/* * */ #include #include /* close() */ #include #include /* memset() */ #include #include #include #include #include #include #include #include #include "UDPTCPNetwork.h" static int ssl_init = 0; SSLSocket::SSLSocket() { readcnt = 0; writecnt = 0; certfile = ""; keyfile = ""; sslerror = SSL_ERROR_NONE; timeout = 0; ctx = NULL; ssl = NULL; if (ssl_init == 0) { ssl_init = 1; SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); } }; SSLSocket::~SSLSocket() { if (ctx) SSL_CTX_free(ctx); ctx = NULL; if (ssl) SSL_free(ssl); ssl = NULL; }; int SSLSocket::NewServerCTX() { struct stat st; if (stat (certfile.c_str(), &st)) return 0; if (stat (keyfile.c_str(), &st)) return 0; if (ctx) SSL_CTX_free(ctx); ctx = NULL; #ifdef SSLv23_method ctx = SSL_CTX_new(TLS_server_method()); #else ctx = SSL_CTX_new(TLSv1_2_server_method()); #endif if (SSL_CTX_use_certificate_file(ctx, certfile.c_str(), SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); if (ctx) SSL_CTX_free(ctx); ctx = NULL; errno = EPROTO; return 0; } if ( SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM) <= 0 ) { ERR_print_errors_fp(stderr); if (ctx) SSL_CTX_free(ctx); ctx = NULL; errno = EPROTO; return 0; } if (!SSL_CTX_check_private_key(ctx)) { if (ctx) SSL_CTX_free(ctx); ctx = NULL; errno = EPROTO; return 0; } return 1; }; int SSLSocket::NewClientCTX() { if (ctx) SSL_CTX_free(ctx); ctx = NULL; #ifdef SSLv23_method ctx = SSL_CTX_new(TLS_client_method()); #else ctx = SSL_CTX_new(TLSv1_2_client_method()); #endif return 1; }; int SSLSocket::SetCertificat(string certf, string keyf) { certfile = certf; keyfile = keyf; return 1; }; int SSLSocket::Connect (int sockfd, int block_timeout) { int flags, res; TimeoutReset(); sslerror = SSL_ERROR_NONE; NewClientCTX(); timeout = block_timeout; if (sockfd > 0 && block_timeout > 0) { #if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__) u_long mode = 1; ioctlsocket(sockfd, FIONBIO, &mode); #else flags = fcntl(sockfd, F_GETFL, 0); fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); #endif } ssl = SSL_new(ctx); SSL_set_fd (ssl, sockfd); do { res = SSL_connect(ssl); if (res == -1) sslerror = SSL_get_error(ssl, -1); } while (res == -1 && TimeoutTime() < timeout && (sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE)); if (res == -1) return 0; return 1; }; int SSLSocket::Accept (int sockfd, int block_timeout) { int flags, res; TimeoutReset(); sslerror = SSL_ERROR_NONE; timeout = block_timeout; NewServerCTX(); if (sockfd > 0 && block_timeout > 0) { #if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__) u_long mode = 1; ioctlsocket(sockfd, FIONBIO, &mode); #else flags = fcntl(sockfd, F_GETFL, 0); fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); #endif } ssl = SSL_new(ctx); SSL_set_fd (ssl, sockfd); do { res = SSL_accept(ssl); if (res == -1) sslerror = SSL_get_error(ssl, -1); } while (res == -1 && TimeoutTime() < timeout && (sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE)); return 1; }; const string SSLSocket::GetSSLErrorText(int err) { string s; switch (err) { case SSL_ERROR_NONE: s = "SSL_ERROR_NONE"; break; case SSL_ERROR_SSL: s = "SSL_ERROR_SSL"; break; case SSL_ERROR_WANT_READ: s = "SSL_ERROR_WANT_READ"; break; case SSL_ERROR_WANT_WRITE: s = "SSL_ERROR_WANT_WRITE"; break; case SSL_ERROR_SYSCALL: s = "SSL_ERROR_SYSCALL"; break; case SSL_ERROR_WANT_CONNECT: s = "SSL_ERROR_WANT_CONNECT"; break; case SSL_ERROR_ZERO_RETURN: s = "SSL_ERROR_ZERO_RETURN"; break; case SSL_ERROR_WANT_ACCEPT: s = "SSL_ERROR_WANT_ACCEPT"; break; default: s = "SSL_ERROR unknown " + to_string(err); break; } return s; } // // close ssl and return socket. int SSLSocket::Close () { int sock = 0; int flags; if (ssl) { sock = SSL_get_fd(ssl); SSL_free(ssl); ssl = NULL; } if (ctx) { SSL_CTX_free(ctx); ctx = NULL; } if (sock > 0 && timeout > 0) { #if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__) u_long mode = 0; ioctlsocket(sock, FIONBIO, &mode); #else flags = fcntl(sock, F_GETFL, 0); fcntl(sock, F_SETFL, flags & ~(O_NONBLOCK)); #endif } return sock; }; // // long int SSLSocket::Read (char *buffer, long int len) { int ret; sslerror = SSL_ERROR_NONE; TimeoutReset(); if (!ssl) { errno = EPROTO; return -1; } do { ret = SSL_read(ssl, buffer, len); if (ret == -1) sslerror = SSL_get_error(ssl, -1); } while (ret == -1 && TimeoutTime() < timeout && (sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE)); return ret; }; // // long int SSLSocket::Write (char *buffer, long int len) { int ret; sslerror = SSL_ERROR_NONE; TimeoutReset(); if (!ssl) { errno = EPROTO; return -1; } do { ret = SSL_write(ssl, buffer, len); if (ret == -1) sslerror = SSL_get_error(ssl, -1); } while (ret == -1 && TimeoutTime() < timeout && (sslerror == SSL_ERROR_WANT_READ || sslerror == SSL_ERROR_WANT_WRITE)); return ret; }; // // Reset Timeout Timer void SSLSocket::TimeoutReset() { gettimeofday (&timeout_start, NULL); }; // // Return time which has past since reset in ms. int SSLSocket::TimeoutTime() { struct timeval tv; gettimeofday (&tv, NULL); return ((tv.tv_sec-timeout_start.tv_sec) * 1000) + ((tv.tv_usec-timeout_start.tv_usec) / 1000); };