commit fecee315e0cd0f1f1397285fbf3a1797bdc3c425
parent 64065c2cb6fa4cf275f26dc5079df8e7cda8c7a5
Author: Christoph Lohmann <20h@r-36.net>
Date: Sun, 7 Jun 2020 12:52:27 +0200
Migrate from OpenSSL to LibreSSL.
Remove *blocking calls. They are not used and this needs to be handled
differently in case of LibreSSL libtls.
Diffstat:
| Makefile | | | 2 | +- |
| net.c | | | 95 | +++++++++++++++++++++++-------------------------------------------------------- |
| net.h | | | 3 | --- |
3 files changed, 29 insertions(+), 71 deletions(-)
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ MANPREFIX = ${PREFIX}/share/man
# includes and libs
INCS = -I. -I/usr/include
-LIBS = -L/usr/lib -lc -lssl -lcrypto
+LIBS = -L/usr/lib -lc -ltls
# OpenBSD
#LIBS = -L/usr/lib -lc -lssl -lcrypto -liconv
diff --git a/net.c b/net.c
@@ -16,8 +16,7 @@
#include <sys/socket.h>
#include <netdb.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
+#include <tls.h>
#include "ind.h"
#include "net.h"
@@ -111,6 +110,12 @@ netnewerror:
void
net_free(net_t *net)
{
+ switch (net->type) {
+ case NET_TCPS:
+ tls_free((struct tls *)net->data[0]);
+ tls_config_free((struct tls_config *)net->data[1]);
+ }
+
if (net->net != NULL)
free(net->net);
if (net->addr != NULL)
@@ -120,44 +125,6 @@ net_free(net_t *net)
free(net);
}
-void
-net_setnonblocking(net_t *net)
-{
- int fd;
-
- switch (net->type) {
- case NET_NET:
- case NET_TCP:
- setnonblocking(net->fd);
- break;
- case NET_TCPS:
- if ((fd = SSL_get_rfd(net->data[0])))
- setnonblocking(fd);
- if ((fd = SSL_get_wfd(net->data[0])))
- setnonblocking(fd);
- break;
- }
-}
-
-void
-net_setblocking(net_t *net)
-{
- int fd;
-
- switch (net->type) {
- case NET_NET:
- case NET_TCP:
- setblocking(net->fd);
- break;
- case NET_TCPS:
- if ((fd = SSL_get_rfd(net->data[0])))
- setblocking(fd);
- if ((fd = SSL_get_wfd(net->data[0])))
- setblocking(fd);
- break;
- }
-}
-
int
net_connecttcp(net_t *net)
{
@@ -195,21 +162,22 @@ net_connecttcp(net_t *net)
int
net_addssl(net_t *net)
{
- SSL *sfd;
-
- SSL_library_init();
- OpenSSL_add_all_algorithms();
- net->data[1] = SSL_CTX_new(SSLv23_method());
- if (net->data[1] == NULL)
- goto netaddsslerr;
- SSL_CTX_set_options((SSL_CTX *)net->data[1],
- SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
-
- if ((sfd = SSL_new((SSL_CTX *)net->data[1])) == NULL)
- goto netaddsslerr;
- SSL_set_fd(sfd, net->fd);
- if (SSL_connect(sfd) < 1)
- goto netaddsslerr;
+ struct tls *tls = NULL;
+ struct tls_config *config = NULL;
+
+ tls_init();
+ tls = tls_client();
+ config = tls_config_new();
+ tls_config_insecure_noverifycert(config);
+ tls_config_insecure_noverifyname(config);
+ tls_configure(tls, config);
+
+ if (tls_connect_socket(tls, net->fd, net->addr) < 0) {
+ fprintf(stderr, "tls_connect_socket %s\n", tls_error(tls));
+ tls_free(tls);
+ tls_config_free(config);
+ return 1;
+ }
switch (net->type) {
case NET_NET:
@@ -222,14 +190,10 @@ net_addssl(net_t *net)
break;
}
- net->data[0] = sfd;
+ net->data[0] = tls;
+ net->data[1] = config;
return 0;
-netaddsslerr:
- SSL_load_error_strings();
- ERR_print_errors_fp(stderr);
- ERR_free_strings();
- return 1;
}
int
@@ -268,10 +232,7 @@ net_closetcp(net_t *net)
void
net_closetcps(net_t *net)
{
- SSL_CTX_free((SSL_CTX *)net->data[1]);
- SSL_free((SSL *)net->data[0]);
- EVP_cleanup();
- CRYPTO_cleanup_all_ex_data();
+ tls_close((struct tls *)net->data[0]);
}
void
@@ -297,7 +258,7 @@ net_writetcp(net_t *net, char *buf, int len)
int
net_writetcps(net_t *net, char *buf, int len)
{
- return SSL_write((SSL *)net->data[0], buf, len);
+ return tls_write((struct tls *)net->data[0], buf, len);
}
int
@@ -357,7 +318,7 @@ net_readtcp(net_t *net, char *buf, int len)
int
net_readtcps(net_t *net, char *buf, int len)
{
- return SSL_read((SSL *)net->data[0], buf, len);
+ return tls_read((struct tls *)net->data[0], buf, len);
}
int
diff --git a/net.h b/net.h
@@ -22,9 +22,6 @@ struct net_t {
net_t *net_new(char *desc);
void net_free(net_t *net);
-void net_setnonblocking(net_t *net);
-void net_setblocking(net_t *net);
-
int net_getnetname(char *str);
int net_addssl(net_t *net);
int net_connect(net_t *net);
