diff options
Diffstat (limited to 'modules/mbedtls')
| -rw-r--r-- | modules/mbedtls/crypto_mbedtls.cpp | 22 | ||||
| -rw-r--r-- | modules/mbedtls/crypto_mbedtls.h | 6 | ||||
| -rw-r--r-- | modules/mbedtls/dtls_server_mbedtls.h | 8 | ||||
| -rw-r--r-- | modules/mbedtls/packet_peer_mbed_dtls.cpp | 54 | ||||
| -rw-r--r-- | modules/mbedtls/packet_peer_mbed_dtls.h | 4 | ||||
| -rw-r--r-- | modules/mbedtls/register_types.cpp | 16 | ||||
| -rw-r--r-- | modules/mbedtls/register_types.h | 6 | ||||
| -rw-r--r-- | modules/mbedtls/stream_peer_mbedtls.cpp | 52 | ||||
| -rw-r--r-- | modules/mbedtls/stream_peer_mbedtls.h | 21 | ||||
| -rw-r--r-- | modules/mbedtls/tls_context_mbedtls.cpp (renamed from modules/mbedtls/ssl_context_mbedtls.cpp) | 32 | ||||
| -rw-r--r-- | modules/mbedtls/tls_context_mbedtls.h (renamed from modules/mbedtls/ssl_context_mbedtls.h) | 20 |
11 files changed, 125 insertions, 116 deletions
diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp index ea6b6d8233..e62581ab40 100644 --- a/modules/mbedtls/crypto_mbedtls.cpp +++ b/modules/mbedtls/crypto_mbedtls.cpp @@ -55,14 +55,13 @@ Error CryptoKeyMbedTLS::load(String p_path, bool p_public_only) { ERR_FAIL_COND_V_MSG(locks, ERR_ALREADY_IN_USE, "Key is in use"); PackedByteArray out; - FileAccess *f = FileAccess::open(p_path, FileAccess::READ); - ERR_FAIL_COND_V_MSG(!f, ERR_INVALID_PARAMETER, "Cannot open CryptoKeyMbedTLS file '" + p_path + "'."); + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(f.is_null(), ERR_INVALID_PARAMETER, "Cannot open CryptoKeyMbedTLS file '" + p_path + "'."); uint64_t flen = f->get_length(); out.resize(flen + 1); f->get_buffer(out.ptrw(), flen); out.write[flen] = 0; // string terminator - memdelete(f); int ret = 0; if (p_public_only) { @@ -79,8 +78,8 @@ Error CryptoKeyMbedTLS::load(String p_path, bool p_public_only) { } Error CryptoKeyMbedTLS::save(String p_path, bool p_public_only) { - FileAccess *f = FileAccess::open(p_path, FileAccess::WRITE); - ERR_FAIL_COND_V_MSG(!f, ERR_INVALID_PARAMETER, "Cannot save CryptoKeyMbedTLS file '" + p_path + "'."); + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::WRITE); + ERR_FAIL_COND_V_MSG(f.is_null(), ERR_INVALID_PARAMETER, "Cannot save CryptoKeyMbedTLS file '" + p_path + "'."); unsigned char w[16000]; memset(w, 0, sizeof(w)); @@ -92,14 +91,12 @@ Error CryptoKeyMbedTLS::save(String p_path, bool p_public_only) { ret = mbedtls_pk_write_key_pem(&pkey, w, sizeof(w)); } if (ret != 0) { - memdelete(f); mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize anything we might have written. ERR_FAIL_V_MSG(FAILED, "Error writing key '" + itos(ret) + "'."); } size_t len = strlen((char *)w); f->store_buffer(w, len); - memdelete(f); mbedtls_platform_zeroize(w, sizeof(w)); // Zeroize temporary buffer. return OK; } @@ -143,14 +140,13 @@ Error X509CertificateMbedTLS::load(String p_path) { ERR_FAIL_COND_V_MSG(locks, ERR_ALREADY_IN_USE, "Certificate is in use"); PackedByteArray out; - FileAccess *f = FileAccess::open(p_path, FileAccess::READ); - ERR_FAIL_COND_V_MSG(!f, ERR_INVALID_PARAMETER, "Cannot open X509CertificateMbedTLS file '" + p_path + "'."); + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::READ); + ERR_FAIL_COND_V_MSG(f.is_null(), ERR_INVALID_PARAMETER, "Cannot open X509CertificateMbedTLS file '" + p_path + "'."); uint64_t flen = f->get_length(); out.resize(flen + 1); f->get_buffer(out.ptrw(), flen); out.write[flen] = 0; // string terminator - memdelete(f); int ret = mbedtls_x509_crt_parse(&cert, out.ptr(), out.size()); ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing some certificates: " + itos(ret)); @@ -167,8 +163,8 @@ Error X509CertificateMbedTLS::load_from_memory(const uint8_t *p_buffer, int p_le } Error X509CertificateMbedTLS::save(String p_path) { - FileAccess *f = FileAccess::open(p_path, FileAccess::WRITE); - ERR_FAIL_COND_V_MSG(!f, ERR_INVALID_PARAMETER, "Cannot save X509CertificateMbedTLS file '" + p_path + "'."); + Ref<FileAccess> f = FileAccess::open(p_path, FileAccess::WRITE); + ERR_FAIL_COND_V_MSG(f.is_null(), ERR_INVALID_PARAMETER, "Cannot save X509CertificateMbedTLS file '" + p_path + "'."); mbedtls_x509_crt *crt = &cert; while (crt) { @@ -176,14 +172,12 @@ Error X509CertificateMbedTLS::save(String p_path) { size_t wrote = 0; int ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, cert.raw.p, cert.raw.len, w, sizeof(w), &wrote); if (ret != 0 || wrote == 0) { - memdelete(f); ERR_FAIL_V_MSG(FAILED, "Error writing certificate '" + itos(ret) + "'."); } f->store_buffer(w, wrote - 1); // don't write the string terminator crt = crt->next; } - memdelete(f); return OK; } diff --git a/modules/mbedtls/crypto_mbedtls.h b/modules/mbedtls/crypto_mbedtls.h index 5ba7e9cbf6..f129ef6f11 100644 --- a/modules/mbedtls/crypto_mbedtls.h +++ b/modules/mbedtls/crypto_mbedtls.h @@ -39,7 +39,7 @@ #include <mbedtls/ssl.h> class CryptoMbedTLS; -class SSLContextMbedTLS; +class TLSContextMbedTLS; class CryptoKeyMbedTLS : public CryptoKey { private: mbedtls_pk_context pkey; @@ -69,7 +69,7 @@ public: _FORCE_INLINE_ void unlock() { locks--; } friend class CryptoMbedTLS; - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; }; class X509CertificateMbedTLS : public X509Certificate { @@ -98,7 +98,7 @@ public: _FORCE_INLINE_ void unlock() { locks--; } friend class CryptoMbedTLS; - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; }; class HMACContextMbedTLS : public HMACContext { diff --git a/modules/mbedtls/dtls_server_mbedtls.h b/modules/mbedtls/dtls_server_mbedtls.h index 29370062c4..0c9f10b5ed 100644 --- a/modules/mbedtls/dtls_server_mbedtls.h +++ b/modules/mbedtls/dtls_server_mbedtls.h @@ -28,11 +28,11 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#ifndef MBED_DTLS_SERVER_H -#define MBED_DTLS_SERVER_H +#ifndef DTLS_SERVER_MBEDTLS_H +#define DTLS_SERVER_MBEDTLS_H #include "core/io/dtls_server.h" -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" class DTLSServerMbedTLS : public DTLSServer { private: @@ -54,4 +54,4 @@ public: ~DTLSServerMbedTLS(); }; -#endif // MBED_DTLS_SERVER_H +#endif // DTLS_SERVER_MBEDTLS_H diff --git a/modules/mbedtls/packet_peer_mbed_dtls.cpp b/modules/mbedtls/packet_peer_mbed_dtls.cpp index 2a5eaa0109..e84d95773d 100644 --- a/modules/mbedtls/packet_peer_mbed_dtls.cpp +++ b/modules/mbedtls/packet_peer_mbed_dtls.cpp @@ -32,14 +32,14 @@ #include "mbedtls/platform_util.h" #include "core/io/file_access.h" -#include "core/io/stream_peer_ssl.h" +#include "core/io/stream_peer_tls.h" int PacketPeerMbedDTLS::bio_send(void *ctx, const unsigned char *buf, size_t len) { - if (buf == nullptr || len <= 0) { + if (buf == nullptr || len == 0) { return 0; } - PacketPeerMbedDTLS *sp = (PacketPeerMbedDTLS *)ctx; + PacketPeerMbedDTLS *sp = static_cast<PacketPeerMbedDTLS *>(ctx); ERR_FAIL_COND_V(sp == nullptr, 0); @@ -53,11 +53,11 @@ int PacketPeerMbedDTLS::bio_send(void *ctx, const unsigned char *buf, size_t len } int PacketPeerMbedDTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { - if (buf == nullptr || len <= 0) { + if (buf == nullptr || len == 0) { return 0; } - PacketPeerMbedDTLS *sp = (PacketPeerMbedDTLS *)ctx; + PacketPeerMbedDTLS *sp = static_cast<PacketPeerMbedDTLS *>(ctx); ERR_FAIL_COND_V(sp == nullptr, 0); @@ -79,7 +79,7 @@ int PacketPeerMbedDTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { } void PacketPeerMbedDTLS::_cleanup() { - ssl_ctx->clear(); + tls_ctx->clear(); base = Ref<PacketPeer>(); status = STATUS_DISCONNECTED; } @@ -91,16 +91,16 @@ int PacketPeerMbedDTLS::_set_cookie() { uint16_t port = base->get_packet_port(); memcpy(client_id, addr.get_ipv6(), 16); memcpy(&client_id[16], (uint8_t *)&port, 2); - return mbedtls_ssl_set_client_transport_id(ssl_ctx->get_context(), client_id, 18); + return mbedtls_ssl_set_client_transport_id(tls_ctx->get_context(), client_id, 18); } Error PacketPeerMbedDTLS::_do_handshake() { int ret = 0; - while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) { + while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret != MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { ERR_PRINT("TLS handshake error: " + itos(ret)); - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } _cleanup(); status = STATUS_ERROR; @@ -115,18 +115,18 @@ Error PacketPeerMbedDTLS::_do_handshake() { } Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_validate_certs, const String &p_for_hostname, Ref<X509Certificate> p_ca_certs) { - ERR_FAIL_COND_V(!p_base.is_valid() || !p_base->is_connected_to_host(), ERR_INVALID_PARAMETER); + ERR_FAIL_COND_V(!p_base.is_valid() || !p_base->is_socket_connected(), ERR_INVALID_PARAMETER); base = p_base; int ret = 0; int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; - Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs); + Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_DATAGRAM, authmode, p_ca_certs); ERR_FAIL_COND_V(err != OK, err); - mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data()); - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); - mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); + mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data()); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); status = STATUS_HANDSHAKING; @@ -139,13 +139,13 @@ Error PacketPeerMbedDTLS::connect_to_peer(Ref<PacketPeerUDP> p_base, bool p_vali } Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain, Ref<CookieContextMbedTLS> p_cookies) { - Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies); + Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert, p_cookies); ERR_FAIL_COND_V(err != OK, err); base = p_base; base->set_blocking_mode(false); - mbedtls_ssl_session_reset(ssl_ctx->get_context()); + mbedtls_ssl_session_reset(tls_ctx->get_context()); int ret = _set_cookie(); if (ret != 0) { @@ -153,8 +153,8 @@ Error PacketPeerMbedDTLS::accept_peer(Ref<PacketPeerUDP> p_base, Ref<CryptoKey> ERR_FAIL_V_MSG(FAILED, "Error setting DTLS client cookie"); } - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); - mbedtls_ssl_set_timer_cb(ssl_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_timer_cb(tls_ctx->get_context(), &timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); status = STATUS_HANDSHAKING; @@ -173,11 +173,11 @@ Error PacketPeerMbedDTLS::put_packet(const uint8_t *p_buffer, int p_bytes) { return OK; } - int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_buffer, p_bytes); + int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_buffer, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); _cleanup(); return ERR_CONNECTION_ERROR; } @@ -190,7 +190,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) { r_bytes = 0; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), packet_buffer, PACKET_BUFFER_SIZE); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret <= 0) { @@ -200,7 +200,7 @@ Error PacketPeerMbedDTLS::get_packet(const uint8_t **r_buffer, int &r_bytes) { } else { _cleanup(); status = STATUS_ERROR; - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } return ERR_CONNECTION_ERROR; } @@ -220,7 +220,7 @@ void PacketPeerMbedDTLS::poll() { ERR_FAIL_COND(!base.is_valid()); - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), nullptr, 0); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), nullptr, 0); if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { @@ -229,7 +229,7 @@ void PacketPeerMbedDTLS::poll() { } else { _cleanup(); status = STATUS_ERROR; - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); } } } @@ -237,7 +237,7 @@ void PacketPeerMbedDTLS::poll() { int PacketPeerMbedDTLS::get_available_packet_count() const { ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0); - return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl)) > 0 ? 1 : 0; + return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls)) > 0 ? 1 : 0; } int PacketPeerMbedDTLS::get_max_packet_size() const { @@ -245,7 +245,7 @@ int PacketPeerMbedDTLS::get_max_packet_size() const { } PacketPeerMbedDTLS::PacketPeerMbedDTLS() { - ssl_ctx.instantiate(); + tls_ctx.instantiate(); } PacketPeerMbedDTLS::~PacketPeerMbedDTLS() { @@ -261,7 +261,7 @@ void PacketPeerMbedDTLS::disconnect_from_peer() { int ret = 0; // Send SSL close notification, blocking, but ignore other errors. do { - ret = mbedtls_ssl_close_notify(ssl_ctx->get_context()); + ret = mbedtls_ssl_close_notify(tls_ctx->get_context()); } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); } diff --git a/modules/mbedtls/packet_peer_mbed_dtls.h b/modules/mbedtls/packet_peer_mbed_dtls.h index 5f2f42cd30..cc79057d67 100644 --- a/modules/mbedtls/packet_peer_mbed_dtls.h +++ b/modules/mbedtls/packet_peer_mbed_dtls.h @@ -32,7 +32,7 @@ #define PACKET_PEER_MBED_DTLS_H #include "core/io/packet_peer_dtls.h" -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" #include <mbedtls/timing.h> @@ -56,7 +56,7 @@ private: void _cleanup(); protected: - Ref<SSLContextMbedTLS> ssl_ctx; + Ref<TLSContextMbedTLS> tls_ctx; mbedtls_timing_delay_context timer; Error _do_handshake(); diff --git a/modules/mbedtls/register_types.cpp b/modules/mbedtls/register_types.cpp index 1af978e70a..675091b617 100644 --- a/modules/mbedtls/register_types.cpp +++ b/modules/mbedtls/register_types.cpp @@ -39,16 +39,24 @@ #include "tests/test_crypto_mbedtls.h" #endif -void register_mbedtls_types() { +void initialize_mbedtls_module(ModuleInitializationLevel p_level) { + if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) { + return; + } + CryptoMbedTLS::initialize_crypto(); - StreamPeerMbedTLS::initialize_ssl(); + StreamPeerMbedTLS::initialize_tls(); PacketPeerMbedDTLS::initialize_dtls(); DTLSServerMbedTLS::initialize(); } -void unregister_mbedtls_types() { +void uninitialize_mbedtls_module(ModuleInitializationLevel p_level) { + if (p_level != MODULE_INITIALIZATION_LEVEL_SCENE) { + return; + } + DTLSServerMbedTLS::finalize(); PacketPeerMbedDTLS::finalize_dtls(); - StreamPeerMbedTLS::finalize_ssl(); + StreamPeerMbedTLS::finalize_tls(); CryptoMbedTLS::finalize_crypto(); } diff --git a/modules/mbedtls/register_types.h b/modules/mbedtls/register_types.h index 4bc2cca118..ebe76f44f1 100644 --- a/modules/mbedtls/register_types.h +++ b/modules/mbedtls/register_types.h @@ -31,7 +31,9 @@ #ifndef MBEDTLS_REGISTER_TYPES_H #define MBEDTLS_REGISTER_TYPES_H -void register_mbedtls_types(); -void unregister_mbedtls_types(); +#include "modules/register_module_types.h" + +void initialize_mbedtls_module(ModuleInitializationLevel p_level); +void uninitialize_mbedtls_module(ModuleInitializationLevel p_level); #endif // MBEDTLS_REGISTER_TYPES_H diff --git a/modules/mbedtls/stream_peer_mbedtls.cpp b/modules/mbedtls/stream_peer_mbedtls.cpp index 05a57607cd..a97c6bd916 100644 --- a/modules/mbedtls/stream_peer_mbedtls.cpp +++ b/modules/mbedtls/stream_peer_mbedtls.cpp @@ -34,11 +34,11 @@ #include "core/io/stream_peer_tcp.h" int StreamPeerMbedTLS::bio_send(void *ctx, const unsigned char *buf, size_t len) { - if (buf == nullptr || len <= 0) { + if (buf == nullptr || len == 0) { return 0; } - StreamPeerMbedTLS *sp = (StreamPeerMbedTLS *)ctx; + StreamPeerMbedTLS *sp = static_cast<StreamPeerMbedTLS *>(ctx); ERR_FAIL_COND_V(sp == nullptr, 0); @@ -54,11 +54,11 @@ int StreamPeerMbedTLS::bio_send(void *ctx, const unsigned char *buf, size_t len) } int StreamPeerMbedTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { - if (buf == nullptr || len <= 0) { + if (buf == nullptr || len == 0) { return 0; } - StreamPeerMbedTLS *sp = (StreamPeerMbedTLS *)ctx; + StreamPeerMbedTLS *sp = static_cast<StreamPeerMbedTLS *>(ctx); ERR_FAIL_COND_V(sp == nullptr, 0); @@ -74,18 +74,18 @@ int StreamPeerMbedTLS::bio_recv(void *ctx, unsigned char *buf, size_t len) { } void StreamPeerMbedTLS::_cleanup() { - ssl_ctx->clear(); + tls_ctx->clear(); base = Ref<StreamPeer>(); status = STATUS_DISCONNECTED; } Error StreamPeerMbedTLS::_do_handshake() { int ret = 0; - while ((ret = mbedtls_ssl_handshake(ssl_ctx->get_context())) != 0) { + while ((ret = mbedtls_ssl_handshake(tls_ctx->get_context())) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { // An error occurred. ERR_PRINT("TLS handshake error: " + itos(ret)); - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); status = STATUS_ERROR; return FAILED; @@ -108,11 +108,11 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida base = p_base; int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; - Error err = ssl_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs); + Error err = tls_ctx->init_client(MBEDTLS_SSL_TRANSPORT_STREAM, authmode, p_ca_certs); ERR_FAIL_COND_V(err != OK, err); - mbedtls_ssl_set_hostname(ssl_ctx->get_context(), p_for_hostname.utf8().get_data()); - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_hostname(tls_ctx->get_context(), p_for_hostname.utf8().get_data()); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); status = STATUS_HANDSHAKING; @@ -127,12 +127,12 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida Error StreamPeerMbedTLS::accept_stream(Ref<StreamPeer> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain) { ERR_FAIL_COND_V(p_base.is_null(), ERR_INVALID_PARAMETER); - Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert); + Error err = tls_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert); ERR_FAIL_COND_V(err != OK, err); base = p_base; - mbedtls_ssl_set_bio(ssl_ctx->get_context(), this, bio_send, bio_recv, nullptr); + mbedtls_ssl_set_bio(tls_ctx->get_context(), this, bio_send, bio_recv, nullptr); status = STATUS_HANDSHAKING; @@ -173,7 +173,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in return OK; } - int ret = mbedtls_ssl_write(ssl_ctx->get_context(), p_data, p_bytes); + int ret = mbedtls_ssl_write(tls_ctx->get_context(), p_data, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { // Non blocking IO ret = 0; @@ -182,7 +182,7 @@ Error StreamPeerMbedTLS::put_partial_data(const uint8_t *p_data, int p_bytes, in disconnect_from_stream(); return ERR_FILE_EOF; } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } @@ -216,7 +216,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r r_received = 0; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), p_buffer, p_bytes); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), p_buffer, p_bytes); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = 0; // non blocking io } else if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { @@ -224,7 +224,7 @@ Error StreamPeerMbedTLS::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r disconnect_from_stream(); return ERR_FILE_EOF; } else if (ret <= 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return ERR_CONNECTION_ERROR; } @@ -245,7 +245,7 @@ void StreamPeerMbedTLS::poll() { // We could pass nullptr as second parameter, but some behaviour sanitizers don't seem to like that. // Passing a 1 byte buffer to workaround it. uint8_t byte; - int ret = mbedtls_ssl_read(ssl_ctx->get_context(), &byte, 0); + int ret = mbedtls_ssl_read(tls_ctx->get_context(), &byte, 0); if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { // Nothing to read/write (non blocking IO) @@ -254,7 +254,7 @@ void StreamPeerMbedTLS::poll() { disconnect_from_stream(); return; } else if (ret < 0) { - SSLContextMbedTLS::print_mbedtls_error(ret); + TLSContextMbedTLS::print_mbedtls_error(ret); disconnect_from_stream(); return; } @@ -269,11 +269,11 @@ void StreamPeerMbedTLS::poll() { int StreamPeerMbedTLS::get_available_bytes() const { ERR_FAIL_COND_V(status != STATUS_CONNECTED, 0); - return mbedtls_ssl_get_bytes_avail(&(ssl_ctx->ssl)); + return mbedtls_ssl_get_bytes_avail(&(tls_ctx->tls)); } StreamPeerMbedTLS::StreamPeerMbedTLS() { - ssl_ctx.instantiate(); + tls_ctx.instantiate(); } StreamPeerMbedTLS::~StreamPeerMbedTLS() { @@ -288,7 +288,7 @@ void StreamPeerMbedTLS::disconnect_from_stream() { Ref<StreamPeerTCP> tcp = base; if (tcp.is_valid() && tcp->get_status() == StreamPeerTCP::STATUS_CONNECTED) { // We are still connected on the socket, try to send close notify. - mbedtls_ssl_close_notify(ssl_ctx->get_context()); + mbedtls_ssl_close_notify(tls_ctx->get_context()); } _cleanup(); @@ -298,16 +298,20 @@ StreamPeerMbedTLS::Status StreamPeerMbedTLS::get_status() const { return status; } -StreamPeerSSL *StreamPeerMbedTLS::_create_func() { +Ref<StreamPeer> StreamPeerMbedTLS::get_stream() const { + return base; +} + +StreamPeerTLS *StreamPeerMbedTLS::_create_func() { return memnew(StreamPeerMbedTLS); } -void StreamPeerMbedTLS::initialize_ssl() { +void StreamPeerMbedTLS::initialize_tls() { _create = _create_func; available = true; } -void StreamPeerMbedTLS::finalize_ssl() { +void StreamPeerMbedTLS::finalize_tls() { available = false; _create = nullptr; } diff --git a/modules/mbedtls/stream_peer_mbedtls.h b/modules/mbedtls/stream_peer_mbedtls.h index 98b91e65ab..9219269539 100644 --- a/modules/mbedtls/stream_peer_mbedtls.h +++ b/modules/mbedtls/stream_peer_mbedtls.h @@ -28,27 +28,27 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#ifndef STREAM_PEER_OPEN_SSL_H -#define STREAM_PEER_OPEN_SSL_H +#ifndef STREAM_PEER_MBEDTLS_H +#define STREAM_PEER_MBEDTLS_H -#include "core/io/stream_peer_ssl.h" -#include "ssl_context_mbedtls.h" +#include "core/io/stream_peer_tls.h" +#include "tls_context_mbedtls.h" -class StreamPeerMbedTLS : public StreamPeerSSL { +class StreamPeerMbedTLS : public StreamPeerTLS { private: Status status = STATUS_DISCONNECTED; String hostname; Ref<StreamPeer> base; - static StreamPeerSSL *_create_func(); + static StreamPeerTLS *_create_func(); static int bio_recv(void *ctx, unsigned char *buf, size_t len); static int bio_send(void *ctx, const unsigned char *buf, size_t len); void _cleanup(); protected: - Ref<SSLContextMbedTLS> ssl_ctx; + Ref<TLSContextMbedTLS> tls_ctx; Error _do_handshake(); @@ -57,6 +57,7 @@ public: virtual Error accept_stream(Ref<StreamPeer> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain = Ref<X509Certificate>()); virtual Error connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs = false, const String &p_for_hostname = String(), Ref<X509Certificate> p_valid_cert = Ref<X509Certificate>()); virtual Status get_status() const; + virtual Ref<StreamPeer> get_stream() const; virtual void disconnect_from_stream(); @@ -68,11 +69,11 @@ public: virtual int get_available_bytes() const; - static void initialize_ssl(); - static void finalize_ssl(); + static void initialize_tls(); + static void finalize_tls(); StreamPeerMbedTLS(); ~StreamPeerMbedTLS(); }; -#endif // STREAM_PEER_SSL_H +#endif // STREAM_PEER_MBEDTLS_H diff --git a/modules/mbedtls/ssl_context_mbedtls.cpp b/modules/mbedtls/tls_context_mbedtls.cpp index e2dad074cc..1ae7bc0436 100644 --- a/modules/mbedtls/ssl_context_mbedtls.cpp +++ b/modules/mbedtls/tls_context_mbedtls.cpp @@ -1,5 +1,5 @@ /*************************************************************************/ -/* ssl_context_mbedtls.cpp */ +/* tls_context_mbedtls.cpp */ /*************************************************************************/ /* This file is part of: */ /* GODOT ENGINE */ @@ -28,7 +28,7 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#include "ssl_context_mbedtls.h" +#include "tls_context_mbedtls.h" static void my_debug(void *ctx, int level, const char *file, int line, @@ -37,7 +37,7 @@ static void my_debug(void *ctx, int level, fflush(stdout); } -void SSLContextMbedTLS::print_mbedtls_error(int p_ret) { +void TLSContextMbedTLS::print_mbedtls_error(int p_ret) { printf("mbedtls error: returned -0x%x\n\n", -p_ret); fflush(stdout); } @@ -82,12 +82,12 @@ CookieContextMbedTLS::~CookieContextMbedTLS() { clear(); } -/// SSLContextMbedTLS +/// TLSContextMbedTLS -Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) { +Error TLSContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) { ERR_FAIL_COND_V_MSG(inited, ERR_ALREADY_IN_USE, "This SSL context is already active"); - mbedtls_ssl_init(&ssl); + mbedtls_ssl_init(&tls); mbedtls_ssl_config_init(&conf); mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); @@ -110,7 +110,7 @@ Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) return OK; } -Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) { +Error TLSContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) { ERR_FAIL_COND_V(!p_pkey.is_valid(), ERR_INVALID_PARAMETER); ERR_FAIL_COND_V(!p_cert.is_valid(), ERR_INVALID_PARAMETER); @@ -146,11 +146,11 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto cookies = p_cookies; mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx)); } - mbedtls_ssl_setup(&ssl, &conf); + mbedtls_ssl_setup(&tls, &conf); return OK; } -Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { +Error TLSContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode); ERR_FAIL_COND_V(err != OK, err); @@ -172,15 +172,15 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce // Set valid CAs mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), nullptr); - mbedtls_ssl_setup(&ssl, &conf); + mbedtls_ssl_setup(&tls, &conf); return OK; } -void SSLContextMbedTLS::clear() { +void TLSContextMbedTLS::clear() { if (!inited) { return; } - mbedtls_ssl_free(&ssl); + mbedtls_ssl_free(&tls); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); @@ -198,14 +198,14 @@ void SSLContextMbedTLS::clear() { inited = false; } -mbedtls_ssl_context *SSLContextMbedTLS::get_context() { +mbedtls_ssl_context *TLSContextMbedTLS::get_context() { ERR_FAIL_COND_V(!inited, nullptr); - return &ssl; + return &tls; } -SSLContextMbedTLS::SSLContextMbedTLS() { +TLSContextMbedTLS::TLSContextMbedTLS() { } -SSLContextMbedTLS::~SSLContextMbedTLS() { +TLSContextMbedTLS::~TLSContextMbedTLS() { clear(); } diff --git a/modules/mbedtls/ssl_context_mbedtls.h b/modules/mbedtls/tls_context_mbedtls.h index dd49792abd..5e7b3dc46e 100644 --- a/modules/mbedtls/ssl_context_mbedtls.h +++ b/modules/mbedtls/tls_context_mbedtls.h @@ -1,5 +1,5 @@ /*************************************************************************/ -/* ssl_context_mbedtls.h */ +/* tls_context_mbedtls.h */ /*************************************************************************/ /* This file is part of: */ /* GODOT ENGINE */ @@ -28,8 +28,8 @@ /* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /*************************************************************************/ -#ifndef SSL_CONTEXT_MBED_TLS_H -#define SSL_CONTEXT_MBED_TLS_H +#ifndef TLS_CONTEXT_MBEDTLS_H +#define TLS_CONTEXT_MBEDTLS_H #include "crypto_mbedtls.h" @@ -44,10 +44,10 @@ #include <mbedtls/ssl.h> #include <mbedtls/ssl_cookie.h> -class SSLContextMbedTLS; +class TLSContextMbedTLS; class CookieContextMbedTLS : public RefCounted { - friend class SSLContextMbedTLS; + friend class TLSContextMbedTLS; protected: bool inited = false; @@ -63,7 +63,7 @@ public: ~CookieContextMbedTLS(); }; -class SSLContextMbedTLS : public RefCounted { +class TLSContextMbedTLS : public RefCounted { protected: bool inited = false; @@ -73,7 +73,7 @@ public: Ref<X509CertificateMbedTLS> certs; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ssl_context ssl; + mbedtls_ssl_context tls; mbedtls_ssl_config conf; Ref<CookieContextMbedTLS> cookies; @@ -86,8 +86,8 @@ public: mbedtls_ssl_context *get_context(); - SSLContextMbedTLS(); - ~SSLContextMbedTLS(); + TLSContextMbedTLS(); + ~TLSContextMbedTLS(); }; -#endif // SSL_CONTEXT_MBED_TLS_H +#endif // TLS_CONTEXT_MBEDTLS_H |