X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fcrypto%2Fserv_crypto.c;h=6afeee84bc7c0b7a643ea51fce35093bff23932a;hb=f1ee61891901850ebbdee1e9440b363dc6df540a;hp=7e470153731135902a67ca2d12164c602d77d34a;hpb=4de5a40af8cfc00866c7997ecf5b2971877f6b04;p=citadel.git

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 7e4701537..6afeee84b 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -1,5 +1,4 @@
-/* $Id$
- *
+/*
  * Copyright (c) 1987-2009 by the citadel.org team
  *
  *  This program is free software; you can redistribute it and/or modify
@@ -94,14 +93,14 @@ void init_ssl(void)
 		RAND_egd(EGD_POOL);
 
 	if (!RAND_status()) {
-		CtdlLogPrintf(CTDL_CRIT,
+		syslog(LOG_CRIT,
 			"PRNG not adequately seeded, won't do SSL/TLS\n");
 		return;
 	}
 	SSLCritters =
 	    malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t *));
 	if (!SSLCritters) {
-		CtdlLogPrintf(CTDL_EMERG, "citserver: can't allocate memory!!\n");
+		syslog(LOG_EMERG, "citserver: can't allocate memory!!\n");
 		/* Nothing's been initialized, just die */
 		exit(1);
 	} else {
@@ -110,7 +109,7 @@ void init_ssl(void)
 		for (a = 0; a < CRYPTO_num_locks(); a++) {
 			SSLCritters[a] = malloc(sizeof(pthread_mutex_t));
 			if (!SSLCritters[a]) {
-				CtdlLogPrintf(CTDL_EMERG,
+				syslog(LOG_EMERG,
 					"citserver: can't allocate memory!!\n");
 				/* Nothing's been initialized, just die */
 				exit(1);
@@ -126,12 +125,12 @@ void init_ssl(void)
 	SSL_load_error_strings();
 	ssl_method = SSLv23_server_method();
 	if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_CTX_new failed: %s\n",
+		syslog(LOG_CRIT, "SSL_CTX_new failed: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		return;
 	}
 	if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL: No ciphers available\n");
+		syslog(LOG_CRIT, "SSL: No ciphers available\n");
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
@@ -149,21 +148,21 @@ void init_ssl(void)
 	/* Load DH parameters into the context */
 	dh = DH_new();
 	if (!dh) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't allocate a DH object: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't allocate a DH object: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
 	}
 	if (!(BN_hex2bn(&(dh->p), DH_P))) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't assign DH_P: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't assign DH_P: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
 		return;
 	}
 	if (!(BN_hex2bn(&(dh->g), DH_G))) {
-		CtdlLogPrintf(CTDL_CRIT, "init_ssl() can't assign DH_G: %s\n",
+		syslog(LOG_CRIT, "init_ssl() can't assign DH_G: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_CTX_free(ssl_ctx);
 		ssl_ctx = NULL;
@@ -182,13 +181,13 @@ void init_ssl(void)
 	 * Generate a key pair if we don't have one.
 	 */
 	if (access(file_crpt_file_key, R_OK) != 0) {
-		CtdlLogPrintf(CTDL_INFO, "Generating RSA key pair.\n");
+		syslog(LOG_INFO, "Generating RSA key pair.\n");
 		rsa = RSA_generate_key(1024,	/* modulus size */
 					65537,	/* exponent */
 					NULL,	/* no callback */
 					NULL);	/* no callback */
 		if (rsa == NULL) {
-			CtdlLogPrintf(CTDL_CRIT, "Key generation failed: %s\n",
+			syslog(LOG_CRIT, "Key generation failed: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
 		}
 		if (rsa != NULL) {
@@ -203,7 +202,7 @@ void init_ssl(void)
 							NULL,	/* no callbk */
 							NULL	/* no callbk */
 				) != 1) {
-					CtdlLogPrintf(CTDL_CRIT, "Cannot write key: %s\n",
+					syslog(LOG_CRIT, "Cannot write key: %s\n",
                                 		ERR_reason_error_string(ERR_get_error()));
 					unlink(file_crpt_file_key);
 				}
@@ -219,7 +218,7 @@ void init_ssl(void)
 	 * the CSR in this step so that the next step may commence.
 	 */
 	if ( (access(file_crpt_file_cer, R_OK) != 0) && (access(file_crpt_file_csr, R_OK) != 0) ) {
-		CtdlLogPrintf(CTDL_INFO, "Generating a certificate signing request.\n");
+		syslog(LOG_INFO, "Generating a certificate signing request.\n");
 
 		/*
 		 * Read our key from the file.  No, we don't just keep this
@@ -282,7 +281,7 @@ void init_ssl(void)
 
 					/* Sign the CSR */
 					if (!X509_REQ_sign(req, pk, EVP_md5())) {
-						CtdlLogPrintf(CTDL_CRIT, "X509_REQ_sign(): error\n");
+						syslog(LOG_CRIT, "X509_REQ_sign(): error\n");
 					}
 					else {
 						/* Write it to disk. */	
@@ -302,7 +301,7 @@ void init_ssl(void)
 		}
 
 		else {
-			CtdlLogPrintf(CTDL_CRIT, "Unable to read private key.\n");
+			syslog(LOG_CRIT, "Unable to read private key.\n");
 		}
 	}
 
@@ -312,7 +311,7 @@ void init_ssl(void)
 	 * Generate a self-signed certificate if we don't have one.
 	 */
 	if (access(file_crpt_file_cer, R_OK) != 0) {
-		CtdlLogPrintf(CTDL_INFO, "Generating a self-signed certificate.\n");
+		syslog(LOG_INFO, "Generating a self-signed certificate.\n");
 
 		/* Same deal as before: always read the key from disk because
 		 * it may or may not have just been generated.
@@ -352,7 +351,7 @@ void init_ssl(void)
 					
 					/* Sign the cert */
 					if (!X509_sign(cer, pk, EVP_md5())) {
-						CtdlLogPrintf(CTDL_CRIT, "X509_sign(): error\n");
+						syslog(LOG_CRIT, "X509_sign(): error\n");
 					}
 					else {
 						/* Write it to disk. */	
@@ -378,7 +377,7 @@ void init_ssl(void)
         SSL_CTX_use_certificate_chain_file(ssl_ctx, file_crpt_file_cer);
         SSL_CTX_use_PrivateKey_file(ssl_ctx, file_crpt_file_key, SSL_FILETYPE_PEM);
         if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
-		CtdlLogPrintf(CTDL_CRIT, "Cannot install certificate: %s\n",
+		syslog(LOG_CRIT, "Cannot install certificate: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
         }
 
@@ -404,7 +403,7 @@ void client_write_ssl(const char *buf, int nbytes)
 	while (nremain > 0) {
 		if (SSL_want_write(CC->ssl)) {
 			if ((SSL_read(CC->ssl, junk, 0)) < 1) {
-				CtdlLogPrintf(CTDL_DEBUG, "SSL_read in client_write: %s\n", ERR_reason_error_string(ERR_get_error()));
+				syslog(LOG_DEBUG, "SSL_read in client_write: %s\n", ERR_reason_error_string(ERR_get_error()));
 			}
 		}
 		retval =
@@ -418,9 +417,9 @@ void client_write_ssl(const char *buf, int nbytes)
 				sleep(1);
 				continue;
 			}
-			CtdlLogPrintf(CTDL_DEBUG, "SSL_write got error %ld, ret %d\n", errval, retval);
+			syslog(LOG_DEBUG, "SSL_write got error %ld, ret %d\n", errval, retval);
 			if (retval == -1)
-				CtdlLogPrintf(CTDL_DEBUG, "errno is %d\n", errno);
+				syslog(LOG_DEBUG, "errno is %d\n", errno);
 			endtls();
 			client_write(&buf[nbytes - nremain], nremain);
 			return;
@@ -445,7 +444,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout)
 	while (1) {
 		if (SSL_want_read(pssl)) {
 			if ((SSL_write(pssl, junk, 0)) < 1) {
-				CtdlLogPrintf(CTDL_DEBUG, "SSL_write in client_read\n");
+				syslog(LOG_DEBUG, "SSL_write in client_read\n");
 			}
 		}
 		rlen = SSL_read(pssl, sbuf, sizeof(sbuf));
@@ -457,7 +456,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout)
 				sleep(1);
 				continue;
 			}
-			CtdlLogPrintf(CTDL_DEBUG, "SSL_read got error %ld\n", errval);
+			syslog(LOG_DEBUG, "SSL_read got error %ld\n", errval);
 			endtls();
 			return (-1);
 		}
@@ -559,39 +558,71 @@ int client_readline_sslbuffer(StrBuf *Line, StrBuf *IOBuf, const char **Pos, int
 
 int client_read_sslblob(StrBuf *Target, long bytes, int timeout)
 {
-	long bufremain;
 	long baselen;
-	int retval;
+	long RemainRead;
+	int retval = 0;
 	CitContext *CCC = CC;
 
 	baselen = StrLength(Target);
 
-	if (CCC->Pos == NULL)
-		CCC->Pos = ChrPtr(CCC->ReadBuf);
-	bufremain = StrLength(CCC->ReadBuf) - 
-		(CCC->Pos - ChrPtr(CCC->ReadBuf));
+	if (StrLength(CCC->RecvBuf.Buf) > 0)
+	{
+		long RemainLen;
+		long TotalLen;
+		const char *pchs;
+
+		if (CCC->RecvBuf.ReadWritePointer == NULL)
+			CCC->RecvBuf.ReadWritePointer = ChrPtr(CCC->RecvBuf.Buf);
+		pchs = ChrPtr(CCC->RecvBuf.Buf);
+		TotalLen = StrLength(CCC->RecvBuf.Buf);
+		RemainLen = TotalLen - (pchs - CCC->RecvBuf.ReadWritePointer);
+		if (RemainLen > bytes)
+			RemainLen = bytes;
+		if (RemainLen > 0)
+		{
+			StrBufAppendBufPlain(Target, 
+					     CCC->RecvBuf.ReadWritePointer, 
+					     RemainLen, 0);
+			CCC->RecvBuf.ReadWritePointer += RemainLen;
+		}
+		if ((ChrPtr(CCC->RecvBuf.Buf) + StrLength(CCC->RecvBuf.Buf)) <= CCC->RecvBuf.ReadWritePointer)
+		{
+			CCC->RecvBuf.ReadWritePointer = NULL;
+			FlushStrBuf(CCC->RecvBuf.Buf);
+		}
+	}
 
-	if (bytes < bufremain)
-		bufremain = bytes;
-	StrBufAppendBufPlain(Target, CCC->Pos, bufremain, 0);
-	StrBufCutLeft(CCC->ReadBuf, bufremain);
-	CCC->Pos = NULL;
+	if (StrLength(Target) >= bytes + baselen)
+		return 1;
+
+	CCC->RecvBuf.ReadWritePointer = NULL;
 
-	if (bytes > bufremain) 
+	while ((StrLength(Target) < bytes + baselen) &&
+	       (retval >= 0))
 	{
-		while ((StrLength(CCC->ReadBuf) + StrLength(Target) < bytes + baselen) &&
-		       (retval >= 0))
-			retval = client_read_sslbuffer(CCC->ReadBuf, timeout);
+		retval = client_read_sslbuffer(CCC->RecvBuf.Buf, timeout);
 		if (retval >= 0) {
-			StrBufAppendBuf(Target, CCC->ReadBuf, 0); /* todo: Buf > bytes? */
-			return 1;
+			RemainRead = bytes - (StrLength (Target) - baselen);
+			if (RemainRead < StrLength(CCC->RecvBuf.Buf))
+			{
+				StrBufAppendBufPlain(
+					Target, 
+					ChrPtr(CCC->RecvBuf.Buf), 
+					RemainRead, 0);
+				CCC->RecvBuf.ReadWritePointer = ChrPtr(CCC->RecvBuf.Buf) + RemainRead;
+				break;
+			}
+			StrBufAppendBuf(Target, CCC->RecvBuf.Buf, 0); /* todo: Buf > bytes? */
+			FlushStrBuf(CCC->RecvBuf.Buf);
 		}
-		else {
+		else 
+		{
+			FlushStrBuf(CCC->RecvBuf.Buf);
 			return -1;
+	
 		}
 	}
-	else 
-		return 1;
+	return 1;
 }
 
 
@@ -606,18 +637,18 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 	int retval, bits, alg_bits;
 
 	if (!ssl_ctx) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL failed: no ssl_ctx exists?\n");
+		syslog(LOG_CRIT, "SSL failed: no ssl_ctx exists?\n");
 		if (nosup_response != NULL) cprintf("%s", nosup_response);
 		return;
 	}
 	if (!(CC->ssl = SSL_new(ssl_ctx))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_new failed: %s\n",
+		syslog(LOG_CRIT, "SSL_new failed: %s\n",
 				ERR_reason_error_string(ERR_get_error()));
 		if (error_response != NULL) cprintf("%s", error_response);
 		return;
 	}
 	if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
-		CtdlLogPrintf(CTDL_CRIT, "SSL_set_fd failed: %s\n",
+		syslog(LOG_CRIT, "SSL_set_fd failed: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		SSL_free(CC->ssl);
 		CC->ssl = NULL;
@@ -636,7 +667,7 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 		char error_string[128];
 
 		errval = SSL_get_error(CC->ssl, retval);
-		CtdlLogPrintf(CTDL_CRIT, "SSL_accept failed: retval=%d, errval=%ld, err=%s\n",
+		syslog(LOG_CRIT, "SSL_accept failed: retval=%d, errval=%ld, err=%s\n",
 			retval,
 			errval,
 			ERR_error_string(errval, error_string)
@@ -647,7 +678,7 @@ void CtdlStartTLS(char *ok_response, char *nosup_response,
 	}
 	BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
 	bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
-	CtdlLogPrintf(CTDL_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
+	syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
 		SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
 		SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
 		bits, alg_bits);
@@ -714,7 +745,7 @@ void endtls(void)
 		return;
 	}
 
-	CtdlLogPrintf(CTDL_INFO, "Ending SSL/TLS\n");
+	syslog(LOG_INFO, "Ending SSL/TLS\n");
 	SSL_shutdown(CC->ssl);
 	SSL_free(CC->ssl);
 	CC->ssl = NULL;