Sfoglia il codice sorgente

* Refactor some of the SSL code into ssl.c

Bryan Drewery 15 anni fa
parent
commit
3c74f2474e
6 ha cambiato i file con 157 aggiunte e 88 eliminazioni
  1. 1 0
      src/Makefile.in
  2. 3 5
      src/main.c
  3. 2 73
      src/net.c
  4. 2 10
      src/net.h
  5. 123 0
      src/ssl.c
  6. 26 0
      src/ssl.h

+ 1 - 0
src/Makefile.in

@@ -48,6 +48,7 @@ OBJS = auth.o \
 	shell.o \
 	socket.o \
 	sprintf.o \
+	ssl.o \
 	userent.o \
 	userrec.o \
 	users.o

+ 3 - 5
src/main.c

@@ -26,10 +26,6 @@
  *
  */
 
-#ifdef EGG_SSL_EXT
-int clean_net();
-#endif
-
 #include "common.h"
 #include "main.h"
 #include "userent.h"
@@ -201,7 +197,9 @@ void fatal(const char *s, int recoverable)
   }
 
 #ifdef EGG_SSL_EXT
-  clean_net();
+  if (ssl_use) {
+    unload_ssl();
+  }
 #endif
 
   if (!recoverable) {

+ 2 - 73
src/net.c

@@ -83,12 +83,6 @@ port_t firewallport = 1080;    /* Default port of Sock4/5 firewalls        */
 #define PROXY_SUN     2
 #define PROXY_HTTP    3
 
-#ifdef EGG_SSL_EXT
-SSL_CTX *ssl_ctx = NULL;
-char	*tls_rand_file = NULL;
-#endif
-int     ssl_use = 0; /* kyotou */
-
 /* I need an UNSIGNED long for dcc type stuff
  */
 unsigned long my_atoul(const char *s)
@@ -144,50 +138,6 @@ static int get_ip(char *hostname, union sockaddr_union *so, int dns_type)
   return 0;
 }
 
-#ifdef EGG_SSL_EXT
-int seed_PRNG(void)
-{
-    char stackdata[1024];
-    static char rand_file[300];
-    FILE *fh;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00905100
-    if (RAND_status())
-	return 0;     /* PRNG already good seeded */
-#endif
-    /* if the device '/dev/urandom' is present, OpenSSL uses it by default.
-     * check if it's present, else we have to make random data ourselfs.
-     */
-    if ((fh = fopen("/dev/urandom", "r"))) {
-	fclose(fh);
-        // Try /dev/random if urandom is unavailable
-        if ((fh = fopen("/dev/random", "r"))) {
-          fclose(fh);
-          return 0;
-        }
-    }
-    if (RAND_file_name(rand_file, sizeof(rand_file)))
-	tls_rand_file = rand_file;
-    else
-	return 1;
-    if (!RAND_load_file(rand_file, 1024)) {
-	/* no .rnd file found, create new seed */
-	unsigned int c;
-	c = time(NULL);
-	RAND_seed(&c, sizeof(c));
-	c = getpid();
-	RAND_seed(&c, sizeof(c));
-	RAND_seed(stackdata, sizeof(stackdata));
-    }
-#if OPENSSL_VERSION_NUMBER >= 0x00905100
-    if (!RAND_status())
-	return 2;   /* PRNG still badly seeded */
-#endif
-    return 0;
-}
-#endif
-
-
 /* Initialize the socklist
  */
 void init_net()
@@ -207,31 +157,8 @@ void init_net()
 #endif
     socklist[i].sock = -1;
   }
-#ifdef EGG_SSL_EXT
-  /* good place to init ssl stuff */
-  SSL_load_error_strings();
-  OpenSSL_add_ssl_algorithms();
-  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-  if (!ssl_ctx)
-    fatal("SSL_CTX_new() failed",0);
-  if (seed_PRNG())
-    fatal("Wasn't able to properly seed the PRNG!",0);
-#endif
 }
 
-#ifdef EGG_SSL_EXT
-/* cleanup mess when quiting */
-int clean_net() {
-  if (ssl_ctx) {
-    SSL_CTX_free(ssl_ctx);
-    ssl_ctx = NULL;
-  }
-  if (tls_rand_file)
-    RAND_write_file(tls_rand_file);
-  return 0;
-}
-#endif
-
 /* Get my ipv? ip
  */
 char *myipstr(int af_type)
@@ -696,6 +623,8 @@ int open_telnet_raw(int sock, const char *ipIn, port_t sport, bool proxy_on, int
 int net_switch_to_ssl(int sock) {
   int i = 0;
 
+  load_ssl();
+
   debug0("net_switch_to_ssl()");
   sleep(3); // Give some time to let the connect() go through.
   for (i = 0; i < MAXSOCKS; ++i) {

+ 2 - 10
src/net.h

@@ -12,14 +12,7 @@
 #include <setjmp.h>
 #include <bdlib/src/String.h>
 
-#ifdef EGG_SSL_EXT
-# ifndef EGG_SSL_INCS
-#  include <openssl/ssl.h>
-#  include <openssl/err.h>
-#  include <openssl/rand.h>
-#  define EGG_SSL_INCS 1
-# endif
-#endif
+#include "ssl.h"
 
 namespace bd {
   class Stream;
@@ -152,7 +145,6 @@ int sock_read(bd::Stream&);
 void sock_write(bd::Stream&, int);
 bool socket_run();
 int net_switch_to_ssl(int sock);
-int clean_net();
 
 extern union sockaddr_union 		cached_myip4_so;
 #ifdef USE_IPV6
@@ -161,7 +153,7 @@ extern unsigned long			notalloc;
 #endif /* USE_IPV6 */
 
 extern char				firewall[], botuser[21];
-extern int				MAXSOCKS, socks_total, ssl_use;
+extern int				MAXSOCKS, socks_total;
 extern bool				identd_hack, cached_ip;
 extern port_t				firewallport;
 extern jmp_buf				alarmret;

+ 123 - 0
src/ssl.c

@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 1997 Robey Pointer
+ * Copyright (C) 1999 - 2002 Eggheads Development Team
+ * Copyright (C) 2002 - 2010 Bryan Drewery
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/*
+ * ssl.c -- handles:
+ *   libssl handling
+ *
+ */
+
+
+#include "common.h"
+#include "main.h"
+#include "dl.h"
+#include <bdlib/src/String.h>
+#include <bdlib/src/Array.h>
+
+#include "ssl.h"
+
+#ifdef EGG_SSL_EXT
+SSL_CTX *ssl_ctx = NULL;
+char	*tls_rand_file = NULL;
+#endif
+int     ssl_use = 0; /* kyotou */
+
+static int seed_PRNG(void);
+
+int load_ssl() {
+  if (ssl_ctx) {
+    return 0;
+  }
+
+#ifdef EGG_SSL_EXT
+  /* good place to init ssl stuff */
+  SSL_load_error_strings();
+  OpenSSL_add_ssl_algorithms();
+  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  if (!ssl_ctx)
+    fatal("SSL_CTX_new() failed",0);
+  if (seed_PRNG())
+    fatal("Wasn't able to properly seed the PRNG!",0);
+#endif
+
+  return 0;
+}
+
+int unload_ssl() {
+  if (ssl_ctx) {
+#ifdef EGG_SSL_EXT
+    /* cleanup mess when quiting */
+    if (ssl_ctx) {
+      SSL_CTX_free(ssl_ctx);
+      ssl_ctx = NULL;
+    }
+    if (tls_rand_file)
+      RAND_write_file(tls_rand_file);
+#endif
+    return 0;
+  }
+  return 1;
+}
+
+#ifdef EGG_SSL_EXT
+static int seed_PRNG(void)
+{
+  char stackdata[1024];
+  static char rand_file[300];
+  FILE *fh;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00905100
+  if (RAND_status())
+    return 0;     /* PRNG already good seeded */
+#endif
+  /* if the device '/dev/urandom' is present, OpenSSL uses it by default.
+   * check if it's present, else we have to make random data ourselfs.
+   */
+  if ((fh = fopen("/dev/urandom", "r"))) {
+    fclose(fh);
+    // Try /dev/random if urandom is unavailable
+    if ((fh = fopen("/dev/random", "r"))) {
+      fclose(fh);
+      return 0;
+    }
+  }
+  if (RAND_file_name(rand_file, sizeof(rand_file)))
+    tls_rand_file = rand_file;
+  else
+    return 1;
+  if (!RAND_load_file(rand_file, 1024)) {
+    /* no .rnd file found, create new seed */
+    unsigned int c;
+    c = time(NULL);
+    RAND_seed(&c, sizeof(c));
+    c = getpid();
+    RAND_seed(&c, sizeof(c));
+    RAND_seed(stackdata, sizeof(stackdata));
+  }
+#if OPENSSL_VERSION_NUMBER >= 0x00905100
+  if (!RAND_status())
+    return 2;   /* PRNG still badly seeded */
+#endif
+  return 0;
+}
+#endif
+
+
+

+ 26 - 0
src/ssl.h

@@ -0,0 +1,26 @@
+#ifndef _SSL_H
+#define _SSL_H
+
+#include "common.h"
+#include "dl.h"
+#include <bdlib/src/String.h>
+
+#ifdef EGG_SSL_EXT
+# ifndef EGG_SSL_INCS
+#  include <openssl/ssl.h>
+#  include <openssl/err.h>
+#  include <openssl/rand.h>
+#  define EGG_SSL_INCS 1
+# endif
+#endif
+
+int load_ssl();
+int unload_ssl();
+
+#ifdef EGG_SSL_EXT
+extern SSL_CTX *ssl_ctx;
+extern char *tls_rand_file;
+#endif
+extern int ssl_use;
+
+#endif /* !_SSL_H */