summaryrefslogtreecommitdiff
path: root/src/lib/emile
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@samsung.com>2015-03-17 08:50:13 +0100
committerCedric BAIL <cedric@osg.samsung.com>2015-03-17 09:58:18 +0100
commit3e6858dc2b47f06c08d8a4dfed9670320e3c9f8a (patch)
treef62ed62a825d2aef616b0c9f119ef3368b908c72 /src/lib/emile
parenta089d8cd7bd1386a7aa64774e17925a17e8e00bc (diff)
emile: trying to fix security.
Diffstat (limited to 'src/lib/emile')
-rw-r--r--src/lib/emile/emile_cipher_gnutls.c80
-rw-r--r--src/lib/emile/emile_cipher_openssl.c26
2 files changed, 31 insertions, 75 deletions
diff --git a/src/lib/emile/emile_cipher_gnutls.c b/src/lib/emile/emile_cipher_gnutls.c
index ed48af5f92..f3883a0b12 100644
--- a/src/lib/emile/emile_cipher_gnutls.c
+++ b/src/lib/emile/emile_cipher_gnutls.c
@@ -415,71 +415,8 @@ on_error:
415 return NULL; 415 return NULL;
416} 416}
417 417
418// FIXME: handshaking and fun
418 419
419EAPI Eina_Bool
420emile_cipher_cafile_add(Emile_SSL *emile, const char *file)
421{
422 struct stat st;
423 int count = 0;
424
425 if (stat(file, &st)) return EINA_FALSE;
426 if (S_ISDIR(st.st_mode))
427 {
428 Eina_File_Direct_Info *info;
429 Eina_Iterator *it;
430 int err;
431
432 it = eina_file_direct_ls(file);
433 EINA_ITERATOR_FOREACH(it, info)
434 {
435 if (info->type != EINA_FILE_REG &&
436 info->type != EINA_FILE_LNK)
437 continue;
438
439 err = gnutls_certificate_set_x509_trust_file(emile->cert,
440 info->path,
441 GNUTLS_X509_FMT_PEM);
442 if (err > 0) count += err;
443 else DBG("File '%s' could not be loaded.", info->path);
444 }
445 eina_iterator_free(it);
446 }
447 else
448 {
449 count = gnutls_certificate_set_x509_trust_file(emile->cert,
450 file,
451 GNUTLS_X509_FMT_PEM);
452 if (count <= 0) DBG("File '%s' could not be loaded.", file);
453 }
454
455 return count > 0 ? EINA_TRUE : EINA_FALSE;
456}
457
458EAPI Eina_Bool
459emile_cipher_privkey_add(Emile_SSL *emile, const char *file)
460{
461 int err;
462
463 err = gnutls_certificate_set_x509_key_file(emile->cert,
464 emile->cert_file,
465 file,
466 GNUTLS_X509_FMT_PEM);
467
468 if (err <= 0) DBG("Could not load certificate/key '%s'.", file);
469 return err > 0 ? EINA_TRUE : EINA_FALSE;
470}
471
472EAPI Eina_Bool
473emile_cipher_crl_add(Emile_SSL *emile, const char *file)
474{
475 int err;
476
477 err = gnutls_certificate_set_x509_crl_file(emile->cert,
478 file,
479 GNUTLS_X509_FMT_PEM);
480 if (err <= 0) DBG("Could not load CRL '%s'.", file);
481 return err > 0 ? EINA_TRUE : EINA_FALSE;
482}
483 420
484EAPI Emile_SSL * 421EAPI Emile_SSL *
485emile_cipher_server_listen(Emile_Cipher_Type t) 422emile_cipher_server_listen(Emile_Cipher_Type t)
@@ -646,6 +583,21 @@ emile_cipher_crl_add(Emile_SSL *emile, const char *file)
646EAPI int 583EAPI int
647emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer) 584emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
648{ 585{
586 int num;
587
588 if (!buffer || eina_binbuf_length_get(buffer) <= 0) return 0;
589 if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
590 {
591 DBG("Ongoing GNUTLS handshaking.");
592 _emile_cipher_handshaking(emile);
593 if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
594 return -1;
595 return 0;
596 }
597
598 num = gnutls_record_recv(emile->session,
599 (void*) eina_binbuf_string_get(buffer),
600 eina_binbuf_length_get(buffer));
649} 601}
650 602
651EAPI int 603EAPI int
diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c
index 6c3e746c37..6d74864227 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -1010,6 +1010,13 @@ emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
1010 if (!emile->ssl) return -1; 1010 if (!emile->ssl) return -1;
1011 if (eina_binbuf_length_get(buffer) <= 0) return 0; 1011 if (eina_binbuf_length_get(buffer) <= 0) return 0;
1012 1012
1013 if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1014 _emile_cipher_client_handshake(emile);
1015 if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1016 return -1;
1017 else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1018 return 0;
1019
1013 num = SSL_read(emile->ssl, 1020 num = SSL_read(emile->ssl,
1014 (void*) eina_binbuf_string_get(buffer), 1021 (void*) eina_binbuf_string_get(buffer),
1015 eina_binbuf_length_get(buffer)); 1022 eina_binbuf_length_get(buffer));
@@ -1034,11 +1041,6 @@ emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
1034 break; 1041 break;
1035 } 1042 }
1036 1043
1037 if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1038 _emile_cipher_client_handshake(emile);
1039 if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1040 return -1;
1041
1042 return num < 0 ? 0 : num; 1044 return num < 0 ? 0 : num;
1043} 1045}
1044 1046
@@ -1049,7 +1051,14 @@ emile_cipher_write(Emile_SSL *emile, const Eina_Binbuf *buffer)
1049 int err; 1051 int err;
1050 1052
1051 if (!emile->ssl) return -1; 1053 if (!emile->ssl) return -1;
1052 if (eina_binbuf_length_get(buffer) <= 0) return 0; 1054 if (!buffer || eina_binbuf_length_get(buffer) <= 0) return 0;
1055
1056 if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1057 _emile_cipher_client_handshake(emile);
1058 if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1059 return -1;
1060 else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1061 return 0;
1053 1062
1054 num = SSL_write(emile->ssl, 1063 num = SSL_write(emile->ssl,
1055 (void*) eina_binbuf_string_get(buffer), 1064 (void*) eina_binbuf_string_get(buffer),
@@ -1075,11 +1084,6 @@ emile_cipher_write(Emile_SSL *emile, const Eina_Binbuf *buffer)
1075 break; 1084 break;
1076 } 1085 }
1077 1086
1078 if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1079 _emile_cipher_client_handshake(emile);
1080 if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1081 return -1;
1082
1083 return num < 0 ? 0 : num; 1087 return num < 0 ? 0 : num;
1084} 1088}
1085 1089