|
| 1 | +////////////////////////////////////////////////////////////////////////////////////////// |
| 2 | +// A multi-platform support c++11 library with focus on asynchronous socket I/O for any |
| 3 | +// client application. |
| 4 | +////////////////////////////////////////////////////////////////////////////////////////// |
| 5 | +/* |
| 6 | +The MIT License (MIT) |
| 7 | +
|
| 8 | +Copyright (c) 2012-2023 HALX99 |
| 9 | +
|
| 10 | +Permission is hereby granted, free of charge, to any person obtaining a copy |
| 11 | +of this software and associated documentation files (the "Software"), to deal |
| 12 | +in the Software without restriction, including without limitation the rights |
| 13 | +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
| 14 | +copies of the Software, and to permit persons to whom the Software is |
| 15 | +furnished to do so, subject to the following conditions: |
| 16 | +
|
| 17 | +The above copyright notice and this permission notice shall be included in all |
| 18 | +copies or substantial portions of the Software. |
| 19 | +
|
| 20 | +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| 21 | +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 22 | +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| 23 | +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 24 | +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 25 | +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| 26 | +SOFTWARE. |
| 27 | +*/ |
| 28 | + |
| 29 | +#ifndef YASIO__OPENSSL_INL |
| 30 | +#define YASIO__OPENSSL_INL |
| 31 | + |
| 32 | +if YASIO_SSL_BACKEND == 2 |
| 33 | + |
| 34 | +YASIO__DECL ssl_ctx_st* yssl_ctx_new(const yssl_options& opts) |
| 35 | +{ |
| 36 | + auto ctx = new ssl_ctx_st(); |
| 37 | + ::mbedtls_ctr_drbg_init(&ctx->ctr_drbg); |
| 38 | + ::mbedtls_entropy_init(&ctx->entropy); |
| 39 | + ::mbedtls_ssl_config_init(&ctx->conf); |
| 40 | + ::mbedtls_x509_crt_init(&ctx->cert); |
| 41 | + ::mbedtls_pk_init(&ctx->pkey); |
| 42 | + |
| 43 | + do |
| 44 | + { |
| 45 | + int ret = 0; |
| 46 | + // ssl role |
| 47 | + if ((ret = ::mbedtls_ssl_config_defaults(&ctx->conf, opts.client ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, |
| 48 | + MBEDTLS_SSL_PRESET_DEFAULT)) != 0) |
| 49 | + YASIO_LOG("mbedtls_ssl_config_defaults fail with ret=%d", ret); |
| 50 | + |
| 51 | + // rgn engine |
| 52 | + cxx17::string_view pers = opts.client ? cxx17::string_view{YASIO_SSL_PIN, YASIO_SSL_PIN_LEN} : cxx17::string_view{YASIO_SSL_PON, YASIO_SSL_PON_LEN}; |
| 53 | + ret = ::mbedtls_ctr_drbg_seed(&ctx->ctr_drbg, ::mbedtls_entropy_func, &ctx->entropy, (const unsigned char*)pers.data(), pers.length()); |
| 54 | + if (ret != 0) |
| 55 | + { |
| 56 | + YASIO_LOG("mbedtls_ctr_drbg_seed fail with ret=%d", ret); |
| 57 | + break; |
| 58 | + } |
| 59 | + ::mbedtls_ssl_conf_rng(&ctx->conf, ::mbedtls_ctr_drbg_random, &ctx->ctr_drbg); |
| 60 | + |
| 61 | + // --- load cert |
| 62 | + int authmode = MBEDTLS_SSL_VERIFY_OPTIONAL; |
| 63 | + if (yasio__valid_str(opts.crtfile_)) // the cafile_ must be full path |
| 64 | + { |
| 65 | + if ((ret = ::mbedtls_x509_crt_parse_file(&ctx->cert, opts.crtfile_)) == 0) |
| 66 | + authmode = MBEDTLS_SSL_VERIFY_REQUIRED; |
| 67 | + else |
| 68 | + { |
| 69 | + YASIO_LOG("mbedtls_x509_crt_parse_file with ret=-0x%x", (unsigned int)-ret); |
| 70 | + break; |
| 71 | + } |
| 72 | + } |
| 73 | + |
| 74 | + if (opts.client) |
| 75 | + { |
| 76 | + ::mbedtls_ssl_conf_authmode(&ctx->conf, authmode); |
| 77 | + ::mbedtls_ssl_conf_ca_chain(&ctx->conf, &ctx->cert, nullptr); |
| 78 | + } |
| 79 | + else |
| 80 | + { |
| 81 | + // --- load server private key |
| 82 | + if (yasio__valid_str(opts.keyfile_)) |
| 83 | + { |
| 84 | +# if MBEDTLS_VERSION_MAJOR >= 3 |
| 85 | + if (::mbedtls_pk_parse_keyfile(&ctx->pkey, opts.keyfile_, nullptr, mbedtls_ctr_drbg_random, &ctx->ctr_drbg) != 0) |
| 86 | +# else |
| 87 | + if (::mbedtls_pk_parse_keyfile(&ctx->pkey, opts.keyfile_, nullptr) != 0) |
| 88 | +# endif |
| 89 | + { |
| 90 | + YASIO_LOG("mbedtls_x509_crt_parse_file with ret=-0x%x", (unsigned int)-ret); |
| 91 | + break; |
| 92 | + } |
| 93 | + } |
| 94 | + ::mbedtls_ssl_conf_ca_chain(&ctx->conf, ctx->cert.next, nullptr); |
| 95 | + if ((ret = mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->pkey)) != 0) |
| 96 | + { |
| 97 | + YASIO_LOG("mbedtls_ssl_conf_own_cert with ret=-0x%x", (unsigned int)-ret); |
| 98 | + break; |
| 99 | + } |
| 100 | + } |
| 101 | + |
| 102 | + return ctx; |
| 103 | + } while (false); |
| 104 | + |
| 105 | + yssl_ctx_free(ctx); |
| 106 | + |
| 107 | + return nullptr; |
| 108 | +} |
| 109 | + |
| 110 | +YASIO__DECL void yssl_ctx_free(ssl_ctx_st*& ctx) |
| 111 | +{ |
| 112 | + if (!ctx) |
| 113 | + return; |
| 114 | + ::mbedtls_pk_free(&ctx->pkey); |
| 115 | + ::mbedtls_x509_crt_free(&ctx->cert); |
| 116 | + ::mbedtls_ssl_config_free(&ctx->conf); |
| 117 | + ::mbedtls_entropy_free(&ctx->entropy); |
| 118 | + ::mbedtls_ctr_drbg_free(&ctx->ctr_drbg); |
| 119 | + |
| 120 | + delete ctx; |
| 121 | + ctx = nullptr; |
| 122 | +} |
| 123 | + |
| 124 | +YASIO__DECL ssl_st* yssl_new(ssl_ctx_st* ctx, int fd, const char* hostname, bool client) |
| 125 | +{ |
| 126 | + auto ssl = new ssl_st(); |
| 127 | + ::mbedtls_ssl_init(ssl); |
| 128 | + ::mbedtls_ssl_setup(ssl, &ctx->conf); |
| 129 | + |
| 130 | + // ssl_set_fd |
| 131 | + ssl->bio.fd = fd; |
| 132 | + ::mbedtls_ssl_set_bio(ssl, &ssl->bio, ::mbedtls_net_send, ::mbedtls_net_recv, nullptr /* rev_timeout() */); |
| 133 | + ::mbedtls_ssl_set_hostname(ssl, hostname); |
| 134 | + return ssl; |
| 135 | +} |
| 136 | +YASIO__DECL void yssl_shutdown(ssl_st*& ssl) |
| 137 | +{ |
| 138 | + ::mbedtls_ssl_close_notify(ssl); |
| 139 | + ::mbedtls_ssl_free(ssl); |
| 140 | + delete ssl; |
| 141 | + ssl = nullptr; |
| 142 | +} |
| 143 | + |
| 144 | +#endif |
| 145 | + |
| 146 | +#endif |
0 commit comments