TLSv1 SSLv2 SSLv3 DTLSv1 support. More...

Files
file	sslutil.c
	TLSv1 SSLv2 SSLv3 DTLSv1 support.

Data Structures
struct	ssldata
	SSL data structure for enabling encryption on sockets. More...

Macros
#define	COOKIE_SECRET_LENGTH 32
	length of cookie secret using SHA2-256 HMAC More...

Typedefs
typedef struct ssldata	ssldata
	Forward decleration of structure. More...

Enumerations
enum	SSLFLAGS { SSL_TLSV1 = 1 << 0, SSL_SSLV2 = 1 << 1, SSL_SSLV3 = 1 << 2, SSL_DTLSV1 = 1 << 3, SSL_CLIENT = 1 << 4, SSL_SERVER = 1 << 5, SSL_DTLSCON = 1 << 6 }
	SSL configuration flags. More...

Functions
void	ssl_shutdown (void *data, int sock)
	Shutdown the SSL connection. More...

void *	tlsv1_init (const char cacert, const char cert, const char *key, int verify)
	Create a SSL structure for TLSv1. More...

void *	sslv2_init (const char cacert, const char cert, const char *key, int verify)
	Create a SSL structure for SSLv2 (If available) More...

void *	sslv3_init (const char cacert, const char cert, const char *key, int verify)
	Create a SSL structure for SSLv3. More...

void *	dtlsv1_init (const char cacert, const char cert, const char *key, int verify)
	Create a SSL structure for DTLSv1. More...

void	tlsaccept (struct fwsocket sock, struct ssldata orig)
	Create SSL session for new connection. More...

void	sslstartup (void)
	Initialise SSL support this should be called at startup. More...

void	dtsl_serveropts (struct fwsocket *sock)
	Start up the DTLSv1 Server. More...

struct fwsocket *	dtls_listenssl (struct fwsocket *sock)
	Implementation of "listen" for DTLSv1. More...

void	startsslclient (struct fwsocket *sock)
	Start SSL on a client socket. More...

void	dtlstimeout (struct fwsocket sock, struct timeval timeleft, int defusec)
	Get DTLSv1 timeout setting todefault timeout. More...

void	dtlshandltimeout (struct fwsocket *sock)
	Handle DTLSv1 timeout. More...

Detailed Description

TLSv1 SSLv2 SSLv3 DTLSv1 support.

See Also: LIB-Sock This is part of the socket interface to support encrypted sockets a ssldata refernece will be created and passed on socket initialization.

This is part of the socket interface to upport encrypted sockets a ssldata refernece will be created and passed on socket initialization.

See Also: Network socket interface

Macro Definition Documentation

#define COOKIE_SECRET_LENGTH 32

length of cookie secret using SHA2-256 HMAC

Definition at line 83 of file sslutil.c.

Referenced by sslstartup().

Typedef Documentation

typedef struct ssldata ssldata

Forward decleration of structure.

Definition at line 97 of file dtsapp.h.

Enumeration Type Documentation

enum SSLFLAGS

SSL configuration flags.

Enumerator
SSL_TLSV1	TLSv1.
SSL_SSLV2	SSLv2 This may not be available due to security issues.
SSL_SSLV3	SSLv3.
SSL_DTLSV1	DTLSv1 (UDP Connections)
SSL_CLIENT	This session is client mode.
SSL_SERVER	This session is server mode.
SSL_DTLSCON	UDP connection is listening.

Definition at line 48 of file sslutil.c.

               {
     SSL_TLSV1   = 1 << 0,
     SSL_SSLV2   = 1 << 1,
     SSL_SSLV3   = 1 << 2,
     SSL_DTLSV1  = 1 << 3,
     SSL_CLIENT  = 1 << 4,
     SSL_SERVER  = 1 << 5,
     SSL_DTLSCON = 1 << 6
 };

Function Documentation

struct fwsocket* dtls_listenssl ( struct fwsocket * sock )

Implementation of "listen" for DTLSv1.

Warning: Do not call this directly.

Parameters

sock	Reference to server socket.

Returns: New socket reference for the new connection.

Definition at line 731 of file sslutil.c.

References fwsocket::addr, ssldata::flags, make_socket(), objalloc(), objlock(), objunlock(), objunref(), fwsocket::proto, sockstruct::sa, setflag, fwsocket::sock, SOCK_FLAG_SSL, ssldata::ssl, fwsocket::ssl, SSL_DTLSCON, and fwsocket::type.

                                                               {
     struct ssldata *ssl = sock->ssl;
     struct ssldata *newssl;
     struct fwsocket *newsock;
     union sockstruct client;
 #ifndef __WIN32__
     int on = 1;
 #else
 /*  unsigned long on = 1;*/
 #endif
 
     if (!(newssl = objalloc(sizeof(*newssl), free_ssldata))) {
         return NULL;
     }
 
     newssl->flags |= SSL_DTLSCON;
 
     dtlssetopts(newssl, ssl, sock);
     memset(&client, 0, sizeof(client));
     if (DTLSv1_listen(newssl->ssl, &client) <= 0) {
         objunref(newssl);
         return NULL;
     }
 
     objlock(sock);
     if (!(newsock = make_socket(sock->addr.sa.sa_family, sock->type, sock->proto, newssl))) {
         objunlock(sock);
         objunref(newssl);
         return NULL;
     }
     objunlock(sock);
     memcpy(&newsock->addr, &client, sizeof(newsock->addr));
 #ifndef __WIN32__
     setsockopt(newsock->sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
 #ifdef SO_REUSEPORT
     setsockopt(newsock->sock, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on));
 #endif
 #else
 /*  ioctlsocket(newsock->sock, FIONBIO, (unsigned long*)&on);*/
 #endif
     objlock(sock);
     bind(newsock->sock, &sock->addr.sa, sizeof(sock->addr));
     objunlock(sock);
     connect(newsock->sock, &newsock->addr.sa, sizeof(newsock->addr));
 
     dtlsaccept(newsock);
     setflag(newsock, SOCK_FLAG_SSL);
 
     return (newsock);
 }

void dtlshandltimeout ( struct fwsocket * sock )

Handle DTLSv1 timeout.

Parameters

sock	Reference to socket.

Definition at line 846 of file sslutil.c.

References objlock(), objunlock(), ssldata::ssl, and fwsocket::ssl.

                                                     {
     if (!sock->ssl) {
         return;
     }
 
     objlock(sock->ssl);
     DTLSv1_handle_timeout(sock->ssl->ssl);
     objunlock(sock->ssl);
 }

void dtlstimeout	(	struct fwsocket *	sock,
		struct timeval *	timeleft,
		int	defusec
	)

Get DTLSv1 timeout setting todefault timeout.

Warning: Do not call this directly.

Parameters

sock	Reference to socket.
timeleft	timeval to store timeleft or set to default.
defusec	Default timeout to set.

Definition at line 831 of file sslutil.c.

References objlock(), objunlock(), ssldata::ssl, and fwsocket::ssl.

                                                                                       {
     if (!sock || !sock->ssl || !sock->ssl->ssl) {
         return;
     }
 
     objlock(sock->ssl);
     if (!DTLSv1_get_timeout(sock->ssl->ssl, timeleft)) {
         timeleft->tv_sec = 0;
         timeleft->tv_usec = defusec;
     }
     objunlock(sock->ssl);
 }

void* dtlsv1_init	(	const char *	cacert,
		const char *	cert,
		const char *	key,
		int	verify
	)

Create a SSL structure for DTLSv1.

Parameters

cacert	Path to the CA certificate[s].
cert	Public certificate to use.
key	Private key file.
verify	OpenSSL flags.

Definition at line 325 of file sslutil.c.

References ssldata::ctx, ssldata::ssl, and SSL_DTLSV1.

Referenced by socktest().

                                                                                             {
     const SSL_METHOD *meth = DTLSv1_method();
     struct ssldata *ssl;
 
     ssl = sslinit(cacert, cert, key, verify, meth, SSL_DTLSV1);
     /* XXX BIO_CTRL_DGRAM_MTU_DISCOVER*/
     SSL_CTX_set_read_ahead(ssl->ctx, 1);
 
     return (ssl);
 }

void dtsl_serveropts ( struct fwsocket * sock )

Start up the DTLSv1 Server.

Warning: This should not be called directly

See Also: socketserver

Parameters

sock	Reference to socket structure of DTLSv1 Server

Definition at line 685 of file sslutil.c.

References ssldata::ctx, ssldata::flags, objlock(), objunlock(), ssldata::ssl, fwsocket::ssl, and SSL_SERVER.

Referenced by socketserver().

                                                    {
     struct ssldata *ssl = sock->ssl;
 
     if (!ssl) {
         return;
     }
 
     dtlssetopts(ssl, NULL, sock);
 
     objlock(ssl);
     SSL_CTX_set_cookie_generate_cb(ssl->ctx, generate_cookie);
     SSL_CTX_set_cookie_verify_cb(ssl->ctx, verify_cookie);
     SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
 
     SSL_set_options(ssl->ssl, SSL_OP_COOKIE_EXCHANGE);
     ssl->flags |= SSL_SERVER;
     objunlock(ssl);
 }

void ssl_shutdown	(	void *	data,
		int	sock
	)

Shutdown the SSL connection.

Extra read/write may be required if so use select on failure the port has probably gone only try 3 times.

Todo:: Make sure this is only called when the thread has stoped selecting here may be wrong.

Parameters

data	Refernece to the SSL data of socket.
sock	Socket FD to wait for data on.

Definition at line 179 of file sslutil.c.

References objlock(), objunlock(), and ssldata::ssl.

                                                {
     struct ssldata *ssl = data;
     int ret, selfd, cnt = 0;
 
     if (!ssl) {
         return;
     }
 
     objlock(ssl);
 
     while (ssl->ssl &&  (ret = _ssl_shutdown(ssl) && (cnt < 3))) {
         selfd = socket_select(sock, ret);
         if (selfd <= 0) {
             break;
         }
         cnt++;
     }
 
     if (ssl->ssl) {
         SSL_free(ssl->ssl);
         ssl->ssl = NULL;
     }
     objunlock(ssl);
 }

void sslstartup ( void )

Initialise SSL support this should be called at startup.

See Also: FRAMEWORK_MAIN

Definition at line 639 of file sslutil.c.

References COOKIE_SECRET_LENGTH, and genrand().

Referenced by framework_init().

                              {
     SSL_library_init();
     SSL_load_error_strings();
     OpenSSL_add_ssl_algorithms();
 
     if ((cookie_secret = malloc(COOKIE_SECRET_LENGTH))) {
         genrand(cookie_secret, COOKIE_SECRET_LENGTH);
     }
 }

void* sslv2_init	(	const char *	cacert,
		const char *	cert,
		const char *	key,
		int	verify
	)

Create a SSL structure for SSLv2 (If available)

Parameters

cacert	Path to the CA certificate[s].
cert	Public certificate to use.
key	Private key file.
verify	OpenSSL flags.

Definition at line 299 of file sslutil.c.

References SSL_SSLV2.

                                                                                            {
     const SSL_METHOD *meth = SSLv2_method();
 
     return (sslinit(cacert, cert, key, verify, meth, SSL_SSLV2));
 }

void* sslv3_init	(	const char *	cacert,
		const char *	cert,
		const char *	key,
		int	verify
	)

Create a SSL structure for SSLv3.

Parameters

cacert	Path to the CA certificate[s].
cert	Public certificate to use.
key	Private key file.
verify	OpenSSL flags.

Definition at line 311 of file sslutil.c.

References ssldata::ssl, and SSL_SSLV3.

Referenced by socktest().

                                                                                            {
     const SSL_METHOD *meth = SSLv3_method();
     struct ssldata *ssl;
 
     ssl = sslinit(cacert, cert, key, verify, meth, SSL_SSLV3);
 
     return (ssl);
 }

void startsslclient ( struct fwsocket * sock )

Start SSL on a client socket.

Warning: This should not be called directly

See Also: clientsocket()

Parameters

sock	Reference to client socket.

Definition at line 811 of file sslutil.c.

References ssldata::flags, fwsocket::ssl, SSL_SERVER, and fwsocket::type.

Referenced by socketclient().

                                                   {
     if (!sock || !sock->ssl || (sock->ssl->flags & SSL_SERVER)) {
         return;
     }
 
     switch(sock->type) {
         case SOCK_DGRAM:
             dtlsconnect(sock);
             break;
         case SOCK_STREAM:
             sslsockstart(sock, NULL, 0);
             break;
     }
 }

void tlsaccept	(	struct fwsocket *	sock,
		struct ssldata *	orig
	)

Create SSL session for new connection.

Warning: This should never be called.

Parameters

sock	Reference too new incoming socket.
orig	Servers SSL session to clone.

Definition at line 382 of file sslutil.c.

References objalloc(), setflag, SOCK_FLAG_SSL, and fwsocket::ssl.

Referenced by accept_socket().

                                                                    {
     setflag(sock, SOCK_FLAG_SSL);
     if ((sock->ssl = objalloc(sizeof(*sock->ssl), free_ssldata))) {
         sslsockstart(sock, orig, 1);
     }
 }

void* tlsv1_init	(	const char *	cacert,
		const char *	cert,
		const char *	key,
		int	verify
	)

Create a SSL structure for TLSv1.

Parameters

cacert	Path to the CA certificate[s].
cert	Public certificate to use.
key	Private key file.
verify	OpenSSL flags.

Definition at line 287 of file sslutil.c.

References SSL_TLSV1.

                                                                                            {
     const SSL_METHOD *meth = TLSv1_method();
 
     return (sslinit(cacert, cert, key, verify, meth, SSL_TLSV1));
 }

Files

Data Structures

Macros

Typedefs

Enumerations

Functions

Detailed Description

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation