From 9d963486f66a864aa67e668742b6aa6a6e72fb1f Mon Sep 17 00:00:00 2001 From: David Timber Date: Wed, 7 Jul 2021 21:21:17 +1000 Subject: Refactor: impl prne_mbedtls_verify_alp() --- src/bne.c | 11 +++++++---- src/htbt.c | 33 +++++++++------------------------ src/mbedtls.c | 23 +++++++++++++++++++++++ src/mbedtls.h | 5 +++++ src/proone.c | 2 +- 5 files changed, 45 insertions(+), 29 deletions(-) diff --git a/src/bne.c b/src/bne.c index dcb1825..d858a69 100644 --- a/src/bne.c +++ b/src/bne.c @@ -1061,6 +1061,9 @@ static bool bne_sh_setup ( parser.ctx = s_ctx; parser.line_f = bne_sh_availcmd_parse_f; + /* FIXME + * DO NOT assume that /dev is available + */ ret = bne_sh_runcmd_line( s_ctx, &parser, @@ -1821,10 +1824,10 @@ static bool bne_do_vec_htbt (prne_bne_t *ctx) { goto END; } - ret = - prne_nstreq( - mbedtls_ssl_get_alpn_protocol(&ssl), - PRNE_HTBT_TLS_ALP); + ret = prne_mbedtls_verify_alp( + ctx->param.htbt_ssl_conf, + &ssl, + PRNE_HTBT_TLS_ALP); if (ret) { /* here goes ... * diff --git a/src/htbt.c b/src/htbt.c index 89d75fe..09915e6 100644 --- a/src/htbt.c +++ b/src/htbt.c @@ -319,28 +319,6 @@ static void htbt_main_empty_req_q (prne_htbt_t *ctx) { prne_llist_clear(&ctx->main.req_q); } -static bool htbt_verify_alp ( - const mbedtls_ssl_config *conf, - const mbedtls_ssl_context *ctx) -{ - bool has_alpn = false; - - for (const char **a = conf->alpn_list; a != NULL && *a != NULL; a += 1) { - if (strcmp(*a, PRNE_HTBT_TLS_ALP) == 0) { - has_alpn = true; - break; - } - } - - if (!has_alpn) { - // ALP verification is disabled. - return true; - } - return prne_nstreq( - mbedtls_ssl_get_alpn_protocol(ctx), - PRNE_HTBT_TLS_ALP); -} - /* htbt_relay_child() */ static prne_htbt_status_code_t htbt_relay_child ( @@ -1728,7 +1706,11 @@ static bool htbt_main_slv_setup_f (void *ioctx, pth_event_t ev) { ret = false; goto END; } - if (!htbt_verify_alp(ctx->parent->param.main_ssl_conf, &ctx->ssl)) { + if (!prne_mbedtls_verify_alp( + ctx->parent->param.main_ssl_conf, + &ctx->ssl, + PRNE_HTBT_TLS_ALP)) + { ret = false; goto END; } @@ -2421,7 +2403,10 @@ static bool htbt_lbd_slv_setup_f (void *ioctx, pth_event_t ev) { &ctx->ssl, mbedtls_ssl_handshake, ctx->fd, - ev) && htbt_verify_alp(ctx->parent->param.lbd_ssl_conf, &ctx->ssl); + ev) && prne_mbedtls_verify_alp( + ctx->parent->param.lbd_ssl_conf, + &ctx->ssl, + PRNE_HTBT_TLS_ALP); } static void htbt_lbd_slv_cleanup_f (void *ioctx, pth_event_t ev) { diff --git a/src/mbedtls.c b/src/mbedtls.c index 7af5e80..6b8b600 100644 --- a/src/mbedtls.c +++ b/src/mbedtls.c @@ -183,3 +183,26 @@ bool prne_mbedtls_pth_handle ( } while (false); } } + +bool prne_mbedtls_verify_alp ( + const mbedtls_ssl_config *conf, + const mbedtls_ssl_context *ctx, + const char *alp) +{ + bool has_alpn = false; + + for (const char **a = conf->alpn_list; a != NULL && *a != NULL; a += 1) { + if (strcmp(*a, alp) == 0) { + has_alpn = true; + break; + } + } + + if (!has_alpn) { + // ALP verification is disabled. + return true; + } + return prne_nstreq( + mbedtls_ssl_get_alpn_protocol(ctx), + alp); +} diff --git a/src/mbedtls.h b/src/mbedtls.h index 0811aa3..ea97adf 100644 --- a/src/mbedtls.h +++ b/src/mbedtls.h @@ -34,3 +34,8 @@ bool prne_mbedtls_pth_handle ( int(*mbedtls_f)(mbedtls_ssl_context*), const int fd, pth_event_t ev); + +bool prne_mbedtls_verify_alp ( + const mbedtls_ssl_config *conf, + const mbedtls_ssl_context *ctx, + const char *alp); diff --git a/src/proone.c b/src/proone.c index 7ab123e..6eacc33 100644 --- a/src/proone.c +++ b/src/proone.c @@ -429,9 +429,9 @@ static void alloc_workers (void) { for (size_t i = 0; i < sizeof(wkr_arr)/sizeof(prne_worker_t); i += 1) { prne_init_worker(wkr_arr + i); } + alloc_recon(); alloc_resolv(); alloc_htbt(); - alloc_recon(); } static void free_workers (void) { -- cgit