diff options
Diffstat (limited to 'ssl.c')
| -rw-r--r-- | ssl.c | 218 |
1 files changed, 109 insertions, 109 deletions
@@ -44,10 +44,10 @@ #define OPENSSL_1_1_0 0x10100000L -void __redisSetError(redisContext *c, int type, const char *str); +void __redictSetError(redictContext *c, int type, const char *str); -struct redisSSLContext { - /* Associated OpenSSL SSL_CTX as created by redisCreateSSLContext() */ +struct redictSSLContext { + /* Associated OpenSSL SSL_CTX as created by redictCreateSSLContext() */ SSL_CTX *ssl_ctx; /* Requested SNI, or NULL */ @@ -55,7 +55,7 @@ struct redisSSLContext { }; /* The SSL connection context is attached to SSL/TLS connections as a privdata. */ -typedef struct redisSSL { +typedef struct redictSSL { /** * OpenSSL SSL object. */ @@ -75,10 +75,10 @@ typedef struct redisSSL { * should resume whenever a read takes place, if possible */ int pendingWrite; -} redisSSL; +} redictSSL; /* Forward declaration */ -redisContextFuncs redisContextSSLFuncs; +redictContextFuncs redictContextSSLFuncs; /** * OpenSSL global initialization and locking handling callbacks. @@ -86,10 +86,10 @@ redisContextFuncs redisContextSSLFuncs; */ #if OPENSSL_VERSION_NUMBER < OPENSSL_1_1_0 -#define HIREDIS_USE_CRYPTO_LOCKS +#define HIREDICT_USE_CRYPTO_LOCKS #endif -#ifdef HIREDIS_USE_CRYPTO_LOCKS +#ifdef HIREDICT_USE_CRYPTO_LOCKS #ifdef _WIN32 typedef CRITICAL_SECTION sslLockType; static void sslLockInit(sslLockType* l) { @@ -133,60 +133,60 @@ static int initOpensslLocks(void) { unsigned ii, nlocks; if (CRYPTO_get_locking_callback() != NULL) { /* Someone already set the callback before us. Don't destroy it! */ - return REDIS_OK; + return REDICT_OK; } nlocks = CRYPTO_num_locks(); ossl_locks = hi_malloc(sizeof(*ossl_locks) * nlocks); if (ossl_locks == NULL) - return REDIS_ERR; + return REDICT_ERR; for (ii = 0; ii < nlocks; ii++) { sslLockInit(ossl_locks + ii); } CRYPTO_set_locking_callback(opensslDoLock); - return REDIS_OK; + return REDICT_OK; } -#endif /* HIREDIS_USE_CRYPTO_LOCKS */ +#endif /* HIREDICT_USE_CRYPTO_LOCKS */ -int redisInitOpenSSL(void) +int redictInitOpenSSL(void) { SSL_library_init(); -#ifdef HIREDIS_USE_CRYPTO_LOCKS +#ifdef HIREDICT_USE_CRYPTO_LOCKS initOpensslLocks(); #endif - return REDIS_OK; + return REDICT_OK; } /** - * redisSSLContext helper context destruction. + * redictSSLContext helper context destruction. */ -const char *redisSSLContextGetError(redisSSLContextError error) +const char *redictSSLContextGetError(redictSSLContextError error) { switch (error) { - case REDIS_SSL_CTX_NONE: + case REDICT_SSL_CTX_NONE: return "No Error"; - case REDIS_SSL_CTX_CREATE_FAILED: + case REDICT_SSL_CTX_CREATE_FAILED: return "Failed to create OpenSSL SSL_CTX"; - case REDIS_SSL_CTX_CERT_KEY_REQUIRED: + case REDICT_SSL_CTX_CERT_KEY_REQUIRED: return "Client cert and key must both be specified or skipped"; - case REDIS_SSL_CTX_CA_CERT_LOAD_FAILED: + case REDICT_SSL_CTX_CA_CERT_LOAD_FAILED: return "Failed to load CA Certificate or CA Path"; - case REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED: + case REDICT_SSL_CTX_CLIENT_CERT_LOAD_FAILED: return "Failed to load client certificate"; - case REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED: + case REDICT_SSL_CTX_PRIVATE_KEY_LOAD_FAILED: return "Failed to load private key"; - case REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED: + case REDICT_SSL_CTX_OS_CERTSTORE_OPEN_FAILED: return "Failed to open system certificate store"; - case REDIS_SSL_CTX_OS_CERT_ADD_FAILED: + case REDICT_SSL_CTX_OS_CERT_ADD_FAILED: return "Failed to add CA certificates obtained from system to the SSL context"; default: return "Unknown error code"; } } -void redisFreeSSLContext(redisSSLContext *ctx) +void redictFreeSSLContext(redictSSLContext *ctx) { if (!ctx) return; @@ -206,26 +206,26 @@ void redisFreeSSLContext(redisSSLContext *ctx) /** - * redisSSLContext helper context initialization. + * redictSSLContext helper context initialization. */ -redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *capath, +redictSSLContext *redictCreateSSLContext(const char *cacert_filename, const char *capath, const char *cert_filename, const char *private_key_filename, - const char *server_name, redisSSLContextError *error) + const char *server_name, redictSSLContextError *error) { - redisSSLOptions options = { + redictSSLOptions options = { .cacert_filename = cacert_filename, .capath = capath, .cert_filename = cert_filename, .private_key_filename = private_key_filename, .server_name = server_name, - .verify_mode = REDIS_SSL_VERIFY_PEER, + .verify_mode = REDICT_SSL_VERIFY_PEER, }; - return redisCreateSSLContextWithOptions(&options, error); + return redictCreateSSLContextWithOptions(&options, error); } -redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redisSSLContextError *error) { +redictSSLContext *redictCreateSSLContextWithOptions(redictSSLOptions *options, redictSSLContextError *error) { const char *cacert_filename = options->cacert_filename; const char *capath = options->capath; const char *cert_filename = options->cert_filename; @@ -237,7 +237,7 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi PCCERT_CONTEXT win_ctx = NULL; #endif - redisSSLContext *ctx = hi_calloc(1, sizeof(redisSSLContext)); + redictSSLContext *ctx = hi_calloc(1, sizeof(redictSSLContext)); if (ctx == NULL) goto error; @@ -250,7 +250,7 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi ctx->ssl_ctx = SSL_CTX_new(ssl_method); if (!ctx->ssl_ctx) { - if (error) *error = REDIS_SSL_CTX_CREATE_FAILED; + if (error) *error = REDICT_SSL_CTX_CREATE_FAILED; goto error; } @@ -264,7 +264,7 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi if ((cert_filename != NULL && private_key_filename == NULL) || (private_key_filename != NULL && cert_filename == NULL)) { - if (error) *error = REDIS_SSL_CTX_CERT_KEY_REQUIRED; + if (error) *error = REDICT_SSL_CTX_CERT_KEY_REQUIRED; goto error; } @@ -273,7 +273,7 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi if (0 == strcmp(cacert_filename, "wincert")) { win_store = CertOpenSystemStore(NULL, "Root"); if (!win_store) { - if (error) *error = REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED; + if (error) *error = REDICT_SSL_CTX_OS_CERTSTORE_OPEN_FAILED; goto error; } X509_STORE* store = SSL_CTX_get_cert_store(ctx->ssl_ctx); @@ -284,7 +284,7 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi if ((1 != X509_STORE_add_cert(store, x509)) || (1 != SSL_CTX_add_client_CA(ctx->ssl_ctx, x509))) { - if (error) *error = REDIS_SSL_CTX_OS_CERT_ADD_FAILED; + if (error) *error = REDICT_SSL_CTX_OS_CERT_ADD_FAILED; goto error; } X509_free(x509); @@ -295,23 +295,23 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi } else #endif if (!SSL_CTX_load_verify_locations(ctx->ssl_ctx, cacert_filename, capath)) { - if (error) *error = REDIS_SSL_CTX_CA_CERT_LOAD_FAILED; + if (error) *error = REDICT_SSL_CTX_CA_CERT_LOAD_FAILED; goto error; } } else { if (!SSL_CTX_set_default_verify_paths(ctx->ssl_ctx)) { - if (error) *error = REDIS_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED; + if (error) *error = REDICT_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED; goto error; } } if (cert_filename) { if (!SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, cert_filename)) { - if (error) *error = REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED; + if (error) *error = REDICT_SSL_CTX_CLIENT_CERT_LOAD_FAILED; goto error; } if (!SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, private_key_filename, SSL_FILETYPE_PEM)) { - if (error) *error = REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED; + if (error) *error = REDICT_SSL_CTX_PRIVATE_KEY_LOAD_FAILED; goto error; } } @@ -326,7 +326,7 @@ error: CertFreeCertificateContext(win_ctx); CertCloseStore(win_store, 0); #endif - redisFreeSSLContext(ctx); + redictFreeSSLContext(ctx); return NULL; } @@ -335,19 +335,19 @@ error: */ -static int redisSSLConnect(redisContext *c, SSL *ssl) { +static int redictSSLConnect(redictContext *c, SSL *ssl) { if (c->privctx) { - __redisSetError(c, REDIS_ERR_OTHER, "redictContext was already associated"); - return REDIS_ERR; + __redictSetError(c, REDICT_ERR_OTHER, "redictContext was already associated"); + return REDICT_ERR; } - redisSSL *rssl = hi_calloc(1, sizeof(redisSSL)); + redictSSL *rssl = hi_calloc(1, sizeof(redictSSL)); if (rssl == NULL) { - __redisSetError(c, REDIS_ERR_OOM, "Out of memory"); - return REDIS_ERR; + __redictSetError(c, REDICT_ERR_OOM, "Out of memory"); + return REDICT_ERR; } - c->funcs = &redisContextSSLFuncs; + c->funcs = &redictContextSSLFuncs; rssl->ssl = ssl; SSL_set_mode(rssl->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); @@ -358,14 +358,14 @@ static int redisSSLConnect(redisContext *c, SSL *ssl) { int rv = SSL_connect(rssl->ssl); if (rv == 1) { c->privctx = rssl; - return REDIS_OK; + return REDICT_OK; } rv = SSL_get_error(rssl->ssl, rv); - if (((c->flags & REDIS_BLOCK) == 0) && + if (((c->flags & REDICT_BLOCK) == 0) && (rv == SSL_ERROR_WANT_READ || rv == SSL_ERROR_WANT_WRITE)) { c->privctx = rssl; - return REDIS_OK; + return REDICT_OK; } if (c->err == 0) { @@ -377,64 +377,64 @@ static int redisSSLConnect(redisContext *c, SSL *ssl) { snprintf(err,sizeof(err)-1,"SSL_connect failed: %s", ERR_reason_error_string(e)); } - __redisSetError(c, REDIS_ERR_IO, err); + __redictSetError(c, REDICT_ERR_IO, err); } hi_free(rssl); - return REDIS_ERR; + return REDICT_ERR; } /** - * A wrapper around redisSSLConnect() for users who manage their own context and + * A wrapper around redictSSLConnect() for users who manage their own context and * create their own SSL object. */ -int redisInitiateSSL(redisContext *c, SSL *ssl) { - return redisSSLConnect(c, ssl); +int redictInitiateSSL(redictContext *c, SSL *ssl) { + return redictSSLConnect(c, ssl); } /** - * A wrapper around redisSSLConnect() for users who use redisSSLContext and don't + * A wrapper around redictSSLConnect() for users who use redictSSLContext and don't * manage their own SSL objects. */ -int redisInitiateSSLWithContext(redisContext *c, redisSSLContext *redis_ssl_ctx) +int redictInitiateSSLWithContext(redictContext *c, redictSSLContext *redict_ssl_ctx) { - if (!c || !redis_ssl_ctx) - return REDIS_ERR; + if (!c || !redict_ssl_ctx) + return REDICT_ERR; - /* We want to verify that redisSSLConnect() won't fail on this, as it will + /* We want to verify that redictSSLConnect() won't fail on this, as it will * not own the SSL object in that case and we'll end up leaking. */ if (c->privctx) - return REDIS_ERR; + return REDICT_ERR; - SSL *ssl = SSL_new(redis_ssl_ctx->ssl_ctx); + SSL *ssl = SSL_new(redict_ssl_ctx->ssl_ctx); if (!ssl) { - __redisSetError(c, REDIS_ERR_OTHER, "Couldn't create new SSL instance"); + __redictSetError(c, REDICT_ERR_OTHER, "Couldn't create new SSL instance"); goto error; } - if (redis_ssl_ctx->server_name) { - if (!SSL_set_tlsext_host_name(ssl, redis_ssl_ctx->server_name)) { - __redisSetError(c, REDIS_ERR_OTHER, "Failed to set server_name/SNI"); + if (redict_ssl_ctx->server_name) { + if (!SSL_set_tlsext_host_name(ssl, redict_ssl_ctx->server_name)) { + __redictSetError(c, REDICT_ERR_OTHER, "Failed to set server_name/SNI"); goto error; } } - if (redisSSLConnect(c, ssl) != REDIS_OK) { + if (redictSSLConnect(c, ssl) != REDICT_OK) { goto error; } - return REDIS_OK; + return REDICT_OK; error: if (ssl) SSL_free(ssl); - return REDIS_ERR; + return REDICT_ERR; } -static int maybeCheckWant(redisSSL *rssl, int rv) { +static int maybeCheckWant(redictSSL *rssl, int rv) { /** * If the error is WANT_READ or WANT_WRITE, the appropriate flags are set * and true is returned. False is returned otherwise @@ -451,11 +451,11 @@ static int maybeCheckWant(redisSSL *rssl, int rv) { } /** - * Implementation of redisContextFuncs for SSL connections. + * Implementation of redictContextFuncs for SSL connections. */ -static void redisSSLFree(void *privctx){ - redisSSL *rsc = privctx; +static void redictSSLFree(void *privctx){ + redictSSL *rsc = privctx; if (!rsc) return; if (rsc->ssl) { @@ -465,18 +465,18 @@ static void redisSSLFree(void *privctx){ hi_free(rsc); } -static ssize_t redisSSLRead(redisContext *c, char *buf, size_t bufcap) { - redisSSL *rssl = c->privctx; +static ssize_t redictSSLRead(redictContext *c, char *buf, size_t bufcap) { + redictSSL *rssl = c->privctx; int nread = SSL_read(rssl->ssl, buf, bufcap); if (nread > 0) { return nread; } else if (nread == 0) { - __redisSetError(c, REDIS_ERR_EOF, "Server closed the connection"); + __redictSetError(c, REDICT_ERR_EOF, "Server closed the connection"); return -1; } else { int err = SSL_get_error(rssl->ssl, nread); - if (c->flags & REDIS_BLOCK) { + if (c->flags & REDICT_BLOCK) { /** * In blocking mode, we should never end up in a situation where * we get an error without it being an actual error, except @@ -490,7 +490,7 @@ static ssize_t redisSSLRead(redisContext *c, char *buf, size_t bufcap) { if (errno == EAGAIN) { msg = "Resource temporarily unavailable"; } - __redisSetError(c, REDIS_ERR_IO, msg); + __redictSetError(c, REDICT_ERR_IO, msg); return -1; } } @@ -501,14 +501,14 @@ static ssize_t redisSSLRead(redisContext *c, char *buf, size_t bufcap) { if (maybeCheckWant(rssl, err)) { return 0; } else { - __redisSetError(c, REDIS_ERR_IO, NULL); + __redictSetError(c, REDICT_ERR_IO, NULL); return -1; } } } -static ssize_t redisSSLWrite(redisContext *c) { - redisSSL *rssl = c->privctx; +static ssize_t redictSSLWrite(redictContext *c) { + redictSSL *rssl = c->privctx; size_t len = rssl->lastLen ? rssl->lastLen : sdslen(c->obuf); int rv = SSL_write(rssl->ssl, c->obuf, len); @@ -519,20 +519,20 @@ static ssize_t redisSSLWrite(redisContext *c) { rssl->lastLen = len; int err = SSL_get_error(rssl->ssl, rv); - if ((c->flags & REDIS_BLOCK) == 0 && maybeCheckWant(rssl, err)) { + if ((c->flags & REDICT_BLOCK) == 0 && maybeCheckWant(rssl, err)) { return 0; } else { - __redisSetError(c, REDIS_ERR_IO, NULL); + __redictSetError(c, REDICT_ERR_IO, NULL); return -1; } } return rv; } -static void redisSSLAsyncRead(redisAsyncContext *ac) { +static void redictSSLAsyncRead(redictAsyncContext *ac) { int rv; - redisSSL *rssl = ac->c.privctx; - redisContext *c = &ac->c; + redictSSL *rssl = ac->c.privctx; + redictContext *c = &ac->c; rssl->wantRead = 0; @@ -541,33 +541,33 @@ static void redisSSLAsyncRead(redisAsyncContext *ac) { /* This is probably just a write event */ rssl->pendingWrite = 0; - rv = redisBufferWrite(c, &done); - if (rv == REDIS_ERR) { - __redisAsyncDisconnect(ac); + rv = redictBufferWrite(c, &done); + if (rv == REDICT_ERR) { + __redictAsyncDisconnect(ac); return; } else if (!done) { _EL_ADD_WRITE(ac); } } - rv = redisBufferRead(c); - if (rv == REDIS_ERR) { - __redisAsyncDisconnect(ac); + rv = redictBufferRead(c); + if (rv == REDICT_ERR) { + __redictAsyncDisconnect(ac); } else { _EL_ADD_READ(ac); - redisProcessCallbacks(ac); + redictProcessCallbacks(ac); } } -static void redisSSLAsyncWrite(redisAsyncContext *ac) { +static void redictSSLAsyncWrite(redictAsyncContext *ac) { int rv, done = 0; - redisSSL *rssl = ac->c.privctx; - redisContext *c = &ac->c; + redictSSL *rssl = ac->c.privctx; + redictContext *c = &ac->c; rssl->pendingWrite = 0; - rv = redisBufferWrite(c, &done); - if (rv == REDIS_ERR) { - __redisAsyncDisconnect(ac); + rv = redictBufferWrite(c, &done); + if (rv == REDICT_ERR) { + __redictAsyncDisconnect(ac); return; } @@ -589,12 +589,12 @@ static void redisSSLAsyncWrite(redisAsyncContext *ac) { _EL_ADD_READ(ac); } -redisContextFuncs redisContextSSLFuncs = { - .close = redisNetClose, - .free_privctx = redisSSLFree, - .async_read = redisSSLAsyncRead, - .async_write = redisSSLAsyncWrite, - .read = redisSSLRead, - .write = redisSSLWrite +redictContextFuncs redictContextSSLFuncs = { + .close = redictNetClose, + .free_privctx = redictSSLFree, + .async_read = redictSSLAsyncRead, + .async_write = redictSSLAsyncWrite, + .read = redictSSLRead, + .write = redictSSLWrite }; |