gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

变更ssl.cpp为ssl_utils.cpp,修正了编译错误,整体编译通过。

Browse Source
This commit is contained in:
Lu Qiuwen
2018-08-28 15:25:09 +08:00
parent 8869f1888c
commit e9ebe512c7
8 changed files with 2160 additions and 2422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
platform/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp src/ssl_sess_cache.cpp add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp src/ssl_sess_cache.cpp src/ssl_utils.cc
src/tcp_stream.cpp src/main.cpp src/proxy.cpp) src/tcp_stream.cpp src/main.cpp src/proxy.cpp)
target_include_directories(tfe PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/external) target_include_directories(tfe PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/external)
@@ -7,4 +7,3 @@ target_include_directories(tfe PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/interna
target_link_libraries(tfe common) target_link_libraries(tfe common)
target_link_libraries(tfe pthread dl openssl-ssl-static openssl-crypto-static pthread libevent-static target_link_libraries(tfe pthread dl openssl-ssl-static openssl-crypto-static pthread libevent-static
libevent-static-openssl libevent-static-pthreads MESA_handle_logger MESA_prof_load MESA_htable wiredcfg) libevent-static-openssl libevent-static-pthreads MESA_handle_logger MESA_prof_load MESA_htable wiredcfg)

2
platform/include/internal/ssl.h → platform/include/internal/ssl_utils.h
View File

@@ -142,7 +142,7 @@ void ssl_key_refcount_inc(EVP_PKEY *);
int ssl_key_identifier_sha1(EVP_PKEY *, unsigned char *); int ssl_key_identifier_sha1(EVP_PKEY *, unsigned char *);
char * ssl_key_identifier(EVP_PKEY *, int); char * ssl_key_identifier(EVP_PKEY *, int);
int ssl_x509_v3ext_add(X509V3_CTX *, X509 *, char *, char *); int ssl_x509_v3ext_add(X509V3_CTX * ctx, X509 * crt, const char * k, const char * v);
int ssl_x509_v3ext_copy_by_nid(X509 *, X509 *, int); int ssl_x509_v3ext_copy_by_nid(X509 *, X509 *, int);
int ssl_x509_serial_copyrand(X509 *, X509 *); int ssl_x509_serial_copyrand(X509 *, X509 *);

29
platform/src/key_keeper.cpp
View File

@@ -1,6 +1,6 @@
#include <key_keeper.h> #include <key_keeper.h>
#include <string.h> #include <string.h>
#include <ssl.h> #include <ssl_utils.h>
struct key_keeper struct key_keeper
{ {
@@ -321,3 +321,30 @@ void cert_manager_free(cert_t * keyring)
return; return;
} }
#endif #endif
struct key_keeper * key_keeper_init(const char * profile, const char* section, void* logger)
{
return NULL;
}
struct key_keeper * key_keeper_destroy(struct key_keeper *keeper)
{
return NULL;
}
struct keyring* key_keeper_release_cert(future_result_t* result)
{
return NULL;
}
void key_keeper_free_keyring(struct keyring* cert)
{
return;
}
void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, int keyring_id,
X509 * origin_cert, int is_cert_valid, struct event_base * evbase)
{
return;
}

2376
platform/src/ssl.cc
View File

File diff suppressed because it is too large Load Diff

2
platform/src/ssl_sess_cache.cpp
View File

@@ -1,7 +1,7 @@
#include <assert.h> #include <assert.h>
#include <ssl_sess_cache.h> #include <ssl_sess_cache.h>
#include <ssl.h> #include <ssl_utils.h>
#include <MESA/MESA_htable.h> #include <MESA/MESA_htable.h>
#include <MESA/field_stat2.h> #include <MESA/field_stat2.h>

67
platform/src/ssl_stream.cpp
View File

@@ -29,7 +29,7 @@
#include <tfe_future.h> #include <tfe_future.h>
#include <key_keeper.h> #include <key_keeper.h>
#include <ssl_sess_cache.h> #include <ssl_sess_cache.h>
#include <ssl.h> #include <ssl_utils.h>
#include <platform.h> #include <platform.h>
#define SSL_EX_DATA_IDX_SSLMGR 0 #define SSL_EX_DATA_IDX_SSLMGR 0
@@ -37,19 +37,23 @@
struct ssl_mgr struct ssl_mgr
{ {
int sslcomp; unsigned int sslcomp;
int no_ssl2; unsigned int no_ssl2;
int no_ssl3; unsigned int no_ssl3;
int no_tls10; unsigned int no_tls10;
int no_tls11; unsigned int no_tls11;
int no_tls12; unsigned int no_tls12;
CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new
int sslversion; int sslversion;
char ssl_session_context[8]; char ssl_session_context[8];
int cache_slot_num;
int sess_expire_seconds; unsigned int cache_slot_num;
unsigned int sess_expire_seconds;
struct sess_cache * down_sess_cache; struct sess_cache * down_sess_cache;
struct sess_cache * up_sess_cache; struct sess_cache * up_sess_cache;
char default_ciphers[TFE_STRING_MAX]; char default_ciphers[TFE_STRING_MAX];
DH * dh; DH * dh;
char * ecdhcurve; char * ecdhcurve;
@@ -103,7 +107,7 @@ struct ssl_connect_origin_ctx
struct bufferevent * bev; struct bufferevent * bev;
struct ssl_stream * s_stream; struct ssl_stream * s_stream;
struct ssl_mgr * mgr; struct ssl_mgr * mgr;
struct sockaddr addr; struct sockaddr_storage addr;
socklen_t addrlen; socklen_t addrlen;
void * logger; void * logger;
@@ -290,18 +294,17 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
goto error_out; goto error_out;
} }
//tfe2a uses SSLv23_method, it was been deprecated and replaced with the TLS_method() in openssl 1.1.0. //tfe2a uses SSLv23_method, it was been deprecated and replaced with the TLS_method() in openssl 1.1.0.
mgr->sslmethod = TLS_method; mgr->sslmethod = TLS_method;
MESA_load_profile_int_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1); MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
MESA_load_profile_int_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1); MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
MESA_load_profile_int_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1); MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
MESA_load_profile_int_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1); MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1);
MESA_load_profile_int_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0); MESA_load_profile_uint_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0);
MESA_load_profile_int_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0); MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
MESA_load_profile_int_def(ini_profile, section, "session_cache_slot_num", &(mgr->cache_slot_num),
4 * 1024 * 1024); MESA_load_profile_uint_def(ini_profile, section, "session_cache_slot_num", &(mgr->cache_slot_num), 4 * 1024 * 1024);
MESA_load_profile_int_def(ini_profile, section, "session_cache_slot_num", &(mgr->sess_expire_seconds), 30 * 60); MESA_load_profile_uint_def(ini_profile, section, "session_cache_slot_num", &(mgr->sess_expire_seconds), 30 * 60);
mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM); mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM); mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slot_num, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
@@ -564,7 +567,7 @@ void ssl_connect_origin_ctx_free(struct promise * p)
ssl_connect_origin_ctx_free(ctx); ssl_connect_origin_ctx_free(ctx);
} }
struct ssl_stream * ssl_conn_origin_result_release_stream(future_result_t * result) struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result)
{ {
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result; struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result;
struct ssl_stream * ret = ctx->s_stream; struct ssl_stream * ret = ctx->s_stream;
@@ -572,13 +575,12 @@ struct ssl_stream * ssl_conn_origin_result_release_stream(future_result_t * resu
return ret; return ret;
} }
struct bufferevent * ssl_conn_origin_result_release_bev(future_result_t * result) struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * result)
{ {
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result; struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) result;
struct bufferevent * ret = ctx->bev; struct bufferevent * ret = ctx->bev;
ctx->bev = NULL; //giveup ownership ctx->bev = NULL; //giveup ownership
return ret; return ret;
} }
/* /*
@@ -603,8 +605,8 @@ static void ssl_connect_origin_eventcb(struct bufferevent * bev, short events, v
{ {
bufferevent_setcb(ctx->bev, NULL, NULL, NULL, NULL); //leave a clean bev for on_success bufferevent_setcb(ctx->bev, NULL, NULL, NULL, NULL); //leave a clean bev for on_success
ssl_sess = SSL_get0_session(s_stream->ssl); ssl_sess = SSL_get0_session(s_stream->ssl);
up_session_set(s_stream->mgr->up_sess_cache, &(ctx->addr), ctx->addrlen, s_stream->client_hello->sni, up_session_set(s_stream->mgr->up_sess_cache, (struct sockaddr *)&(ctx->addr),
ssl_sess); ctx->addrlen, s_stream->client_hello->sni, ssl_sess);
promise_success(promise, ctx); promise_success(promise, ctx);
} }
else else
@@ -620,7 +622,7 @@ static void ssl_connect_origin_eventcb(struct bufferevent * bev, short events, v
static void peek_chello_on_succ(future_result_t * result, void * user) static void peek_chello_on_succ(future_result_t * result, void * user)
{ {
struct promise * p = (struct promise *) user; struct promise * p = (struct promise *) user;
struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) promise_dettach_ctx(p); struct ssl_connect_origin_ctx * ctx = (struct ssl_connect_origin_ctx *) promise_get_ctx(p);
struct ssl_chello * chello = ssl_peek_result_release_chello(result);//chello has been saved in ssl_stream. struct ssl_chello * chello = ssl_peek_result_release_chello(result);//chello has been saved in ssl_stream.
ctx->s_stream = ssl_stream_new(ctx->mgr, ctx->fd_upstream, CONN_DIR_UPSTREAM, chello, NULL); ctx->s_stream = ssl_stream_new(ctx->mgr, ctx->fd_upstream, CONN_DIR_UPSTREAM, chello, NULL);
@@ -628,7 +630,7 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
ctx->s_stream->ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS); ctx->s_stream->ssl, BUFFEREVENT_SSL_CONNECTING, BEV_OPT_DEFER_CALLBACKS);
bufferevent_openssl_set_allow_dirty_shutdown(ctx->bev, 1); bufferevent_openssl_set_allow_dirty_shutdown(ctx->bev, 1);
bufferevent_setcb(ctx->bev, NULL, NULL, ssl_connect_origin_eventcb, ctx); bufferevent_setcb(ctx->bev, NULL, NULL, ssl_connect_origin_eventcb, p);
bufferevent_disable(ctx->bev, EV_READ | EV_WRITE); //waiting for connect event only bufferevent_disable(ctx->bev, EV_READ | EV_WRITE); //waiting for connect event only
future_destroy(ctx->f_peek_chello); future_destroy(ctx->f_peek_chello);
@@ -653,11 +655,10 @@ extern void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, e
struct ssl_connect_origin_ctx * ctx = ALLOC(struct ssl_connect_origin_ctx, 1); struct ssl_connect_origin_ctx * ctx = ALLOC(struct ssl_connect_origin_ctx, 1);
int ret = 0; int ret = 0;
struct sockaddr addr; ctx->addrlen = sizeof(ctx->addr);
socklen_t addrlen; ret = getpeername(fd_downstream, (struct sockaddr *)&(ctx->addr), &(ctx->addrlen));
ret = getpeername(fd_downstream, &(ctx->addr), &(ctx->addrlen));
assert(ret == 0); assert(ret == 0);
ctx->fd_downstream = fd_downstream; ctx->fd_downstream = fd_downstream;
ctx->fd_upstream = fd_upstream; ctx->fd_upstream = fd_upstream;
ctx->evbase = evbase; ctx->evbase = evbase;
@@ -666,7 +667,6 @@ extern void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, e
ctx->f_peek_chello = future_create(peek_chello_on_succ, peek_chello_on_fail, p); ctx->f_peek_chello = future_create(peek_chello_on_succ, peek_chello_on_fail, p);
ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, evbase, mgr->logger); ssl_async_peek_client_hello(ctx->f_peek_chello, fd_downstream, evbase, mgr->logger);
return;
} }
/* /*
@@ -844,7 +844,8 @@ static SSL * downstream_ssl_create(struct ssl_mgr * mgr, struct keyring * crt)
SSL_CTX_sess_set_remove_cb(sslctx, ossl_sessremove_cb); SSL_CTX_sess_set_remove_cb(sslctx, ossl_sessremove_cb);
SSL_CTX_sess_set_get_cb(sslctx, ossl_sessget_cb); SSL_CTX_sess_set_get_cb(sslctx, ossl_sessget_cb);
SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL); SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL);
SSL_CTX_set_session_id_context(sslctx, (const unsigned char *)mgr->ssl_session_context, sizeof(mgr->ssl_session_context)); SSL_CTX_set_session_id_context(sslctx, (const unsigned char *) mgr->ssl_session_context,
sizeof(mgr->ssl_session_context));
if (mgr->dh) if (mgr->dh)
{ {

2087
platform/src/ssl_utils.cc Normal file
View File

File diff suppressed because it is too large Load Diff

2
vendor/CMakeLists.txt vendored
View File

@@ -136,7 +136,7 @@ set_property(TARGET wiredcfg PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR
set_property(TARGET wiredcfg PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) set_property(TARGET wiredcfg PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
add_library(MESA_htable SHARED IMPORTED GLOBAL) add_library(MESA_htable SHARED IMPORTED GLOBAL)
set_property(TARGET MESA_htable PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaatframe.so) set_property(TARGET MESA_htable PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_htable.so)
set_property(TARGET MESA_htable PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR}) set_property(TARGET MESA_htable PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
add_library(maatframe SHARED IMPORTED GLOBAL) add_library(maatframe SHARED IMPORTED GLOBAL)