ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-11-25 04:55:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Format first-party source according to .clang-format

Browse Source
This commit is contained in:
Pretty Printer
2020-04-17 09:56:34 -05:00
committed by manojsdoshi
parent 65dfc5d19e
commit 50760c6935
1076 changed files with 86161 additions and 77449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
src/ripple/basics/impl/make_SSLContext.cpp
View File

@@ -41,60 +41,65 @@ template <class>
struct custom_delete;
template <>
struct custom_delete <RSA>
struct custom_delete<RSA>
{
explicit custom_delete() = default;
void operator() (RSA* rsa) const
void
operator()(RSA* rsa) const
{
RSA_free (rsa);
RSA_free(rsa);
}
};
template <>
struct custom_delete <EVP_PKEY>
struct custom_delete<EVP_PKEY>
{
explicit custom_delete() = default;
void operator() (EVP_PKEY* evp_pkey) const
void
operator()(EVP_PKEY* evp_pkey) const
{
EVP_PKEY_free (evp_pkey);
EVP_PKEY_free(evp_pkey);
}
};
template <>
struct custom_delete <X509>
struct custom_delete<X509>
{
explicit custom_delete() = default;
void operator() (X509* x509) const
void
operator()(X509* x509) const
{
X509_free (x509);
X509_free(x509);
}
};
template <>
struct custom_delete <DH>
struct custom_delete<DH>
{
explicit custom_delete() = default;
void operator() (DH* dh) const
void
operator()(DH* dh) const
{
DH_free (dh);
DH_free(dh);
}
};
template <class T>
using custom_delete_unique_ptr = std::unique_ptr <T, custom_delete <T>>;
using custom_delete_unique_ptr = std::unique_ptr<T, custom_delete<T>>;
// RSA
using rsa_ptr = custom_delete_unique_ptr <RSA>;
using rsa_ptr = custom_delete_unique_ptr<RSA>;
static rsa_ptr rsa_generate_key (int n_bits)
static rsa_ptr
rsa_generate_key(int n_bits)
{
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
BIGNUM *bn = BN_new();
BIGNUM* bn = BN_new();
BN_set_word(bn, RSA_F4);
RSA* rsa = RSA_new();
@@ -106,86 +111,92 @@ static rsa_ptr rsa_generate_key (int n_bits)
BN_free(bn);
#else
RSA* rsa = RSA_generate_key (n_bits, RSA_F4, nullptr, nullptr);
RSA* rsa = RSA_generate_key(n_bits, RSA_F4, nullptr, nullptr);
#endif
if (rsa == nullptr)
LogicError ("RSA_generate_key failed");
LogicError("RSA_generate_key failed");
return rsa_ptr (rsa);
return rsa_ptr(rsa);
}
// EVP_PKEY
using evp_pkey_ptr = custom_delete_unique_ptr <EVP_PKEY>;
using evp_pkey_ptr = custom_delete_unique_ptr<EVP_PKEY>;
static evp_pkey_ptr evp_pkey_new()
static evp_pkey_ptr
evp_pkey_new()
{
EVP_PKEY* evp_pkey = EVP_PKEY_new();
if (evp_pkey == nullptr)
LogicError ("EVP_PKEY_new failed");
LogicError("EVP_PKEY_new failed");
return evp_pkey_ptr (evp_pkey);
return evp_pkey_ptr(evp_pkey);
}
static void evp_pkey_assign_rsa (EVP_PKEY* evp_pkey, rsa_ptr rsa)
static void
evp_pkey_assign_rsa(EVP_PKEY* evp_pkey, rsa_ptr rsa)
{
if (! EVP_PKEY_assign_RSA (evp_pkey, rsa.get()))
LogicError ("EVP_PKEY_assign_RSA failed");
if (!EVP_PKEY_assign_RSA(evp_pkey, rsa.get()))
LogicError("EVP_PKEY_assign_RSA failed");
rsa.release();
}
// X509
using x509_ptr = custom_delete_unique_ptr <X509>;
using x509_ptr = custom_delete_unique_ptr<X509>;
static x509_ptr x509_new()
static x509_ptr
x509_new()
{
X509* x509 = X509_new();
if (x509 == nullptr)
LogicError ("X509_new failed");
LogicError("X509_new failed");
X509_set_version (x509, NID_X509);
X509_set_version(x509, NID_X509);
int const margin = 60 * 60; // 3600, one hour
int const margin = 60 * 60; // 3600, one hour
int const length = 10 * 365.25 * 24 * 60 * 60; // 315576000, ten years
X509_gmtime_adj (X509_get_notBefore (x509), -margin);
X509_gmtime_adj (X509_get_notAfter (x509), length);
X509_gmtime_adj(X509_get_notBefore(x509), -margin);
X509_gmtime_adj(X509_get_notAfter(x509), length);
return x509_ptr (x509);
return x509_ptr(x509);
}
static void x509_set_pubkey (X509* x509, EVP_PKEY* evp_pkey)
static void
x509_set_pubkey(X509* x509, EVP_PKEY* evp_pkey)
{
X509_set_pubkey (x509, evp_pkey);
X509_set_pubkey(x509, evp_pkey);
}
static void x509_sign (X509* x509, EVP_PKEY* evp_pkey)
static void
x509_sign(X509* x509, EVP_PKEY* evp_pkey)
{
if (! X509_sign (x509, evp_pkey, EVP_sha1()))
LogicError ("X509_sign failed");
if (!X509_sign(x509, evp_pkey, EVP_sha1()))
LogicError("X509_sign failed");
}
static void ssl_ctx_use_certificate (SSL_CTX* const ctx, x509_ptr cert)
static void
ssl_ctx_use_certificate(SSL_CTX* const ctx, x509_ptr cert)
{
if (SSL_CTX_use_certificate (ctx, cert.get()) <= 0)
LogicError ("SSL_CTX_use_certificate failed");
if (SSL_CTX_use_certificate(ctx, cert.get()) <= 0)
LogicError("SSL_CTX_use_certificate failed");
}
static void ssl_ctx_use_privatekey (SSL_CTX* const ctx, evp_pkey_ptr key)
static void
ssl_ctx_use_privatekey(SSL_CTX* const ctx, evp_pkey_ptr key)
{
if (SSL_CTX_use_PrivateKey (ctx, key.get()) <= 0)
LogicError ("SSL_CTX_use_PrivateKey failed");
if (SSL_CTX_use_PrivateKey(ctx, key.get()) <= 0)
LogicError("SSL_CTX_use_PrivateKey failed");
}
#ifdef SSL_FLAGS_NO_RENEGOTIATE_CIPHERS
static
bool
disallowRenegotiation (SSL const* ssl, bool isNew)
static bool
disallowRenegotiation(SSL const* ssl, bool isNew)
{
// Track when SSL connections have last negotiated and
// do not allow a connection to renegotiate more than
@@ -193,53 +204,51 @@ disallowRenegotiation (SSL const* ssl, bool isNew)
struct StaticData
{
std::mutex lock;
beast::aged_unordered_set <SSL const*> set;
beast::aged_unordered_set<SSL const*> set;
StaticData()
: set (ripple::stopwatch())
StaticData() : set(ripple::stopwatch())
{
}
};
static StaticData sd;
std::lock_guard lock (sd.lock);
auto const expired (sd.set.clock().now() - std::chrono::minutes(4));
std::lock_guard lock(sd.lock);
auto const expired(sd.set.clock().now() - std::chrono::minutes(4));
// Remove expired entries
for (auto iter (sd.set.chronological.begin ());
(iter != sd.set.chronological.end ()) && (iter.when () <= expired);
iter = sd.set.chronological.begin ())
for (auto iter(sd.set.chronological.begin());
(iter != sd.set.chronological.end()) && (iter.when() <= expired);
iter = sd.set.chronological.begin())
{
sd.set.erase (iter);
sd.set.erase(iter);
}
auto iter = sd.set.find (ssl);
if (iter != sd.set.end ())
auto iter = sd.set.find(ssl);
if (iter != sd.set.end())
{
if (! isNew)
if (!isNew)
{
// This is a renegotiation and the last negotiation was recent
return true;
}
sd.set.touch (iter);
sd.set.touch(iter);
}
else
{
sd.set.emplace (ssl);
sd.set.emplace(ssl);
}
return false;
}
static
void
info_handler (SSL const* ssl, int event, int)
static void
info_handler(SSL const* ssl, int event, int)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if ((ssl->s3) && (event & SSL_CB_HANDSHAKE_START))
{
if (disallowRenegotiation (ssl, SSL_in_before (ssl)))
if (disallowRenegotiation(ssl, SSL_in_before(ssl)))
ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}
#else
@@ -248,137 +257,134 @@ info_handler (SSL const* ssl, int event, int)
}
#endif
static
std::string
error_message (std::string const& what,
boost::system::error_code const& ec)
static std::string
error_message(std::string const& what, boost::system::error_code const& ec)
{
std::stringstream ss;
ss <<
what << ": " <<
ec.message() <<
" (" << ec.value() << ")";
ss << what << ": " << ec.message() << " (" << ec.value() << ")";
return ss.str();
}
static
void
initAnonymous (
boost::asio::ssl::context& context)
static void
initAnonymous(boost::asio::ssl::context& context)
{
using namespace openssl;
evp_pkey_ptr pkey = evp_pkey_new();
evp_pkey_assign_rsa (pkey.get(), rsa_generate_key (2048));
evp_pkey_assign_rsa(pkey.get(), rsa_generate_key(2048));
x509_ptr cert = x509_new();
x509_set_pubkey (cert.get(), pkey.get());
x509_sign (cert.get(), pkey.get());
x509_set_pubkey(cert.get(), pkey.get());
x509_sign(cert.get(), pkey.get());
SSL_CTX* const ctx = context.native_handle();
ssl_ctx_use_certificate (ctx, std::move(cert));
ssl_ctx_use_privatekey (ctx, std::move(pkey));
ssl_ctx_use_certificate(ctx, std::move(cert));
ssl_ctx_use_privatekey(ctx, std::move(pkey));
}
static
void
initAuthenticated (
static void
initAuthenticated(
boost::asio::ssl::context& context,
std::string const& key_file,
std::string const& cert_file,
std::string const& chain_file)
{
SSL_CTX* const ssl = context.native_handle ();
SSL_CTX* const ssl = context.native_handle();
bool cert_set = false;
if (! cert_file.empty ())
if (!cert_file.empty())
{
boost::system::error_code ec;
context.use_certificate_file (
context.use_certificate_file(
cert_file, boost::asio::ssl::context::pem, ec);
if (ec)
{
LogicError (error_message (
"Problem with SSL certificate file.", ec).c_str());
LogicError(error_message("Problem with SSL certificate file.", ec)
.c_str());
}
cert_set = true;
}
if (! chain_file.empty ())
if (!chain_file.empty())
{
// VFALCO Replace fopen() with RAII
FILE* f = fopen (chain_file.c_str (), "r");
FILE* f = fopen(chain_file.c_str(), "r");
if (!f)
{
LogicError (error_message (
"Problem opening SSL chain file.", boost::system::error_code (errno,
boost::system::generic_category())).c_str());
LogicError(error_message(
"Problem opening SSL chain file.",
boost::system::error_code(
errno, boost::system::generic_category()))
.c_str());
}
try
{
for (;;)
{
X509* const x = PEM_read_X509 (f, nullptr, nullptr, nullptr);
X509* const x = PEM_read_X509(f, nullptr, nullptr, nullptr);
if (x == nullptr)
break;
if (! cert_set)
if (!cert_set)
{
if (SSL_CTX_use_certificate (ssl, x) != 1)
LogicError ("Problem retrieving SSL certificate from chain file.");
if (SSL_CTX_use_certificate(ssl, x) != 1)
LogicError(
"Problem retrieving SSL certificate from chain "
"file.");
cert_set = true;
}
else if (SSL_CTX_add_extra_chain_cert (ssl, x) != 1)
else if (SSL_CTX_add_extra_chain_cert(ssl, x) != 1)
{
X509_free (x);
LogicError ("Problem adding SSL chain certificate.");
X509_free(x);
LogicError("Problem adding SSL chain certificate.");
}
}
fclose (f);
fclose(f);
}
catch (std::exception const&)
{
fclose (f);
LogicError ("Reading the SSL chain file generated an exception.");
fclose(f);
LogicError("Reading the SSL chain file generated an exception.");
}
}
if (! key_file.empty ())
if (!key_file.empty())
{
boost::system::error_code ec;
context.use_private_key_file (key_file,
boost::asio::ssl::context::pem, ec);
context.use_private_key_file(
key_file, boost::asio::ssl::context::pem, ec);
if (ec)
{
LogicError (error_message (
"Problem using the SSL private key file.", ec).c_str());
LogicError(
error_message("Problem using the SSL private key file.", ec)
.c_str());
}
}
if (SSL_CTX_check_private_key (ssl) != 1)
if (SSL_CTX_check_private_key(ssl) != 1)
{
LogicError ("Invalid key in SSL private key file.");
LogicError("Invalid key in SSL private key file.");
}
}
std::shared_ptr<boost::asio::ssl::context>
get_context (std::string const& cipherList)
get_context(std::string const& cipherList)
{
auto c = std::make_shared<boost::asio::ssl::context> (
auto c = std::make_shared<boost::asio::ssl::context>(
boost::asio::ssl::context::sslv23);
c->set_options (
c->set_options(
boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::no_sslv3 |
@@ -386,18 +392,16 @@ get_context (std::string const& cipherList)
{
auto const& l = !cipherList.empty() ? cipherList : defaultCipherList;
auto result = SSL_CTX_set_cipher_list (
c->native_handle (), l.c_str());
auto result = SSL_CTX_set_cipher_list(c->native_handle(), l.c_str());
if (result != 1)
LogicError ("SSL_CTX_set_cipher_list failed");
LogicError("SSL_CTX_set_cipher_list failed");
}
// These are the raw DH parameters that Ripple Labs has
// chosen for Ripple, in the binary format needed by
// d2i_DHparams.
//
unsigned char const params[] =
{
unsigned char const params[] = {
0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0x8f, 0xca, 0x66,
0x85, 0x33, 0xcb, 0xcf, 0x36, 0x27, 0xb2, 0x4c, 0xb8, 0x50, 0xb8, 0xf9,
0x53, 0xf8, 0xb9, 0x2d, 0x1c, 0xa2, 0xad, 0x86, 0x58, 0x29, 0x3b, 0x88,
@@ -420,26 +424,26 @@ get_context (std::string const& cipherList)
0x8d, 0xed, 0x44, 0xaa, 0x47, 0xaa, 0x52, 0xa2, 0xdb, 0xb6, 0xf5, 0xa1,
0x88, 0x85, 0xa1, 0xd5, 0x87, 0xb8, 0x07, 0xd3, 0x97, 0xbe, 0x37, 0x74,
0x72, 0xf1, 0xa8, 0x29, 0xf1, 0xa7, 0x7d, 0x19, 0xc3, 0x27, 0x09, 0xcf,
0x23, 0x02, 0x01, 0x02
};
0x23, 0x02, 0x01, 0x02};
unsigned char const *data = &params[0];
unsigned char const* data = &params[0];
custom_delete_unique_ptr<DH> const dh {d2i_DHparams (nullptr, &data, sizeof(params))};
custom_delete_unique_ptr<DH> const dh{
d2i_DHparams(nullptr, &data, sizeof(params))};
if (!dh)
LogicError ("d2i_DHparams returned nullptr.");
LogicError("d2i_DHparams returned nullptr.");
SSL_CTX_set_tmp_dh (c->native_handle (), dh.get());
SSL_CTX_set_tmp_dh(c->native_handle(), dh.get());
#ifdef SSL_FLAGS_NO_RENEGOTIATE_CIPHERS
SSL_CTX_set_info_callback (c->native_handle (), info_handler);
SSL_CTX_set_info_callback(c->native_handle(), info_handler);
#endif
return c;
}
} // detail
} // openssl
} // namespace detail
} // namespace openssl
//------------------------------------------------------------------------------
std::shared_ptr<boost::asio::ssl::context>
@@ -454,16 +458,15 @@ make_SSLContext(std::string const& cipherList)
}
std::shared_ptr<boost::asio::ssl::context>
make_SSLContextAuthed (
make_SSLContextAuthed(
std::string const& keyFile,
std::string const& certFile,
std::string const& chainFile,
std::string const& cipherList)
{
auto context = openssl::detail::get_context(cipherList);
openssl::detail::initAuthenticated(*context,
keyFile, certFile, chainFile);
openssl::detail::initAuthenticated(*context, keyFile, certFile, chainFile);
return context;
}
} // ripple
} // namespace ripple