diff options
author | Anton Samokhvalov <pg83@yandex.ru> | 2022-02-10 16:45:17 +0300 |
---|---|---|
committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:17 +0300 |
commit | d3a398281c6fd1d3672036cb2d63f842d2cb28c5 (patch) | |
tree | dd4bd3ca0f36b817e96812825ffaf10d645803f2 /library/cpp/openssl/io | |
parent | 72cb13b4aff9bc9cf22e49251bc8fd143f82538f (diff) | |
download | ydb-d3a398281c6fd1d3672036cb2d63f842d2cb28c5.tar.gz |
Restoring authorship annotation for Anton Samokhvalov <pg83@yandex.ru>. Commit 2 of 2.
Diffstat (limited to 'library/cpp/openssl/io')
-rw-r--r-- | library/cpp/openssl/io/stream.cpp | 320 | ||||
-rw-r--r-- | library/cpp/openssl/io/stream.h | 32 | ||||
-rw-r--r-- | library/cpp/openssl/io/ya.make | 26 |
3 files changed, 189 insertions, 189 deletions
diff --git a/library/cpp/openssl/io/stream.cpp b/library/cpp/openssl/io/stream.cpp index eb6f9a9e5f..0b4be38c0e 100644 --- a/library/cpp/openssl/io/stream.cpp +++ b/library/cpp/openssl/io/stream.cpp @@ -1,136 +1,136 @@ -#include "stream.h" - +#include "stream.h" + #include <util/generic/deque.h> -#include <util/generic/singleton.h> -#include <util/generic/yexception.h> - +#include <util/generic/singleton.h> +#include <util/generic/yexception.h> + #include <library/cpp/openssl/init/init.h> #include <library/cpp/openssl/method/io.h> #include <library/cpp/resource/resource.h> - -#include <openssl/bio.h> -#include <openssl/ssl.h> -#include <openssl/err.h> + +#include <openssl/bio.h> +#include <openssl/ssl.h> +#include <openssl/err.h> #include <openssl/tls1.h> #include <openssl/x509v3.h> - -using TOptions = TOpenSslClientIO::TOptions; - -namespace { - struct TSslIO; - - struct TSslInitOnDemand { - inline TSslInitOnDemand() { - InitOpenSSL(); - } - }; - + +using TOptions = TOpenSslClientIO::TOptions; + +namespace { + struct TSslIO; + + struct TSslInitOnDemand { + inline TSslInitOnDemand() { + InitOpenSSL(); + } + }; + int GetLastSslError() noexcept { - return ERR_peek_last_error(); - } - + return ERR_peek_last_error(); + } + const char* SslErrorText(int error) noexcept { return ERR_error_string(error, nullptr); - } - + } + inline TStringBuf SslLastError() noexcept { - return SslErrorText(GetLastSslError()); - } - - struct TSslError: public yexception { - inline TSslError() { - *this << SslLastError(); - } - }; - - struct TSslDestroy { + return SslErrorText(GetLastSslError()); + } + + struct TSslError: public yexception { + inline TSslError() { + *this << SslLastError(); + } + }; + + struct TSslDestroy { static inline void Destroy(ssl_ctx_st* ctx) noexcept { - SSL_CTX_free(ctx); - } - + SSL_CTX_free(ctx); + } + static inline void Destroy(ssl_st* ssl) noexcept { - SSL_free(ssl); - } - + SSL_free(ssl); + } + static inline void Destroy(bio_st* bio) noexcept { - BIO_free(bio); - } + BIO_free(bio); + } static inline void Destroy(x509_st* x509) noexcept { X509_free(x509); } - }; - - template <class T> + }; + + template <class T> using TSslHolderPtr = THolder<T, TSslDestroy>; - + using TSslContextPtr = TSslHolderPtr<ssl_ctx_st>; using TSslPtr = TSslHolderPtr<ssl_st>; using TBioPtr = TSslHolderPtr<bio_st>; using TX509Ptr = TSslHolderPtr<x509_st>; - + inline TSslContextPtr CreateSslCtx(const ssl_method_st* method) { - TSslContextPtr ctx(SSL_CTX_new(method)); - - if (!ctx) { - ythrow TSslError() << "SSL_CTX_new"; - } - - SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv2); + TSslContextPtr ctx(SSL_CTX_new(method)); + + if (!ctx) { + ythrow TSslError() << "SSL_CTX_new"; + } + + SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv3); - SSL_CTX_set_options(ctx.Get(), SSL_OP_MICROSOFT_SESS_ID_BUG); - SSL_CTX_set_options(ctx.Get(), SSL_OP_NETSCAPE_CHALLENGE_BUG); - - return ctx; - } - + SSL_CTX_set_options(ctx.Get(), SSL_OP_MICROSOFT_SESS_ID_BUG); + SSL_CTX_set_options(ctx.Get(), SSL_OP_NETSCAPE_CHALLENGE_BUG); + + return ctx; + } + struct TStreamIO : public NOpenSSL::TAbstractIO { inline TStreamIO(IInputStream* in, IOutputStream* out) : In(in) , Out(out) { } - + int Write(const char* data, size_t dlen, size_t* written) override { Out->Write(data, dlen); *written = dlen; return 1; - } - + } + int Read(char* data, size_t dlen, size_t* readbytes) override { *readbytes = In->Read(data, dlen); return 1; - } - + } + int Puts(const char* buf) override { Y_UNUSED(buf); return -1; - } - + } + int Gets(char* buf, int size) override { Y_UNUSED(buf); Y_UNUSED(size); return -1; - } - + } + void Flush() override { - } - + } + IInputStream* In; IOutputStream* Out; - }; - - struct TSslIO: public TSslInitOnDemand, public TOptions { + }; + + struct TSslIO: public TSslInitOnDemand, public TOptions { inline TSslIO(IInputStream* in, IOutputStream* out, const TOptions& opts) - : TOptions(opts) + : TOptions(opts) , Io(in, out) - , Ctx(CreateClientContext()) - , Ssl(ConstructSsl()) - { - Connect(); - } - + , Ctx(CreateClientContext()) + , Ssl(ConstructSsl()) + { + Connect(); + } + inline TSslContextPtr CreateClientContext() { TSslContextPtr ctx = CreateSslCtx(SSLv23_client_method()); if (ClientCert_) { @@ -164,23 +164,23 @@ namespace { return ctx; } - inline TSslPtr ConstructSsl() { - TSslPtr ssl(SSL_new(Ctx.Get())); - - if (!ssl) { - ythrow TSslError() << "SSL_new"; - } - + inline TSslPtr ConstructSsl() { + TSslPtr ssl(SSL_new(Ctx.Get())); + + if (!ssl) { + ythrow TSslError() << "SSL_new"; + } + if (VerifyCert_) { InitVerification(ssl.Get()); } BIO_up_ref(Io); // SSL_set_bio consumes only one reference if rbio and wbio are the same SSL_set_bio(ssl.Get(), Io, Io); - - return ssl; - } - + + return ssl; + } + inline void InitVerification(ssl_st* ssl) { X509_VERIFY_PARAM* param = SSL_get0_param(ssl); X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); @@ -200,76 +200,76 @@ namespace { SSL_set_verify(ssl, SSL_VERIFY_PEER, nullptr); } - inline void Connect() { - if (SSL_connect(Ssl.Get()) != 1) { - ythrow TSslError() << "SSL_connect"; - } - } - - inline void Finish() const { - SSL_shutdown(Ssl.Get()); - } - - inline size_t Read(void* buf, size_t len) { - const int ret = SSL_read(Ssl.Get(), buf, len); - - if (ret < 0) { - ythrow TSslError() << "SSL_read"; - } - - return ret; - } - - inline void Write(const char* buf, size_t len) { - while (len) { - const int ret = SSL_write(Ssl.Get(), buf, len); - - if (ret < 0) { - ythrow TSslError() << "SSL_write"; - } - - buf += (size_t)ret; - len -= (size_t)ret; - } - } - + inline void Connect() { + if (SSL_connect(Ssl.Get()) != 1) { + ythrow TSslError() << "SSL_connect"; + } + } + + inline void Finish() const { + SSL_shutdown(Ssl.Get()); + } + + inline size_t Read(void* buf, size_t len) { + const int ret = SSL_read(Ssl.Get(), buf, len); + + if (ret < 0) { + ythrow TSslError() << "SSL_read"; + } + + return ret; + } + + inline void Write(const char* buf, size_t len) { + while (len) { + const int ret = SSL_write(Ssl.Get(), buf, len); + + if (ret < 0) { + ythrow TSslError() << "SSL_write"; + } + + buf += (size_t)ret; + len -= (size_t)ret; + } + } + TStreamIO Io; - TSslContextPtr Ctx; - TSslPtr Ssl; - }; -} - -struct TOpenSslClientIO::TImpl: public TSslIO { + TSslContextPtr Ctx; + TSslPtr Ssl; + }; +} + +struct TOpenSslClientIO::TImpl: public TSslIO { inline TImpl(IInputStream* in, IOutputStream* out, const TOptions& opts) - : TSslIO(in, out, opts) - { - } -}; - + : TSslIO(in, out, opts) + { + } +}; + TOpenSslClientIO::TOpenSslClientIO(IInputStream* in, IOutputStream* out) - : Impl_(new TImpl(in, out, TOptions())) -{ -} - + : Impl_(new TImpl(in, out, TOptions())) +{ +} + TOpenSslClientIO::TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options) - : Impl_(new TImpl(in, out, options)) -{ -} - -TOpenSslClientIO::~TOpenSslClientIO() { - try { - Impl_->Finish(); - } catch (...) { - } -} - -void TOpenSslClientIO::DoWrite(const void* buf, size_t len) { - Impl_->Write((const char*)buf, len); -} - -size_t TOpenSslClientIO::DoRead(void* buf, size_t len) { - return Impl_->Read(buf, len); -} + : Impl_(new TImpl(in, out, options)) +{ +} + +TOpenSslClientIO::~TOpenSslClientIO() { + try { + Impl_->Finish(); + } catch (...) { + } +} + +void TOpenSslClientIO::DoWrite(const void* buf, size_t len) { + Impl_->Write((const char*)buf, len); +} + +size_t TOpenSslClientIO::DoRead(void* buf, size_t len) { + return Impl_->Read(buf, len); +} namespace NPrivate { void TSslDestroy::Destroy(x509_store_st* x509) noexcept { diff --git a/library/cpp/openssl/io/stream.h b/library/cpp/openssl/io/stream.h index be1837618c..7bca8f80ef 100644 --- a/library/cpp/openssl/io/stream.h +++ b/library/cpp/openssl/io/stream.h @@ -1,13 +1,13 @@ -#pragma once - +#pragma once + #include <util/generic/maybe.h> -#include <util/generic/ptr.h> +#include <util/generic/ptr.h> #include <util/stream/input.h> #include <util/stream/output.h> - + class TOpenSslClientIO: public IInputStream, public IOutputStream { -public: - struct TOptions { +public: + struct TOptions { struct TVerifyCert { // Uses builtin certs. // Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb. @@ -22,21 +22,21 @@ public: TMaybe<TVerifyCert> VerifyCert_; TMaybe<TClientCert> ClientCert_; - // TODO - keys, cyphers, etc - }; - + // TODO - keys, cyphers, etc + }; + TOpenSslClientIO(IInputStream* in, IOutputStream* out); TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options); ~TOpenSslClientIO() override; - -private: + +private: void DoWrite(const void* buf, size_t len) override; size_t DoRead(void* buf, size_t len) override; - -private: - struct TImpl; - THolder<TImpl> Impl_; -}; + +private: + struct TImpl; + THolder<TImpl> Impl_; +}; struct x509_store_st; diff --git a/library/cpp/openssl/io/ya.make b/library/cpp/openssl/io/ya.make index 10b71d4177..aaebba4011 100644 --- a/library/cpp/openssl/io/ya.make +++ b/library/cpp/openssl/io/ya.make @@ -1,16 +1,16 @@ -LIBRARY() - -OWNER(pg) - -PEERDIR( +LIBRARY() + +OWNER(pg) + +PEERDIR( certs - contrib/libs/openssl + contrib/libs/openssl library/cpp/openssl/init library/cpp/openssl/method -) - -SRCS( - stream.cpp -) - -END() +) + +SRCS( + stream.cpp +) + +END() |