/*-----------------------------------------------------------------------------------*/
int sslclient_init(ssl_context *ssl)
{
    int ret;
 
    SDRAMInit();
   
    memset( ssl, 0, sizeof( ssl_context ) );

     /*
     * 2. Setup stuff
     */
    _DBG_("[DEBUG]Set up the SSL/TLS structure..." );

    if( ( ret = ssl_init( ssl) ) != 0 )
    {
        _DBG_(" Setup failed\n");
        return ret;
    }

    ssl_set_endpoint( ssl, SSL_IS_CLIENT );
    ssl_set_authmode( ssl, SSL_VERIFY_NONE );

    /* Set the random generation callback */
    ssl_set_rng( ssl, sslclient_random, &ctr_drbg );
    /* Set the debug callback */
    ssl_set_dbg( ssl, my_debug, 0 );
    /* Set read, write callback */
    ssl_set_bio( ssl, net_recv,0,
                       net_send, 0 );
    
    /* Set ciphers */
    //ssl_set_ciphersuites( ssl, ssl_default_ciphersuites );
 
    return 0;
}
Beispiel #2
0
static void start_ssl(struct line line) {
	struct {
		const char* type;
		int netid;
		const char* ssl_key;
		const char* ssl_cert;
		const char* ssl_ca;
	} __attribute__((__packed__)) args;
	sscan(line, "sisss", &args);

	struct sockifo* ifo = find(args.netid);
	if (!ifo)
		die("Cannot find network %d in start_ssl", args.netid);

#if SSL_ENABLED
	ifo->state.frozen = 0;
	if (ifo->state.poll == POLL_HANG)
		ifo->state.poll = POLL_NORMAL;

	int server = (args.type[1] == 'S');
	ssl_init(ifo, args.ssl_key, args.ssl_cert, args.ssl_ca, server);
#else
	esock(ifo, "SSL support not enabled");
#endif
}
Beispiel #3
0
static VALUE R_ssl_allocate( VALUE klass )
{
    ssl_context *ssl;
    int ret;

    #if POLARSSL_VERSION_MAJOR == 1 && POLARSSL_VERSION_MINOR == 1
    ssl_session *ssn;
    #endif

    ssl = ALLOC( ssl_context );

    ret = ssl_init( ssl );

    if ( ret == POLARSSL_ERR_SSL_MALLOC_FAILED )
        rb_raise(e_MallocFailed, "ssl_init() memory allocation failed.");

    #if POLARSSL_VERSION_MAJOR == 1 && POLARSSL_VERSION_MINOR == 1
    ssn = ALLOC( ssl_session );
    ssl_set_session( ssl, 0, 600, ssn );
    ssl_set_ciphersuites( ssl, ssl_default_ciphersuites );
    #endif

    // ssl_set_dbg(ssl, my_debug, stdout);

    return Data_Wrap_Struct( klass, 0, ssl_free, ssl );
}
Beispiel #4
0
int ssl_connect(ssl_context *ssl, int *sock, char *hostname) {
	memset(ssl, 0, sizeof(ssl_context));
	if (ssl_init(ssl) != 0) {
		return -1;
	}

	ssl_set_endpoint(ssl, SSL_IS_CLIENT);
	ssl_set_authmode(ssl, SSL_VERIFY_NONE);

	ssl_set_rng(ssl, ssl_random, &ctr_drbg);
#ifdef ENABLE_DEBUG
	ssl_set_dbg(ssl, ssl_debug, stderr);
#endif
	ssl_set_bio(ssl, net_recv, sock, net_send, sock);

	if (hostname != NULL) {
		ssl_set_hostname(ssl, hostname);
	}
	ssl_set_ciphersuites(ssl, ciphersuites + 1);

	if (ssl_handshake(ssl) != 0) {
		return -1;
	}

	return 0;
}
Beispiel #5
0
Network::Network(const Options *options) :
    m_options(options),
    m_donate(nullptr)
{
    srand(time(0) ^ (uintptr_t) this);

    Workers::setListener(this);

    const std::vector<Url*> &pools = options->pools();

#ifndef XMRIG_NO_TLS
    ssl_init();
#endif

    if (pools.size() > 1) {
        m_strategy = new FailoverStrategy(pools, Platform::userAgent(), this);
    }
    else {
        m_strategy = new SinglePoolStrategy(pools.front(), Platform::userAgent(), this);
    }

    if (m_options->donateLevel() > 0) {
        m_donate = new DonateStrategy(Platform::userAgent(), this);
    }

    m_timer.data = this;
    uv_timer_init(uv_default_loop(), &m_timer);

    uv_timer_start(&m_timer, Network::onTick, kTickInterval, kTickInterval);
}
Beispiel #6
0
void main_init() { /* one-time initialization */
#ifdef USE_SYSTEMD
    int i;

    systemd_fds=sd_listen_fds(1);
    if(systemd_fds<0)
        fatal("systemd initialization failed");
    listen_fds_start=SD_LISTEN_FDS_START;
    /* set non-blocking mode on systemd file descriptors */
    for(i=0; i<systemd_fds; ++i)
        set_nonblock(listen_fds_start+i, 1);
#else
    systemd_fds=0; /* no descriptors received */
    listen_fds_start=3; /* the value is not really important */
#endif
    /* basic initialization contains essential functions required for logging
     * subsystem to function properly, thus all errors here are fatal */
    if(ssl_init()) /* initialize SSL library */
        fatal("SSL initialization failed");
    if(sthreads_init()) /* initialize critical sections & SSL callbacks */
        fatal("Threads initialization failed");
    if(cron_init()) /* initialize periodic events */
        fatal("Cron initialization failed");
    options_defaults();
    options_apply();
#ifndef USE_FORK
    get_limits(); /* required by setup_fd() */
#endif
    fds=s_poll_alloc();
    if(signal_pipe_init())
        fatal("Signal pipe initialization failed: "
            "check your personal firewall");
    stunnel_info(LOG_NOTICE);
}
Beispiel #7
0
static mrb_value mrb_ssl_initialize(mrb_state *mrb, mrb_value self) {
  ssl_context *ssl;
  int ret;

#if POLARSSL_VERSION_MAJOR == 1 && POLARSSL_VERSION_MINOR == 1
  ssl_session *ssn;
#endif

  ssl = (ssl_context *)DATA_PTR(self);
  if (ssl) {
    mrb_ssl_free(mrb, ssl);
  }
  DATA_TYPE(self) = &mrb_ssl_type;
  DATA_PTR(self) = NULL;

  ssl = (ssl_context *)mrb_malloc(mrb, sizeof(ssl_context));
  DATA_PTR(self) = ssl;

  ret = ssl_init(ssl);
  if (ret == POLARSSL_ERR_SSL_MALLOC_FAILED) {
    mrb_raise(mrb, E_MALLOC_FAILED, "ssl_init() memory allocation failed.");
  }

#if POLARSSL_VERSION_MAJOR == 1 && POLARSSL_VERSION_MINOR == 1
  ssn = (ssl_session *)mrb_malloc(mrb, sizeof(ssl_session));
  ssl_set_session( ssl, 0, 600, ssn );
  ssl_set_ciphersuites( ssl, ssl_default_ciphersuites );
#endif

  return self;
}
Beispiel #8
0
static int telex_client(int listen_port, int remote_port, int debug_level, const char *remote_host, 
		 const char *keyfile, const char *cafile)
{
	if (debug_level >= 0) {
		LogOutputStream( stdout );
		LogOutputStream( stdout );
		LogOutputLevel( debug_level );  
	}

	struct telex_conf conf;
	memset(&conf, 0, sizeof(struct telex_conf));
	conf.notblocked_port = remote_port;
	conf.notblocked_host = remote_host;	
	conf.ca_list = (char *)cafile;
	conf.keyfile = (char *)keyfile;

	// counters
	conf.count_tunnels = 0;
	conf.count_open_tunnels = 0;

	if (ssl_init(&conf) < 0) {
		LogFatal("main", "Could not initialize OpenSSL");				
		return 1;
	}

	int ret = InitAndListenLoop(listen_port, (evconnlistener_cb)proxy_accept_cb, &conf);

	if (conf.ssl_ctx) {
		ssl_done(&conf);
	}
	if (conf.dns_base) {
		evdns_base_free(conf.dns_base, 1);
	}
	return ret;
}
Beispiel #9
0
SSL *SSL_new(SSL_CTX *ctx) {
  int res;

  SSL *ssl = (SSL*)calloc(1, sizeof(*ssl));
  res = ssl_init(&ssl->cntx);

  if (res == 0) {
    ssl_set_endpoint(&ssl->cntx, ctx->ssl_method->endpoint_type);
    ssl_set_authmode(&ssl->cntx, ctx->authmode);
    ssl_set_min_version(&ssl->cntx, ctx->ssl_method->ssl_maj_ver,
                        ctx->ssl_method->ssl_min_ver);
    ssl_set_ca_chain(&ssl->cntx, &ctx->CA_cert, NULL, NULL);
    ssl_set_rng( &ssl->cntx, ctr_drbg_random, &g_ctr_drbg_context );

    res = ssl_set_own_cert(&ssl->cntx, &ctx->cert, &ctx->pk);
  }

  if (res != 0) {
    free(ssl);
    return NULL;
  }

  ssl->fd = -1;
  ssl->ssl_ctx = ctx;

  return ssl;
}
Beispiel #10
0
GaimSslConnection *
gaim_ssl_connect_fd(GaimAccount *account, int fd,
					GaimSslInputFunction func,
					GaimSslErrorFunction error_func, void *data)
{
	GaimSslConnection *gsc;
	GaimSslOps *ops;

	g_return_val_if_fail(fd != -1,                NULL);
	g_return_val_if_fail(func != NULL,            NULL);
	g_return_val_if_fail(gaim_ssl_is_supported(), NULL);

	if (!_ssl_initialized)
	{
		if (!ssl_init())
			return NULL;
	}

	gsc = g_new0(GaimSslConnection, 1);

	gsc->connect_cb_data = data;
	gsc->connect_cb      = func;
	gsc->error_cb        = error_func;
	gsc->fd              = fd;

	ops = gaim_ssl_get_ops();
	ops->connectfunc(gsc);

	return (GaimSslConnection *)gsc;
}
Beispiel #11
0
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
	struct scd *conn = data;
	
	if( source == -1 )
	{
		conn->func( conn->data, 0, NULL, cond );
		g_free( conn );
		return FALSE;
	}
	
	ssl_init();
	
	gnutls_init( &conn->session, GNUTLS_CLIENT );
	if( conn->verify )
		gnutls_session_set_ptr( conn->session, (void *) conn->hostname );
#if GNUTLS_VERSION_NUMBER < 0x020c00
	gnutls_transport_set_lowat( conn->session, 0 );
#endif
	gnutls_set_default_priority( conn->session );
	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred );
	
	sock_make_nonblocking( conn->fd );
	gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd );
	
	return ssl_handshake( data, source, cond );
}
Beispiel #12
0
static inline int iobuf_ssl_setup(IOBuf *buf)
{
    int rc = 0;

    buf->use_ssl = 1;
    buf->handshake_performed = 0;

    rc = ssl_init(&buf->ssl);
    check(rc == 0, "Failed to initialize SSL structure.");

    ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);
    ssl_set_authmode(&buf->ssl, IO_SSL_VERIFY_METHOD);

    havege_init(&buf->hs);
    ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);

#ifndef DEBUG
    ssl_set_dbg(&buf->ssl, ssl_debug, NULL);
#endif

    ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf, 
                ssl_fdsend_wrapper, buf);
    ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);

    ssl_set_scb(&buf->ssl, simple_get_session, simple_set_session);

    memset(&buf->ssn, 0, sizeof(buf->ssn));

    return 0;
error:
    return -1;
}
Beispiel #13
0
int main(int argc, char *argv[])
{
	int c;
	char server[256] = SERVER;
	struct option long_options[] = {
		{ "channel",  1, NULL, 'c' },
		{ "debug",    0, NULL, 'd' },
		{ "help",     0, NULL, 'h' },
		{ "nick",     1, NULL, 'n' },
		{ "password", 1, NULL, 'l' },
		{ "port",     1, NULL, 'p' },
		{ "ssl",      0, NULL, 's' },
		{ "version",  0, NULL, 'v' },
		{ NULL, 0, NULL, 0 }
	};

	signal(SIGINT,  sigint_cb);
	signal(SIGTERM, sigint_cb);
	while ((c = getopt_long(argc, argv, "c:dh?n:l:p:sv", long_options, NULL)) != EOF) {
		switch(c) {
		case 'c':
			channel = strdup(optarg);
			break;

		case 'd':
			debug = 1;
			break;

		case 'n':
			nick = strdup(optarg);
			break;

		case 'l':
			pass = strdup(optarg);
			break;

		case 'p':
			port = strdup(optarg);
			break;

		case 'v':
			return puts("v" VERSION) == EOF;

		case 's':
			if (ssl_init())
				error(1, 0, "Failed creating SSL context, missing library?");
			break;

		case 'h':
		case '?':
			return usage(0);
		}
	}

	if (optind < argc)
		strncpy(server, argv[optind++], sizeof(server));

	return bot(server, port);
}
Beispiel #14
0
void gtget_ssl_init(connection_t * conn)
{
  char *clientcert = NULL;
  char *clientkey = NULL;
  const char *pers = "gtget";
  sslparam_t *ssl = calloc(1, sizeof(sslparam_t));
  
  if (!(conn->flags & GTGET_FLAG_INSECURE)) {
    char *cacertfile = alloca(strlen(conn->remote->host) + 5);
    char *servercert = NULL;

    strcpy(cacertfile, conn->remote->host);
    strcat(cacertfile, ".pem");

    if (!(servercert = tryopen_alt(conn, conn->caFile, cacertfile)))
      servercert = tryopen("cacerts.pem");
    if (!(servercert))
      die(conn, "can't open cacert", NULL);
    if (x509_crt_parse_file(&ssl->cacert, servercert))
      die(conn, "error reading cacert", servercert);
  }

  /* read and parse the client certificate if provided */
  if ((clientcert = tryopen_alt(conn, conn->ccFile, "clientcert.pem"))) {
    if (!(clientkey = tryopen_alt(conn, conn->ckFile, "clientkey.pem")))
      clientkey = clientcert;

    if (x509_crt_parse_file(&ssl->clicert, clientcert)) {
      die(conn, "error reading client certificate", clientcert);
      if (clientkey && pk_parse_public_keyfile(&ssl->pk, clientkey))
        die(conn, "error reading client key", clientkey);

    }
    write2f("using client cert: %s\n", clientcert);
    write2f("using client key:  %s\n", clientkey);
  }

  entropy_init(&ssl->entropy);
  if (0 != (ctr_drbg_init(&ssl->ctr_drbg, entropy_func, &ssl->entropy,
	  (const unsigned char *)pers, strlen(pers))))
    die(conn, "Seeding the random number generator failed", NULL);


  if (ssl_init(&ssl->ssl))
    die(conn, "error initializing SSL", NULL);

  ssl_set_endpoint(&ssl->ssl, SSL_IS_CLIENT);
  if ((conn->flags & GTGET_FLAG_INSECURE)) {
    ssl_set_authmode(&ssl->ssl, SSL_VERIFY_NONE);
  }
  ssl_set_ca_chain(&ssl->ssl, &ssl->cacert, NULL, conn->remote->host);
  ssl_set_authmode(&ssl->ssl, SSL_VERIFY_OPTIONAL);
  ssl_set_verify(&ssl->ssl, verify_cb, conn);
  ssl_set_ciphersuites(&ssl->ssl, ssl_list_ciphersuites());
  ssl_set_session(&ssl->ssl, &ssl->ssn);
  ssl_set_rng(&ssl->ssl, ctr_drbg_random, &ssl->ctr_drbg);
  conn->ssl = ssl;
}
Beispiel #15
0
static void
cachemgr_setup(void)
{
	if ((ssl_init() == -1) || (cachemgr_preinit() == -1))
		exit(EXIT_FAILURE);
	addrlen = sizeof(struct sockaddr_in);
	memset(&addr, 0, addrlen);
	addr.ss_family = AF_INET;
}
Beispiel #16
0
SslSocket::SslSocket()
{
    ssl_init(&m_ssl);

    ssl_set_authmode(&m_ssl, g_ssl.m_authmode);
    ssl_set_rng(&m_ssl, ctr_drbg_random, &g_ssl.ctr_drbg);
    ssl_set_bio(&m_ssl, my_recv, this, my_send, this);

    m_recv_pos = 0;
}
bctbx_ssl_context_t *bctbx_ssl_context_new(void) {
	bctbx_ssl_context_t *ssl_ctx = bctbx_malloc0(sizeof(bctbx_ssl_context_t));
	ssl_init(&(ssl_ctx->ssl_ctx));
	ssl_ctx->callback_cli_cert_function = NULL;
	ssl_ctx->callback_cli_cert_data = NULL;
	ssl_ctx->callback_send_function = NULL;
	ssl_ctx->callback_recv_function = NULL;
	ssl_ctx->callback_sendrecv_data = NULL;
	return ssl_ctx;
}
Beispiel #18
0
gboolean
purple_ssl_is_supported(void)
{
#ifdef HAVE_SSL
	ssl_init();
	return (purple_ssl_get_ops() != NULL);
#else
	return FALSE;
#endif
}
Beispiel #19
0
void
purple_ssl_init(void)
{
	/* Although purple_ssl_is_supported will do the initialization on
	   command, SSL plugins tend to register CertificateSchemes as well
	   as providing SSL ops. */
	if (!ssl_init()) {
		purple_debug_error("sslconn", "Unable to initialize SSL.\n");
	}
}
Beispiel #20
0
int ssl_init_info(int *server_fd,ssl_info *sslinfo)
{
    int ret;
    const char *pers = "ssl";
    x509_crt_init(&sslinfo->cacert );
    entropy_init(&sslinfo->entropy );
    if( ( ret = ctr_drbg_init( &sslinfo->ctr_drbg, entropy_func, &sslinfo->entropy,
                               (const unsigned char *) pers,
                               strlen( pers ) ) ) != 0 )
    {

        return -1;
    }
    if( ( ret = ssl_init( &sslinfo->ssl ) ) != 0 )
    {
        echo( " failed\n  ! ssl_init returned %d\n\n", ret );
        return -1;
    }

    ssl_set_endpoint( &sslinfo->ssl, SSL_IS_CLIENT );
    ssl_set_authmode( &sslinfo->ssl, SSL_VERIFY_OPTIONAL );
    ssl_set_ca_chain( &sslinfo->ssl, &sslinfo->cacert, NULL, "" );
    ssl_set_rng( &sslinfo->ssl, ctr_drbg_random, &sslinfo->ctr_drbg );
    ssl_set_bio( &sslinfo->ssl, net_recv, server_fd,net_send, server_fd );
    ssl_set_session(&sslinfo->ssl, &ssn);



    while((ret = ssl_handshake(&sslinfo->ssl))!=0)
    {
        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
        {
            echo( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
            return -1;
        }
        //CPU sleep
        sleeps(1);
    }

    if((ret = ssl_get_verify_result( &sslinfo->ssl ) ) != 0 )
    {
       // echo( "Verifying peer X.509 certificate...failed \r\n" );
    }
    else
    {
        echo( " ok\n" );
    }
    //保存session加快握手速度
    if( ( ret = ssl_get_session( &sslinfo->ssl, &ssn ) ) != 0 )
    {
        //失败初始化
        memset(&ssn, 0, sizeof(ssl_session));
    }
    return 0;
}
Beispiel #21
0
IOBuf *IOBuf_create(size_t len, int fd, IOBufType type)
{
    IOBuf *buf = h_calloc(sizeof(IOBuf), 1);
    check_mem(buf);

    buf->fd = fd;
    buf->len = len;

    buf->buf = h_malloc(len + 1);
    check_mem(buf->buf);

    hattach(buf->buf, buf);

    buf->type = type;

    if(type == IOBUF_SSL) {
        buf->use_ssl = 1;
        buf->handshake_performed = 0;
        ssl_init(&buf->ssl);
        ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);
        ssl_set_authmode(&buf->ssl, SSL_VERIFY_NONE);
        havege_init(&buf->hs);
        ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);
        ssl_set_dbg(&buf->ssl, ssl_debug, NULL);
        ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf, 
                    ssl_fdsend_wrapper, buf);
        ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);
        memset(&buf->ssn, 0, sizeof(buf->ssn));

        buf->send = ssl_send;
        buf->recv = ssl_recv;
        buf->stream_file = ssl_stream_file;
    } else if(type == IOBUF_NULL) {
        buf->send = null_send;
        buf->recv = null_recv;
        buf->stream_file = null_stream_file;
    } else if(type == IOBUF_FILE) {
        buf->send = file_send;
        buf->recv = file_recv;
        buf->stream_file = plain_stream_file;
    } else if(type == IOBUF_SOCKET) {
        buf->send = plaintext_send;
        buf->recv = plaintext_recv;
        buf->stream_file = plain_stream_file;
    } else {
        sentinel("Invalid IOBufType given: %d", type);
    }

    return buf;

error:
    if(buf) h_free(buf);
    return NULL;
}
Beispiel #22
0
static int ms_dtls_srtp_initialise_polarssl_dtls_context(DtlsPolarsslContext *dtlsContext, MSDtlsSrtpParams *params, RtpSession *s){
	int ret;
	enum DTLS_SRTP_protection_profiles dtls_srtp_protection_profiles[2] = {SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32};
	
	memset( &(dtlsContext->ssl), 0, sizeof( ssl_context ) );
	//memset( &(dtlsContext->saved_session), 0, sizeof( ssl_session ) );
	ssl_cookie_init( &(dtlsContext->cookie_ctx) );
	x509_crt_init( &(dtlsContext->crt) );
	entropy_init( &(dtlsContext->entropy) );
	ctr_drbg_init( &(dtlsContext->ctr_drbg), entropy_func, &(dtlsContext->entropy), NULL, 0 );
	
	/* initialise certificate */
	ret = x509_crt_parse( &(dtlsContext->crt), (const unsigned char *) params->pem_certificate, strlen( params->pem_certificate ) );
	if( ret < 0 ) {
		return ret;
	}
	
	ret =  pk_parse_key( &(dtlsContext->pkey), (const unsigned char *) params->pem_pkey, strlen( params->pem_pkey ), NULL, 0 );
	if( ret != 0 ) {
		return ret;
	}

	/* ssl setup */
	ssl_init(&(dtlsContext->ssl));
	if( ret < 0 ) {
		return ret;
	}

	if (params->role == MSDtlsSrtpRoleIsClient) {
		ssl_set_endpoint(&(dtlsContext->ssl), SSL_IS_CLIENT);
	} else if (params->role == MSDtlsSrtpRoleIsServer) {
		ssl_set_endpoint(&(dtlsContext->ssl), SSL_IS_SERVER);
	}
	ssl_set_transport(&(dtlsContext->ssl), SSL_TRANSPORT_DATAGRAM);
	ssl_set_dtls_srtp_protection_profiles(  &(dtlsContext->ssl), dtls_srtp_protection_profiles, 2 ); /* TODO: get param from caller to select available profiles */

	/* set CA chain */
	ssl_set_authmode( &(dtlsContext->ssl), SSL_VERIFY_OPTIONAL ); /* this will force server to send his certificate to client as we need it to compute the fingerprint */
	ssl_set_rng(  &(dtlsContext->ssl), ctr_drbg_random, &(dtlsContext->ctr_drbg) );
	ssl_set_ca_chain( &(dtlsContext->ssl), &(dtlsContext->crt), NULL, NULL );
	ssl_set_own_cert( &(dtlsContext->ssl), &(dtlsContext->crt), &(dtlsContext->pkey) );
	if (params->role == MSDtlsSrtpRoleIsServer) {
		ssl_cookie_setup( &(dtlsContext->cookie_ctx), ctr_drbg_random, &(dtlsContext->ctr_drbg) );
		ssl_set_dtls_cookies( &(dtlsContext->ssl), ssl_cookie_write, ssl_cookie_check, &(dtlsContext->cookie_ctx) );
		ssl_session_reset( &(dtlsContext->ssl) );
		ssl_set_client_transport_id(&(dtlsContext->ssl), (const unsigned char *)(&(s->snd.ssrc)), 4);
	}

	ms_mutex_init(&dtlsContext->ssl_context_mutex, NULL);

	return 0;

}
Beispiel #23
0
char *
ssl_load_key(struct relayd *env, const char *name, off_t *len, char *pass)
{
	FILE		*fp;
	EVP_PKEY	*key = NULL;
	BIO		*bio = NULL;
	long		 size;
	char		*data, *buf = NULL;

	/* Initialize SSL library once */
	ssl_init(env);

	/*
	 * Read (possibly) encrypted key from file
	 */
	if ((fp = fopen(name, "r")) == NULL)
		return (NULL);

	key = PEM_read_PrivateKey(fp, NULL, ssl_password_cb, pass);
	fclose(fp);
	if (key == NULL)
		goto fail;

	/*
	 * Write unencrypted key to memory buffer
	 */
	if ((bio = BIO_new(BIO_s_mem())) == NULL)
		goto fail;
	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
		goto fail;
	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
		goto fail;
	if ((buf = calloc(1, size)) == NULL)
		goto fail;
	memcpy(buf, data, size);

	BIO_free_all(bio);
	EVP_PKEY_free(key);

	*len = (off_t)size;
	return (buf);

 fail:
	ssl_error(__func__, name);

	free(buf);
	if (bio != NULL)
		BIO_free_all(bio);
	if (key != NULL)
		EVP_PKEY_free(key);
	return (NULL);
}
Beispiel #24
0
/**
 * mutt_ssl_starttls - Negotiate TLS over an already opened connection
 * @param conn Connection to a server
 * @retval  0 Success
 * @retval -1 Error
 */
int mutt_ssl_starttls(struct Connection *conn)
{
  if (ssl_init())
    return -1;

  int rc = ssl_setup(conn);

  /* hmm. watch out if we're starting TLS over any method other than raw. */
  conn->conn_read = ssl_socket_read;
  conn->conn_write = ssl_socket_write;
  conn->conn_close = ssl_socket_close_and_restore;

  return rc;
}
Beispiel #25
0
static gboolean ssl_connected(gpointer data, gint source, b_input_condition cond)
{
    struct scd *conn = data;

    if (conn->verify) {
        /* Right now we don't have any verification functionality for OpenSSL. */
        conn->func(conn->data, 1, NULL, cond);
        if (source >= 0) {
            closesocket(source);
        }
        ssl_conn_free(conn);

        return FALSE;
    }

    if (source == -1) {
        goto ssl_connected_failure;
    }

    if (!initialized) {
        ssl_init();
    }


    if (ssl_ctx == NULL) {
        goto ssl_connected_failure;
    }

    conn->ssl = SSL_new(ssl_ctx);
    if (conn->ssl == NULL) {
        goto ssl_connected_failure;
    }

    /* We can do at least the handshake with non-blocking I/O */
    sock_make_nonblocking(conn->fd);
    SSL_set_fd(conn->ssl, conn->fd);

    if (conn->hostname && !g_ascii_isdigit(conn->hostname[0])) {
        SSL_set_tlsext_host_name(conn->ssl, conn->hostname);
    }

    return ssl_handshake(data, source, cond);

ssl_connected_failure:
    conn->func(conn->data, 0, NULL, cond);
    ssl_disconnect(conn);
    return FALSE;

}
Beispiel #26
0
int mutt_ssl_socket_setup (CONNECTION * conn)
{
        if (ssl_init() < 0) {
                conn->conn_open = ssl_socket_open_err;
                return -1;
        }

        conn->conn_open       = ssl_socket_open;
        conn->conn_read       = ssl_socket_read;
        conn->conn_write      = ssl_socket_write;
        conn->conn_close      = ssl_socket_close;
        conn->conn_poll       = raw_socket_poll;

        return 0;
}
Beispiel #27
0
void main_initialize() { /* one-time initialization */
    /* basic initialization contains essential functions required for logging
     * subsystem to function properly, thus all errors here are fatal */
    if(ssl_init()) /* initialize SSL library */
        fatal("SSL initialization failed");
    if(sthreads_init()) /* initialize critical sections & SSL callbacks */
        fatal("Threads initialization failed");
#ifndef USE_FORK
    get_limits(); /* required by setup_fd() */
#endif
    fds=s_poll_alloc();
    if(signal_pipe_init())
        fatal("Signal pipe initialization failed: "
            "check your personal firewall");
    stunnel_info(LOG_NOTICE);
}
void *platform_ssl_connect(void *tcp_fd,
                           const char *server_cert,
                           int server_cert_len)
{
    SSL *pssl;

    if (0 != ssl_init(server_cert)) {
        return NULL;
    }

    if (0 != ssl_establish((int)tcp_fd, &pssl)) {
        return NULL;
    }

    return pssl;
}
Beispiel #29
0
/*
 * Load DH parameters from a PEM file.
 * Not thread-safe.
 */
DH *
ssl_dh_load(const char *filename)
{
	DH *dh;
	FILE *fh;

	if (ssl_init() == -1)
		return NULL;

	if (!(fh = fopen(filename, "r"))) {
		return NULL;
	}
	dh = PEM_read_DHparams(fh, NULL, NULL, NULL);
	fclose(fh);
	return dh;
}
Beispiel #30
0
/**
 * mutt_ssl_socket_setup - Set up the socket multiplexor
 * @param conn Connection to a server
 * @retval  0 Success
 * @retval -1 Error
 */
int mutt_ssl_socket_setup(struct Connection *conn)
{
  if (ssl_init() < 0)
  {
    conn->conn_open = ssl_socket_open_err;
    return -1;
  }

  conn->conn_open = ssl_socket_open;
  conn->conn_read = ssl_socket_read;
  conn->conn_write = ssl_socket_write;
  conn->conn_poll = raw_socket_poll;
  conn->conn_close = ssl_socket_close;

  return 0;
}