ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove unused functions & cleanup code:

Browse Source 
* Remove superseded ECDSA key functions
* Remove unused string helper functions
* Remove beast::FatalError
* Cleanup SSL context generation
* Improve parsing of RPC commands during startup
This commit is contained in:
Nik Bougalis
2016-06-01 17:56:00 -07:00
parent 279c2a6f82
commit 2206d0ef65
21 changed files with 135 additions and 612 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
src/ripple/basics/impl/make_SSLContext.cpp
View File

@@ -22,7 +22,6 @@
#include <ripple/basics/contract.h>
#include <ripple/basics/make_SSLContext.h>
#include <ripple/beast/container/aged_unordered_set.h>
#include <ripple/beast/core/FatalError.h>
#include <cstdint>
#include <sstream>
#include <stdexcept>
@@ -82,7 +81,7 @@ static rsa_ptr rsa_generate_key (int n_bits)
RSA* rsa = RSA_generate_key (n_bits, RSA_F4, nullptr, nullptr);
if (rsa == nullptr)
Throw<std::runtime_error> ("RSA_generate_key failed");
LogicError ("RSA_generate_key failed");
return rsa_ptr (rsa);
}
@@ -96,7 +95,7 @@ static evp_pkey_ptr evp_pkey_new()
EVP_PKEY* evp_pkey = EVP_PKEY_new();
if (evp_pkey == nullptr)
Throw<std::runtime_error> ("EVP_PKEY_new failed");
LogicError ("EVP_PKEY_new failed");
return evp_pkey_ptr (evp_pkey);
}
@@ -104,7 +103,7 @@ static evp_pkey_ptr evp_pkey_new()
static void evp_pkey_assign_rsa (EVP_PKEY* evp_pkey, rsa_ptr&& rsa)
{
if (! EVP_PKEY_assign_RSA (evp_pkey, rsa.get()))
Throw<std::runtime_error> ("EVP_PKEY_assign_RSA failed");
LogicError ("EVP_PKEY_assign_RSA failed");
rsa.release();
}
@@ -118,7 +117,7 @@ static x509_ptr x509_new()
X509* x509 = X509_new();
if (x509 == nullptr)
Throw<std::runtime_error> ("X509_new failed");
LogicError ("X509_new failed");
X509_set_version (x509, NID_X509);
@@ -139,19 +138,19 @@ static void x509_set_pubkey (X509* x509, EVP_PKEY* evp_pkey)
static void x509_sign (X509* x509, EVP_PKEY* evp_pkey)
{
if (! X509_sign (x509, evp_pkey, EVP_sha1()))
Throw<std::runtime_error> ("X509_sign failed");
LogicError ("X509_sign failed");
}
static void ssl_ctx_use_certificate (SSL_CTX* const ctx, x509_ptr& cert)
{
if (SSL_CTX_use_certificate (ctx, cert.release()) <= 0)
Throw<std::runtime_error> ("SSL_CTX_use_certificate failed");
LogicError ("SSL_CTX_use_certificate failed");
}
static void ssl_ctx_use_privatekey (SSL_CTX* const ctx, evp_pkey_ptr& key)
{
if (SSL_CTX_use_PrivateKey (ctx, key.release()) <= 0)
Throw<std::runtime_error> ("SSL_CTX_use_PrivateKey failed");
LogicError ("SSL_CTX_use_PrivateKey failed");
}
// track when SSL connections have last negotiated
@@ -174,9 +173,8 @@ make_DH(std::string const& params)
auto const* p (
reinterpret_cast <std::uint8_t const*>(&params [0]));
DH* const dh = d2i_DHparams (nullptr, &p, params.size ());
if (p == nullptr)
beast::FatalError ("d2i_DHparams returned nullptr.",
__FILE__, __LINE__);
if (dh == nullptr)
LogicError ("d2i_DHparams returned nullptr.");
return dh_ptr(dh);
}
@@ -289,7 +287,7 @@ getDH (int keyLength)
}
else
{
beast::FatalError ("unsupported key length", __FILE__, __LINE__);
LogicError ("unsupported key length.");
}
return nullptr;
@@ -364,36 +362,16 @@ error_message (std::string const& what,
return ss.str();
}
static
void
initCommon (boost::asio::ssl::context& context)
{
context.set_options (
boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::no_sslv3 |
boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_tmp_dh_callback (
context.native_handle (),
tmp_dh_handler);
SSL_CTX_set_info_callback (
context.native_handle (),
info_handler);
}
static
void
initAnonymous (
boost::asio::ssl::context& context, std::string const& cipherList)
{
initCommon(context);
int const result = SSL_CTX_set_cipher_list (
context.native_handle (),
cipherList.c_str ());
if (result != 1)
Throw<std::invalid_argument> ("SSL_CTX_set_cipher_list failed");
LogicError ("SSL_CTX_set_cipher_list failed");
using namespace openssl;
@@ -414,8 +392,6 @@ void
initAuthenticated (boost::asio::ssl::context& context,
std::string key_file, std::string cert_file, std::string chain_file)
{
initCommon (context);
SSL_CTX* const ssl = context.native_handle ();
bool cert_set = false;
@@ -429,9 +405,8 @@ initAuthenticated (boost::asio::ssl::context& context,
if (ec)
{
beast::FatalError (error_message (
"Problem with SSL certificate file.", ec).c_str(),
__FILE__, __LINE__);
LogicError (error_message (
"Problem with SSL certificate file.", ec).c_str());
}
cert_set = true;
@@ -444,10 +419,9 @@ initAuthenticated (boost::asio::ssl::context& context,
if (!f)
{
beast::FatalError (error_message (
LogicError (error_message (
"Problem opening SSL chain file.", boost::system::error_code (errno,
boost::system::generic_category())).c_str(),
__FILE__, __LINE__);
boost::system::generic_category())).c_str());
}
try
@@ -462,16 +436,14 @@ initAuthenticated (boost::asio::ssl::context& context,
if (! cert_set)
{
if (SSL_CTX_use_certificate (ssl, x) != 1)
beast::FatalError ("Problem retrieving SSL certificate from chain file.",
__FILE__, __LINE__);
LogicError ("Problem retrieving SSL certificate from chain file.");
cert_set = true;
}
else if (SSL_CTX_add_extra_chain_cert (ssl, x) != 1)
{
X509_free (x);
beast::FatalError ("Problem adding SSL chain certificate.",
__FILE__, __LINE__);
LogicError ("Problem adding SSL chain certificate.");
}
}
@@ -480,8 +452,7 @@ initAuthenticated (boost::asio::ssl::context& context,
catch (std::exception const&)
{
fclose (f);
beast::FatalError ("Reading the SSL chain file generated an exception.",
__FILE__, __LINE__);
LogicError ("Reading the SSL chain file generated an exception.");
}
}
@@ -494,19 +465,37 @@ initAuthenticated (boost::asio::ssl::context& context,
if (ec)
{
beast::FatalError (error_message (
"Problem using the SSL private key file.", ec).c_str(),
__FILE__, __LINE__);
LogicError (error_message (
"Problem using the SSL private key file.", ec).c_str());
}
}
if (SSL_CTX_check_private_key (ssl) != 1)
{
beast::FatalError ("Invalid key in SSL private key file.",
__FILE__, __LINE__);
LogicError ("Invalid key in SSL private key file.");
}
}
std::shared_ptr<boost::asio::ssl::context>
get_context ()
{
auto c = std::make_shared<boost::asio::ssl::context> (
boost::asio::ssl::context::sslv23);
c->set_options (
boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::no_sslv3 |
boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_tmp_dh_callback (
c->native_handle (), tmp_dh_handler);
SSL_CTX_set_info_callback (
c->native_handle (), info_handler);
return c;
}
} // detail
} // openssl
@@ -517,9 +506,7 @@ make_SSLContext()
static auto const context =
[]()
{
auto const context = std::make_shared<
boost::asio::ssl::context>(
boost::asio::ssl::context::sslv23);
auto const context = openssl::detail::get_context();
// By default, allow anonymous DH.
openssl::detail::initAnonymous(
*context, "ALL:!LOW:!EXP:!MD5:@STRENGTH");
@@ -535,9 +522,7 @@ std::shared_ptr<boost::asio::ssl::context>
make_SSLContextAuthed (std::string const& key_file,
std::string const& cert_file, std::string const& chain_file)
{
std::shared_ptr<boost::asio::ssl::context> context =
std::make_shared<boost::asio::ssl::context> (
boost::asio::ssl::context::sslv23);
auto const context = openssl::detail::get_context();
openssl::detail::initAuthenticated(*context,
key_file, cert_file, chain_file);
return context;