From e914bd7cac4990c3596bc21956943221a8e84d9b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Mon, 29 Dec 2014 20:20:33 +0100 Subject: [PATCH] fix: clean SSL shutdown, reset, allowing deamon operation --- src/apps/client.cpp | 16 ++++++++++----- src/apps/signer.cpp | 11 +++++----- src/recordHandler.cpp | 14 ++++++++----- src/remoteSigner.cpp | 11 ++++++++++ src/slipBio.cpp | 48 +++++++++++++++++++++++++++++++------------ 5 files changed, 71 insertions(+), 29 deletions(-) diff --git a/src/apps/client.cpp b/src/apps/client.cpp index fabd221..8ed2ca4 100644 --- a/src/apps/client.cpp +++ b/src/apps/client.cpp @@ -50,11 +50,11 @@ int main( int argc, const char* argv[] ) { std::string path; - if( DAEMON ) { - path = "/etc/cacert/cassiopeia/cassiopeia.conf"; - } else { - path = "config.txt"; - } +#ifdef NDEBUG + path = "/etc/cacert/cassiopeia/cassiopeia.conf"; +#else + path = "config.txt"; +#endif if( parseConfig( path ) != 0 ) { return -1; @@ -95,6 +95,12 @@ int main( int argc, const char* argv[] ) { std::cout << cert->csr_content << " content " << std::endl; std::shared_ptr res = sign->sign( cert ); + + if( !res ) { + std::cout << "Error no cert came back." << std::endl; + continue; + } + std::cout << "did it!" << res->certificate << std::endl; std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate ); res->crt_name = fn; diff --git a/src/apps/signer.cpp b/src/apps/signer.cpp index 1e1a589..ec85009 100644 --- a/src/apps/signer.cpp +++ b/src/apps/signer.cpp @@ -30,12 +30,11 @@ int main( int argc, const char* argv[] ) { std::string path; - if( DAEMON ) { - path = "/etc/cacert/cassiopeia/cassiopeia.conf"; - } else { - path = "config.txt"; - } - +#ifdef NDEBUG + path = "/etc/cacert/cassiopeia/cassiopeia.conf"; +#else + path = "config.txt"; +#endif if( parseConfig( path ) != 0 ) { return -1; diff --git a/src/recordHandler.cpp b/src/recordHandler.cpp index f259fba..7412b0c 100644 --- a/src/recordHandler.cpp +++ b/src/recordHandler.cpp @@ -29,7 +29,7 @@ public: std::shared_ptr tbs; std::shared_ptr result; - SSL* ssl; + std::shared_ptr ssl; std::shared_ptr io; DefaultRecordHandler* parent; @@ -40,15 +40,15 @@ public: this->parent = parent; this->signer = signer; - ssl = SSL_new( ctx.get() ); + ssl = std::shared_ptr( SSL_new( ctx.get() ), SSL_free ); std::shared_ptr bio( BIO_new( BIO_f_ssl() ), [output]( BIO * p ) { BIO_free( p ); } ); - SSL_set_accept_state( ssl ); - SSL_set_bio( ssl, output.get(), output.get() ); - BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE ); + SSL_set_accept_state( ssl.get() ); + SSL_set_bio( ssl.get(), output.get(), output.get() ); + BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE ); io = std::shared_ptr( new OpensslBIOWrapper( bio ) ); } @@ -146,6 +146,10 @@ public: respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate ); } + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { + std::cout << "SSL close failed" << std::endl; + } + break; default: diff --git a/src/remoteSigner.cpp b/src/remoteSigner.cpp index 5d04903..a17f515 100644 --- a/src/remoteSigner.cpp +++ b/src/remoteSigner.cpp @@ -18,6 +18,8 @@ void RemoteSigner::send( std::shared_ptr bio, RecordHeader& h } std::shared_ptr RemoteSigner::sign( std::shared_ptr cert ) { + ( void )BIO_reset( target.get() ); + std::shared_ptr ssl( SSL_new( ctx.get() ), SSL_free ); std::shared_ptr bio( BIO_new( BIO_f_ssl() ), BIO_free ); SSL_set_connect_state( ssl.get() ); @@ -64,6 +66,11 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrread( buffer.data(), buffer.size() ); + + if( length == -1 ) { + return std::shared_ptr(); + } + RecordHeader head; std::string payload = parseCommand( head, std::string( buffer.data(), length ) ); @@ -82,6 +89,10 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr target ) { SlipBIO::~SlipBIO() {} int SlipBIO::write( const char* buf, int num ) { +#ifdef SLIP_IO_DEBUG std::cout << "Out: " << toHex( buf, num ) << std::endl; +#endif + int badOnes = 0; for( int i = 0; i < num; i++ ) { - if( ( buf[i] == ( char )0xc0 ) || ( buf[i] == ( char )0xDB ) ) { + if( ( buf[i] == SLIP_PACKET ) || ( buf[i] == SLIP_ESCAPE_CHAR ) ) { badOnes++; } } @@ -79,21 +85,19 @@ int SlipBIO::write( const char* buf, int num ) { std::shared_ptr t = std::shared_ptr( targetPtr, free ); int j = 0; - //targetPtr[j++] = (char)0xC0; - for( int i = 0; i < num; i++ ) { - if( buf[i] == ( char )0xc0 ) { - targetPtr[j++] = ( char )0xDB; + if( buf[i] == SLIP_PACKET ) { + targetPtr[j++] = SLIP_ESCAPE_CHAR; targetPtr[j++] = ( char )0xDC; - } else if( buf[i] == ( char )0xDB ) { - targetPtr[j++] = ( char )0xDB; + } else if( buf[i] == SLIP_ESCAPE_CHAR ) { + targetPtr[j++] = SLIP_ESCAPE_CHAR; targetPtr[j++] = ( char )0xDD; } else { targetPtr[j++] = buf[i]; } } - targetPtr[j++] = ( char )0xC0; + targetPtr[j++] = SLIP_PACKET; int sent = 0; while( sent < j ) { @@ -153,6 +157,10 @@ int SlipBIO::read( char* buf, int size ) { packageLeft = false; } +#ifdef SLIP_IO_DEBUG + std::cout << "in: " << toHex( buf, len ) << std::endl; +#endif + return len; } @@ -160,7 +168,17 @@ long SlipBIO::ctrl( int cmod, long arg1, void* arg2 ) { ( void ) cmod; ( void ) arg1; ( void ) arg2; - std::cout << "SLIP crtl: " << cmod << std::endl; + + if( cmod == BIO_CTRL_RESET ) { + char resetSequence[] = {SLIP_ESCAPE_CHAR, 0, SLIP_PACKET}; + target->write( resetSequence, 3 ); + decodePos = 0; + decodeTarget = 0; + rawPos = 0; + std::cout << "resetting SLIP" << std::endl; + return 0; + } + return target->ctrl( cmod, arg1, arg2 ); } @@ -172,7 +190,7 @@ bool SlipBIO::unmask() { unsigned int j = decodeTarget; for( unsigned int i = decodePos; i < rawPos; i++ ) { - if( buffer[i] == ( char ) 0xDB ) { + if( buffer[i] == SLIP_ESCAPE_CHAR ) { i++; if( i >= rawPos ) { @@ -182,16 +200,20 @@ bool SlipBIO::unmask() { rawPos = decodePos + 1; return 0;// no packet } else if( buffer[i] == ( char )0xdc ) { - buffer[j++] = ( char ) 0xc0; + buffer[j++] = SLIP_PACKET; } else if( buffer[i] == ( char )0xdd ) { - buffer[j++] = ( char ) 0xdb; + buffer[j++] = SLIP_ESCAPE_CHAR; + } else if( buffer[i] == SLIP_PACKET ) { + failed = true; + i--; + continue; } else { decodeTarget = 0; failed = true; // failed package // error } - } else if( buffer[i] == ( char ) 0xc0 ) { + } else if( buffer[i] == SLIP_PACKET ) { decodePos = i + 1; decodeTarget = j; -- 2.39.5