static void dill_tls_init(void) {
static int init = 0;
if(dill_slow(!init)) {
SSL_library_init();
SSL_load_error_strings();
/* Create our own custom BIO type. */
int idx = BIO_get_new_index();
dill_tls_cbio = BIO_meth_new(idx, "bsock");
dill_assert(dill_tls_cbio);
int rc = BIO_meth_set_create(dill_tls_cbio, dill_tls_cbio_create);
dill_assert(rc == 1);
rc = BIO_meth_set_destroy(dill_tls_cbio, dill_tls_cbio_destroy);
dill_assert(rc == 1);
rc = BIO_meth_set_write(dill_tls_cbio, dill_tls_cbio_write);
dill_assert(rc == 1);
rc = BIO_meth_set_read(dill_tls_cbio, dill_tls_cbio_read);
dill_assert(rc == 1);
rc = BIO_meth_set_ctrl(dill_tls_cbio, dill_tls_cbio_ctrl);
dill_assert(rc == 1);
/* Deallocate the method once the process exits. */
rc = atexit(dill_tls_term);
dill_assert(rc == 0);
init = 1;
}
}
/* Return the method table for the bufferevents BIO */
static BIO_METHOD *
BIO_s_bufferevent(void)
{
if (methods_bufferevent == NULL) {
methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
if (methods_bufferevent == NULL)
return NULL;
BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
}
return methods_bufferevent;
}
static int init_bio_method(void)
{
/* Set up the BIO_METHOD we use for wrapping our own stream implementations */
git_stream_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK | BIO_get_new_index(), "git_stream");
GITERR_CHECK_ALLOC(git_stream_bio_method);
BIO_meth_set_write(git_stream_bio_method, bio_write);
BIO_meth_set_read(git_stream_bio_method, bio_read);
BIO_meth_set_puts(git_stream_bio_method, bio_puts);
BIO_meth_set_gets(git_stream_bio_method, bio_gets);
BIO_meth_set_ctrl(git_stream_bio_method, bio_ctrl);
BIO_meth_set_create(git_stream_bio_method, bio_create);
BIO_meth_set_destroy(git_stream_bio_method, bio_destroy);
return 0;
}
const BIO_METHOD *bio_s_mempacket_test(void)
{
if (meth_mem == NULL) {
if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
"Mem Packet Test"))
|| !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write))
|| !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read))
|| !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts))
|| !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets))
|| !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl))
|| !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new))
|| !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free)))
return NULL;
}
return meth_mem;
}
static const BIO_METHOD *bio_f_watchccs_filter(void)
{
if (method_watchccs == NULL) {
method_watchccs = BIO_meth_new(BIO_TYPE_WATCHCCS_FILTER,
"Watch CCS filter");
if ( method_watchccs == NULL
|| !BIO_meth_set_write(method_watchccs, watchccs_write)
|| !BIO_meth_set_read(method_watchccs, watchccs_read)
|| !BIO_meth_set_puts(method_watchccs, watchccs_puts)
|| !BIO_meth_set_gets(method_watchccs, watchccs_gets)
|| !BIO_meth_set_ctrl(method_watchccs, watchccs_ctrl)
|| !BIO_meth_set_create(method_watchccs, watchccs_new)
|| !BIO_meth_set_destroy(method_watchccs, watchccs_free))
return NULL;
}
return method_watchccs;
}
/* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void)
{
if (method_tls_dump == NULL) {
method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER,
"TLS dump filter");
if ( method_tls_dump == NULL
|| !BIO_meth_set_write(method_tls_dump, tls_dump_write)
|| !BIO_meth_set_read(method_tls_dump, tls_dump_read)
|| !BIO_meth_set_puts(method_tls_dump, tls_dump_puts)
|| !BIO_meth_set_gets(method_tls_dump, tls_dump_gets)
|| !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl)
|| !BIO_meth_set_create(method_tls_dump, tls_dump_new)
|| !BIO_meth_set_destroy(method_tls_dump, tls_dump_free))
return NULL;
}
return method_tls_dump;
}
const BIO_METHOD *bio_s_mempacket_test(void)
{
if (method_mempacket_test == NULL) {
method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
"Mem Packet Test");
if ( method_mempacket_test == NULL
|| !BIO_meth_set_write(method_mempacket_test, mempacket_test_write)
|| !BIO_meth_set_read(method_mempacket_test, mempacket_test_read)
|| !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts)
|| !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets)
|| !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl)
|| !BIO_meth_set_create(method_mempacket_test, mempacket_test_new)
|| !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free))
return NULL;
}
return method_mempacket_test;
}
BIO_METHOD *
mongoc_stream_tls_openssl_bio_meth_new ()
{
BIO_METHOD *meth = NULL;
meth = BIO_meth_new (BIO_TYPE_FILTER, "mongoc-stream-tls-glue");
if (meth) {
BIO_meth_set_write (meth, mongoc_stream_tls_openssl_bio_write);
BIO_meth_set_read (meth, mongoc_stream_tls_openssl_bio_read);
BIO_meth_set_puts (meth, mongoc_stream_tls_openssl_bio_puts);
BIO_meth_set_gets (meth, mongoc_stream_tls_openssl_bio_gets);
BIO_meth_set_ctrl (meth, mongoc_stream_tls_openssl_bio_ctrl);
BIO_meth_set_create (meth, mongoc_stream_tls_openssl_bio_create);
BIO_meth_set_destroy (meth, mongoc_stream_tls_openssl_bio_destroy);
}
return meth;
}
const BIO_METHOD *BIO_f_tap(void)
{
static BIO_METHOD *tap = NULL;
if (tap == NULL) {
tap = BIO_meth_new(BIO_TYPE_START | BIO_TYPE_FILTER, "tap");
if (tap != NULL) {
BIO_meth_set_write_ex(tap, tap_write_ex);
BIO_meth_set_read_ex(tap, tap_read_ex);
BIO_meth_set_puts(tap, tap_puts);
BIO_meth_set_gets(tap, tap_gets);
BIO_meth_set_ctrl(tap, tap_ctrl);
BIO_meth_set_create(tap, tap_new);
BIO_meth_set_destroy(tap, tap_free);
BIO_meth_set_callback_ctrl(tap, tap_callback_ctrl);
}
}
return tap;
}
static BIO_METHOD *
BIO_s_gst_dtls_connection (void)
{
if (custom_bio_methods != NULL)
return custom_bio_methods;
custom_bio_methods = BIO_meth_new (BIO_TYPE_BIO, "stream");
if (custom_bio_methods == NULL
|| !BIO_meth_set_write (custom_bio_methods, bio_method_write)
|| !BIO_meth_set_read (custom_bio_methods, bio_method_read)
|| !BIO_meth_set_ctrl (custom_bio_methods, bio_method_ctrl)
|| !BIO_meth_set_create (custom_bio_methods, bio_method_new)
|| !BIO_meth_set_destroy (custom_bio_methods, bio_method_free)) {
BIO_meth_free (custom_bio_methods);
return NULL;
}
return custom_bio_methods;
}
static BIO_METHOD* BIO_s_rdg(void)
{
static BIO_METHOD* bio_methods = NULL;
if (bio_methods == NULL)
{
if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "RDGateway")))
return NULL;
BIO_meth_set_write(bio_methods, rdg_bio_write);
BIO_meth_set_read(bio_methods, rdg_bio_read);
BIO_meth_set_puts(bio_methods, rdg_bio_puts);
BIO_meth_set_gets(bio_methods, rdg_bio_gets);
BIO_meth_set_ctrl(bio_methods, rdg_bio_ctrl);
BIO_meth_set_create(bio_methods, rdg_bio_new);
BIO_meth_set_destroy(bio_methods, rdg_bio_free);
}
return bio_methods;
}
BIO_METHOD* BIO_s_buffered_socket(void)
{
static BIO_METHOD* bio_methods = NULL;
if (bio_methods == NULL)
{
if (!(bio_methods = BIO_meth_new(BIO_TYPE_BUFFERED, "BufferedSocket")))
return NULL;
BIO_meth_set_write(bio_methods, transport_bio_buffered_write);
BIO_meth_set_read(bio_methods, transport_bio_buffered_read);
BIO_meth_set_puts(bio_methods, transport_bio_buffered_puts);
BIO_meth_set_gets(bio_methods, transport_bio_buffered_gets);
BIO_meth_set_ctrl(bio_methods, transport_bio_buffered_ctrl);
BIO_meth_set_create(bio_methods, transport_bio_buffered_new);
BIO_meth_set_destroy(bio_methods, transport_bio_buffered_free);
}
return bio_methods;
}
BIO_METHOD* BIO_s_simple_socket(void)
{
static BIO_METHOD* bio_methods = NULL;
if (bio_methods == NULL)
{
if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "SimpleSocket")))
return NULL;
BIO_meth_set_write(bio_methods, transport_bio_simple_write);
BIO_meth_set_read(bio_methods, transport_bio_simple_read);
BIO_meth_set_puts(bio_methods, transport_bio_simple_puts);
BIO_meth_set_gets(bio_methods, transport_bio_simple_gets);
BIO_meth_set_ctrl(bio_methods, transport_bio_simple_ctrl);
BIO_meth_set_create(bio_methods, transport_bio_simple_new);
BIO_meth_set_destroy(bio_methods, transport_bio_simple_free);
}
return bio_methods;
}
BIO_METHOD* BIO_s_rdp_tls(void)
{
static BIO_METHOD* bio_methods = NULL;
if (bio_methods == NULL)
{
if (!(bio_methods = BIO_meth_new(BIO_TYPE_RDP_TLS, "RdpTls")))
return NULL;
BIO_meth_set_write(bio_methods, bio_rdp_tls_write);
BIO_meth_set_read(bio_methods, bio_rdp_tls_read);
BIO_meth_set_puts(bio_methods, bio_rdp_tls_puts);
BIO_meth_set_gets(bio_methods, bio_rdp_tls_gets);
BIO_meth_set_ctrl(bio_methods, bio_rdp_tls_ctrl);
BIO_meth_set_create(bio_methods, bio_rdp_tls_new);
BIO_meth_set_destroy(bio_methods, bio_rdp_tls_free);
BIO_meth_set_callback_ctrl(bio_methods, bio_rdp_tls_callback_ctrl);
}
return bio_methods;
}
static BIO_METHOD *
my_BIO_s_socket(void)
{
if (!my_bio_methods)
{
BIO_METHOD *biom = (BIO_METHOD *) BIO_s_socket();
#ifdef HAVE_BIO_METH_NEW
int my_bio_index;
my_bio_index = BIO_get_new_index();
if (my_bio_index == -1)
return NULL;
my_bio_methods = BIO_meth_new(my_bio_index, "PostgreSQL backend socket");
if (!my_bio_methods)
return NULL;
if (!BIO_meth_set_write(my_bio_methods, my_sock_write) ||
!BIO_meth_set_read(my_bio_methods, my_sock_read) ||
!BIO_meth_set_gets(my_bio_methods, BIO_meth_get_gets(biom)) ||
!BIO_meth_set_puts(my_bio_methods, BIO_meth_get_puts(biom)) ||
!BIO_meth_set_ctrl(my_bio_methods, BIO_meth_get_ctrl(biom)) ||
!BIO_meth_set_create(my_bio_methods, BIO_meth_get_create(biom)) ||
!BIO_meth_set_destroy(my_bio_methods, BIO_meth_get_destroy(biom)) ||
!BIO_meth_set_callback_ctrl(my_bio_methods, BIO_meth_get_callback_ctrl(biom)))
{
BIO_meth_free(my_bio_methods);
my_bio_methods = NULL;
return NULL;
}
#else
my_bio_methods = malloc(sizeof(BIO_METHOD));
if (!my_bio_methods)
return NULL;
memcpy(my_bio_methods, biom, sizeof(BIO_METHOD));
my_bio_methods->bread = my_sock_read;
my_bio_methods->bwrite = my_sock_write;
#endif
}
return my_bio_methods;
}
/** returns a custom tls_mbuf BIO. */
BIO_METHOD* tls_BIO_mbuf(void)
{
#if OPENSSL_VERSION_NUMBER < 0x010100000L
return &tls_mbuf_method;
#else
if(tls_mbuf_method != NULL) {
return tls_mbuf_method;
}
tls_mbuf_method = BIO_meth_new(BIO_TYPE_TLS_MBUF, "sr_tls_mbuf");
if(tls_mbuf_method==NULL) {
LM_ERR("cannot get a new bio method structure\n");
return NULL;
}
BIO_meth_set_write(tls_mbuf_method, tls_bio_mbuf_write);
BIO_meth_set_read(tls_mbuf_method, tls_bio_mbuf_read);
BIO_meth_set_puts(tls_mbuf_method, tls_bio_mbuf_puts);
BIO_meth_set_gets(tls_mbuf_method, NULL);
BIO_meth_set_ctrl(tls_mbuf_method, tls_bio_mbuf_ctrl);
BIO_meth_set_create(tls_mbuf_method, tls_bio_mbuf_new);
BIO_meth_set_destroy(tls_mbuf_method, tls_bio_mbuf_free);
BIO_meth_set_callback_ctrl(tls_mbuf_method, NULL);
return tls_mbuf_method;
#endif
}
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
{
TLSContext *p = h->priv_data;
TLSShared *c = &p->tls_shared;
BIO *bio;
int ret;
ff_openssl_init();
if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
goto fail;
// We want to support all versions of TLS >= 1.0, but not the deprecated
// and insecure SSLv2 and SSLv3. Despite the name, SSLv23_*_method()
// enables support for all versions of SSL and TLS, and we then disable
// support for the old protocols immediately after creating the context.
p->ctx = SSL_CTX_new(c->listen ? SSLv23_server_method() : SSLv23_client_method());
if (!p->ctx) {
av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
SSL_CTX_set_options(p->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (c->ca_file)
SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL);
if (c->cert_file && !SSL_CTX_use_certificate_chain_file(p->ctx, c->cert_file)) {
av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s\n",
c->cert_file, ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
if (c->key_file && !SSL_CTX_use_PrivateKey_file(p->ctx, c->key_file, SSL_FILETYPE_PEM)) {
av_log(h, AV_LOG_ERROR, "Unable to load key file %s: %s\n",
c->key_file, ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
// Note, this doesn't check that the peer certificate actually matches
// the requested hostname.
if (c->verify)
SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER, NULL);
p->ssl = SSL_new(p->ctx);
if (!p->ssl) {
av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio");
BIO_meth_set_write(p->url_bio_method, url_bio_bwrite);
BIO_meth_set_read(p->url_bio_method, url_bio_bread);
BIO_meth_set_puts(p->url_bio_method, url_bio_bputs);
BIO_meth_set_ctrl(p->url_bio_method, url_bio_ctrl);
BIO_meth_set_create(p->url_bio_method, url_bio_create);
BIO_meth_set_destroy(p->url_bio_method, url_bio_destroy);
bio = BIO_new(p->url_bio_method);
BIO_set_data(bio, c->tcp);
#else
bio = BIO_new(&url_bio_method);
bio->ptr = c->tcp;
#endif
SSL_set_bio(p->ssl, bio, bio);
if (!c->listen && !c->numerichost)
SSL_set_tlsext_host_name(p->ssl, c->host);
ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);
if (ret == 0) {
av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");
ret = AVERROR(EIO);
goto fail;
} else if (ret < 0) {
ret = print_tls_error(h, ret);
goto fail;
}
return 0;
fail:
tls_close(h);
return ret;
}
