From 0e129180e36942987ec252bb27e256718657f8ba Mon Sep 17 00:00:00 2001 From: malloc Date: Wed, 19 Sep 2018 16:37:38 -0500 Subject: [PATCH] secure boob --- src/server/sock/tcpsock.hpp | 2 ++ src/server/sock/tcpsock_bsd.cpp | 51 ++++++++++++++++----------------- src/server/sock/tcpsock_ssl.cpp | 48 +++++++++++++++++++++++++++++++ src/server/sock/tcpsock_win.cpp | 6 +++- 4 files changed, 79 insertions(+), 28 deletions(-) create mode 100644 src/server/sock/tcpsock_ssl.cpp diff --git a/src/server/sock/tcpsock.hpp b/src/server/sock/tcpsock.hpp index a073500..2bf9c4d 100644 --- a/src/server/sock/tcpsock.hpp +++ b/src/server/sock/tcpsock.hpp @@ -32,6 +32,8 @@ #include #include #include + +#include "common.hpp" #include "utils/net.hpp" #include "utils/string.hpp" diff --git a/src/server/sock/tcpsock_bsd.cpp b/src/server/sock/tcpsock_bsd.cpp index 0f40fb1..42a1ff8 100644 --- a/src/server/sock/tcpsock_bsd.cpp +++ b/src/server/sock/tcpsock_bsd.cpp @@ -1,32 +1,8 @@ #include "tcpsock.hpp" +#include "tcpsock_ssl.cpp" #ifndef _WIN32 -static struct { - SSL_CTX* ssl_server; - SSL_CTX* ssl_client; - std::mutex ssl_mtx; -} _ssl_ctx; - -static bool ssl_init() { - static bool is_inited = false; - if(is_inited) return true; - - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); - - _ssl_ctx.ssl_server = SSL_CTX_new(SSLv23_server_method()); - if(!_ssl_ctx.ssl_server) - return false; - - _ssl_ctx.ssl_client = SSL_CTX_new(SSLv23_client_method()); - if(!_ssl_ctx.ssl_client) - return false; - - is_inited = true; - return true; -} - /****************************/ /* BEGIN TCPCLIENT CODE */ /****************************/ @@ -34,9 +10,12 @@ static bool ssl_init() { sosc::TcpClient::TcpClient() { this->sock_open = false; this->addr_len = -1; + this->ssl = nullptr; } bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) { + if(secure && !ssl_init()) + return false; if(this->sock_open) return false; @@ -68,19 +47,37 @@ bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) { freeaddrinfo(results); if(this->sock < 0) return false; - + this->sock_open = true; + + if(!secure) + this->ssl = nullptr; + else { + _ssl_ctx.client_mtx.lock(); + this->ssl = SSL_new(_ssl_ctx.client); + _ssl_ctx.client_mtx.lock(); + + SSL_set_fd(this->ssl, this->sock); + if(SSL_connect(this->ssl) != 1) { + SSL_free(this->ssl); + this->Close(); + return false; + } + } + return true; } void sosc::TcpClient::Open - (SOSC_SOCK_T sock, SOSC_ADDR_T addr, int addr_len) + (SOSC_SOCK_T sock, SOSC_ADDR_T addr, int addr_len, bool secure) { if(this->sock_open) return; this->sock = sock; this->sock_open = true; + if(!secure) + this->ssl = nullptr; this->addr = addr; this->addr_len = addr_len; diff --git a/src/server/sock/tcpsock_ssl.cpp b/src/server/sock/tcpsock_ssl.cpp new file mode 100644 index 0000000..6877878 --- /dev/null +++ b/src/server/sock/tcpsock_ssl.cpp @@ -0,0 +1,48 @@ +#include "tcpsock.hpp" + +static struct { + SSL_CTX* server; + std::mutex server_mtx; + + SSL_CTX* client; + std::mutex client_mtx; +} _ssl_ctx; + +static bool ssl_init() { + static bool is_inited = false; + if(is_inited) return true; + + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + + _ssl_ctx.server = SSL_CTX_new(SSLv23_server_method()); + if(!_ssl_ctx.server) + return false; + + _ssl_ctx.client = SSL_CTX_new(SSLv23_client_method()); + if(!_ssl_ctx.client) + return false; + + SSL_CTX_set_ecdh_auto(_ssl_ctx.server, 1); + SSL_CTX_set_ecdh_auto(_ssl_ctx.client, 1); + + int success = 0; + success |= SSL_CTX_use_certificate_file( + _ssl_ctx.server, + SOSC_RESC("ssl/cert.pem").c_str(), + SSL_FILETYPE_PEM + ); + success |= SSL_CTX_use_certificate_file( + _ssl_ctx.server, + SOSC_RESC("ssl/key.pem").c_str(), + SSL_FILETYPE_PEM + ); + if(success <= 0) { + SSL_CTX_free(_ssl_ctx.client); + SSL_CTX_free(_ssl_ctx.server); + return false; + } + + is_inited = true; + return true; +} \ No newline at end of file diff --git a/src/server/sock/tcpsock_win.cpp b/src/server/sock/tcpsock_win.cpp index 362d871..158c674 100644 --- a/src/server/sock/tcpsock_win.cpp +++ b/src/server/sock/tcpsock_win.cpp @@ -1,4 +1,6 @@ #include "tcpsock.hpp" +#include "tcpsock_ssl.cpp" + #ifdef _WIN32 static void init_wsa() { @@ -22,7 +24,9 @@ sosc::TcpClient::TcpClient() { this->addr_len = -1; } -bool sosc::TcpClient::Open(std::string host, std::uint16_t port) { +bool sosc::TcpClient::Open(std::string host, std::uint16_t port, bool secure) { + if(secure && !ssl_init()) + return false; if(this->sock_open) return false;