X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsslUtil.cpp;h=cc80916138b555c4a0718a1b609b34eae102ff38;hb=c51272489a64903f976c6d502fd79925cb537d9b;hp=d0710e0a837d8d297dd343f37b1796f18d362e0f;hpb=98a544751a65db8c606ee1878fe157ba7c5191ab;p=cassiopeia.git

diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp
index d0710e0..cc80916 100644
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -17,15 +17,14 @@ std::shared_ptr<int> ssl_lib_ref(
         CRYPTO_cleanup_all_ex_data();
     } );
 
-std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
-    FILE* f = fopen( filename.c_str(), "r" );
+std::shared_ptr<X509> loadX509FromFile( const std::string& filename ) {
+    std::shared_ptr<FILE> f( fopen( filename.c_str(), "r" ), fclose );
 
     if( !f ) {
         return std::shared_ptr<X509>();
     }
 
-    X509* key = PEM_read_X509( f, NULL, NULL, 0 );
-    fclose( f );
+    X509* key = PEM_read_X509( f.get(), NULL, NULL, 0 );
 
     if( !key ) {
         return std::shared_ptr<X509>();
@@ -38,15 +37,18 @@ std::shared_ptr<X509> loadX509FromFile( std::string filename ) {
         } );
 }
 
-std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename ) {
-    FILE* f = fopen( filename.c_str(), "r" );
+std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename ) {
+    std::shared_ptr<FILE> f( fopen( filename.c_str(), "r" ), []( FILE * ptr ) {
+        if( ptr ) {
+            fclose( ptr );
+        }
+    } );
 
     if( !f ) {
         return std::shared_ptr<EVP_PKEY>();
     }
 
-    EVP_PKEY* key = PEM_read_PrivateKey( f, NULL, NULL, 0 );
-    fclose( f );
+    EVP_PKEY* key = PEM_read_PrivateKey( f.get(), NULL, NULL, 0 );
 
     if( !key ) {
         return std::shared_ptr<EVP_PKEY>();
@@ -94,7 +96,9 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
     SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
     SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
     SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
-    SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
+    if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) {
+        throw "Cannot load CA store for certificate validation.";
+    }
 
     if( server ) {
         STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
@@ -106,11 +110,10 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
         }
 
         if( !dh_param ) {
-            FILE* paramfile = fopen( "dh_param.pem", "r" );
+            std::shared_ptr<FILE> paramfile( fopen( "dh_param.pem", "r" ), fclose );
 
             if( paramfile ) {
-                dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
-                fclose( paramfile );
+                dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile.get(), NULL, NULL, NULL ), DH_free );
             } else {
                 dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
                 std::cout << "Generating DH params" << std::endl;
@@ -124,11 +127,10 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
                 }
 
                 std::cout << std::endl;
-                paramfile = fopen( "dh_param.pem", "w" );
+                paramfile = std::shared_ptr<FILE>( fopen( "dh_param.pem", "w" ), fclose );
 
                 if( paramfile ) {
-                    PEM_write_DHparams( paramfile, dh_param.get() );
-                    fclose( paramfile );
+                    PEM_write_DHparams( paramfile.get(), dh_param.get() );
                 }
             }
         }
@@ -141,10 +143,10 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
     return ctx;
 }
 
-void setupSerial( FILE* f ) {
+void setupSerial( std::shared_ptr<FILE> f ) {
     struct termios attr;
 
-    if( tcgetattr( fileno( f ), &attr ) ) {
+    if( tcgetattr( fileno( f.get() ), &attr ) ) {
         throw "failed to get attrs";
     }
 
@@ -157,13 +159,13 @@ void setupSerial( FILE* f ) {
     cfsetispeed( &attr, B115200 );
     cfsetospeed( &attr, B115200 );
 
-    if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
+    if( tcsetattr( fileno( f.get() ), TCSANOW, &attr ) ) {
         throw "failed to get attrs";
     }
 }
 
-std::shared_ptr<BIO> openSerial( const std::string name ) {
-    FILE* f = fopen( name.c_str(), "r+" );
+std::shared_ptr<BIO> openSerial( const std::string& name ) {
+    std::shared_ptr<FILE> f( fopen( name.c_str(), "r+" ), fclose );
 
     if( !f ) {
         std::cout << "Opening serial device failed" << std::endl;
@@ -171,13 +173,14 @@ std::shared_ptr<BIO> openSerial( const std::string name ) {
     }
 
     setupSerial( f );
-    std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
-    return b;
+    return std::shared_ptr<BIO>(
+        BIO_new_fd( fileno( f.get() ), 0 ),
+        [f]( BIO* b ) {
+            BIO_free(b);
+        } );
 }
 
-CAConfig::CAConfig( std::string name ) {
-    this->name = name;
-    this->path = "ca/" + name;
+CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) {
     ca = loadX509FromFile( path + "/ca.crt" );
     caKey = loadPkeyFromFile( path + "/ca.key" );
     ASN1_TIME* tm = X509_get_notBefore( ca );