/tls/s6-tlsd-io.c @@ -0,0 +1,126 @@ +/* ISC license. */ + +#include <stdint.h> +#include <unistd.h> +#include <signal.h> + +#include <skalibs/gccattributes.h> +#include <skalibs/types.h> +#include <skalibs/sgetopt.h> +#include <skalibs/strerr2.h> +#include <skalibs/allreadwrite.h> +#include <skalibs/sig.h> +#include <skalibs/tai.h> +#include <skalibs/env.h> +#include <skalibs/djbunix.h> + +#include <s6-networking/config.h> + +#define HANDSHAKE_BANNER "SSL_PROTOCOL=TLSv1\0" + +static inline void doit (int *, tain_t const *tto, uint32_t, uint32_t, unsigned int, unsigned int) gccattr_noreturn ; + +#ifdef S6_NETWORKING_USE_TLS + +#include <s6-networking/stls.h> + +static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint32_t options, unsigned int verbosity, unsigned int notif) +{ + struct tls *ctx = stls_server_init_and_handshake(fds + 2, preoptions) ; + if (notif) + { + if (allwrite(notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) + strerr_diefu1sys(111, "write post-handshake data") ; + fd_close(notif) ; + } + stls_run(ctx, fds, tto, options, verbosity) ; +} + +#else +#ifdef S6_NETWORKING_USE_BEARSSL + +#include <skalibs/random.h> + +#include <s6-networking/sbearssl.h> + +static int handshake_cb_nop (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) +{ + (void)ctx ; + (void)cbarg ; + return 1 ; +} + +static int handshake_cb_sendvars (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) +{ + if (allwrite(cbarg->notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) + return 0 ; + fd_close(cbarg->notif) ; + return 1 ; +} + +static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint32_t options, unsigned int verbosity, unsigned int notif) +{ + if (ndelay_on(fds[0]) < 0 || ndelay_on(fds[1]) < 0) + strerr_diefu1sys(111, "set local fds non-blocking") ; + if (!random_init()) strerr_diefu1sys(111, "initialize random device") ; + sbearssl_server_init_and_run(fds, tto, preoptions, options, verbosity, notif ? &handshake_cb_sendvars : &handshake_cb_nop, notif) ; +} + +#else + +#error No SSL backend configured. + +#endif +#endif + + +#define USAGE "s6-tlsd-io [ -v verbosity ] [ -d notif ] [ -S | -s ] [ -Y | -y ] [ -K timeout ] fdr fdw" +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + tain_t tto ; + int fds[4] = { 0, 1, 0, 1 } ; + unsigned int verbosity = 1 ; + unsigned int notif = 0 ; + uint32_t preoptions = 0 ; + uint32_t options = 1 ; + + PROG = "s6-tlsd-io" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + unsigned int t = 0 ; + for (;;) + { + int opt = subgetopt_r(argc, argv, "d:SsYyv:K:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; + case 'd' : if (!uint0_scan(l.arg, ¬if)) dieusage() ; break ; + case 'S' : options &= ~1 ; break ; + case 's' : options |= 1 ; break ; + case 'Y' : preoptions |= 1 ; preoptions &= ~2 ; break ; + case 'y' : preoptions |= 3 ; break ; + case 'K' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + if (t) tain_from_millisecs(&tto, t) ; else tto = tain_infinite_relative ; + } + if (argc < 2) dieusage() ; + { + unsigned int u ; + if (!uint0_scan(argv[0], &u)) dieusage() ; + fds[0] = u ; + if (!uint0_scan(argv[1], &u)) dieusage() ; + fds[1] = u ; + } + + if (ndelay_on(0) < 0 || ndelay_on(1) < 0) + strerr_diefu1sys(111, "set stdin/stdout non-blocking") ; + if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + tain_now_set_stopwatch_g() ; + doit(fds, &tto, preoptions, options, verbosity, notif) ; +} |