From 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 Mon Sep 17 00:00:00 2001 From: peterbell10 Date: Wed, 30 Aug 2017 15:00:06 +0100 Subject: Update mbedtls to 2.5.1 (#3964) * Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target --- src/mbedTLS++/SslContext.cpp | 157 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 src/mbedTLS++/SslContext.cpp (limited to 'src/mbedTLS++/SslContext.cpp') diff --git a/src/mbedTLS++/SslContext.cpp b/src/mbedTLS++/SslContext.cpp new file mode 100644 index 000000000..e86da3fd2 --- /dev/null +++ b/src/mbedTLS++/SslContext.cpp @@ -0,0 +1,157 @@ + +// SslContext.cpp + +// Implements the cSslContext class that holds everything a single SSL context needs to function + +#include "Globals.h" +#include "mbedTLS++/SslContext.h" +#include "mbedTLS++/SslConfig.h" + + + + + +cSslContext::cSslContext(void) : + m_IsValid(false), + m_HasHandshaken(false) +{ + mbedtls_ssl_init(&m_Ssl); +} + + + + + +cSslContext::~cSslContext() +{ + mbedtls_ssl_free(&m_Ssl); +} + + + + + +int cSslContext::Initialize(std::shared_ptr a_Config) +{ + // Check double-initialization: + if (m_IsValid) + { + LOGWARNING("SSL: Double initialization is not supported."); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; // There is no return value well-suited for this, reuse this one. + } + + // Check the Config: + m_Config = a_Config; + if (m_Config == nullptr) + { + ASSERT(!"Config must not be nullptr"); + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + // Apply the configuration to the ssl context + int res = mbedtls_ssl_setup(&m_Ssl, m_Config->GetInternal()); + if (res != 0) + { + return res; + } + + // Set the io callbacks + mbedtls_ssl_set_bio(&m_Ssl, this, SendEncrypted, ReceiveEncrypted, nullptr); + + m_IsValid = true; + return 0; +} + + + + + +int cSslContext::Initialize(bool a_IsClient) +{ + if (a_IsClient) + { + return Initialize(cSslConfig::GetDefaultClientConfig()); + } + else + { + return Initialize(cSslConfig::GetDefaultServerConfig()); + } +} + + + + + +void cSslContext::SetExpectedPeerName(const AString & a_ExpectedPeerName) +{ + ASSERT(m_IsValid); // Call Initialize() first + mbedtls_ssl_set_hostname(&m_Ssl, a_ExpectedPeerName.c_str()); +} + + + + + +int cSslContext::WritePlain(const void * a_Data, size_t a_NumBytes) +{ + ASSERT(m_IsValid); // Need to call Initialize() first + if (!m_HasHandshaken) + { + int res = Handshake(); + if (res != 0) + { + return res; + } + } + + return mbedtls_ssl_write(&m_Ssl, reinterpret_cast(a_Data), a_NumBytes); +} + + + + + +int cSslContext::ReadPlain(void * a_Data, size_t a_MaxBytes) +{ + ASSERT(m_IsValid); // Need to call Initialize() first + if (!m_HasHandshaken) + { + int res = Handshake(); + if (res != 0) + { + return res; + } + } + + return mbedtls_ssl_read(&m_Ssl, reinterpret_cast(a_Data), a_MaxBytes); +} + + + + + +int cSslContext::Handshake(void) +{ + ASSERT(m_IsValid); // Need to call Initialize() first + ASSERT(!m_HasHandshaken); // Must not call twice + + int res = mbedtls_ssl_handshake(&m_Ssl); + if (res == 0) + { + m_HasHandshaken = true; + } + return res; +} + + + + + +int cSslContext::NotifyClose(void) +{ + return mbedtls_ssl_close_notify(&m_Ssl); +} + + + + -- cgit v1.2.3