summaryrefslogtreecommitdiff
path: root/src/core/hle/service/ssl
diff options
context:
space:
mode:
authorGravatar comex2023-07-01 15:02:25 -0700
committerGravatar comex2023-07-01 17:27:35 -0700
commit0e191c271125321589dfdbb09731413550710c9a (patch)
treee0d9e826197d2fd66cc9b7fd8d11cc8c7fd6e3ac /src/core/hle/service/ssl
parentMerge remote-tracking branch 'origin/master' into ssl (diff)
downloadyuzu-0e191c271125321589dfdbb09731413550710c9a.tar.gz
yuzu-0e191c271125321589dfdbb09731413550710c9a.tar.xz
yuzu-0e191c271125321589dfdbb09731413550710c9a.zip
Updates:
- Address PR feedback. - Add SecureTransport backend for macOS.
Diffstat (limited to 'src/core/hle/service/ssl')
-rw-r--r--src/core/hle/service/ssl/ssl.cpp106
-rw-r--r--src/core/hle/service/ssl/ssl_backend_openssl.cpp66
-rw-r--r--src/core/hle/service/ssl/ssl_backend_schannel.cpp207
3 files changed, 194 insertions, 185 deletions
diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp
index 5638dd693..0919be55f 100644
--- a/src/core/hle/service/ssl/ssl.cpp
+++ b/src/core/hle/service/ssl/ssl.cpp
@@ -64,7 +64,7 @@ public:
64 std::shared_ptr<SslContextSharedData>& shared_data, 64 std::shared_ptr<SslContextSharedData>& shared_data,
65 std::unique_ptr<SSLConnectionBackend>&& backend) 65 std::unique_ptr<SSLConnectionBackend>&& backend)
66 : ServiceFramework{system_, "ISslConnection"}, ssl_version{version}, 66 : ServiceFramework{system_, "ISslConnection"}, ssl_version{version},
67 shared_data_{shared_data}, backend_{std::move(backend)} { 67 shared_data{shared_data}, backend{std::move(backend)} {
68 // clang-format off 68 // clang-format off
69 static const FunctionInfo functions[] = { 69 static const FunctionInfo functions[] = {
70 {0, &ISslConnection::SetSocketDescriptor, "SetSocketDescriptor"}, 70 {0, &ISslConnection::SetSocketDescriptor, "SetSocketDescriptor"},
@@ -112,10 +112,10 @@ public:
112 } 112 }
113 113
114 ~ISslConnection() { 114 ~ISslConnection() {
115 shared_data_->connection_count--; 115 shared_data->connection_count--;
116 if (fd_to_close_.has_value()) { 116 if (fd_to_close.has_value()) {
117 const s32 fd = *fd_to_close_; 117 const s32 fd = *fd_to_close;
118 if (!do_not_close_socket_) { 118 if (!do_not_close_socket) {
119 LOG_ERROR(Service_SSL, 119 LOG_ERROR(Service_SSL,
120 "do_not_close_socket was changed after setting socket; is this right?"); 120 "do_not_close_socket was changed after setting socket; is this right?");
121 } else { 121 } else {
@@ -132,30 +132,30 @@ public:
132 132
133private: 133private:
134 SslVersion ssl_version; 134 SslVersion ssl_version;
135 std::shared_ptr<SslContextSharedData> shared_data_; 135 std::shared_ptr<SslContextSharedData> shared_data;
136 std::unique_ptr<SSLConnectionBackend> backend_; 136 std::unique_ptr<SSLConnectionBackend> backend;
137 std::optional<int> fd_to_close_; 137 std::optional<int> fd_to_close;
138 bool do_not_close_socket_ = false; 138 bool do_not_close_socket = false;
139 bool get_server_cert_chain_ = false; 139 bool get_server_cert_chain = false;
140 std::shared_ptr<Network::SocketBase> socket_; 140 std::shared_ptr<Network::SocketBase> socket;
141 bool did_set_host_name_ = false; 141 bool did_set_host_name = false;
142 bool did_handshake_ = false; 142 bool did_handshake = false;
143 143
144 ResultVal<s32> SetSocketDescriptorImpl(s32 fd) { 144 ResultVal<s32> SetSocketDescriptorImpl(s32 fd) {
145 LOG_DEBUG(Service_SSL, "called, fd={}", fd); 145 LOG_DEBUG(Service_SSL, "called, fd={}", fd);
146 ASSERT(!did_handshake_); 146 ASSERT(!did_handshake);
147 auto bsd = system.ServiceManager().GetService<Service::Sockets::BSD>("bsd:u"); 147 auto bsd = system.ServiceManager().GetService<Service::Sockets::BSD>("bsd:u");
148 ASSERT_OR_EXECUTE(bsd, { return ResultInternalError; }); 148 ASSERT_OR_EXECUTE(bsd, { return ResultInternalError; });
149 s32 ret_fd; 149 s32 ret_fd;
150 // Based on https://switchbrew.org/wiki/SSL_services#SetSocketDescriptor 150 // Based on https://switchbrew.org/wiki/SSL_services#SetSocketDescriptor
151 if (do_not_close_socket_) { 151 if (do_not_close_socket) {
152 auto res = bsd->DuplicateSocketImpl(fd); 152 auto res = bsd->DuplicateSocketImpl(fd);
153 if (!res.has_value()) { 153 if (!res.has_value()) {
154 LOG_ERROR(Service_SSL, "Failed to duplicate socket with fd {}", fd); 154 LOG_ERROR(Service_SSL, "Failed to duplicate socket with fd {}", fd);
155 return ResultInvalidSocket; 155 return ResultInvalidSocket;
156 } 156 }
157 fd = *res; 157 fd = *res;
158 fd_to_close_ = fd; 158 fd_to_close = fd;
159 ret_fd = fd; 159 ret_fd = fd;
160 } else { 160 } else {
161 ret_fd = -1; 161 ret_fd = -1;
@@ -165,34 +165,34 @@ private:
165 LOG_ERROR(Service_SSL, "invalid socket fd {}", fd); 165 LOG_ERROR(Service_SSL, "invalid socket fd {}", fd);
166 return ResultInvalidSocket; 166 return ResultInvalidSocket;
167 } 167 }
168 socket_ = std::move(*sock); 168 socket = std::move(*sock);
169 backend_->SetSocket(socket_); 169 backend->SetSocket(socket);
170 return ret_fd; 170 return ret_fd;
171 } 171 }
172 172
173 Result SetHostNameImpl(const std::string& hostname) { 173 Result SetHostNameImpl(const std::string& hostname) {
174 LOG_DEBUG(Service_SSL, "called. hostname={}", hostname); 174 LOG_DEBUG(Service_SSL, "called. hostname={}", hostname);
175 ASSERT(!did_handshake_); 175 ASSERT(!did_handshake);
176 Result res = backend_->SetHostName(hostname); 176 Result res = backend->SetHostName(hostname);
177 if (res == ResultSuccess) { 177 if (res == ResultSuccess) {
178 did_set_host_name_ = true; 178 did_set_host_name = true;
179 } 179 }
180 return res; 180 return res;
181 } 181 }
182 182
183 Result SetVerifyOptionImpl(u32 option) { 183 Result SetVerifyOptionImpl(u32 option) {
184 ASSERT(!did_handshake_); 184 ASSERT(!did_handshake);
185 LOG_WARNING(Service_SSL, "(STUBBED) called. option={}", option); 185 LOG_WARNING(Service_SSL, "(STUBBED) called. option={}", option);
186 return ResultSuccess; 186 return ResultSuccess;
187 } 187 }
188 188
189 Result SetIOModeImpl(u32 _mode) { 189 Result SetIoModeImpl(u32 input_mode) {
190 auto mode = static_cast<IoMode>(_mode); 190 auto mode = static_cast<IoMode>(input_mode);
191 ASSERT(mode == IoMode::Blocking || mode == IoMode::NonBlocking); 191 ASSERT(mode == IoMode::Blocking || mode == IoMode::NonBlocking);
192 ASSERT_OR_EXECUTE(socket_, { return ResultNoSocket; }); 192 ASSERT_OR_EXECUTE(socket, { return ResultNoSocket; });
193 193
194 const bool non_block = mode == IoMode::NonBlocking; 194 const bool non_block = mode == IoMode::NonBlocking;
195 const Network::Errno error = socket_->SetNonBlock(non_block); 195 const Network::Errno error = socket->SetNonBlock(non_block);
196 if (error != Network::Errno::SUCCESS) { 196 if (error != Network::Errno::SUCCESS) {
197 LOG_ERROR(Service_SSL, "Failed to set native socket non-block flag to {}", non_block); 197 LOG_ERROR(Service_SSL, "Failed to set native socket non-block flag to {}", non_block);
198 } 198 }
@@ -200,18 +200,18 @@ private:
200 } 200 }
201 201
202 Result SetSessionCacheModeImpl(u32 mode) { 202 Result SetSessionCacheModeImpl(u32 mode) {
203 ASSERT(!did_handshake_); 203 ASSERT(!did_handshake);
204 LOG_WARNING(Service_SSL, "(STUBBED) called. value={}", mode); 204 LOG_WARNING(Service_SSL, "(STUBBED) called. value={}", mode);
205 return ResultSuccess; 205 return ResultSuccess;
206 } 206 }
207 207
208 Result DoHandshakeImpl() { 208 Result DoHandshakeImpl() {
209 ASSERT_OR_EXECUTE(!did_handshake_ && socket_, { return ResultNoSocket; }); 209 ASSERT_OR_EXECUTE(!did_handshake && socket, { return ResultNoSocket; });
210 ASSERT_OR_EXECUTE_MSG( 210 ASSERT_OR_EXECUTE_MSG(
211 did_set_host_name_, { return ResultInternalError; }, 211 did_set_host_name, { return ResultInternalError; },
212 "Expected SetHostName before DoHandshake"); 212 "Expected SetHostName before DoHandshake");
213 Result res = backend_->DoHandshake(); 213 Result res = backend->DoHandshake();
214 did_handshake_ = res.IsSuccess(); 214 did_handshake = res.IsSuccess();
215 return res; 215 return res;
216 } 216 }
217 217
@@ -225,7 +225,7 @@ private:
225 u32 size; 225 u32 size;
226 u32 offset; 226 u32 offset;
227 }; 227 };
228 if (!get_server_cert_chain_) { 228 if (!get_server_cert_chain) {
229 // Just return the first one, unencoded. 229 // Just return the first one, unencoded.
230 ASSERT_OR_EXECUTE_MSG( 230 ASSERT_OR_EXECUTE_MSG(
231 !certs.empty(), { return {}; }, "Should be at least one server cert"); 231 !certs.empty(), { return {}; }, "Should be at least one server cert");
@@ -248,9 +248,9 @@ private:
248 } 248 }
249 249
250 ResultVal<std::vector<u8>> ReadImpl(size_t size) { 250 ResultVal<std::vector<u8>> ReadImpl(size_t size) {
251 ASSERT_OR_EXECUTE(did_handshake_, { return ResultInternalError; }); 251 ASSERT_OR_EXECUTE(did_handshake, { return ResultInternalError; });
252 std::vector<u8> res(size); 252 std::vector<u8> res(size);
253 ResultVal<size_t> actual = backend_->Read(res); 253 ResultVal<size_t> actual = backend->Read(res);
254 if (actual.Failed()) { 254 if (actual.Failed()) {
255 return actual.Code(); 255 return actual.Code();
256 } 256 }
@@ -259,8 +259,8 @@ private:
259 } 259 }
260 260
261 ResultVal<size_t> WriteImpl(std::span<const u8> data) { 261 ResultVal<size_t> WriteImpl(std::span<const u8> data) {
262 ASSERT_OR_EXECUTE(did_handshake_, { return ResultInternalError; }); 262 ASSERT_OR_EXECUTE(did_handshake, { return ResultInternalError; });
263 return backend_->Write(data); 263 return backend->Write(data);
264 } 264 }
265 265
266 ResultVal<s32> PendingImpl() { 266 ResultVal<s32> PendingImpl() {
@@ -295,7 +295,7 @@ private:
295 void SetIoMode(HLERequestContext& ctx) { 295 void SetIoMode(HLERequestContext& ctx) {
296 IPC::RequestParser rp{ctx}; 296 IPC::RequestParser rp{ctx};
297 const u32 mode = rp.Pop<u32>(); 297 const u32 mode = rp.Pop<u32>();
298 const Result res = SetIOModeImpl(mode); 298 const Result res = SetIoModeImpl(mode);
299 IPC::ResponseBuilder rb{ctx, 2}; 299 IPC::ResponseBuilder rb{ctx, 2};
300 rb.Push(res); 300 rb.Push(res);
301 } 301 }
@@ -307,22 +307,26 @@ private:
307 } 307 }
308 308
309 void DoHandshakeGetServerCert(HLERequestContext& ctx) { 309 void DoHandshakeGetServerCert(HLERequestContext& ctx) {
310 struct OutputParameters {
311 u32 certs_size;
312 u32 certs_count;
313 };
314 static_assert(sizeof(OutputParameters) == 0x8);
315
310 const Result res = DoHandshakeImpl(); 316 const Result res = DoHandshakeImpl();
311 u32 certs_count = 0; 317 OutputParameters out{};
312 u32 certs_size = 0;
313 if (res == ResultSuccess) { 318 if (res == ResultSuccess) {
314 auto certs = backend_->GetServerCerts(); 319 auto certs = backend->GetServerCerts();
315 if (certs.Succeeded()) { 320 if (certs.Succeeded()) {
316 const std::vector<u8> certs_buf = SerializeServerCerts(*certs); 321 const std::vector<u8> certs_buf = SerializeServerCerts(*certs);
317 ctx.WriteBuffer(certs_buf); 322 ctx.WriteBuffer(certs_buf);
318 certs_count = static_cast<u32>(certs->size()); 323 out.certs_count = static_cast<u32>(certs->size());
319 certs_size = static_cast<u32>(certs_buf.size()); 324 out.certs_size = static_cast<u32>(certs_buf.size());
320 } 325 }
321 } 326 }
322 IPC::ResponseBuilder rb{ctx, 4}; 327 IPC::ResponseBuilder rb{ctx, 4};
323 rb.Push(res); 328 rb.Push(res);
324 rb.Push(certs_size); 329 rb.PushRaw(out);
325 rb.Push(certs_count);
326 } 330 }
327 331
328 void Read(HLERequestContext& ctx) { 332 void Read(HLERequestContext& ctx) {
@@ -371,10 +375,10 @@ private:
371 375
372 switch (parameters.option) { 376 switch (parameters.option) {
373 case OptionType::DoNotCloseSocket: 377 case OptionType::DoNotCloseSocket:
374 do_not_close_socket_ = static_cast<bool>(parameters.value); 378 do_not_close_socket = static_cast<bool>(parameters.value);
375 break; 379 break;
376 case OptionType::GetServerCertChain: 380 case OptionType::GetServerCertChain:
377 get_server_cert_chain_ = static_cast<bool>(parameters.value); 381 get_server_cert_chain = static_cast<bool>(parameters.value);
378 break; 382 break;
379 default: 383 default:
380 LOG_WARNING(Service_SSL, "Unknown option={}, value={}", parameters.option, 384 LOG_WARNING(Service_SSL, "Unknown option={}, value={}", parameters.option,
@@ -390,7 +394,7 @@ class ISslContext final : public ServiceFramework<ISslContext> {
390public: 394public:
391 explicit ISslContext(Core::System& system_, SslVersion version) 395 explicit ISslContext(Core::System& system_, SslVersion version)
392 : ServiceFramework{system_, "ISslContext"}, ssl_version{version}, 396 : ServiceFramework{system_, "ISslContext"}, ssl_version{version},
393 shared_data_{std::make_shared<SslContextSharedData>()} { 397 shared_data{std::make_shared<SslContextSharedData>()} {
394 static const FunctionInfo functions[] = { 398 static const FunctionInfo functions[] = {
395 {0, &ISslContext::SetOption, "SetOption"}, 399 {0, &ISslContext::SetOption, "SetOption"},
396 {1, nullptr, "GetOption"}, 400 {1, nullptr, "GetOption"},
@@ -412,7 +416,7 @@ public:
412 416
413private: 417private:
414 SslVersion ssl_version; 418 SslVersion ssl_version;
415 std::shared_ptr<SslContextSharedData> shared_data_; 419 std::shared_ptr<SslContextSharedData> shared_data;
416 420
417 void SetOption(HLERequestContext& ctx) { 421 void SetOption(HLERequestContext& ctx) {
418 struct Parameters { 422 struct Parameters {
@@ -439,17 +443,17 @@ private:
439 IPC::ResponseBuilder rb{ctx, 2, 0, 1}; 443 IPC::ResponseBuilder rb{ctx, 2, 0, 1};
440 rb.Push(backend_res.Code()); 444 rb.Push(backend_res.Code());
441 if (backend_res.Succeeded()) { 445 if (backend_res.Succeeded()) {
442 rb.PushIpcInterface<ISslConnection>(system, ssl_version, shared_data_, 446 rb.PushIpcInterface<ISslConnection>(system, ssl_version, shared_data,
443 std::move(*backend_res)); 447 std::move(*backend_res));
444 } 448 }
445 } 449 }
446 450
447 void GetConnectionCount(HLERequestContext& ctx) { 451 void GetConnectionCount(HLERequestContext& ctx) {
448 LOG_WARNING(Service_SSL, "connection_count={}", shared_data_->connection_count); 452 LOG_DEBUG(Service_SSL, "connection_count={}", shared_data->connection_count);
449 453
450 IPC::ResponseBuilder rb{ctx, 3}; 454 IPC::ResponseBuilder rb{ctx, 3};
451 rb.Push(ResultSuccess); 455 rb.Push(ResultSuccess);
452 rb.Push(shared_data_->connection_count); 456 rb.Push(shared_data->connection_count);
453 } 457 }
454 458
455 void ImportServerPki(HLERequestContext& ctx) { 459 void ImportServerPki(HLERequestContext& ctx) {
diff --git a/src/core/hle/service/ssl/ssl_backend_openssl.cpp b/src/core/hle/service/ssl/ssl_backend_openssl.cpp
index e7d5801fd..f69674f77 100644
--- a/src/core/hle/service/ssl/ssl_backend_openssl.cpp
+++ b/src/core/hle/service/ssl/ssl_backend_openssl.cpp
@@ -51,37 +51,37 @@ public:
51 return ResultInternalError; 51 return ResultInternalError;
52 } 52 }
53 53
54 ssl_ = SSL_new(ssl_ctx); 54 ssl = SSL_new(ssl_ctx);
55 if (!ssl_) { 55 if (!ssl) {
56 LOG_ERROR(Service_SSL, "SSL_new failed"); 56 LOG_ERROR(Service_SSL, "SSL_new failed");
57 return CheckOpenSSLErrors(); 57 return CheckOpenSSLErrors();
58 } 58 }
59 59
60 SSL_set_connect_state(ssl_); 60 SSL_set_connect_state(ssl);
61 61
62 bio_ = BIO_new(bio_meth); 62 bio = BIO_new(bio_meth);
63 if (!bio_) { 63 if (!bio) {
64 LOG_ERROR(Service_SSL, "BIO_new failed"); 64 LOG_ERROR(Service_SSL, "BIO_new failed");
65 return CheckOpenSSLErrors(); 65 return CheckOpenSSLErrors();
66 } 66 }
67 67
68 BIO_set_data(bio_, this); 68 BIO_set_data(bio, this);
69 BIO_set_init(bio_, 1); 69 BIO_set_init(bio, 1);
70 SSL_set_bio(ssl_, bio_, bio_); 70 SSL_set_bio(ssl, bio, bio);
71 71
72 return ResultSuccess; 72 return ResultSuccess;
73 } 73 }
74 74
75 void SetSocket(std::shared_ptr<Network::SocketBase> socket) override { 75 void SetSocket(std::shared_ptr<Network::SocketBase> socket_in) override {
76 socket_ = socket; 76 socket = std::move(socket_in);
77 } 77 }
78 78
79 Result SetHostName(const std::string& hostname) override { 79 Result SetHostName(const std::string& hostname) override {
80 if (!SSL_set1_host(ssl_, hostname.c_str())) { // hostname for verification 80 if (!SSL_set1_host(ssl, hostname.c_str())) { // hostname for verification
81 LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname); 81 LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname);
82 return CheckOpenSSLErrors(); 82 return CheckOpenSSLErrors();
83 } 83 }
84 if (!SSL_set_tlsext_host_name(ssl_, hostname.c_str())) { // hostname for SNI 84 if (!SSL_set_tlsext_host_name(ssl, hostname.c_str())) { // hostname for SNI
85 LOG_ERROR(Service_SSL, "SSL_set_tlsext_host_name({}) failed", hostname); 85 LOG_ERROR(Service_SSL, "SSL_set_tlsext_host_name({}) failed", hostname);
86 return CheckOpenSSLErrors(); 86 return CheckOpenSSLErrors();
87 } 87 }
@@ -89,18 +89,18 @@ public:
89 } 89 }
90 90
91 Result DoHandshake() override { 91 Result DoHandshake() override {
92 SSL_set_verify_result(ssl_, X509_V_OK); 92 SSL_set_verify_result(ssl, X509_V_OK);
93 const int ret = SSL_do_handshake(ssl_); 93 const int ret = SSL_do_handshake(ssl);
94 const long verify_result = SSL_get_verify_result(ssl_); 94 const long verify_result = SSL_get_verify_result(ssl);
95 if (verify_result != X509_V_OK) { 95 if (verify_result != X509_V_OK) {
96 LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}", 96 LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}",
97 X509_verify_cert_error_string(verify_result)); 97 X509_verify_cert_error_string(verify_result));
98 return CheckOpenSSLErrors(); 98 return CheckOpenSSLErrors();
99 } 99 }
100 if (ret <= 0) { 100 if (ret <= 0) {
101 const int ssl_err = SSL_get_error(ssl_, ret); 101 const int ssl_err = SSL_get_error(ssl, ret);
102 if (ssl_err == SSL_ERROR_ZERO_RETURN || 102 if (ssl_err == SSL_ERROR_ZERO_RETURN ||
103 (ssl_err == SSL_ERROR_SYSCALL && got_read_eof_)) { 103 (ssl_err == SSL_ERROR_SYSCALL && got_read_eof)) {
104 LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); 104 LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up");
105 return ResultInternalError; 105 return ResultInternalError;
106 } 106 }
@@ -110,18 +110,18 @@ public:
110 110
111 ResultVal<size_t> Read(std::span<u8> data) override { 111 ResultVal<size_t> Read(std::span<u8> data) override {
112 size_t actual; 112 size_t actual;
113 const int ret = SSL_read_ex(ssl_, data.data(), data.size(), &actual); 113 const int ret = SSL_read_ex(ssl, data.data(), data.size(), &actual);
114 return HandleReturn("SSL_read_ex", actual, ret); 114 return HandleReturn("SSL_read_ex", actual, ret);
115 } 115 }
116 116
117 ResultVal<size_t> Write(std::span<const u8> data) override { 117 ResultVal<size_t> Write(std::span<const u8> data) override {
118 size_t actual; 118 size_t actual;
119 const int ret = SSL_write_ex(ssl_, data.data(), data.size(), &actual); 119 const int ret = SSL_write_ex(ssl, data.data(), data.size(), &actual);
120 return HandleReturn("SSL_write_ex", actual, ret); 120 return HandleReturn("SSL_write_ex", actual, ret);
121 } 121 }
122 122
123 ResultVal<size_t> HandleReturn(const char* what, size_t actual, int ret) { 123 ResultVal<size_t> HandleReturn(const char* what, size_t actual, int ret) {
124 const int ssl_err = SSL_get_error(ssl_, ret); 124 const int ssl_err = SSL_get_error(ssl, ret);
125 CheckOpenSSLErrors(); 125 CheckOpenSSLErrors();
126 switch (ssl_err) { 126 switch (ssl_err) {
127 case SSL_ERROR_NONE: 127 case SSL_ERROR_NONE:
@@ -137,7 +137,7 @@ public:
137 LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_WANT_WRITE", what); 137 LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_WANT_WRITE", what);
138 return ResultWouldBlock; 138 return ResultWouldBlock;
139 default: 139 default:
140 if (ssl_err == SSL_ERROR_SYSCALL && got_read_eof_) { 140 if (ssl_err == SSL_ERROR_SYSCALL && got_read_eof) {
141 LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_SYSCALL because server hung up", what); 141 LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_SYSCALL because server hung up", what);
142 return size_t(0); 142 return size_t(0);
143 } 143 }
@@ -147,7 +147,7 @@ public:
147 } 147 }
148 148
149 ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { 149 ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override {
150 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); 150 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl);
151 if (!chain) { 151 if (!chain) {
152 LOG_ERROR(Service_SSL, "SSL_get_peer_cert_chain returned nullptr"); 152 LOG_ERROR(Service_SSL, "SSL_get_peer_cert_chain returned nullptr");
153 return ResultInternalError; 153 return ResultInternalError;
@@ -169,8 +169,8 @@ public:
169 169
170 ~SSLConnectionBackendOpenSSL() { 170 ~SSLConnectionBackendOpenSSL() {
171 // these are null-tolerant: 171 // these are null-tolerant:
172 SSL_free(ssl_); 172 SSL_free(ssl);
173 BIO_free(bio_); 173 BIO_free(bio);
174 } 174 }
175 175
176 static void KeyLogCallback(const SSL* ssl, const char* line) { 176 static void KeyLogCallback(const SSL* ssl, const char* line) {
@@ -188,9 +188,9 @@ public:
188 static int WriteCallback(BIO* bio, const char* buf, size_t len, size_t* actual_p) { 188 static int WriteCallback(BIO* bio, const char* buf, size_t len, size_t* actual_p) {
189 auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); 189 auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio));
190 ASSERT_OR_EXECUTE_MSG( 190 ASSERT_OR_EXECUTE_MSG(
191 self->socket_, { return 0; }, "OpenSSL asked to send but we have no socket"); 191 self->socket, { return 0; }, "OpenSSL asked to send but we have no socket");
192 BIO_clear_retry_flags(bio); 192 BIO_clear_retry_flags(bio);
193 auto [actual, err] = self->socket_->Send({reinterpret_cast<const u8*>(buf), len}, 0); 193 auto [actual, err] = self->socket->Send({reinterpret_cast<const u8*>(buf), len}, 0);
194 switch (err) { 194 switch (err) {
195 case Network::Errno::SUCCESS: 195 case Network::Errno::SUCCESS:
196 *actual_p = actual; 196 *actual_p = actual;
@@ -207,14 +207,14 @@ public:
207 static int ReadCallback(BIO* bio, char* buf, size_t len, size_t* actual_p) { 207 static int ReadCallback(BIO* bio, char* buf, size_t len, size_t* actual_p) {
208 auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); 208 auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio));
209 ASSERT_OR_EXECUTE_MSG( 209 ASSERT_OR_EXECUTE_MSG(
210 self->socket_, { return 0; }, "OpenSSL asked to recv but we have no socket"); 210 self->socket, { return 0; }, "OpenSSL asked to recv but we have no socket");
211 BIO_clear_retry_flags(bio); 211 BIO_clear_retry_flags(bio);
212 auto [actual, err] = self->socket_->Recv(0, {reinterpret_cast<u8*>(buf), len}); 212 auto [actual, err] = self->socket->Recv(0, {reinterpret_cast<u8*>(buf), len});
213 switch (err) { 213 switch (err) {
214 case Network::Errno::SUCCESS: 214 case Network::Errno::SUCCESS:
215 *actual_p = actual; 215 *actual_p = actual;
216 if (actual == 0) { 216 if (actual == 0) {
217 self->got_read_eof_ = true; 217 self->got_read_eof = true;
218 } 218 }
219 return actual ? 1 : 0; 219 return actual ? 1 : 0;
220 case Network::Errno::AGAIN: 220 case Network::Errno::AGAIN:
@@ -246,11 +246,11 @@ public:
246 } 246 }
247 } 247 }
248 248
249 SSL* ssl_ = nullptr; 249 SSL* ssl = nullptr;
250 BIO* bio_ = nullptr; 250 BIO* bio = nullptr;
251 bool got_read_eof_ = false; 251 bool got_read_eof = false;
252 252
253 std::shared_ptr<Network::SocketBase> socket_; 253 std::shared_ptr<Network::SocketBase> socket;
254}; 254};
255 255
256ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { 256ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() {
diff --git a/src/core/hle/service/ssl/ssl_backend_schannel.cpp b/src/core/hle/service/ssl/ssl_backend_schannel.cpp
index 775d5cc07..a1d6a186e 100644
--- a/src/core/hle/service/ssl/ssl_backend_schannel.cpp
+++ b/src/core/hle/service/ssl/ssl_backend_schannel.cpp
@@ -48,6 +48,12 @@ static void OneTimeInit() {
48 return; 48 return;
49 } 49 }
50 50
51 if (getenv("SSLKEYLOGFILE")) {
52 LOG_CRITICAL(Service_SSL, "SSLKEYLOGFILE was set but Schannel does not support exporting "
53 "keys; not logging keys!");
54 // Not fatal.
55 }
56
51 one_time_init_success = true; 57 one_time_init_success = true;
52} 58}
53 59
@@ -70,25 +76,25 @@ public:
70 return ResultSuccess; 76 return ResultSuccess;
71 } 77 }
72 78
73 void SetSocket(std::shared_ptr<Network::SocketBase> socket) override { 79 void SetSocket(std::shared_ptr<Network::SocketBase> socket_in) override {
74 socket_ = socket; 80 socket = std::move(socket_in);
75 } 81 }
76 82
77 Result SetHostName(const std::string& hostname) override { 83 Result SetHostName(const std::string& hostname_in) override {
78 hostname_ = hostname; 84 hostname = hostname_in;
79 return ResultSuccess; 85 return ResultSuccess;
80 } 86 }
81 87
82 Result DoHandshake() override { 88 Result DoHandshake() override {
83 while (1) { 89 while (1) {
84 Result r; 90 Result r;
85 switch (handshake_state_) { 91 switch (handshake_state) {
86 case HandshakeState::Initial: 92 case HandshakeState::Initial:
87 if ((r = FlushCiphertextWriteBuf()) != ResultSuccess || 93 if ((r = FlushCiphertextWriteBuf()) != ResultSuccess ||
88 (r = CallInitializeSecurityContext()) != ResultSuccess) { 94 (r = CallInitializeSecurityContext()) != ResultSuccess) {
89 return r; 95 return r;
90 } 96 }
91 // CallInitializeSecurityContext updated `handshake_state_`. 97 // CallInitializeSecurityContext updated `handshake_state`.
92 continue; 98 continue;
93 case HandshakeState::ContinueNeeded: 99 case HandshakeState::ContinueNeeded:
94 case HandshakeState::IncompleteMessage: 100 case HandshakeState::IncompleteMessage:
@@ -96,20 +102,20 @@ public:
96 (r = FillCiphertextReadBuf()) != ResultSuccess) { 102 (r = FillCiphertextReadBuf()) != ResultSuccess) {
97 return r; 103 return r;
98 } 104 }
99 if (ciphertext_read_buf_.empty()) { 105 if (ciphertext_read_buf.empty()) {
100 LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); 106 LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up");
101 return ResultInternalError; 107 return ResultInternalError;
102 } 108 }
103 if ((r = CallInitializeSecurityContext()) != ResultSuccess) { 109 if ((r = CallInitializeSecurityContext()) != ResultSuccess) {
104 return r; 110 return r;
105 } 111 }
106 // CallInitializeSecurityContext updated `handshake_state_`. 112 // CallInitializeSecurityContext updated `handshake_state`.
107 continue; 113 continue;
108 case HandshakeState::DoneAfterFlush: 114 case HandshakeState::DoneAfterFlush:
109 if ((r = FlushCiphertextWriteBuf()) != ResultSuccess) { 115 if ((r = FlushCiphertextWriteBuf()) != ResultSuccess) {
110 return r; 116 return r;
111 } 117 }
112 handshake_state_ = HandshakeState::Connected; 118 handshake_state = HandshakeState::Connected;
113 return ResultSuccess; 119 return ResultSuccess;
114 case HandshakeState::Connected: 120 case HandshakeState::Connected:
115 LOG_ERROR(Service_SSL, "Called DoHandshake but we already handshook"); 121 LOG_ERROR(Service_SSL, "Called DoHandshake but we already handshook");
@@ -121,24 +127,24 @@ public:
121 } 127 }
122 128
123 Result FillCiphertextReadBuf() { 129 Result FillCiphertextReadBuf() {
124 const size_t fill_size = read_buf_fill_size_ ? read_buf_fill_size_ : 4096; 130 const size_t fill_size = read_buf_fill_size ? read_buf_fill_size : 4096;
125 read_buf_fill_size_ = 0; 131 read_buf_fill_size = 0;
126 // This unnecessarily zeroes the buffer; oh well. 132 // This unnecessarily zeroes the buffer; oh well.
127 const size_t offset = ciphertext_read_buf_.size(); 133 const size_t offset = ciphertext_read_buf.size();
128 ASSERT_OR_EXECUTE(offset + fill_size >= offset, { return ResultInternalError; }); 134 ASSERT_OR_EXECUTE(offset + fill_size >= offset, { return ResultInternalError; });
129 ciphertext_read_buf_.resize(offset + fill_size, 0); 135 ciphertext_read_buf.resize(offset + fill_size, 0);
130 const auto read_span = std::span(ciphertext_read_buf_).subspan(offset, fill_size); 136 const auto read_span = std::span(ciphertext_read_buf).subspan(offset, fill_size);
131 const auto [actual, err] = socket_->Recv(0, read_span); 137 const auto [actual, err] = socket->Recv(0, read_span);
132 switch (err) { 138 switch (err) {
133 case Network::Errno::SUCCESS: 139 case Network::Errno::SUCCESS:
134 ASSERT(static_cast<size_t>(actual) <= fill_size); 140 ASSERT(static_cast<size_t>(actual) <= fill_size);
135 ciphertext_read_buf_.resize(offset + actual); 141 ciphertext_read_buf.resize(offset + actual);
136 return ResultSuccess; 142 return ResultSuccess;
137 case Network::Errno::AGAIN: 143 case Network::Errno::AGAIN:
138 ciphertext_read_buf_.resize(offset); 144 ciphertext_read_buf.resize(offset);
139 return ResultWouldBlock; 145 return ResultWouldBlock;
140 default: 146 default:
141 ciphertext_read_buf_.resize(offset); 147 ciphertext_read_buf.resize(offset);
142 LOG_ERROR(Service_SSL, "Socket recv returned Network::Errno {}", err); 148 LOG_ERROR(Service_SSL, "Socket recv returned Network::Errno {}", err);
143 return ResultInternalError; 149 return ResultInternalError;
144 } 150 }
@@ -146,13 +152,13 @@ public:
146 152
147 // Returns success if the write buffer has been completely emptied. 153 // Returns success if the write buffer has been completely emptied.
148 Result FlushCiphertextWriteBuf() { 154 Result FlushCiphertextWriteBuf() {
149 while (!ciphertext_write_buf_.empty()) { 155 while (!ciphertext_write_buf.empty()) {
150 const auto [actual, err] = socket_->Send(ciphertext_write_buf_, 0); 156 const auto [actual, err] = socket->Send(ciphertext_write_buf, 0);
151 switch (err) { 157 switch (err) {
152 case Network::Errno::SUCCESS: 158 case Network::Errno::SUCCESS:
153 ASSERT(static_cast<size_t>(actual) <= ciphertext_write_buf_.size()); 159 ASSERT(static_cast<size_t>(actual) <= ciphertext_write_buf.size());
154 ciphertext_write_buf_.erase(ciphertext_write_buf_.begin(), 160 ciphertext_write_buf.erase(ciphertext_write_buf.begin(),
155 ciphertext_write_buf_.begin() + actual); 161 ciphertext_write_buf.begin() + actual);
156 break; 162 break;
157 case Network::Errno::AGAIN: 163 case Network::Errno::AGAIN:
158 return ResultWouldBlock; 164 return ResultWouldBlock;
@@ -175,9 +181,9 @@ public:
175 // only used if `initial_call_done` 181 // only used if `initial_call_done`
176 { 182 {
177 // [0] 183 // [0]
178 .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf_.size()), 184 .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf.size()),
179 .BufferType = SECBUFFER_TOKEN, 185 .BufferType = SECBUFFER_TOKEN,
180 .pvBuffer = ciphertext_read_buf_.data(), 186 .pvBuffer = ciphertext_read_buf.data(),
181 }, 187 },
182 { 188 {
183 // [1] (will be replaced by SECBUFFER_MISSING when SEC_E_INCOMPLETE_MESSAGE is 189 // [1] (will be replaced by SECBUFFER_MISSING when SEC_E_INCOMPLETE_MESSAGE is
@@ -211,30 +217,30 @@ public:
211 .pBuffers = output_buffers.data(), 217 .pBuffers = output_buffers.data(),
212 }; 218 };
213 ASSERT_OR_EXECUTE_MSG( 219 ASSERT_OR_EXECUTE_MSG(
214 input_buffers[0].cbBuffer == ciphertext_read_buf_.size(), 220 input_buffers[0].cbBuffer == ciphertext_read_buf.size(),
215 { return ResultInternalError; }, "read buffer too large"); 221 { return ResultInternalError; }, "read buffer too large");
216 222
217 bool initial_call_done = handshake_state_ != HandshakeState::Initial; 223 bool initial_call_done = handshake_state != HandshakeState::Initial;
218 if (initial_call_done) { 224 if (initial_call_done) {
219 LOG_DEBUG(Service_SSL, "Passing {} bytes into InitializeSecurityContext", 225 LOG_DEBUG(Service_SSL, "Passing {} bytes into InitializeSecurityContext",
220 ciphertext_read_buf_.size()); 226 ciphertext_read_buf.size());
221 } 227 }
222 228
223 const SECURITY_STATUS ret = 229 const SECURITY_STATUS ret =
224 InitializeSecurityContextA(&cred_handle, initial_call_done ? &ctxt_ : nullptr, 230 InitializeSecurityContextA(&cred_handle, initial_call_done ? &ctxt : nullptr,
225 // Caller ensured we have set a hostname: 231 // Caller ensured we have set a hostname:
226 const_cast<char*>(hostname_.value().c_str()), req, 232 const_cast<char*>(hostname.value().c_str()), req,
227 0, // Reserved1 233 0, // Reserved1
228 0, // TargetDataRep not used with Schannel 234 0, // TargetDataRep not used with Schannel
229 initial_call_done ? &input_desc : nullptr, 235 initial_call_done ? &input_desc : nullptr,
230 0, // Reserved2 236 0, // Reserved2
231 initial_call_done ? nullptr : &ctxt_, &output_desc, &attr, 237 initial_call_done ? nullptr : &ctxt, &output_desc, &attr,
232 nullptr); // ptsExpiry 238 nullptr); // ptsExpiry
233 239
234 if (output_buffers[0].pvBuffer) { 240 if (output_buffers[0].pvBuffer) {
235 const std::span span(static_cast<u8*>(output_buffers[0].pvBuffer), 241 const std::span span(static_cast<u8*>(output_buffers[0].pvBuffer),
236 output_buffers[0].cbBuffer); 242 output_buffers[0].cbBuffer);
237 ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), span.begin(), span.end()); 243 ciphertext_write_buf.insert(ciphertext_write_buf.end(), span.begin(), span.end());
238 FreeContextBuffer(output_buffers[0].pvBuffer); 244 FreeContextBuffer(output_buffers[0].pvBuffer);
239 } 245 }
240 246
@@ -251,64 +257,64 @@ public:
251 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_I_CONTINUE_NEEDED"); 257 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_I_CONTINUE_NEEDED");
252 if (input_buffers[1].BufferType == SECBUFFER_EXTRA) { 258 if (input_buffers[1].BufferType == SECBUFFER_EXTRA) {
253 LOG_DEBUG(Service_SSL, "EXTRA of size {}", input_buffers[1].cbBuffer); 259 LOG_DEBUG(Service_SSL, "EXTRA of size {}", input_buffers[1].cbBuffer);
254 ASSERT(input_buffers[1].cbBuffer <= ciphertext_read_buf_.size()); 260 ASSERT(input_buffers[1].cbBuffer <= ciphertext_read_buf.size());
255 ciphertext_read_buf_.erase(ciphertext_read_buf_.begin(), 261 ciphertext_read_buf.erase(ciphertext_read_buf.begin(),
256 ciphertext_read_buf_.end() - input_buffers[1].cbBuffer); 262 ciphertext_read_buf.end() - input_buffers[1].cbBuffer);
257 } else { 263 } else {
258 ASSERT(input_buffers[1].BufferType == SECBUFFER_EMPTY); 264 ASSERT(input_buffers[1].BufferType == SECBUFFER_EMPTY);
259 ciphertext_read_buf_.clear(); 265 ciphertext_read_buf.clear();
260 } 266 }
261 handshake_state_ = HandshakeState::ContinueNeeded; 267 handshake_state = HandshakeState::ContinueNeeded;
262 return ResultSuccess; 268 return ResultSuccess;
263 case SEC_E_INCOMPLETE_MESSAGE: 269 case SEC_E_INCOMPLETE_MESSAGE:
264 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_INCOMPLETE_MESSAGE"); 270 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_INCOMPLETE_MESSAGE");
265 ASSERT(input_buffers[1].BufferType == SECBUFFER_MISSING); 271 ASSERT(input_buffers[1].BufferType == SECBUFFER_MISSING);
266 read_buf_fill_size_ = input_buffers[1].cbBuffer; 272 read_buf_fill_size = input_buffers[1].cbBuffer;
267 handshake_state_ = HandshakeState::IncompleteMessage; 273 handshake_state = HandshakeState::IncompleteMessage;
268 return ResultSuccess; 274 return ResultSuccess;
269 case SEC_E_OK: 275 case SEC_E_OK:
270 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_OK"); 276 LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_OK");
271 ciphertext_read_buf_.clear(); 277 ciphertext_read_buf.clear();
272 handshake_state_ = HandshakeState::DoneAfterFlush; 278 handshake_state = HandshakeState::DoneAfterFlush;
273 return GrabStreamSizes(); 279 return GrabStreamSizes();
274 default: 280 default:
275 LOG_ERROR(Service_SSL, 281 LOG_ERROR(Service_SSL,
276 "InitializeSecurityContext failed (probably certificate/protocol issue): {}", 282 "InitializeSecurityContext failed (probably certificate/protocol issue): {}",
277 Common::NativeErrorToString(ret)); 283 Common::NativeErrorToString(ret));
278 handshake_state_ = HandshakeState::Error; 284 handshake_state = HandshakeState::Error;
279 return ResultInternalError; 285 return ResultInternalError;
280 } 286 }
281 } 287 }
282 288
283 Result GrabStreamSizes() { 289 Result GrabStreamSizes() {
284 const SECURITY_STATUS ret = 290 const SECURITY_STATUS ret =
285 QueryContextAttributes(&ctxt_, SECPKG_ATTR_STREAM_SIZES, &stream_sizes_); 291 QueryContextAttributes(&ctxt, SECPKG_ATTR_STREAM_SIZES, &stream_sizes);
286 if (ret != SEC_E_OK) { 292 if (ret != SEC_E_OK) {
287 LOG_ERROR(Service_SSL, "QueryContextAttributes(SECPKG_ATTR_STREAM_SIZES) failed: {}", 293 LOG_ERROR(Service_SSL, "QueryContextAttributes(SECPKG_ATTR_STREAM_SIZES) failed: {}",
288 Common::NativeErrorToString(ret)); 294 Common::NativeErrorToString(ret));
289 handshake_state_ = HandshakeState::Error; 295 handshake_state = HandshakeState::Error;
290 return ResultInternalError; 296 return ResultInternalError;
291 } 297 }
292 return ResultSuccess; 298 return ResultSuccess;
293 } 299 }
294 300
295 ResultVal<size_t> Read(std::span<u8> data) override { 301 ResultVal<size_t> Read(std::span<u8> data) override {
296 if (handshake_state_ != HandshakeState::Connected) { 302 if (handshake_state != HandshakeState::Connected) {
297 LOG_ERROR(Service_SSL, "Called Read but we did not successfully handshake"); 303 LOG_ERROR(Service_SSL, "Called Read but we did not successfully handshake");
298 return ResultInternalError; 304 return ResultInternalError;
299 } 305 }
300 if (data.size() == 0 || got_read_eof_) { 306 if (data.size() == 0 || got_read_eof) {
301 return size_t(0); 307 return size_t(0);
302 } 308 }
303 while (1) { 309 while (1) {
304 if (!cleartext_read_buf_.empty()) { 310 if (!cleartext_read_buf.empty()) {
305 const size_t read_size = std::min(cleartext_read_buf_.size(), data.size()); 311 const size_t read_size = std::min(cleartext_read_buf.size(), data.size());
306 std::memcpy(data.data(), cleartext_read_buf_.data(), read_size); 312 std::memcpy(data.data(), cleartext_read_buf.data(), read_size);
307 cleartext_read_buf_.erase(cleartext_read_buf_.begin(), 313 cleartext_read_buf.erase(cleartext_read_buf.begin(),
308 cleartext_read_buf_.begin() + read_size); 314 cleartext_read_buf.begin() + read_size);
309 return read_size; 315 return read_size;
310 } 316 }
311 if (!ciphertext_read_buf_.empty()) { 317 if (!ciphertext_read_buf.empty()) {
312 SecBuffer empty{ 318 SecBuffer empty{
313 .cbBuffer = 0, 319 .cbBuffer = 0,
314 .BufferType = SECBUFFER_EMPTY, 320 .BufferType = SECBUFFER_EMPTY,
@@ -316,16 +322,16 @@ public:
316 }; 322 };
317 std::array<SecBuffer, 5> buffers{{ 323 std::array<SecBuffer, 5> buffers{{
318 { 324 {
319 .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf_.size()), 325 .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf.size()),
320 .BufferType = SECBUFFER_DATA, 326 .BufferType = SECBUFFER_DATA,
321 .pvBuffer = ciphertext_read_buf_.data(), 327 .pvBuffer = ciphertext_read_buf.data(),
322 }, 328 },
323 empty, 329 empty,
324 empty, 330 empty,
325 empty, 331 empty,
326 }}; 332 }};
327 ASSERT_OR_EXECUTE_MSG( 333 ASSERT_OR_EXECUTE_MSG(
328 buffers[0].cbBuffer == ciphertext_read_buf_.size(), 334 buffers[0].cbBuffer == ciphertext_read_buf.size(),
329 { return ResultInternalError; }, "read buffer too large"); 335 { return ResultInternalError; }, "read buffer too large");
330 SecBufferDesc desc{ 336 SecBufferDesc desc{
331 .ulVersion = SECBUFFER_VERSION, 337 .ulVersion = SECBUFFER_VERSION,
@@ -333,7 +339,7 @@ public:
333 .pBuffers = buffers.data(), 339 .pBuffers = buffers.data(),
334 }; 340 };
335 SECURITY_STATUS ret = 341 SECURITY_STATUS ret =
336 DecryptMessage(&ctxt_, &desc, /*MessageSeqNo*/ 0, /*pfQOP*/ nullptr); 342 DecryptMessage(&ctxt, &desc, /*MessageSeqNo*/ 0, /*pfQOP*/ nullptr);
337 switch (ret) { 343 switch (ret) {
338 case SEC_E_OK: 344 case SEC_E_OK:
339 ASSERT_OR_EXECUTE(buffers[0].BufferType == SECBUFFER_STREAM_HEADER, 345 ASSERT_OR_EXECUTE(buffers[0].BufferType == SECBUFFER_STREAM_HEADER,
@@ -342,24 +348,23 @@ public:
342 { return ResultInternalError; }); 348 { return ResultInternalError; });
343 ASSERT_OR_EXECUTE(buffers[2].BufferType == SECBUFFER_STREAM_TRAILER, 349 ASSERT_OR_EXECUTE(buffers[2].BufferType == SECBUFFER_STREAM_TRAILER,
344 { return ResultInternalError; }); 350 { return ResultInternalError; });
345 cleartext_read_buf_.assign(static_cast<u8*>(buffers[1].pvBuffer), 351 cleartext_read_buf.assign(static_cast<u8*>(buffers[1].pvBuffer),
346 static_cast<u8*>(buffers[1].pvBuffer) + 352 static_cast<u8*>(buffers[1].pvBuffer) +
347 buffers[1].cbBuffer); 353 buffers[1].cbBuffer);
348 if (buffers[3].BufferType == SECBUFFER_EXTRA) { 354 if (buffers[3].BufferType == SECBUFFER_EXTRA) {
349 ASSERT(buffers[3].cbBuffer <= ciphertext_read_buf_.size()); 355 ASSERT(buffers[3].cbBuffer <= ciphertext_read_buf.size());
350 ciphertext_read_buf_.erase(ciphertext_read_buf_.begin(), 356 ciphertext_read_buf.erase(ciphertext_read_buf.begin(),
351 ciphertext_read_buf_.end() - 357 ciphertext_read_buf.end() - buffers[3].cbBuffer);
352 buffers[3].cbBuffer);
353 } else { 358 } else {
354 ASSERT(buffers[3].BufferType == SECBUFFER_EMPTY); 359 ASSERT(buffers[3].BufferType == SECBUFFER_EMPTY);
355 ciphertext_read_buf_.clear(); 360 ciphertext_read_buf.clear();
356 } 361 }
357 continue; 362 continue;
358 case SEC_E_INCOMPLETE_MESSAGE: 363 case SEC_E_INCOMPLETE_MESSAGE:
359 break; 364 break;
360 case SEC_I_CONTEXT_EXPIRED: 365 case SEC_I_CONTEXT_EXPIRED:
361 // Server hung up by sending close_notify. 366 // Server hung up by sending close_notify.
362 got_read_eof_ = true; 367 got_read_eof = true;
363 return size_t(0); 368 return size_t(0);
364 default: 369 default:
365 LOG_ERROR(Service_SSL, "DecryptMessage failed: {}", 370 LOG_ERROR(Service_SSL, "DecryptMessage failed: {}",
@@ -371,43 +376,43 @@ public:
371 if (r != ResultSuccess) { 376 if (r != ResultSuccess) {
372 return r; 377 return r;
373 } 378 }
374 if (ciphertext_read_buf_.empty()) { 379 if (ciphertext_read_buf.empty()) {
375 got_read_eof_ = true; 380 got_read_eof = true;
376 return size_t(0); 381 return size_t(0);
377 } 382 }
378 } 383 }
379 } 384 }
380 385
381 ResultVal<size_t> Write(std::span<const u8> data) override { 386 ResultVal<size_t> Write(std::span<const u8> data) override {
382 if (handshake_state_ != HandshakeState::Connected) { 387 if (handshake_state != HandshakeState::Connected) {
383 LOG_ERROR(Service_SSL, "Called Write but we did not successfully handshake"); 388 LOG_ERROR(Service_SSL, "Called Write but we did not successfully handshake");
384 return ResultInternalError; 389 return ResultInternalError;
385 } 390 }
386 if (data.size() == 0) { 391 if (data.size() == 0) {
387 return size_t(0); 392 return size_t(0);
388 } 393 }
389 data = data.subspan(0, std::min<size_t>(data.size(), stream_sizes_.cbMaximumMessage)); 394 data = data.subspan(0, std::min<size_t>(data.size(), stream_sizes.cbMaximumMessage));
390 if (!cleartext_write_buf_.empty()) { 395 if (!cleartext_write_buf.empty()) {
391 // Already in the middle of a write. It wouldn't make sense to not 396 // Already in the middle of a write. It wouldn't make sense to not
392 // finish sending the entire buffer since TLS has 397 // finish sending the entire buffer since TLS has
393 // header/MAC/padding/etc. 398 // header/MAC/padding/etc.
394 if (data.size() != cleartext_write_buf_.size() || 399 if (data.size() != cleartext_write_buf.size() ||
395 std::memcmp(data.data(), cleartext_write_buf_.data(), data.size())) { 400 std::memcmp(data.data(), cleartext_write_buf.data(), data.size())) {
396 LOG_ERROR(Service_SSL, "Called Write but buffer does not match previous buffer"); 401 LOG_ERROR(Service_SSL, "Called Write but buffer does not match previous buffer");
397 return ResultInternalError; 402 return ResultInternalError;
398 } 403 }
399 return WriteAlreadyEncryptedData(); 404 return WriteAlreadyEncryptedData();
400 } else { 405 } else {
401 cleartext_write_buf_.assign(data.begin(), data.end()); 406 cleartext_write_buf.assign(data.begin(), data.end());
402 } 407 }
403 408
404 std::vector<u8> header_buf(stream_sizes_.cbHeader, 0); 409 std::vector<u8> header_buf(stream_sizes.cbHeader, 0);
405 std::vector<u8> tmp_data_buf = cleartext_write_buf_; 410 std::vector<u8> tmp_data_buf = cleartext_write_buf;
406 std::vector<u8> trailer_buf(stream_sizes_.cbTrailer, 0); 411 std::vector<u8> trailer_buf(stream_sizes.cbTrailer, 0);
407 412
408 std::array<SecBuffer, 3> buffers{{ 413 std::array<SecBuffer, 3> buffers{{
409 { 414 {
410 .cbBuffer = stream_sizes_.cbHeader, 415 .cbBuffer = stream_sizes.cbHeader,
411 .BufferType = SECBUFFER_STREAM_HEADER, 416 .BufferType = SECBUFFER_STREAM_HEADER,
412 .pvBuffer = header_buf.data(), 417 .pvBuffer = header_buf.data(),
413 }, 418 },
@@ -417,7 +422,7 @@ public:
417 .pvBuffer = tmp_data_buf.data(), 422 .pvBuffer = tmp_data_buf.data(),
418 }, 423 },
419 { 424 {
420 .cbBuffer = stream_sizes_.cbTrailer, 425 .cbBuffer = stream_sizes.cbTrailer,
421 .BufferType = SECBUFFER_STREAM_TRAILER, 426 .BufferType = SECBUFFER_STREAM_TRAILER,
422 .pvBuffer = trailer_buf.data(), 427 .pvBuffer = trailer_buf.data(),
423 }, 428 },
@@ -431,17 +436,17 @@ public:
431 .pBuffers = buffers.data(), 436 .pBuffers = buffers.data(),
432 }; 437 };
433 438
434 const SECURITY_STATUS ret = EncryptMessage(&ctxt_, /*fQOP*/ 0, &desc, /*MessageSeqNo*/ 0); 439 const SECURITY_STATUS ret = EncryptMessage(&ctxt, /*fQOP*/ 0, &desc, /*MessageSeqNo*/ 0);
435 if (ret != SEC_E_OK) { 440 if (ret != SEC_E_OK) {
436 LOG_ERROR(Service_SSL, "EncryptMessage failed: {}", Common::NativeErrorToString(ret)); 441 LOG_ERROR(Service_SSL, "EncryptMessage failed: {}", Common::NativeErrorToString(ret));
437 return ResultInternalError; 442 return ResultInternalError;
438 } 443 }
439 ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), header_buf.begin(), 444 ciphertext_write_buf.insert(ciphertext_write_buf.end(), header_buf.begin(),
440 header_buf.end()); 445 header_buf.end());
441 ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), tmp_data_buf.begin(), 446 ciphertext_write_buf.insert(ciphertext_write_buf.end(), tmp_data_buf.begin(),
442 tmp_data_buf.end()); 447 tmp_data_buf.end());
443 ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), trailer_buf.begin(), 448 ciphertext_write_buf.insert(ciphertext_write_buf.end(), trailer_buf.begin(),
444 trailer_buf.end()); 449 trailer_buf.end());
445 return WriteAlreadyEncryptedData(); 450 return WriteAlreadyEncryptedData();
446 } 451 }
447 452
@@ -451,15 +456,15 @@ public:
451 return r; 456 return r;
452 } 457 }
453 // write buf is empty 458 // write buf is empty
454 const size_t cleartext_bytes_written = cleartext_write_buf_.size(); 459 const size_t cleartext_bytes_written = cleartext_write_buf.size();
455 cleartext_write_buf_.clear(); 460 cleartext_write_buf.clear();
456 return cleartext_bytes_written; 461 return cleartext_bytes_written;
457 } 462 }
458 463
459 ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { 464 ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override {
460 PCCERT_CONTEXT returned_cert = nullptr; 465 PCCERT_CONTEXT returned_cert = nullptr;
461 const SECURITY_STATUS ret = 466 const SECURITY_STATUS ret =
462 QueryContextAttributes(&ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &returned_cert); 467 QueryContextAttributes(&ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &returned_cert);
463 if (ret != SEC_E_OK) { 468 if (ret != SEC_E_OK) {
464 LOG_ERROR(Service_SSL, 469 LOG_ERROR(Service_SSL,
465 "QueryContextAttributes(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: {}", 470 "QueryContextAttributes(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: {}",
@@ -480,8 +485,8 @@ public:
480 } 485 }
481 486
482 ~SSLConnectionBackendSchannel() { 487 ~SSLConnectionBackendSchannel() {
483 if (handshake_state_ != HandshakeState::Initial) { 488 if (handshake_state != HandshakeState::Initial) {
484 DeleteSecurityContext(&ctxt_); 489 DeleteSecurityContext(&ctxt);
485 } 490 }
486 } 491 }
487 492
@@ -509,21 +514,21 @@ public:
509 // Another error was returned and we shouldn't allow initialization 514 // Another error was returned and we shouldn't allow initialization
510 // to continue. 515 // to continue.
511 Error, 516 Error,
512 } handshake_state_ = HandshakeState::Initial; 517 } handshake_state = HandshakeState::Initial;
513 518
514 CtxtHandle ctxt_; 519 CtxtHandle ctxt;
515 SecPkgContext_StreamSizes stream_sizes_; 520 SecPkgContext_StreamSizes stream_sizes;
516 521
517 std::shared_ptr<Network::SocketBase> socket_; 522 std::shared_ptr<Network::SocketBase> socket;
518 std::optional<std::string> hostname_; 523 std::optional<std::string> hostname;
519 524
520 std::vector<u8> ciphertext_read_buf_; 525 std::vector<u8> ciphertext_read_buf;
521 std::vector<u8> ciphertext_write_buf_; 526 std::vector<u8> ciphertext_write_buf;
522 std::vector<u8> cleartext_read_buf_; 527 std::vector<u8> cleartext_read_buf;
523 std::vector<u8> cleartext_write_buf_; 528 std::vector<u8> cleartext_write_buf;
524 529
525 bool got_read_eof_ = false; 530 bool got_read_eof = false;
526 size_t read_buf_fill_size_ = 0; 531 size_t read_buf_fill_size = 0;
527}; 532};
528 533
529ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { 534ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() {
HIC SVNT DRACONES