From 3d9d9004f7c305c24210ef3b6959ada1a31b0720 Mon Sep 17 00:00:00 2001 From: Kris <1611248+Rinzwind@users.noreply.github.com> Date: Sat, 1 Jun 2024 18:45:51 +0200 Subject: [PATCH 1/2] =?UTF-8?q?Fixed=20bug=20in=20=E2=80=98sqAcceptSSL?= =?UTF-8?q?=E2=80=99=20in=20=E2=80=98sqMacSSL.c=E2=80=99=20which,=20after?= =?UTF-8?q?=20setting=20the=20state=20to=20=E2=80=98SQSSL=5FCONNECTED?= =?UTF-8?q?=E2=80=99,=20returned=20the=20value=20of=20=E2=80=98SQSSL=5FOK?= =?UTF-8?q?=E2=80=99=20(zero)=20rather=20than=20the=20number=20of=20bytes?= =?UTF-8?q?=20written=20to=20the=20output=20buffer.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c index 4b61be6aea..d385e68828 100644 --- a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c +++ b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c @@ -626,7 +626,7 @@ sqInt sqAcceptSSL(sqInt handle, char* srcBuf, sqInt srcLen, char* dstBuf, } /* We are connected. Verify the cert. */ ssl->state = SQSSL_CONNECTED; - return SQSSL_OK; + return ssl->outLen; } /* sqEncryptSSL: Encrypt data for SSL transmission. From 3f6259904c9c0cad1771064c52db99cec9b48c33 Mon Sep 17 00:00:00 2001 From: Kris <1611248+Rinzwind@users.noreply.github.com> Date: Sat, 1 Jun 2024 18:48:23 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Made=20=E2=80=98sqSetupSSL=E2=80=99=20in=20?= =?UTF-8?q?=E2=80=98sqMacSSL.c=E2=80=99=20handle=20the=20=E2=80=98CERTNAME?= =?UTF-8?q?=E2=80=99=20property=20having=20been=20set=20(expected=20to=20b?= =?UTF-8?q?e=20the=20path=20to=20a=20file=20of=20at=20most=20128KiB=20with?= =?UTF-8?q?=20data=20that=20can=20be=20imported=20by=20=E2=80=98SecPKCS12I?= =?UTF-8?q?mport=E2=80=99=20as=20an=20array=20whose=20first=20item=20conta?= =?UTF-8?q?ins=20a=20=E2=80=98SecIdentityRef=E2=80=99=20that=20is=20passed?= =?UTF-8?q?=20to=20=E2=80=98SSLSetCertificate=E2=80=99)=20and=20added=20su?= =?UTF-8?q?pport=20for=20setting=20a=20=E2=80=98CERTPASS=E2=80=99=20proper?= =?UTF-8?q?ty=20(expected=20to=20be=20the=20password=20needed=20by=20?= =?UTF-8?q?=E2=80=98SecPKCS12Import=E2=80=99).?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../SqueakSSL/include/common/SqueakSSL.h | 1 + .../plugins/SqueakSSL/src/osx/sqMacSSL.c | 68 +++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/extracted/plugins/SqueakSSL/include/common/SqueakSSL.h b/extracted/plugins/SqueakSSL/include/common/SqueakSSL.h index 51928eb55d..20ab4608a0 100644 --- a/extracted/plugins/SqueakSSL/include/common/SqueakSSL.h +++ b/extracted/plugins/SqueakSSL/include/common/SqueakSSL.h @@ -60,6 +60,7 @@ #define SQSSL_PROP_PEERNAME 0 #define SQSSL_PROP_CERTNAME 1 #define SQSSL_PROP_SERVERNAME 2 +#define SQSSL_PROP_CERTPASS 3 /* sqCreateSSL: Creates a new SSL instance. Arguments: None. diff --git a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c index d385e68828..f910757c34 100644 --- a/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c +++ b/extracted/plugins/SqueakSSL/src/osx/sqMacSSL.c @@ -24,6 +24,7 @@ typedef struct sqSSL { char* certName; char* peerName; char* serverName; + char* certPass; SSLContextRef ctx; CFArrayRef certs; @@ -206,6 +207,62 @@ OSStatus sqSetupSSL(sqSSL* ssl, int isServer) } } + if (ssl->certName) { + size_t size = 128 * 1024; + char *buffer = malloc(size); + FILE *stream; + stream = fopen(ssl->certName, "rb"); + if (buffer == NULL || stream == NULL) + return SQSSL_GENERIC_ERROR; + size_t length = fread(buffer, sizeof(char), size, stream); + int error = !feof(stream) || ferror(stream); + fclose(stream); + if (error) { + free(buffer); + return SQSSL_GENERIC_ERROR; + } + CFDataRef data = CFDataCreate(kCFAllocatorDefault, (UInt8 *)buffer, length); + free(buffer); + if (data == NULL) + return SQSSL_GENERIC_ERROR; + + CFMutableDictionaryRef options = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + if (options == NULL) + return SQSSL_GENERIC_ERROR; + if (ssl->certPass != NULL) { + const CFStringRef password = CFStringCreateWithCString(kCFAllocatorDefault, ssl->certPass, kCFStringEncodingASCII); + if (password == NULL) { + CFRelease(options); + return SQSSL_GENERIC_ERROR; + } + CFDictionarySetValue(options, kSecImportExportPassphrase, password); + CFRelease(password); + } + + CFArrayRef items; + status = SecPKCS12Import(data, options, &items); + CFRelease(data); + CFRelease(options); + if (status != noErr) { + logStatus(status, "SecPKCS12Import failed"); + return status; + } + if (!(CFArrayGetCount(items) >= 1)) + return SQSSL_GENERIC_ERROR; + CFDictionaryRef item = CFArrayGetValueAtIndex(items, 0); + SecIdentityRef identity = (SecIdentityRef)CFDictionaryGetValue(item, kSecImportItemIdentity); + if (identity == NULL) + return SQSSL_GENERIC_ERROR; + CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, (const void **)&identity, 1, &kCFTypeArrayCallBacks); + + SSLSetCertificate(ssl->ctx, certs); + CFRelease(certs); + if (status != noErr) { + logStatus(status, "SSLSetCertificate failed"); + return status; + } + } + return status; } @@ -479,6 +536,10 @@ sqInt sqDestroySSL(sqInt handle) free(ssl->serverName); ssl->serverName = NULL; } + if (ssl->certPass) { + free(ssl->certPass); + ssl->certName = NULL; + } free(ssl); handleBuf[handle] = NULL; @@ -729,6 +790,7 @@ char* sqGetStringPropertySSL(sqInt handle, int propID) case SQSSL_PROP_PEERNAME: return ssl->peerName ? ssl->peerName : emptyString; case SQSSL_PROP_CERTNAME: return ssl->certName; case SQSSL_PROP_SERVERNAME: return ssl->serverName; + case SQSSL_PROP_CERTPASS: return ssl->certPass; default: logTrace("sqGetStringPropertySSL: Unknown property ID %d\n", propID); return NULL; @@ -774,6 +836,12 @@ sqInt sqSetStringPropertySSL(sqInt handle, int propID, char* propName, } ssl->serverName = property; break; + case SQSSL_PROP_CERTPASS: + if (ssl->certPass) { + free(ssl->certPass); + } + ssl->certPass = property; + break; default: if (property) { free(property);