Skip to content

Commit 56dd861

Browse files
authored
Improve code style
1 parent c78b2b5 commit 56dd861

3 files changed

Lines changed: 258 additions & 182 deletions

File tree

yasio/detail/mbedtls.inl

Lines changed: 146 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,146 @@
1+
//////////////////////////////////////////////////////////////////////////////////////////
2+
// A multi-platform support c++11 library with focus on asynchronous socket I/O for any
3+
// client application.
4+
//////////////////////////////////////////////////////////////////////////////////////////
5+
/*
6+
The MIT License (MIT)
7+
8+
Copyright (c) 2012-2023 HALX99
9+
10+
Permission is hereby granted, free of charge, to any person obtaining a copy
11+
of this software and associated documentation files (the "Software"), to deal
12+
in the Software without restriction, including without limitation the rights
13+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14+
copies of the Software, and to permit persons to whom the Software is
15+
furnished to do so, subject to the following conditions:
16+
17+
The above copyright notice and this permission notice shall be included in all
18+
copies or substantial portions of the Software.
19+
20+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26+
SOFTWARE.
27+
*/
28+
29+
#ifndef YASIO__OPENSSL_INL
30+
#define YASIO__OPENSSL_INL
31+
32+
if YASIO_SSL_BACKEND == 2
33+
34+
YASIO__DECL ssl_ctx_st* yssl_ctx_new(const yssl_options& opts)
35+
{
36+
auto ctx = new ssl_ctx_st();
37+
::mbedtls_ctr_drbg_init(&ctx->ctr_drbg);
38+
::mbedtls_entropy_init(&ctx->entropy);
39+
::mbedtls_ssl_config_init(&ctx->conf);
40+
::mbedtls_x509_crt_init(&ctx->cert);
41+
::mbedtls_pk_init(&ctx->pkey);
42+
43+
do
44+
{
45+
int ret = 0;
46+
// ssl role
47+
if ((ret = ::mbedtls_ssl_config_defaults(&ctx->conf, opts.client ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM,
48+
MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
49+
YASIO_LOG("mbedtls_ssl_config_defaults fail with ret=%d", ret);
50+
51+
// rgn engine
52+
cxx17::string_view pers = opts.client ? cxx17::string_view{YASIO_SSL_PIN, YASIO_SSL_PIN_LEN} : cxx17::string_view{YASIO_SSL_PON, YASIO_SSL_PON_LEN};
53+
ret = ::mbedtls_ctr_drbg_seed(&ctx->ctr_drbg, ::mbedtls_entropy_func, &ctx->entropy, (const unsigned char*)pers.data(), pers.length());
54+
if (ret != 0)
55+
{
56+
YASIO_LOG("mbedtls_ctr_drbg_seed fail with ret=%d", ret);
57+
break;
58+
}
59+
::mbedtls_ssl_conf_rng(&ctx->conf, ::mbedtls_ctr_drbg_random, &ctx->ctr_drbg);
60+
61+
// --- load cert
62+
int authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;
63+
if (yasio__valid_str(opts.crtfile_)) // the cafile_ must be full path
64+
{
65+
if ((ret = ::mbedtls_x509_crt_parse_file(&ctx->cert, opts.crtfile_)) == 0)
66+
authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
67+
else
68+
{
69+
YASIO_LOG("mbedtls_x509_crt_parse_file with ret=-0x%x", (unsigned int)-ret);
70+
break;
71+
}
72+
}
73+
74+
if (opts.client)
75+
{
76+
::mbedtls_ssl_conf_authmode(&ctx->conf, authmode);
77+
::mbedtls_ssl_conf_ca_chain(&ctx->conf, &ctx->cert, nullptr);
78+
}
79+
else
80+
{
81+
// --- load server private key
82+
if (yasio__valid_str(opts.keyfile_))
83+
{
84+
# if MBEDTLS_VERSION_MAJOR >= 3
85+
if (::mbedtls_pk_parse_keyfile(&ctx->pkey, opts.keyfile_, nullptr, mbedtls_ctr_drbg_random, &ctx->ctr_drbg) != 0)
86+
# else
87+
if (::mbedtls_pk_parse_keyfile(&ctx->pkey, opts.keyfile_, nullptr) != 0)
88+
# endif
89+
{
90+
YASIO_LOG("mbedtls_x509_crt_parse_file with ret=-0x%x", (unsigned int)-ret);
91+
break;
92+
}
93+
}
94+
::mbedtls_ssl_conf_ca_chain(&ctx->conf, ctx->cert.next, nullptr);
95+
if ((ret = mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->pkey)) != 0)
96+
{
97+
YASIO_LOG("mbedtls_ssl_conf_own_cert with ret=-0x%x", (unsigned int)-ret);
98+
break;
99+
}
100+
}
101+
102+
return ctx;
103+
} while (false);
104+
105+
yssl_ctx_free(ctx);
106+
107+
return nullptr;
108+
}
109+
110+
YASIO__DECL void yssl_ctx_free(ssl_ctx_st*& ctx)
111+
{
112+
if (!ctx)
113+
return;
114+
::mbedtls_pk_free(&ctx->pkey);
115+
::mbedtls_x509_crt_free(&ctx->cert);
116+
::mbedtls_ssl_config_free(&ctx->conf);
117+
::mbedtls_entropy_free(&ctx->entropy);
118+
::mbedtls_ctr_drbg_free(&ctx->ctr_drbg);
119+
120+
delete ctx;
121+
ctx = nullptr;
122+
}
123+
124+
YASIO__DECL ssl_st* yssl_new(ssl_ctx_st* ctx, int fd, const char* hostname, bool client)
125+
{
126+
auto ssl = new ssl_st();
127+
::mbedtls_ssl_init(ssl);
128+
::mbedtls_ssl_setup(ssl, &ctx->conf);
129+
130+
// ssl_set_fd
131+
ssl->bio.fd = fd;
132+
::mbedtls_ssl_set_bio(ssl, &ssl->bio, ::mbedtls_net_send, ::mbedtls_net_recv, nullptr /* rev_timeout() */);
133+
::mbedtls_ssl_set_hostname(ssl, hostname);
134+
return ssl;
135+
}
136+
YASIO__DECL void yssl_shutdown(ssl_st*& ssl)
137+
{
138+
::mbedtls_ssl_close_notify(ssl);
139+
::mbedtls_ssl_free(ssl);
140+
delete ssl;
141+
ssl = nullptr;
142+
}
143+
144+
#endif
145+
146+
#endif

yasio/detail/openssl.inl

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
//////////////////////////////////////////////////////////////////////////////////////////
2+
// A multi-platform support c++11 library with focus on asynchronous socket I/O for any
3+
// client application.
4+
//////////////////////////////////////////////////////////////////////////////////////////
5+
/*
6+
The MIT License (MIT)
7+
8+
Copyright (c) 2012-2023 HALX99
9+
10+
Permission is hereby granted, free of charge, to any person obtaining a copy
11+
of this software and associated documentation files (the "Software"), to deal
12+
in the Software without restriction, including without limitation the rights
13+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14+
copies of the Software, and to permit persons to whom the Software is
15+
furnished to do so, subject to the following conditions:
16+
17+
The above copyright notice and this permission notice shall be included in all
18+
copies or substantial portions of the Software.
19+
20+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26+
SOFTWARE.
27+
*/
28+
29+
#ifndef YASIO__OPENSSL_INL
30+
#define YASIO__OPENSSL_INL
31+
32+
#if YASIO_SSL_BACKEND == 1 // OpenSSL
33+
YASIO__DECL ssl_ctx_st* yssl_ctx_new(const yssl_options& opts)
34+
{
35+
auto ctx = ::SSL_CTX_new(opts.client ? ::SSLv23_client_method() : SSLv23_server_method());
36+
37+
auto mode = SSL_CTX_get_mode(ctx);
38+
# if defined(SSL_MODE_RELEASE_BUFFERS)
39+
mode |= SSL_MODE_RELEASE_BUFFERS;
40+
# endif
41+
42+
::SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | mode);
43+
44+
if (opts.client)
45+
{
46+
if (yasio__valid_str(opts.crtfile_))
47+
{
48+
if (::SSL_CTX_load_verify_locations(ctx, opts.crtfile_, nullptr) == 1)
49+
{
50+
::SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ::SSL_CTX_get_verify_callback(ctx));
51+
# if OPENSSL_VERSION_NUMBER >= 0x10101000L
52+
::SSL_CTX_set_post_handshake_auth(ctx, 1);
53+
# endif
54+
# if defined(X509_V_FLAG_PARTIAL_CHAIN)
55+
/* Have intermediate certificates in the trust store be treated as
56+
trust-anchors, in the same way as self-signed root CA certificates
57+
are. This allows users to verify servers using the intermediate cert
58+
only, instead of needing the whole chain. */
59+
X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN);
60+
# endif
61+
}
62+
else
63+
YASIO_LOG("[global] load ca certifaction file failed!");
64+
}
65+
else
66+
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, nullptr);
67+
}
68+
else
69+
{
70+
if (yasio__valid_str(opts.crtfile_) && ::SSL_CTX_use_certificate_file(ctx, opts.crtfile_, SSL_FILETYPE_PEM) <= 0)
71+
YASIO_LOG("[gobal] load server cert file failed!");
72+
73+
if (yasio__valid_str(opts.keyfile_) && ::SSL_CTX_use_PrivateKey_file(ctx, opts.keyfile_, SSL_FILETYPE_PEM) <= 0)
74+
YASIO_LOG("[gobal] load server private key file failed!");
75+
}
76+
77+
return ctx;
78+
}
79+
80+
YASIO__DECL void yssl_ctx_free(ssl_ctx_st*& ctx)
81+
{
82+
::SSL_CTX_free((SSL_CTX*)ctx);
83+
ctx = nullptr;
84+
}
85+
YASIO__DECL ssl_st* yssl_new(ssl_ctx_st* ctx, int fd, const char* hostname, bool client)
86+
{
87+
auto ssl = ::SSL_new(ctx);
88+
::SSL_set_fd(ssl, fd);
89+
if (client)
90+
{
91+
::SSL_set_connect_state(ssl);
92+
::SSL_set_tlsext_host_name(ssl, hostname);
93+
}
94+
else
95+
::SSL_set_accept_state(ssl);
96+
return ssl;
97+
}
98+
YASIO__DECL void yssl_shutdown(ssl_st*& ssl)
99+
{
100+
::SSL_shutdown(ssl);
101+
::SSL_free(ssl);
102+
ssl = nullptr;
103+
}
104+
#endif
105+
106+
#endif

0 commit comments

Comments
 (0)