From 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 Mon Sep 17 00:00:00 2001 From: peterbell10 Date: Wed, 30 Aug 2017 15:00:06 +0100 Subject: Update mbedtls to 2.5.1 (#3964) * Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target --- src/OSSupport/TCPLinkImpl.cpp | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) (limited to 'src/OSSupport/TCPLinkImpl.cpp') diff --git a/src/OSSupport/TCPLinkImpl.cpp b/src/OSSupport/TCPLinkImpl.cpp index 06eff9b09..4aba89e5c 100644 --- a/src/OSSupport/TCPLinkImpl.cpp +++ b/src/OSSupport/TCPLinkImpl.cpp @@ -1,10 +1,11 @@ - + // TCPLinkImpl.cpp // Implements the cTCPLinkImpl class implementing the TCP link functionality #include "Globals.h" #include "TCPLinkImpl.h" +#include "mbedTLS++/SslConfig.h" #include "NetworkSingleton.h" #include "ServerHandleImpl.h" #include "event2/buffer.h" @@ -245,26 +246,29 @@ AString cTCPLinkImpl::StartTLSClient( { return "TLS is already active on this link"; } - if ( - ((a_OwnCert == nullptr) && (a_OwnPrivKey != nullptr)) || - ((a_OwnCert != nullptr) && (a_OwnPrivKey != nullptr)) - ) + if ((a_OwnCert == nullptr) != (a_OwnPrivKey == nullptr)) { return "Either provide both the certificate and private key, or neither"; } // Create the TLS context: - m_TlsContext.reset(new cLinkTlsContext(*this)); - m_TlsContext->Initialize(true); + m_TlsContext = std::make_shared(*this); if (a_OwnCert != nullptr) { - m_TlsContext->SetOwnCert(a_OwnCert, a_OwnPrivKey); + auto Config = cSslConfig::MakeDefaultConfig(true); + Config->SetOwnCert(std::move(a_OwnCert), std::move(a_OwnPrivKey)); + m_TlsContext->Initialize(Config); + } + else + { + m_TlsContext->Initialize(true); } + m_TlsContext->SetSelf(cLinkTlsContextWPtr(m_TlsContext)); // Start the handshake: m_TlsContext->Handshake(); - return ""; + return {}; } @@ -282,15 +286,18 @@ AString cTCPLinkImpl::StartTLSServer( { return "TLS is already active on this link"; } - if ((a_OwnCert == nullptr) || (a_OwnPrivKey == nullptr)) + if ((a_OwnCert == nullptr) || (a_OwnPrivKey == nullptr)) { return "Provide the server certificate and private key"; } // Create the TLS context: - m_TlsContext.reset(new cLinkTlsContext(*this)); - m_TlsContext->Initialize(false); - m_TlsContext->SetOwnCert(a_OwnCert, a_OwnPrivKey); + m_TlsContext = std::make_shared(*this); + { + auto Config = cSslConfig::MakeDefaultConfig(false); + Config->SetOwnCert(a_OwnCert, a_OwnPrivKey); + m_TlsContext->Initialize(std::move(Config)); + } m_TlsContext->SetSelf(cLinkTlsContextWPtr(m_TlsContext)); // Push the initial data: @@ -298,7 +305,7 @@ AString cTCPLinkImpl::StartTLSServer( // Start the handshake: m_TlsContext->Handshake(); - return ""; + return {}; } @@ -659,7 +666,7 @@ int cTCPLinkImpl::cLinkTlsContext::ReceiveEncrypted(unsigned char * a_Buffer, si // If there's nothing queued in the buffer, report empty buffer: if (m_EncryptedData.empty()) { - return POLARSSL_ERR_NET_WANT_READ; + return MBEDTLS_ERR_SSL_WANT_READ; } // Copy as much data as possible to the provided buffer: -- cgit v1.2.3