From 78afd85990ef2678beb78a66a47784e16864a469 Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Wed, 25 Nov 2015 01:17:39 -0800 Subject: [PATCH 1/4] support raw ssl cert/key/dhparam objects for initialization --- Csocket.cc | 156 ++++++++++++++++++++++++++++++++++++----------------- Csocket.h | 29 ++++++++++ 2 files changed, 135 insertions(+), 50 deletions(-) diff --git a/Csocket.cc b/Csocket.cc index d342b69..0fd118a 100644 --- a/Csocket.cc +++ b/Csocket.cc @@ -1044,6 +1044,8 @@ void Csock::Copy( const Csock & cCopy ) m_shostname = cCopy.m_shostname; m_sbuffer = cCopy.m_sbuffer; m_sSockName = cCopy.m_sSockName; + m_sKeyRaw = cCopy.m_sKeyRaw; + m_sCertRaw = cCopy.m_sCertRaw; m_sKeyFile = cCopy.m_sKeyFile; m_sDHParamFile = cCopy.m_sDHParamFile; m_sPemFile = cCopy.m_sPemFile; @@ -1570,14 +1572,26 @@ bool Csock::SSLClientSetup() SSL_CTX_set_default_verify_paths( m_ssl_ctx ); - if( !m_sPemFile.empty() ) + // are we sending a client cerificate ? + SSL_CTX_set_default_passwd_cb( m_ssl_ctx, _PemPassCB ); + SSL_CTX_set_default_passwd_cb_userdata( m_ssl_ctx, ( void * )this ); + + // set up the CTX + if (m_sCertRaw && m_sKeyRaw) + { + if( SSL_CTX_use_certificate( m_ssl_ctx, m_sCertRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + if( SSL_CTX_use_PrivateKey( m_ssl_ctx, m_sKeyRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } + else if( !m_sPemFile.empty() ) { - // are we sending a client cerificate ? - SSL_CTX_set_default_passwd_cb( m_ssl_ctx, _PemPassCB ); - SSL_CTX_set_default_passwd_cb_userdata( m_ssl_ctx, ( void * )this ); - - // - // set up the CTX if( SSL_CTX_use_certificate_file( m_ssl_ctx, m_sPemFile.c_str() , SSL_FILETYPE_PEM ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); @@ -1704,52 +1718,79 @@ SSL_CTX * Csock::SetupServerCTX() SSL_CTX_set_default_passwd_cb( pCTX, _PemPassCB ); SSL_CTX_set_default_passwd_cb_userdata( pCTX, ( void * )this ); - if( m_sPemFile.empty() || access( m_sPemFile.c_str(), R_OK ) != 0 ) - { - CS_DEBUG( "Empty, missing, or bad pemfile ... [" << m_sPemFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - - if( ! m_sKeyFile.empty() && access( m_sKeyFile.c_str(), R_OK ) != 0 ) - { - CS_DEBUG( "Bad keyfile ... [" << m_sKeyFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - - // - // set up the CTX - if( SSL_CTX_use_certificate_chain_file( pCTX, m_sPemFile.c_str() ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - - CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; - if( SSL_CTX_use_PrivateKey_file( pCTX, privKeyFile.c_str(), SSL_FILETYPE_PEM ) <= 0 ) - { - CS_DEBUG( "Error with SSLKey file [" << privKeyFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - SSL_CTX_free( pCTX ); - return( NULL ); - } + if(!m_sCertRaw) { + if(m_sPemFile.empty() || access( m_sPemFile.c_str(), R_OK ) != 0 ) + { + CS_DEBUG( "Empty, missing, or bad pemfile ... [" << m_sPemFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + else { + // + // set up the CTX + if( SSL_CTX_use_certificate_chain_file( pCTX, m_sPemFile.c_str() ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + } + } + else + { + if( SSL_CTX_use_certificate( pCTX, m_sCertRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } + + + if(!m_sKeyRaw) { + if(! m_sKeyFile.empty() && access( m_sKeyFile.c_str(), R_OK ) != 0 ) + { + CS_DEBUG( "Bad keyfile ... [" << m_sKeyFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } else { + CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; + if( SSL_CTX_use_PrivateKey_file( pCTX, privKeyFile.c_str(), SSL_FILETYPE_PEM ) <= 0 ) + { + CS_DEBUG( "Error with SSLKey file [" << privKeyFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + } + } + else + { + if( SSL_CTX_use_PrivateKey( pCTX, m_sKeyRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } // check to see if this pem file contains a DH structure for use with DH key exchange // https://github.com/znc/znc/pull/46 - CS_STRING DHParamFile = m_sDHParamFile.empty() ? m_sPemFile : m_sDHParamFile; - FILE *dhParamsFile = fopen( DHParamFile.c_str(), "r" ); - if( !dhParamsFile ) - { - CS_DEBUG( "Error with DHParam file [" << DHParamFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - - DH * dhParams = PEM_read_DHparams( dhParamsFile, NULL, NULL, NULL ); - fclose( dhParamsFile ); + DH * dhParams; + if (!m_sDHParamRaw) { + CS_STRING DHParamFile = m_sDHParamFile.empty() ? m_sPemFile : m_sDHParamFile; + FILE *dhParamsFile = fopen( DHParamFile.c_str(), "r" ); + if( !dhParamsFile ) + { + CS_DEBUG( "Error with DHParam file [" << DHParamFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + dhParams = PEM_read_DHparams( dhParamsFile, NULL, NULL, NULL ); + fclose( dhParamsFile ); + } + else { + dhParams = m_sDHParamRaw; + } if( dhParams ) { SSL_CTX_set_options( pCTX, SSL_OP_SINGLE_DH_USE ); @@ -2549,6 +2590,15 @@ void Csock::SetSSL( bool b ) { m_bUseSSL = b; } void Csock::SetCipher( const CS_STRING & sCipher ) { m_sCipherType = sCipher; } const CS_STRING & Csock::GetCipher() const { return( m_sCipherType ); } +void Csock::SetKeyRaw( EVP_PKEY * sKeyRaw ) { m_sKeyRaw = sKeyRaw; } +EVP_PKEY * Csock::GetKeyRaw() const { return( m_sKeyRaw ); } + +void Csock::SetCertRaw( X509 * sCertRaw ) { m_sCertRaw = sCertRaw; } +X509 * Csock::GetCertRaw() const { return( m_sCertRaw ); } + +void Csock::SetDHParamRaw( DH * sDHParamRaw ) { m_sDHParamRaw = sDHParamRaw; } +DH * Csock::GetDHParamRaw() const { return( m_sDHParamRaw ); } + void Csock::SetDHParamLocation( const CS_STRING & sDHParamFile ) { m_sDHParamFile = sDHParamFile; } const CS_STRING & Csock::GetDHParamLocation() const { return( m_sDHParamFile ); } @@ -4044,6 +4094,12 @@ void CSocketManager::Select( std::map & mpeSocks ) NewpcSock->SetDHParamLocation( pcSock->GetDHParamLocation() ); NewpcSock->SetKeyLocation( pcSock->GetKeyLocation() ); NewpcSock->SetPemLocation( pcSock->GetPemLocation() ); + NewpcSock->SetPemPass( pcSock->GetPemPass() ); + + NewpcSock->SetCertRaw( pcSock->GetCertRaw() ); + NewpcSock->SetKeyRaw( pcSock->GetKeyRaw() ); + NewpcSock->SetDHParamRaw( pcSock->GetDHParamRaw() ); + NewpcSock->SetPemPass( pcSock->GetPemPass() ); NewpcSock->SetRequireClientCertFlags( pcSock->GetRequireClientCertFlags() ); bAddSock = NewpcSock->AcceptSSL(); diff --git a/Csocket.h b/Csocket.h index 7b8e969..a202c86 100644 --- a/Csocket.h +++ b/Csocket.h @@ -876,6 +876,14 @@ class CS_EXPORT Csock : public CSockCommon void SetPemPass( const CS_STRING & sPassword ); const CS_STRING & GetPemPass() const; + //! set raw certificate, keys & dhparam + void SetKeyRaw( EVP_PKEY * sKeyRaw ); + EVP_PKEY * GetKeyRaw() const; + void SetCertRaw( X509 * sCertRaw ); + X509 * GetCertRaw() const; + void SetDHParamRaw( DH * sDHParamRaw ); + DH * GetDHParamRaw() const; + //! Set the SSL method type void SetSSLMethod( int iMethod ); int GetSSLMethod() const; @@ -1172,6 +1180,9 @@ class CS_EXPORT Csock : public CSockCommon bool m_bUseSSL, m_bIsConnected; bool m_bsslEstablished, m_bEnableReadLine, m_bPauseRead; CS_STRING m_shostname, m_sbuffer, m_sSockName, m_sDHParamFile, m_sKeyFile, m_sPemFile, m_sCipherType, m_sParentName; + X509* m_sCertRaw; + EVP_PKEY* m_sKeyRaw; + DH* m_sDHParamRaw; CS_STRING m_sSend, m_sPemPass; ECloseType m_eCloseType; @@ -1264,6 +1275,9 @@ class CS_EXPORT CSConnection #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } + const X509 & GetCertRaw() const { return( *m_sCertRaw ); } + const EVP_PKEY & GetKeyRaw() const { return( *m_sKeyRaw ); } + const DH & GetDHParamRaw() const { return( *m_sDHParamRaw ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } @@ -1302,6 +1316,9 @@ class CS_EXPORT CSConnection CSSockAddr::EAFRequire m_iAFrequire; #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; + X509* m_sCertRaw; + EVP_PKEY* m_sKeyRaw; + DH* m_sDHParamRaw; #endif /* HAVE_LIBSSL */ }; @@ -1356,6 +1373,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } + const EVP_PKEY & GetKeyRaw() const { return( *m_sKeyRaw ); } + const X509 & GetCertRaw() const { return( *m_sCertRaw ); } + const DH & GetDHParamRaw() const { return( *m_sDHParamRaw ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetPemPass() const { return( m_sPemPass ); } @@ -1380,6 +1400,12 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL //! set the cipher strength to use, default is HIGH void SetCipher( const CS_STRING & s ) { m_sCipher = s; } + //! set the raw cert data + void SetCertRaw( X509 * s ) { m_sCertRaw = s; } + //! set the raw key data + void SetKeyRaw( EVP_PKEY * s ) { m_sKeyRaw = s; } + //! set the raw dhparam data + void SetDHParamRaw( DH * s ) { m_sDHParamRaw = s; } //! set the location of the pemfile void SetPemLocation( const CS_STRING & s ) { m_sPemLocation = s; } //! set the location of the keyfile @@ -1404,6 +1430,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; + X509* m_sCertRaw; + EVP_PKEY* m_sKeyRaw; + DH* m_sDHParamRaw; uint32_t m_iRequireCertFlags; #endif /* HAVE_LIBSSL */ }; From c076d0a1d2f1bb94e36d32eee1a78c744473f468 Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Wed, 25 Nov 2015 11:48:15 -0800 Subject: [PATCH 2/4] use hungarian naming conventions, astyle formatting --- Csocket.cc | 212 +++++++++++++++++++++++++++-------------------------- Csocket.h | 32 ++++---- 2 files changed, 126 insertions(+), 118 deletions(-) diff --git a/Csocket.cc b/Csocket.cc index 0fd118a..bec9f53 100644 --- a/Csocket.cc +++ b/Csocket.cc @@ -1044,8 +1044,9 @@ void Csock::Copy( const Csock & cCopy ) m_shostname = cCopy.m_shostname; m_sbuffer = cCopy.m_sbuffer; m_sSockName = cCopy.m_sSockName; - m_sKeyRaw = cCopy.m_sKeyRaw; - m_sCertRaw = cCopy.m_sCertRaw; + m_pKeyRaw = cCopy.m_pKeyRaw; + m_pCertRaw = cCopy.m_pCertRaw; + m_pDHParamRaw = cCopy.m_pDHParamRaw; m_sKeyFile = cCopy.m_sKeyFile; m_sDHParamFile = cCopy.m_sDHParamFile; m_sPemFile = cCopy.m_sPemFile; @@ -1572,32 +1573,32 @@ bool Csock::SSLClientSetup() SSL_CTX_set_default_verify_paths( m_ssl_ctx ); - // are we sending a client cerificate ? - SSL_CTX_set_default_passwd_cb( m_ssl_ctx, _PemPassCB ); - SSL_CTX_set_default_passwd_cb_userdata( m_ssl_ctx, ( void * )this ); - - // set up the CTX - if (m_sCertRaw && m_sKeyRaw) - { - if( SSL_CTX_use_certificate( m_ssl_ctx, m_sCertRaw ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - } - if( SSL_CTX_use_PrivateKey( m_ssl_ctx, m_sKeyRaw ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - } - } - else if( !m_sPemFile.empty() ) + // are we sending a client cerificate ? + SSL_CTX_set_default_passwd_cb( m_ssl_ctx, _PemPassCB ); + SSL_CTX_set_default_passwd_cb_userdata( m_ssl_ctx, ( void * )this ); + + // set up the CTX + if( m_pCertRaw && m_pKeyRaw ) + { + if( SSL_CTX_use_certificate( m_ssl_ctx, m_pCertRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + if( SSL_CTX_use_PrivateKey( m_ssl_ctx, m_pKeyRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } + else if( !m_sPemFile.empty() ) { if( SSL_CTX_use_certificate_file( m_ssl_ctx, m_sPemFile.c_str() , SSL_FILETYPE_PEM ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); } - CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; + CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; if( SSL_CTX_use_PrivateKey_file( m_ssl_ctx, privKeyFile.c_str(), SSL_FILETYPE_PEM ) <= 0 ) { CS_DEBUG( "Error with SSLKey file [" << privKeyFile << "]" ); @@ -1718,91 +1719,98 @@ SSL_CTX * Csock::SetupServerCTX() SSL_CTX_set_default_passwd_cb( pCTX, _PemPassCB ); SSL_CTX_set_default_passwd_cb_userdata( pCTX, ( void * )this ); - if(!m_sCertRaw) { - if(m_sPemFile.empty() || access( m_sPemFile.c_str(), R_OK ) != 0 ) - { - CS_DEBUG( "Empty, missing, or bad pemfile ... [" << m_sPemFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - else { - // - // set up the CTX - if( SSL_CTX_use_certificate_chain_file( pCTX, m_sPemFile.c_str() ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - } - } - else - { - if( SSL_CTX_use_certificate( pCTX, m_sCertRaw ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - } - } - - - if(!m_sKeyRaw) { - if(! m_sKeyFile.empty() && access( m_sKeyFile.c_str(), R_OK ) != 0 ) - { - CS_DEBUG( "Bad keyfile ... [" << m_sKeyFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } else { - CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; - if( SSL_CTX_use_PrivateKey_file( pCTX, privKeyFile.c_str(), SSL_FILETYPE_PEM ) <= 0 ) - { - CS_DEBUG( "Error with SSLKey file [" << privKeyFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - } - } - else - { - if( SSL_CTX_use_PrivateKey( pCTX, m_sKeyRaw ) <= 0 ) - { - CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); - SSLErrors( __FILE__, __LINE__ ); - } - } + if( !m_pCertRaw ) + { + if( m_sPemFile.empty() || access( m_sPemFile.c_str(), R_OK ) != 0 ) + { + CS_DEBUG( "Empty, missing, or bad pemfile ... [" << m_sPemFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + else + { + // + // set up the CTX + if( SSL_CTX_use_certificate_chain_file( pCTX, m_sPemFile.c_str() ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + } + } + else + { + if( SSL_CTX_use_certificate( pCTX, m_pCertRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } + + + if( !m_pKeyRaw ) + { + if( ! m_sKeyFile.empty() && access( m_sKeyFile.c_str(), R_OK ) != 0 ) + { + CS_DEBUG( "Bad keyfile ... [" << m_sKeyFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + else + { + CS_STRING privKeyFile = m_sKeyFile.empty() ? m_sPemFile : m_sKeyFile; + if( SSL_CTX_use_PrivateKey_file( pCTX, privKeyFile.c_str(), SSL_FILETYPE_PEM ) <= 0 ) + { + CS_DEBUG( "Error with SSLKey file [" << privKeyFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + } + } + else + { + if( SSL_CTX_use_PrivateKey( pCTX, m_pKeyRaw ) <= 0 ) + { + CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); + SSLErrors( __FILE__, __LINE__ ); + } + } // check to see if this pem file contains a DH structure for use with DH key exchange // https://github.com/znc/znc/pull/46 - DH * dhParams; - if (!m_sDHParamRaw) { - CS_STRING DHParamFile = m_sDHParamFile.empty() ? m_sPemFile : m_sDHParamFile; - FILE *dhParamsFile = fopen( DHParamFile.c_str(), "r" ); - if( !dhParamsFile ) - { - CS_DEBUG( "Error with DHParam file [" << DHParamFile << "]" ); - SSL_CTX_free( pCTX ); - return( NULL ); - } - dhParams = PEM_read_DHparams( dhParamsFile, NULL, NULL, NULL ); - fclose( dhParamsFile ); - } - else { - dhParams = m_sDHParamRaw; - } - if( dhParams ) + DH * pDHParam; + if( !m_pDHParamRaw ) + { + CS_STRING sDHParamFile = m_sDHParamFile.empty() ? m_sPemFile : m_sDHParamFile; + FILE *pDHParamsFile = fopen( sDHParamFile.c_str(), "r" ); + if( !pDHParamsFile ) + { + CS_DEBUG( "Error with DHParam file [" << sDHParamFile << "]" ); + SSL_CTX_free( pCTX ); + return( NULL ); + } + pDHParam = PEM_read_DHparams( pDHParamsFile, NULL, NULL, NULL ); + fclose( pDHParamsFile ); + } + else + { + pDHParam = m_pDHParamRaw; + } + if( pDHParam ) { SSL_CTX_set_options( pCTX, SSL_OP_SINGLE_DH_USE ); - if( !SSL_CTX_set_tmp_dh( pCTX, dhParams ) ) + if( !SSL_CTX_set_tmp_dh( pCTX, pDHParam ) ) { CS_DEBUG( "Error setting ephemeral DH parameters from [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); - DH_free( dhParams ); + DH_free( pDHParam ); SSL_CTX_free( pCTX ); return( NULL ); } - DH_free( dhParams ); + DH_free( pDHParam ); } else { @@ -2590,14 +2598,14 @@ void Csock::SetSSL( bool b ) { m_bUseSSL = b; } void Csock::SetCipher( const CS_STRING & sCipher ) { m_sCipherType = sCipher; } const CS_STRING & Csock::GetCipher() const { return( m_sCipherType ); } -void Csock::SetKeyRaw( EVP_PKEY * sKeyRaw ) { m_sKeyRaw = sKeyRaw; } -EVP_PKEY * Csock::GetKeyRaw() const { return( m_sKeyRaw ); } +void Csock::SetKeyRaw( EVP_PKEY * sKeyRaw ) { m_pKeyRaw = sKeyRaw; } +EVP_PKEY * Csock::GetKeyRaw() const { return( m_pKeyRaw ); } -void Csock::SetCertRaw( X509 * sCertRaw ) { m_sCertRaw = sCertRaw; } -X509 * Csock::GetCertRaw() const { return( m_sCertRaw ); } +void Csock::SetCertRaw( X509 * sCertRaw ) { m_pCertRaw = sCertRaw; } +X509 * Csock::GetCertRaw() const { return( m_pCertRaw ); } -void Csock::SetDHParamRaw( DH * sDHParamRaw ) { m_sDHParamRaw = sDHParamRaw; } -DH * Csock::GetDHParamRaw() const { return( m_sDHParamRaw ); } +void Csock::SetDHParamRaw( DH * sDHParamRaw ) { m_pDHParamRaw = sDHParamRaw; } +DH * Csock::GetDHParamRaw() const { return( m_pDHParamRaw ); } void Csock::SetDHParamLocation( const CS_STRING & sDHParamFile ) { m_sDHParamFile = sDHParamFile; } const CS_STRING & Csock::GetDHParamLocation() const { return( m_sDHParamFile ); } diff --git a/Csocket.h b/Csocket.h index a202c86..0dccb27 100644 --- a/Csocket.h +++ b/Csocket.h @@ -876,7 +876,7 @@ class CS_EXPORT Csock : public CSockCommon void SetPemPass( const CS_STRING & sPassword ); const CS_STRING & GetPemPass() const; - //! set raw certificate, keys & dhparam + //! set raw certificate, keys & dhparam void SetKeyRaw( EVP_PKEY * sKeyRaw ); EVP_PKEY * GetKeyRaw() const; void SetCertRaw( X509 * sCertRaw ); @@ -1180,9 +1180,9 @@ class CS_EXPORT Csock : public CSockCommon bool m_bUseSSL, m_bIsConnected; bool m_bsslEstablished, m_bEnableReadLine, m_bPauseRead; CS_STRING m_shostname, m_sbuffer, m_sSockName, m_sDHParamFile, m_sKeyFile, m_sPemFile, m_sCipherType, m_sParentName; - X509* m_sCertRaw; - EVP_PKEY* m_sKeyRaw; - DH* m_sDHParamRaw; + X509* m_pCertRaw; + EVP_PKEY* m_pKeyRaw; + DH* m_pDHParamRaw; CS_STRING m_sSend, m_sPemPass; ECloseType m_eCloseType; @@ -1316,9 +1316,9 @@ class CS_EXPORT CSConnection CSSockAddr::EAFRequire m_iAFrequire; #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; - X509* m_sCertRaw; - EVP_PKEY* m_sKeyRaw; - DH* m_sDHParamRaw; + X509* m_pCertRaw; + EVP_PKEY* m_pKeyRaw; + DH* m_pDHParamRaw; #endif /* HAVE_LIBSSL */ }; @@ -1373,9 +1373,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } - const EVP_PKEY & GetKeyRaw() const { return( *m_sKeyRaw ); } - const X509 & GetCertRaw() const { return( *m_sCertRaw ); } - const DH & GetDHParamRaw() const { return( *m_sDHParamRaw ); } + const EVP_PKEY & GetKeyRaw() const { return( *m_pKeyRaw ); } + const X509 & GetCertRaw() const { return( *m_pCertRaw ); } + const DH & GetDHParamRaw() const { return( *m_pDHParamRaw ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetPemPass() const { return( m_sPemPass ); } @@ -1401,11 +1401,11 @@ class CS_EXPORT CSListener //! set the cipher strength to use, default is HIGH void SetCipher( const CS_STRING & s ) { m_sCipher = s; } //! set the raw cert data - void SetCertRaw( X509 * s ) { m_sCertRaw = s; } + void SetCertRaw( X509 * s ) { m_pCertRaw = s; } //! set the raw key data - void SetKeyRaw( EVP_PKEY * s ) { m_sKeyRaw = s; } + void SetKeyRaw( EVP_PKEY * s ) { m_pKeyRaw = s; } //! set the raw dhparam data - void SetDHParamRaw( DH * s ) { m_sDHParamRaw = s; } + void SetDHParamRaw( DH * s ) { m_pDHParamRaw = s; } //! set the location of the pemfile void SetPemLocation( const CS_STRING & s ) { m_sPemLocation = s; } //! set the location of the keyfile @@ -1430,9 +1430,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; - X509* m_sCertRaw; - EVP_PKEY* m_sKeyRaw; - DH* m_sDHParamRaw; + X509* m_pCertRaw; + EVP_PKEY* m_pKeyRaw; + DH* m_pDHParamRaw; uint32_t m_iRequireCertFlags; #endif /* HAVE_LIBSSL */ }; From 295e7368f1dcce3a07be1f3284f5def96dee819e Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Wed, 25 Nov 2015 11:50:38 -0800 Subject: [PATCH 3/4] init *Raw ptrs to NULL & return const ptrs from matching methods --- Csocket.cc | 3 +++ Csocket.h | 12 ++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Csocket.cc b/Csocket.cc index bec9f53..5850999 100644 --- a/Csocket.cc +++ b/Csocket.cc @@ -3127,6 +3127,9 @@ void Csock::Init( const CS_STRING & sHostname, uint16_t uPort, int iTimeout ) m_uDisableProtocols = 0; m_bNoSSLCompression = false; m_bSSLCipherServerPreference = false; + m_pCertRaw = NULL; + m_pKeyRaw = NULL; + m_pDHParamRaw = NULL; #endif /* HAVE_LIBSSL */ m_iTcount = 0; m_iReadSock = CS_INVALID_SOCK; diff --git a/Csocket.h b/Csocket.h index 0dccb27..87ad296 100644 --- a/Csocket.h +++ b/Csocket.h @@ -1275,9 +1275,9 @@ class CS_EXPORT CSConnection #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } - const X509 & GetCertRaw() const { return( *m_sCertRaw ); } - const EVP_PKEY & GetKeyRaw() const { return( *m_sKeyRaw ); } - const DH & GetDHParamRaw() const { return( *m_sDHParamRaw ); } + const X509 * GetCertRaw() const { return( m_pCertRaw ); } + const EVP_PKEY * GetKeyRaw() const { return( m_pKeyRaw ); } + const DH * GetDHParamRaw() const { return( m_pDHParamRaw ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } @@ -1373,9 +1373,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } - const EVP_PKEY & GetKeyRaw() const { return( *m_pKeyRaw ); } - const X509 & GetCertRaw() const { return( *m_pCertRaw ); } - const DH & GetDHParamRaw() const { return( *m_pDHParamRaw ); } + const EVP_PKEY * GetKeyRaw() const { return( m_pKeyRaw ); } + const X509 * GetCertRaw() const { return( m_pCertRaw ); } + const DH * GetDHParamRaw() const { return( m_pDHParamRaw ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetPemPass() const { return( m_sPemPass ); } From 86b7b2b2227a73b5235e4552a5aaf206ba00817b Mon Sep 17 00:00:00 2001 From: Dylan Lloyd Date: Sat, 28 Nov 2015 13:27:17 -0800 Subject: [PATCH 4/4] rename *Raw parameters/methods to Use* sed -i \ -e 's/m_pCertRaw/m_pUseCert/g' \ -e 's/SetCertRaw/SetUseCert/g' \ -e 's/GetCertRaw/GetUseCert/g' \ -e 's/m_pKeyRaw/m_pUseKey/g' \ -e 's/SetKeyRaw/SetUseKey/g' \ -e 's/GetKeyRaw/GetUseKey/g' \ -e 's/m_pDHParamRaw/m_pUseDHParam/g' \ -e 's/SetDHParamRaw/SetUseDHParam/g' \ -e 's/GetDHParamRaw/GetUseDHParam/g' \ Csocket.{cc,h} --- Csocket.cc | 48 ++++++++++++++++++++++++------------------------ Csocket.h | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 48 insertions(+), 48 deletions(-) diff --git a/Csocket.cc b/Csocket.cc index 5850999..dd8f269 100644 --- a/Csocket.cc +++ b/Csocket.cc @@ -1044,9 +1044,9 @@ void Csock::Copy( const Csock & cCopy ) m_shostname = cCopy.m_shostname; m_sbuffer = cCopy.m_sbuffer; m_sSockName = cCopy.m_sSockName; - m_pKeyRaw = cCopy.m_pKeyRaw; - m_pCertRaw = cCopy.m_pCertRaw; - m_pDHParamRaw = cCopy.m_pDHParamRaw; + m_pUseKey = cCopy.m_pUseKey; + m_pUseCert = cCopy.m_pUseCert; + m_pUseDHParam = cCopy.m_pUseDHParam; m_sKeyFile = cCopy.m_sKeyFile; m_sDHParamFile = cCopy.m_sDHParamFile; m_sPemFile = cCopy.m_sPemFile; @@ -1578,14 +1578,14 @@ bool Csock::SSLClientSetup() SSL_CTX_set_default_passwd_cb_userdata( m_ssl_ctx, ( void * )this ); // set up the CTX - if( m_pCertRaw && m_pKeyRaw ) + if( m_pUseCert && m_pUseKey ) { - if( SSL_CTX_use_certificate( m_ssl_ctx, m_pCertRaw ) <= 0 ) + if( SSL_CTX_use_certificate( m_ssl_ctx, m_pUseCert ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); } - if( SSL_CTX_use_PrivateKey( m_ssl_ctx, m_pKeyRaw ) <= 0 ) + if( SSL_CTX_use_PrivateKey( m_ssl_ctx, m_pUseKey ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); @@ -1719,7 +1719,7 @@ SSL_CTX * Csock::SetupServerCTX() SSL_CTX_set_default_passwd_cb( pCTX, _PemPassCB ); SSL_CTX_set_default_passwd_cb_userdata( pCTX, ( void * )this ); - if( !m_pCertRaw ) + if( !m_pUseCert ) { if( m_sPemFile.empty() || access( m_sPemFile.c_str(), R_OK ) != 0 ) { @@ -1742,7 +1742,7 @@ SSL_CTX * Csock::SetupServerCTX() } else { - if( SSL_CTX_use_certificate( pCTX, m_pCertRaw ) <= 0 ) + if( SSL_CTX_use_certificate( pCTX, m_pUseCert ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); @@ -1750,7 +1750,7 @@ SSL_CTX * Csock::SetupServerCTX() } - if( !m_pKeyRaw ) + if( !m_pUseKey ) { if( ! m_sKeyFile.empty() && access( m_sKeyFile.c_str(), R_OK ) != 0 ) { @@ -1772,7 +1772,7 @@ SSL_CTX * Csock::SetupServerCTX() } else { - if( SSL_CTX_use_PrivateKey( pCTX, m_pKeyRaw ) <= 0 ) + if( SSL_CTX_use_PrivateKey( pCTX, m_pUseKey ) <= 0 ) { CS_DEBUG( "Error with SSLCert file [" << m_sPemFile << "]" ); SSLErrors( __FILE__, __LINE__ ); @@ -1782,7 +1782,7 @@ SSL_CTX * Csock::SetupServerCTX() // check to see if this pem file contains a DH structure for use with DH key exchange // https://github.com/znc/znc/pull/46 DH * pDHParam; - if( !m_pDHParamRaw ) + if( !m_pUseDHParam ) { CS_STRING sDHParamFile = m_sDHParamFile.empty() ? m_sPemFile : m_sDHParamFile; FILE *pDHParamsFile = fopen( sDHParamFile.c_str(), "r" ); @@ -1797,7 +1797,7 @@ SSL_CTX * Csock::SetupServerCTX() } else { - pDHParam = m_pDHParamRaw; + pDHParam = m_pUseDHParam; } if( pDHParam ) { @@ -2598,14 +2598,14 @@ void Csock::SetSSL( bool b ) { m_bUseSSL = b; } void Csock::SetCipher( const CS_STRING & sCipher ) { m_sCipherType = sCipher; } const CS_STRING & Csock::GetCipher() const { return( m_sCipherType ); } -void Csock::SetKeyRaw( EVP_PKEY * sKeyRaw ) { m_pKeyRaw = sKeyRaw; } -EVP_PKEY * Csock::GetKeyRaw() const { return( m_pKeyRaw ); } +void Csock::SetUseKey( EVP_PKEY * sKeyRaw ) { m_pUseKey = sKeyRaw; } +EVP_PKEY * Csock::GetUseKey() const { return( m_pUseKey ); } -void Csock::SetCertRaw( X509 * sCertRaw ) { m_pCertRaw = sCertRaw; } -X509 * Csock::GetCertRaw() const { return( m_pCertRaw ); } +void Csock::SetUseCert( X509 * sCertRaw ) { m_pUseCert = sCertRaw; } +X509 * Csock::GetUseCert() const { return( m_pUseCert ); } -void Csock::SetDHParamRaw( DH * sDHParamRaw ) { m_pDHParamRaw = sDHParamRaw; } -DH * Csock::GetDHParamRaw() const { return( m_pDHParamRaw ); } +void Csock::SetUseDHParam( DH * sDHParamRaw ) { m_pUseDHParam = sDHParamRaw; } +DH * Csock::GetUseDHParam() const { return( m_pUseDHParam ); } void Csock::SetDHParamLocation( const CS_STRING & sDHParamFile ) { m_sDHParamFile = sDHParamFile; } const CS_STRING & Csock::GetDHParamLocation() const { return( m_sDHParamFile ); } @@ -3127,9 +3127,9 @@ void Csock::Init( const CS_STRING & sHostname, uint16_t uPort, int iTimeout ) m_uDisableProtocols = 0; m_bNoSSLCompression = false; m_bSSLCipherServerPreference = false; - m_pCertRaw = NULL; - m_pKeyRaw = NULL; - m_pDHParamRaw = NULL; + m_pUseCert = NULL; + m_pUseKey = NULL; + m_pUseDHParam = NULL; #endif /* HAVE_LIBSSL */ m_iTcount = 0; m_iReadSock = CS_INVALID_SOCK; @@ -4107,9 +4107,9 @@ void CSocketManager::Select( std::map & mpeSocks ) NewpcSock->SetPemLocation( pcSock->GetPemLocation() ); NewpcSock->SetPemPass( pcSock->GetPemPass() ); - NewpcSock->SetCertRaw( pcSock->GetCertRaw() ); - NewpcSock->SetKeyRaw( pcSock->GetKeyRaw() ); - NewpcSock->SetDHParamRaw( pcSock->GetDHParamRaw() ); + NewpcSock->SetUseCert( pcSock->GetUseCert() ); + NewpcSock->SetUseKey( pcSock->GetUseKey() ); + NewpcSock->SetUseDHParam( pcSock->GetUseDHParam() ); NewpcSock->SetPemPass( pcSock->GetPemPass() ); NewpcSock->SetRequireClientCertFlags( pcSock->GetRequireClientCertFlags() ); diff --git a/Csocket.h b/Csocket.h index 87ad296..8ab740a 100644 --- a/Csocket.h +++ b/Csocket.h @@ -877,12 +877,12 @@ class CS_EXPORT Csock : public CSockCommon const CS_STRING & GetPemPass() const; //! set raw certificate, keys & dhparam - void SetKeyRaw( EVP_PKEY * sKeyRaw ); - EVP_PKEY * GetKeyRaw() const; - void SetCertRaw( X509 * sCertRaw ); - X509 * GetCertRaw() const; - void SetDHParamRaw( DH * sDHParamRaw ); - DH * GetDHParamRaw() const; + void SetUseKey( EVP_PKEY * sKeyRaw ); + EVP_PKEY * GetUseKey() const; + void SetUseCert( X509 * sCertRaw ); + X509 * GetUseCert() const; + void SetUseDHParam( DH * sDHParamRaw ); + DH * GetUseDHParam() const; //! Set the SSL method type void SetSSLMethod( int iMethod ); @@ -1180,9 +1180,9 @@ class CS_EXPORT Csock : public CSockCommon bool m_bUseSSL, m_bIsConnected; bool m_bsslEstablished, m_bEnableReadLine, m_bPauseRead; CS_STRING m_shostname, m_sbuffer, m_sSockName, m_sDHParamFile, m_sKeyFile, m_sPemFile, m_sCipherType, m_sParentName; - X509* m_pCertRaw; - EVP_PKEY* m_pKeyRaw; - DH* m_pDHParamRaw; + X509* m_pUseCert; + EVP_PKEY* m_pUseKey; + DH* m_pUseDHParam; CS_STRING m_sSend, m_sPemPass; ECloseType m_eCloseType; @@ -1275,9 +1275,9 @@ class CS_EXPORT CSConnection #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } - const X509 * GetCertRaw() const { return( m_pCertRaw ); } - const EVP_PKEY * GetKeyRaw() const { return( m_pKeyRaw ); } - const DH * GetDHParamRaw() const { return( m_pDHParamRaw ); } + const X509 * GetUseCert() const { return( m_pUseCert ); } + const EVP_PKEY * GetUseKey() const { return( m_pUseKey ); } + const DH * GetUseDHParam() const { return( m_pUseDHParam ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } @@ -1316,9 +1316,9 @@ class CS_EXPORT CSConnection CSSockAddr::EAFRequire m_iAFrequire; #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; - X509* m_pCertRaw; - EVP_PKEY* m_pKeyRaw; - DH* m_pDHParamRaw; + X509* m_pUseCert; + EVP_PKEY* m_pUseKey; + DH* m_pUseDHParam; #endif /* HAVE_LIBSSL */ }; @@ -1373,9 +1373,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL const CS_STRING & GetCipher() const { return( m_sCipher ); } const CS_STRING & GetDHParamLocation() const { return( m_sDHParamLocation ); } - const EVP_PKEY * GetKeyRaw() const { return( m_pKeyRaw ); } - const X509 * GetCertRaw() const { return( m_pCertRaw ); } - const DH * GetDHParamRaw() const { return( m_pDHParamRaw ); } + const EVP_PKEY * GetUseKey() const { return( m_pUseKey ); } + const X509 * GetUseCert() const { return( m_pUseCert ); } + const DH * GetUseDHParam() const { return( m_pUseDHParam ); } const CS_STRING & GetKeyLocation() const { return( m_sKeyLocation ); } const CS_STRING & GetPemLocation() const { return( m_sPemLocation ); } const CS_STRING & GetPemPass() const { return( m_sPemPass ); } @@ -1401,11 +1401,11 @@ class CS_EXPORT CSListener //! set the cipher strength to use, default is HIGH void SetCipher( const CS_STRING & s ) { m_sCipher = s; } //! set the raw cert data - void SetCertRaw( X509 * s ) { m_pCertRaw = s; } + void SetUseCert( X509 * s ) { m_pUseCert = s; } //! set the raw key data - void SetKeyRaw( EVP_PKEY * s ) { m_pKeyRaw = s; } + void SetUseKey( EVP_PKEY * s ) { m_pUseKey = s; } //! set the raw dhparam data - void SetDHParamRaw( DH * s ) { m_pDHParamRaw = s; } + void SetUseDHParam( DH * s ) { m_pUseDHParam = s; } //! set the location of the pemfile void SetPemLocation( const CS_STRING & s ) { m_sPemLocation = s; } //! set the location of the keyfile @@ -1430,9 +1430,9 @@ class CS_EXPORT CSListener #ifdef HAVE_LIBSSL CS_STRING m_sDHParamLocation, m_sKeyLocation, m_sPemLocation, m_sPemPass, m_sCipher; - X509* m_pCertRaw; - EVP_PKEY* m_pKeyRaw; - DH* m_pDHParamRaw; + X509* m_pUseCert; + EVP_PKEY* m_pUseKey; + DH* m_pUseDHParam; uint32_t m_iRequireCertFlags; #endif /* HAVE_LIBSSL */ };