emile: trying to fix security.

author: Cedric BAIL <cedric.bail@samsung.com> 2015-03-17 08:50:13 +0100
committer: Cedric BAIL <cedric@osg.samsung.com> 2015-03-17 09:58:18 +0100
commit: 3e6858dc2b47f06c08d8a4dfed9670320e3c9f8a (patch)
tree: f62ed62a825d2aef616b0c9f119ef3368b908c72 /src/lib/emile
parent: a089d8cd7bd1386a7aa64774e17925a17e8e00bc (diff)
2 files changed, 31 insertions, 75 deletions
diff --git a/src/lib/emile/emile_cipher_gnutls.c b/src/lib/emile/emile_cipher_gnutls.c
index ed48af5f92..f3883a0b12 100644
--- a/src/lib/emile/emile_cipher_gnutls.c
+++ b/src/lib/emile/emile_cipher_gnutls.c
@@ -415,71 +415,8 @@ on_error:
   return NULL;
 }
+// FIXME: handshaking and fun
-EAPI Eina_Bool
-emile_cipher_cafile_add(Emile_SSL *emile, const char *file)
-{
-   struct stat st;
-   int count = 0;
-   if (stat(file, &st)) return EINA_FALSE;
-   if (S_ISDIR(st.st_mode))
-     {
-        Eina_File_Direct_Info *info;
-        Eina_Iterator *it;
-        int err;
-        it = eina_file_direct_ls(file);
-        EINA_ITERATOR_FOREACH(it, info)
-          {
-             if (info->type != EINA_FILE_REG &&
-                 info->type != EINA_FILE_LNK)
-               continue;
-             err = gnutls_certificate_set_x509_trust_file(emile->cert,
-                                                          info->path,
-                                                          GNUTLS_X509_FMT_PEM);
-             if (err > 0) count += err;
-             else DBG("File '%s' could not be loaded.", info->path);
-          }
-        eina_iterator_free(it);
-     }
-   else
-     {
-        count = gnutls_certificate_set_x509_trust_file(emile->cert,
-                                                       file,
-                                                       GNUTLS_X509_FMT_PEM);
-        if (count <= 0) DBG("File '%s' could not be loaded.", file);
-     }
-   return count > 0 ? EINA_TRUE : EINA_FALSE;
-}
-EAPI Eina_Bool
-emile_cipher_privkey_add(Emile_SSL *emile, const char *file)
-{
-   int err;
-   err = gnutls_certificate_set_x509_key_file(emile->cert,
-                                              emile->cert_file,
-                                              file,
-                                              GNUTLS_X509_FMT_PEM);
-   if (err <= 0) DBG("Could not load certificate/key '%s'.", file);
-   return err > 0 ? EINA_TRUE : EINA_FALSE;
-}
-EAPI Eina_Bool
-emile_cipher_crl_add(Emile_SSL *emile, const char *file)
-{
-   int err;
-   err = gnutls_certificate_set_x509_crl_file(emile->cert,
-                                              file,
-                                              GNUTLS_X509_FMT_PEM);
-   if (err <= 0) DBG("Could not load CRL '%s'.", file);
-   return err > 0 ? EINA_TRUE : EINA_FALSE;
-}
 EAPI Emile_SSL *
 emile_cipher_server_listen(Emile_Cipher_Type t)
@@ -646,6 +583,21 @@ emile_cipher_crl_add(Emile_SSL *emile, const char *file)
 EAPI int
 emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
 {
+   int num;
+   if (!buffer || eina_binbuf_length_get(buffer) <= 0) return 0;
+   if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
+     {
+        DBG("Ongoing GNUTLS handshaking.");
+        _emile_cipher_handshaking(emile);
+        if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
+          return -1;
+        return 0;
+     }
+   num = gnutls_record_recv(emile->session,
+                            (void*) eina_binbuf_string_get(buffer),
+                            eina_binbuf_length_get(buffer));
 }
 EAPI int
diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c
index 6c3e746c37..6d74864227 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -1010,6 +1010,13 @@ emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
   if (!emile->ssl) return -1;
   if (eina_binbuf_length_get(buffer) <= 0) return 0;
+   if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
+     _emile_cipher_client_handshake(emile);
+   if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
+     return -1;
+   else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
+     return 0;
   num = SSL_read(emile->ssl,
                  (void*) eina_binbuf_string_get(buffer),
                  eina_binbuf_length_get(buffer));
@@ -1034,11 +1041,6 @@ emile_cipher_read(Emile_SSL *emile, Eina_Binbuf *buffer)
         break;
     }
-   if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
-     _emile_cipher_client_handshake(emile);
-   if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
-     return -1;
   return num < 0 ? 0 : num;
 }
@@ -1049,7 +1051,14 @@ emile_cipher_write(Emile_SSL *emile, const Eina_Binbuf *buffer)
   int err;
   if (!emile->ssl) return -1;
-   if (eina_binbuf_length_get(buffer) <= 0) return 0;
+   if (!buffer || eina_binbuf_length_get(buffer) <= 0) return 0;
+   if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
+     _emile_cipher_client_handshake(emile);
+   if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
+     return -1;
+   else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
+     return 0;
   num = SSL_write(emile->ssl,
                   (void*) eina_binbuf_string_get(buffer),
@@ -1075,11 +1084,6 @@ emile_cipher_write(Emile_SSL *emile, const Eina_Binbuf *buffer)
         break;
     }
-   if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
-     _emile_cipher_client_handshake(emile);
-   if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
-     return -1;
   return num < 0 ? 0 : num;
 }
author	Cedric BAIL <cedric.bail@samsung.com>	2015-03-17 08:50:13 +0100
committer	Cedric BAIL <cedric@osg.samsung.com>	2015-03-17 09:58:18 +0100
commit	3e6858dc2b47f06c08d8a4dfed9670320e3c9f8a (patch)
tree	f62ed62a825d2aef616b0c9f119ef3368b908c72 /src/lib/emile
parent	a089d8cd7bd1386a7aa64774e17925a17e8e00bc (diff)

diff --git a/src/lib/emile/emile_cipher_gnutls.c b/src/lib/emile/emile_cipher_gnutls.c index ed48af5f92..f3883a0b12 100644 --- a/src/lib/emile/emile_cipher_gnutls.c +++ b/src/lib/emile/emile_cipher_gnutls.c
@@ -415,71 +415,8 @@ on_error:
415	return NULL;	415	return NULL;
416	}	416	}
417		417
		418	// FIXME: handshaking and fun
418		419
419	EAPI Eina_Bool
420	emile_cipher_cafile_add(Emile_SSL emile, const char file)
421	{
422	struct stat st;
423	int count = 0;
424
425	if (stat(file, &st)) return EINA_FALSE;
426	if (S_ISDIR(st.st_mode))
427	{
428	Eina_File_Direct_Info *info;
429	Eina_Iterator *it;
430	int err;
431
432	it = eina_file_direct_ls(file);
433	EINA_ITERATOR_FOREACH(it, info)
434	{
435	if (info->type != EINA_FILE_REG &&
436	info->type != EINA_FILE_LNK)
437	continue;
438
439	err = gnutls_certificate_set_x509_trust_file(emile->cert,
440	info->path,
441	GNUTLS_X509_FMT_PEM);
442	if (err > 0) count += err;
443	else DBG("File '%s' could not be loaded.", info->path);
444	}
445	eina_iterator_free(it);
446	}
447	else
448	{
449	count = gnutls_certificate_set_x509_trust_file(emile->cert,
450	file,
451	GNUTLS_X509_FMT_PEM);
452	if (count <= 0) DBG("File '%s' could not be loaded.", file);
453	}
454
455	return count > 0 ? EINA_TRUE : EINA_FALSE;
456	}
457
458	EAPI Eina_Bool
459	emile_cipher_privkey_add(Emile_SSL emile, const char file)
460	{
461	int err;
462
463	err = gnutls_certificate_set_x509_key_file(emile->cert,
464	emile->cert_file,
465	file,
466	GNUTLS_X509_FMT_PEM);
467
468	if (err <= 0) DBG("Could not load certificate/key '%s'.", file);
469	return err > 0 ? EINA_TRUE : EINA_FALSE;
470	}
471
472	EAPI Eina_Bool
473	emile_cipher_crl_add(Emile_SSL emile, const char file)
474	{
475	int err;
476
477	err = gnutls_certificate_set_x509_crl_file(emile->cert,
478	file,
479	GNUTLS_X509_FMT_PEM);
480	if (err <= 0) DBG("Could not load CRL '%s'.", file);
481	return err > 0 ? EINA_TRUE : EINA_FALSE;
482	}
483		420
484	EAPI Emile_SSL *	421	EAPI Emile_SSL *
485	emile_cipher_server_listen(Emile_Cipher_Type t)	422	emile_cipher_server_listen(Emile_Cipher_Type t)
@@ -646,6 +583,21 @@ emile_cipher_crl_add(Emile_SSL emile, const char file)
646	EAPI int	583	EAPI int
647	emile_cipher_read(Emile_SSL emile, Eina_Binbuf buffer)	584	emile_cipher_read(Emile_SSL emile, Eina_Binbuf buffer)
648	{	585	{
		586	int num;
		587
		588	if (!buffer \|\| eina_binbuf_length_get(buffer) <= 0) return 0;
		589	if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
		590	{
		591	DBG("Ongoing GNUTLS handshaking.");
		592	_emile_cipher_handshaking(emile);
		593	if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
		594	return -1;
		595	return 0;
		596	}
		597
		598	num = gnutls_record_recv(emile->session,
		599	(void*) eina_binbuf_string_get(buffer),
		600	eina_binbuf_length_get(buffer));
649	}	601	}
650		602
651	EAPI int	603	EAPI int


diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c index 6c3e746c37..6d74864227 100644 --- a/src/lib/emile/emile_cipher_openssl.c +++ b/src/lib/emile/emile_cipher_openssl.c
@@ -1010,6 +1010,13 @@ emile_cipher_read(Emile_SSL emile, Eina_Binbuf buffer)
1010	if (!emile->ssl) return -1;	1010	if (!emile->ssl) return -1;
1011	if (eina_binbuf_length_get(buffer) <= 0) return 0;	1011	if (eina_binbuf_length_get(buffer) <= 0) return 0;
1012		1012
		1013	if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
		1014	_emile_cipher_client_handshake(emile);
		1015	if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
		1016	return -1;
		1017	else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
		1018	return 0;
		1019
1013	num = SSL_read(emile->ssl,	1020	num = SSL_read(emile->ssl,
1014	(void*) eina_binbuf_string_get(buffer),	1021	(void*) eina_binbuf_string_get(buffer),
1015	eina_binbuf_length_get(buffer));	1022	eina_binbuf_length_get(buffer));
@@ -1034,11 +1041,6 @@ emile_cipher_read(Emile_SSL emile, Eina_Binbuf buffer)
1034	break;	1041	break;
1035	}	1042	}
1036		1043
1037	if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1038	_emile_cipher_client_handshake(emile);
1039	if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1040	return -1;
1041
1042	return num < 0 ? 0 : num;	1044	return num < 0 ? 0 : num;
1043	}	1045	}
1044		1046
@@ -1049,7 +1051,14 @@ emile_cipher_write(Emile_SSL emile, const Eina_Binbuf buffer)
1049	int err;	1051	int err;
1050		1052
1051	if (!emile->ssl) return -1;	1053	if (!emile->ssl) return -1;
1052	if (eina_binbuf_length_get(buffer) <= 0) return 0;	1054	if (!buffer \|\| eina_binbuf_length_get(buffer) <= 0) return 0;
		1055
		1056	if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
		1057	_emile_cipher_client_handshake(emile);
		1058	if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
		1059	return -1;
		1060	else if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
		1061	return 0;
1053		1062
1054	num = SSL_write(emile->ssl,	1063	num = SSL_write(emile->ssl,
1055	(void*) eina_binbuf_string_get(buffer),	1064	(void*) eina_binbuf_string_get(buffer),
@@ -1075,11 +1084,6 @@ emile_cipher_write(Emile_SSL emile, const Eina_Binbuf buffer)
1075	break;	1084	break;
1076	}	1085	}
1077		1086
1078	if (emile->ssl_state == EMILE_SSL_STATE_HANDSHAKING)
1079	_emile_cipher_client_handshake(emile);
1080	if (emile->ssl_state == EMILE_SSL_STATE_ERROR)
1081	return -1;
1082
1083	return num < 0 ? 0 : num;	1087	return num < 0 ? 0 : num;
1084	}	1088	}
1085		1089