Fix strange behavior in TlsLibreSSL.

tls_read() and tls_write() may return TLS_WANT_POLLIN or TLS_WANT_POLLOUT
if data isn't ready to be read or written yet. We have to account for this
by converting it to EAGAIN, which is how a typical read() or write()
function should behave.

Also installed a SIGPIPE handler; we do not want to be terminated by
SIGPIPE, and it's safe to ignore this signal because it should be
handled thoroughly in the code.
This commit is contained in:
Jordan Bancino 2023-03-23 16:39:15 +00:00
parent 2441f07848
commit e13442c122
4 changed files with 67 additions and 29 deletions

View file

@ -10,6 +10,13 @@
{ {
"port": 8008, "port": 8008,
"tls": false "tls": false
},
{
"port": 8448,
"tls": {
"cert": "telodendria.crt",
"key": "telodendria.key"
}
} }
], ],
"registration": true, "registration": true,

View file

@ -48,22 +48,26 @@
static Array *httpServers = NULL; static Array *httpServers = NULL;
static void static void
TelodendriaSignalHandler(int signalNo) TelodendriaSignalHandler(int signal)
{ {
size_t i; size_t i;
(void) signalNo; switch (signal)
if (!httpServers)
{ {
return; case SIGPIPE:
} return;
case SIGINT:
if (!httpServers)
{
return;
}
for (i = 0; i < ArraySize(httpServers); i++) for (i = 0; i < ArraySize(httpServers); i++)
{ {
HttpServer *server = ArrayGet(httpServers, i); HttpServer *server = ArrayGet(httpServers, i);
HttpServerStop(server);
HttpServerStop(server); }
break;
} }
} }
@ -478,17 +482,23 @@ main(int argc, char **argv)
sigfillset(&sigAction.sa_mask); sigfillset(&sigAction.sa_mask);
sigAction.sa_flags = SA_RESTART; sigAction.sa_flags = SA_RESTART;
if (sigaction(SIGINT, &sigAction, NULL) < 0) #define SIGACTION(sig, act, oact) \
{ if (sigaction(sig, act, oact) < 0) \
Log(LOG_ERR, "Unable to install signal handler."); { \
exit = EXIT_FAILURE; Log(LOG_ERR, "Unable to install signal handler: %s", #sig); \
goto finish; exit = EXIT_FAILURE; \
} goto finish; \
else } \
{ else \
Log(LOG_DEBUG, "Installed SIGINT signal handler."); { \
Log(LOG_DEBUG, "Installed signal handler: %s", #sig); \
} }
SIGACTION(SIGINT, &sigAction, NULL);
SIGACTION(SIGPIPE, &sigAction, NULL);
#undef SIGACTION
/* Block this thread until the servers are terminated by a signal /* Block this thread until the servers are terminated by a signal
* handler */ * handler */
for (i = 0; i < ArraySize(httpServers); i++) for (i = 0; i < ArraySize(httpServers); i++)

View file

@ -28,6 +28,8 @@
#include <Memory.h> #include <Memory.h>
#include <Log.h> #include <Log.h>
#include <errno.h>
#include <tls.h> /* LibreSSL TLS */ #include <tls.h> /* LibreSSL TLS */
typedef struct LibreSSLCookie typedef struct LibreSSLCookie
@ -74,6 +76,11 @@ TlsInitClient(int fd, const char *serverName)
goto error; goto error;
} }
if (tls_handshake(cookie->ctx) == -1)
{
goto error;
}
return cookie; return cookie;
error: error:
@ -119,25 +126,26 @@ TlsInitServer(int fd, const char *crt, const char *key)
if (tls_config_set_cert_file(cookie->cfg, crt) == -1) if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
{ {
Log(LOG_ERR, "Error with certificate file.");
goto error; goto error;
} }
if (tls_config_set_key_file(cookie->cfg, key) == -1) if (tls_config_set_key_file(cookie->cfg, key) == -1)
{ {
Log(LOG_ERR, "Error with key file.");
goto error; goto error;
} }
if (tls_configure(cookie->ctx, cookie->cfg) == -1) if (tls_configure(cookie->ctx, cookie->cfg) == -1)
{ {
Log(LOG_ERR, "Error configuring context.");
goto error; goto error;
} }
if (tls_accept_socket(cookie->ctx, &cookie->cctx, fd) == -1) if (tls_accept_fds(cookie->ctx, &cookie->cctx, fd, fd) == -1)
{
goto error;
}
if (tls_handshake(cookie->cctx) == -1)
{ {
Log(LOG_ERR, "Error accepting socket.");
goto error; goto error;
} }
@ -177,11 +185,17 @@ ssize_t
TlsRead(void *cookie, void *buf, size_t nBytes) TlsRead(void *cookie, void *buf, size_t nBytes)
{ {
LibreSSLCookie *tls = cookie; LibreSSLCookie *tls = cookie;
ssize_t ret = tls_read(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes); struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
ssize_t ret = tls_read(ctx, buf, nBytes);
if (ret == -1) if (ret == -1)
{ {
Log(LOG_ERR, "TlsRead(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx)); errno = EIO;
}
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
{
errno = EAGAIN;
ret = -1;
} }
return ret; return ret;
@ -191,11 +205,17 @@ ssize_t
TlsWrite(void *cookie, void *buf, size_t nBytes) TlsWrite(void *cookie, void *buf, size_t nBytes)
{ {
LibreSSLCookie *tls = cookie; LibreSSLCookie *tls = cookie;
ssize_t ret = tls_write(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes); struct tls *ctx = tls->cctx ? tls->cctx : tls->ctx;
ssize_t ret = tls_write(ctx, buf, nBytes);
if (ret == -1) if (ret == -1)
{ {
Log(LOG_ERR, "TlsWrite(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx)); errno = EIO;
}
else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
{
errno = EAGAIN;
ret = -1;
} }
return ret; return ret;

View file

@ -55,6 +55,7 @@ MAIN="Main"
if [ "$DEBUG" = "1" ]; then if [ "$DEBUG" = "1" ]; then
CFLAGS="$CFLAGS -O0 -g" CFLAGS="$CFLAGS -O0 -g"
LDFLAGS="-lm -pthread ${TLS_LIBS}"
PROG="$PROG-debug" PROG="$PROG-debug"
fi fi