Fix LDFLAGS, add default key

Signed-off-by: Ammar Faizi <[email protected]>

Makefile

@@ -19,8 +19,8 @@ CLIENT_DEFAULT_CFG_FILE = config/client.ini
 
 TARGET_BIN = teavpn2
 
-CC	:= cc
-CXX	:= c++
+CC	:= clang
+CXX	:= clang++
 LD	:= $(CC)
 VG	:= valgrind
 
@@ -50,6 +50,7 @@ ifneq ($(DO_TEST),1)
 				-Wall \
 				-Werror \
 				-Wextra \
+				-Wpadded \
 				-Weverything \
 				-Wno-disabled-macro-expansion \
 				-Wno-unused-macros
@@ -76,7 +77,7 @@ USE_CLIENT	:= 1
 USE_SERVER	:= 1
 
 DEPFLAGS	 = -MT "$@" -MMD -MP -MF "$(@:$(BASE_DIR)/%.o=$(BASE_DEP_DIR)/%.d)"
-LIB_LDFLAGS	:= -lpthread -lssl
+LIB_LDFLAGS	:= -lpthread -lssl -lcrypto
 LDFLAGS		:= -fPIE -fpie
 CFLAGS		:= -fPIE -fpie -std=c11
 CXXFLAGS	:= -fPIE -fpie -std=c++2a

config/server.ini

@@ -10,6 +10,8 @@ bind_port = 55555
 max_conn = 32
 backlog = 10
 exposed_addr = 127.0.0.1
+ssl_cert = data/server/default_cert.pem
+ssl_priv_key = data/server/default_key.pem
 
 [iface]
 dev = teavpn2

data/server/default_cert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1jCCAb6gAwIBAgIUML90D8ANcVgG5orNE7j9roGLXVQwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwIaW50ZWdyYWwwHhcNMjEwMjA3MDcwMjAxWhcNMzEwMjA1
+MDcwMjAxWjATMREwDwYDVQQDDAhpbnRlZ3JhbDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAL3NJfV+ozNmp4C+VRxP+rL3HyqW5WeBrIdzDQ7JyIRAJr2M
+jADisfU1GkR9gDmItUxXApv1jFFKq7ACEMByZ5s92RzJDy344LJHYVtOB2iHGptb
+P8zmPpgpHfRYH+sT2FyJmqWH4gENESjH4WipQfUr38m1HFtYuvEv6l2mGkd1xqZa
+zTP8ho+4+OH8epYkS53qKQgHDEAscPgiIamPikYN4kwjcWaeMS5rzlNgqrNiq5V+
+KP+vJRYqM9EDJfzvnmc+KYyuZS1+6lUpG9VDOYlNkJe3EJcPwk9tXOoEo8ITQYW3
+IZZiov6/wsICOU8l3bPKswpGDdIFgviYEJSKlpsCAwEAAaMiMCAwCQYDVR0TBAIw
+ADATBgNVHREEDDAKgghpbnRlZ3JhbDANBgkqhkiG9w0BAQsFAAOCAQEAOkguqIyf
+LfU2y/y7qgMSWuwcRN2X5/gVEptb3mgLL1iAJK9jMscvTBZkgSlTDBcIhdVKr8Ka
+F++KVk2ShcG40KjnrQh6bw0/5E3d9/X0b5hCqQ4REa1e4O2c9j0TNz0vLYMT36kS
+Jz7z5FGL8GsC6wKmqLiwG8HjtT935ysUWAeY7rajbDaNdvP8kEEATyFOUNEBp5QF
+m7ybs+zXhRA+tjkb8Enhx3uN/Ekx7OfDUoaLk2Ue6UOFokkm31Y3hHE3vGkuHie3
+SawSUIpLU2QZIahsdWjUc6AjaQB1yOK7Htraqd8Zz44u5v1ccir47DQFG+NxP3Pi
+fSHdf2b7Fe1q9g==
+-----END CERTIFICATE-----

data/server/default_key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9zSX1fqMzZqeA
+vlUcT/qy9x8qluVngayHcw0OyciEQCa9jIwA4rH1NRpEfYA5iLVMVwKb9YxRSquw
+AhDAcmebPdkcyQ8t+OCyR2FbTgdohxqbWz/M5j6YKR30WB/rE9hciZqlh+IBDREo
+x+FoqUH1K9/JtRxbWLrxL+pdphpHdcamWs0z/IaPuPjh/HqWJEud6ikIBwxALHD4
+IiGpj4pGDeJMI3FmnjEua85TYKqzYquVfij/ryUWKjPRAyX8755nPimMrmUtfupV
+KRvVQzmJTZCXtxCXD8JPbVzqBKPCE0GFtyGWYqL+v8LCAjlPJd2zyrMKRg3SBYL4
+mBCUipabAgMBAAECggEAb/000YZYK0L9wHQNafgy9xfi1tFUKF+V+hHDeZ9L5eSo
+Nx1PmlIoKIOdrR3T456rQpDwZC9dDLYfWWnOko6uXSYADgEAKOL5SZfedO40ZtOY
+umP74B1Wf5d7Kio5Iw6BkhBLJDJqAq7AGizd7lA4L74kfDKVubxACYF5KqqQROrQ
+F2w5S4lyeOppSCZKoEZ7XGuoni3BQ9dgtwTUn5MDnm6pvxUEj+BdamxebxzunZG8
+9RrQqF0ocW9rpSi1KSZary+uq7v8ftnDJf2IwD/KiaZ+0pdMlipZXrZK8ZnjcsIF
+8yOk52dhNyTbUvIGtn+lBA0XH5tj3rtfqe47h6Qq8QKBgQDfHfcrckzAJIplaCPn
+Of5tzW1Wtpp6PajiYZTE/LrUyiu22U2zP3PjR3y0OlHC2cRIdS8rQK/PglyO1XnE
+33dLdJ+ivTufSqw0uPoVH8gLWeKj12v/+Qe7Y/L2uTOYgbhqoxZ4z8PFkDlkJIY7
+YSo6m72sviCkFh2T3qYaI3HWUwKBgQDZxjUWIuF8nQAZr3W+KAhDT4tHrwM+xoy3
+PZySOVXxPFcObvvFp4vg+te2oab5vBplHrU8jTUZVCuDVZwnAoCN261xbI6EYRwr
+DI8AlHgEb0vwT/IzF7uKDdwJmZqIO0fT7nlVn+xPx9Gh8C7Eu8QEQV4OSJS+R+q5
+okVXmGqlmQKBgQCczUhqBjgeSQ/iWJ/y3vUKYfbXnBlQk4jfIEkXb6414ad7J5jN
+wmhFcHYZi2ruj3C8o2507U8hfLJjx29+hrYmF14hVvBR8H65xs4qjl1ebNs03i6O
+hIuEjKex8VJrea8LcnZWjV0+uS88S9byYET3T4CrqCr0Zn5+71i4wfQ89QKBgGJv
+VBmQZKnF8YCqrabpQ2rhboxVUDs01fARuk7h+bXT12nfwpAB/pkP6SdVBDuHycqB
+Sdx321N6lzyDGtULLX5xmIFXV0gA+RGAWLcjZOhkQkf6avirNordXuM7+fywBvSF
+q3SHl/Ir2NbA0PL+CEkAHvqH1iv4J+IGth809qepAoGAA3SL5a0D65heoK83wTSQ
+r1DxRfIyDtG3zcLGOs2kU3sYMCTfCtGJJd2oUJxAsFTVWJu9DShWpie3CpqC9ZWk
+J3tPDaotLRpLaZ+ZheSNaek1MtwxIhV9hWjSnWW1vrGxjz3q+X1gsoSDl8xe5CQA
+auXMyrcwpDzvBDl7bkEo1wc=
+-----END PRIVATE KEY-----

src/teavpn2/server/linux/tcp.c

@@ -94,10 +94,12 @@ struct client_slot {
 
 
 struct srv_tcp_state {
+	struct_pad(0, 7);
+	bool			need_ssl_cleanup;
 	bool			stop_event_loop;
 	bool			need_iface_down;
 	bool			set_affinity_ok;
-	bool			err_c;
+	uint8_t			err_c;
 
 	/* File descriptors */
 	int			epoll_fd;
@@ -191,7 +193,7 @@ static void *calloc_wrp(size_t nmemb, size_t size)
 	ret = calloc(nmemb, size);
 	if (unlikely(ret == NULL)) {
 		int err = errno;
-		pr_err("calloc: Cannot allocate memory: " PRERF, PREAR(err));
+		pr_err("calloc(): " PRERF, PREAR(err));
 		return NULL;
 	}
 
@@ -250,18 +252,19 @@ static int init_state_epoll_map(struct srv_tcp_state *state)
 
 static int init_state(struct srv_tcp_state *state)
 {
-	state->stop_event_loop = false;
-	state->need_iface_down = false;
-	state->set_affinity_ok = false;
-	state->err_c           = 0;
-	state->epoll_fd        = -1;
-	state->tun_fd          = -1;
-	state->tcp_fd          = -1;
-	state->ssl_ctx         = NULL;
-	state->read_tun_c      = 0;
-	state->write_tun_c     = 0;
-	state->up_bytes        = 0;
-	state->down_bytes      = 0;
+	state->need_ssl_cleanup   = false;
+	state->stop_event_loop    = false;
+	state->need_iface_down    = false;
+	state->set_affinity_ok    = false;
+	state->err_c              = 0;
+	state->epoll_fd           = -1;
+	state->tun_fd             = -1;
+	state->tcp_fd             = -1;
+	state->ssl_ctx            = NULL;
+	state->read_tun_c         = 0;
+	state->write_tun_c        = 0;
+	state->up_bytes           = 0;
+	state->down_bytes         = 0;
 
 	if (unlikely(init_state_ip_map(state) < 0))
 		return -1;
@@ -488,6 +491,24 @@ static int init_socket(struct srv_tcp_state *state)
 }
 
 
+static int init_openssl(struct srv_tcp_state *state)
+{
+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+	state->need_ssl_cleanup = true;
+	return 0;
+}
+
+
+static void cleanup_openssl(struct srv_tcp_state *state)
+{
+	if (likely(state->need_ssl_cleanup)) {
+		EVP_cleanup();
+		state->need_ssl_cleanup = false;
+	}
+}
+
+
 static SSL_CTX *create_ssl_context()
 {
 	int err;
@@ -508,8 +529,8 @@ static SSL_CTX *create_ssl_context()
 
 static int configure_ssl_context(SSL_CTX *ssl_ctx, struct srv_tcp_state *state)
 {
-	int err;
 	int retval;
+	unsigned long err;
 	const char *cert, *key;
 	struct srv_cfg *cfg = state->cfg;
 
@@ -528,17 +549,27 @@ static int configure_ssl_context(SSL_CTX *ssl_ctx, struct srv_tcp_state *state)
 
 	retval = SSL_CTX_use_certificate_file(ssl_ctx, cert, SSL_FILETYPE_PEM);
 	if (unlikely(retval <= 0)) {
-		err = errno;
-		pr_err("SSL_CTX_use_certificate_file(%s): " PRERF, cert,
-		       PREAR(err));
+		err = ERR_get_error();
+		pr_err("SSL_CTX_use_certificate_file(\"%s\"): "
+		       "[%lu]:[%s]:[%s]:[%s]",
+		       key,
+		       err,
+		       ERR_lib_error_string(err),
+		       ERR_func_error_string(err),
+		       ERR_reason_error_string(err));
 		return -1;
 	}
 
 	retval = SSL_CTX_use_PrivateKey_file(ssl_ctx, key, SSL_FILETYPE_PEM);
 	if (unlikely(retval <= 0)) {
-		err = errno;
-		pr_err("SSL_CTX_use_PrivateKey_file(%s): " PRERF, key,
-		       PREAR(err));
+		err = ERR_get_error();
+		pr_err("SSL_CTX_use_PrivateKey_file(\"%s\"): "
+		       "[%lu]:[%s]:[%s]:[%s]",
+		       key,
+		       err,
+		       ERR_lib_error_string(err),
+		       ERR_func_error_string(err),
+		       ERR_reason_error_string(err));
 		return -1;
 	}
 
@@ -564,6 +595,43 @@ static int init_ssl_context(struct srv_tcp_state *state)
 }
 
 
+static void close_file_descriptors(struct srv_tcp_state *state)
+{
+	int tun_fd   = state->tun_fd;
+	int tcp_fd   = state->tcp_fd;
+	int epoll_fd = state->epoll_fd;
+
+	if (likely(tun_fd != -1)) {
+		prl_notice(0, "Closing state->tun_fd (%d)", tun_fd);
+		close(tun_fd);
+	}
+
+	if (likely(tcp_fd != -1)) {
+		prl_notice(0, "Closing state->tcp_fd (%d)", tcp_fd);
+		close(tcp_fd);
+	}
+
+	if (likely(epoll_fd != -1)) {
+		prl_notice(0, "Closing state->epoll_fd (%d)", epoll_fd);
+		close(epoll_fd);
+	}
+}
+
+
+static void destroy_state(struct srv_tcp_state *state)
+{
+	close_file_descriptors(state);
+
+	if (likely(state->ssl_ctx != NULL))
+		SSL_CTX_free(state->ssl_ctx);
+
+	cleanup_openssl(state);
+	free(state->ip_map);
+	free(state->clients);
+	free(state->epoll_map);
+}
+
+
 int teavpn_server_tcp_handler(struct srv_cfg *cfg)
 {
 	int retval = 0;
@@ -584,6 +652,9 @@ int teavpn_server_tcp_handler(struct srv_cfg *cfg)
 	if (unlikely(retval < 0))
 		goto out;
 	retval = init_cpu(&state);
+	if (unlikely(retval < 0))
+		goto out;
+	retval = init_openssl(&state);
 	if (unlikely(retval < 0))
 		goto out;
 	retval = init_ssl_context(&state);
@@ -593,5 +664,6 @@ int teavpn_server_tcp_handler(struct srv_cfg *cfg)
 	if (unlikely(retval < 0))
 		goto out;
 out:
+	destroy_state(&state);
 	return retval;
 }