git://git.onelab.eu
/
sliver-openvswitch.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fat-rwlock: Don't forget to destroy a mutex
[sliver-openvswitch.git]
/
lib
/
stream-ssl.c
diff --git
a/lib/stream-ssl.c
b/lib/stream-ssl.c
index
4a9dd4f
..
2ed5282
100644
(file)
--- a/
lib/stream-ssl.c
+++ b/
lib/stream-ssl.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012
, 2013
Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@
-17,7
+17,6
@@
#include <config.h>
#include "stream-ssl.h"
#include "dhparams.h"
#include <config.h>
#include "stream-ssl.h"
#include "dhparams.h"
-#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <inttypes.h>
#include <ctype.h>
#include <errno.h>
#include <inttypes.h>
@@
-36,7
+35,6
@@
#include "coverage.h"
#include "dynamic-string.h"
#include "entropy.h"
#include "coverage.h"
#include "dynamic-string.h"
#include "entropy.h"
-#include "leak-checker.h"
#include "ofpbuf.h"
#include "openflow/openflow.h"
#include "packets.h"
#include "ofpbuf.h"
#include "openflow/openflow.h"
#include "packets.h"
@@
-191,7
+189,7
@@
want_to_poll_events(int want)
{
switch (want) {
case SSL_NOTHING:
{
switch (want) {
case SSL_NOTHING:
- NOT_REACHED();
+
OVS_
NOT_REACHED();
case SSL_READING:
return POLLIN;
case SSL_READING:
return POLLIN;
@@
-200,14
+198,13
@@
want_to_poll_events(int want)
return POLLOUT;
default:
return POLLOUT;
default:
- NOT_REACHED();
+
OVS_
NOT_REACHED();
}
}
static int
new_ssl_stream(const char *name, int fd, enum session_type type,
}
}
static int
new_ssl_stream(const char *name, int fd, enum session_type type,
- enum ssl_state state, const struct sockaddr_in *remote,
- struct stream **streamp)
+ enum ssl_state state, struct stream **streamp)
{
struct sockaddr_in local;
socklen_t local_len = sizeof local;
{
struct sockaddr_in local;
socklen_t local_len = sizeof local;
@@
-248,7
+245,7
@@
new_ssl_stream(const char *name, int fd, enum session_type type,
/* Disable Nagle. */
retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on);
if (retval) {
/* Disable Nagle. */
retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on);
if (retval) {
- VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name, strerror(errno));
+ VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name,
ovs_
strerror(errno));
retval = errno;
goto error;
}
retval = errno;
goto error;
}
@@
-272,10
+269,6
@@
new_ssl_stream(const char *name, int fd, enum session_type type,
/* Create and return the ssl_stream. */
sslv = xmalloc(sizeof *sslv);
stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name);
/* Create and return the ssl_stream. */
sslv = xmalloc(sizeof *sslv);
stream_init(&sslv->stream, &ssl_stream_class, EAGAIN, name);
- stream_set_remote_ip(&sslv->stream, remote->sin_addr.s_addr);
- stream_set_remote_port(&sslv->stream, remote->sin_port);
- stream_set_local_ip(&sslv->stream, local.sin_addr.s_addr);
- stream_set_local_port(&sslv->stream, local.sin_port);
sslv->state = state;
sslv->type = type;
sslv->fd = fd;
sslv->state = state;
sslv->type = type;
sslv->fd = fd;
@@
-311,7
+304,6
@@
ssl_stream_cast(struct stream *stream)
static int
ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
{
static int
ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
{
- struct sockaddr_in sin;
int error, fd;
error = ssl_init();
int error, fd;
error = ssl_init();
@@
-319,13
+311,13
@@
ssl_open(const char *name, char *suffix, struct stream **streamp, uint8_t dscp)
return error;
}
return error;
}
- error = inet_open_active(SOCK_STREAM, suffix, OFP_
SSL_PORT, &sin
, &fd,
+ error = inet_open_active(SOCK_STREAM, suffix, OFP_
OLD_PORT, NULL
, &fd,
dscp);
if (fd >= 0) {
int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING;
dscp);
if (fd >= 0) {
int state = error ? STATE_TCP_CONNECTING : STATE_SSL_CONNECTING;
- return new_ssl_stream(name, fd, CLIENT, state,
&sin,
streamp);
+ return new_ssl_stream(name, fd, CLIENT, state, streamp);
} else {
} else {
- VLOG_ERR("%s: connect: %s", name, strerror(error));
+ VLOG_ERR("%s: connect: %s", name,
ovs_
strerror(error));
return error;
}
}
return error;
}
}
@@
-371,7
+363,7
@@
do_ca_cert_bootstrap(struct stream *stream)
return EPROTO;
} else {
VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
return EPROTO;
} else {
VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",
- ca_cert.file_name, strerror(errno));
+ ca_cert.file_name,
ovs_
strerror(errno));
return errno;
}
}
return errno;
}
}
@@
-380,7
+372,7
@@
do_ca_cert_bootstrap(struct stream *stream)
if (!file) {
error = errno;
VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s",
if (!file) {
error = errno;
VLOG_ERR("could not bootstrap CA cert: fdopen failed: %s",
- strerror(error));
+
ovs_
strerror(error));
unlink(ca_cert.file_name);
return error;
}
unlink(ca_cert.file_name);
return error;
}
@@
-397,7
+389,7
@@
do_ca_cert_bootstrap(struct stream *stream)
if (fclose(file)) {
error = errno;
VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s",
if (fclose(file)) {
error = errno;
VLOG_ERR("could not bootstrap CA cert: writing %s failed: %s",
- ca_cert.file_name, strerror(error));
+ ca_cert.file_name,
ovs_
strerror(error));
unlink(ca_cert.file_name);
return error;
}
unlink(ca_cert.file_name);
return error;
}
@@
-443,7
+435,7
@@
ssl_connect(struct stream *stream)
case STATE_SSL_CONNECTING:
/* Capture the first few bytes of received data so that we can guess
case STATE_SSL_CONNECTING:
/* Capture the first few bytes of received data so that we can guess
- * what kind of funny data we've been sent if SSL negotation fails. */
+ * what kind of funny data we've been sent if SSL negot
i
ation fails. */
if (sslv->n_head <= 0) {
sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head,
MSG_PEEK);
if (sslv->n_head <= 0) {
sslv->n_head = recv(sslv->fd, sslv->head, sizeof sslv->head,
MSG_PEEK);
@@
-486,7
+478,7
@@
ssl_connect(struct stream *stream)
}
}
}
}
- NOT_REACHED();
+
OVS_
NOT_REACHED();
}
static void
}
static void
@@
-566,7
+558,7
@@
interpret_ssl_error(const char *function, int ret, int error,
if (ret < 0) {
int status = errno;
VLOG_WARN_RL(&rl, "%s: system error (%s)",
if (ret < 0) {
int status = errno;
VLOG_WARN_RL(&rl, "%s: system error (%s)",
- function, strerror(status));
+ function,
ovs_
strerror(status));
return status;
} else {
VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
return status;
} else {
VLOG_WARN_RL(&rl, "%s: unexpected SSL connection close",
@@
-599,7
+591,7
@@
ssl_recv(struct stream *stream, void *buffer, size_t n)
ssize_t ret;
/* Behavior of zero-byte SSL_read is poorly defined. */
ssize_t ret;
/* Behavior of zero-byte SSL_read is poorly defined. */
- assert(n > 0);
+
ovs_
assert(n > 0);
old_state = SSL_get_state(sslv->ssl);
ret = SSL_read(sslv->ssl, buffer, n);
old_state = SSL_get_state(sslv->ssl);
ret = SSL_read(sslv->ssl, buffer, n);
@@
-675,7
+667,6
@@
ssl_send(struct stream *stream, const void *buffer, size_t n)
ssl_clear_txbuf(sslv);
return n;
case EAGAIN:
ssl_clear_txbuf(sslv);
return n;
case EAGAIN:
- leak_checker_claim(buffer);
return n;
default:
sslv->txbuf = NULL;
return n;
default:
sslv->txbuf = NULL;
@@
-727,7
+718,7
@@
ssl_wait(struct stream *stream, enum stream_wait_type wait)
break;
default:
break;
default:
- NOT_REACHED();
+
OVS_
NOT_REACHED();
}
}
break;
}
}
break;
@@
-751,7
+742,7
@@
ssl_wait(struct stream *stream, enum stream_wait_type wait)
break;
default:
break;
default:
- NOT_REACHED();
+
OVS_
NOT_REACHED();
}
}
}
}
@@
-800,15
+791,16
@@
pssl_open(const char *name OVS_UNUSED, char *suffix, struct pstream **pstreamp,
return retval;
}
return retval;
}
- fd = inet_open_passive(SOCK_STREAM, suffix, OFP_
SSL
_PORT, &sin, dscp);
+ fd = inet_open_passive(SOCK_STREAM, suffix, OFP_
OLD
_PORT, &sin, dscp);
if (fd < 0) {
return -fd;
}
sprintf(bound_name, "pssl:%"PRIu16":"IP_FMT,
if (fd < 0) {
return -fd;
}
sprintf(bound_name, "pssl:%"PRIu16":"IP_FMT,
- ntohs(sin.sin_port), IP_ARGS(
&
sin.sin_addr.s_addr));
+ ntohs(sin.sin_port), IP_ARGS(sin.sin_addr.s_addr));
pssl = xmalloc(sizeof *pssl);
pstream_init(&pssl->pstream, &pssl_pstream_class, bound_name);
pssl = xmalloc(sizeof *pssl);
pstream_init(&pssl->pstream, &pssl_pstream_class, bound_name);
+ pstream_set_bound_port(&pssl->pstream, sin.sin_port);
pssl->fd = fd;
*pstreamp = &pssl->pstream;
return 0;
pssl->fd = fd;
*pstreamp = &pssl->pstream;
return 0;
@@
-836,7
+828,7
@@
pssl_accept(struct pstream *pstream, struct stream **new_streamp)
if (new_fd < 0) {
error = errno;
if (error != EAGAIN) {
if (new_fd < 0) {
error = errno;
if (error != EAGAIN) {
- VLOG_DBG_RL(&rl, "accept: %s", strerror(error));
+ VLOG_DBG_RL(&rl, "accept: %s",
ovs_
strerror(error));
}
return error;
}
}
return error;
}
@@
-847,11
+839,11
@@
pssl_accept(struct pstream *pstream, struct stream **new_streamp)
return error;
}
return error;
}
- sprintf(name, "ssl:"IP_FMT, IP_ARGS(
&sin.sin
_addr));
- if (sin.sin_port != htons(OFP_
SSL
_PORT)) {
+ sprintf(name, "ssl:"IP_FMT, IP_ARGS(
sin.sin_addr.s
_addr));
+ if (sin.sin_port != htons(OFP_
OLD
_PORT)) {
sprintf(strchr(name, '\0'), ":%"PRIu16, ntohs(sin.sin_port));
}
sprintf(strchr(name, '\0'), ":%"PRIu16, ntohs(sin.sin_port));
}
- return new_ssl_stream(name, new_fd, SERVER, STATE_SSL_CONNECTING,
&sin,
+ return new_ssl_stream(name, new_fd, SERVER, STATE_SSL_CONNECTING,
new_streamp);
}
new_streamp);
}
@@
-862,6
+854,13
@@
pssl_wait(struct pstream *pstream)
poll_fd_wait(pssl->fd, POLLIN);
}
poll_fd_wait(pssl->fd, POLLIN);
}
+static int
+pssl_set_dscp(struct pstream *pstream, uint8_t dscp)
+{
+ struct pssl_pstream *pssl = pssl_pstream_cast(pstream);
+ return set_dscp(pssl->fd, dscp);
+}
+
const struct pstream_class pssl_pstream_class = {
"pssl",
true,
const struct pstream_class pssl_pstream_class = {
"pssl",
true,
@@
-869,6
+868,7
@@
const struct pstream_class pssl_pstream_class = {
pssl_close,
pssl_accept,
pssl_wait,
pssl_close,
pssl_accept,
pssl_wait,
+ pssl_set_dscp,
};
\f
/*
};
\f
/*
@@
-889,7
+889,7
@@
ssl_init(void)
static int init_status = -1;
if (init_status < 0) {
init_status = do_ssl_init();
static int init_status = -1;
if (init_status < 0) {
init_status = do_ssl_init();
- assert(init_status >= 0);
+
ovs_
assert(init_status >= 0);
}
return init_status;
}
}
return init_status;
}
@@
-1009,7
+1009,8
@@
update_ssl_config(struct ssl_config_file *config, const char *file_name)
* here. */
error = get_mtime(file_name, &mtime);
if (error && error != ENOENT) {
* here. */
error = get_mtime(file_name, &mtime);
if (error && error != ENOENT) {
- VLOG_ERR_RL(&rl, "%s: stat failed (%s)", file_name, strerror(error));
+ VLOG_ERR_RL(&rl, "%s: stat failed (%s)",
+ file_name, ovs_strerror(error));
}
if (config->file_name
&& !strcmp(config->file_name, file_name)
}
if (config->file_name
&& !strcmp(config->file_name, file_name)
@@
-1117,7
+1118,7
@@
read_cert_file(const char *file_name, X509 ***certs, size_t *n_certs)
file = fopen(file_name, "r");
if (!file) {
VLOG_ERR("failed to open %s for reading: %s",
file = fopen(file_name, "r");
if (!file) {
VLOG_ERR("failed to open %s for reading: %s",
- file_name, strerror(errno));
+ file_name,
ovs_
strerror(errno));
return errno;
}
return errno;
}
@@
-1205,7
+1206,7
@@
log_ca_cert(const char *file_name, X509 *cert)
if (i) {
ds_put_char(&fp, ':');
}
if (i) {
ds_put_char(&fp, ':');
}
- ds_put_format(&fp, "%02
hh
x", digest[i]);
+ ds_put_format(&fp, "%02x", digest[i]);
}
}
subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
}
}
subject = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
@@
-1240,7
+1241,7
@@
stream_ssl_set_ca_cert_file__(const char *file_name,
for (i = 0; i < n_certs; i++) {
/* SSL_CTX_add_client_CA makes a copy of the relevant data. */
if (SSL_CTX_add_client_CA(ctx, certs[i]) != 1) {
for (i = 0; i < n_certs; i++) {
/* SSL_CTX_add_client_CA makes a copy of the relevant data. */
if (SSL_CTX_add_client_CA(ctx, certs[i]) != 1) {
- VLOG_ERR("failed to add client certificate %
zu
from %s: %s",
+ VLOG_ERR("failed to add client certificate %
"PRIuSIZE"
from %s: %s",
i, file_name,
ERR_error_string(ERR_get_error(), NULL));
} else {
i, file_name,
ERR_error_string(ERR_get_error(), NULL));
} else {
@@
-1362,7
+1363,7
@@
ssl_protocol_cb(int write_p, int version OVS_UNUSED, int content_type,
ds_put_format(&details, "type %d", content_type);
}
ds_put_format(&details, "type %d", content_type);
}
- VLOG_DBG("%s%u%s%s %s (%
zu
bytes)",
+ VLOG_DBG("%s%u%s%s %s (%
"PRIuSIZE"
bytes)",
sslv->type == CLIENT ? "client" : "server",
sslv->session_nr, write_p ? "-->" : "<--",
stream_get_name(&sslv->stream), ds_cstr(&details), len);
sslv->type == CLIENT ? "client" : "server",
sslv->session_nr, write_p ? "-->" : "<--",
stream_get_name(&sslv->stream), ds_cstr(&details), len);