sound/pianod/patches/030-Waitress_add_polarssl_variant.patch

   1 --- a/src/libwaitress/waitress.h
   2 +++ b/src/libwaitress/waitress.h
   3 @@ -27,7 +27,12 @@ THE SOFTWARE.
   4  #include <stdlib.h>
   5  #include <unistd.h>
   6  #include <stdbool.h>
   7 +
   8 +#if defined(USE_POLARSSL)
   9 +typedef struct _polarssl_ctx polarssl_ctx;
  10 +#else
  11  #include <gnutls/gnutls.h>
  12 +#endif
  13
  14  #define LIBWAITRESS_NAME "libwaitress"
  15
  16 @@ -102,8 +107,9 @@ typedef struct {
  17         WaitressUrl_t url;
  18         WaitressUrl_t proxy;
  19
  20 +#if !defined(USE_POLARSSL)
  21         gnutls_certificate_credentials_t tlsCred;
  22 -
  23 +#endif
  24         /* per-request data */
  25         struct {
  26                 int sockfd;
  27 @@ -121,7 +127,11 @@ typedef struct {
  28                 WaitressReturn_t (*read) (void *, char *, const size_t, size_t *);
  29                 WaitressReturn_t (*write) (void *, const char *, const size_t);
  30
  31 +#if defined(USE_POLARSSL)
  32 +               polarssl_ctx* sslCtx;
  33 +#else
  34                 gnutls_session_t tlsSession;
  35 +#endif
  36         } request;
  37  } WaitressHandle_t;
  38
  39 --- a/src/pianod.c
  40 +++ b/src/pianod.c
  41 @@ -531,8 +531,11 @@ static bool initialize_libraries (APPSTA
  42         gcry_check_version (NULL);
  43         gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
  44         gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
  45 +
  46 +#if !defined(USE_POLARSSL)
  47         int crystatus = gnutls_global_init ();
  48         if (crystatus == GNUTLS_E_SUCCESS) {
  49 +#endif
  50                 PianoReturn_t status = PianoInit (&app->ph, app->settings.partnerUser, app->settings.partnerPassword,
  51                                                                                   app->settings.device, app->settings.inkey, app->settings.outkey);
  52                 if (status == PIANO_RET_OK) {
  53 @@ -545,11 +548,13 @@ static bool initialize_libraries (APPSTA
  54                 } else {
  55                         flog (LOG_ERROR, "initialize_libraries: PianoInit: %s", PianoErrorToStr (status));
  56                 }
  57 +#if !defined(USE_POLARSSL)
  58                 gnutls_global_deinit ();
  59         } else {
  60                 flog (LOG_ERROR, "initialize_libraries: gnutls_global_init: %s", gcry_strerror (crystatus));
  61
  62         }
  63 +#endif
  64         return false;
  65  }
  66
  67 @@ -728,7 +733,9 @@ int main (int argc, char **argv) {
  68                 PianoDestroyPlaylist (app.song_history);
  69                 PianoDestroyPlaylist (app.playlist);
  70                 WaitressFree (&app.waith);
  71 +#if !defined(USE_POLARSSL)
  72                 gnutls_global_deinit ();
  73 +#endif
  74                 settings_destroy (&app.settings);
  75         }
  76
  77 --- a/src/libwaitress/waitress.c
  78 +++ b/src/libwaitress/waitress.c
  79 @@ -41,11 +41,33 @@ THE SOFTWARE.
  80  #include <assert.h>
  81  #include <stdint.h>
  82
  83 -#include <gnutls/x509.h>
  84
  85  #include "config.h"
  86  #include "waitress.h"
  87
  88 +#if defined(USE_POLARSSL)
  89 +
  90 +#include <polarssl/ssl.h>
  91 +#include <polarssl/entropy.h>
  92 +#include <polarssl/ctr_drbg.h>
  93 +#include <polarssl/x509.h>
  94 +#include <polarssl/sha1.h>
  95 +
  96 +struct _polarssl_ctx
  97 +{
  98 +       ssl_context             ssl;
  99 +       ssl_session             session;
 100 +       entropy_context         entrophy;
 101 +       ctr_drbg_context        rnd;
 102 +};
 103 +
 104 +#else
 105 +
 106 +// Use gnutls by default (USE_POLARSSL not defined)
 107 +#include <gnutls/x509.h>
 108 +
 109 +#endif
 110 +
 111  #define strcaseeq(a,b) (strcasecmp(a,b) == 0)
 112  #define WAITRESS_HTTP_VERSION "1.1"
 113
 114 @@ -56,6 +78,13 @@ typedef struct {
 115
 116  static WaitressReturn_t WaitressReceiveHeaders (WaitressHandle_t *, size_t *);
 117
 118 +// gnutls wants (void *) and polarssl want (unsigned char *)
 119 +#if defined(USE_POLARSSL)
 120 +#define BUFFER_CAST unsigned char
 121 +#else
 122 +#define BUFFER_CAST void
 123 +#endif
 124 +
 125  #define READ_RET(buf, count, size) \
 126                 if ((wRet = waith->request.read (waith, buf, count, size)) != \
 127                                 WAITRESS_RET_OK) { \
 128 @@ -444,7 +473,7 @@ static int WaitressPollLoop (int fd, sho
 129   *     @param write count bytes
 130   *     @return number of written bytes or -1 on error
 131   */
 132 -static ssize_t WaitressPollWrite (void *data, const void *buf, size_t count) {
 133 +static ssize_t WaitressPollWrite (void *data, const BUFFER_CAST *buf, size_t count) {
 134         int pollres = -1;
 135         ssize_t retSize;
 136         WaitressHandle_t *waith = data;
 137 @@ -478,13 +507,20 @@ static WaitressReturn_t WaitressOrdinary
 138         return waith->request.readWriteRet;
 139  }
 140
 141 -static WaitressReturn_t WaitressGnutlsWrite (void *data, const char *buf,
 142 +static WaitressReturn_t WaitressTlsWrite (void *data, const char *buf,
 143                 const size_t size) {
 144         WaitressHandle_t *waith = data;
 145 +#if defined(USE_POLARSSL)
 146 +
 147 +       if (ssl_write (&waith->request.sslCtx->ssl, buf, size) < 0) {
 148 +               return WAITRESS_RET_TLS_WRITE_ERR;
 149 +       }
 150 +#else
 151
 152         if (gnutls_record_send (waith->request.tlsSession, buf, size) < 0) {
 153                 return WAITRESS_RET_TLS_WRITE_ERR;
 154         }
 155 +#endif
 156         return waith->request.readWriteRet;
 157  }
 158
 159 @@ -494,7 +530,7 @@ static WaitressReturn_t WaitressGnutlsWr
 160   *     @param buffer size
 161   *     @return number of read bytes or -1 on error
 162   */
 163 -static ssize_t WaitressPollRead (void *data, void *buf, size_t count) {
 164 +static ssize_t WaitressPollRead (void *data, BUFFER_CAST *buf, size_t count) {
 165         int pollres = -1;
 166         ssize_t retSize;
 167         WaitressHandle_t *waith = data;
 168 @@ -531,16 +567,34 @@ static WaitressReturn_t WaitressOrdinary
 169         return waith->request.readWriteRet;
 170  }
 171
 172 -static WaitressReturn_t WaitressGnutlsRead (void *data, char *buf,
 173 +static WaitressReturn_t WaitressTlsRead (void *data, char *buf,
 174                 const size_t size, size_t *retSize) {
 175         WaitressHandle_t *waith = data;
 176
 177 +#if defined(USE_POLARSSL)
 178 +       int ret;
 179 +
 180 +       *retSize = 0;
 181 +       waith->request.readWriteRet = WAITRESS_RET_OK;
 182 +       ret = ssl_read (&waith->request.sslCtx->ssl, buf, size);
 183 +
 184 +       if (ret < 0) {
 185 +               if (ret != POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) {
 186 +                       waith->request.readWriteRet = WAITRESS_RET_TLS_READ_ERR;
 187 +               }
 188 +
 189 +               return waith->request.readWriteRet;
 190 +       }
 191 +
 192 +       *retSize = ret;
 193 +#else
 194         ssize_t ret = gnutls_record_recv (waith->request.tlsSession, buf, size);
 195         if (ret < 0) {
 196                 return WAITRESS_RET_TLS_READ_ERR;
 197         } else {
 198                 *retSize = ret;
 199         }
 200 +#endif
 201         return waith->request.readWriteRet;
 202  }
 203
 204 @@ -727,10 +781,28 @@ static int WaitressParseStatusline (cons
 205  /*     verify server certificate
 206   */
 207  static WaitressReturn_t WaitressTlsVerify (const WaitressHandle_t *waith) {
 208 +
 209 +#if defined(USE_POLARSSL)
 210 +       unsigned char fingerprint[20];
 211 +
 212 +       const x509_crt* cert = ssl_get_peer_cert (&waith->request.sslCtx->ssl);
 213 +
 214 +       if (NULL == cert) {
 215 +               return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 216 +       }
 217 +
 218 +       sha1 (cert->raw.p, cert->raw.len, fingerprint);
 219 +
 220 +       if (memcmp (fingerprint, waith->tlsFingerprint, sizeof (fingerprint)) != 0) {
 221 +               return WAITRESS_RET_TLS_FINGERPRINT_MISMATCH;
 222 +       }
 223 +
 224 +#else
 225         gnutls_session_t session = waith->request.tlsSession;
 226         unsigned int certListSize;
 227         const gnutls_datum_t *certList;
 228         gnutls_x509_crt_t cert;
 229 +       char fingerprint[20];
 230
 231         if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
 232                 return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 233 @@ -750,7 +822,6 @@ static WaitressReturn_t WaitressTlsVerif
 234                 return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 235         }
 236
 237 -       char fingerprint[20];
 238         size_t fingerprintSize = sizeof (fingerprint);
 239         if (gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1, fingerprint,
 240                         &fingerprintSize) != 0) {
 241 @@ -763,7 +834,7 @@ static WaitressReturn_t WaitressTlsVerif
 242         }
 243
 244         gnutls_x509_crt_deinit (cert);
 245 -
 246 +#endif
 247         return WAITRESS_RET_OK;
 248  }
 249
 250 @@ -880,6 +951,12 @@ static WaitressReturn_t WaitressConnect
 251                         }
 252                 }
 253
 254 +#if defined(USE_POLARSSL)
 255 +               ssl_set_hostname (&waith->request.sslCtx->ssl, waith->url.host);
 256 +               if (ssl_handshake (&waith->request.sslCtx->ssl) != 0) {
 257 +                       return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 258 +               }
 259 +#else
 260                 /* Ignore return code as connection will likely still succeed */
 261                 gnutls_server_name_set (waith->request.tlsSession, GNUTLS_NAME_DNS,
 262                                 waith->url.host, strlen (waith->url.host));
 263 @@ -887,14 +964,15 @@ static WaitressReturn_t WaitressConnect
 264                 if (gnutls_handshake (waith->request.tlsSession) != GNUTLS_E_SUCCESS) {
 265                         return WAITRESS_RET_TLS_HANDSHAKE_ERR;
 266                 }
 267 +#endif
 268
 269                 if ((wRet = WaitressTlsVerify (waith)) != WAITRESS_RET_OK) {
 270                         return wRet;
 271                 }
 272
 273                 /* now we can talk encrypted */
 274 -               waith->request.read = WaitressGnutlsRead;
 275 -               waith->request.write = WaitressGnutlsWrite;
 276 +               waith->request.read = WaitressTlsRead;
 277 +               waith->request.write = WaitressTlsWrite;
 278         }
 279
 280         return WAITRESS_RET_OK;
 281 @@ -1120,6 +1198,21 @@ WaitressReturn_t WaitressFetchCall (Wait
 282         waith->request.contentLengthKnown = false;
 283
 284         if (waith->url.tls) {
 285 +#if defined(USE_POLARSSL)
 286 +               waith->request.sslCtx = calloc (1, sizeof(polarssl_ctx));
 287 +
 288 +               entropy_init (&waith->request.sslCtx->entrophy);
 289 +               ctr_drbg_init (&waith->request.sslCtx->rnd, entropy_func, &waith->request.sslCtx->entrophy, "libwaitress", 11);
 290 +               ssl_init (&waith->request.sslCtx->ssl);
 291 +
 292 +               ssl_set_endpoint (&waith->request.sslCtx->ssl, SSL_IS_CLIENT);
 293 +               ssl_set_authmode (&waith->request.sslCtx->ssl, SSL_VERIFY_NONE);
 294 +               ssl_set_rng (&waith->request.sslCtx->ssl, ctr_drbg_random, &waith->request.sslCtx->rnd);
 295 +               ssl_set_session (&waith->request.sslCtx->ssl, &waith->request.sslCtx->session);
 296 +               ssl_set_bio (&waith->request.sslCtx->ssl,
 297 +                            WaitressPollRead, waith,
 298 +                            WaitressPollWrite, waith);
 299 +#else
 300                 gnutls_init (&waith->request.tlsSession, GNUTLS_CLIENT);
 301                 gnutls_set_default_priority (waith->request.tlsSession);
 302
 303 @@ -1137,6 +1230,7 @@ WaitressReturn_t WaitressFetchCall (Wait
 304                                 WaitressPollRead);
 305                 gnutls_transport_set_push_function (waith->request.tlsSession,
 306                                 WaitressPollWrite);
 307 +#endif
 308         }
 309
 310         /* buffer is required for connect already */
 311 @@ -1148,15 +1242,22 @@ WaitressReturn_t WaitressFetchCall (Wait
 312                 if ((wRet = WaitressSendRequest (waith)) == WAITRESS_RET_OK) {
 313                         wRet = WaitressReceiveResponse (waith);
 314                 }
 315 +#if !defined(USE_POLARSSL)
 316                 if (waith->url.tls) {
 317                         gnutls_bye (waith->request.tlsSession, GNUTLS_SHUT_RDWR);
 318                 }
 319 +#endif
 320         }
 321
 322         /* cleanup */
 323         if (waith->url.tls) {
 324 +#if defined(USE_POLARSSL)
 325 +               ssl_free (&waith->request.sslCtx->ssl);
 326 +               free (waith->request.sslCtx);
 327 +#else
 328                 gnutls_deinit (waith->request.tlsSession);
 329                 gnutls_certificate_free_credentials (waith->tlsCred);
 330 +#endif
 331         }
 332         if (waith->request.sockfd != -1) {
 333                 close (waith->request.sockfd);