Quellcode durchsuchen

* Refactor OpenSSL into openssl.{c,h} and load on startup

Bryan Drewery vor 15 Jahren
Ursprung
Commit
1d6e5068d8
12 geänderte Dateien mit 175 neuen und 105 gelöschten Zeilen
  1. 1 0
      src/Makefile.in
  2. 5 0
      src/crypto/dh_util.c
  3. 1 0
      src/crypto/dh_util.h
  4. 0 4
      src/libcrypto.c
  5. 6 0
      src/libcrypto.h
  6. 0 77
      src/libssl.c
  7. 4 8
      src/libssl.h
  8. 4 10
      src/main.c
  9. 0 5
      src/net.c
  10. 1 1
      src/net.h
  11. 131 0
      src/openssl.c
  12. 22 0
      src/openssl.h

+ 1 - 0
src/Makefile.in

@@ -44,6 +44,7 @@ OBJS = auth.o \
 	misc.o \
 	misc_file.o \
 	net.o \
+	openssl.o \
 	adns.o \
 	response.o \
 	rfc1459.o \

+ 5 - 0
src/crypto/dh_util.c

@@ -30,6 +30,11 @@ void DH1080_init() {
   }
 }
 
+void DH1080_uninit() {
+  BN_clear_free(b_prime);
+  BN_clear_free(b_generator);
+}
+
 /**
  * @brief Encode a string using FiSH's base64 algorithm (from FiSH/mIRC)
  * @note Any = padding is removed, and an 'A' is added if no padding was needed

+ 1 - 0
src/crypto/dh_util.h

@@ -18,4 +18,5 @@ bd::String fishBase64Decode(const bd::String& str);
 void DH1080_gen(bd::String& privateKey, bd::String& publicKeyB64);
 bool DH1080_comp(const bd::String privateKey, const bd::String theirPublicKeyB64, bd::String& sharedKey);
 void DH1080_init();
+void DH1080_uninit();
 #endif

+ 0 - 4
src/libcrypto.c

@@ -118,10 +118,6 @@ int load_libcrypto() {
 
 int unload_libcrypto() {
   if (libcrypto_handle) {
-    ERR_free_strings();
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-
     // Cleanup symbol table
     for (size_t i = 0; i < my_symbols.length(); ++i) {
       dl_symbol_table.remove(my_symbols[i]);

+ 6 - 0
src/libcrypto.h

@@ -1,6 +1,10 @@
 #ifndef _LIBCRYPTO_H
 #define _LIBCRYPTO_H
 
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
+
 #include ".defs/libcrypto_pre.h"
 
 #include <openssl/crypto.h>
@@ -8,6 +12,8 @@
 #include <openssl/blowfish.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
 
 #include ".defs/libcrypto_post.h"
 

+ 0 - 77
src/libssl.c

@@ -36,13 +36,6 @@
 
 void *libssl_handle = NULL;
 static bd::Array<bd::String> my_symbols;
-#ifdef EGG_SSL_EXT
-SSL_CTX *ssl_ctx = NULL;
-char	*tls_rand_file = NULL;
-#endif
-int     ssl_use = 0; /* kyotou */
-
-static int seed_PRNG(void);
 
 static int load_symbols(void *handle) {
   const char *dlsym_error = NULL;
@@ -91,42 +84,11 @@ int load_libssl() {
 
   load_symbols(libssl_handle);
 
-#ifdef EGG_SSL_EXT
-  /* good place to init ssl stuff */
-  SSL_load_error_strings();
-  OpenSSL_add_ssl_algorithms();
-  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-  if (!ssl_ctx) {
-    sdprintf("SSL_CTX_new() failed");
-    return 1;
-  }
-
-  // Disable insecure SSLv2
-  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
-
-  if (seed_PRNG()) {
-    sdprintf("Wasn't able to properly seed the PRNG!");
-    SSL_CTX_free(ssl_ctx);
-    ssl_ctx = NULL;
-    return 1;
-  }
-#endif
-
   return 0;
 }
 
 int unload_libssl() {
   if (libssl_handle) {
-#ifdef EGG_SSL_EXT
-    /* cleanup mess when quiting */
-    if (ssl_ctx) {
-      SSL_CTX_free(ssl_ctx);
-      ssl_ctx = NULL;
-    }
-    if (tls_rand_file)
-      RAND_write_file(tls_rand_file);
-#endif
-
     // Cleanup symbol table
     for (size_t i = 0; i < my_symbols.length(); ++i) {
       dl_symbol_table.remove(my_symbols[i]);
@@ -140,42 +102,3 @@ int unload_libssl() {
   }
   return 1;
 }
-
-#ifdef EGG_SSL_EXT
-static int seed_PRNG(void)
-{
-  char stackdata[1024];
-  static char rand_file[300];
-  FILE *fh;
-
-  if (RAND_status())
-    return 0;     /* PRNG already good seeded */
-  /* if the device '/dev/urandom' is present, OpenSSL uses it by default.
-   * check if it's present, else we have to make random data ourselfs.
-   */
-  if ((fh = fopen("/dev/urandom", "r"))) {
-    fclose(fh);
-    // Try /dev/random if urandom is unavailable
-    if ((fh = fopen("/dev/random", "r"))) {
-      fclose(fh);
-      return 0;
-    }
-  }
-  if (RAND_file_name(rand_file, sizeof(rand_file)))
-    tls_rand_file = rand_file;
-  else
-    return 1;
-  if (!RAND_load_file(rand_file, 1024)) {
-    /* no .rnd file found, create new seed */
-    RAND_seed(&now, sizeof(time_t));
-    RAND_seed(&conf.bot->pid, sizeof(pid_t));
-    RAND_seed(stackdata, sizeof(stackdata));
-  }
-  if (!RAND_status())
-    return 2;   /* PRNG still badly seeded */
-  return 0;
-}
-#endif
-
-
-

+ 4 - 8
src/libssl.h

@@ -1,6 +1,10 @@
 #ifndef _LIBSSL_H
 #define _LIBSSL_H
 
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
+
 #include "common.h"
 #include "dl.h"
 #include <bdlib/src/String.h>
@@ -10,8 +14,6 @@
 #ifdef EGG_SSL_EXT
 # ifndef EGG_SSL_INCS
 #  include <openssl/ssl.h>
-#  include <openssl/err.h>
-#  include <openssl/rand.h>
 #  define EGG_SSL_INCS 1
 # endif
 #endif
@@ -37,10 +39,4 @@ typedef long (*SSL_CTX_ctrl_t)(SSL_CTX*, int, long, void*);
 int load_libssl();
 int unload_libssl();
 
-#ifdef EGG_SSL_EXT
-extern SSL_CTX *ssl_ctx;
-extern char *tls_rand_file;
-#endif
-extern int ssl_use;
-
 #endif /* !_LIBSSL_H */

+ 4 - 10
src/main.c

@@ -196,14 +196,8 @@ void fatal(const char *s, int recoverable)
     }
   }
 
-  unload_libcrypto();
-#ifdef EGG_SSL_EXT
-  if (ssl_use) {
-    unload_libssl();
-  }
-#endif
-
   if (!recoverable) {
+//    uninit_openssl();
 //    if (conf.bot && conf.bot->pid_file)
 //      unlink(conf.bot->pid_file);
     exit(1);
@@ -692,10 +686,10 @@ int main(int argc, char **argv)
   check_trace(1);
 #endif
 
-  if (load_libcrypto()) {
-    fatal("Unable to load libcrypto.", 0);
+  if (init_openssl()) {
+    fprintf(stderr, "Unable to initialize/find OpenSSL.\n");
+    return 1;
   }
-  DH1080_init();
 
   /* Initialize variables and stuff */
   timer_update_now(&egg_timeval_now);

+ 0 - 5
src/net.c

@@ -623,11 +623,6 @@ int open_telnet_raw(int sock, const char *ipIn, port_t sport, bool proxy_on, int
 int net_switch_to_ssl(int sock) {
   int i = 0;
 
-  if (load_libssl()) {
-    debug0("Error while switching to SSL - error loading library");
-    return 0;
-  }
-
   debug0("net_switch_to_ssl()");
   sleep(3); // Give some time to let the connect() go through.
   i = findanysnum(sock);

+ 1 - 1
src/net.h

@@ -12,7 +12,7 @@
 #include <setjmp.h>
 #include <bdlib/src/String.h>
 
-#include "libssl.h"
+#include "openssl.h"
 
 namespace bd {
   class Stream;

+ 131 - 0
src/openssl.c

@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 1997 Robey Pointer
+ * Copyright (C) 1999 - 2002 Eggheads Development Team
+ * Copyright (C) 2002 - 2010 Bryan Drewery
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/*
+ * openssl.c -- handles:
+ *   libcrypto / libssl handling
+ *
+ */
+
+
+#include "common.h"
+#include "main.h"
+#include "dl.h"
+#include <bdlib/src/String.h>
+#include <bdlib/src/Array.h>
+
+#include "libssl.h"
+#include "libcrypto.h"
+
+#ifdef EGG_SSL_EXT
+SSL_CTX *ssl_ctx = NULL;
+char	*tls_rand_file = NULL;
+#endif
+int     ssl_use = 0; /* kyotou */
+
+static int seed_PRNG(void);
+
+int init_openssl() {
+  load_libcrypto();
+  load_libssl();
+
+#ifdef EGG_SSL_EXT
+  /* good place to init ssl stuff */
+  SSL_load_error_strings();
+  OpenSSL_add_ssl_algorithms();
+  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  if (!ssl_ctx) {
+    sdprintf("SSL_CTX_new() failed");
+    return 1;
+  }
+
+  // Disable insecure SSLv2
+  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
+
+  if (seed_PRNG()) {
+    sdprintf("Wasn't able to properly seed the PRNG!");
+    SSL_CTX_free(ssl_ctx);
+    ssl_ctx = NULL;
+    return 1;
+  }
+#endif
+
+  DH1080_init();
+
+  return 0;
+}
+
+int uninit_openssl () {
+  DH1080_uninit();
+
+#ifdef EGG_SSL_EXT
+  /* cleanup mess when quiting */
+  if (ssl_ctx) {
+    SSL_CTX_free(ssl_ctx);
+    ssl_ctx = NULL;
+  }
+  if (tls_rand_file)
+    RAND_write_file(tls_rand_file);
+#endif
+
+  ERR_free_strings();
+  EVP_cleanup();
+  CRYPTO_cleanup_all_ex_data();
+
+  unload_libssl();
+  unload_libcrypto();
+  return 0;
+}
+
+#ifdef EGG_SSL_EXT
+static int seed_PRNG(void)
+{
+  char stackdata[1024];
+  static char rand_file[300];
+  FILE *fh;
+
+  if (RAND_status())
+    return 0;     /* PRNG already good seeded */
+  /* if the device '/dev/urandom' is present, OpenSSL uses it by default.
+   * check if it's present, else we have to make random data ourselfs.
+   */
+  if ((fh = fopen("/dev/urandom", "r"))) {
+    fclose(fh);
+    // Try /dev/random if urandom is unavailable
+    if ((fh = fopen("/dev/random", "r"))) {
+      fclose(fh);
+      return 0;
+    }
+  }
+  if (RAND_file_name(rand_file, sizeof(rand_file)))
+    tls_rand_file = rand_file;
+  else
+    return 1;
+  if (!RAND_load_file(rand_file, 1024)) {
+    /* no .rnd file found, create new seed */
+    RAND_seed(&now, sizeof(time_t));
+    RAND_seed(&conf.bot->pid, sizeof(pid_t));
+    RAND_seed(stackdata, sizeof(stackdata));
+  }
+  if (!RAND_status())
+    return 2;   /* PRNG still badly seeded */
+  return 0;
+}
+#endif

+ 22 - 0
src/openssl.h

@@ -0,0 +1,22 @@
+#ifndef _OPENSSL_H_
+#define _OPENSSL_H_
+
+#ifdef HAVE_CONFIG_H
+#  include "config.h"
+#endif
+
+#include "common.h"
+#include <bdlib/src/String.h>
+
+#include "libssl.h"
+#include "libcrypto.h"
+
+#ifdef EGG_SSL_EXT
+extern SSL_CTX *ssl_ctx;
+extern char *tls_rand_file;
+#endif
+extern int ssl_use;
+
+int init_openssl();
+int uninit_openssl();
+#endif