From 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 Mon Sep 17 00:00:00 2001 From: peterbell10 Date: Wed, 30 Aug 2017 15:00:06 +0100 Subject: Update mbedtls to 2.5.1 (#3964) * Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target --- src/mbedTLS++/SslConfig.h | 93 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 src/mbedTLS++/SslConfig.h (limited to 'src/mbedTLS++/SslConfig.h') diff --git a/src/mbedTLS++/SslConfig.h b/src/mbedTLS++/SslConfig.h new file mode 100644 index 000000000..47a4f7b59 --- /dev/null +++ b/src/mbedTLS++/SslConfig.h @@ -0,0 +1,93 @@ + +#pragma once + +#include "mbedtls/ssl.h" + +// fwd: +class cCryptoKey; +class cCtrDrbgContext; +class cX509Cert; + +using cCryptoKeyPtr = std::shared_ptr; +using cCtrDrbgContextPtr = std::shared_ptr; +using cX509CertPtr = std::shared_ptr; + +enum class eSslAuthMode +{ + None = 0, // MBEDTLS_SSL_VERIFY_NONE + Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL + Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED + Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET +}; + + + +class cSslConfig +{ + friend class cSslContext; +public: + /** Type of the SSL debug callback. + Parameters are: + void * Opaque context for the callback + int Debug level + const char * File name + int Line number + const char * Message */ + using cDebugCallback = void(*)(void *, int, const char *, int, const char *); + + /** Type of the SSL certificate verify callback. + Parameters are: + void * Opaque context for the callback + mbedtls_x509_crt * Current cert + int Cert chain depth + uint32_t * Verification flags */ + using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *); + + cSslConfig(); + ~cSslConfig(); + + /** Initialize with mbedTLS default settings. */ + int InitDefaults(bool a_IsClient); + + /** Set the authorization mode. */ + void SetAuthMode(eSslAuthMode a_AuthMode); + + /** Set the random number generator. */ + void SetRng(cCtrDrbgContextPtr a_CtrDrbg); + + /** Set the debug callback. */ + void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData); + + /** Set the certificate verify callback. */ + void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData); + + /** Set the enabled cipher suites. */ + void SetCipherSuites(std::vector a_CipherSuites); + + /** Set the certificate to use for connections. */ + void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey); + + /** Set the trusted certificate authority chain. */ + void SetCACerts(cX509CertPtr a_CACert); + + /** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */ + static std::shared_ptr MakeDefaultConfig(bool a_IsClient); + + /** Returns the default config for client connections. */ + static std::shared_ptr GetDefaultClientConfig(); + + /** Returns the default config for server connections. */ + static std::shared_ptr GetDefaultServerConfig(); + +private: + + /** Returns a pointer to the wrapped mbedtls representation. */ + const mbedtls_ssl_config * GetInternal() const { return &m_Config; } + + mbedtls_ssl_config m_Config; + cCtrDrbgContextPtr m_CtrDrbg; + cX509CertPtr m_OwnCert; + cCryptoKeyPtr m_OwnCertPrivKey; + cX509CertPtr m_CACerts; + std::vector m_CipherSuites; +}; -- cgit v1.2.3