From 4fb917263ac30373cb3e5dfe3e207369eb238def Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sun, 22 Nov 2020 15:46:34 +0000 Subject: Add SSL_PROTOCOL and SSL_CIPHER support, fix some bugs --- src/tls/deps-lib/s6tls | 1 + src/tls/s6-tlsc-io.c | 33 ++++++++++++--------------------- src/tls/s6-tlsd-io.c | 33 +++++++++++---------------------- 3 files changed, 24 insertions(+), 43 deletions(-) (limited to 'src/tls') diff --git a/src/tls/deps-lib/s6tls b/src/tls/deps-lib/s6tls index f392de5..caa9872 100644 --- a/src/tls/deps-lib/s6tls +++ b/src/tls/deps-lib/s6tls @@ -2,3 +2,4 @@ s6tls_exec_tlscio.o s6tls_exec_tlsdio.o s6tls_sync_and_exec_app.o s6tls_ucspi_exec_app.o +-lskarnet diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c index 79dd25d..48965cc 100644 --- a/src/tls/s6-tlsc-io.c +++ b/src/tls/s6-tlsc-io.c @@ -1,22 +1,20 @@ /* ISC license. */ #include -#include #include #include #include #include #include -#include #include -#include #include #include #include -#define HANDSHAKE_BANNER "SSL_PROTOCOL=TLSv1\0" +#define USAGE "s6-tlsc-io [ -v verbosity ] [ -d notif ] [ -S | -s ] [ -Y | -y ] [ -K timeout ] [ -k servername ] fdr fdw" +#define dieusage() strerr_dieusage(100, USAGE) static inline void doit (int *, tain_t const *tto, uint32_t, uint32_t, unsigned int, char const *, unsigned int) gccattr_noreturn ; @@ -29,7 +27,7 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 struct tls *ctx = stls_client_init_and_handshake(fds + 2, preoptions, servername) ; if (notif) { - if (allwrite(notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) + if (!stls_send_environment(ctx, notif)) strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } @@ -39,22 +37,19 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 #else #ifdef S6_NETWORKING_USE_BEARSSL +#include + #include #include -static int handshake_cb_nop (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) -{ - (void)ctx ; - (void)cbarg ; - return 1 ; -} - -static int handshake_cb_sendvars (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) +static int handshake_cb (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) { - if (allwrite(cbarg->notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) - return 0 ; - fd_close(cbarg->notif) ; + if (cbarg->notif) + { + if (!sbearssl_send_environment(ctx, cbarg->notif)) return 0 ; + fd_close(cbarg->notif) ; + } return 1 ; } @@ -63,7 +58,7 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 if (ndelay_on(fds[0]) < 0 || ndelay_on(fds[1]) < 0) strerr_diefu1sys(111, "set local fds non-blocking") ; if (!random_init()) strerr_diefu1sys(111, "initialize random device") ; - sbearssl_client_init_and_run(fds, tto, preoptions, options, verbosity, servername, notif ? &handshake_cb_sendvars : &handshake_cb_nop, notif) ; + sbearssl_client_init_and_run(fds, tto, preoptions, options, verbosity, servername, &handshake_cb, notif) ; } #else @@ -73,10 +68,6 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 #endif #endif - -#define USAGE "s6-tlsc-io [ -v verbosity ] [ -d notif ] [ -S | -s ] [ -Y | -y ] [ -K timeout ] [ -k servername ] fdr fdw" -#define dieusage() strerr_dieusage(100, USAGE) - int main (int argc, char const *const *argv, char const *const *envp) { char const *servername = 0 ; diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c index 0b42b3b..14003a2 100644 --- a/src/tls/s6-tlsd-io.c +++ b/src/tls/s6-tlsd-io.c @@ -1,22 +1,20 @@ /* ISC license. */ #include -#include #include #include #include #include #include -#include -#include #include -#include +#include #include #include -#define HANDSHAKE_BANNER "SSL_PROTOCOL=TLSv1\0" +#define USAGE "s6-tlsd-io [ -v verbosity ] [ -d notif ] [ -S | -s ] [ -Y | -y ] [ -K timeout ] fdr fdw" +#define dieusage() strerr_dieusage(100, USAGE) static inline void doit (int *, tain_t const *tto, uint32_t, uint32_t, unsigned int, unsigned int) gccattr_noreturn ; @@ -29,7 +27,7 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 struct tls *ctx = stls_server_init_and_handshake(fds + 2, preoptions) ; if (notif) { - if (allwrite(notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) + if (!stls_send_environment(ctx, notif)) strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } @@ -43,18 +41,13 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 #include -static int handshake_cb_nop (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) -{ - (void)ctx ; - (void)cbarg ; - return 1 ; -} - -static int handshake_cb_sendvars (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) +static int handshake_cb (br_ssl_engine_context *ctx, sbearssl_handshake_cb_context_t *cbarg) { - if (allwrite(cbarg->notif, HANDSHAKE_BANNER, sizeof(HANDSHAKE_BANNER)) < sizeof(HANDSHAKE_BANNER)) - return 0 ; - fd_close(cbarg->notif) ; + if (cbarg->notif) + { + if (!sbearssl_send_environment(ctx, cbarg->notif)) return 0 ; + fd_close(cbarg->notif) ; + } return 1 ; } @@ -63,7 +56,7 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 if (ndelay_on(fds[0]) < 0 || ndelay_on(fds[1]) < 0) strerr_diefu1sys(111, "set local fds non-blocking") ; if (!random_init()) strerr_diefu1sys(111, "initialize random device") ; - sbearssl_server_init_and_run(fds, tto, preoptions, options, verbosity, notif ? &handshake_cb_sendvars : &handshake_cb_nop, notif) ; + sbearssl_server_init_and_run(fds, tto, preoptions, options, verbosity, &handshake_cb, notif) ; } #else @@ -73,10 +66,6 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 #endif #endif - -#define USAGE "s6-tlsd-io [ -v verbosity ] [ -d notif ] [ -S | -s ] [ -Y | -y ] [ -K timeout ] fdr fdw" -#define dieusage() strerr_dieusage(100, USAGE) - int main (int argc, char const *const *argv, char const *const *envp) { tain_t tto ; -- cgit v1.2.3