aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/openssl/io
diff options
context:
space:
mode:
authorAnton Samokhvalov <pg83@yandex.ru>2022-02-10 16:45:17 +0300
committerDaniil Cherednik <dcherednik@yandex-team.ru>2022-02-10 16:45:17 +0300
commitd3a398281c6fd1d3672036cb2d63f842d2cb28c5 (patch)
treedd4bd3ca0f36b817e96812825ffaf10d645803f2 /library/cpp/openssl/io
parent72cb13b4aff9bc9cf22e49251bc8fd143f82538f (diff)
downloadydb-d3a398281c6fd1d3672036cb2d63f842d2cb28c5.tar.gz
Restoring authorship annotation for Anton Samokhvalov <pg83@yandex.ru>. Commit 2 of 2.
Diffstat (limited to 'library/cpp/openssl/io')
-rw-r--r--library/cpp/openssl/io/stream.cpp320
-rw-r--r--library/cpp/openssl/io/stream.h32
-rw-r--r--library/cpp/openssl/io/ya.make26
3 files changed, 189 insertions, 189 deletions
diff --git a/library/cpp/openssl/io/stream.cpp b/library/cpp/openssl/io/stream.cpp
index eb6f9a9e5f..0b4be38c0e 100644
--- a/library/cpp/openssl/io/stream.cpp
+++ b/library/cpp/openssl/io/stream.cpp
@@ -1,136 +1,136 @@
-#include "stream.h"
-
+#include "stream.h"
+
#include <util/generic/deque.h>
-#include <util/generic/singleton.h>
-#include <util/generic/yexception.h>
-
+#include <util/generic/singleton.h>
+#include <util/generic/yexception.h>
+
#include <library/cpp/openssl/init/init.h>
#include <library/cpp/openssl/method/io.h>
#include <library/cpp/resource/resource.h>
-
-#include <openssl/bio.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
+
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
#include <openssl/tls1.h>
#include <openssl/x509v3.h>
-
-using TOptions = TOpenSslClientIO::TOptions;
-
-namespace {
- struct TSslIO;
-
- struct TSslInitOnDemand {
- inline TSslInitOnDemand() {
- InitOpenSSL();
- }
- };
-
+
+using TOptions = TOpenSslClientIO::TOptions;
+
+namespace {
+ struct TSslIO;
+
+ struct TSslInitOnDemand {
+ inline TSslInitOnDemand() {
+ InitOpenSSL();
+ }
+ };
+
int GetLastSslError() noexcept {
- return ERR_peek_last_error();
- }
-
+ return ERR_peek_last_error();
+ }
+
const char* SslErrorText(int error) noexcept {
return ERR_error_string(error, nullptr);
- }
-
+ }
+
inline TStringBuf SslLastError() noexcept {
- return SslErrorText(GetLastSslError());
- }
-
- struct TSslError: public yexception {
- inline TSslError() {
- *this << SslLastError();
- }
- };
-
- struct TSslDestroy {
+ return SslErrorText(GetLastSslError());
+ }
+
+ struct TSslError: public yexception {
+ inline TSslError() {
+ *this << SslLastError();
+ }
+ };
+
+ struct TSslDestroy {
static inline void Destroy(ssl_ctx_st* ctx) noexcept {
- SSL_CTX_free(ctx);
- }
-
+ SSL_CTX_free(ctx);
+ }
+
static inline void Destroy(ssl_st* ssl) noexcept {
- SSL_free(ssl);
- }
-
+ SSL_free(ssl);
+ }
+
static inline void Destroy(bio_st* bio) noexcept {
- BIO_free(bio);
- }
+ BIO_free(bio);
+ }
static inline void Destroy(x509_st* x509) noexcept {
X509_free(x509);
}
- };
-
- template <class T>
+ };
+
+ template <class T>
using TSslHolderPtr = THolder<T, TSslDestroy>;
-
+
using TSslContextPtr = TSslHolderPtr<ssl_ctx_st>;
using TSslPtr = TSslHolderPtr<ssl_st>;
using TBioPtr = TSslHolderPtr<bio_st>;
using TX509Ptr = TSslHolderPtr<x509_st>;
-
+
inline TSslContextPtr CreateSslCtx(const ssl_method_st* method) {
- TSslContextPtr ctx(SSL_CTX_new(method));
-
- if (!ctx) {
- ythrow TSslError() << "SSL_CTX_new";
- }
-
- SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv2);
+ TSslContextPtr ctx(SSL_CTX_new(method));
+
+ if (!ctx) {
+ ythrow TSslError() << "SSL_CTX_new";
+ }
+
+ SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ctx.Get(), SSL_OP_NO_SSLv3);
- SSL_CTX_set_options(ctx.Get(), SSL_OP_MICROSOFT_SESS_ID_BUG);
- SSL_CTX_set_options(ctx.Get(), SSL_OP_NETSCAPE_CHALLENGE_BUG);
-
- return ctx;
- }
-
+ SSL_CTX_set_options(ctx.Get(), SSL_OP_MICROSOFT_SESS_ID_BUG);
+ SSL_CTX_set_options(ctx.Get(), SSL_OP_NETSCAPE_CHALLENGE_BUG);
+
+ return ctx;
+ }
+
struct TStreamIO : public NOpenSSL::TAbstractIO {
inline TStreamIO(IInputStream* in, IOutputStream* out)
: In(in)
, Out(out)
{
}
-
+
int Write(const char* data, size_t dlen, size_t* written) override {
Out->Write(data, dlen);
*written = dlen;
return 1;
- }
-
+ }
+
int Read(char* data, size_t dlen, size_t* readbytes) override {
*readbytes = In->Read(data, dlen);
return 1;
- }
-
+ }
+
int Puts(const char* buf) override {
Y_UNUSED(buf);
return -1;
- }
-
+ }
+
int Gets(char* buf, int size) override {
Y_UNUSED(buf);
Y_UNUSED(size);
return -1;
- }
-
+ }
+
void Flush() override {
- }
-
+ }
+
IInputStream* In;
IOutputStream* Out;
- };
-
- struct TSslIO: public TSslInitOnDemand, public TOptions {
+ };
+
+ struct TSslIO: public TSslInitOnDemand, public TOptions {
inline TSslIO(IInputStream* in, IOutputStream* out, const TOptions& opts)
- : TOptions(opts)
+ : TOptions(opts)
, Io(in, out)
- , Ctx(CreateClientContext())
- , Ssl(ConstructSsl())
- {
- Connect();
- }
-
+ , Ctx(CreateClientContext())
+ , Ssl(ConstructSsl())
+ {
+ Connect();
+ }
+
inline TSslContextPtr CreateClientContext() {
TSslContextPtr ctx = CreateSslCtx(SSLv23_client_method());
if (ClientCert_) {
@@ -164,23 +164,23 @@ namespace {
return ctx;
}
- inline TSslPtr ConstructSsl() {
- TSslPtr ssl(SSL_new(Ctx.Get()));
-
- if (!ssl) {
- ythrow TSslError() << "SSL_new";
- }
-
+ inline TSslPtr ConstructSsl() {
+ TSslPtr ssl(SSL_new(Ctx.Get()));
+
+ if (!ssl) {
+ ythrow TSslError() << "SSL_new";
+ }
+
if (VerifyCert_) {
InitVerification(ssl.Get());
}
BIO_up_ref(Io); // SSL_set_bio consumes only one reference if rbio and wbio are the same
SSL_set_bio(ssl.Get(), Io, Io);
-
- return ssl;
- }
-
+
+ return ssl;
+ }
+
inline void InitVerification(ssl_st* ssl) {
X509_VERIFY_PARAM* param = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
@@ -200,76 +200,76 @@ namespace {
SSL_set_verify(ssl, SSL_VERIFY_PEER, nullptr);
}
- inline void Connect() {
- if (SSL_connect(Ssl.Get()) != 1) {
- ythrow TSslError() << "SSL_connect";
- }
- }
-
- inline void Finish() const {
- SSL_shutdown(Ssl.Get());
- }
-
- inline size_t Read(void* buf, size_t len) {
- const int ret = SSL_read(Ssl.Get(), buf, len);
-
- if (ret < 0) {
- ythrow TSslError() << "SSL_read";
- }
-
- return ret;
- }
-
- inline void Write(const char* buf, size_t len) {
- while (len) {
- const int ret = SSL_write(Ssl.Get(), buf, len);
-
- if (ret < 0) {
- ythrow TSslError() << "SSL_write";
- }
-
- buf += (size_t)ret;
- len -= (size_t)ret;
- }
- }
-
+ inline void Connect() {
+ if (SSL_connect(Ssl.Get()) != 1) {
+ ythrow TSslError() << "SSL_connect";
+ }
+ }
+
+ inline void Finish() const {
+ SSL_shutdown(Ssl.Get());
+ }
+
+ inline size_t Read(void* buf, size_t len) {
+ const int ret = SSL_read(Ssl.Get(), buf, len);
+
+ if (ret < 0) {
+ ythrow TSslError() << "SSL_read";
+ }
+
+ return ret;
+ }
+
+ inline void Write(const char* buf, size_t len) {
+ while (len) {
+ const int ret = SSL_write(Ssl.Get(), buf, len);
+
+ if (ret < 0) {
+ ythrow TSslError() << "SSL_write";
+ }
+
+ buf += (size_t)ret;
+ len -= (size_t)ret;
+ }
+ }
+
TStreamIO Io;
- TSslContextPtr Ctx;
- TSslPtr Ssl;
- };
-}
-
-struct TOpenSslClientIO::TImpl: public TSslIO {
+ TSslContextPtr Ctx;
+ TSslPtr Ssl;
+ };
+}
+
+struct TOpenSslClientIO::TImpl: public TSslIO {
inline TImpl(IInputStream* in, IOutputStream* out, const TOptions& opts)
- : TSslIO(in, out, opts)
- {
- }
-};
-
+ : TSslIO(in, out, opts)
+ {
+ }
+};
+
TOpenSslClientIO::TOpenSslClientIO(IInputStream* in, IOutputStream* out)
- : Impl_(new TImpl(in, out, TOptions()))
-{
-}
-
+ : Impl_(new TImpl(in, out, TOptions()))
+{
+}
+
TOpenSslClientIO::TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options)
- : Impl_(new TImpl(in, out, options))
-{
-}
-
-TOpenSslClientIO::~TOpenSslClientIO() {
- try {
- Impl_->Finish();
- } catch (...) {
- }
-}
-
-void TOpenSslClientIO::DoWrite(const void* buf, size_t len) {
- Impl_->Write((const char*)buf, len);
-}
-
-size_t TOpenSslClientIO::DoRead(void* buf, size_t len) {
- return Impl_->Read(buf, len);
-}
+ : Impl_(new TImpl(in, out, options))
+{
+}
+
+TOpenSslClientIO::~TOpenSslClientIO() {
+ try {
+ Impl_->Finish();
+ } catch (...) {
+ }
+}
+
+void TOpenSslClientIO::DoWrite(const void* buf, size_t len) {
+ Impl_->Write((const char*)buf, len);
+}
+
+size_t TOpenSslClientIO::DoRead(void* buf, size_t len) {
+ return Impl_->Read(buf, len);
+}
namespace NPrivate {
void TSslDestroy::Destroy(x509_store_st* x509) noexcept {
diff --git a/library/cpp/openssl/io/stream.h b/library/cpp/openssl/io/stream.h
index be1837618c..7bca8f80ef 100644
--- a/library/cpp/openssl/io/stream.h
+++ b/library/cpp/openssl/io/stream.h
@@ -1,13 +1,13 @@
-#pragma once
-
+#pragma once
+
#include <util/generic/maybe.h>
-#include <util/generic/ptr.h>
+#include <util/generic/ptr.h>
#include <util/stream/input.h>
#include <util/stream/output.h>
-
+
class TOpenSslClientIO: public IInputStream, public IOutputStream {
-public:
- struct TOptions {
+public:
+ struct TOptions {
struct TVerifyCert {
// Uses builtin certs.
// Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb.
@@ -22,21 +22,21 @@ public:
TMaybe<TVerifyCert> VerifyCert_;
TMaybe<TClientCert> ClientCert_;
- // TODO - keys, cyphers, etc
- };
-
+ // TODO - keys, cyphers, etc
+ };
+
TOpenSslClientIO(IInputStream* in, IOutputStream* out);
TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options);
~TOpenSslClientIO() override;
-
-private:
+
+private:
void DoWrite(const void* buf, size_t len) override;
size_t DoRead(void* buf, size_t len) override;
-
-private:
- struct TImpl;
- THolder<TImpl> Impl_;
-};
+
+private:
+ struct TImpl;
+ THolder<TImpl> Impl_;
+};
struct x509_store_st;
diff --git a/library/cpp/openssl/io/ya.make b/library/cpp/openssl/io/ya.make
index 10b71d4177..aaebba4011 100644
--- a/library/cpp/openssl/io/ya.make
+++ b/library/cpp/openssl/io/ya.make
@@ -1,16 +1,16 @@
-LIBRARY()
-
-OWNER(pg)
-
-PEERDIR(
+LIBRARY()
+
+OWNER(pg)
+
+PEERDIR(
certs
- contrib/libs/openssl
+ contrib/libs/openssl
library/cpp/openssl/init
library/cpp/openssl/method
-)
-
-SRCS(
- stream.cpp
-)
-
-END()
+)
+
+SRCS(
+ stream.cpp
+)
+
+END()