talezero/integration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl now working under linux

Browse Source
This commit is contained in:
jyelon
2022-01-10 14:39:19 -05:00
parent 7d13a52740
commit c47e13691d
6 changed files with 286 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
luprex/core/cpp/driver-linux.cpp
View File

@@ -1,5 +1,8 @@
#include "driver.hpp"
#include "util.hpp"
#include "drivenengine.hpp"
#include "dummycert.hpp"
#include <map>
#include <vector>
#include <iostream>
@@ -25,7 +28,6 @@
using SOCKET=int;
const int INVALID_SOCKET = -1;
using SocketVector = std::vector<SOCKET>;
using PollVector = std::vector<struct pollfd>;
struct termios orig_termios;
@@ -55,13 +57,17 @@ static void enableRawMode() {
assert(status >= 0);
}
static std::string strerror_str(int err) {
char errbuf[256];
return strerror_r(errno, errbuf, 256);
}
SOCKET open_connection(const std::string &target, std::string &err) {
struct addrinfo *addrs = nullptr;
struct addrinfo *goodaddr = nullptr;
struct addrinfo hints;
SOCKET sock = INVALID_SOCKET;
std::string host, port;
char errbuf[1024];
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
@@ -69,7 +75,7 @@ SOCKET open_connection(const std::string &target, std::string &err) {
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = AI_NUMERICSERV;
err = "";
err.clear();
util::split_host_port(target, host, port);
int status = getaddrinfo(host.c_str(), port.c_str(), &hints, &addrs);
if (status != 0) {
@@ -95,7 +101,7 @@ SOCKET open_connection(const std::string &target, std::string &err) {
return sock;
error_errno:
err = strerror_r(errno, errbuf, 1024);
err = strerror_str(errno);
error:
if (sock != INVALID_SOCKET) close(sock);
if (addrs != nullptr) freeaddrinfo(addrs);
@@ -104,7 +110,7 @@ error:
SOCKET listen_on_port(int port, std::string &err) {
int status;
err = "";
err.clear();
SOCKET sock = socket(AF_INET, SOCK_STREAM, 0);
assert(sock > 0);
@@ -125,25 +131,17 @@ SOCKET listen_on_port(int port, std::string &err) {
return sock;
}
SocketVector accept_on_socket(SOCKET listen_socket) {
SocketVector result;
while (true) {
SOCKET chsock = accept(listen_socket, nullptr, nullptr);
if (chsock >= 0) {
set_nonblocking(chsock);
result.push_back(chsock);
} else {
if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) {
// Normal completion - we're out of incoming sockets.
return result;
} else if (errno == ECONNABORTED) {
// The remote disconnected before we had a chance to accept.
// Just pretend it never happened.
} else {
// Unexpected error.
assert(false);
}
SOCKET accept_on_socket(SOCKET listen_socket, std::string &err) {
err.clear();
SOCKET chsock = accept(listen_socket, nullptr, nullptr);
if (chsock >= 0) {
set_nonblocking(chsock);
return chsock;
} else {
if ((errno != EAGAIN) && (errno != EWOULDBLOCK) && (errno != ECONNABORTED)) {
err = strerror_str(errno);
}
return INVALID_SOCKET;
}
}
@@ -161,6 +159,46 @@ SSL_CTX *new_ssl_context(bool server_cert, bool root_certs, const std::string &r
return ctx;
}
std::string err_print_errors_str() {
BIO *bio = BIO_new(BIO_s_mem());
ERR_print_errors(bio);
char *buf;
size_t len = BIO_get_mem_data(bio, &buf);
std::string ret(buf, len);
BIO_free(bio);
return ret;
}
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
int ssl_ctx_use_certificate_str(SSL_CTX *ctx, const char *str) {
BIO *bio = BIO_new(BIO_s_mem());
BIO_puts(bio, str);
X509 *certificate = PEM_read_bio_X509(bio, NULL, NULL, NULL);
BIO_free(bio);
int status = SSL_CTX_use_certificate(ctx, certificate);
X509_free(certificate);
return status;
}
int ssl_ctx_use_privatekey_str(SSL_CTX *ctx, const char *str) {
BIO *bio = BIO_new(BIO_s_mem());
BIO_puts(bio, str);
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
BIO_free(bio);
int status = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
return status;
}
static void print_error_and_exit(const std::string &str) {
if (!str.empty()) {
std::cerr << "error: " << str << std::endl;
exit(1);
}
}
class MonoClock {
private:
struct timespec base_;
@@ -195,12 +233,10 @@ public:
CHAN_SSL_CONNECTING,
CHAN_SSL_ACCEPTING,
CHAN_SSL_READWRITE,
CHAN_SSL_SHUTDOWN
};
struct ChanInfo {
int chid;
SOCKET socket;
SSL_CTX *ssl_ctx;
SSL *ssl;
ChanState state;
@@ -212,11 +248,11 @@ public:
bool ready_on_pollin;
bool ready_on_pollout;
bool ready_on_outgoing;
int last_write_nbytes;
};
DrivenEngine *driven_;
std::vector<ChanInfo> chans_;
bool any_inactive_;
std::map<int, SOCKET> listen_sockets_;
std::unique_ptr<char[]> chbuf;
@@ -231,9 +267,9 @@ public:
if (listen_sockets_.find(port) == listen_sockets_.end()) {
std::string err;
SOCKET sock = listen_on_port(port, err);
if (sock != INVALID_SOCKET) {
listen_sockets_[port] = sock;
}
print_error_and_exit(err);
assert(sock != INVALID_SOCKET);
listen_sockets_[port] = sock;
}
}
}
@@ -252,11 +288,6 @@ public:
SSL_free(chan.ssl);
chan.ssl = nullptr;
}
// Close the SSL_CTX
if (chan.ssl_ctx != nullptr) {
SSL_CTX_free(chan.ssl_ctx);
chan.ssl_ctx = nullptr;
}
// Close the socket.
assert(chan.socket != INVALID_SOCKET);
assert(close(chan.socket) == 0);
@@ -273,21 +304,17 @@ public:
chan.ready_on_pollin = false;
chan.ready_on_pollout = false;
chan.ready_on_outgoing = false;
// Set global variables.
any_inactive_ = true;
chan.last_write_nbytes = 0;
}
void cleanup_channels() {
if (any_inactive_) {
for (int i = 0; i < int(chans_.size()); ) {
if (chans_[i].state == CHAN_INACTIVE) {
chans_[i] = chans_.back();
chans_.pop_back();
} else {
i += 1;
}
for (int i = 0; i < int(chans_.size()); ) {
if (chans_[i].state == CHAN_INACTIVE) {
chans_[i] = chans_.back();
chans_.pop_back();
} else {
i += 1;
}
any_inactive_ = false;
}
}
@@ -312,22 +339,25 @@ public:
}
}
ChanInfo make_channel(SOCKET sock, int chid, SSL_CTX *ctx, SSL *ssl, ChanState state) {
void make_channel(SOCKET sock, int chid, SSL_CTX *ctx, ChanState state) {
ChanInfo newchan;
newchan.chid = chid;
newchan.socket = sock;
newchan.ssl_ctx = ctx;
newchan.ssl = ssl;
newchan.ssl = SSL_new(ctx);
newchan.state = state;
newchan.nbytes = 0;
newchan.bytes = 0;
newchan.released = false;
newchan.just_released = false;
newchan.ready_now = true;
newchan.ready_now = false;
newchan.ready_on_pollin = false;
newchan.ready_on_pollout = false;
newchan.ready_on_pollout = true;
newchan.ready_on_outgoing = false;
return newchan;
newchan.last_write_nbytes = 0;
SSL_set_fd(newchan.ssl, newchan.socket);
// SSL_set_msg_callback(newchan.ssl, SSL_trace);
// SSL_set_msg_callback_arg(newchan.ssl, BIO_new_fp(stderr,0));
chans_.push_back(newchan);
}
void handle_new_outgoing_sockets() {
@@ -340,21 +370,19 @@ public:
driven_->drv_notify_close(chid, err);
} else {
//std::cerr << "Opening channel " << chid << std::endl;
SSL_CTX *ctx = nullptr;
SSL *ssl = SSL_new(ssl_ctx_with_no_certs_);
chans_.push_back(make_channel(sock, chid, ctx, ssl, CHAN_PLAINTEXT));
make_channel(sock, chid, ssl_ctx_with_no_certs_, CHAN_SSL_CONNECTING);
}
}
}
void accept_connections(int port, SOCKET sock) {
SocketVector sockets = accept_on_socket(sock);
for (SOCKET sock : sockets) {
std::string err;
SOCKET socket = accept_on_socket(sock, err);
print_error_and_exit(err);
if (socket != INVALID_SOCKET) {
int chid = driven_->drv_notify_accept(port);
// std::cerr << "Accepted channel " << chid << std::endl;
SSL_CTX *ctx = nullptr;
SSL *ssl = SSL_new(ssl_ctx_with_server_certs_);
chans_.push_back(make_channel(sock, chid, ctx, ssl, CHAN_PLAINTEXT));
make_channel(socket, chid, ssl_ctx_with_server_certs_, CHAN_SSL_ACCEPTING);
}
}
@@ -405,20 +433,80 @@ public:
chan.ready_on_pollin = true;
}
void process_ssl_error(ChanInfo &chan, int retval) {
int error = SSL_get_error(chan.ssl, retval);
// std::cerr << "SSL error code = " << error << " ";
if (error == SSL_ERROR_WANT_READ) {
chan.ready_on_pollin = true;
} else if (error == SSL_ERROR_WANT_WRITE) {
chan.ready_on_pollout = true;
} else {
close_channel(chan, err_print_errors_str());
}
}
void advance_ssl_connecting(ChanInfo &chan) {
assert(false);
// std::cerr << "In advance_ssl_connecting" << std::endl;
int retval = SSL_connect(chan.ssl);
if (retval == 1) {
// Connection successful.
chan.state = CHAN_SSL_READWRITE;
chan.ready_now = true;
} else {
// std::cerr << "ssl_connect_error";
process_ssl_error(chan, retval);
}
}
void advance_ssl_accepting(ChanInfo &chan) {
assert(false);
// std::cerr << "In advance_ssl_accepting" << std::endl;
int retval = SSL_accept(chan.ssl);
if (retval == 1) {
// Connection successful.
chan.state = CHAN_SSL_READWRITE;
chan.ready_now = true;
} else {
process_ssl_error(chan, retval);
}
}
void advance_ssl_readwrite(ChanInfo &chan) {
assert(false);
}
void advance_ssl_shutdown(ChanInfo &chan) {
assert(false);
// std::cerr << "In advance_ssl_readwrite" << std::endl;
// Try to read data.
int read_result = SSL_read(chan.ssl, chbuf.get(), 65536);
if (read_result > 0) {
driven_->drv_recv_incoming(chan.chid, read_result, chbuf.get());
chan.ready_now = true;
} else {
process_ssl_error(chan, read_result);
if (chan.state == CHAN_INACTIVE) return;
}
// Try to write data.
int wbytes;
if (chan.last_write_nbytes > 0) {
wbytes = chan.last_write_nbytes;
assert(wbytes < chan.nbytes);
} else {
wbytes = chan.nbytes;
if (wbytes > 65536) wbytes = 65536;
}
if (wbytes > 0) {
int write_result = SSL_write(chan.ssl, chan.bytes, wbytes);
if (write_result > 0) {
driven_->drv_sent_outgoing(chan.chid, write_result);
chan.last_write_nbytes = 0;
chan.ready_on_outgoing = true;
} else {
chan.last_write_nbytes = wbytes;
process_ssl_error(chan, write_result);
if (chan.state == CHAN_INACTIVE) return;
}
} else {
chan.ready_on_outgoing = true;
}
// std::cerr << "rpi=" << chan.ready_on_pollin << ".rpo=" << chan.ready_on_pollout << ".rn=" << chan.ready_now << ".rog=" << chan.ready_on_outgoing << " ";
}
void advance_channel(ChanInfo &chan) {
@@ -435,9 +523,6 @@ public:
case CHAN_SSL_READWRITE:
advance_ssl_readwrite(chan);
break;
case CHAN_SSL_SHUTDOWN:
advance_ssl_shutdown(chan);
break;
default:
assert(false);
break;
@@ -477,7 +562,7 @@ public:
if (chan.ready_on_pollin) pfd.events |= POLLIN;
if (chan.ready_on_pollout) pfd.events |= POLLOUT;
if (chan.ready_on_outgoing && (chan.nbytes > 0)) pfd.events |= POLLOUT;
// std::cerr << "evt=" << pfd.events << " ";
// std::cerr << "evt=" << pfd.events << ".nb=" << chan.nbytes << " ";
}
struct pollfd &stdiopoll = pollvec[index++];
stdiopoll.fd = 0;
@@ -521,13 +606,25 @@ public:
}
void drive(DrivenEngine *de, int argc, char *argv[]) {
SSL_load_error_strings();
ERR_load_crypto_strings();
enableRawMode();
driven_ = de;
any_inactive_ = false;
chbuf.reset(new char[65536]);
ssl_ctx_with_root_certs_ = new_ssl_context(false, true, "");
ssl_ctx_with_server_certs_ = new_ssl_context(true, false, "");
ssl_ctx_with_no_certs_ = new_ssl_context(false, false, "");
if (ssl_ctx_use_certificate_str(ssl_ctx_with_server_certs_, dummycert::certificate) <= 0) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (ssl_ctx_use_privatekey_str(ssl_ctx_with_server_certs_, dummycert::privatekey) <= 0 ) {
ERR_print_errors_fp(stderr);
exit(1);
}
DrivenEngine::set(de);
driven_->drv_set_lua_source(util::read_lua_source("lua"));
driven_->drv_invoke_event_init(argc, argv);