src/gencert.c

   1 __attribute__((unused)) static void ssl_debug (void *ctx, int level, const char *str) {
   2   ptlogf("SSL DEBUG(%d): %s\n", level, str);
   3 }
   4
   5
   6 /* no need to initialize cert */
   7 static void cert_load_root (x509_crt *root_cert) {
   8   int ret;
   9   memset(root_cert, 0, sizeof(*root_cert));
  10   ret = x509_crt_parse(root_cert, fake_root_cert_data, fake_root_cert_data_size);
  11   if (ret != 0) {
  12     // the thing that should not be
  13     fprintf(stderr, "FUCKED: x509_crt_parse returned %d\n", ret);
  14     abort();
  15   }
  16 }
  17
  18
  19 static inline void cert_free (x509_crt *root_cert) {
  20   x509_crt_free(root_cert);
  21 }
  22
  23
  24 static int cert_gen (const char *hostname, char *cfname, x509_crt *root_cert, rsa_context *ssl_rsa) {
  25   x509_raw graw;
  26   char *hbuf = malloc(strlen(hostname)+8192);
  27   int res;
  28   //////////////////////////////////////////
  29   x509write_init_raw(&graw);
  30   //////////////////////////////////////////
  31   ptlogf("SSL: generating the certificate for host '%s'...\n", hostname);
  32   sprintf(hbuf, "CN=%s", hostname);
  33   //////////////////////////////////////////
  34   ptlogf("SSL: x509write_add_pubkey()\n");
  35   res = x509write_add_pubkey(&graw, ssl_rsa);
  36   if (res != 0) { ptlogf("SHIT: x509write_add_pubkey=%d\n", res); goto error; }
  37   //////////////////////////////////////////
  38   ptlogf("SSL: x509write_copy_issuer()\n");
  39   res = x509write_copy_issuer(&graw, root_cert);
  40   if (res != 0) { ptlogf("SHIT: x509write_copy_issuer=%d\n", res); goto error; }
  41   //////////////////////////////////////////
  42   ptlogf("SSL: x509write_add_subject()\n");
  43   res = x509write_add_subject(&graw, (unsigned char *)hbuf);
  44   if (res != 0) { ptlogf("SHIT: x509write_add_subject=%d\n", res); goto error; }
  45   //////////////////////////////////////////
  46   ptlogf("SSL: x509write_add_validity()\n");
  47   res = x509write_add_validity(&graw, (unsigned char *)"2013-01-01 12:00:00", (unsigned char *)"2016-01-01 12:00:00");
  48   if (res != 0) { ptlogf("SHIT: x509write_add_validity=%d\n", res); goto error; }
  49   //////////////////////////////////////////
  50   ptlogf("SSL: x509write_create_sign()\n");
  51   res = x509write_create_sign(&graw, ssl_rsa);
  52   if (res != 0) { ptlogf("SHIT: x509write_create_sign=%d\n", res); goto error; }
  53   //////////////////////////////////////////
  54   //sprintf(hbuf, "certs/cert.%s.pem", hostname);
  55   ptlogf("SSL: x509write_crtfile()\n");
  56   res = x509write_crtfile(&graw, cfname, X509_OUTPUT_PEM);
  57   if (res != 0) { ptlogf("SHIT: x509write_crtfile=%d\n", res); goto error; }
  58   //////////////////////////////////////////
  59   ptlogf("SSL: x509write_free_raw()\n");
  60   x509write_free_raw(&graw);
  61   //////////////////////////////////////////
  62   free(hbuf);
  63   return 0;
  64 error:
  65   free(hbuf);
  66   x509write_free_raw(&graw);
  67   return -1;
  68 }
  69
  70
  71 // not thread-safe
  72 static int cert_for_host (const char *hostname, x509_crt *root_cert, int fucked) {
  73   static char cfname[4096], hn[512];
  74   int ret;
  75   if (!fucked) {
  76     strcpy(hn, hostname);
  77   } else {
  78     snprintf(hn, sizeof(hn), "fuck.%s", hostname);
  79   }
  80   snprintf(cfname, sizeof(cfname), "certs/generated/cert.%s.pem", hn);
  81   if (access(cfname, R_OK) != 0) {
  82     ptlogf("no certificate for '%s'...\n", hn);
  83     if (cert_gen(hn, cfname, root_cert, &ssl_rsa) != 0) {
  84       ptlogf("FUCKED: can't generate certificate for '%s'!\n", hn);
  85       return -1;
  86     }
  87   } else {
  88     ptlogf("found certificate for '%s'...\n", hn);
  89   }
  90   ret = x509_crt_parse_file(root_cert, cfname);
  91   if (ret != 0) {
  92     ptlogf("FUCKED: x509_crt_parse_file returned %d\n", ret);
  93     return -1;
  94   }
  95   return 0;
  96 }
  97
  98
  99 /*
 100  * Read at most 'len' characters
 101  */
 102 static int xssl_net_recv (void *ctx, unsigned char *buf, size_t len) {
 103   sock_t *sk = (sock_t *)ctx;
 104   if (sk->fd < 0) { errno = EBADF; return POLARSSL_ERR_NET_RECV_FAILED; }
 105   //ptlogf("XSSL_RECV: fd=%d; len=%u\n", sk->fd, len);
 106   int res = asnet_recv(sk->fd, buf, len, 0, (sk->is_client ? TIMEOUT_CLIENT : TIMEOUT_SERVER));
 107   //ptlogf("XSSL_RECV: fd=%d; len=%u; res=%d\n", sk->fd, len, res);
 108   if (res <= 0) {
 109     //POLARSSL_ERR_NET_WANT_READ: do it again
 110     if (res == 0) return POLARSSL_ERR_NET_CONN_RESET;
 111     return POLARSSL_ERR_NET_RECV_FAILED;
 112   }
 113   return res;
 114 }
 115
 116
 117 /*
 118  * Write 'len' characters
 119  */
 120 static int xssl_net_send (void *ctx, const unsigned char *buf, size_t len) {
 121   sock_t *sk = (sock_t *)ctx;
 122   if (sk->fd < 0) return POLARSSL_ERR_NET_RECV_FAILED;
 123   //ptlogf("XSSL_SEND: fd=%d; len=%u\n", sk->fd, len);
 124   if (asnet_send(sk->fd, buf, len, (sk->is_client ? TIMEOUT_CLIENT : TIMEOUT_SERVER)) > 0) return (int)len;
 125   //ptlogf("XSSL_SEND: fd=%d; len=%u; FAILED!\n", sk->fd, len);
 126   //return POLARSSL_ERR_NET_CONN_RESET;
 127   return POLARSSL_ERR_NET_SEND_FAILED;
 128 }