BOOL transport_attach(rdpTransport* transport, int sockfd) { BIO* socketBio = NULL; BIO* bufferedBio; socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) goto fail; BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) goto fail; bufferedBio = BIO_push(bufferedBio, socketBio); transport->frontBio = bufferedBio; return TRUE; fail: if (socketBio) BIO_free_all(socketBio); else close(sockfd); return FALSE; }
/* This should exactly match OpenSSL's SSL_set_fd except for using my BIO */ static int my_SSL_set_fd(Port *port, int fd) { int ret = 0; BIO *bio; BIO_METHOD *bio_method; bio_method = my_BIO_s_socket(); if (bio_method == NULL) { SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; } bio = BIO_new(bio_method); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; } BIO_set_data(bio, port); BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(port->ssl, bio, bio); ret = 1; err: return ret; }
status_t BSecureSocket::_SetupCommon(const char* host) { // Do this only after BSocket::Connect has checked wether we're already // connected. We don't want to kill an existing SSL session, as that would // likely crash the protocol loop for it. if (fPrivate->fSSL != NULL) { SSL_free(fPrivate->fSSL); } fPrivate->fSSL = SSL_new(BSecureSocket::Private::Context()); if (fPrivate->fSSL == NULL) { BSocket::Disconnect(); return B_NO_MEMORY; } BIO_set_fd(fPrivate->fBIO, fSocket, BIO_NOCLOSE); SSL_set_bio(fPrivate->fSSL, fPrivate->fBIO, fPrivate->fBIO); SSL_set_ex_data(fPrivate->fSSL, Private::sDataIndex, this); if (host != NULL) { BString hostString = host; if (hostString != "") SSL_set_tlsext_host_name(fPrivate->fSSL, host); } return B_OK; }
BIO *BIO_new_fd(int fd,int close_flag) { BIO *ret; ret=BIO_new(BIO_s_fd()); if (ret == NULL) return(NULL); BIO_set_fd(ret,fd,close_flag); return(ret); }
BIO *BIO_new_fd(int fd, int close_flag) { BIO *ret = BIO_new(BIO_s_fd()); if (ret == NULL) { return NULL; } BIO_set_fd(ret, fd, close_flag); return ret; }
void OpenSSLUtils::setBioFd(BIO* b, int fd, int flags) { #ifdef _WIN32 SOCKET sock = portability::sockets::fd_to_socket(fd); #else int sock = fd; #endif BIO_set_fd(b, sock, flags); }
EXPORT_C BIO *BIO_new_dgram(int fd, int close_flag) { BIO *ret; ret=BIO_new(BIO_s_datagram()); if (ret == NULL) return(NULL); BIO_set_fd(ret,fd,close_flag); return(ret); }
BOOL rdg_tls_out_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int timeout) { int sockfd = 0; int status = 0; BIO* socketBio = NULL; BIO* bufferedBio = NULL; rdpSettings* settings = rdg->settings; assert(hostname != NULL); sockfd = freerdp_tcp_connect(rdg->context, settings, settings->GatewayHostname, settings->GatewayPort, timeout); if (sockfd < 1) { return FALSE; } socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) { closesocket(sockfd); return FALSE; } BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) { BIO_free(socketBio); return FALSE; } bufferedBio = BIO_push(bufferedBio, socketBio); status = BIO_set_nonblock(bufferedBio, TRUE); if (!status) { BIO_free_all(bufferedBio); return FALSE; } rdg->tlsOut->hostname = settings->GatewayHostname; rdg->tlsOut->port = settings->GatewayPort; rdg->tlsOut->isGatewayTransport = TRUE; status = tls_connect(rdg->tlsOut, bufferedBio); if (status < 1) { return FALSE; } return TRUE; }
X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char *, int, int, void*)) #endif { X509 *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ #if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_X509(fp, x509, cb); #else rc = PEM_read_X509(fp, x509, cb, NULL); #endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_X509_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_X509_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && x509 != NULL) { if (*x509 != NULL) X509_free(*x509); *x509 = rc; } return rc; }
BIO *BIO_new_socket(int fd, int close_flag) { BIO *ret; ret = BIO_new(BIO_s_socket()); if (ret == NULL) return NULL; BIO_set_fd(ret, fd, close_flag); return ret; }
EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char *, int, int, void*)) #endif { EVP_PKEY *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ #if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_PrivateKey(fp, key, cb); #else rc = PEM_read_PrivateKey(fp, key, cb, NULL); #endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && key != NULL) { if (*key != NULL) EVP_PKEY_free(*key); *key = rc; } return rc; }
static int uh_tls_client_ctx_setup(SSL *ssl, int socket) { BIO *b; if (!(b = BIO_new(&uh_openssl_bio_methods))) return 0; BIO_set_fd(b, socket, BIO_NOCLOSE); SSL_set_bio(ssl, b, b); return 1; }
BIO *BIO_new_tou_socket(int fd, int close_flag) { BIO *ret; #ifdef DEBUG_TOU_BIO fprintf(stderr, "BIO_new_tou_socket(%d)\n", fd); #endif ret=BIO_new(BIO_s_tou_socket()); if (ret == NULL) return(NULL); BIO_set_fd(ret,fd,close_flag); return(ret); }
static int SSL_set_fd_bsd(SSL *s, int fd) { int result= -1; BIO_METHOD *BIO_s_bsdsocket(); BIO *bio; if ((bio= BIO_new(BIO_s_bsdsocket()))) { result= BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); } return result; }
void SecureSocketImpl::connectSSL(bool performHandshake) { poco_assert (!_pSSL); poco_assert (_pSocket->initialized()); BIO* pBIO = BIO_new(BIO_s_socket()); if (!pBIO) throw SSLException("Cannot create SSL BIO object"); BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); _pSSL = SSL_new(_pContext->sslContext()); if (!_pSSL) { BIO_free(pBIO); throw SSLException("Cannot create SSL object"); } SSL_set_bio(_pSSL, pBIO, pBIO); #if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT) if (!_peerHostName.empty()) { SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str()); } #endif if (_pSession) { SSL_set_session(_pSSL, _pSession->sslSession()); } try { if (performHandshake && _pSocket->getBlocking()) { int ret = SSL_connect(_pSSL); handleError(ret); verifyPeerCertificate(); } else { SSL_set_connect_state(_pSSL); _needHandshake = true; } } catch (...) { SSL_free(_pSSL); _pSSL = 0; throw; } }
BIO *BIO_new_fd(int fd,int close_flag) #endif { BIO *ret; #ifndef BIO_FD ret=BIO_new(BIO_s_socket()); #else ret=BIO_new(BIO_s_fd()); #endif if (ret == NULL) return(NULL); BIO_set_fd(ret,fd,close_flag); return(ret); }
int tcp_attach(rdpTcp* tcp, int sockfd) { tcp->sockfd = sockfd; SetEventFileDescriptor(tcp->event, tcp->sockfd); ringbuffer_commit_read_bytes(&tcp->xmitBuffer, ringbuffer_used(&tcp->xmitBuffer)); if (tcp->socketBio) { if (BIO_set_fd(tcp->socketBio, sockfd, 1) < 0) return -1; } else { tcp->socketBio = BIO_new(BIO_s_simple_socket()); if (!tcp->socketBio) return -1; BIO_set_fd(tcp->socketBio, sockfd, BIO_CLOSE); } if (!tcp->bufferedBio) { tcp->bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!tcp->bufferedBio) return FALSE; tcp->bufferedBio->ptr = tcp; tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); } return 0; }
/* we got a connection to the ocsp responder */ int ocsp_receive_fd(struct iked *env, struct imsg *imsg) { struct iked_ocsp_entry *ioe = NULL; struct iked_ocsp *ocsp = NULL; struct iked_socket *sock; char *path = NULL; int ret = -1; log_debug("%s: received socket fd %d", __func__, imsg->fd); if ((ioe = TAILQ_FIRST(&env->sc_ocsp)) == NULL) { log_debug("%s: oops, no request for", __func__); close(imsg->fd); return (-1); } TAILQ_REMOVE(&env->sc_ocsp, ioe, ioe_entry); ocsp = ioe->ioe_ocsp; free(ioe); if ((sock = calloc(1, sizeof(*sock))) == NULL) fatal("ocsp_receive_fd: calloc sock"); /* note that sock_addr is not set */ sock->sock_fd = imsg->fd; sock->sock_env = env; ocsp->ocsp_sock = sock; /* fetch 'path' and 'fd' from imsg */ if ((path = get_string(imsg->data, IMSG_DATA_SIZE(imsg))) == NULL) goto done; BIO_set_fd(ocsp->ocsp_cbio, imsg->fd, BIO_NOCLOSE); if ((ocsp->ocsp_req_ctx = OCSP_sendreq_new(ocsp->ocsp_cbio, path, NULL, -1)) == NULL) goto done; if (!OCSP_REQ_CTX_set1_req(ocsp->ocsp_req_ctx, ocsp->ocsp_req)) goto done; event_set(&sock->sock_ev, sock->sock_fd, EV_WRITE, ocsp_callback, ocsp); event_add(&sock->sock_ev, NULL); ret = 0; done: if (ret == -1) ocsp_validate_finish(ocsp, 0); /* failed */ free(path); return (ret); }
int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { if (RAND_reset_for_fuzzing) { RAND_reset_for_fuzzing(); } SSL* server = SSL_new(ctx); BIO* in = BIO_new(BIO_s_mem()); BIO_write(in, buf, len); BIO* out = BIO_new(BIO_s_fd()); BIO_set_fd(out, 1, BIO_NOCLOSE); SSL_set_bio(server, in, out); if (SSL_accept(server) == 1) { X509* peer; if ((peer = SSL_get_peer_certificate(server)) != NULL) { SSL_get_verify_result(server); X509_free(peer); } uint8_t tmp[1024 * 1024]; for (;;) { ssize_t r = SSL_read(server, tmp, sizeof(tmp)); if (r <= 0) { SSL_shutdown(server); break; } if (SSL_write(server, tmp, r) <= 0) { SSL_shutdown(server); break; } #ifndef OPENSSL_NO_HEARTBEATS SSL_heartbeat(server); #endif /* ifndef OPENSSL_NO_HEARTBEATS */ } } else { ERR_print_errors_fp(stderr); } SSL_free(server); return 0; }
connection::connection(int socketin,SSL_CTX* ctx,const unsigned int timeoutSec,const unsigned int timeoutMic) { socket = socketin; timeout.tv_sec = timeoutSec; timeout.tv_usec = timeoutMic; int ssl_int; if(setsockopt(socket,SOL_SOCKET,SO_RCVTIMEO,reinterpret_cast<char*>(&timeout),sizeof(timeout)) < 0) throw connection_exception("Set sock opt failed"); ssl = SSL_new(ctx); bio = BIO_new(BIO_s_socket()); BIO_set_fd(bio,socket,BIO_NOCLOSE); SSL_set_bio(ssl,bio,bio); if((ssl_int = SSL_accept(ssl)) < 1) { throw connection_exception("SSL Accept failed."); } }
void SecureSocketImpl::acceptSSL() { poco_assert (!_pSSL); BIO* pBIO = BIO_new(BIO_s_socket()); if (!pBIO) throw SSLException("Cannot create BIO object"); BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE); _pSSL = SSL_new(_pContext->sslContext()); if (!_pSSL) { BIO_free(pBIO); throw SSLException("Cannot create SSL object"); } SSL_set_bio(_pSSL, pBIO, pBIO); SSL_set_accept_state(_pSSL); _needHandshake = true; }
ssl_server_con * ssl_server_accept(ssl_server_client * scli, int fd){ BIO_set_fd(SSL_get_rbio(scli->ssl), fd, BIO_NOCLOSE); BIO_ctrl(SSL_get_rbio(scli->ssl), BIO_CTRL_DGRAM_SET_CONNECTED, 0, &scli->addr); int ret = 0; do{ret = SSL_accept(scli->ssl);} while(ret == 0); if(ret < 0){ handle_ssl_error(scli->ssl, ret); return NULL; } ASSERT(ret > 0); struct timeval timeout; timeout.tv_sec = 5; timeout.tv_usec = 0; BIO_ctrl(SSL_get_rbio(scli->ssl), BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); ssl_server_con * con = alloc0(sizeof(ssl_server_con)); con->ssl = scli->ssl; return con; }
/* This should exactly match openssl's SSL_set_fd except for using my BIO */ static int my_SSL_set_fd(SSL *s, int fd) { int ret = 0; BIO *bio = NULL; bio = BIO_new(my_BIO_s_socket()); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; } BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(s, bio, bio); ret = 1; err: return ret; }
static LUA_FUNCTION(openssl_bio_fd) { BIO* bio = CHECK_OBJECT(1, BIO, "openssl.bio"); int typ = BIO_method_type(bio); if (typ & BIO_TYPE_FD) { int fd = -1; if (!lua_isnoneornil(L, 2)) { fd = lua_tointeger(L, 2); BIO_set_fd(bio, fd, BIO_NOCLOSE); } else fd = BIO_get_fd(bio, 0); lua_pushinteger(L, fd); } else luaL_error(L, "BIO type miss match"); return 1; }
/* This should exactly match openssl's SSL_set_fd except for using my BIO */ static int my_SSL_set_fd(Port *port, int fd) { int ret = 0; BIO *bio = NULL; bio = BIO_new(my_BIO_s_socket()); if (bio == NULL) { SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); goto err; } /* Use 'ptr' to store pointer to PGconn */ bio->ptr = port; BIO_set_fd(bio, fd, BIO_NOCLOSE); SSL_set_bio(port->ssl, bio, bio); ret = 1; err: return ret; }
BOOL transport_attach(rdpTransport* transport, int sockfd) { BIO* socketBio; BIO* bufferedBio; socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) return FALSE; BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) return FALSE; bufferedBio = BIO_push(bufferedBio, socketBio); transport->frontBio = bufferedBio; return TRUE; }
int doit(io_channel chan, SSL_CTX *s_ctx ) { int status, length, link_state; struct rpc_msg msg; static char cbuf[200],sbuf[200]; SSL *s_ssl=NULL; BIO *c_to_s=NULL; BIO *s_to_c=NULL; BIO *c_bio=NULL; BIO *s_bio=NULL; int i; int done=0; s_ssl=SSL_new(s_ctx); if (s_ssl == NULL) goto err; c_to_s=BIO_new(BIO_s_rtcp()); s_to_c=BIO_new(BIO_s_rtcp()); if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; /* original, DRM 24-SEP-1997 BIO_set_fd ( c_to_s, "", chan ); BIO_set_fd ( s_to_c, "", chan ); */ BIO_set_fd ( c_to_s, 0, chan ); BIO_set_fd ( s_to_c, 0, chan ); c_bio=BIO_new(BIO_f_ssl()); s_bio=BIO_new(BIO_f_ssl()); if ((c_bio == NULL) || (s_bio == NULL)) goto err; SSL_set_accept_state(s_ssl); SSL_set_bio(s_ssl,c_to_s,s_to_c); BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); /* We can always do writes */ printf("Begin doit main loop\n"); /* * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed. */ for (link_state = 0; link_state < 3; ) { /* * Wait for remote end to request data action on A channel. */ while ( link_state == 0 ) { status = get ( chan, (char *) &msg, sizeof(msg), &length ); if ( (status&1) == 0 ) { printf("Error in main loop get: %d\n", status ); link_state = 3; break; } if ( length < RPC_HDR_SIZE ) { printf("Error in main loop get size: %d\n", length ); break; link_state = 3; } if ( msg.channel != 'A' ) { printf("Error in main loop, unexpected channel: %c\n", msg.channel ); break; link_state = 3; } if ( msg.function == 'G' ) { link_state = 1; } else if ( msg.function == 'P' ) { link_state = 2; /* write pending */ } else if ( msg.function == 'X' ) { link_state = 3; } else { link_state = 3; } } if ( link_state == 1 ) { i = BIO_read ( s_bio, msg.data, msg.length ); if ( i < 0 ) link_state = 3; else { msg.channel = 'A'; msg.function = 'C'; /* confirm */ msg.length = i; status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE ); if ( (status&1) == 0 ) break; link_state = 0; } } else if ( link_state == 2 ) { i = BIO_write ( s_bio, msg.data, msg.length ); if ( i < 0 ) link_state = 3; else { msg.channel = 'A'; msg.function = 'C'; /* confirm */ msg.length = 0; status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); if ( (status&1) == 0 ) break; link_state = 0; } } } fprintf(stdout,"DONE\n"); err: /* We have to set the BIO's to NULL otherwise they will be * free()ed twice. Once when th s_ssl is SSL_free()ed and * again when c_ssl is SSL_free()ed. * This is a hack required because s_ssl and c_ssl are sharing the same * BIO structure and SSL_set_bio() and SSL_free() automatically * BIO_free non NULL entries. * You should not normally do this or be required to do this */ s_ssl->rbio=NULL; s_ssl->wbio=NULL; if (c_to_s != NULL) BIO_free(c_to_s); if (s_to_c != NULL) BIO_free(s_to_c); if (c_bio != NULL) BIO_free(c_bio); if (s_bio != NULL) BIO_free(s_bio); return(0); }
idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection) { if (!connection || connection->ssl_data) return IDEVICE_E_INVALID_ARG; idevice_error_t ret = IDEVICE_E_SSL_ERROR; uint32_t return_me = 0; plist_t pair_record = NULL; userpref_read_pair_record(connection->udid, &pair_record); if (!pair_record) { debug_info("ERROR: Failed enabling SSL. Unable to read pair record for udid %s.", connection->udid); return ret; } #ifdef HAVE_OPENSSL key_data_t root_cert = { NULL, 0 }; key_data_t root_privkey = { NULL, 0 }; pair_record_import_crt_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert); pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_privkey); if (pair_record) plist_free(pair_record); /* Set up OpenSSL */ if (openssl_init_done == 0) { SSL_library_init(); openssl_init_done = 1; } BIO *ssl_bio = BIO_new(BIO_s_socket()); if (!ssl_bio) { debug_info("ERROR: Could not create SSL bio."); return ret; } BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); //SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_client_method()); if (ssl_ctx == NULL) { debug_info("ERROR: Could not create SSL context."); BIO_free(ssl_bio); return ret; } BIO* membp; X509* rootCert = NULL; membp = BIO_new_mem_buf(root_cert.data, root_cert.size); PEM_read_bio_X509(membp, &rootCert, NULL, NULL); BIO_free(membp); if (SSL_CTX_use_certificate(ssl_ctx, rootCert) != 1) { debug_info("WARNING: Could not load RootCertificate"); } X509_free(rootCert); free(root_cert.data); RSA* rootPrivKey = NULL; membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size); PEM_read_bio_RSAPrivateKey(membp, &rootPrivKey, NULL, NULL); BIO_free(membp); if (SSL_CTX_use_RSAPrivateKey(ssl_ctx, rootPrivKey) != 1) { debug_info("WARNING: Could not load RootPrivateKey"); } RSA_free(rootPrivKey); free(root_privkey.data); SSL *ssl = SSL_new(ssl_ctx); if (!ssl) { debug_info("ERROR: Could not create SSL object"); BIO_free(ssl_bio); SSL_CTX_free(ssl_ctx); return ret; } SSL_set_connect_state(ssl); SSL_set_verify(ssl, 0, ssl_verify_callback); SSL_set_bio(ssl, ssl_bio, ssl_bio); return_me = SSL_do_handshake(ssl); if (return_me != 1) { debug_info("ERROR in SSL_do_handshake: %s", ssl_error_to_string(SSL_get_error(ssl, return_me))); SSL_free(ssl); SSL_CTX_free(ssl_ctx); } else { ssl_data_t ssl_data_loc = (ssl_data_t)malloc(sizeof(struct ssl_data_private)); ssl_data_loc->session = ssl; ssl_data_loc->ctx = ssl_ctx; connection->ssl_data = ssl_data_loc; ret = IDEVICE_E_SUCCESS; debug_info("SSL mode enabled, cipher: %s", SSL_get_cipher(ssl)); } /* required for proper multi-thread clean up to prevent leaks */ #ifdef HAVE_ERR_REMOVE_THREAD_STATE ERR_remove_thread_state(NULL); #else ERR_remove_state(0); #endif #else ssl_data_t ssl_data_loc = (ssl_data_t)malloc(sizeof(struct ssl_data_private)); /* Set up GnuTLS... */ debug_info("enabling SSL mode"); errno = 0; gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc); gnutls_x509_crt_init(&ssl_data_loc->root_cert); gnutls_x509_crt_init(&ssl_data_loc->host_cert); gnutls_x509_privkey_init(&ssl_data_loc->root_privkey); gnutls_x509_privkey_init(&ssl_data_loc->host_privkey); pair_record_import_crt_with_name(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, ssl_data_loc->root_cert); pair_record_import_crt_with_name(pair_record, USERPREF_HOST_CERTIFICATE_KEY, ssl_data_loc->host_cert); pair_record_import_key_with_name(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, ssl_data_loc->root_privkey); pair_record_import_key_with_name(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, ssl_data_loc->host_privkey); if (pair_record) plist_free(pair_record); debug_info("GnuTLS step 1..."); gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection); debug_info("GnuTLS step 2..."); gnutls_transport_set_push_function(ssl_data_loc->session, (gnutls_push_func) & internal_ssl_write); debug_info("GnuTLS step 3..."); gnutls_transport_set_pull_function(ssl_data_loc->session, (gnutls_pull_func) & internal_ssl_read); debug_info("GnuTLS step 4 -- now handshaking..."); if (errno) { debug_info("WARNING: errno says %s before handshake!", strerror(errno)); } return_me = gnutls_handshake(ssl_data_loc->session); debug_info("GnuTLS handshake done..."); if (return_me != GNUTLS_E_SUCCESS) { internal_ssl_cleanup(ssl_data_loc); free(ssl_data_loc); debug_info("GnuTLS reported something wrong."); gnutls_perror(return_me); debug_info("oh.. errno says %s", strerror(errno)); } else { connection->ssl_data = ssl_data_loc; ret = IDEVICE_E_SUCCESS; debug_info("SSL mode enabled"); } #endif return ret; }
BOOL tcp_connect(rdpTcp* tcp, const char* hostname, int port, int timeout) { int status; UINT32 option_value; socklen_t option_len; if (!hostname) return FALSE; if (hostname[0] == '/') { tcp->sockfd = freerdp_uds_connect(hostname); if (tcp->sockfd < 0) return FALSE; tcp->socketBio = BIO_new_fd(tcp->sockfd, 1); if (!tcp->socketBio) return FALSE; } else { fd_set cfds; struct timeval tv; tcp->socketBio = BIO_new(BIO_s_connect()); if (!tcp->socketBio) return FALSE; if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_int_port(tcp->socketBio, &port) < 0) return FALSE; BIO_set_nbio(tcp->socketBio, 1); status = BIO_do_connect(tcp->socketBio); if ((status <= 0) && !BIO_should_retry(tcp->socketBio)) return FALSE; tcp->sockfd = BIO_get_fd(tcp->socketBio, NULL); if (tcp->sockfd < 0) return FALSE; if (status <= 0) { FD_ZERO(&cfds); FD_SET(tcp->sockfd, &cfds); tv.tv_sec = timeout; tv.tv_usec = 0; status = select(tcp->sockfd + 1, NULL, &cfds, NULL, &tv); if (status == 0) { return FALSE; /* timeout */ } } BIO_set_close(tcp->socketBio, BIO_NOCLOSE); BIO_free(tcp->socketBio); tcp->socketBio = BIO_new(BIO_s_simple_socket()); if (!tcp->socketBio) return -1; BIO_set_fd(tcp->socketBio, tcp->sockfd, BIO_CLOSE); } SetEventFileDescriptor(tcp->event, tcp->sockfd); tcp_get_ip_address(tcp); tcp_get_mac_address(tcp); option_value = 1; option_len = sizeof(option_value); if (setsockopt(tcp->sockfd, IPPROTO_TCP, TCP_NODELAY, (void*) &option_value, option_len) < 0) fprintf(stderr, "%s: unable to set TCP_NODELAY\n", __FUNCTION__); /* receive buffer must be a least 32 K */ if (getsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &option_value, &option_len) == 0) { if (option_value < (1024 * 32)) { option_value = 1024 * 32; option_len = sizeof(option_value); if (setsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &option_value, option_len) < 0) { fprintf(stderr, "%s: unable to set receive buffer len\n", __FUNCTION__); return FALSE; } } } if (!tcp_set_keep_alive_mode(tcp)) return FALSE; tcp->bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!tcp->bufferedBio) return FALSE; tcp->bufferedBio->ptr = tcp; tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); return TRUE; }
static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, int timeout) { int sockfd = 0; int status = 0; BIO* socketBio = NULL; BIO* bufferedBio = NULL; rdpSettings* settings = rdg->settings; const char* peerHostname = settings->GatewayHostname; UINT16 peerPort = settings->GatewayPort; const char* proxyUsername, *proxyPassword; BOOL isProxyConnection = proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword); sockfd = freerdp_tcp_connect(rdg->context, settings, peerAddress ? peerAddress : peerHostname, peerPort, timeout); if (sockfd < 0) { return FALSE; } socketBio = BIO_new(BIO_s_simple_socket()); if (!socketBio) { closesocket(sockfd); return FALSE; } BIO_set_fd(socketBio, sockfd, BIO_CLOSE); bufferedBio = BIO_new(BIO_s_buffered_socket()); if (!bufferedBio) { closesocket(sockfd); BIO_free(socketBio); return FALSE; } bufferedBio = BIO_push(bufferedBio, socketBio); status = BIO_set_nonblock(bufferedBio, TRUE); if (isProxyConnection) { if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword, settings->GatewayHostname, settings->GatewayPort)) return FALSE; } if (!status) { BIO_free_all(bufferedBio); return FALSE; } tls->hostname = settings->GatewayHostname; tls->port = settings->GatewayPort; tls->isGatewayTransport = TRUE; status = tls_connect(tls, bufferedBio); return (status >= 1); }