/* * The MIT License * * Copyright 2018 Ugo Cirmignani. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #ifdef OPENSSL_ENABLED #include #include #include #include #include #include #include #include "openSsl.h" #include "fileManagement.h" #define MUTEX_TYPE pthread_mutex_t #define MUTEX_SETUP(x) pthread_mutex_init(&(x), NULL) #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x)) #define MUTEX_LOCK(x) pthread_mutex_lock(&(x)) #define MUTEX_UNLOCK(x) pthread_mutex_unlock(&(x)) #define THREAD_ID pthread_self() /* This array will store all of the mutexes available to OpenSSL. */ static MUTEX_TYPE *mutex_buf = NULL; void initOpenssl() { OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */ SSL_load_error_strings(); /* Bring in and register error messages */ ERR_load_BIO_strings(); ERR_load_crypto_strings(); SSL_library_init(); thread_setup(); } void cleanupOpenssl() { thread_cleanup(); EVP_cleanup(); } SSL_CTX *createServerContext() { const SSL_METHOD *method; SSL_CTX *ctx; method = TLS_server_method(); ctx = SSL_CTX_new(method); if (!ctx) { perror("Unable to create server SSL context"); ERR_print_errors_fp(stderr); exit(0); } return ctx; } SSL_CTX *createClientContext(void) { const SSL_METHOD *method; SSL_CTX *ctx; method = TLS_client_method(); /* Create new client-method instance */ ctx = SSL_CTX_new(method); /* Create new context */ //SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); //SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE| SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); //SSL_CTX_set_ecdh_auto(ctx, 1); if (ctx == NULL) { perror("Unable to create server SSL context"); ERR_print_errors_fp(stderr); abort(); exit(0); } return ctx; } void configureClientContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath) {/* if (FILE_IsFile(certificatePath) != 1) { printf("\ncertificate file: %s not found!", certificatePath); exit(0); } if (FILE_IsFile(privateCertificatePath) != 1) { printf("\ncertificate file: %s not found!", privateCertificatePath); exit(0); } Set the key and cert if (SSL_CTX_use_certificate_file(ctx, certificatePath, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, privateCertificatePath, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } */ } void configureContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath) { if (FILE_IsFile(certificatePath) != 1) { printf("\ncertificate file: %s not found!", certificatePath); exit(0); } if (FILE_IsFile(privateCertificatePath) != 1) { printf("\ncertificate file: %s not found!", privateCertificatePath); exit(0); } SSL_CTX_set_ecdh_auto(ctx, 1); /* Set the key and cert */ if (SSL_CTX_use_certificate_file(ctx, certificatePath, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, privateCertificatePath, SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } } void ShowCerts(SSL* ssl) { X509 *cert; char *line; cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */ if ( cert != NULL ) { printf("Server certificates:\n"); line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); printf("Subject: %s\n", line); free(line); /* free the malloc'ed string */ line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); printf("Issuer: %s\n", line); free(line); /* free the malloc'ed string */ X509_free(cert); /* free the malloc'ed certificate copy */ } else printf("No certificates.\n"); } void handle_error(const char *file, int lineno, const char *msg) { fprintf(stderr, "** %s:%d %s\n", file, lineno, msg); ERR_print_errors_fp(stderr); /* exit(-1); */ } static void locking_function(int mode, int n, const char *file, int line) { if(mode & CRYPTO_LOCK) MUTEX_LOCK(mutex_buf[n]); else MUTEX_UNLOCK(mutex_buf[n]); } static unsigned long id_function(void) { return ((unsigned long)THREAD_ID); } int thread_setup(void) { int i; mutex_buf = malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE)); if(!mutex_buf) return 0; for(i = 0; i < CRYPTO_num_locks(); i++) MUTEX_SETUP(mutex_buf[i]); CRYPTO_set_id_callback(id_function); CRYPTO_set_locking_callback(locking_function); return 1; } int thread_cleanup(void) { int i; if(!mutex_buf) return 0; CRYPTO_set_id_callback(NULL); CRYPTO_set_locking_callback(NULL); for(i = 0; i < CRYPTO_num_locks(); i++) MUTEX_CLEANUP(mutex_buf[i]); free(mutex_buf); mutex_buf = NULL; return 1; } #endif