Implement ressl_accept_socket, which allocates a new server connection

context (if necessary) and handles the TLS/SSL handshake over the given socket.
author: jsing <> 2014-08-04 16:34:11 +0000
committer: jsing <> 2014-08-04 16:34:11 +0000
commit: aec4efa516a4fa9445855d5a7b204416f5a5dfb9 (patch)
tree: 4848ccf67641c45f983a73f3f9d5af01efa0e4f2 /src/lib
parent: 1d657c13f9b2a54e61902b2f786ee23b37559dc9 (diff)
download: openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.tar.gz
openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.tar.bz2
openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.zip
2 files changed, 45 insertions, 4 deletions
diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
index 10e3dc85ed..bfe9b11f7b 100644
--- a/src/lib/libressl/ressl.h
+++ b/src/lib/libressl/ressl.h
@@ -47,8 +47,8 @@ int ressl_configure(struct ressl *ctx, struct ressl_config *config);
 void ressl_reset(struct ressl *ctx);
 void ressl_free(struct ressl *ctx);
-int ressl_accept(struct ressl *ctx);
+int ressl_accept(struct ressl *ctx, struct ressl **cctx);
-int ressl_accept_socket(struct ressl *ctx, int socket);
+int ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket);
 int ressl_connect(struct ressl *ctx, const char *host, const char *port);
 int ressl_connect_socket(struct ressl *ctx, int s, const char *hostname);
 int ressl_listen(struct ressl *ctx, const char *host, const char *port, int af);
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c
index d9faa5da45..ba127f8cdd 100644
--- a/src/lib/libressl/ressl_server.c
+++ b/src/lib/libressl/ressl_server.c
@@ -17,6 +17,7 @@
 #include <openssl/ec.h>
 #include <openssl/ssl.h>
+#include <ressl.h>
 #include "ressl_internal.h"
 struct ressl *
@@ -92,7 +93,7 @@ err:
 }
 int
-ressl_accept(struct ressl *ctx)
+ressl_accept(struct ressl *ctx, struct ressl **cctx)
 {
        if ((ctx->flags & RESSL_SERVER) == 0) {
                ressl_set_error(ctx, "not a server context");
@@ -104,13 +105,53 @@ err:
 }
 int
-ressl_accept_socket(struct ressl *ctx, int socket)
+ressl_accept_socket(struct ressl *ctx, struct ressl **cctx, int socket)
 {
+        struct ressl *conn_ctx = *cctx;
+        int ret, ssl_err;
+        
        if ((ctx->flags & RESSL_SERVER) == 0) {
                ressl_set_error(ctx, "not a server context");
                goto err;
        }
+        if (conn_ctx == NULL) {
+                if ((conn_ctx = ressl_server_conn(ctx)) == NULL) {
+                        ressl_set_error(ctx, "connection context failure");
+                        goto err;
+                }
+                *cctx = conn_ctx;
+                conn_ctx->socket = socket;
+                if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+                        ressl_set_error(ctx, "ssl failure");
+                        goto err;
+                }
+                if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
+                        ressl_set_error(ctx, "ssl set fd failure");
+                        goto err;
+                }
+                SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
+        }
+        if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
+                ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
+                switch (ssl_err) {
+                case SSL_ERROR_WANT_READ:
+                        return (RESSL_READ_AGAIN);
+                case SSL_ERROR_WANT_WRITE:
+                        return (RESSL_WRITE_AGAIN);
+                default:
+                        ressl_set_error(ctx, "ssl accept failure (%i)",
+                            ssl_err);
+                        goto err;
+                }
+        }
+        return (0);
 err:
        return (-1);
 }
author	jsing <>	2014-08-04 16:34:11 +0000
committer	jsing <>	2014-08-04 16:34:11 +0000
commit	aec4efa516a4fa9445855d5a7b204416f5a5dfb9 (patch)
tree	4848ccf67641c45f983a73f3f9d5af01efa0e4f2 /src/lib
parent	1d657c13f9b2a54e61902b2f786ee23b37559dc9 (diff)
download	openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.tar.gz openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.tar.bz2 openbsd-aec4efa516a4fa9445855d5a7b204416f5a5dfb9.zip

diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h index 10e3dc85ed..bfe9b11f7b 100644 --- a/src/lib/libressl/ressl.h +++ b/src/lib/libressl/ressl.h
@@ -47,8 +47,8 @@ int ressl_configure(struct ressl ctx, struct ressl_config config);
47	void ressl_reset(struct ressl *ctx);	47	void ressl_reset(struct ressl *ctx);
48	void ressl_free(struct ressl *ctx);	48	void ressl_free(struct ressl *ctx);
49		49
50	int ressl_accept(struct ressl *ctx);	50	int ressl_accept(struct ressl ctx, struct ressl *cctx);
51	int ressl_accept_socket(struct ressl *ctx, int socket);	51	int ressl_accept_socket(struct ressl ctx, struct ressl *cctx, int socket);
52	int ressl_connect(struct ressl ctx, const char host, const char *port);	52	int ressl_connect(struct ressl ctx, const char host, const char *port);
53	int ressl_connect_socket(struct ressl ctx, int s, const char hostname);	53	int ressl_connect_socket(struct ressl ctx, int s, const char hostname);
54	int ressl_listen(struct ressl ctx, const char host, const char *port, int af);	54	int ressl_listen(struct ressl ctx, const char host, const char *port, int af);


diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index d9faa5da45..ba127f8cdd 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c
@@ -17,6 +17,7 @@
17	#include <openssl/ec.h>	17	#include <openssl/ec.h>
18	#include <openssl/ssl.h>	18	#include <openssl/ssl.h>
19		19
		20	#include <ressl.h>
20	#include "ressl_internal.h"	21	#include "ressl_internal.h"
21		22
22	struct ressl *	23	struct ressl *
@@ -92,7 +93,7 @@ err:
92	}	93	}
93		94
94	int	95	int
95	ressl_accept(struct ressl *ctx)	96	ressl_accept(struct ressl ctx, struct ressl *cctx)
96	{	97	{
97	if ((ctx->flags & RESSL_SERVER) == 0) {	98	if ((ctx->flags & RESSL_SERVER) == 0) {
98	ressl_set_error(ctx, "not a server context");	99	ressl_set_error(ctx, "not a server context");
@@ -104,13 +105,53 @@ err:
104	}	105	}
105		106
106	int	107	int
107	ressl_accept_socket(struct ressl *ctx, int socket)	108	ressl_accept_socket(struct ressl ctx, struct ressl *cctx, int socket)
108	{	109	{
		110	struct ressl conn_ctx = cctx;
		111	int ret, ssl_err;
		112
109	if ((ctx->flags & RESSL_SERVER) == 0) {	113	if ((ctx->flags & RESSL_SERVER) == 0) {
110	ressl_set_error(ctx, "not a server context");	114	ressl_set_error(ctx, "not a server context");
111	goto err;	115	goto err;
112	}	116	}
113		117
		118	if (conn_ctx == NULL) {
		119	if ((conn_ctx = ressl_server_conn(ctx)) == NULL) {
		120	ressl_set_error(ctx, "connection context failure");
		121	goto err;
		122	}
		123	*cctx = conn_ctx;
		124
		125	conn_ctx->socket = socket;
		126
		127	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
		128	ressl_set_error(ctx, "ssl failure");
		129	goto err;
		130	}
		131
		132	if (SSL_set_fd(conn_ctx->ssl_conn, socket) != 1) {
		133	ressl_set_error(ctx, "ssl set fd failure");
		134	goto err;
		135	}
		136	SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
		137	}
		138
		139	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
		140	ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
		141	switch (ssl_err) {
		142	case SSL_ERROR_WANT_READ:
		143	return (RESSL_READ_AGAIN);
		144	case SSL_ERROR_WANT_WRITE:
		145	return (RESSL_WRITE_AGAIN);
		146	default:
		147	ressl_set_error(ctx, "ssl accept failure (%i)",
		148	ssl_err);
		149	goto err;
		150	}
		151	}
		152
		153	return (0);
		154
114	err:	155	err:
115	return (-1);	156	return (-1);
116	}	157	}