From 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 Mon Sep 17 00:00:00 2001 From: peterbell10 Date: Wed, 30 Aug 2017 15:00:06 +0100 Subject: Update mbedtls to 2.5.1 (#3964) * Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target --- src/PolarSSL++/BlockingSslClientSocket.cpp | 359 ----------------------------- 1 file changed, 359 deletions(-) delete mode 100644 src/PolarSSL++/BlockingSslClientSocket.cpp (limited to 'src/PolarSSL++/BlockingSslClientSocket.cpp') diff --git a/src/PolarSSL++/BlockingSslClientSocket.cpp b/src/PolarSSL++/BlockingSslClientSocket.cpp deleted file mode 100644 index 7d7fc4ccf..000000000 --- a/src/PolarSSL++/BlockingSslClientSocket.cpp +++ /dev/null @@ -1,359 +0,0 @@ - -// BlockingSslClientSocket.cpp - -// Implements the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it - -#include "Globals.h" -#include "BlockingSslClientSocket.h" - - - - - -//////////////////////////////////////////////////////////////////////////////// -// cBlockingSslClientSocketConnectCallbacks: - -class cBlockingSslClientSocketConnectCallbacks: - public cNetwork::cConnectCallbacks -{ - /** The socket object that is using this instance of the callbacks. */ - cBlockingSslClientSocket & m_Socket; - - virtual void OnConnected(cTCPLink & a_Link) override - { - m_Socket.OnConnected(); - } - - virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override - { - m_Socket.OnConnectError(a_ErrorMsg); - } - -public: - cBlockingSslClientSocketConnectCallbacks(cBlockingSslClientSocket & a_Socket): - m_Socket(a_Socket) - { - } -}; - - - - - -//////////////////////////////////////////////////////////////////////////////// -// cBlockingSslClientSocketLinkCallbacks: - -class cBlockingSslClientSocketLinkCallbacks: - public cTCPLink::cCallbacks -{ - cBlockingSslClientSocket & m_Socket; - - virtual void OnLinkCreated(cTCPLinkPtr a_Link) override - { - m_Socket.SetLink(a_Link); - } - - - virtual void OnReceivedData(const char * a_Data, size_t a_Length) override - { - m_Socket.OnReceivedData(a_Data, a_Length); - } - - - virtual void OnRemoteClosed(void) override - { - m_Socket.OnDisconnected(); - } - - - virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override - { - m_Socket.OnDisconnected(); - } - -public: - - cBlockingSslClientSocketLinkCallbacks(cBlockingSslClientSocket & a_Socket): - m_Socket(a_Socket) - { - } -}; - - - - - -//////////////////////////////////////////////////////////////////////////////// -// cBlockingSslClientSocket: - -cBlockingSslClientSocket::cBlockingSslClientSocket(void) : - m_Ssl(*this), - m_IsConnected(false) -{ - // Nothing needed yet -} - - - - - -bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Port) -{ - // If already connected, report an error: - if (m_IsConnected) - { - // TODO: Handle this better - if connected to the same server and port, and the socket is alive, return success - m_LastErrorText = "Already connected"; - return false; - } - - // Connect the underlying socket: - m_ServerName = a_ServerName; - if (!cNetwork::Connect(a_ServerName, a_Port, - std::make_shared(*this), - std::make_shared(*this)) - ) - { - return false; - } - - // Wait for the connection to succeed or fail: - m_Event.Wait(); - if (!m_IsConnected) - { - return false; - } - - // Initialize the SSL: - int ret = m_Ssl.Initialize(true); - if (ret != 0) - { - Printf(m_LastErrorText, "SSL initialization failed: -0x%x", -ret); - return false; - } - - // If we have been assigned a trusted CA root cert store, push it into the SSL context: - if (m_CACerts.get() != nullptr) - { - m_Ssl.SetCACerts(m_CACerts, m_ExpectedPeerName); - } - - ret = m_Ssl.Handshake(); - if (ret != 0) - { - Printf(m_LastErrorText, "SSL handshake failed: -0x%x", -ret); - return false; - } - - return true; -} - - - - - - -bool cBlockingSslClientSocket::SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName) -{ - // Warn if used multiple times, but don't signal an error: - if (m_CACerts.get() != nullptr) - { - LOGWARNING( - "SSL: Trying to set multiple trusted CA root cert stores, only the last one will be used. Name: %s", - a_ExpectedPeerName.c_str() - ); - } - - // Parse the cert: - m_CACerts.reset(new cX509Cert); - int ret = m_CACerts->Parse(a_CACerts.data(), a_CACerts.size()); - if (ret < 0) - { - Printf(m_LastErrorText, "CA cert parsing failed: -0x%x", -ret); - return false; - } - m_ExpectedPeerName = a_ExpectedPeerName; - - return true; -} - - - - - -bool cBlockingSslClientSocket::Send(const void * a_Data, size_t a_NumBytes) -{ - if (!m_IsConnected) - { - m_LastErrorText = "Socket is closed"; - return false; - } - - // Keep sending the data until all of it is sent: - const char * Data = reinterpret_cast(a_Data); - size_t NumBytes = a_NumBytes; - for (;;) - { - int res = m_Ssl.WritePlain(Data, a_NumBytes); - if (res < 0) - { - ASSERT(res != POLARSSL_ERR_NET_WANT_READ); // This should never happen with callback-based SSL - ASSERT(res != POLARSSL_ERR_NET_WANT_WRITE); // This should never happen with callback-based SSL - Printf(m_LastErrorText, "Data cannot be written to SSL context: -0x%x", -res); - return false; - } - else - { - Data += res; - NumBytes -= static_cast(res); - if (NumBytes == 0) - { - return true; - } - } - } -} - - - - - - -int cBlockingSslClientSocket::Receive(void * a_Data, size_t a_MaxBytes) -{ - // Even if m_IsConnected is false (socket disconnected), the SSL context may have more data in the queue - int res = m_Ssl.ReadPlain(a_Data, a_MaxBytes); - if (res < 0) - { - Printf(m_LastErrorText, "Data cannot be read form SSL context: -0x%x", -res); - } - return res; -} - - - - - -void cBlockingSslClientSocket::Disconnect(void) -{ - // Ignore if not connected - if (!m_IsConnected) - { - return; - } - - m_Ssl.NotifyClose(); - m_IsConnected = false; - - // Grab a copy of the socket so that we know it doesn't change under our hands: - auto socket = m_Socket; - if (socket != nullptr) - { - socket->Close(); - } - - m_Socket.reset(); -} - - - - - -int cBlockingSslClientSocket::ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) -{ - // Wait for any incoming data, if there is none: - cCSLock Lock(m_CSIncomingData); - while (m_IsConnected && m_IncomingData.empty()) - { - cCSUnlock Unlock(Lock); - m_Event.Wait(); - } - - // If we got disconnected, report an error after processing all data: - if (!m_IsConnected && m_IncomingData.empty()) - { - return POLARSSL_ERR_NET_RECV_FAILED; - } - - // Copy the data from the incoming buffer into the specified space: - size_t NumToCopy = std::min(a_NumBytes, m_IncomingData.size()); - memcpy(a_Buffer, m_IncomingData.data(), NumToCopy); - m_IncomingData.erase(0, NumToCopy); - return static_cast(NumToCopy); -} - - - - - -int cBlockingSslClientSocket::SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) -{ - cTCPLinkPtr Socket(m_Socket); // Make a copy so that multiple threads don't race on deleting the socket. - if (Socket == nullptr) - { - return POLARSSL_ERR_NET_SEND_FAILED; - } - if (!Socket->Send(a_Buffer, a_NumBytes)) - { - // PolarSSL's net routines distinguish between connection reset and general failure, we don't need to - return POLARSSL_ERR_NET_SEND_FAILED; - } - return static_cast(a_NumBytes); -} - - - - - -void cBlockingSslClientSocket::OnConnected(void) -{ - m_IsConnected = true; - m_Event.Set(); -} - - - - - -void cBlockingSslClientSocket::OnConnectError(const AString & a_ErrorMsg) -{ - LOG("Cannot connect to %s: \"%s\"", m_ServerName.c_str(), a_ErrorMsg.c_str()); - m_Event.Set(); -} - - - - - -void cBlockingSslClientSocket::OnReceivedData(const char * a_Data, size_t a_Size) -{ - { - cCSLock Lock(m_CSIncomingData); - m_IncomingData.append(a_Data, a_Size); - } - m_Event.Set(); -} - - - - - -void cBlockingSslClientSocket::SetLink(cTCPLinkPtr a_Link) -{ - m_Socket = a_Link; -} - - - - - -void cBlockingSslClientSocket::OnDisconnected(void) -{ - m_IsConnected = false; - m_Socket.reset(); - m_Event.Set(); -} - - - - -- cgit v1.2.3