summaryrefslogtreecommitdiff
path: root/modules/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'modules/openssl')
-rw-r--r--modules/openssl/SCsub696
-rw-r--r--modules/openssl/config.py5
-rw-r--r--modules/openssl/register_types.cpp44
-rw-r--r--modules/openssl/register_types.h32
-rw-r--r--modules/openssl/stream_peer_openssl.cpp632
-rw-r--r--modules/openssl/stream_peer_openssl.h116
6 files changed, 0 insertions, 1525 deletions
diff --git a/modules/openssl/SCsub b/modules/openssl/SCsub
deleted file mode 100644
index 84c5e68439..0000000000
--- a/modules/openssl/SCsub
+++ /dev/null
@@ -1,696 +0,0 @@
-#!/usr/bin/env python
-
-Import('env')
-Import('env_modules')
-
-env_openssl = env_modules.Clone()
-
-# Thirdparty source files
-if env['builtin_openssl']:
- thirdparty_dir = "#thirdparty/openssl/"
-
- thirdparty_sources = [
- "ssl/t1_lib.c",
- "ssl/t1_ext.c",
- "ssl/s3_srvr.c",
- "ssl/t1_enc.c",
- "ssl/t1_meth.c",
- "ssl/s23_clnt.c",
- "ssl/ssl_asn1.c",
- "ssl/tls_srp.c",
- "ssl/kssl.c",
- "ssl/d1_both.c",
- "ssl/t1_clnt.c",
- "ssl/bio_ssl.c",
- "ssl/d1_srtp.c",
- "ssl/t1_reneg.c",
- "ssl/ssl_cert.c",
- "ssl/s3_lib.c",
- "ssl/d1_srvr.c",
- "ssl/s23_meth.c",
- "ssl/ssl_stat.c",
- "ssl/ssl_err.c",
- "ssl/ssl_algs.c",
- "ssl/s3_cbc.c",
- "ssl/d1_clnt.c",
- "ssl/s3_pkt.c",
- "ssl/d1_meth.c",
- "ssl/s3_both.c",
- "ssl/s2_enc.c",
- "ssl/s3_meth.c",
- "ssl/s3_enc.c",
- "ssl/s23_pkt.c",
- "ssl/s2_pkt.c",
- "ssl/d1_pkt.c",
- "ssl/ssl_rsa.c",
- "ssl/s23_srvr.c",
- "ssl/s2_meth.c",
- "ssl/s3_clnt.c",
- "ssl/s23_lib.c",
- "ssl/t1_srvr.c",
- "ssl/ssl_lib.c",
- "ssl/ssl_txt.c",
- "ssl/s2_srvr.c",
- "ssl/ssl_sess.c",
- "ssl/s2_clnt.c",
- "ssl/d1_lib.c",
- "ssl/s2_lib.c",
- "ssl/ssl_err2.c",
- "ssl/ssl_ciph.c",
- "crypto/dsa/dsa_lib.c",
- "crypto/dsa/dsa_pmeth.c",
- "crypto/dsa/dsa_ossl.c",
- "crypto/dsa/dsa_gen.c",
- "crypto/dsa/dsa_asn1.c",
- "crypto/dsa/dsa_prn.c",
- "crypto/dsa/dsa_sign.c",
- "crypto/dsa/dsa_key.c",
- "crypto/dsa/dsa_vrf.c",
- "crypto/dsa/dsa_err.c",
- "crypto/dsa/dsa_ameth.c",
- "crypto/dsa/dsa_depr.c",
- "crypto/x509/x509_lu.c",
- "crypto/x509/x509cset.c",
- "crypto/x509/x509_set.c",
- "crypto/x509/x509_d2.c",
- "crypto/x509/x509_txt.c",
- "crypto/x509/x509rset.c",
- "crypto/x509/by_dir.c",
- "crypto/x509/x509_vpm.c",
- "crypto/x509/x509_vfy.c",
- "crypto/x509/x509_trs.c",
- "crypto/x509/by_file.c",
- "crypto/x509/x509_obj.c",
- "crypto/x509/x509spki.c",
- "crypto/x509/x509_v3.c",
- "crypto/x509/x509_req.c",
- "crypto/x509/x509_att.c",
- "crypto/x509/x_all.c",
- "crypto/x509/x509_ext.c",
- "crypto/x509/x509type.c",
- "crypto/x509/x509_def.c",
- "crypto/x509/x509_err.c",
- "crypto/x509/x509name.c",
- "crypto/x509/x509_r2x.c",
- "crypto/x509/x509_cmp.c",
- "crypto/asn1/x_pkey.c",
- "crypto/asn1/a_gentm.c",
- "crypto/asn1/x_sig.c",
- "crypto/asn1/t_req.c",
- "crypto/asn1/t_pkey.c",
- "crypto/asn1/p8_pkey.c",
- "crypto/asn1/a_i2d_fp.c",
- "crypto/asn1/x_val.c",
- "crypto/asn1/f_string.c",
- "crypto/asn1/p5_pbe.c",
- "crypto/asn1/bio_ndef.c",
- "crypto/asn1/a_bool.c",
- "crypto/asn1/asn1_gen.c",
- "crypto/asn1/x_algor.c",
- "crypto/asn1/bio_asn1.c",
- "crypto/asn1/asn_mime.c",
- "crypto/asn1/t_x509.c",
- "crypto/asn1/a_strex.c",
- "crypto/asn1/x_nx509.c",
- "crypto/asn1/asn1_err.c",
- "crypto/asn1/x_crl.c",
- "crypto/asn1/a_print.c",
- "crypto/asn1/a_type.c",
- "crypto/asn1/tasn_new.c",
- "crypto/asn1/n_pkey.c",
- "crypto/asn1/x_bignum.c",
- "crypto/asn1/asn_pack.c",
- "crypto/asn1/evp_asn1.c",
- "crypto/asn1/t_bitst.c",
- "crypto/asn1/x_req.c",
- "crypto/asn1/a_time.c",
- "crypto/asn1/x_name.c",
- "crypto/asn1/x_pubkey.c",
- "crypto/asn1/tasn_typ.c",
- "crypto/asn1/asn_moid.c",
- "crypto/asn1/a_utctm.c",
- "crypto/asn1/asn1_lib.c",
- "crypto/asn1/x_x509a.c",
- "crypto/asn1/a_set.c",
- "crypto/asn1/t_crl.c",
- "crypto/asn1/p5_pbev2.c",
- "crypto/asn1/tasn_enc.c",
- "crypto/asn1/a_mbstr.c",
- "crypto/asn1/tasn_dec.c",
- "crypto/asn1/x_x509.c",
- "crypto/asn1/a_octet.c",
- "crypto/asn1/x_long.c",
- "crypto/asn1/a_bytes.c",
- "crypto/asn1/t_x509a.c",
- "crypto/asn1/a_enum.c",
- "crypto/asn1/a_int.c",
- "crypto/asn1/tasn_prn.c",
- "crypto/asn1/i2d_pr.c",
- "crypto/asn1/a_utf8.c",
- "crypto/asn1/t_spki.c",
- "crypto/asn1/a_digest.c",
- "crypto/asn1/a_dup.c",
- "crypto/asn1/i2d_pu.c",
- "crypto/asn1/a_verify.c",
- "crypto/asn1/f_enum.c",
- "crypto/asn1/a_sign.c",
- "crypto/asn1/d2i_pr.c",
- "crypto/asn1/asn1_par.c",
- "crypto/asn1/x_spki.c",
- "crypto/asn1/a_d2i_fp.c",
- "crypto/asn1/f_int.c",
- "crypto/asn1/x_exten.c",
- "crypto/asn1/tasn_utl.c",
- "crypto/asn1/nsseq.c",
- "crypto/asn1/a_bitstr.c",
- "crypto/asn1/x_info.c",
- "crypto/asn1/a_strnid.c",
- "crypto/asn1/a_object.c",
- "crypto/asn1/tasn_fre.c",
- "crypto/asn1/d2i_pu.c",
- "crypto/asn1/ameth_lib.c",
- "crypto/asn1/x_attrib.c",
- "crypto/evp/m_sha.c",
- "crypto/evp/e_camellia.c",
- "crypto/evp/e_aes.c",
- "crypto/evp/bio_b64.c",
- "crypto/evp/m_sigver.c",
- "crypto/evp/m_wp.c",
- "crypto/evp/m_sha1.c",
- "crypto/evp/p_seal.c",
- "crypto/evp/c_alld.c",
- "crypto/evp/p5_crpt.c",
- "crypto/evp/e_rc4.c",
- "crypto/evp/m_ecdsa.c",
- "crypto/evp/bio_enc.c",
- "crypto/evp/e_des3.c",
- "crypto/evp/m_null.c",
- "crypto/evp/bio_ok.c",
- "crypto/evp/pmeth_gn.c",
- "crypto/evp/e_rc5.c",
- "crypto/evp/e_rc2.c",
- "crypto/evp/p_dec.c",
- "crypto/evp/p_verify.c",
- "crypto/evp/e_rc4_hmac_md5.c",
- "crypto/evp/pmeth_lib.c",
- "crypto/evp/m_ripemd.c",
- "crypto/evp/m_md5.c",
- "crypto/evp/e_bf.c",
- "crypto/evp/p_enc.c",
- "crypto/evp/m_dss.c",
- "crypto/evp/bio_md.c",
- "crypto/evp/evp_pbe.c",
- "crypto/evp/e_seed.c",
- "crypto/evp/e_cast.c",
- "crypto/evp/p_open.c",
- "crypto/evp/p5_crpt2.c",
- "crypto/evp/m_dss1.c",
- "crypto/evp/names.c",
- "crypto/evp/evp_acnf.c",
- "crypto/evp/e_des.c",
- "crypto/evp/evp_cnf.c",
- "crypto/evp/evp_lib.c",
- "crypto/evp/digest.c",
- "crypto/evp/evp_err.c",
- "crypto/evp/evp_enc.c",
- "crypto/evp/e_old.c",
- "crypto/evp/c_all.c",
- "crypto/evp/m_md2.c",
- "crypto/evp/e_xcbc_d.c",
- "crypto/evp/pmeth_fn.c",
- "crypto/evp/p_lib.c",
- "crypto/evp/evp_key.c",
- "crypto/evp/encode.c",
- "crypto/evp/e_aes_cbc_hmac_sha1.c",
- "crypto/evp/e_aes_cbc_hmac_sha256.c",
- "crypto/evp/m_mdc2.c",
- "crypto/evp/e_null.c",
- "crypto/evp/p_sign.c",
- "crypto/evp/e_idea.c",
- "crypto/evp/c_allc.c",
- "crypto/evp/evp_pkey.c",
- "crypto/evp/m_md4.c",
- "crypto/ex_data.c",
- "crypto/pkcs12/p12_p8e.c",
- "crypto/pkcs12/p12_crt.c",
- "crypto/pkcs12/p12_utl.c",
- "crypto/pkcs12/p12_attr.c",
- "crypto/pkcs12/p12_npas.c",
- "crypto/pkcs12/p12_decr.c",
- "crypto/pkcs12/p12_init.c",
- "crypto/pkcs12/p12_kiss.c",
- "crypto/pkcs12/p12_add.c",
- "crypto/pkcs12/p12_p8d.c",
- "crypto/pkcs12/p12_mutl.c",
- "crypto/pkcs12/p12_crpt.c",
- "crypto/pkcs12/pk12err.c",
- "crypto/pkcs12/p12_asn.c",
- "crypto/pkcs12/p12_key.c",
- "crypto/ecdh/ech_key.c",
- "crypto/ecdh/ech_ossl.c",
- "crypto/ecdh/ech_lib.c",
- "crypto/ecdh/ech_err.c",
- "crypto/ecdh/ech_kdf.c",
- "crypto/o_str.c",
- "crypto/conf/conf_api.c",
- "crypto/conf/conf_err.c",
- "crypto/conf/conf_def.c",
- "crypto/conf/conf_lib.c",
- "crypto/conf/conf_mall.c",
- "crypto/conf/conf_sap.c",
- "crypto/conf/conf_mod.c",
- "crypto/ebcdic.c",
- "crypto/ecdsa/ecs_lib.c",
- "crypto/ecdsa/ecs_asn1.c",
- "crypto/ecdsa/ecs_ossl.c",
- "crypto/ecdsa/ecs_vrf.c",
- "crypto/ecdsa/ecs_sign.c",
- "crypto/ecdsa/ecs_err.c",
- "crypto/dso/dso_win32.c",
- "crypto/dso/dso_lib.c",
- "crypto/dso/dso_dlfcn.c",
- "crypto/dso/dso_dl.c",
- "crypto/dso/dso_beos.c",
- "crypto/dso/dso_null.c",
- "crypto/dso/dso_vms.c",
- "crypto/dso/dso_err.c",
- "crypto/dso/dso_openssl.c",
- "crypto/cryptlib.c",
- "crypto/md5/md5_one.c",
- "crypto/md5/md5_dgst.c",
- "crypto/pkcs7/pkcs7err.c",
- "crypto/pkcs7/pk7_smime.c",
- "crypto/pkcs7/bio_pk7.c",
- "crypto/pkcs7/pk7_mime.c",
- "crypto/pkcs7/pk7_lib.c",
- "crypto/pkcs7/pk7_asn1.c",
- "crypto/pkcs7/pk7_doit.c",
- "crypto/pkcs7/pk7_attr.c",
- "crypto/md4/md4_one.c",
- "crypto/md4/md4_dgst.c",
- "crypto/o_dir.c",
- "crypto/buffer/buf_err.c",
- "crypto/buffer/buf_str.c",
- "crypto/buffer/buffer.c",
- "crypto/cms/cms_lib.c",
- "crypto/cms/cms_io.c",
- "crypto/cms/cms_err.c",
- "crypto/cms/cms_dd.c",
- "crypto/cms/cms_smime.c",
- "crypto/cms/cms_att.c",
- "crypto/cms/cms_pwri.c",
- "crypto/cms/cms_cd.c",
- "crypto/cms/cms_sd.c",
- "crypto/cms/cms_asn1.c",
- "crypto/cms/cms_env.c",
- "crypto/cms/cms_enc.c",
- "crypto/cms/cms_ess.c",
- "crypto/cms/cms_kari.c",
- "crypto/mem_dbg.c",
- "crypto/uid.c",
- "crypto/stack/stack.c",
- "crypto/ec/ec_ameth.c",
- "crypto/ec/ec_err.c",
- "crypto/ec/ec_lib.c",
- "crypto/ec/ec_curve.c",
- "crypto/ec/ec_oct.c",
- "crypto/ec/ec_asn1.c",
- "crypto/ec/ecp_oct.c",
- "crypto/ec/ec_print.c",
- "crypto/ec/ec2_smpl.c",
- "crypto/ec/ecp_nistp224.c",
- "crypto/ec/ec2_oct.c",
- "crypto/ec/eck_prn.c",
- "crypto/ec/ec_key.c",
- "crypto/ec/ecp_nist.c",
- "crypto/ec/ec_check.c",
- "crypto/ec/ecp_smpl.c",
- "crypto/ec/ec2_mult.c",
- "crypto/ec/ecp_mont.c",
- "crypto/ec/ecp_nistp521.c",
- "crypto/ec/ec_mult.c",
- "crypto/ec/ecp_nistputil.c",
- "crypto/ec/ec_pmeth.c",
- "crypto/ec/ec_cvt.c",
- "crypto/ec/ecp_nistp256.c",
- "crypto/krb5/krb5_asn.c",
- "crypto/hmac/hmac.c",
- "crypto/hmac/hm_ameth.c",
- "crypto/hmac/hm_pmeth.c",
- "crypto/comp/c_rle.c",
- "crypto/comp/c_zlib.c",
- "crypto/comp/comp_lib.c",
- "crypto/comp/comp_err.c",
- "crypto/des/fcrypt.c",
- "crypto/des/str2key.c",
- "crypto/des/cbc_cksm.c",
- "crypto/des/des_enc.c",
- "crypto/des/ofb_enc.c",
- "crypto/des/read2pwd.c",
- "crypto/des/ecb3_enc.c",
- "crypto/des/rand_key.c",
- "crypto/des/cfb64ede.c",
- "crypto/des/rpc_enc.c",
- "crypto/des/ofb64ede.c",
- "crypto/des/qud_cksm.c",
- "crypto/des/enc_writ.c",
- "crypto/des/set_key.c",
- "crypto/des/xcbc_enc.c",
- "crypto/des/fcrypt_b.c",
- "crypto/des/ede_cbcm_enc.c",
- "crypto/des/des_old2.c",
- "crypto/des/cfb_enc.c",
- "crypto/des/ecb_enc.c",
- "crypto/des/enc_read.c",
- "crypto/des/des_old.c",
- "crypto/des/ofb64enc.c",
- "crypto/des/pcbc_enc.c",
- "crypto/des/cbc_enc.c",
- "crypto/des/cfb64enc.c",
- "crypto/lhash/lh_stats.c",
- "crypto/lhash/lhash.c",
- "crypto/x509v3/v3_genn.c",
- "crypto/x509v3/pcy_cache.c",
- "crypto/x509v3/v3_sxnet.c",
- "crypto/x509v3/v3_scts.c",
- "crypto/x509v3/v3err.c",
- "crypto/x509v3/v3_conf.c",
- "crypto/x509v3/v3_utl.c",
- "crypto/x509v3/v3_akeya.c",
- "crypto/x509v3/v3_lib.c",
- "crypto/x509v3/pcy_lib.c",
- "crypto/x509v3/v3_cpols.c",
- "crypto/x509v3/v3_ia5.c",
- "crypto/x509v3/v3_bitst.c",
- "crypto/x509v3/v3_skey.c",
- "crypto/x509v3/v3_info.c",
- "crypto/x509v3/v3_asid.c",
- "crypto/x509v3/pcy_tree.c",
- "crypto/x509v3/v3_pcons.c",
- "crypto/x509v3/v3_bcons.c",
- "crypto/x509v3/v3_pku.c",
- "crypto/x509v3/v3_ocsp.c",
- "crypto/x509v3/pcy_map.c",
- "crypto/x509v3/v3_ncons.c",
- "crypto/x509v3/v3_purp.c",
- "crypto/x509v3/v3_enum.c",
- "crypto/x509v3/v3_pmaps.c",
- "crypto/x509v3/pcy_node.c",
- "crypto/x509v3/v3_pcia.c",
- "crypto/x509v3/v3_crld.c",
- "crypto/x509v3/v3_pci.c",
- "crypto/x509v3/v3_akey.c",
- "crypto/x509v3/v3_addr.c",
- "crypto/x509v3/v3_int.c",
- "crypto/x509v3/v3_alt.c",
- "crypto/x509v3/v3_extku.c",
- "crypto/x509v3/v3_prn.c",
- "crypto/x509v3/pcy_data.c",
- "crypto/aes/aes_ofb.c",
- "crypto/aes/aes_ctr.c",
- "crypto/aes/aes_ecb.c",
- "crypto/aes/aes_cfb.c",
- "crypto/aes/aes_wrap.c",
- "crypto/aes/aes_ige.c",
- "crypto/aes/aes_misc.c",
- "crypto/pqueue/pqueue.c",
- "crypto/sha/sha_one.c",
- "crypto/sha/sha_dgst.c",
- "crypto/sha/sha512.c",
- "crypto/sha/sha1_one.c",
- "crypto/sha/sha1dgst.c",
- "crypto/sha/sha256.c",
- "crypto/whrlpool/wp_dgst.c",
- "crypto/objects/obj_xref.c",
- "crypto/objects/o_names.c",
- "crypto/objects/obj_err.c",
- "crypto/objects/obj_dat.c",
- "crypto/objects/obj_lib.c",
- "crypto/mem.c",
- "crypto/fips_ers.c",
- "crypto/o_fips.c",
- "crypto/engine/eng_rdrand.c",
- "crypto/engine/eng_err.c",
- "crypto/engine/tb_ecdsa.c",
- "crypto/engine/tb_rsa.c",
- "crypto/engine/tb_cipher.c",
- "crypto/engine/tb_dsa.c",
- "crypto/engine/eng_lib.c",
- "crypto/engine/tb_asnmth.c",
- "crypto/engine/tb_ecdh.c",
- "crypto/engine/tb_dh.c",
- "crypto/engine/tb_store.c",
- "crypto/engine/eng_init.c",
- "crypto/engine/eng_cnf.c",
- "crypto/engine/eng_all.c",
- "crypto/engine/tb_digest.c",
- "crypto/engine/tb_pkmeth.c",
- "crypto/engine/eng_table.c",
- "crypto/engine/eng_ctrl.c",
- "crypto/engine/eng_list.c",
- "crypto/engine/eng_cryptodev.c",
- "crypto/engine/eng_pkey.c",
- "crypto/engine/tb_rand.c",
- "crypto/engine/eng_openssl.c",
- "crypto/engine/eng_fat.c",
- "crypto/engine/eng_dyn.c",
- "crypto/ts/ts_rsp_verify.c",
- "crypto/ts/ts_req_print.c",
- "crypto/ts/ts_verify_ctx.c",
- "crypto/ts/ts_req_utils.c",
- "crypto/ts/ts_err.c",
- "crypto/ts/ts_rsp_print.c",
- "crypto/ts/ts_rsp_utils.c",
- "crypto/ts/ts_lib.c",
- "crypto/ts/ts_conf.c",
- "crypto/ts/ts_asn1.c",
- "crypto/ts/ts_rsp_sign.c",
- "crypto/ocsp/ocsp_ext.c",
- "crypto/ocsp/ocsp_cl.c",
- "crypto/ocsp/ocsp_ht.c",
- "crypto/ocsp/ocsp_lib.c",
- "crypto/ocsp/ocsp_srv.c",
- "crypto/ocsp/ocsp_vfy.c",
- "crypto/ocsp/ocsp_err.c",
- "crypto/ocsp/ocsp_prn.c",
- "crypto/ocsp/ocsp_asn.c",
- "crypto/bf/bf_cfb64.c",
- "crypto/bf/bf_ecb.c",
- "crypto/bf/bf_enc.c",
- "crypto/bf/bf_skey.c",
- "crypto/bf/bf_ofb64.c",
- "crypto/idea/i_skey.c",
- "crypto/idea/i_ofb64.c",
- "crypto/idea/i_cbc.c",
- "crypto/idea/i_ecb.c",
- "crypto/idea/i_cfb64.c",
- "crypto/cmac/cm_ameth.c",
- "crypto/cmac/cmac.c",
- "crypto/cmac/cm_pmeth.c",
- "crypto/dh/dh_lib.c",
- "crypto/dh/dh_key.c",
- "crypto/dh/dh_asn1.c",
- "crypto/dh/dh_depr.c",
- "crypto/dh/dh_pmeth.c",
- "crypto/dh/dh_prn.c",
- "crypto/dh/dh_gen.c",
- "crypto/dh/dh_ameth.c",
- "crypto/dh/dh_check.c",
- "crypto/dh/dh_err.c",
- "crypto/dh/dh_kdf.c",
- "crypto/dh/dh_rfc5114.c",
- "crypto/modes/ccm128.c",
- "crypto/modes/ofb128.c",
- "crypto/modes/cts128.c",
- "crypto/modes/ctr128.c",
- "crypto/modes/gcm128.c",
- "crypto/modes/cbc128.c",
- "crypto/modes/cfb128.c",
- "crypto/modes/xts128.c",
- "crypto/modes/wrap128.c",
- "crypto/camellia/cmll_cfb.c",
- "crypto/camellia/cmll_ecb.c",
- "crypto/camellia/cmll_utl.c",
- "crypto/camellia/cmll_misc.c",
- "crypto/camellia/cmll_ofb.c",
- "crypto/camellia/cmll_ctr.c",
- "crypto/seed/seed_ecb.c",
- "crypto/seed/seed_cbc.c",
- "crypto/seed/seed.c",
- "crypto/seed/seed_ofb.c",
- "crypto/seed/seed_cfb.c",
- "crypto/txt_db/txt_db.c",
- "crypto/cpt_err.c",
- "crypto/pem/pem_pk8.c",
- "crypto/pem/pem_lib.c",
- "crypto/pem/pem_sign.c",
- "crypto/pem/pem_all.c",
- "crypto/pem/pem_info.c",
- "crypto/pem/pem_pkey.c",
- "crypto/pem/pem_seal.c",
- "crypto/pem/pem_err.c",
- "crypto/pem/pem_xaux.c",
- "crypto/pem/pvkfmt.c",
- "crypto/pem/pem_x509.c",
- "crypto/pem/pem_oth.c",
- "crypto/rand/rand_lib.c",
- "crypto/rand/randfile.c",
- "crypto/rand/rand_os2.c",
- "crypto/rand/rand_unix.c",
- "crypto/rand/rand_nw.c",
- "crypto/rand/md_rand.c",
- "crypto/rand/rand_err.c",
- "crypto/rand/rand_win.c",
- "crypto/rand/rand_egd.c",
- "crypto/cversion.c",
- "crypto/cast/c_ecb.c",
- "crypto/cast/c_skey.c",
- "crypto/cast/c_ofb64.c",
- "crypto/cast/c_enc.c",
- "crypto/cast/c_cfb64.c",
- "crypto/o_time.c",
- "crypto/mdc2/mdc2dgst.c",
- "crypto/mdc2/mdc2_one.c",
- "crypto/rc4/rc4_utl.c",
- "crypto/ui/ui_compat.c",
- "crypto/ui/ui_util.c",
- "crypto/ui/ui_lib.c",
- "crypto/ui/ui_err.c",
- "crypto/ui/ui_openssl.c",
- "crypto/bio/bf_buff.c",
- "crypto/bio/bss_null.c",
- "crypto/bio/bss_acpt.c",
- "crypto/bio/bss_conn.c",
- "crypto/bio/bss_fd.c",
- "crypto/bio/bf_null.c",
- "crypto/bio/bio_err.c",
- "crypto/bio/bss_sock.c",
- "crypto/bio/bss_mem.c",
- "crypto/bio/b_dump.c",
- "crypto/bio/b_print.c",
- "crypto/bio/b_sock.c",
- "crypto/bio/bss_dgram.c",
- "crypto/bio/bf_nbio.c",
- "crypto/bio/bio_lib.c",
- "crypto/bio/bss_file.c",
- "crypto/bio/bss_bio.c",
- "crypto/bio/bss_log.c",
- "crypto/bio/bio_cb.c",
- "crypto/o_init.c",
- "crypto/rc2/rc2_skey.c",
- "crypto/rc2/rc2_cbc.c",
- "crypto/rc2/rc2cfb64.c",
- "crypto/rc2/rc2_ecb.c",
- "crypto/rc2/rc2ofb64.c",
- "crypto/bn/bn_x931p.c",
- "crypto/bn/bn_blind.c",
- "crypto/bn/bn_gf2m.c",
- "crypto/bn/bn_const.c",
- "crypto/bn/bn_sqr.c",
- "crypto/bn/bn_nist.c",
- "crypto/bn/bn_rand.c",
- "crypto/bn/bn_err.c",
- "crypto/bn/bn_div.c",
- "crypto/bn/bn_kron.c",
- "crypto/bn/bn_ctx.c",
- "crypto/bn/bn_shift.c",
- "crypto/bn/bn_mod.c",
- "crypto/bn/bn_exp2.c",
- "crypto/bn/bn_word.c",
- "crypto/bn/bn_add.c",
- "crypto/bn/bn_exp.c",
- "crypto/bn/bn_mont.c",
- "crypto/bn/bn_print.c",
- "crypto/bn/bn_mul.c",
- "crypto/bn/bn_prime.c",
- "crypto/bn/bn_depr.c",
- "crypto/bn/bn_gcd.c",
- "crypto/bn/bn_mpi.c",
- "crypto/bn/bn_sqrt.c",
- "crypto/bn/bn_recp.c",
- "crypto/bn/bn_lib.c",
- "crypto/ripemd/rmd_dgst.c",
- "crypto/ripemd/rmd_one.c",
- "crypto/rsa/rsa_x931.c",
- "crypto/rsa/rsa_depr.c",
- "crypto/rsa/rsa_saos.c",
- "crypto/rsa/rsa_crpt.c",
- "crypto/rsa/rsa_pss.c",
- "crypto/rsa/rsa_oaep.c",
- "crypto/rsa/rsa_null.c",
- "crypto/rsa/rsa_gen.c",
- "crypto/rsa/rsa_prn.c",
- "crypto/rsa/rsa_pmeth.c",
- "crypto/rsa/rsa_asn1.c",
- "crypto/rsa/rsa_ssl.c",
- "crypto/rsa/rsa_ameth.c",
- "crypto/rsa/rsa_pk1.c",
- "crypto/rsa/rsa_err.c",
- "crypto/rsa/rsa_lib.c",
- "crypto/rsa/rsa_none.c",
- "crypto/rsa/rsa_chk.c",
- "crypto/rsa/rsa_eay.c",
- "crypto/rsa/rsa_sign.c",
- "crypto/srp/srp_lib.c",
- "crypto/srp/srp_vfy.c",
- "crypto/err/err.c",
- "crypto/err/err_prn.c",
- "crypto/err/err_all.c",
- "crypto/mem_clr.c",
- "crypto/rc4/rc4_skey.c",
- "crypto/rc4/rc4_enc.c",
- "crypto/camellia/camellia.c",
- "crypto/camellia/cmll_cbc.c",
- #"crypto/aes/aes_x86core.c",
- "crypto/aes/aes_core.c",
- "crypto/aes/aes_cbc.c",
- "crypto/whrlpool/wp_block.c",
- "crypto/bn/bn_asm.c",
- ]
-
- if "platform" in env and env["platform"] == "uwp":
- thirdparty_sources += ['uwp.cpp']
-
- thirdparty_sources = [thirdparty_dir + file for file in thirdparty_sources]
-
- env_openssl.add_source_files(env.modules_sources, thirdparty_sources)
-
- # FIXME: Clone the environment to make env_openssl and not pollute the modules env
- thirdparty_include_paths = [
- "",
- "crypto",
- "crypto/asn1",
- "crypto/evp",
- "crypto/modes",
- "openssl",
- ]
- env_openssl.Append(CPPPATH=[thirdparty_dir + "/" + dir for dir in thirdparty_include_paths])
-
- env_openssl.Append(CPPFLAGS=["-DOPENSSL_NO_ASM", "-DOPENSSL_THREADS", "-DL_ENDIAN"])
-
- # Workaround for compilation error with GCC/Clang when -Werror is too greedy (GH-4517)
- import os
- import methods
- if not (os.name == "nt" and os.getenv("VCINSTALLDIR")): # not Windows and not MSVC
- env_openssl.Append(CFLAGS=["-Wno-error=implicit-function-declaration"])
-
-
-# Module sources
-env_openssl.add_source_files(env.modules_sources, "*.cpp")
-
-
-# Other thirdparty dependencies
-thirdparty_misc_dir = "#thirdparty/misc/"
-thirdparty_misc_sources = [
- "curl_hostcheck.c",
-]
-thirdparty_misc_sources = [thirdparty_misc_dir + file for file in thirdparty_misc_sources]
-env_openssl.add_source_files(env.modules_sources, thirdparty_misc_sources)
-
-
-# platform/uwp need to know openssl is available, pass to main env
-if "platform" in env and env["platform"] == "uwp":
- env.Append(CPPPATH=[thirdparty_dir])
- env.Append(CPPFLAGS=['-DOPENSSL_ENABLED'])
-
-Export('env')
diff --git a/modules/openssl/config.py b/modules/openssl/config.py
deleted file mode 100644
index 5f133eba90..0000000000
--- a/modules/openssl/config.py
+++ /dev/null
@@ -1,5 +0,0 @@
-def can_build(platform):
- return True
-
-def configure(env):
- pass
diff --git a/modules/openssl/register_types.cpp b/modules/openssl/register_types.cpp
deleted file mode 100644
index 916acc260e..0000000000
--- a/modules/openssl/register_types.cpp
+++ /dev/null
@@ -1,44 +0,0 @@
-/*************************************************************************/
-/* register_types.cpp */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-#include "register_types.h"
-
-#include "stream_peer_openssl.h"
-
-void register_openssl_types() {
-
- ClassDB::register_class<StreamPeerOpenSSL>();
- StreamPeerOpenSSL::initialize_ssl();
-}
-
-void unregister_openssl_types() {
-
- StreamPeerOpenSSL::finalize_ssl();
-}
diff --git a/modules/openssl/register_types.h b/modules/openssl/register_types.h
deleted file mode 100644
index 94d917ca81..0000000000
--- a/modules/openssl/register_types.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*************************************************************************/
-/* register_types.h */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-void register_openssl_types();
-void unregister_openssl_types();
diff --git a/modules/openssl/stream_peer_openssl.cpp b/modules/openssl/stream_peer_openssl.cpp
deleted file mode 100644
index e3cb9bbdf8..0000000000
--- a/modules/openssl/stream_peer_openssl.cpp
+++ /dev/null
@@ -1,632 +0,0 @@
-/*************************************************************************/
-/* stream_peer_openssl.cpp */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-#include "stream_peer_openssl.h"
-
-// Compatibility with OpenSSL 1.1.0.
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-#define BIO_set_num(b, n)
-#else
-#define BIO_set_num(b, n) ((b)->num = (n))
-
-#define BIO_set_init(b, i) ((b)->init = (i))
-#define BIO_set_data(b, p) ((b)->ptr = (p))
-#define BIO_get_data(b) ((b)->ptr)
-#endif
-
-//hostname matching code from curl
-
-bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) {
-
- return Tool_Curl_cert_hostcheck(name, hostname) == CURL_HOST_MATCH;
-}
-
-Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *server_cert) {
-
- // Find the position of the CN field in the Subject field of the certificate
- int common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert), NID_commonName, -1);
-
- ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER);
-
- // Extract the CN field
- X509_NAME_ENTRY *common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *)server_cert), common_name_loc);
-
- ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER);
-
- // Convert the CN field to a C string
- ASN1_STRING *common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
-
- ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER);
-
- char *common_name_str = (char *)ASN1_STRING_data(common_name_asn1);
-
- // Make sure there isn't an embedded NUL character in the CN
- bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str);
-
- ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER);
-
- // Compare expected hostname with the CN
-
- return _match_host_name(common_name_str, hostname) ? OK : FAILED;
-}
-
-/**
-* Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
-*
-*/
-
-Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, const X509 *server_cert) {
-
- Error result = FAILED;
- int i;
- int san_names_nb = -1;
- STACK_OF(GENERAL_NAME) *san_names = NULL;
-
- // Try to extract the names within the SAN extension from the certificate
- san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *)server_cert, NID_subject_alt_name, NULL, NULL);
- if (san_names == NULL) {
- return ERR_FILE_NOT_FOUND;
- }
- san_names_nb = sk_GENERAL_NAME_num(san_names);
-
- // Check each name within the extension
- for (i = 0; i < san_names_nb; i++) {
- const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
-
- if (current_name->type == GEN_DNS) {
- // Current name is a DNS name, let's check it
- char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName);
-
- // Make sure there isn't an embedded NUL character in the DNS name
- if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
- result = ERR_INVALID_PARAMETER;
- break;
- } else { // Compare expected hostname with the DNS name
- if (_match_host_name(dns_name, hostname)) {
- result = OK;
- break;
- }
- }
- }
- }
- sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
-
- return result;
-}
-
-/* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */
-int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg) {
-
- /* This is the function that OpenSSL would call if we hadn't called
- * SSL_CTX_set_cert_verify_callback(). Therefore, we are "wrapping"
- * the default functionality, rather than replacing it. */
-
- bool base_cert_valid = X509_verify_cert(x509_ctx);
- if (!base_cert_valid) {
- print_line("Cause: " + String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx))));
- ERR_print_errors_fp(stdout);
- }
- X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
-
- ERR_FAIL_COND_V(!server_cert, 0);
-
- char cert_str[256];
- X509_NAME_oneline(X509_get_subject_name(server_cert),
- cert_str, sizeof(cert_str));
-
- print_line("CERT STR: " + String(cert_str));
- print_line("VALID: " + itos(base_cert_valid));
-
- if (!base_cert_valid)
- return 0;
-
- StreamPeerOpenSSL *ssl = (StreamPeerOpenSSL *)arg;
-
- if (ssl->validate_hostname) {
-
- Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(), server_cert);
-
- if (err == ERR_FILE_NOT_FOUND) {
-
- err = _match_common_name(ssl->hostname.utf8().get_data(), server_cert);
- }
-
- if (err != OK) {
-
- ssl->status = STATUS_ERROR_HOSTNAME_MISMATCH;
- return 0;
- }
- }
-
- return 1;
-}
-
-int StreamPeerOpenSSL::_bio_create(BIO *b) {
- BIO_set_init(b, 1);
- BIO_set_num(b, 0);
- BIO_set_data(b, NULL);
- BIO_clear_flags(b, ~0);
- return 1;
-}
-
-int StreamPeerOpenSSL::_bio_destroy(BIO *b) {
- if (b == NULL)
- return 0;
-
- BIO_set_data(b, NULL); /* sb_tls_remove() will free it */
- BIO_set_init(b, 0);
- BIO_clear_flags(b, ~0);
- return 1;
-}
-
-int StreamPeerOpenSSL::_bio_read(BIO *b, char *buf, int len) {
-
- if (buf == NULL || len <= 0) return 0;
-
- StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b);
-
- ERR_FAIL_COND_V(sp == NULL, 0);
-
- BIO_clear_retry_flags(b);
- if (sp->use_blocking) {
-
- Error err = sp->base->get_data((uint8_t *)buf, len);
- if (err != OK) {
- return -1;
- }
-
- return len;
- } else {
-
- int got;
- Error err = sp->base->get_partial_data((uint8_t *)buf, len, got);
- if (err != OK) {
- return -1;
- }
- if (got == 0) {
- BIO_set_retry_read(b);
- }
- return got;
- }
-
- //unreachable
- return 0;
-}
-
-int StreamPeerOpenSSL::_bio_write(BIO *b, const char *buf, int len) {
-
- if (buf == NULL || len <= 0) return 0;
-
- StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)BIO_get_data(b);
-
- ERR_FAIL_COND_V(sp == NULL, 0);
-
- BIO_clear_retry_flags(b);
- if (sp->use_blocking) {
-
- Error err = sp->base->put_data((const uint8_t *)buf, len);
- if (err != OK) {
- return -1;
- }
-
- return len;
- } else {
-
- int sent;
- Error err = sp->base->put_partial_data((const uint8_t *)buf, len, sent);
- if (err != OK) {
- return -1;
- }
- if (sent == 0) {
- BIO_set_retry_write(b);
- }
- return sent;
- }
-
- //unreachable
- return 0;
-}
-
-long StreamPeerOpenSSL::_bio_ctrl(BIO *b, int cmd, long num, void *ptr) {
- if (cmd == BIO_CTRL_FLUSH) {
- /* The OpenSSL library needs this */
- return 1;
- }
- return 0;
-}
-
-int StreamPeerOpenSSL::_bio_gets(BIO *b, char *buf, int len) {
- return -1;
-}
-
-int StreamPeerOpenSSL::_bio_puts(BIO *b, const char *str) {
- return _bio_write(b, str, strlen(str));
-}
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-BIO_METHOD *StreamPeerOpenSSL::_bio_method = NULL;
-
-BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() {
- if (_bio_method) // already initialized.
- return _bio_method;
-
- /* it's a source/sink BIO */
- _bio_method = BIO_meth_new(100 | 0x400, "streampeer glue");
- BIO_meth_set_write(_bio_method, _bio_write);
- BIO_meth_set_read(_bio_method, _bio_read);
- BIO_meth_set_puts(_bio_method, _bio_puts);
- BIO_meth_set_gets(_bio_method, _bio_gets);
- BIO_meth_set_ctrl(_bio_method, _bio_ctrl);
- BIO_meth_set_create(_bio_method, _bio_create);
- BIO_meth_set_destroy(_bio_method, _bio_destroy);
-
- return _bio_method;
-}
-#else
-BIO_METHOD StreamPeerOpenSSL::_bio_method = {
- /* it's a source/sink BIO */
- (100 | 0x400),
- "streampeer glue",
- _bio_write,
- _bio_read,
- _bio_puts,
- _bio_gets,
- _bio_ctrl,
- _bio_create,
- _bio_destroy
-};
-
-BIO_METHOD *StreamPeerOpenSSL::_get_bio_method() {
- return &_bio_method;
-}
-#endif
-
-Error StreamPeerOpenSSL::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname) {
-
- if (connected)
- disconnect_from_stream();
-
- hostname = p_for_hostname;
- status = STATUS_DISCONNECTED;
-
- // Set up a SSL_CTX object, which will tell our BIO object how to do its work
- ctx = SSL_CTX_new(SSLv23_client_method());
- base = p_base;
- validate_certs = p_validate_certs;
- validate_hostname = p_for_hostname != "";
-
- if (p_validate_certs) {
-
- if (certs.size()) {
- //yay for undocumented OpenSSL functions
-
- X509_STORE *store = SSL_CTX_get_cert_store(ctx);
- for (int i = 0; i < certs.size(); i++) {
-
- X509_STORE_add_cert(store, certs[i]);
- }
- }
-
- //used for testing
- //int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL);
- //print_line("verify locations res: "+itos(res));
-
- /* Ask OpenSSL to verify the server certificate. Note that this
- * does NOT include verifying that the hostname is correct.
- * So, by itself, this means anyone with any legitimate
- * CA-issued certificate for any website, can impersonate any
- * other website in the world. This is not good. See "The
- * Most Dangerous Code in the World" article at
- * https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
- */
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
- /* This is how we solve the problem mentioned in the previous
- * comment. We "wrap" OpenSSL's validation routine in our
- * own routine, which also validates the hostname by calling
- * the code provided by iSECPartners. Note that even though
- * the "Everything You've Always Wanted to Know About
- * Certificate Validation With OpenSSL (But Were Afraid to
- * Ask)" paper from iSECPartners says very explicitly not to
- * call SSL_CTX_set_cert_verify_callback (at the bottom of
- * page 2), what we're doing here is safe because our
- * cert_verify_callback() calls X509_verify_cert(), which is
- * OpenSSL's built-in routine which would have been called if
- * we hadn't set the callback. Therefore, we're just
- * "wrapping" OpenSSL's routine, not replacing it. */
- SSL_CTX_set_cert_verify_callback(ctx, _cert_verify_callback, this);
-
- //Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??)
- SSL_CTX_set_verify_depth(ctx, max_cert_chain_depth + 1);
- }
-
- ssl = SSL_new(ctx);
- bio = BIO_new(_get_bio_method());
- BIO_set_data(bio, this);
- SSL_set_bio(ssl, bio, bio);
-
- if (p_for_hostname != String()) {
- SSL_set_tlsext_host_name(ssl, p_for_hostname.utf8().get_data());
- }
-
- use_blocking = true; // let handshake use blocking
- // Set the SSL to automatically retry on failure.
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- // Same as before, try to connect.
- int result = SSL_connect(ssl);
-
- print_line("CONNECTION RESULT: " + itos(result));
- if (result < 1) {
- ERR_print_errors_fp(stdout);
- _print_error(result);
- }
-
- X509 *peer = SSL_get_peer_certificate(ssl);
-
- if (peer) {
- bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK;
- print_line("cert_ok: " + itos(cert_ok));
-
- } else if (validate_certs) {
- status = STATUS_ERROR_NO_CERTIFICATE;
- }
-
- connected = true;
- status = STATUS_CONNECTED;
-
- return OK;
-}
-
-Error StreamPeerOpenSSL::accept_stream(Ref<StreamPeer> p_base) {
-
- return ERR_UNAVAILABLE;
-}
-
-void StreamPeerOpenSSL::_print_error(int err) {
-
- err = SSL_get_error(ssl, err);
- switch (err) {
- case SSL_ERROR_NONE:
- ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed");
- break;
- case SSL_ERROR_ZERO_RETURN:
- ERR_PRINT("The TLS/SSL connection has been closed.");
- break;
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- ERR_PRINT("The operation did not complete.");
- break;
- case SSL_ERROR_WANT_CONNECT:
- case SSL_ERROR_WANT_ACCEPT:
- ERR_PRINT("The connect/accept operation did not complete");
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again.");
- break;
- case SSL_ERROR_SYSCALL:
- ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error.");
- break;
- case SSL_ERROR_SSL:
- ERR_PRINT("A failure in the SSL library occurred, usually a protocol error.");
- break;
- }
-}
-
-Error StreamPeerOpenSSL::put_data(const uint8_t *p_data, int p_bytes) {
-
- ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
-
- while (p_bytes > 0) {
- int ret = SSL_write(ssl, p_data, p_bytes);
- if (ret <= 0) {
- _print_error(ret);
- disconnect_from_stream();
- return ERR_CONNECTION_ERROR;
- }
- p_data += ret;
- p_bytes -= ret;
- }
-
- return OK;
-}
-
-Error StreamPeerOpenSSL::put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent) {
-
- ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
- if (p_bytes == 0)
- return OK;
-
- Error err = put_data(p_data, p_bytes);
- if (err != OK)
- return err;
-
- r_sent = p_bytes;
- return OK;
-}
-
-Error StreamPeerOpenSSL::get_data(uint8_t *p_buffer, int p_bytes) {
-
- ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
-
- while (p_bytes > 0) {
-
- int ret = SSL_read(ssl, p_buffer, p_bytes);
- if (ret <= 0) {
- _print_error(ret);
- disconnect_from_stream();
- return ERR_CONNECTION_ERROR;
- }
- p_buffer += ret;
- p_bytes -= ret;
- }
-
- return OK;
-}
-
-Error StreamPeerOpenSSL::get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received) {
-
- ERR_FAIL_COND_V(!connected, ERR_UNCONFIGURED);
- if (p_bytes == 0) {
- r_received = 0;
- return OK;
- }
-
- Error err = get_data(p_buffer, p_bytes);
- if (err != OK)
- return err;
- r_received = p_bytes;
- return OK;
-}
-
-int StreamPeerOpenSSL::get_available_bytes() const {
-
- ERR_FAIL_COND_V(!connected, 0);
-
- return SSL_pending(ssl);
-}
-StreamPeerOpenSSL::StreamPeerOpenSSL() {
-
- ctx = NULL;
- ssl = NULL;
- bio = NULL;
- connected = false;
- use_blocking = true; //might be improved int the future, but for now it always blocks
- max_cert_chain_depth = 9;
- flags = 0;
-}
-
-void StreamPeerOpenSSL::disconnect_from_stream() {
-
- if (!connected)
- return;
- SSL_shutdown(ssl);
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- base = Ref<StreamPeer>();
- connected = false;
- validate_certs = false;
- validate_hostname = false;
- status = STATUS_DISCONNECTED;
-}
-
-StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const {
-
- return status;
-}
-
-StreamPeerOpenSSL::~StreamPeerOpenSSL() {
- disconnect_from_stream();
-}
-
-StreamPeerSSL *StreamPeerOpenSSL::_create_func() {
-
- return memnew(StreamPeerOpenSSL);
-}
-
-Vector<X509 *> StreamPeerOpenSSL::certs;
-
-void StreamPeerOpenSSL::_load_certs(const PoolByteArray &p_array) {
-
- PoolByteArray::Read r = p_array.read();
- BIO *mem = BIO_new(BIO_s_mem());
- BIO_puts(mem, (const char *)r.ptr());
- while (true) {
- X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
- if (!cert)
- break;
- certs.push_back(cert);
- }
- BIO_free(mem);
-}
-
-void StreamPeerOpenSSL::initialize_ssl() {
-
- available = true;
-
- load_certs_func = _load_certs;
-
- _create = _create_func;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
-#endif
- SSL_library_init(); // Initialize OpenSSL's SSL libraries
- SSL_load_error_strings(); // Load SSL error strings
- ERR_load_BIO_strings(); // Load BIO error strings
- OpenSSL_add_all_algorithms(); // Load all available encryption algorithms
- String certs_path = GLOBAL_DEF("network/ssl/certificates", "");
- ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt"));
- if (certs_path != "") {
-
- FileAccess *f = FileAccess::open(certs_path, FileAccess::READ);
- if (f) {
- PoolByteArray arr;
- int flen = f->get_len();
- arr.resize(flen + 1);
- {
- PoolByteArray::Write w = arr.write();
- f->get_buffer(w.ptr(), flen);
- w[flen] = 0; //end f string
- }
-
- memdelete(f);
-
- _load_certs(arr);
- print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size()));
- }
- }
- String config_path = GLOBAL_DEF("network/ssl/config", "");
- ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/config", PropertyInfo(Variant::STRING, "network/ssl/config", PROPERTY_HINT_FILE, "*.cnf"));
- if (config_path != "") {
-
- Vector<uint8_t> data = FileAccess::get_file_as_array(config_path);
- if (data.size()) {
- data.push_back(0);
- BIO *mem = BIO_new(BIO_s_mem());
- BIO_puts(mem, (const char *)data.ptr());
-
- while (true) {
- X509 *cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
- if (!cert)
- break;
- certs.push_back(cert);
- }
- BIO_free(mem);
- }
- print_line("Loaded certs from '" + certs_path + "': " + itos(certs.size()));
- }
-}
-
-void StreamPeerOpenSSL::finalize_ssl() {
-
- for (int i = 0; i < certs.size(); i++) {
- X509_free(certs[i]);
- }
- certs.clear();
-}
diff --git a/modules/openssl/stream_peer_openssl.h b/modules/openssl/stream_peer_openssl.h
deleted file mode 100644
index 29c8647e58..0000000000
--- a/modules/openssl/stream_peer_openssl.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/*************************************************************************/
-/* stream_peer_openssl.h */
-/*************************************************************************/
-/* This file is part of: */
-/* GODOT ENGINE */
-/* https://godotengine.org */
-/*************************************************************************/
-/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
-/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
-/* */
-/* Permission is hereby granted, free of charge, to any person obtaining */
-/* a copy of this software and associated documentation files (the */
-/* "Software"), to deal in the Software without restriction, including */
-/* without limitation the rights to use, copy, modify, merge, publish, */
-/* distribute, sublicense, and/or sell copies of the Software, and to */
-/* permit persons to whom the Software is furnished to do so, subject to */
-/* the following conditions: */
-/* */
-/* The above copyright notice and this permission notice shall be */
-/* included in all copies or substantial portions of the Software. */
-/* */
-/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
-/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
-/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
-/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
-/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
-/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
-/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
-/*************************************************************************/
-
-#ifndef STREAM_PEER_OPEN_SSL_H
-#define STREAM_PEER_OPEN_SSL_H
-
-#include "io/stream_peer_ssl.h"
-#include "os/file_access.h"
-#include "project_settings.h"
-
-#include "thirdparty/misc/curl_hostcheck.h"
-
-#include <openssl/bio.h> // BIO objects for I/O
-#include <openssl/err.h> // Error reporting
-#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections
-#include <openssl/x509v3.h>
-
-#include <stdio.h>
-
-class StreamPeerOpenSSL : public StreamPeerSSL {
-private:
- static int _bio_create(BIO *b);
- static int _bio_destroy(BIO *b);
- static int _bio_read(BIO *b, char *buf, int len);
- static int _bio_write(BIO *b, const char *buf, int len);
- static long _bio_ctrl(BIO *b, int cmd, long num, void *ptr);
- static int _bio_gets(BIO *b, char *buf, int len);
- static int _bio_puts(BIO *b, const char *str);
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- static BIO_METHOD *_bio_method;
-#else
- static BIO_METHOD _bio_method;
-#endif
- static BIO_METHOD *_get_bio_method();
-
- static bool _match_host_name(const char *name, const char *hostname);
- static Error _match_common_name(const char *hostname, const X509 *server_cert);
- static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert);
-
- static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg);
-
- Status status;
- String hostname;
- int max_cert_chain_depth;
- SSL_CTX *ctx;
- SSL *ssl;
- BIO *bio;
- bool connected;
- int flags;
- bool use_blocking;
- bool validate_certs;
- bool validate_hostname;
-
- Ref<StreamPeer> base;
-
- static StreamPeerSSL *_create_func();
- void _print_error(int err);
-
- static Vector<X509 *> certs;
-
- static void _load_certs(const PoolByteArray &p_array);
-
-protected:
- static void _bind_methods();
-
-public:
- virtual Error accept_stream(Ref<StreamPeer> p_base);
- virtual Error connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs = false, const String &p_for_hostname = String());
- virtual Status get_status() const;
-
- virtual void disconnect_from_stream();
-
- virtual Error put_data(const uint8_t *p_data, int p_bytes);
- virtual Error put_partial_data(const uint8_t *p_data, int p_bytes, int &r_sent);
-
- virtual Error get_data(uint8_t *p_buffer, int p_bytes);
- virtual Error get_partial_data(uint8_t *p_buffer, int p_bytes, int &r_received);
-
- virtual int get_available_bytes() const;
-
- static void initialize_ssl();
- static void finalize_ssl();
-
- StreamPeerOpenSSL();
- ~StreamPeerOpenSSL();
-};
-
-#endif // STREAM_PEER_SSL_H