Changeset 5ebff60 for lib/ssl_nss.c
- Timestamp:
- 2015-02-20T22:50:54Z (9 years ago)
- Branches:
- master
- Children:
- 0b9daac, 3d45471, 7733b8c
- Parents:
- af359b4
- git-author:
- Indent <please@…> (19-02-15 05:47:20)
- git-committer:
- dequis <dx@…> (20-02-15 22:50:54)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
lib/ssl_nss.c
raf359b4 r5ebff60 1 1 /********************************************************************\ 2 2 * BitlBee -- An IRC to other IM-networks gateway * 3 3 * * … … 60 60 61 61 static gboolean ssl_connected(gpointer data, gint source, 62 62 b_input_condition cond); 63 63 static gboolean ssl_starttls_real(gpointer data, gint source, 64 64 b_input_condition cond); 65 65 66 66 static SECStatus nss_auth_cert(void *arg, PRFileDesc * socket, PRBool checksig, 67 67 PRBool isserver) 68 68 { 69 69 return SECSuccess; … … 74 74 PRErrorCode err; 75 75 76 if (!arg) 76 if (!arg) { 77 77 return SECFailure; 78 } 78 79 79 80 *(PRErrorCode *) arg = err = PORT_GetError(); … … 114 115 115 116 void *ssl_connect(char *host, int port, gboolean verify, 116 117 ssl_input_function func, gpointer data) 117 118 { 118 119 struct scd *conn = g_new0(struct scd, 1); … … 137 138 138 139 static gboolean ssl_starttls_real(gpointer data, gint source, 139 140 b_input_condition cond) 140 141 { 141 142 struct scd *conn = data; … … 145 146 146 147 void *ssl_starttls(int fd, char *hostname, gboolean verify, 147 148 ssl_input_function func, gpointer data) 148 149 { 149 150 struct scd *conn = g_new0(struct scd, 1); … … 175 176 176 177 static gboolean ssl_connected(gpointer data, gint source, 177 178 b_input_condition cond) 178 179 { 179 180 struct scd *conn = data; … … 183 184 if (conn->verify) { 184 185 conn->func(conn->data, 1, NULL, cond); 185 if (source >= 0) 186 if (source >= 0) { 186 187 closesocket(source); 188 } 187 189 g_free(conn->hostname); 188 190 g_free(conn); … … 191 193 } 192 194 193 if (source == -1) 195 if (source == -1) { 194 196 goto ssl_connected_failure; 197 } 195 198 196 199 /* Until we find out how to handle non-blocking I/O with NSS... */ … … 198 201 199 202 conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source)); 200 if (!conn->prfd) 203 if (!conn->prfd) { 201 204 goto ssl_connected_failure; 205 } 202 206 SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE); 203 207 SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); 204 208 SSL_BadCertHook(conn->prfd, (SSLBadCertHandler) nss_bad_cert, NULL); 205 209 SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate) nss_auth_cert, 206 (void *)CERT_GetDefaultCertDB());210 (void *) CERT_GetDefaultCertDB()); 207 211 SSL_SetURL(conn->prfd, conn->hostname); 208 212 SSL_ResetHandshake(conn->prfd, PR_FALSE); … … 216 220 return FALSE; 217 221 218 222 ssl_connected_failure: 219 223 220 224 conn->func(conn->data, 0, NULL, cond); 221 225 222 if (conn->prfd) 226 if (conn->prfd) { 223 227 PR_Close(conn->prfd); 224 if (source >= 0) 228 } 229 if (source >= 0) { 225 230 closesocket(source); 231 } 226 232 g_free(conn->hostname); 227 233 g_free(conn); … … 235 241 PRErrorCode PR_err; 236 242 237 if (!((struct scd *) conn)->established) {243 if (!((struct scd *) conn)->established) { 238 244 ssl_errno = SSL_NOHANDSHAKE; 239 245 return -1; 240 246 } 241 247 242 st = PR_Read(((struct scd *) conn)->prfd, buf, len);248 st = PR_Read(((struct scd *) conn)->prfd, buf, len); 243 249 PR_err = PR_GetError(); 244 250 245 251 ssl_errno = SSL_OK; 246 if (PR_err == PR_WOULD_BLOCK_ERROR) 252 if (PR_err == PR_WOULD_BLOCK_ERROR) { 247 253 ssl_errno = SSL_AGAIN; 248 249 if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) 254 } 255 256 if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { 250 257 len = write(STDERR_FILENO, buf, st); 258 } 251 259 252 260 return st; … … 258 266 PRErrorCode PR_err; 259 267 260 if (!((struct scd *) conn)->established) {268 if (!((struct scd *) conn)->established) { 261 269 ssl_errno = SSL_NOHANDSHAKE; 262 270 return -1; 263 271 } 264 st = PR_Write(((struct scd *) conn)->prfd, buf, len);272 st = PR_Write(((struct scd *) conn)->prfd, buf, len); 265 273 PR_err = PR_GetError(); 266 274 267 275 ssl_errno = SSL_OK; 268 if (PR_err == PR_WOULD_BLOCK_ERROR) 276 if (PR_err == PR_WOULD_BLOCK_ERROR) { 269 277 ssl_errno = SSL_AGAIN; 270 271 if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) 278 } 279 280 if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0) { 272 281 len = write(2, buf, st); 282 } 273 283 274 284 return st; … … 277 287 int ssl_pending(void *conn) 278 288 { 279 struct scd *c = (struct scd *) conn;289 struct scd *c = (struct scd *) conn; 280 290 281 291 if (c == NULL) { … … 293 303 // NSS_Shutdown(); 294 304 295 if (conn->prfd) 305 if (conn->prfd) { 296 306 PR_Close(conn->prfd); 307 } 297 308 298 309 g_free(conn->hostname); … … 302 313 int ssl_getfd(void *conn) 303 314 { 304 return (((struct scd *) conn)->fd);315 return (((struct scd *) conn)->fd); 305 316 } 306 317 … … 314 325 { 315 326 return 316 g_strdup317 ("SSL certificate verification not supported by BitlBee NSS code.");327 g_strdup 328 ("SSL certificate verification not supported by BitlBee NSS code."); 318 329 } 319 330 320 331 size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len, 321 322 332 const unsigned char *input, size_t input_len, 333 const unsigned char *iv, unsigned char **res) 323 334 { 324 335 #define CIPHER_MECH CKM_DES3_CBC … … 342 353 } 343 354 344 keyItem.data = (unsigned char *) key;355 keyItem.data = (unsigned char *) key; 345 356 keyItem.len = key_len; 346 357 … … 348 359 if (slot == NULL) { 349 360 fprintf(stderr, "PK11_GetBestSlot failed (err %d)\n", 350 361 PR_GetError()); 351 362 rc = 0; 352 363 goto out; … … 354 365 355 366 symKey = 356 PK11_ImportSymKey(slot, CIPHER_MECH, PK11_OriginUnwrap, CKA_ENCRYPT,357 367 PK11_ImportSymKey(slot, CIPHER_MECH, PK11_OriginUnwrap, CKA_ENCRYPT, 368 &keyItem, NULL); 358 369 if (symKey == NULL) { 359 370 fprintf(stderr, "PK11_ImportSymKey failed (err %d)\n", 360 361 rc = 0; 362 goto out; 363 } 364 365 ivItem.data = (unsigned char *) iv;371 PR_GetError()); 372 rc = 0; 373 goto out; 374 } 375 376 ivItem.data = (unsigned char *) iv; 366 377 /* See msn_soap_passport_sso_handle_response in protocols/msn/soap.c */ 367 378 ivItem.len = 8; … … 370 381 if (secParam == NULL) { 371 382 fprintf(stderr, "PK11_ParamFromIV failed (err %d)\n", 372 383 PR_GetError()); 373 384 rc = 0; 374 385 goto out; … … 376 387 377 388 ctx = 378 PK11_CreateContextBySymKey(CIPHER_MECH, CKA_ENCRYPT, symKey,379 389 PK11_CreateContextBySymKey(CIPHER_MECH, CKA_ENCRYPT, symKey, 390 secParam); 380 391 if (ctx == NULL) { 381 392 fprintf(stderr, "PK11_CreateContextBySymKey failed (err %d)\n", 382 393 PR_GetError()); 383 394 rc = 0; 384 395 goto out; … … 388 399 389 400 rv = PK11_CipherOp(ctx, *res, &len1, MAX_OUTPUT_LEN, 390 (unsigned char *)input, input_len);401 (unsigned char *) input, input_len); 391 402 if (rv != SECSuccess) { 392 403 fprintf(stderr, "PK11_CipherOp failed (err %d)\n", 393 404 PR_GetError()); 394 405 rc = 0; 395 406 goto out; … … 399 410 400 411 rv = PK11_DigestFinal(ctx, *res + len1, &len2, 401 (unsigned int)MAX_OUTPUT_LEN - len1);412 (unsigned int) MAX_OUTPUT_LEN - len1); 402 413 if (rv != SECSuccess) { 403 414 fprintf(stderr, "PK11_DigestFinal failed (err %d)\n", 404 415 PR_GetError()); 405 416 rc = 0; 406 417 goto out; … … 409 420 rc = len1 + len2; 410 421 411 412 if (ctx) 422 out: 423 if (ctx) { 413 424 PK11_DestroyContext(ctx, PR_TRUE); 414 if (symKey) 425 } 426 if (symKey) { 415 427 PK11_FreeSymKey(symKey); 416 if (secParam) 428 } 429 if (secParam) { 417 430 SECITEM_FreeItem(secParam, PR_TRUE); 418 if (slot) 431 } 432 if (slot) { 419 433 PK11_FreeSlot(slot); 434 } 420 435 421 436 return rc;
Note: See TracChangeset
for help on using the changeset viewer.