Changeset: 75e0ec55b4b8 for MonetDB URL: https://dev.monetdb.org/hg/MonetDB/rev/75e0ec55b4b8 Added Files: common/stream/tls_stream.c Modified Files: common/stream/CMakeLists.txt common/stream/socket_stream.c common/stream/stream.h common/stream/url_stream.c tools/merovingian/daemon/client.c Branch: smapi Log Message:
Start implementation of a tls stream diffs (180 lines): diff --git a/common/stream/CMakeLists.txt b/common/stream/CMakeLists.txt --- a/common/stream/CMakeLists.txt +++ b/common/stream/CMakeLists.txt @@ -32,6 +32,7 @@ target_sources(stream lz4_stream.c url_stream.c socket_stream.c + tls_stream.c mapi_stream.c memio.c callback.c diff --git a/common/stream/socket_stream.c b/common/stream/socket_stream.c --- a/common/stream/socket_stream.c +++ b/common/stream/socket_stream.c @@ -16,10 +16,6 @@ #ifdef HAVE_SYS_TIME_H #include <sys/time.h> #endif -#ifdef HAVE_OPENSSL -#include <openssl/ssl.h> -#endif - /* ------------------------------------------------------------------ */ diff --git a/common/stream/stream.h b/common/stream/stream.h --- a/common/stream/stream.h +++ b/common/stream/stream.h @@ -164,6 +164,8 @@ stream_export void close_stream(stream * stream_export stream *open_urlstream(const char *url); // mclient.c, future copy from remote +stream_export stream *open_tls_serv_stream(int fd); + stream_export stream *file_rstream(FILE *restrict fp, bool binary, const char *restrict name); // unused stream_export stream *file_wstream(FILE *restrict fp, bool binary, const char *restrict name); // unused stream_export stream *stdin_rastream(void); diff --git a/common/stream/tls_stream.c b/common/stream/tls_stream.c new file mode 100644 --- /dev/null +++ b/common/stream/tls_stream.c @@ -0,0 +1,114 @@ +/* + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * Copyright 1997 - July 2008 CWI, August 2008 - 2022 MonetDB B.V. + */ + +#include "monetdb_config.h" +#include "stream.h" +#include "stream_internal.h" + +/* ---------------------------------------------- */ +/* streams working over TLS */ + +#ifdef HAVE_OPENSSL +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +typedef struct ssl_wrapper { + SSL_CTX *ctx; + SSL *cSSL; +} ssl_wrapper; + +/* +static ssize_t +tls_write(stream *restrict s, const void *restrict buf, size_t elmsize, size_t cnt) +{ + (void)s; + (void)buf; + (void)elmsize; + (void)cnt; + + return 0; +} + +static ssize_t +tls_read(stream *restrict s, const void *restrict buf, size_t elmsize, size_t cnt) +{ + (void)s; + (void)buf; + (void)elmsize; + (void)cnt; + + return 0; +} +*/ +stream * +open_tls_serv_stream(int fd) +{ + int err = 1; + + ssl_wrapper *w = (ssl_wrapper *)malloc(sizeof(ssl_wrapper)); + if (w == NULL) { + /* TODO handle */ + return NULL; + } + + w->ctx = SSL_CTX_new(TLS_server_method()); + if (w->ctx == NULL) { + /* TODO handle */ + return NULL; + } + + + /* TODO parametrize */ + const char *server_keypair_fname = "/home/kutsurak/src/monetdb/mercurial-repos/public/smapi/smapi-dev-certificates/leaf_keypair.pem"; + err = SSL_CTX_use_PrivateKey_file(w->ctx, server_keypair_fname, SSL_FILETYPE_PEM); + if (err <= 0) { + /* TODO handle */ + return NULL; + } + + /* TODO parametrize */ + const char *server_cert_chain_fname = "/home/kutsurak/src/monetdb/mercurial-repos/public/smapi/smapi-dev-certificates/leaf_cert.pem"; + err = SSL_CTX_use_certificate_chain_file(w->ctx, server_cert_chain_fname); + if (err <= 0) { + /* TODO handle */ + return NULL; + } + + err = SSL_CTX_check_private_key(w->ctx); + if (err <= 0) { + /* TODO handle */ + return NULL; + } + + SSL_CTX_set_mode(w->ctx, SSL_MODE_AUTO_RETRY); + w->cSSL = SSL_new(w->ctx); + + SSL_set_fd(w->cSSL, fd); + + /* TODO: Accept connection and construct stream. + * + * NOTE: Accepting the connection will probably need to happen at the point where the TCP connection is + * accepted. The handshake also happens there and the open_tlsstream is given a fully constructed ssl wrapper. + */ + + return NULL; +} + +#else + +stream * +open_tls_serv_stream(int fd) +{ + (void) fd; + return NULL; +} + +#endif /* HAVE_OPENSSL */ diff --git a/common/stream/url_stream.c b/common/stream/url_stream.c --- a/common/stream/url_stream.c +++ b/common/stream/url_stream.c @@ -8,8 +8,6 @@ * Copyright 1997 - July 2008 CWI, August 2008 - 2022 MonetDB B.V. */ -/* streams working on a gzip-compressed disk file */ - #include "monetdb_config.h" #include "stream.h" #include "stream_internal.h" diff --git a/tools/merovingian/daemon/client.c b/tools/merovingian/daemon/client.c --- a/tools/merovingian/daemon/client.c +++ b/tools/merovingian/daemon/client.c @@ -20,7 +20,7 @@ #include <poll.h> #endif #ifdef HAVE_SYS_UIO_H -# include <sys/uio.h> +#include <sys/uio.h> #endif #include <fcntl.h> _______________________________________________ checkin-list mailing list -- checkin-list@monetdb.org To unsubscribe send an email to checkin-list-le...@monetdb.org
