Optimize code for ssl

Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
2017-11-12 15:03:12 +08:00 · 2017-11-12 15:03:12 +08:00 · 7039de099d
parent 216cc95839
commit 7039de099d
3 changed files with 110 additions and 139 deletions
--- a/src/uhttp.h
+++ b/src/uhttp.h
@ -86,7 +86,9 @@ int uh_register_route(struct uh_server *srv, const char *path, uh_route_handler_
 struct uh_value *uh_get_url(struct uh_connection *con);
 struct uh_value *uh_get_header(struct uh_connection *con, const char *name);

+#if (UHTTP_SSL_ENABLED)
 /* Init ssl for the server */
 int uh_ssl_init(struct uh_server *srv, const char *cert, const char *key);
+#endif

 #endif
--- a/src/uhttp_ssl.c
+++ b/src/uhttp_ssl.c
@ -2,22 +2,11 @@
 #include <unistd.h>
 #include <sys/socket.h>

-#if (UHTTP_USE_OPENSSL)
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#elif (UHTTP_USE_CYASSL)
-#include <wolfssl/ssl.h>
-#endif
-
+#if (UHTTP_SSL_ENABLED)
 int uh_ssl_init(struct uh_server *srv, const char *cert, const char *key)
 {
-#if (UHTTP_USE_OPENSSL)
 	SSL_CTX *ctx = NULL;
-#elif (UHTTP_USE_CYASSL)
-	WOLFSSL_CTX *ctx = NULL;
-#endif

-#if (UHTTP_USE_OPENSSL)
 	SSL_library_init();

 	/* registers the error strings for all libssl functions */
@ -31,7 +20,7 @@ int uh_ssl_init(struct uh_server *srv, const char *cert, const char *key)
 	}

 	/* loads the first certificate stored in file into ctx */
-	if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) {
+	if (SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
 		uh_log_err("OpenSSL Error: loading certificate file failed");
 		goto err;
 	}
@ -43,64 +32,26 @@ int uh_ssl_init(struct uh_server *srv, const char *cert, const char *key)
 	 * certificate loaded into ctx. If more than one key/certificate 
 	 * pair (RSA/DSA) is installed, the last item installed will be checked.
 	 */
-	if (!SSL_CTX_use_RSAPrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) {
+	if (SSL_CTX_use_RSAPrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
 		uh_log_err("OpenSSL Error: loading key failed");
 		goto err;
 	}

-#elif (UHTTP_USE_CYASSL)
-	/* Initialize wolfSSL */
-	wolfSSL_Init();
-
-	/* Create the WOLFSSL_CTX */
-	ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
-	if (!ctx) {
-		uh_log_err("Failed to create wolfSSL context");
-		return -1;
-	}
-
-	/* Load server certificates into WOLFSSL_CTX */
-	if (wolfSSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) != SSL_SUCCESS) {
-		uh_log_err("wolfSSL Error: loading certificate file failed");
-		goto err;
-	}
-
-	/* Load keys */
-	if (wolfSSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) != SSL_SUCCESS){
-		uh_log_err("wolfSSL Error: loading key failed");
-		goto err;
-	}
-
-#endif
-
-#if (UHTTP_SSL_ENABLED)
 	srv->ssl_ctx = ctx;
-#endif
 	return 0;
-#if (UHTTP_SSL_ENABLED)
+	
 err:
-#if (UHTTP_USE_OPENSSL)
 	SSL_CTX_free(ctx);
-#elif (UHTTP_USE_CYASSL)
-	wolfSSL_CTX_free(ctx);
-	wolfSSL_Cleanup();
-#endif
-#endif
-
 	return -1;
 }
+#endif

 void uh_ssl_ctx_free(struct uh_server *srv)
 {
 #if (UHTTP_SSL_ENABLED)
 	if (!srv->ssl_ctx)
 		return;
-#endif
-
-#if (UHTTP_USE_OPENSSL)
 	SSL_CTX_free(srv->ssl_ctx);
-#elif (UHTTP_USE_CYASSL)
-	wolfSSL_CTX_free(srv->ssl_ctx);
 #endif
 }

@ -109,14 +60,8 @@ void uh_ssl_free(struct uh_connection *con)
 #if (UHTTP_SSL_ENABLED)
 	if (!con->ssl)
 		return;
-#endif
-
-#if (UHTTP_USE_OPENSSL)
 	SSL_shutdown(con->ssl);
 	SSL_free(con->ssl);
-#elif (UHTTP_USE_CYASSL)
-	wolfSSL_shutdown(con->ssl);
-	wolfSSL_free(con->ssl);
 #endif
 }

@ -124,13 +69,18 @@ void uh_ssl_free(struct uh_connection *con)
 static int uh_ssl_err(struct uh_connection *con, int ret, const char *fun)
 {
 	int err;
-#if (UHTTP_USE_OPENSSL)
-	
 	err = SSL_get_error(con->ssl, ret);
 	if (err == SSL_ERROR_ZERO_RETURN || ERR_peek_error()) {
 		con->flags |= UH_CON_CLOSE;
 		return 0;
 	}
+	
+#if (UHTTP_USE_OPENSSL)
+	if (ret == 0) {
+		con->flags |= UH_CON_CLOSE;
+		return 0;
+	}
+#endif

 	if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE)
 		return -1;
@ -145,26 +95,6 @@ static int uh_ssl_err(struct uh_connection *con, int ret, const char *fun)
 	con->flags |= UH_CON_CLOSE;
 	uh_log_err("%s() Error: %s", fun, ERR_reason_error_string(err));
 	
-#elif (UHTTP_USE_CYASSL)
-	err = wolfSSL_get_error(con->ssl, ret);
-	if (ret == 0 || err == SSL_ERROR_ZERO_RETURN || wolfSSL_ERR_peek_error()) {
-		con->flags |= UH_CON_CLOSE;
-		return 0;
-	}
-
-	if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE)
-		return -1;
-
-	if (err == SSL_ERROR_SYSCALL) {
-		if (errno > 0)
-			uh_log_err("%s", fun);
-		con->flags |= UH_CON_CLOSE;
-		return -1;
-	}
-
-	con->flags |= UH_CON_CLOSE;
-	uh_log_err("%s() Error: %s", fun, wolfSSL_ERR_reason_error_string(err));
-#endif
 	return -1;
 }
 #endif
@ -175,25 +105,12 @@ int uh_ssl_read(struct uh_connection *con, void *buf, int count)
 #if (UHTTP_SSL_ENABLED)
 	if (!con->ssl)
 		goto no_ssl;
-#endif

-#if (UHTTP_USE_OPENSSL)
 	ret = SSL_read(con->ssl, buf, count);
 	if (ret > 0)
 		return ret;

 	return uh_ssl_err(con, ret, "SSL_read");
-	
-#elif (UHTTP_USE_CYASSL)
-	ret = wolfSSL_read(con->ssl, buf, count);
-	if (ret > 0)
-		return ret;
-
-	return uh_ssl_err(con, ret, "wolfSSL_read");
-
-#endif
-
-#if (UHTTP_SSL_ENABLED)
 no_ssl:
 #endif
 	ret = read(con->sock, buf, count);
@ -215,24 +132,13 @@ int uh_ssl_write(struct uh_connection *con, void *buf, int count)
 #if (UHTTP_SSL_ENABLED)
 	if (!con->ssl)
 		goto no_ssl;
-#endif
-	
-#if (UHTTP_USE_OPENSSL)
+
 	ret = SSL_write(con->ssl, buf, count);
 	if (ret > 0)
 		return ret;

 	return uh_ssl_err(con, ret, "SSL_write");
-	
-#elif (UHTTP_USE_CYASSL)
-	ret = wolfSSL_write(con->ssl, buf, count);
-	if (ret > 0)
-		return ret;
-	return uh_ssl_err(con, ret, "wolfSSL_write");
-#endif
-
-#if (UHTTP_SSL_ENABLED)
-	no_ssl:
+no_ssl:
 #endif
 	ret = write(con->sock, buf, count);
 	if (ret <= 0) {
@ -263,58 +169,32 @@ int uh_ssl_accept(struct uh_connection *con)
 #if (UHTTP_SSL_ENABLED)
 	if (!srv->ssl_ctx)
 		return sock;
-#endif

-#if (UHTTP_USE_OPENSSL)
 	con->ssl = SSL_new(srv->ssl_ctx);
 	if (!con->ssl)
 		return -1;
-	
+		
 	if (!SSL_set_fd(con->ssl, sock)) {
 		uh_log_err("SSL_set_fd() failed");
 		return -1;
 	}
-
-	SSL_set_accept_state(con->ssl);
 	
-#elif (UHTTP_USE_CYASSL)
-	con->ssl = wolfSSL_new(srv->ssl_ctx);
-	if (!con->ssl)
-		return -1;
-
-	if (wolfSSL_set_fd(con->ssl, sock) != SSL_SUCCESS) {
-		uh_log_err("wolfSSL_set_fd() failed");
-		return -1;
-	}
-
-	wolfSSL_set_accept_state(con->ssl);
+	SSL_set_accept_state(con->ssl);
 #endif
-
+	
 	return sock;
 }

 void uh_ssl_handshake(struct uh_connection *con)
 {
 #if (UHTTP_SSL_ENABLED)
-	int ret;
-#if (UHTTP_USE_OPENSSL)
-	ret = SSL_do_handshake(con->ssl);
+	int ret = SSL_accept(con->ssl);
 	if (ret == 1) {
 		con->flags |= UH_CON_SSL_HANDSHAKE_DONE;
 		return;
 	}

-	uh_ssl_err(con, ret, "SSL_do_handshake");
-	
-#elif (UHTTP_USE_CYASSL)
-	ret = wolfSSL_accept(con->ssl);
-	if (ret == SSL_SUCCESS) {
-		con->flags |= UH_CON_SSL_HANDSHAKE_DONE;
-		return;
-	}
-
-	uh_ssl_err(con, ret, "wolfSSL_SSL_do_handshake");
-#endif
+	uh_ssl_err(con, ret, "SSL_accept");
 #endif
 }

--- a/src/uhttp_ssl.h
+++ b/src/uhttp_ssl.h
@ -3,6 +3,95 @@

 #include "uhttp_internal.h"

+#if (UHTTP_USE_OPENSSL)
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#ifndef SSL_SUCCESS
+#define SSL_SUCCESS	1
+#endif
+
+#elif (UHTTP_USE_CYASSL)
+#include <wolfssl/ssl.h>
+
+#ifndef SSL_CTX
+#define SSL_CTX WOLFSSL_CTX
+#endif
+
+#ifndef SSL_library_init
+#define SSL_library_init wolfSSL_library_init
+#endif
+
+#ifndef SSL_load_error_strings
+#define SSL_load_error_strings wolfSSL_library_init
+#endif
+
+#ifndef SSLv23_server_method
+#define SSLv23_server_method wolfSSLv23_server_method
+#endif
+
+#ifndef SSL_CTX_new
+#define SSL_CTX_new wolfSSL_CTX_new
+#endif
+
+#ifndef SSL_CTX_free
+#define SSL_CTX_free(ssl) do {wolfSSL_CTX_free(ssl);wolfSSL_Cleanup();} while(0)
+#endif
+
+#ifndef SSL_CTX_use_certificate_file
+#define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file
+#endif
+
+#ifndef SSL_CTX_use_RSAPrivateKey_file
+#define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_PrivateKey_file
+#endif
+
+#ifndef SSL_shutdown
+#define SSL_shutdown wolfSSL_shutdown
+#endif
+
+#ifndef SSL_free
+#define SSL_free wolfSSL_free
+#endif
+
+#ifndef SSL_accept
+#define SSL_accept wolfSSL_accept
+#endif
+
+#ifndef SSL_new
+#define SSL_new wolfSSL_new
+#endif
+
+#ifndef SSL_set_fd
+#define SSL_set_fd wolfSSL_set_fd
+#endif
+
+#ifndef SSL_set_accept_state
+#define SSL_set_accept_state wolfSSL_set_accept_state
+#endif
+
+#ifndef SSL_write
+#define SSL_write wolfSSL_write
+#endif
+
+#ifndef SSL_read
+#define SSL_read wolfSSL_read
+#endif
+
+#ifndef SSL_get_error
+#define SSL_get_error wolfSSL_get_error
+#endif
+
+#ifndef ERR_reason_error_string
+#define ERR_reason_error_string wolfSSL_ERR_reason_error_string
+#endif
+
+#ifndef ERR_peek_error
+#define ERR_peek_error wolfSSL_ERR_peek_error
+#endif
+
+#endif
+
 void uh_ssl_ctx_free(struct uh_server *srv);
 void uh_ssl_free(struct uh_connection *con);
 int uh_ssl_read(struct uh_connection *con, void *buf, int count);