diff options
Diffstat (limited to 'modules/openssl')
-rw-r--r-- | modules/openssl/SCsub | 696 | ||||
-rw-r--r-- | modules/openssl/config.py | 5 | ||||
-rw-r--r-- | modules/openssl/register_types.cpp | 44 | ||||
-rw-r--r-- | modules/openssl/register_types.h | 32 | ||||
-rw-r--r-- | modules/openssl/stream_peer_openssl.cpp | 632 | ||||
-rw-r--r-- | modules/openssl/stream_peer_openssl.h | 116 |
6 files changed, 0 insertions, 1525 deletions
diff --git a/modules/openssl/SCsub b/modules/openssl/SCsub deleted file mode 100644 index 84c5e68439..0000000000 --- a/modules/openssl/SCsub +++ /dev/null @@ -1,696 +0,0 @@ -#!/usr/bin/env python - -Import('env') -Import('env_modules') - -env_openssl = env_modules.Clone() - -# Thirdparty source files -if env['builtin_openssl']: - thirdparty_dir = "#thirdparty/openssl/" - - thirdparty_sources = [ - "ssl/t1_lib.c", - "ssl/t1_ext.c", - "ssl/s3_srvr.c", - "ssl/t1_enc.c", - "ssl/t1_meth.c", - "ssl/s23_clnt.c", - "ssl/ssl_asn1.c", - "ssl/tls_srp.c", - "ssl/kssl.c", - "ssl/d1_both.c", - "ssl/t1_clnt.c", - "ssl/bio_ssl.c", - "ssl/d1_srtp.c", - "ssl/t1_reneg.c", - "ssl/ssl_cert.c", - "ssl/s3_lib.c", - "ssl/d1_srvr.c", - "ssl/s23_meth.c", - "ssl/ssl_stat.c", - "ssl/ssl_err.c", - "ssl/ssl_algs.c", - "ssl/s3_cbc.c", - "ssl/d1_clnt.c", - "ssl/s3_pkt.c", - "ssl/d1_meth.c", - "ssl/s3_both.c", - "ssl/s2_enc.c", - "ssl/s3_meth.c", - "ssl/s3_enc.c", - "ssl/s23_pkt.c", - "ssl/s2_pkt.c", - "ssl/d1_pkt.c", - "ssl/ssl_rsa.c", - "ssl/s23_srvr.c", - "ssl/s2_meth.c", - "ssl/s3_clnt.c", - "ssl/s23_lib.c", - "ssl/t1_srvr.c", - "ssl/ssl_lib.c", - "ssl/ssl_txt.c", - "ssl/s2_srvr.c", - "ssl/ssl_sess.c", - "ssl/s2_clnt.c", - "ssl/d1_lib.c", - "ssl/s2_lib.c", - "ssl/ssl_err2.c", - "ssl/ssl_ciph.c", - "crypto/dsa/dsa_lib.c", - "crypto/dsa/dsa_pmeth.c", - "crypto/dsa/dsa_ossl.c", - "crypto/dsa/dsa_gen.c", - "crypto/dsa/dsa_asn1.c", - "crypto/dsa/dsa_prn.c", - "crypto/dsa/dsa_sign.c", - "crypto/dsa/dsa_key.c", - "crypto/dsa/dsa_vrf.c", - "crypto/dsa/dsa_err.c", - "crypto/dsa/dsa_ameth.c", - "crypto/dsa/dsa_depr.c", - "crypto/x509/x509_lu.c", - "crypto/x509/x509cset.c", - "crypto/x509/x509_set.c", - "crypto/x509/x509_d2.c", - "crypto/x509/x509_txt.c", - "crypto/x509/x509rset.c", - "crypto/x509/by_dir.c", - "crypto/x509/x509_vpm.c", - "crypto/x509/x509_vfy.c", - "crypto/x509/x509_trs.c", - "crypto/x509/by_file.c", - "crypto/x509/x509_obj.c", - "crypto/x509/x509spki.c", - "crypto/x509/x509_v3.c", - "crypto/x509/x509_req.c", - "crypto/x509/x509_att.c", - "crypto/x509/x_all.c", - "crypto/x509/x509_ext.c", - "crypto/x509/x509type.c", - "crypto/x509/x509_def.c", - "crypto/x509/x509_err.c", - "crypto/x509/x509name.c", - "crypto/x509/x509_r2x.c", - "crypto/x509/x509_cmp.c", - "crypto/asn1/x_pkey.c", - "crypto/asn1/a_gentm.c", - "crypto/asn1/x_sig.c", - "crypto/asn1/t_req.c", - "crypto/asn1/t_pkey.c", - "crypto/asn1/p8_pkey.c", - "crypto/asn1/a_i2d_fp.c", - "crypto/asn1/x_val.c", - "crypto/asn1/f_string.c", - "crypto/asn1/p5_pbe.c", - "crypto/asn1/bio_ndef.c", - "crypto/asn1/a_bool.c", - "crypto/asn1/asn1_gen.c", - "crypto/asn1/x_algor.c", - "crypto/asn1/bio_asn1.c", - "crypto/asn1/asn_mime.c", - "crypto/asn1/t_x509.c", - "crypto/asn1/a_strex.c", - "crypto/asn1/x_nx509.c", - "crypto/asn1/asn1_err.c", - "crypto/asn1/x_crl.c", - "crypto/asn1/a_print.c", - "crypto/asn1/a_type.c", - "crypto/asn1/tasn_new.c", - "crypto/asn1/n_pkey.c", - "crypto/asn1/x_bignum.c", - "crypto/asn1/asn_pack.c", - "crypto/asn1/evp_asn1.c", - "crypto/asn1/t_bitst.c", - "crypto/asn1/x_req.c", - "crypto/asn1/a_time.c", - "crypto/asn1/x_name.c", - "crypto/asn1/x_pubkey.c", - "crypto/asn1/tasn_typ.c", - "crypto/asn1/asn_moid.c", - "crypto/asn1/a_utctm.c", - "crypto/asn1/asn1_lib.c", - "crypto/asn1/x_x509a.c", - "crypto/asn1/a_set.c", - "crypto/asn1/t_crl.c", - "crypto/asn1/p5_pbev2.c", - "crypto/asn1/tasn_enc.c", - "crypto/asn1/a_mbstr.c", - "crypto/asn1/tasn_dec.c", - "crypto/asn1/x_x509.c", - "crypto/asn1/a_octet.c", - "crypto/asn1/x_long.c", - "crypto/asn1/a_bytes.c", - "crypto/asn1/t_x509a.c", - "crypto/asn1/a_enum.c", - "crypto/asn1/a_int.c", - "crypto/asn1/tasn_prn.c", - "crypto/asn1/i2d_pr.c", - "crypto/asn1/a_utf8.c", - "crypto/asn1/t_spki.c", - "crypto/asn1/a_digest.c", - "crypto/asn1/a_dup.c", - "crypto/asn1/i2d_pu.c", - "crypto/asn1/a_verify.c", - "crypto/asn1/f_enum.c", - "crypto/asn1/a_sign.c", - "crypto/asn1/d2i_pr.c", - "crypto/asn1/asn1_par.c", - "crypto/asn1/x_spki.c", - "crypto/asn1/a_d2i_fp.c", - "crypto/asn1/f_int.c", - "crypto/asn1/x_exten.c", - "crypto/asn1/tasn_utl.c", - "crypto/asn1/nsseq.c", - "crypto/asn1/a_bitstr.c", - "crypto/asn1/x_info.c", - "crypto/asn1/a_strnid.c", - "crypto/asn1/a_object.c", - "crypto/asn1/tasn_fre.c", - "crypto/asn1/d2i_pu.c", - "crypto/asn1/ameth_lib.c", - "crypto/asn1/x_attrib.c", - "crypto/evp/m_sha.c", - "crypto/evp/e_camellia.c", - "crypto/evp/e_aes.c", - "crypto/evp/bio_b64.c", - "crypto/evp/m_sigver.c", - "crypto/evp/m_wp.c", - "crypto/evp/m_sha1.c", - "crypto/evp/p_seal.c", - "crypto/evp/c_alld.c", - "crypto/evp/p5_crpt.c", - "crypto/evp/e_rc4.c", - "crypto/evp/m_ecdsa.c", - "crypto/evp/bio_enc.c", - "crypto/evp/e_des3.c", - "crypto/evp/m_null.c", - "crypto/evp/bio_ok.c", - "crypto/evp/pmeth_gn.c", - "crypto/evp/e_rc5.c", - "crypto/evp/e_rc2.c", - "crypto/evp/p_dec.c", - "crypto/evp/p_verify.c", - "crypto/evp/e_rc4_hmac_md5.c", - "crypto/evp/pmeth_lib.c", - "crypto/evp/m_ripemd.c", - "crypto/evp/m_md5.c", - "crypto/evp/e_bf.c", - "crypto/evp/p_enc.c", - "crypto/evp/m_dss.c", - "crypto/evp/bio_md.c", - "crypto/evp/evp_pbe.c", - "crypto/evp/e_seed.c", - "crypto/evp/e_cast.c", - "crypto/evp/p_open.c", - "crypto/evp/p5_crpt2.c", - "crypto/evp/m_dss1.c", - "crypto/evp/names.c", - "crypto/evp/evp_acnf.c", - "crypto/evp/e_des.c", - "crypto/evp/evp_cnf.c", - "crypto/evp/evp_lib.c", - "crypto/evp/digest.c", - "crypto/evp/evp_err.c", - "crypto/evp/evp_enc.c", - "crypto/evp/e_old.c", - "crypto/evp/c_all.c", - "crypto/evp/m_md2.c", - "crypto/evp/e_xcbc_d.c", - "crypto/evp/pmeth_fn.c", - "crypto/evp/p_lib.c", - "crypto/evp/evp_key.c", - "crypto/evp/encode.c", - "crypto/evp/e_aes_cbc_hmac_sha1.c", - "crypto/evp/e_aes_cbc_hmac_sha256.c", - "crypto/evp/m_mdc2.c", - "crypto/evp/e_null.c", - "crypto/evp/p_sign.c", - "crypto/evp/e_idea.c", - "crypto/evp/c_allc.c", - "crypto/evp/evp_pkey.c", - "crypto/evp/m_md4.c", - "crypto/ex_data.c", - "crypto/pkcs12/p12_p8e.c", - "crypto/pkcs12/p12_crt.c", - "crypto/pkcs12/p12_utl.c", - "crypto/pkcs12/p12_attr.c", - "crypto/pkcs12/p12_npas.c", - "crypto/pkcs12/p12_decr.c", - "crypto/pkcs12/p12_init.c", - "crypto/pkcs12/p12_kiss.c", - "crypto/pkcs12/p12_add.c", - "crypto/pkcs12/p12_p8d.c", - "crypto/pkcs12/p12_mutl.c", - "crypto/pkcs12/p12_crpt.c", - "crypto/pkcs12/pk12err.c", - "crypto/pkcs12/p12_asn.c", - "crypto/pkcs12/p12_key.c", - "crypto/ecdh/ech_key.c", - "crypto/ecdh/ech_ossl.c", - "crypto/ecdh/ech_lib.c", - "crypto/ecdh/ech_err.c", - "crypto/ecdh/ech_kdf.c", - "crypto/o_str.c", - "crypto/conf/conf_api.c", - "crypto/conf/conf_err.c", - "crypto/conf/conf_def.c", - "crypto/conf/conf_lib.c", - "crypto/conf/conf_mall.c", - "crypto/conf/conf_sap.c", - "crypto/conf/conf_mod.c", - "crypto/ebcdic.c", - "crypto/ecdsa/ecs_lib.c", - "crypto/ecdsa/ecs_asn1.c", - "crypto/ecdsa/ecs_ossl.c", - "crypto/ecdsa/ecs_vrf.c", - "crypto/ecdsa/ecs_sign.c", - "crypto/ecdsa/ecs_err.c", - "crypto/dso/dso_win32.c", - "crypto/dso/dso_lib.c", - "crypto/dso/dso_dlfcn.c", - "crypto/dso/dso_dl.c", - "crypto/dso/dso_beos.c", - "crypto/dso/dso_null.c", - "crypto/dso/dso_vms.c", - "crypto/dso/dso_err.c", - "crypto/dso/dso_openssl.c", - "crypto/cryptlib.c", - "crypto/md5/md5_one.c", - "crypto/md5/md5_dgst.c", - "crypto/pkcs7/pkcs7err.c", - "crypto/pkcs7/pk7_smime.c", - "crypto/pkcs7/bio_pk7.c", - "crypto/pkcs7/pk7_mime.c", - "crypto/pkcs7/pk7_lib.c", - "crypto/pkcs7/pk7_asn1.c", - "crypto/pkcs7/pk7_doit.c", - "crypto/pkcs7/pk7_attr.c", - "crypto/md4/md4_one.c", - "crypto/md4/md4_dgst.c", - "crypto/o_dir.c", - "crypto/buffer/buf_err.c", - "crypto/buffer/buf_str.c", - "crypto/buffer/buffer.c", - "crypto/cms/cms_lib.c", - "crypto/cms/cms_io.c", - "crypto/cms/cms_err.c", - "crypto/cms/cms_dd.c", - "crypto/cms/cms_smime.c", - "crypto/cms/cms_att.c", - "crypto/cms/cms_pwri.c", - "crypto/cms/cms_cd.c", - "crypto/cms/cms_sd.c", - "crypto/cms/cms_asn1.c", - "crypto/cms/cms_env.c", - "crypto/cms/cms_enc.c", - "crypto/cms/cms_ess.c", - "crypto/cms/cms_kari.c", - "crypto/mem_dbg.c", - "crypto/uid.c", - "crypto/stack/stack.c", - "crypto/ec/ec_ameth.c", - "crypto/ec/ec_err.c", - "crypto/ec/ec_lib.c", - "crypto/ec/ec_curve.c", - "crypto/ec/ec_oct.c", - "crypto/ec/ec_asn1.c", - "crypto/ec/ecp_oct.c", - "crypto/ec/ec_print.c", - "crypto/ec/ec2_smpl.c", - "crypto/ec/ecp_nistp224.c", - "crypto/ec/ec2_oct.c", - "crypto/ec/eck_prn.c", - "crypto/ec/ec_key.c", - "crypto/ec/ecp_nist.c", - "crypto/ec/ec_check.c", - "crypto/ec/ecp_smpl.c", - "crypto/ec/ec2_mult.c", - "crypto/ec/ecp_mont.c", - "crypto/ec/ecp_nistp521.c", - "crypto/ec/ec_mult.c", - "crypto/ec/ecp_nistputil.c", - "crypto/ec/ec_pmeth.c", - "crypto/ec/ec_cvt.c", - "crypto/ec/ecp_nistp256.c", - "crypto/krb5/krb5_asn.c", - "crypto/hmac/hmac.c", - "crypto/hmac/hm_ameth.c", - "crypto/hmac/hm_pmeth.c", - "crypto/comp/c_rle.c", - "crypto/comp/c_zlib.c", - "crypto/comp/comp_lib.c", - "crypto/comp/comp_err.c", - "crypto/des/fcrypt.c", - "crypto/des/str2key.c", - "crypto/des/cbc_cksm.c", - "crypto/des/des_enc.c", - "crypto/des/ofb_enc.c", - "crypto/des/read2pwd.c", - "crypto/des/ecb3_enc.c", - "crypto/des/rand_key.c", - "crypto/des/cfb64ede.c", - "crypto/des/rpc_enc.c", - "crypto/des/ofb64ede.c", - "crypto/des/qud_cksm.c", - "crypto/des/enc_writ.c", - "crypto/des/set_key.c", - "crypto/des/xcbc_enc.c", - "crypto/des/fcrypt_b.c", - "crypto/des/ede_cbcm_enc.c", - "crypto/des/des_old2.c", - "crypto/des/cfb_enc.c", - "crypto/des/ecb_enc.c", - "crypto/des/enc_read.c", - "crypto/des/des_old.c", - "crypto/des/ofb64enc.c", - "crypto/des/pcbc_enc.c", - "crypto/des/cbc_enc.c", - "crypto/des/cfb64enc.c", - "crypto/lhash/lh_stats.c", - "crypto/lhash/lhash.c", - "crypto/x509v3/v3_genn.c", - "crypto/x509v3/pcy_cache.c", - "crypto/x509v3/v3_sxnet.c", - "crypto/x509v3/v3_scts.c", - "crypto/x509v3/v3err.c", - "crypto/x509v3/v3_conf.c", - "crypto/x509v3/v3_utl.c", - "crypto/x509v3/v3_akeya.c", - "crypto/x509v3/v3_lib.c", - "crypto/x509v3/pcy_lib.c", - "crypto/x509v3/v3_cpols.c", - "crypto/x509v3/v3_ia5.c", - "crypto/x509v3/v3_bitst.c", - "crypto/x509v3/v3_skey.c", - "crypto/x509v3/v3_info.c", - "crypto/x509v3/v3_asid.c", - "crypto/x509v3/pcy_tree.c", - "crypto/x509v3/v3_pcons.c", - "crypto/x509v3/v3_bcons.c", - "crypto/x509v3/v3_pku.c", - "crypto/x509v3/v3_ocsp.c", - "crypto/x509v3/pcy_map.c", - "crypto/x509v3/v3_ncons.c", - "crypto/x509v3/v3_purp.c", - "crypto/x509v3/v3_enum.c", - "crypto/x509v3/v3_pmaps.c", - "crypto/x509v3/pcy_node.c", - "crypto/x509v3/v3_pcia.c", - "crypto/x509v3/v3_crld.c", - "crypto/x509v3/v3_pci.c", - "crypto/x509v3/v3_akey.c", - "crypto/x509v3/v3_addr.c", - "crypto/x509v3/v3_int.c", - "crypto/x509v3/v3_alt.c", - "crypto/x509v3/v3_extku.c", - "crypto/x509v3/v3_prn.c", - "crypto/x509v3/pcy_data.c", - "crypto/aes/aes_ofb.c", - "crypto/aes/aes_ctr.c", - "crypto/aes/aes_ecb.c", - "crypto/aes/aes_cfb.c", - "crypto/aes/aes_wrap.c", - "crypto/aes/aes_ige.c", - "crypto/aes/aes_misc.c", - "crypto/pqueue/pqueue.c", - "crypto/sha/sha_one.c", - "crypto/sha/sha_dgst.c", - "crypto/sha/sha512.c", - "crypto/sha/sha1_one.c", - "crypto/sha/sha1dgst.c", - "crypto/sha/sha256.c", - "crypto/whrlpool/wp_dgst.c", - "crypto/objects/obj_xref.c", - "crypto/objects/o_names.c", - "crypto/objects/obj_err.c", - "crypto/objects/obj_dat.c", - "crypto/objects/obj_lib.c", - "crypto/mem.c", - "crypto/fips_ers.c", - "crypto/o_fips.c", - "crypto/engine/eng_rdrand.c", - "crypto/engine/eng_err.c", - "crypto/engine/tb_ecdsa.c", - "crypto/engine/tb_rsa.c", - "crypto/engine/tb_cipher.c", - "crypto/engine/tb_dsa.c", - "crypto/engine/eng_lib.c", - "crypto/engine/tb_asnmth.c", - "crypto/engine/tb_ecdh.c", - "crypto/engine/tb_dh.c", - "crypto/engine/tb_store.c", - "crypto/engine/eng_init.c", - "crypto/engine/eng_cnf.c", - "crypto/engine/eng_all.c", - "crypto/engine/tb_digest.c", - "crypto/engine/tb_pkmeth.c", - "crypto/engine/eng_table.c", - "crypto/engine/eng_ctrl.c", - "crypto/engine/eng_list.c", - "crypto/engine/eng_cryptodev.c", - "crypto/engine/eng_pkey.c", - "crypto/engine/tb_rand.c", - "crypto/engine/eng_openssl.c", - "crypto/engine/eng_fat.c", - "crypto/engine/eng_dyn.c", - "crypto/ts/ts_rsp_verify.c", - "crypto/ts/ts_req_print.c", - "crypto/ts/ts_verify_ctx.c", - "crypto/ts/ts_req_utils.c", - "crypto/ts/ts_err.c", - "crypto/ts/ts_rsp_print.c", - "crypto/ts/ts_rsp_utils.c", - "crypto/ts/ts_lib.c", - "crypto/ts/ts_conf.c", - "crypto/ts/ts_asn1.c", - "crypto/ts/ts_rsp_sign.c", - "crypto/ocsp/ocsp_ext.c", - "crypto/ocsp/ocsp_cl.c", - "crypto/ocsp/ocsp_ht.c", - "crypto/ocsp/ocsp_lib.c", - "crypto/ocsp/ocsp_srv.c", - "crypto/ocsp/ocsp_vfy.c", - "crypto/ocsp/ocsp_err.c", - "crypto/ocsp/ocsp_prn.c", - "crypto/ocsp/ocsp_asn.c", - "crypto/bf/bf_cfb64.c", - "crypto/bf/bf_ecb.c", - "crypto/bf/bf_enc.c", - "crypto/bf/bf_skey.c", - "crypto/bf/bf_ofb64.c", - "crypto/idea/i_skey.c", - "crypto/idea/i_ofb64.c", - "crypto/idea/i_cbc.c", - "crypto/idea/i_ecb.c", - "crypto/idea/i_cfb64.c", - "crypto/cmac/cm_ameth.c", - "crypto/cmac/cmac.c", - "crypto/cmac/cm_pmeth.c", - "crypto/dh/dh_lib.c", - "crypto/dh/dh_key.c", - "crypto/dh/dh_asn1.c", - "crypto/dh/dh_depr.c", - "crypto/dh/dh_pmeth.c", - "crypto/dh/dh_prn.c", - "crypto/dh/dh_gen.c", - "crypto/dh/dh_ameth.c", - "crypto/dh/dh_check.c", - "crypto/dh/dh_err.c", - "crypto/dh/dh_kdf.c", - "crypto/dh/dh_rfc5114.c", - "crypto/modes/ccm128.c", - "crypto/modes/ofb128.c", - "crypto/modes/cts128.c", - "crypto/modes/ctr128.c", - "crypto/modes/gcm128.c", - "crypto/modes/cbc128.c", - "crypto/modes/cfb128.c", - "crypto/modes/xts128.c", - "crypto/modes/wrap128.c", - "crypto/camellia/cmll_cfb.c", - "crypto/camellia/cmll_ecb.c", - "crypto/camellia/cmll_utl.c", - "crypto/camellia/cmll_misc.c", - "crypto/camellia/cmll_ofb.c", - "crypto/camellia/cmll_ctr.c", - "crypto/seed/seed_ecb.c", - "crypto/seed/seed_cbc.c", - "crypto/seed/seed.c", - "crypto/seed/seed_ofb.c", - "crypto/seed/seed_cfb.c", - "crypto/txt_db/txt_db.c", - "crypto/cpt_err.c", - "crypto/pem/pem_pk8.c", - "crypto/pem/pem_lib.c", - "crypto/pem/pem_sign.c", - "crypto/pem/pem_all.c", - "crypto/pem/pem_info.c", - "crypto/pem/pem_pkey.c", - "crypto/pem/pem_seal.c", - "crypto/pem/pem_err.c", - "crypto/pem/pem_xaux.c", - "crypto/pem/pvkfmt.c", - "crypto/pem/pem_x509.c", - "crypto/pem/pem_oth.c", - "crypto/rand/rand_lib.c", - "crypto/rand/randfile.c", - "crypto/rand/rand_os2.c", - "crypto/rand/rand_unix.c", - "crypto/rand/rand_nw.c", - "crypto/rand/md_rand.c", - "crypto/rand/rand_err.c", - "crypto/rand/rand_win.c", - "crypto/rand/rand_egd.c", - "crypto/cversion.c", - "crypto/cast/c_ecb.c", - "crypto/cast/c_skey.c", - "crypto/cast/c_ofb64.c", - "crypto/cast/c_enc.c", - "crypto/cast/c_cfb64.c", - "crypto/o_time.c", - "crypto/mdc2/mdc2dgst.c", - "crypto/mdc2/mdc2_one.c", - "crypto/rc4/rc4_utl.c", - "crypto/ui/ui_compat.c", - "crypto/ui/ui_util.c", - "crypto/ui/ui_lib.c", - "crypto/ui/ui_err.c", - "crypto/ui/ui_openssl.c", - "crypto/bio/bf_buff.c", - "crypto/bio/bss_null.c", - "crypto/bio/bss_acpt.c", - "crypto/bio/bss_conn.c", - "crypto/bio/bss_fd.c", - "crypto/bio/bf_null.c", - "crypto/bio/bio_err.c", - "crypto/bio/bss_sock.c", - "crypto/bio/bss_mem.c", - "crypto/bio/b_dump.c", - "crypto/bio/b_print.c", - "crypto/bio/b_sock.c", - "crypto/bio/bss_dgram.c", - "crypto/bio/bf_nbio.c", - "crypto/bio/bio_lib.c", - "crypto/bio/bss_file.c", - "crypto/bio/bss_bio.c", - "crypto/bio/bss_log.c", - "crypto/bio/bio_cb.c", - "crypto/o_init.c", - "crypto/rc2/rc2_skey.c", - "crypto/rc2/rc2_cbc.c", - "crypto/rc2/rc2cfb64.c", - "crypto/rc2/rc2_ecb.c", - "crypto/rc2/rc2ofb64.c", - "crypto/bn/bn_x931p.c", - "crypto/bn/bn_blind.c", - "crypto/bn/bn_gf2m.c", - "crypto/bn/bn_const.c", - "crypto/bn/bn_sqr.c", - "crypto/bn/bn_nist.c", - "crypto/bn/bn_rand.c", - "crypto/bn/bn_err.c", - "crypto/bn/bn_div.c", - "crypto/bn/bn_kron.c", - "crypto/bn/bn_ctx.c", - "crypto/bn/bn_shift.c", - "crypto/bn/bn_mod.c", - "crypto/bn/bn_exp2.c", - "crypto/bn/bn_word.c", - "crypto/bn/bn_add.c", - "crypto/bn/bn_exp.c", - "crypto/bn/bn_mont.c", - "crypto/bn/bn_print.c", - "crypto/bn/bn_mul.c", - "crypto/bn/bn_prime.c", - "crypto/bn/bn_depr.c", - "crypto/bn/bn_gcd.c", - "crypto/bn/bn_mpi.c", - "crypto/bn/bn_sqrt.c", - "crypto/bn/bn_recp.c", - "crypto/bn/bn_lib.c", - "crypto/ripemd/rmd_dgst.c", - "crypto/ripemd/rmd_one.c", - "crypto/rsa/rsa_x931.c", - "crypto/rsa/rsa_depr.c", - "crypto/rsa/rsa_saos.c", - "crypto/rsa/rsa_crpt.c", - "crypto/rsa/rsa_pss.c", - "crypto/rsa/rsa_oaep.c", - "crypto/rsa/rsa_null.c", - "crypto/rsa/rsa_gen.c", - "crypto/rsa/rsa_prn.c", - "crypto/rsa/rsa_pmeth.c", - "crypto/rsa/rsa_asn1.c", - "crypto/rsa/rsa_ssl.c", - "crypto/rsa/rsa_ameth.c", - "crypto/rsa/rsa_pk1.c", - "crypto/rsa/rsa_err.c", - "crypto/rsa/rsa_lib.c", - "crypto/rsa/rsa_none.c", - "crypto/rsa/rsa_chk.c", - "crypto/rsa/rsa_eay.c", - "crypto/rsa/rsa_sign.c", - "crypto/srp/srp_lib.c", - "crypto/srp/srp_vfy.c", - "crypto/err/err.c", - "crypto/err/err_prn.c", - "crypto/err/err_all.c", - "crypto/mem_clr.c", - "crypto/rc4/rc4_skey.c", - "crypto/rc4/rc4_enc.c", - "crypto/camellia/camellia.c", - "crypto/camellia/cmll_cbc.c", - #"crypto/aes/aes_x86core.c", - "crypto/aes/aes_core.c", - "crypto/aes/aes_cbc.c", - "crypto/whrlpool/wp_block.c", - "crypto/bn/bn_asm.c", - ] - - if "platform" in env and env["platform"] == "uwp": - thirdparty_sources += ['uwp.cpp'] - - thirdparty_sources = [thirdparty_dir + file for file in thirdparty_sources] - - env_openssl.add_source_files(env.modules_sources, thirdparty_sources) - - # FIXME: Clone the environment to make env_openssl and not pollute the modules env - thirdparty_include_paths = [ - "", - "crypto", - "crypto/asn1", - "crypto/evp", - "crypto/modes", - "openssl", - ] - env_openssl.Append(CPPPATH=[thirdparty_dir + "/" + dir for dir in thirdparty_include_paths]) - - env_openssl.Append(CPPFLAGS=["-DOPENSSL_NO_ASM", "-DOPENSSL_THREADS", "-DL_ENDIAN"]) - - # Workaround for compilation error with GCC/Clang when -Werror is too greedy (GH-4517) - import os - import methods - if not (os.name == "nt" and os.getenv("VCINSTALLDIR")): # not Windows and not MSVC - env_openssl.Append(CFLAGS=["-Wno-error=implicit-function-declaration"]) - - -# Module sources -env_openssl.add_source_files(env.modules_sources, "*.cpp") - - -# Other thirdparty dependencies -thirdparty_misc_dir = "#thirdparty/misc/" -thirdparty_misc_sources = [ - "curl_hostcheck.c", -] -thirdparty_misc_sources = [thirdparty_misc_dir + file for file in thirdparty_misc_sources] -env_openssl.add_source_files(env.modules_sources, thirdparty_misc_sources) - - -# platform/uwp need to know openssl is available, pass to main env -if "platform" in env and env["platform"] == "uwp": - env.Append(CPPPATH=[thirdparty_dir]) - env.Append(CPPFLAGS=['-DOPENSSL_ENABLED']) - -Export('env') diff --git a/modules/openssl/config.py b/modules/openssl/config.py deleted file mode 100644 index 5f133eba90..0000000000 --- a/modules/openssl/config.py +++ /dev/null @@ -1,5 +0,0 @@ -def can_build(platform): - return True - -def configure(env): - pass diff --git a/modules/openssl/register_types.cpp b/modules/openssl/register_types.cpp deleted file mode 100644 index 916acc260e..0000000000 --- a/modules/openssl/register_types.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/*************************************************************************/ -/* register_types.cpp */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#include "register_types.h" - -#include "stream_peer_openssl.h" - -void register_openssl_types() { - - ClassDB::register_class<StreamPeerOpenSSL>(); - StreamPeerOpenSSL::initialize_ssl(); -} - -void unregister_openssl_types() { - - StreamPeerOpenSSL::finalize_ssl(); -} diff --git a/modules/openssl/register_types.h b/modules/openssl/register_types.h deleted file mode 100644 index 94d917ca81..0000000000 --- a/modules/openssl/register_types.h +++ /dev/null @@ -1,32 +0,0 @@ -/*************************************************************************/ -/* register_types.h */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -void register_openssl_types(); -void unregister_openssl_types(); diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp deleted file mode 100644 index e3cb9bbdf8..0000000000 --- a/modules/openssl/stream_peer_openssl.cpp +++ /dev/null @@ -1,632 +0,0 @@ -/*************************************************************************/ -/* stream_peer_openssl.cpp */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#include "stream_peer_openssl.h" - -// Compatibility with OpenSSL 1.1.0. -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -#define BIO_set_num(b, n) -#else -#define BIO_set_num(b, n) ((b)->num = (n)) - -#define BIO_set_init(b, i) ((b)->init = (i)) -#define BIO_set_data(b, p) ((b)->ptr = (p)) -#define BIO_get_data(b) ((b)->ptr) -#endif - -//hostname matching code from curl - -bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) { - - return Tool_Curl_cert_hostcheck(name, hostname) == CURL_HOST_MATCH; -} - -Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *server_cert) { - - // Find the position of the CN field in the Subject field of the certificate - int common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert), NID_commonName, -1); - - ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER); - - // Extract the CN field - X509_NAME_ENTRY *common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *)server_cert), common_name_loc); - - ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER); - - // Convert the CN field to a C string - ASN1_STRING *common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); - - ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER); - - char *common_name_str = (char *)ASN1_STRING_data(common_name_asn1); - - // Make sure there isn't an embedded NUL character in the CN - bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str); - - ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER); - - // Compare expected hostname with the CN - - return _match_host_name(common_name_str, hostname) ? OK : FAILED; -} - -/** -* Tries to find a match for hostname in the certificate's Subject Alternative Name extension. -* -*/ - -Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, const X509 *server_cert) { - - Error result = FAILED; - int i; - int san_names_nb = -1; - STACK_OF(GENERAL_NAME) *san_names = NULL; - - // Try to extract the names within the SAN extension from the certificate - san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *)server_cert, NID_subject_alt_name, NULL, NULL); - if (san_names == NULL) { - return ERR_FILE_NOT_FOUND; - } - san_names_nb = sk_GENERAL_NAME_num(san_names); - - // Check each name within the extension - for (i = 0; i < san_names_nb; i++) { - const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); - - if (current_name->type == GEN_DNS) { - // Current name is a DNS name, let's check it - char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName); - - // Make sure there isn't an embedded NUL character in the DNS name - if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) { - result = ERR_INVALID_PARAMETER; - break; - } else { // Compare expected hostname with the DNS name - if (_match_host_name(dns_name, hostname)) { - result = OK; - break; - } - } - } - } - sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); - - return result; -} - -/* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */ -int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg) { - - /* This is the function that OpenSSL would call if we hadn't called - * SSL_CTX_set_cert_verify_callback(). Therefore, we are "wrapping" - * the default functionality, rather than replacing it. */ - - bool base_cert_valid = X509_verify_cert(x509_ctx); - if (!base_cert_valid) { - print_line("Cause: " + String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx)))); - ERR_print_errors_fp(stdout); - } - X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx); - - ERR_FAIL_COND_V(!server_cert, 0); - - char cert_str[256]; - X509_NAME_oneline(X509_get_subject_name(server_cert), - cert_str, sizeof(cert_str)); - - print_line("CERT STR: " + String(cert_str)); - print_line("VALID: " + itos(base_cert_valid)); - - if (!base_cert_valid) - return 0; - - StreamPeerOpenSSL *ssl = (StreamPeerOpenSSL *)arg; - - if (ssl->validate_hostname) { - - Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(), server_cert); - - if (err == ERR_FILE_NOT_FOUND) { - - err = _match_common_name(ssl->hostname.utf8().get_data(), server_cert); - } - - if (err != OK) { - - ssl->status = STATUS_ERROR_HOSTNAME_MISMATCH; - return 0; - } - } - - return 1; -} - -int StreamPeerOpenSSL::_bio_create(BIO *b) { - BIO_set_init(b, 1); - BIO_set_num(b, 0); - BIO_set_data(b, NULL); - BIO_clear_flags(b, ~0); - return 1; -} - -int StreamPeerOpenSSL::_bio_destroy(BIO *b) { - if (b == NULL) - return 0; - - BIO_set_data(b, NULL); /* sb_tls_remove() will free it */ - BIO_set_init(b, 0); - BIO_clear_flags(b, ~0); - return 1; -} - -int StreamPeerOpenSSL::_bio_read(BIO *b, char *buf, int len) { - - if (buf == NULL || len <= 0) return 0; - - StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b); - - ERR_FAIL_COND_V(sp == NULL, 0); - - BIO_clear_retry_flags(b); - if (sp->use_blocking) { - - Error err = sp->base->get_data((uint8_t *)buf, len); - if (err != OK) { - return -1; - } - - return len; - } else { - - int got; - Error err = sp->base->get_partial_data((uint8_t *)buf, len, got); - if (err != OK) { - return -1; - } - if (got == 0) { - BIO_set_retry_read(b); - } - return got; - } - - //unreachable - return 0; -} - -int StreamPeerOpenSSL::_bio_write(BIO *b, const char *buf, int len) { - - if (buf == NULL || len <= 0) return 0; - - StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b); - - ERR_FAIL_COND_V(sp == NULL, 0); - - BIO_clear_retry_flags(b); - if (sp->use_blocking) { - - Error err = sp->base->put_data((const uint8_t *)buf, len); - if (err != OK) { - return -1; - } - - return len; - } else { - - int sent; - Error err = sp->base->put_partial_data((const uint8_t *)buf, len, sent); - if (err != OK) { - return -1; - } - if (sent == 0) { - BIO_set_retry_write(b); - } - return sent; - } - - //unreachable - return 0; -} - -long StreamPeerOpenSSL::_bio_ctrl(BIO *b, int cmd, long num, void *ptr) { - if (cmd == BIO_CTRL_FLUSH) { - /* The OpenSSL library needs this */ - return 1; - } - return 0; -} - -int StreamPeerOpenSSL::_bio_gets(BIO *b, char *buf, int len) { - return -1; -} - -int StreamPeerOpenSSL::_bio_puts(BIO *b, const char *str) { - return _bio_write(b, str, strlen(str)); -} - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -BIO_METHOD *StreamPeerOpenSSL::_bio_method = NULL; - -BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() { - if (_bio_method) // already initialized. - return _bio_method; - - /* it's a source/sink BIO */ - _bio_method = BIO_meth_new(100 | 0x400, "streampeer glue"); - BIO_meth_set_write(_bio_method, _bio_write); - BIO_meth_set_read(_bio_method, _bio_read); - BIO_meth_set_puts(_bio_method, _bio_puts); - BIO_meth_set_gets(_bio_method, _bio_gets); - BIO_meth_set_ctrl(_bio_method, _bio_ctrl); - BIO_meth_set_create(_bio_method, _bio_create); - BIO_meth_set_destroy(_bio_method, _bio_destroy); - - return _bio_method; -} -#else -BIO_METHOD StreamPeerOpenSSL::_bio_method = { - /* it's a source/sink BIO */ - (100 | 0x400), - "streampeer glue", - _bio_write, - _bio_read, - _bio_puts, - _bio_gets, - _bio_ctrl, - _bio_create, - _bio_destroy -}; - -BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() { - return &_bio_method; -} -#endif - -Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname) { - - if (connected) - disconnect_from_stream(); - - hostname = p_for_hostname; - status = STATUS_DISCONNECTED; - - // Set up a SSL_CTX object, which will tell our BIO object how to do its work - ctx = SSL_CTX_new(SSLv23_client_method()); - base = p_base; - validate_certs = p_validate_certs; - validate_hostname = p_for_hostname != ""; - - if (p_validate_certs) { - - if (certs.size()) { - //yay for undocumented OpenSSL functions - - X509_STORE *store = SSL_CTX_get_cert_store(ctx); - for (int i = 0; i < certs.size(); i++) { - - X509_STORE_add_cert(store, certs[i]); - } - } - - //used for testing - //int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL); - //print_line("verify locations res: "+itos(res)); - - /* Ask OpenSSL to verify the server certificate. Note that this - * does NOT include verifying that the hostname is correct. - * So, by itself, this means anyone with any legitimate - * CA-issued certificate for any website, can impersonate any - * other website in the world. This is not good. See "The - * Most Dangerous Code in the World" article at - * https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html - */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - /* This is how we solve the problem mentioned in the previous - * comment. We "wrap" OpenSSL's validation routine in our - * own routine, which also validates the hostname by calling - * the code provided by iSECPartners. Note that even though - * the "Everything You've Always Wanted to Know About - * Certificate Validation With OpenSSL (But Were Afraid to - * Ask)" paper from iSECPartners says very explicitly not to - * call SSL_CTX_set_cert_verify_callback (at the bottom of - * page 2), what we're doing here is safe because our - * cert_verify_callback() calls X509_verify_cert(), which is - * OpenSSL's built-in routine which would have been called if - * we hadn't set the callback. Therefore, we're just - * "wrapping" OpenSSL's routine, not replacing it. */ - SSL_CTX_set_cert_verify_callback(ctx, _cert_verify_callback, this); - - //Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??) - SSL_CTX_set_verify_depth(ctx, max_cert_chain_depth + 1); - } - - ssl = SSL_new(ctx); - bio = BIO_new(_get_bio_method()); - BIO_set_data(bio, this); - SSL_set_bio(ssl, bio, bio); - - if (p_for_hostname != String()) { - SSL_set_tlsext_host_name(ssl, p_for_hostname.utf8().get_data()); - } - - use_blocking = true; // let handshake use blocking - // Set the SSL to automatically retry on failure. - SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - - // Same as before, try to connect. - int result = SSL_connect(ssl); - - print_line("CONNECTION RESULT: " + itos(result)); - if (result < 1) { - ERR_print_errors_fp(stdout); - _print_error(result); - } - - X509 *peer = SSL_get_peer_certificate(ssl); - - if (peer) { - bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK; - print_line("cert_ok: " + itos(cert_ok)); - - } else if (validate_certs) { - status = STATUS_ERROR_NO_CERTIFICATE; - } - - connected = true; - status = STATUS_CONNECTED; - - return OK; -} - -Error StreamPeerOpenSSL::accept_stream(Ref<StreamPeer> p_base) { - - return ERR_UNAVAILABLE; -} - -void StreamPeerOpenSSL::_print_error(int err) { - - err = SSL_get_error(ssl, err); - switch (err) { - case SSL_ERROR_NONE: - ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed"); - break; - case SSL_ERROR_ZERO_RETURN: - ERR_PRINT("The TLS/SSL connection has been closed."); - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - ERR_PRINT("The operation did not complete."); - break; - case SSL_ERROR_WANT_CONNECT: - case SSL_ERROR_WANT_ACCEPT: - ERR_PRINT("The connect/accept operation did not complete"); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); - break; - case SSL_ERROR_SYSCALL: - ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); - break; - case SSL_ERROR_SSL: - ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); - break; - } -} - -Error StreamPeerOpenSSL::put_data(const uint8_t *p_data, int p_bytes) { - - ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - - while (p_bytes > 0) { - int ret = SSL_write(ssl, p_data, p_bytes); - if (ret <= 0) { - _print_error(ret); - disconnect_from_stream(); - return ERR_CONNECTION_ERROR; - } - p_data += ret; - p_bytes -= ret; - } - - return OK; -} - -Error StreamPeerOpenSSL::put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent) { - - ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - if (p_bytes == 0) - return OK; - - Error err = put_data(p_data, p_bytes); - if (err != OK) - return err; - - r_sent = p_bytes; - return OK; -} - -Error StreamPeerOpenSSL::get_data(uint8_t *p_buffer, int p_bytes) { - - ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - - while (p_bytes > 0) { - - int ret = SSL_read(ssl, p_buffer, p_bytes); - if (ret <= 0) { - _print_error(ret); - disconnect_from_stream(); - return ERR_CONNECTION_ERROR; - } - p_buffer += ret; - p_bytes -= ret; - } - - return OK; -} - -Error StreamPeerOpenSSL::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received) { - - ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED); - if (p_bytes == 0) { - r_received = 0; - return OK; - } - - Error err = get_data(p_buffer, p_bytes); - if (err != OK) - return err; - r_received = p_bytes; - return OK; -} - -int StreamPeerOpenSSL::get_available_bytes() const { - - ERR_FAIL_COND_V(!connected, 0); - - return SSL_pending(ssl); -} -StreamPeerOpenSSL::StreamPeerOpenSSL() { - - ctx = NULL; - ssl = NULL; - bio = NULL; - connected = false; - use_blocking = true; //might be improved int the future, but for now it always blocks - max_cert_chain_depth = 9; - flags = 0; -} - -void StreamPeerOpenSSL::disconnect_from_stream() { - - if (!connected) - return; - SSL_shutdown(ssl); - SSL_free(ssl); - SSL_CTX_free(ctx); - base = Ref<StreamPeer>(); - connected = false; - validate_certs = false; - validate_hostname = false; - status = STATUS_DISCONNECTED; -} - -StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const { - - return status; -} - -StreamPeerOpenSSL::~StreamPeerOpenSSL() { - disconnect_from_stream(); -} - -StreamPeerSSL *StreamPeerOpenSSL::_create_func() { - - return memnew(StreamPeerOpenSSL); -} - -Vector<X509 *> StreamPeerOpenSSL::certs; - -void StreamPeerOpenSSL::_load_certs(const PoolByteArray &p_array) { - - PoolByteArray::Read r = p_array.read(); - BIO *mem = BIO_new(BIO_s_mem()); - BIO_puts(mem, (const char *)r.ptr()); - while (true) { - X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL); - if (!cert) - break; - certs.push_back(cert); - } - BIO_free(mem); -} - -void StreamPeerOpenSSL::initialize_ssl() { - - available = true; - - load_certs_func = _load_certs; - - _create = _create_func; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use -#endif - SSL_library_init(); // Initialize OpenSSL's SSL libraries - SSL_load_error_strings(); // Load SSL error strings - ERR_load_BIO_strings(); // Load BIO error strings - OpenSSL_add_all_algorithms(); // Load all available encryption algorithms - String certs_path = GLOBAL_DEF("network/ssl/certificates", ""); - ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); - if (certs_path != "") { - - FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); - if (f) { - PoolByteArray arr; - int flen = f->get_len(); - arr.resize(flen + 1); - { - PoolByteArray::Write w = arr.write(); - f->get_buffer(w.ptr(), flen); - w[flen] = 0; //end f string - } - - memdelete(f); - - _load_certs(arr); - print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size())); - } - } - String config_path = GLOBAL_DEF("network/ssl/config", ""); - ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/config", PropertyInfo(Variant::STRING, "network/ssl/config", PROPERTY_HINT_FILE, "*.cnf")); - if (config_path != "") { - - Vector<uint8_t> data = FileAccess::get_file_as_array(config_path); - if (data.size()) { - data.push_back(0); - BIO *mem = BIO_new(BIO_s_mem()); - BIO_puts(mem, (const char *)data.ptr()); - - while (true) { - X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL); - if (!cert) - break; - certs.push_back(cert); - } - BIO_free(mem); - } - print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size())); - } -} - -void StreamPeerOpenSSL::finalize_ssl() { - - for (int i = 0; i < certs.size(); i++) { - X509_free(certs[i]); - } - certs.clear(); -} diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h deleted file mode 100644 index 29c8647e58..0000000000 --- a/modules/openssl/stream_peer_openssl.h +++ /dev/null @@ -1,116 +0,0 @@ -/*************************************************************************/ -/* stream_peer_openssl.h */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#ifndef STREAM_PEER_OPEN_SSL_H -#define STREAM_PEER_OPEN_SSL_H - -#include "io/stream_peer_ssl.h" -#include "os/file_access.h" -#include "project_settings.h" - -#include "thirdparty/misc/curl_hostcheck.h" - -#include <openssl/bio.h> // BIO objects for I/O -#include <openssl/err.h> // Error reporting -#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections -#include <openssl/x509v3.h> - -#include <stdio.h> - -class StreamPeerOpenSSL : public StreamPeerSSL { -private: - static int _bio_create(BIO *b); - static int _bio_destroy(BIO *b); - static int _bio_read(BIO *b, char *buf, int len); - static int _bio_write(BIO *b, const char *buf, int len); - static long _bio_ctrl(BIO *b, int cmd, long num, void *ptr); - static int _bio_gets(BIO *b, char *buf, int len); - static int _bio_puts(BIO *b, const char *str); - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - static BIO_METHOD *_bio_method; -#else - static BIO_METHOD _bio_method; -#endif - static BIO_METHOD *_get_bio_method(); - - static bool _match_host_name(const char *name, const char *hostname); - static Error _match_common_name(const char *hostname, const X509 *server_cert); - static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert); - - static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg); - - Status status; - String hostname; - int max_cert_chain_depth; - SSL_CTX *ctx; - SSL *ssl; - BIO *bio; - bool connected; - int flags; - bool use_blocking; - bool validate_certs; - bool validate_hostname; - - Ref<StreamPeer> base; - - static StreamPeerSSL *_create_func(); - void _print_error(int err); - - static Vector<X509 *> certs; - - static void _load_certs(const PoolByteArray &p_array); - -protected: - static void _bind_methods(); - -public: - virtual Error accept_stream(Ref<StreamPeer> p_base); - virtual Error connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs = false, const String &p_for_hostname = String()); - virtual Status get_status() const; - - virtual void disconnect_from_stream(); - - virtual Error put_data(const uint8_t *p_data, int p_bytes); - virtual Error put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent); - - virtual Error get_data(uint8_t *p_buffer, int p_bytes); - virtual Error get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received); - - virtual int get_available_bytes() const; - - static void initialize_ssl(); - static void finalize_ssl(); - - StreamPeerOpenSSL(); - ~StreamPeerOpenSSL(); -}; - -#endif // STREAM_PEER_SSL_H |