godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2026-01-06 10:11:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

openssl: Move to a module and split thirdparty lib

Browse Source 
Same rationale as the previous commits.

(cherry picked from commit 422196759f)

Removed the winrt-specific parts.
This commit is contained in:
Rémi Verschelde
2016-10-12 23:06:17 +02:00
parent 995dcb610c
commit 4cd640f684
957 changed files with 831 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

677
modules/openssl/SCsub Normal file
View File

@@ -0,0 +1,677 @@
Import('env')
Import('env_modules')
# Thirdparty source files
if (env["openssl"] != "system"): # builtin
thirdparty_dir = "#thirdparty/openssl/"
thirdparty_openssl_sources = [
"ssl/t1_lib.c",
"ssl/t1_ext.c",
"ssl/s3_srvr.c",
"ssl/t1_enc.c",
"ssl/t1_meth.c",
"ssl/s23_clnt.c",
"ssl/ssl_asn1.c",
"ssl/tls_srp.c",
"ssl/kssl.c",
"ssl/d1_both.c",
"ssl/t1_clnt.c",
"ssl/bio_ssl.c",
"ssl/d1_srtp.c",
"ssl/t1_reneg.c",
"ssl/ssl_cert.c",
"ssl/s3_lib.c",
"ssl/d1_srvr.c",
"ssl/s23_meth.c",
"ssl/ssl_stat.c",
"ssl/ssl_err.c",
"ssl/ssl_algs.c",
"ssl/s3_cbc.c",
"ssl/d1_clnt.c",
"ssl/s3_pkt.c",
"ssl/d1_meth.c",
"ssl/s3_both.c",
"ssl/s2_enc.c",
"ssl/s3_meth.c",
"ssl/s3_enc.c",
"ssl/s23_pkt.c",
"ssl/s2_pkt.c",
"ssl/d1_pkt.c",
"ssl/ssl_rsa.c",
"ssl/s23_srvr.c",
"ssl/s2_meth.c",
"ssl/s3_clnt.c",
"ssl/s23_lib.c",
"ssl/t1_srvr.c",
"ssl/ssl_lib.c",
"ssl/ssl_txt.c",
"ssl/s2_srvr.c",
"ssl/ssl_sess.c",
"ssl/s2_clnt.c",
"ssl/d1_lib.c",
"ssl/s2_lib.c",
"ssl/ssl_err2.c",
"ssl/ssl_ciph.c",
"crypto/dsa/dsa_lib.c",
"crypto/dsa/dsa_pmeth.c",
"crypto/dsa/dsa_ossl.c",
"crypto/dsa/dsa_gen.c",
"crypto/dsa/dsa_asn1.c",
"crypto/dsa/dsa_prn.c",
"crypto/dsa/dsa_sign.c",
"crypto/dsa/dsa_key.c",
"crypto/dsa/dsa_vrf.c",
"crypto/dsa/dsa_err.c",
"crypto/dsa/dsa_ameth.c",
"crypto/dsa/dsa_depr.c",
"crypto/x509/x509_lu.c",
"crypto/x509/x509cset.c",
"crypto/x509/x509_set.c",
"crypto/x509/x509_d2.c",
"crypto/x509/x509_txt.c",
"crypto/x509/x509rset.c",
"crypto/x509/by_dir.c",
"crypto/x509/x509_vpm.c",
"crypto/x509/x509_vfy.c",
"crypto/x509/x509_trs.c",
"crypto/x509/by_file.c",
"crypto/x509/x509_obj.c",
"crypto/x509/x509spki.c",
"crypto/x509/x509_v3.c",
"crypto/x509/x509_req.c",
"crypto/x509/x509_att.c",
"crypto/x509/x_all.c",
"crypto/x509/x509_ext.c",
"crypto/x509/x509type.c",
"crypto/x509/x509_def.c",
"crypto/x509/x509_err.c",
"crypto/x509/x509name.c",
"crypto/x509/x509_r2x.c",
"crypto/x509/x509_cmp.c",
"crypto/asn1/x_pkey.c",
"crypto/asn1/a_gentm.c",
"crypto/asn1/x_sig.c",
"crypto/asn1/t_req.c",
"crypto/asn1/t_pkey.c",
"crypto/asn1/p8_pkey.c",
"crypto/asn1/a_i2d_fp.c",
"crypto/asn1/x_val.c",
"crypto/asn1/f_string.c",
"crypto/asn1/p5_pbe.c",
"crypto/asn1/bio_ndef.c",
"crypto/asn1/a_bool.c",
"crypto/asn1/asn1_gen.c",
"crypto/asn1/x_algor.c",
"crypto/asn1/bio_asn1.c",
"crypto/asn1/asn_mime.c",
"crypto/asn1/t_x509.c",
"crypto/asn1/a_strex.c",
"crypto/asn1/x_nx509.c",
"crypto/asn1/asn1_err.c",
"crypto/asn1/x_crl.c",
"crypto/asn1/a_print.c",
"crypto/asn1/a_type.c",
"crypto/asn1/tasn_new.c",
"crypto/asn1/n_pkey.c",
"crypto/asn1/x_bignum.c",
"crypto/asn1/asn_pack.c",
"crypto/asn1/evp_asn1.c",
"crypto/asn1/t_bitst.c",
"crypto/asn1/x_req.c",
"crypto/asn1/a_time.c",
"crypto/asn1/x_name.c",
"crypto/asn1/x_pubkey.c",
"crypto/asn1/tasn_typ.c",
"crypto/asn1/asn_moid.c",
"crypto/asn1/a_utctm.c",
"crypto/asn1/asn1_lib.c",
"crypto/asn1/x_x509a.c",
"crypto/asn1/a_set.c",
"crypto/asn1/t_crl.c",
"crypto/asn1/p5_pbev2.c",
"crypto/asn1/tasn_enc.c",
"crypto/asn1/a_mbstr.c",
"crypto/asn1/tasn_dec.c",
"crypto/asn1/x_x509.c",
"crypto/asn1/a_octet.c",
"crypto/asn1/x_long.c",
"crypto/asn1/a_bytes.c",
"crypto/asn1/t_x509a.c",
"crypto/asn1/a_enum.c",
"crypto/asn1/a_int.c",
"crypto/asn1/tasn_prn.c",
"crypto/asn1/i2d_pr.c",
"crypto/asn1/a_utf8.c",
"crypto/asn1/t_spki.c",
"crypto/asn1/a_digest.c",
"crypto/asn1/a_dup.c",
"crypto/asn1/i2d_pu.c",
"crypto/asn1/a_verify.c",
"crypto/asn1/f_enum.c",
"crypto/asn1/a_sign.c",
"crypto/asn1/d2i_pr.c",
"crypto/asn1/asn1_par.c",
"crypto/asn1/x_spki.c",
"crypto/asn1/a_d2i_fp.c",
"crypto/asn1/f_int.c",
"crypto/asn1/x_exten.c",
"crypto/asn1/tasn_utl.c",
"crypto/asn1/nsseq.c",
"crypto/asn1/a_bitstr.c",
"crypto/asn1/x_info.c",
"crypto/asn1/a_strnid.c",
"crypto/asn1/a_object.c",
"crypto/asn1/tasn_fre.c",
"crypto/asn1/d2i_pu.c",
"crypto/asn1/ameth_lib.c",
"crypto/asn1/x_attrib.c",
"crypto/evp/m_sha.c",
"crypto/evp/e_camellia.c",
"crypto/evp/e_aes.c",
"crypto/evp/bio_b64.c",
"crypto/evp/m_sigver.c",
"crypto/evp/m_wp.c",
"crypto/evp/m_sha1.c",
"crypto/evp/p_seal.c",
"crypto/evp/c_alld.c",
"crypto/evp/p5_crpt.c",
"crypto/evp/e_rc4.c",
"crypto/evp/m_ecdsa.c",
"crypto/evp/bio_enc.c",
"crypto/evp/e_des3.c",
"crypto/evp/m_null.c",
"crypto/evp/bio_ok.c",
"crypto/evp/pmeth_gn.c",
"crypto/evp/e_rc5.c",
"crypto/evp/e_rc2.c",
"crypto/evp/p_dec.c",
"crypto/evp/p_verify.c",
"crypto/evp/e_rc4_hmac_md5.c",
"crypto/evp/pmeth_lib.c",
"crypto/evp/m_ripemd.c",
"crypto/evp/m_md5.c",
"crypto/evp/e_bf.c",
"crypto/evp/p_enc.c",
"crypto/evp/m_dss.c",
"crypto/evp/bio_md.c",
"crypto/evp/evp_pbe.c",
"crypto/evp/e_seed.c",
"crypto/evp/e_cast.c",
"crypto/evp/p_open.c",
"crypto/evp/p5_crpt2.c",
"crypto/evp/m_dss1.c",
"crypto/evp/names.c",
"crypto/evp/evp_acnf.c",
"crypto/evp/e_des.c",
"crypto/evp/evp_cnf.c",
"crypto/evp/evp_lib.c",
"crypto/evp/digest.c",
"crypto/evp/evp_err.c",
"crypto/evp/evp_enc.c",
"crypto/evp/e_old.c",
"crypto/evp/c_all.c",
"crypto/evp/m_md2.c",
"crypto/evp/e_xcbc_d.c",
"crypto/evp/pmeth_fn.c",
"crypto/evp/p_lib.c",
"crypto/evp/evp_key.c",
"crypto/evp/encode.c",
"crypto/evp/e_aes_cbc_hmac_sha1.c",
"crypto/evp/e_aes_cbc_hmac_sha256.c",
"crypto/evp/m_mdc2.c",
"crypto/evp/e_null.c",
"crypto/evp/p_sign.c",
"crypto/evp/e_idea.c",
"crypto/evp/c_allc.c",
"crypto/evp/evp_pkey.c",
"crypto/evp/m_md4.c",
"crypto/ex_data.c",
"crypto/pkcs12/p12_p8e.c",
"crypto/pkcs12/p12_crt.c",
"crypto/pkcs12/p12_utl.c",
"crypto/pkcs12/p12_attr.c",
"crypto/pkcs12/p12_npas.c",
"crypto/pkcs12/p12_decr.c",
"crypto/pkcs12/p12_init.c",
"crypto/pkcs12/p12_kiss.c",
"crypto/pkcs12/p12_add.c",
"crypto/pkcs12/p12_p8d.c",
"crypto/pkcs12/p12_mutl.c",
"crypto/pkcs12/p12_crpt.c",
"crypto/pkcs12/pk12err.c",
"crypto/pkcs12/p12_asn.c",
"crypto/pkcs12/p12_key.c",
"crypto/ecdh/ech_key.c",
"crypto/ecdh/ech_ossl.c",
"crypto/ecdh/ech_lib.c",
"crypto/ecdh/ech_err.c",
"crypto/ecdh/ech_kdf.c",
"crypto/o_str.c",
"crypto/conf/conf_api.c",
"crypto/conf/conf_err.c",
"crypto/conf/conf_def.c",
"crypto/conf/conf_lib.c",
"crypto/conf/conf_mall.c",
"crypto/conf/conf_sap.c",
"crypto/conf/conf_mod.c",
"crypto/ebcdic.c",
"crypto/ecdsa/ecs_lib.c",
"crypto/ecdsa/ecs_asn1.c",
"crypto/ecdsa/ecs_ossl.c",
"crypto/ecdsa/ecs_vrf.c",
"crypto/ecdsa/ecs_sign.c",
"crypto/ecdsa/ecs_err.c",
"crypto/dso/dso_win32.c",
"crypto/dso/dso_lib.c",
"crypto/dso/dso_dlfcn.c",
"crypto/dso/dso_dl.c",
"crypto/dso/dso_beos.c",
"crypto/dso/dso_null.c",
"crypto/dso/dso_vms.c",
"crypto/dso/dso_err.c",
"crypto/dso/dso_openssl.c",
"crypto/cryptlib.c",
"crypto/md5/md5_one.c",
"crypto/md5/md5_dgst.c",
"crypto/pkcs7/pkcs7err.c",
"crypto/pkcs7/pk7_smime.c",
"crypto/pkcs7/bio_pk7.c",
"crypto/pkcs7/pk7_mime.c",
"crypto/pkcs7/pk7_lib.c",
"crypto/pkcs7/pk7_asn1.c",
"crypto/pkcs7/pk7_doit.c",
"crypto/pkcs7/pk7_attr.c",
"crypto/md4/md4_one.c",
"crypto/md4/md4_dgst.c",
"crypto/o_dir.c",
"crypto/buffer/buf_err.c",
"crypto/buffer/buf_str.c",
"crypto/buffer/buffer.c",
"crypto/cms/cms_lib.c",
"crypto/cms/cms_io.c",
"crypto/cms/cms_err.c",
"crypto/cms/cms_dd.c",
"crypto/cms/cms_smime.c",
"crypto/cms/cms_att.c",
"crypto/cms/cms_pwri.c",
"crypto/cms/cms_cd.c",
"crypto/cms/cms_sd.c",
"crypto/cms/cms_asn1.c",
"crypto/cms/cms_env.c",
"crypto/cms/cms_enc.c",
"crypto/cms/cms_ess.c",
"crypto/cms/cms_kari.c",
"crypto/mem_dbg.c",
"crypto/uid.c",
"crypto/stack/stack.c",
"crypto/ec/ec_ameth.c",
"crypto/ec/ec_err.c",
"crypto/ec/ec_lib.c",
"crypto/ec/ec_curve.c",
"crypto/ec/ec_oct.c",
"crypto/ec/ec_asn1.c",
"crypto/ec/ecp_oct.c",
"crypto/ec/ec_print.c",
"crypto/ec/ec2_smpl.c",
"crypto/ec/ecp_nistp224.c",
"crypto/ec/ec2_oct.c",
"crypto/ec/eck_prn.c",
"crypto/ec/ec_key.c",
"crypto/ec/ecp_nist.c",
"crypto/ec/ec_check.c",
"crypto/ec/ecp_smpl.c",
"crypto/ec/ec2_mult.c",
"crypto/ec/ecp_mont.c",
"crypto/ec/ecp_nistp521.c",
"crypto/ec/ec_mult.c",
"crypto/ec/ecp_nistputil.c",
"crypto/ec/ec_pmeth.c",
"crypto/ec/ec_cvt.c",
"crypto/ec/ecp_nistp256.c",
"crypto/krb5/krb5_asn.c",
"crypto/hmac/hmac.c",
"crypto/hmac/hm_ameth.c",
"crypto/hmac/hm_pmeth.c",
"crypto/comp/c_rle.c",
"crypto/comp/c_zlib.c",
"crypto/comp/comp_lib.c",
"crypto/comp/comp_err.c",
"crypto/des/fcrypt.c",
"crypto/des/str2key.c",
"crypto/des/cbc_cksm.c",
"crypto/des/des_enc.c",
"crypto/des/ofb_enc.c",
"crypto/des/read2pwd.c",
"crypto/des/ecb3_enc.c",
"crypto/des/rand_key.c",
"crypto/des/cfb64ede.c",
"crypto/des/rpc_enc.c",
"crypto/des/ofb64ede.c",
"crypto/des/qud_cksm.c",
"crypto/des/enc_writ.c",
"crypto/des/set_key.c",
"crypto/des/xcbc_enc.c",
"crypto/des/fcrypt_b.c",
"crypto/des/ede_cbcm_enc.c",
"crypto/des/des_old2.c",
"crypto/des/cfb_enc.c",
"crypto/des/ecb_enc.c",
"crypto/des/enc_read.c",
"crypto/des/des_old.c",
"crypto/des/ofb64enc.c",
"crypto/des/pcbc_enc.c",
"crypto/des/cbc_enc.c",
"crypto/des/cfb64enc.c",
"crypto/lhash/lh_stats.c",
"crypto/lhash/lhash.c",
"crypto/x509v3/v3_genn.c",
"crypto/x509v3/pcy_cache.c",
"crypto/x509v3/v3_sxnet.c",
"crypto/x509v3/v3_scts.c",
"crypto/x509v3/v3err.c",
"crypto/x509v3/v3_conf.c",
"crypto/x509v3/v3_utl.c",
"crypto/x509v3/v3_akeya.c",
"crypto/x509v3/v3_lib.c",
"crypto/x509v3/pcy_lib.c",
"crypto/x509v3/v3_cpols.c",
"crypto/x509v3/v3_ia5.c",
"crypto/x509v3/v3_bitst.c",
"crypto/x509v3/v3_skey.c",
"crypto/x509v3/v3_info.c",
"crypto/x509v3/v3_asid.c",
"crypto/x509v3/pcy_tree.c",
"crypto/x509v3/v3_pcons.c",
"crypto/x509v3/v3_bcons.c",
"crypto/x509v3/v3_pku.c",
"crypto/x509v3/v3_ocsp.c",
"crypto/x509v3/pcy_map.c",
"crypto/x509v3/v3_ncons.c",
"crypto/x509v3/v3_purp.c",
"crypto/x509v3/v3_enum.c",
"crypto/x509v3/v3_pmaps.c",
"crypto/x509v3/pcy_node.c",
"crypto/x509v3/v3_pcia.c",
"crypto/x509v3/v3_crld.c",
"crypto/x509v3/v3_pci.c",
"crypto/x509v3/v3_akey.c",
"crypto/x509v3/v3_addr.c",
"crypto/x509v3/v3_int.c",
"crypto/x509v3/v3_alt.c",
"crypto/x509v3/v3_extku.c",
"crypto/x509v3/v3_prn.c",
"crypto/x509v3/pcy_data.c",
"crypto/aes/aes_ofb.c",
"crypto/aes/aes_ctr.c",
"crypto/aes/aes_ecb.c",
"crypto/aes/aes_cfb.c",
"crypto/aes/aes_wrap.c",
"crypto/aes/aes_ige.c",
"crypto/aes/aes_misc.c",
"crypto/pqueue/pqueue.c",
"crypto/sha/sha_one.c",
"crypto/sha/sha_dgst.c",
"crypto/sha/sha512.c",
"crypto/sha/sha1_one.c",
"crypto/sha/sha1dgst.c",
"crypto/sha/sha256.c",
"crypto/whrlpool/wp_dgst.c",
"crypto/objects/obj_xref.c",
"crypto/objects/o_names.c",
"crypto/objects/obj_err.c",
"crypto/objects/obj_dat.c",
"crypto/objects/obj_lib.c",
"crypto/mem.c",
"crypto/fips_ers.c",
"crypto/o_fips.c",
"crypto/engine/eng_rdrand.c",
"crypto/engine/eng_err.c",
"crypto/engine/tb_ecdsa.c",
"crypto/engine/tb_rsa.c",
"crypto/engine/tb_cipher.c",
"crypto/engine/tb_dsa.c",
"crypto/engine/eng_lib.c",
"crypto/engine/tb_asnmth.c",
"crypto/engine/tb_ecdh.c",
"crypto/engine/tb_dh.c",
"crypto/engine/tb_store.c",
"crypto/engine/eng_init.c",
"crypto/engine/eng_cnf.c",
"crypto/engine/eng_all.c",
"crypto/engine/tb_digest.c",
"crypto/engine/tb_pkmeth.c",
"crypto/engine/eng_table.c",
"crypto/engine/eng_ctrl.c",
"crypto/engine/eng_list.c",
"crypto/engine/eng_cryptodev.c",
"crypto/engine/eng_pkey.c",
"crypto/engine/tb_rand.c",
"crypto/engine/eng_openssl.c",
"crypto/engine/eng_fat.c",
"crypto/engine/eng_dyn.c",
"crypto/ts/ts_rsp_verify.c",
"crypto/ts/ts_req_print.c",
"crypto/ts/ts_verify_ctx.c",
"crypto/ts/ts_req_utils.c",
"crypto/ts/ts_err.c",
"crypto/ts/ts_rsp_print.c",
"crypto/ts/ts_rsp_utils.c",
"crypto/ts/ts_lib.c",
"crypto/ts/ts_conf.c",
"crypto/ts/ts_asn1.c",
"crypto/ts/ts_rsp_sign.c",
"crypto/ocsp/ocsp_ext.c",
"crypto/ocsp/ocsp_cl.c",
"crypto/ocsp/ocsp_ht.c",
"crypto/ocsp/ocsp_lib.c",
"crypto/ocsp/ocsp_srv.c",
"crypto/ocsp/ocsp_vfy.c",
"crypto/ocsp/ocsp_err.c",
"crypto/ocsp/ocsp_prn.c",
"crypto/ocsp/ocsp_asn.c",
"crypto/bf/bf_cfb64.c",
"crypto/bf/bf_ecb.c",
"crypto/bf/bf_enc.c",
"crypto/bf/bf_skey.c",
"crypto/bf/bf_ofb64.c",
"crypto/idea/i_skey.c",
"crypto/idea/i_ofb64.c",
"crypto/idea/i_cbc.c",
"crypto/idea/i_ecb.c",
"crypto/idea/i_cfb64.c",
"crypto/cmac/cm_ameth.c",
"crypto/cmac/cmac.c",
"crypto/cmac/cm_pmeth.c",
"crypto/dh/dh_lib.c",
"crypto/dh/dh_key.c",
"crypto/dh/dh_asn1.c",
"crypto/dh/dh_depr.c",
"crypto/dh/dh_pmeth.c",
"crypto/dh/dh_prn.c",
"crypto/dh/dh_gen.c",
"crypto/dh/dh_ameth.c",
"crypto/dh/dh_check.c",
"crypto/dh/dh_err.c",
"crypto/dh/dh_kdf.c",
"crypto/dh/dh_rfc5114.c",
"crypto/modes/ccm128.c",
"crypto/modes/ofb128.c",
"crypto/modes/cts128.c",
"crypto/modes/ctr128.c",
"crypto/modes/gcm128.c",
"crypto/modes/cbc128.c",
"crypto/modes/cfb128.c",
"crypto/modes/xts128.c",
"crypto/modes/wrap128.c",
"crypto/camellia/cmll_cfb.c",
"crypto/camellia/cmll_ecb.c",
"crypto/camellia/cmll_utl.c",
"crypto/camellia/cmll_misc.c",
"crypto/camellia/cmll_ofb.c",
"crypto/camellia/cmll_ctr.c",
"crypto/seed/seed_ecb.c",
"crypto/seed/seed_cbc.c",
"crypto/seed/seed.c",
"crypto/seed/seed_ofb.c",
"crypto/seed/seed_cfb.c",
"crypto/txt_db/txt_db.c",
"crypto/cpt_err.c",
"crypto/pem/pem_pk8.c",
"crypto/pem/pem_lib.c",
"crypto/pem/pem_sign.c",
"crypto/pem/pem_all.c",
"crypto/pem/pem_info.c",
"crypto/pem/pem_pkey.c",
"crypto/pem/pem_seal.c",
"crypto/pem/pem_err.c",
"crypto/pem/pem_xaux.c",
"crypto/pem/pvkfmt.c",
"crypto/pem/pem_x509.c",
"crypto/pem/pem_oth.c",
"crypto/rand/rand_lib.c",
"crypto/rand/randfile.c",
"crypto/rand/rand_os2.c",
"crypto/rand/rand_unix.c",
"crypto/rand/rand_nw.c",
"crypto/rand/md_rand.c",
"crypto/rand/rand_err.c",
"crypto/rand/rand_win.c",
"crypto/rand/rand_egd.c",
"crypto/cversion.c",
"crypto/cast/c_ecb.c",
"crypto/cast/c_skey.c",
"crypto/cast/c_ofb64.c",
"crypto/cast/c_enc.c",
"crypto/cast/c_cfb64.c",
"crypto/o_time.c",
"crypto/mdc2/mdc2dgst.c",
"crypto/mdc2/mdc2_one.c",
"crypto/rc4/rc4_utl.c",
"crypto/ui/ui_compat.c",
"crypto/ui/ui_util.c",
"crypto/ui/ui_lib.c",
"crypto/ui/ui_err.c",
"crypto/ui/ui_openssl.c",
"crypto/bio/bf_buff.c",
"crypto/bio/bss_null.c",
"crypto/bio/bss_acpt.c",
"crypto/bio/bss_conn.c",
"crypto/bio/bss_fd.c",
"crypto/bio/bf_null.c",
"crypto/bio/bio_err.c",
"crypto/bio/bss_sock.c",
"crypto/bio/bss_mem.c",
"crypto/bio/b_dump.c",
"crypto/bio/b_print.c",
"crypto/bio/b_sock.c",
"crypto/bio/bss_dgram.c",
"crypto/bio/bf_nbio.c",
"crypto/bio/bio_lib.c",
"crypto/bio/bss_file.c",
"crypto/bio/bss_bio.c",
"crypto/bio/bss_log.c",
"crypto/bio/bio_cb.c",
"crypto/o_init.c",
"crypto/rc2/rc2_skey.c",
"crypto/rc2/rc2_cbc.c",
"crypto/rc2/rc2cfb64.c",
"crypto/rc2/rc2_ecb.c",
"crypto/rc2/rc2ofb64.c",
"crypto/bn/bn_x931p.c",
"crypto/bn/bn_blind.c",
"crypto/bn/bn_gf2m.c",
"crypto/bn/bn_const.c",
"crypto/bn/bn_sqr.c",
"crypto/bn/bn_nist.c",
"crypto/bn/bn_rand.c",
"crypto/bn/bn_err.c",
"crypto/bn/bn_div.c",
"crypto/bn/bn_kron.c",
"crypto/bn/bn_ctx.c",
"crypto/bn/bn_shift.c",
"crypto/bn/bn_mod.c",
"crypto/bn/bn_exp2.c",
"crypto/bn/bn_word.c",
"crypto/bn/bn_add.c",
"crypto/bn/bn_exp.c",
"crypto/bn/bn_mont.c",
"crypto/bn/bn_print.c",
"crypto/bn/bn_mul.c",
"crypto/bn/bn_prime.c",
"crypto/bn/bn_depr.c",
"crypto/bn/bn_gcd.c",
"crypto/bn/bn_mpi.c",
"crypto/bn/bn_sqrt.c",
"crypto/bn/bn_recp.c",
"crypto/bn/bn_lib.c",
"crypto/ripemd/rmd_dgst.c",
"crypto/ripemd/rmd_one.c",
"crypto/rsa/rsa_x931.c",
"crypto/rsa/rsa_depr.c",
"crypto/rsa/rsa_saos.c",
"crypto/rsa/rsa_crpt.c",
"crypto/rsa/rsa_pss.c",
"crypto/rsa/rsa_oaep.c",
"crypto/rsa/rsa_null.c",
"crypto/rsa/rsa_gen.c",
"crypto/rsa/rsa_prn.c",
"crypto/rsa/rsa_pmeth.c",
"crypto/rsa/rsa_asn1.c",
"crypto/rsa/rsa_ssl.c",
"crypto/rsa/rsa_ameth.c",
"crypto/rsa/rsa_pk1.c",
"crypto/rsa/rsa_err.c",
"crypto/rsa/rsa_lib.c",
"crypto/rsa/rsa_none.c",
"crypto/rsa/rsa_chk.c",
"crypto/rsa/rsa_eay.c",
"crypto/rsa/rsa_sign.c",
"crypto/srp/srp_lib.c",
"crypto/srp/srp_vfy.c",
"crypto/err/err.c",
"crypto/err/err_prn.c",
"crypto/err/err_all.c",
"crypto/mem_clr.c",
"crypto/rc4/rc4_skey.c",
"crypto/rc4/rc4_enc.c",
"crypto/camellia/camellia.c",
"crypto/camellia/cmll_cbc.c",
#"crypto/aes/aes_x86core.c",
"crypto/aes/aes_core.c",
"crypto/aes/aes_cbc.c",
"crypto/whrlpool/wp_block.c",
"crypto/bn/bn_asm.c",
]
thirdparty_openssl_sources = [thirdparty_dir + file for file in thirdparty_openssl_sources]
env_modules.add_source_files(env.modules_sources, thirdparty_openssl_sources)
# FIXME: Clone the environment to make a env_openssl and not pollute the modules env
thirdparty_include_paths = [
"",
"crypto",
"crypto/asn1",
"crypto/evp",
"crypto/modes",
"openssl",
]
env_modules.Append(CPPPATH = [thirdparty_dir + "/" + dir for dir in thirdparty_include_paths])
env_modules.Append(CPPFLAGS = ["-DOPENSSL_NO_ASM", "-DOPENSSL_THREADS", "-DL_ENDIAN"])
# Workaround for compilation error with GCC/Clang when -Werror is too greedy (GH-4517)
import os
import methods
if not (os.name=="nt" and methods.msvc_is_detected()): # not Windows and not MSVC
env_modules.Append(CFLAGS = ["-Wno-error=implicit-function-declaration"])
# Module sources
env_modules.add_source_files(env.modules_sources, "*.cpp")
env_modules.add_source_files(env.modules_sources, "*.c")
Export('env_modules')
Export('env')

6
modules/openssl/config.py Normal file
View File

@@ -0,0 +1,6 @@
def can_build(platform):
return True
def configure(env):
pass

217
modules/openssl/curl_hostcheck.c Normal file
View File

@@ -0,0 +1,217 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
/* This file is an amalgamation of hostcheck.c and most of rawstr.c
from cURL. The contents of the COPYING file mentioned above are:
COPYRIGHT AND PERMISSION NOTICE
Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
All rights reserved.
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not
be used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization of the copyright holder.
*/
#include "curl_hostcheck.h"
#include <string.h>
/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
its behavior is altered by the current locale. */
static char Curl_raw_toupper(char in)
{
switch (in) {
case 'a':
return 'A';
case 'b':
return 'B';
case 'c':
return 'C';
case 'd':
return 'D';
case 'e':
return 'E';
case 'f':
return 'F';
case 'g':
return 'G';
case 'h':
return 'H';
case 'i':
return 'I';
case 'j':
return 'J';
case 'k':
return 'K';
case 'l':
return 'L';
case 'm':
return 'M';
case 'n':
return 'N';
case 'o':
return 'O';
case 'p':
return 'P';
case 'q':
return 'Q';
case 'r':
return 'R';
case 's':
return 'S';
case 't':
return 'T';
case 'u':
return 'U';
case 'v':
return 'V';
case 'w':
return 'W';
case 'x':
return 'X';
case 'y':
return 'Y';
case 'z':
return 'Z';
}
return in;
}
/*
* Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
* to be locale independent and only compare strings we know are safe for
* this. See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
* some further explanation to why this function is necessary.
*
* The function is capable of comparing a-z case insensitively even for
* non-ascii.
*/
static int Curl_raw_equal(const char *first, const char *second)
{
while(*first && *second) {
if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
/* get out of the loop as soon as they don't match */
break;
first++;
second++;
}
/* we do the comparison here (possibly again), just to make sure that if the
loop above is skipped because one of the strings reached zero, we must not
return this as a successful match */
return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
}
static int Curl_raw_nequal(const char *first, const char *second, size_t max)
{
while(*first && *second && max) {
if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
break;
}
max--;
first++;
second++;
}
if(0 == max)
return 1; /* they are equal this far */
return Curl_raw_toupper(*first) == Curl_raw_toupper(*second);
}
/*
* Match a hostname against a wildcard pattern.
* E.g.
* "foo.host.com" matches "*.host.com".
*
* We use the matching rule described in RFC6125, section 6.4.3.
* http://tools.ietf.org/html/rfc6125#section-6.4.3
*/
static int hostmatch(const char *hostname, const char *pattern)
{
const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
int wildcard_enabled;
size_t prefixlen, suffixlen;
pattern_wildcard = strchr(pattern, '*');
if(pattern_wildcard == NULL)
return Curl_raw_equal(pattern, hostname) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
/* We require at least 2 dots in pattern to avoid too wide wildcard
match. */
wildcard_enabled = 1;
pattern_label_end = strchr(pattern, '.');
if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
pattern_wildcard > pattern_label_end ||
Curl_raw_nequal(pattern, "xn--", 4)) {
wildcard_enabled = 0;
}
if(!wildcard_enabled)
return Curl_raw_equal(pattern, hostname) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
hostname_label_end = strchr(hostname, '.');
if(hostname_label_end == NULL ||
!Curl_raw_equal(pattern_label_end, hostname_label_end))
return CURL_HOST_NOMATCH;
/* The wildcard must match at least one character, so the left-most
label of the hostname is at least as large as the left-most label
of the pattern. */
if(hostname_label_end - hostname < pattern_label_end - pattern)
return CURL_HOST_NOMATCH;
prefixlen = pattern_wildcard - pattern;
suffixlen = pattern_label_end - (pattern_wildcard+1);
return Curl_raw_nequal(pattern, hostname, prefixlen) &&
Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
suffixlen) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
}
int Tool_Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
{
if(!match_pattern || !*match_pattern ||
!hostname || !*hostname) /* sanity check */
return 0;
if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
return 1;
if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
return 1;
return 0;
}

39
modules/openssl/curl_hostcheck.h Normal file
View File

@@ -0,0 +1,39 @@
#ifndef HEADER_TOOL_CURL_HOSTCHECK_H
#define HEADER_TOOL_CURL_HOSTCHECK_H
#ifdef __cplusplus
extern "C" {
#endif
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#define CURL_HOST_NOMATCH 0
#define CURL_HOST_MATCH 1
int Tool_Curl_cert_hostcheck(const char *match_pattern, const char *hostname);
#ifdef __cplusplus
}
#endif
#endif /* HEADER_CURL_HOSTCHECK_H */

42
modules/openssl/register_types.cpp Normal file
View File

@@ -0,0 +1,42 @@
/*************************************************************************/
/* register_types.cpp */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* http://www.godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#include "register_types.h"
#include "stream_peer_openssl.h"
void register_openssl_types() {
ObjectTypeDB::register_type<StreamPeerOpenSSL>();
StreamPeerOpenSSL::initialize_ssl();
}
void unregister_openssl_types() {
StreamPeerOpenSSL::finalize_ssl();
}

30
modules/openssl/register_types.h Normal file
View File

@@ -0,0 +1,30 @@
/*************************************************************************/
/* register_types.h */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* http://www.godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
void register_openssl_types();
void unregister_openssl_types();

646
modules/openssl/stream_peer_openssl.cpp Normal file
View File

@@ -0,0 +1,646 @@
/*************************************************************************/
/* stream_peer_openssl.cpp */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* http://www.godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#include "stream_peer_openssl.h"
//hostname matching code from curl
//#include <openssl/applink.c> // To prevent crashing (see the OpenSSL FAQ)
bool StreamPeerOpenSSL::_match_host_name(const char *name, const char *hostname) {
return Tool_Curl_cert_hostcheck(name,hostname)==CURL_HOST_MATCH;
// print_line("MATCH: "+String(name)+" vs "+String(hostname));
// return true;
}
Error StreamPeerOpenSSL::_match_common_name(const char *hostname, const X509 *server_cert) {
int common_name_loc = -1;
X509_NAME_ENTRY *common_name_entry = NULL;
ASN1_STRING *common_name_asn1 = NULL;
char *common_name_str = NULL;
// Find the position of the CN field in the Subject field of the certificate
common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
ERR_FAIL_COND_V(common_name_loc < 0, ERR_INVALID_PARAMETER );
// Extract the CN field
common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc);
ERR_FAIL_COND_V(common_name_entry == NULL, ERR_INVALID_PARAMETER );
// Convert the CN field to a C string
common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
ERR_FAIL_COND_V(common_name_asn1 == NULL, ERR_INVALID_PARAMETER );
common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
// Make sure there isn't an embedded NUL character in the CN
bool malformed_certificate = (size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str);
ERR_FAIL_COND_V(malformed_certificate, ERR_INVALID_PARAMETER );
// Compare expected hostname with the CN
return _match_host_name(common_name_str,hostname)?OK:FAILED;
}
/**
* Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
*
*/
Error StreamPeerOpenSSL::_match_subject_alternative_name(const char *hostname, const X509 *server_cert) {
Error result = FAILED;
int i;
int san_names_nb = -1;
STACK_OF(GENERAL_NAME) *san_names = NULL;
// Try to extract the names within the SAN extension from the certificate
san_names = (STACK_OF(GENERAL_NAME) *)X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
if (san_names == NULL) {
return ERR_FILE_NOT_FOUND;
}
san_names_nb = sk_GENERAL_NAME_num(san_names);
// Check each name within the extension
for (i=0; i<san_names_nb; i++) {
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
if (current_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName);
// Make sure there isn't an embedded NUL character in the DNS name
if ((size_t)ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
result = ERR_INVALID_PARAMETER;
break;
}
else { // Compare expected hostname with the DNS name
if (_match_host_name(dns_name, hostname)) {
result = OK;
break;
}
}
}
}
sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
return result;
}
/* See http://archives.seul.org/libevent/users/Jan-2013/msg00039.html */
int StreamPeerOpenSSL::_cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg) {
/* This is the function that OpenSSL would call if we hadn't called
* SSL_CTX_set_cert_verify_callback(). Therefore, we are "wrapping"
* the default functionality, rather than replacing it. */
bool base_cert_valid = X509_verify_cert(x509_ctx);
if (!base_cert_valid) {
print_line("Cause: "+String(X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx))));
ERR_print_errors_fp(stdout);
}
X509 *server_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
ERR_FAIL_COND_V(!server_cert,0);
char cert_str[256];
X509_NAME_oneline(X509_get_subject_name (server_cert),
cert_str, sizeof (cert_str));
print_line("CERT STR: "+String(cert_str));
print_line("VALID: "+itos(base_cert_valid));
if (!base_cert_valid)
return 0;
StreamPeerOpenSSL *ssl = (StreamPeerOpenSSL *)arg;
if (ssl->validate_hostname) {
Error err = _match_subject_alternative_name(ssl->hostname.utf8().get_data(),server_cert);
if (err==ERR_FILE_NOT_FOUND) {
err = _match_common_name(ssl->hostname.utf8().get_data(),server_cert);
}
if (err!=OK) {
ssl->status=STATUS_ERROR_HOSTNAME_MISMATCH;
return 0;
}
}
return 1;
}
int StreamPeerOpenSSL::_bio_create( BIO *b ) {
b->init = 1;
b->num = 0;
b->ptr = NULL;
b->flags = 0;
return 1;
}
int StreamPeerOpenSSL::_bio_destroy( BIO *b )
{
if ( b == NULL )
return 0;
b->ptr = NULL; /* sb_tls_remove() will free it */
b->init = 0;
b->flags = 0;
return 1;
}
int StreamPeerOpenSSL::_bio_read( BIO *b, char *buf, int len ) {
if ( buf == NULL || len <= 0 ) return 0;
StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
ERR_FAIL_COND_V( sp == NULL, 0);
BIO_clear_retry_flags( b );
if (sp->use_blocking) {
Error err = sp->base->get_data((uint8_t*)buf,len);
if (err!=OK) {
return -1;
}
return len;
} else {
int got;
Error err = sp->base->get_partial_data((uint8_t*)buf,len,got);
if (err!=OK) {
return -1;
}
if (got==0) {
BIO_set_retry_read( b );
}
return got;
}
//unreachable
return 0;
}
int StreamPeerOpenSSL::_bio_write( BIO *b, const char *buf, int len ) {
if ( buf == NULL || len <= 0 ) return 0;
StreamPeerOpenSSL *sp = (StreamPeerOpenSSL *)b->ptr;
ERR_FAIL_COND_V( sp == NULL, 0);
BIO_clear_retry_flags( b );
if (sp->use_blocking) {
Error err = sp->base->put_data((const uint8_t*)buf,len);
if (err!=OK) {
return -1;
}
return len;
} else {
int sent;
Error err = sp->base->put_partial_data((const uint8_t*)buf,len,sent);
if (err!=OK) {
return -1;
}
if (sent==0) {
BIO_set_retry_write( b );
}
return sent;
}
//unreachable
return 0;
}
long StreamPeerOpenSSL::_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
{
if ( cmd == BIO_CTRL_FLUSH ) {
/* The OpenSSL library needs this */
return 1;
}
return 0;
}
int StreamPeerOpenSSL::_bio_gets( BIO *b, char *buf, int len )
{
return -1;
}
int StreamPeerOpenSSL::_bio_puts( BIO *b, const char *str )
{
return _bio_write( b, str, strlen( str ) );
}
BIO_METHOD StreamPeerOpenSSL::_bio_method = {
/* it's a source/sink BIO */
( 100 | 0x400 ),
"streampeer glue",
_bio_write,
_bio_read,
_bio_puts,
_bio_gets,
_bio_ctrl,
_bio_create,
_bio_destroy
};
Error StreamPeerOpenSSL::connect(Ref<StreamPeer> p_base, bool p_validate_certs, const String& p_for_hostname) {
if (connected)
disconnect();
hostname=p_for_hostname;
status=STATUS_DISCONNECTED;
// Set up a SSL_CTX object, which will tell our BIO object how to do its work
ctx = SSL_CTX_new(SSLv23_client_method());
base=p_base;
validate_certs=p_validate_certs;
validate_hostname=p_for_hostname!="";
if (p_validate_certs) {
if (certs.size()) {
//yay for undocumented OpenSSL functions
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
for(int i=0;i<certs.size();i++) {
X509_STORE_add_cert(store,certs[i]);
}
#if 0
const unsigned char *in=(const unsigned char *)certs.ptr();
X509 *Cert = d2i_X509(NULL, &in, certs.size()-1);
if (!Cert) {
print_line(String(ERR_error_string(ERR_get_error(),NULL)));
}
ERR_FAIL_COND_V(!Cert,ERR_PARSE_ERROR);
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
X509_STORE_add_cert(store,Cert);
//char *str = X509_NAME_oneline(X509_get_subject_name(Cert),0,0);
//printf ("subject: %s\n", str); /* [1] */
#endif
}
//used for testing
//int res = SSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt",NULL);
//print_line("verify locations res: "+itos(res));
/* Ask OpenSSL to verify the server certificate. Note that this
* does NOT include verifying that the hostname is correct.
* So, by itself, this means anyone with any legitimate
* CA-issued certificate for any website, can impersonate any
* other website in the world. This is not good. See "The
* Most Dangerous Code in the World" article at
* https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
*/
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
/* This is how we solve the problem mentioned in the previous
* comment. We "wrap" OpenSSL's validation routine in our
* own routine, which also validates the hostname by calling
* the code provided by iSECPartners. Note that even though
* the "Everything You've Always Wanted to Know About
* Certificate Validation With OpenSSL (But Were Afraid to
* Ask)" paper from iSECPartners says very explicitly not to
* call SSL_CTX_set_cert_verify_callback (at the bottom of
* page 2), what we're doing here is safe because our
* cert_verify_callback() calls X509_verify_cert(), which is
* OpenSSL's built-in routine which would have been called if
* we hadn't set the callback. Therefore, we're just
* "wrapping" OpenSSL's routine, not replacing it. */
SSL_CTX_set_cert_verify_callback (ctx, _cert_verify_callback,this);
//Let the verify_callback catch the verify_depth error so that we get an appropriate error in the logfile. (??)
SSL_CTX_set_verify_depth(ctx,max_cert_chain_depth + 1);
}
ssl = SSL_new( ctx );
bio = BIO_new( &_bio_method );
bio->ptr = this;
SSL_set_bio( ssl, bio, bio );
if (p_for_hostname!=String()) {
SSL_set_tlsext_host_name(ssl,p_for_hostname.utf8().get_data());
}
use_blocking=true; // let handshake use blocking
// Set the SSL to automatically retry on failure.
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
// Same as before, try to connect.
int result = SSL_connect( ssl );
print_line("CONNECTION RESULT: "+itos(result));
if (result<1) {
ERR_print_errors_fp(stdout);
_print_error(result);
}
X509 * peer = SSL_get_peer_certificate(ssl);
if (peer) {
bool cert_ok = SSL_get_verify_result(ssl) == X509_V_OK;
print_line("cert_ok: "+itos(cert_ok));
} else if (validate_certs){
status=STATUS_ERROR_NO_CERTIFICATE;
}
connected=true;
status=STATUS_CONNECTED;
return OK;
}
Error StreamPeerOpenSSL::accept(Ref<StreamPeer> p_base) {
return ERR_UNAVAILABLE;
}
void StreamPeerOpenSSL::_print_error(int err) {
err = SSL_get_error(ssl,err);
switch(err) {
case SSL_ERROR_NONE: ERR_PRINT("NO ERROR: The TLS/SSL I/O operation completed"); break;
case SSL_ERROR_ZERO_RETURN: ERR_PRINT("The TLS/SSL connection has been closed.");
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
ERR_PRINT("The operation did not complete."); break;
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
ERR_PRINT("The connect/accept operation did not complete"); break;
case SSL_ERROR_WANT_X509_LOOKUP:
ERR_PRINT("The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again."); break;
case SSL_ERROR_SYSCALL:
ERR_PRINT("Some I/O error occurred. The OpenSSL error queue may contain more information on the error."); break;
case SSL_ERROR_SSL:
ERR_PRINT("A failure in the SSL library occurred, usually a protocol error."); break;
}
}
Error StreamPeerOpenSSL::put_data(const uint8_t* p_data,int p_bytes) {
ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
while(p_bytes>0) {
int ret = SSL_write(ssl,p_data,p_bytes);
if (ret<=0) {
_print_error(ret);
disconnect();
return ERR_CONNECTION_ERROR;
}
p_data+=ret;
p_bytes-=ret;
}
return OK;
}
Error StreamPeerOpenSSL::put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent){
ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
if (p_bytes==0)
return OK;
Error err = put_data(p_data,p_bytes);
if (err!=OK)
return err;
r_sent=p_bytes;
return OK;
}
Error StreamPeerOpenSSL::get_data(uint8_t* p_buffer, int p_bytes){
ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
while(p_bytes>0) {
int ret = SSL_read(ssl,p_buffer,p_bytes);
if (ret<=0) {
_print_error(ret);
disconnect();
return ERR_CONNECTION_ERROR;
}
p_buffer+=ret;
p_bytes-=ret;
}
return OK;
}
Error StreamPeerOpenSSL::get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received){
ERR_FAIL_COND_V(!connected,ERR_UNCONFIGURED);
if (p_bytes==0) {
r_received=0;
return OK;
}
Error err = get_data(p_buffer,p_bytes);
if (err!=OK)
return err;
r_received=p_bytes;
return OK;
}
int StreamPeerOpenSSL::get_available_bytes() const {
ERR_FAIL_COND_V(!connected,0);
return SSL_pending(ssl);
}
StreamPeerOpenSSL::StreamPeerOpenSSL() {
ctx=NULL;
ssl=NULL;
bio=NULL;
connected=false;
use_blocking=true; //might be improved int the future, but for now it always blocks
max_cert_chain_depth=9;
flags=0;
}
void StreamPeerOpenSSL::disconnect() {
if (!connected)
return;
SSL_shutdown( ssl );
SSL_free( ssl );
SSL_CTX_free(ctx);
base=Ref<StreamPeer>();
connected=false;
validate_certs=false;
validate_hostname=false;
status=STATUS_DISCONNECTED;
}
StreamPeerOpenSSL::Status StreamPeerOpenSSL::get_status() const {
return status;
}
StreamPeerOpenSSL::~StreamPeerOpenSSL() {
disconnect();
}
StreamPeerSSL* StreamPeerOpenSSL::_create_func() {
return memnew( StreamPeerOpenSSL );
}
Vector<X509*> StreamPeerOpenSSL::certs;
void StreamPeerOpenSSL::_load_certs(const ByteArray& p_array) {
ByteArray::Read r = p_array.read();
BIO* mem = BIO_new(BIO_s_mem());
BIO_puts(mem,(const char*)r.ptr());
while(true) {
X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
if (!cert)
break;
certs.push_back(cert);
}
BIO_free(mem);
}
void StreamPeerOpenSSL::initialize_ssl() {
available=true;
load_certs_func=_load_certs;
_create=_create_func;
CRYPTO_malloc_init(); // Initialize malloc, free, etc for OpenSSL's use
SSL_library_init(); // Initialize OpenSSL's SSL libraries
SSL_load_error_strings(); // Load SSL error strings
ERR_load_BIO_strings(); // Load BIO error strings
OpenSSL_add_all_algorithms(); // Load all available encryption algorithms
String certs_path =GLOBAL_DEF("ssl/certificates","");
Globals::get_singleton()->set_custom_property_info("ssl/certificates",PropertyInfo(Variant::STRING,"ssl/certificates",PROPERTY_HINT_FILE,"*.crt"));
if (certs_path!="") {
FileAccess *f=FileAccess::open(certs_path,FileAccess::READ);
if (f) {
ByteArray arr;
int flen = f->get_len();
arr.resize(flen+1);
{
ByteArray::Write w = arr.write();
f->get_buffer(w.ptr(),flen);
w[flen]=0; //end f string
}
memdelete(f);
_load_certs(arr);
print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
}
}
String config_path =GLOBAL_DEF("ssl/config","");
Globals::get_singleton()->set_custom_property_info("ssl/config",PropertyInfo(Variant::STRING,"ssl/config",PROPERTY_HINT_FILE,"*.cnf"));
if (config_path!="") {
Vector<uint8_t> data = FileAccess::get_file_as_array(config_path);
if (data.size()) {
data.push_back(0);
BIO* mem = BIO_new(BIO_s_mem());
BIO_puts(mem,(const char*) data.ptr());
while(true) {
X509*cert = PEM_read_bio_X509(mem, NULL, 0, NULL);
if (!cert)
break;
certs.push_back(cert);
}
BIO_free(mem);
}
print_line("Loaded certs from '"+certs_path+"': "+itos(certs.size()));
}
}
void StreamPeerOpenSSL::finalize_ssl(){
for(int i=0;i<certs.size();i++) {
X509_free(certs[i]);
}
certs.clear();
}

109
modules/openssl/stream_peer_openssl.h Normal file
View File

@@ -0,0 +1,109 @@
/*************************************************************************/
/* stream_peer_openssl.h */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* http://www.godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2016 Juan Linietsky, Ariel Manzur. */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#ifndef STREAM_PEER_OPEN_SSL_H
#define STREAM_PEER_OPEN_SSL_H
#include <stdio.h> // If you don't know what this is for stop reading now.
#include "io/stream_peer_ssl.h"
#include "globals.h"
#include "os/file_access.h"
#include "curl_hostcheck.h"
#include <openssl/bio.h> // BIO objects for I/O
#include <openssl/ssl.h> // SSL and SSL_CTX for SSL connections
#include <openssl/err.h> // Error reporting
#include <openssl/x509v3.h>
class StreamPeerOpenSSL : public StreamPeerSSL {
private:
static int _bio_create( BIO *b );
static int _bio_destroy( BIO *b );
static int _bio_read( BIO *b, char *buf, int len );
static int _bio_write( BIO *b, const char *buf, int len );
static long _bio_ctrl( BIO *b, int cmd, long num, void *ptr );
static int _bio_gets( BIO *b, char *buf, int len );
static int _bio_puts( BIO *b, const char *str );
static BIO_METHOD _bio_method;
static bool _match_host_name(const char *name, const char *hostname);
static Error _match_common_name(const char *hostname, const X509 *server_cert);
static Error _match_subject_alternative_name(const char *hostname, const X509 *server_cert);
static int _cert_verify_callback(X509_STORE_CTX *x509_ctx, void *arg);
Status status;
String hostname;
int max_cert_chain_depth;
SSL_CTX* ctx;
SSL* ssl;
BIO* bio;
bool connected;
int flags;
bool use_blocking;
bool validate_certs;
bool validate_hostname;
Ref<StreamPeer> base;
static StreamPeerSSL* _create_func();
void _print_error(int err);
static Vector<X509*> certs;
static void _load_certs(const ByteArray& p_array);
protected:
static void _bind_methods();
public:
virtual Error accept(Ref<StreamPeer> p_base);
virtual Error connect(Ref<StreamPeer> p_base,bool p_validate_certs=false,const String& p_for_hostname=String());
virtual Status get_status() const;
virtual void disconnect();
virtual Error put_data(const uint8_t* p_data,int p_bytes);
virtual Error put_partial_data(const uint8_t* p_data,int p_bytes, int &r_sent);
virtual Error get_data(uint8_t* p_buffer, int p_bytes);
virtual Error get_partial_data(uint8_t* p_buffer, int p_bytes,int &r_received);
virtual int get_available_bytes() const;
static void initialize_ssl();
static void finalize_ssl();
StreamPeerOpenSSL();
~StreamPeerOpenSSL();
};
#endif // STREAM_PEER_SSL_H