diff options
Diffstat (limited to '')
| -rw-r--r-- | CMakeLists.txt | 3 | ||||
| -rw-r--r-- | src/core/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | src/core/hle/service/sockets/bsd.cpp | 23 | ||||
| -rw-r--r-- | src/core/hle/service/sockets/sfdnsres.cpp | 73 | ||||
| -rw-r--r-- | src/core/hle/service/ssl/ssl.cpp | 106 | ||||
| -rw-r--r-- | src/core/hle/service/ssl/ssl_backend_openssl.cpp | 66 | ||||
| -rw-r--r-- | src/core/hle/service/ssl/ssl_backend_schannel.cpp | 207 | ||||
| -rw-r--r-- | src/core/internal_network/network.cpp | 8 |
8 files changed, 278 insertions, 212 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 7e74733d6..14a9d85e3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt | |||
| @@ -64,8 +64,9 @@ option(YUZU_DOWNLOAD_TIME_ZONE_DATA "Always download time zone binaries" OFF) | |||
| 64 | CMAKE_DEPENDENT_OPTION(YUZU_USE_FASTER_LD "Check if a faster linker is available" ON "NOT WIN32" OFF) | 64 | CMAKE_DEPENDENT_OPTION(YUZU_USE_FASTER_LD "Check if a faster linker is available" ON "NOT WIN32" OFF) |
| 65 | 65 | ||
| 66 | set(DEFAULT_ENABLE_OPENSSL ON) | 66 | set(DEFAULT_ENABLE_OPENSSL ON) |
| 67 | if (ANDROID OR WIN32) | 67 | if (ANDROID OR WIN32 OR APPLE) |
| 68 | # - Windows defaults to the Schannel backend. | 68 | # - Windows defaults to the Schannel backend. |
| 69 | # - macOS defaults to the SecureTransport backend. | ||
| 69 | # - Android currently has no SSL backend as the NDK doesn't include any SSL | 70 | # - Android currently has no SSL backend as the NDK doesn't include any SSL |
| 70 | # library; a proper 'native' backend would have to go through Java. | 71 | # library; a proper 'native' backend would have to go through Java. |
| 71 | # But you can force builds for those platforms to use OpenSSL if you have | 72 | # But you can force builds for those platforms to use OpenSSL if you have |
diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt index dd2c053d0..8a66aa8ea 100644 --- a/src/core/CMakeLists.txt +++ b/src/core/CMakeLists.txt | |||
| @@ -868,6 +868,10 @@ if(ENABLE_OPENSSL) | |||
| 868 | target_sources(core PRIVATE | 868 | target_sources(core PRIVATE |
| 869 | hle/service/ssl/ssl_backend_openssl.cpp) | 869 | hle/service/ssl/ssl_backend_openssl.cpp) |
| 870 | target_link_libraries(core PRIVATE OpenSSL::SSL) | 870 | target_link_libraries(core PRIVATE OpenSSL::SSL) |
| 871 | elseif (APPLE) | ||
| 872 | target_sources(core PRIVATE | ||
| 873 | hle/service/ssl/ssl_backend_securetransport.cpp) | ||
| 874 | target_link_libraries(core PRIVATE "-framework Security") | ||
| 871 | elseif (WIN32) | 875 | elseif (WIN32) |
| 872 | target_sources(core PRIVATE | 876 | target_sources(core PRIVATE |
| 873 | hle/service/ssl/ssl_backend_schannel.cpp) | 877 | hle/service/ssl/ssl_backend_schannel.cpp) |
diff --git a/src/core/hle/service/sockets/bsd.cpp b/src/core/hle/service/sockets/bsd.cpp index 6034cc0b5..e63b0a357 100644 --- a/src/core/hle/service/sockets/bsd.cpp +++ b/src/core/hle/service/sockets/bsd.cpp | |||
| @@ -443,15 +443,28 @@ void BSD::Close(HLERequestContext& ctx) { | |||
| 443 | } | 443 | } |
| 444 | 444 | ||
| 445 | void BSD::DuplicateSocket(HLERequestContext& ctx) { | 445 | void BSD::DuplicateSocket(HLERequestContext& ctx) { |
| 446 | struct InputParameters { | ||
| 447 | s32 fd; | ||
| 448 | u64 reserved; | ||
| 449 | }; | ||
| 450 | static_assert(sizeof(InputParameters) == 0x10); | ||
| 451 | |||
| 452 | struct OutputParameters { | ||
| 453 | s32 ret; | ||
| 454 | Errno bsd_errno; | ||
| 455 | }; | ||
| 456 | static_assert(sizeof(OutputParameters) == 0x8); | ||
| 457 | |||
| 446 | IPC::RequestParser rp{ctx}; | 458 | IPC::RequestParser rp{ctx}; |
| 447 | const s32 fd = rp.Pop<s32>(); | 459 | auto input = rp.PopRaw<InputParameters>(); |
| 448 | [[maybe_unused]] const u64 unused = rp.Pop<u64>(); | ||
| 449 | 460 | ||
| 450 | Expected<s32, Errno> res = DuplicateSocketImpl(fd); | 461 | Expected<s32, Errno> res = DuplicateSocketImpl(input.fd); |
| 451 | IPC::ResponseBuilder rb{ctx, 4}; | 462 | IPC::ResponseBuilder rb{ctx, 4}; |
| 452 | rb.Push(ResultSuccess); | 463 | rb.Push(ResultSuccess); |
| 453 | rb.Push(res.value_or(0)); // ret | 464 | rb.PushRaw(OutputParameters{ |
| 454 | rb.Push(res ? 0 : static_cast<s32>(res.error())); // bsd errno | 465 | .ret = res.value_or(0), |
| 466 | .bsd_errno = res ? Errno::SUCCESS : res.error(), | ||
| 467 | }); | ||
| 455 | } | 468 | } |
| 456 | 469 | ||
| 457 | void BSD::EventFd(HLERequestContext& ctx) { | 470 | void BSD::EventFd(HLERequestContext& ctx) { |
diff --git a/src/core/hle/service/sockets/sfdnsres.cpp b/src/core/hle/service/sockets/sfdnsres.cpp index 45f0f526a..84cc79de8 100644 --- a/src/core/hle/service/sockets/sfdnsres.cpp +++ b/src/core/hle/service/sockets/sfdnsres.cpp | |||
| @@ -131,14 +131,15 @@ static std::vector<u8> SerializeAddrInfoAsHostEnt(const std::vector<Network::Add | |||
| 131 | } | 131 | } |
| 132 | 132 | ||
| 133 | static std::pair<u32, GetAddrInfoError> GetHostByNameRequestImpl(HLERequestContext& ctx) { | 133 | static std::pair<u32, GetAddrInfoError> GetHostByNameRequestImpl(HLERequestContext& ctx) { |
| 134 | struct Parameters { | 134 | struct InputParameters { |
| 135 | u8 use_nsd_resolve; | 135 | u8 use_nsd_resolve; |
| 136 | u32 cancel_handle; | 136 | u32 cancel_handle; |
| 137 | u64 process_id; | 137 | u64 process_id; |
| 138 | }; | 138 | }; |
| 139 | static_assert(sizeof(InputParameters) == 0x10); | ||
| 139 | 140 | ||
| 140 | IPC::RequestParser rp{ctx}; | 141 | IPC::RequestParser rp{ctx}; |
| 141 | const auto parameters = rp.PopRaw<Parameters>(); | 142 | const auto parameters = rp.PopRaw<InputParameters>(); |
| 142 | 143 | ||
| 143 | LOG_WARNING( | 144 | LOG_WARNING( |
| 144 | Service, | 145 | Service, |
| @@ -164,21 +165,39 @@ static std::pair<u32, GetAddrInfoError> GetHostByNameRequestImpl(HLERequestConte | |||
| 164 | void SFDNSRES::GetHostByNameRequest(HLERequestContext& ctx) { | 165 | void SFDNSRES::GetHostByNameRequest(HLERequestContext& ctx) { |
| 165 | auto [data_size, emu_gai_err] = GetHostByNameRequestImpl(ctx); | 166 | auto [data_size, emu_gai_err] = GetHostByNameRequestImpl(ctx); |
| 166 | 167 | ||
| 168 | struct OutputParameters { | ||
| 169 | NetDbError netdb_error; | ||
| 170 | Errno bsd_errno; | ||
| 171 | u32 data_size; | ||
| 172 | }; | ||
| 173 | static_assert(sizeof(OutputParameters) == 0xc); | ||
| 174 | |||
| 167 | IPC::ResponseBuilder rb{ctx, 5}; | 175 | IPC::ResponseBuilder rb{ctx, 5}; |
| 168 | rb.Push(ResultSuccess); | 176 | rb.Push(ResultSuccess); |
| 169 | rb.Push(static_cast<s32>(GetAddrInfoErrorToNetDbError(emu_gai_err))); // netdb error code | 177 | rb.PushRaw(OutputParameters{ |
| 170 | rb.Push(static_cast<s32>(GetAddrInfoErrorToErrno(emu_gai_err))); // errno | 178 | .netdb_error = GetAddrInfoErrorToNetDbError(emu_gai_err), |
| 171 | rb.Push(data_size); // serialized size | 179 | .bsd_errno = GetAddrInfoErrorToErrno(emu_gai_err), |
| 180 | .data_size = data_size, | ||
| 181 | }); | ||
| 172 | } | 182 | } |
| 173 | 183 | ||
| 174 | void SFDNSRES::GetHostByNameRequestWithOptions(HLERequestContext& ctx) { | 184 | void SFDNSRES::GetHostByNameRequestWithOptions(HLERequestContext& ctx) { |
| 175 | auto [data_size, emu_gai_err] = GetHostByNameRequestImpl(ctx); | 185 | auto [data_size, emu_gai_err] = GetHostByNameRequestImpl(ctx); |
| 176 | 186 | ||
| 187 | struct OutputParameters { | ||
| 188 | u32 data_size; | ||
| 189 | NetDbError netdb_error; | ||
| 190 | Errno bsd_errno; | ||
| 191 | }; | ||
| 192 | static_assert(sizeof(OutputParameters) == 0xc); | ||
| 193 | |||
| 177 | IPC::ResponseBuilder rb{ctx, 5}; | 194 | IPC::ResponseBuilder rb{ctx, 5}; |
| 178 | rb.Push(ResultSuccess); | 195 | rb.Push(ResultSuccess); |
| 179 | rb.Push(data_size); // serialized size | 196 | rb.PushRaw(OutputParameters{ |
| 180 | rb.Push(static_cast<s32>(GetAddrInfoErrorToNetDbError(emu_gai_err))); // netdb error code | 197 | .data_size = data_size, |
| 181 | rb.Push(static_cast<s32>(GetAddrInfoErrorToErrno(emu_gai_err))); // errno | 198 | .netdb_error = GetAddrInfoErrorToNetDbError(emu_gai_err), |
| 199 | .bsd_errno = GetAddrInfoErrorToErrno(emu_gai_err), | ||
| 200 | }); | ||
| 182 | } | 201 | } |
| 183 | 202 | ||
| 184 | static std::vector<u8> SerializeAddrInfo(const std::vector<Network::AddrInfo>& vec, | 203 | static std::vector<u8> SerializeAddrInfo(const std::vector<Network::AddrInfo>& vec, |
| @@ -221,14 +240,15 @@ static std::vector<u8> SerializeAddrInfo(const std::vector<Network::AddrInfo>& v | |||
| 221 | } | 240 | } |
| 222 | 241 | ||
| 223 | static std::pair<u32, GetAddrInfoError> GetAddrInfoRequestImpl(HLERequestContext& ctx) { | 242 | static std::pair<u32, GetAddrInfoError> GetAddrInfoRequestImpl(HLERequestContext& ctx) { |
| 224 | struct Parameters { | 243 | struct InputParameters { |
| 225 | u8 use_nsd_resolve; | 244 | u8 use_nsd_resolve; |
| 226 | u32 cancel_handle; | 245 | u32 cancel_handle; |
| 227 | u64 process_id; | 246 | u64 process_id; |
| 228 | }; | 247 | }; |
| 248 | static_assert(sizeof(InputParameters) == 0x10); | ||
| 229 | 249 | ||
| 230 | IPC::RequestParser rp{ctx}; | 250 | IPC::RequestParser rp{ctx}; |
| 231 | const auto parameters = rp.PopRaw<Parameters>(); | 251 | const auto parameters = rp.PopRaw<InputParameters>(); |
| 232 | 252 | ||
| 233 | LOG_WARNING( | 253 | LOG_WARNING( |
| 234 | Service, | 254 | Service, |
| @@ -264,23 +284,42 @@ static std::pair<u32, GetAddrInfoError> GetAddrInfoRequestImpl(HLERequestContext | |||
| 264 | void SFDNSRES::GetAddrInfoRequest(HLERequestContext& ctx) { | 284 | void SFDNSRES::GetAddrInfoRequest(HLERequestContext& ctx) { |
| 265 | auto [data_size, emu_gai_err] = GetAddrInfoRequestImpl(ctx); | 285 | auto [data_size, emu_gai_err] = GetAddrInfoRequestImpl(ctx); |
| 266 | 286 | ||
| 287 | struct OutputParameters { | ||
| 288 | Errno bsd_errno; | ||
| 289 | GetAddrInfoError gai_error; | ||
| 290 | u32 data_size; | ||
| 291 | }; | ||
| 292 | static_assert(sizeof(OutputParameters) == 0xc); | ||
| 293 | |||
| 267 | IPC::ResponseBuilder rb{ctx, 5}; | 294 | IPC::ResponseBuilder rb{ctx, 5}; |
| 268 | rb.Push(ResultSuccess); | 295 | rb.Push(ResultSuccess); |
| 269 | rb.Push(static_cast<s32>(GetAddrInfoErrorToErrno(emu_gai_err))); // errno | 296 | rb.PushRaw(OutputParameters{ |
| 270 | rb.Push(static_cast<s32>(emu_gai_err)); // getaddrinfo error code | 297 | .bsd_errno = GetAddrInfoErrorToErrno(emu_gai_err), |
| 271 | rb.Push(data_size); // serialized size | 298 | .gai_error = emu_gai_err, |
| 299 | .data_size = data_size, | ||
| 300 | }); | ||
| 272 | } | 301 | } |
| 273 | 302 | ||
| 274 | void SFDNSRES::GetAddrInfoRequestWithOptions(HLERequestContext& ctx) { | 303 | void SFDNSRES::GetAddrInfoRequestWithOptions(HLERequestContext& ctx) { |
| 275 | // Additional options are ignored | 304 | // Additional options are ignored |
| 276 | auto [data_size, emu_gai_err] = GetAddrInfoRequestImpl(ctx); | 305 | auto [data_size, emu_gai_err] = GetAddrInfoRequestImpl(ctx); |
| 277 | 306 | ||
| 307 | struct OutputParameters { | ||
| 308 | u32 data_size; | ||
| 309 | GetAddrInfoError gai_error; | ||
| 310 | NetDbError netdb_error; | ||
| 311 | Errno bsd_errno; | ||
| 312 | }; | ||
| 313 | static_assert(sizeof(OutputParameters) == 0x10); | ||
| 314 | |||
| 278 | IPC::ResponseBuilder rb{ctx, 6}; | 315 | IPC::ResponseBuilder rb{ctx, 6}; |
| 279 | rb.Push(ResultSuccess); | 316 | rb.Push(ResultSuccess); |
| 280 | rb.Push(data_size); // serialized size | 317 | rb.PushRaw(OutputParameters{ |
| 281 | rb.Push(static_cast<s32>(emu_gai_err)); // getaddrinfo error code | 318 | .data_size = data_size, |
| 282 | rb.Push(static_cast<s32>(GetAddrInfoErrorToNetDbError(emu_gai_err))); // netdb error code | 319 | .gai_error = emu_gai_err, |
| 283 | rb.Push(static_cast<s32>(GetAddrInfoErrorToErrno(emu_gai_err))); // errno | 320 | .netdb_error = GetAddrInfoErrorToNetDbError(emu_gai_err), |
| 321 | .bsd_errno = GetAddrInfoErrorToErrno(emu_gai_err), | ||
| 322 | }); | ||
| 284 | } | 323 | } |
| 285 | 324 | ||
| 286 | void SFDNSRES::ResolverSetOptionRequest(HLERequestContext& ctx) { | 325 | void SFDNSRES::ResolverSetOptionRequest(HLERequestContext& ctx) { |
diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp index 5638dd693..0919be55f 100644 --- a/src/core/hle/service/ssl/ssl.cpp +++ b/src/core/hle/service/ssl/ssl.cpp | |||
| @@ -64,7 +64,7 @@ public: | |||
| 64 | std::shared_ptr<SslContextSharedData>& shared_data, | 64 | std::shared_ptr<SslContextSharedData>& shared_data, |
| 65 | std::unique_ptr<SSLConnectionBackend>&& backend) | 65 | std::unique_ptr<SSLConnectionBackend>&& backend) |
| 66 | : ServiceFramework{system_, "ISslConnection"}, ssl_version{version}, | 66 | : ServiceFramework{system_, "ISslConnection"}, ssl_version{version}, |
| 67 | shared_data_{shared_data}, backend_{std::move(backend)} { | 67 | shared_data{shared_data}, backend{std::move(backend)} { |
| 68 | // clang-format off | 68 | // clang-format off |
| 69 | static const FunctionInfo functions[] = { | 69 | static const FunctionInfo functions[] = { |
| 70 | {0, &ISslConnection::SetSocketDescriptor, "SetSocketDescriptor"}, | 70 | {0, &ISslConnection::SetSocketDescriptor, "SetSocketDescriptor"}, |
| @@ -112,10 +112,10 @@ public: | |||
| 112 | } | 112 | } |
| 113 | 113 | ||
| 114 | ~ISslConnection() { | 114 | ~ISslConnection() { |
| 115 | shared_data_->connection_count--; | 115 | shared_data->connection_count--; |
| 116 | if (fd_to_close_.has_value()) { | 116 | if (fd_to_close.has_value()) { |
| 117 | const s32 fd = *fd_to_close_; | 117 | const s32 fd = *fd_to_close; |
| 118 | if (!do_not_close_socket_) { | 118 | if (!do_not_close_socket) { |
| 119 | LOG_ERROR(Service_SSL, | 119 | LOG_ERROR(Service_SSL, |
| 120 | "do_not_close_socket was changed after setting socket; is this right?"); | 120 | "do_not_close_socket was changed after setting socket; is this right?"); |
| 121 | } else { | 121 | } else { |
| @@ -132,30 +132,30 @@ public: | |||
| 132 | 132 | ||
| 133 | private: | 133 | private: |
| 134 | SslVersion ssl_version; | 134 | SslVersion ssl_version; |
| 135 | std::shared_ptr<SslContextSharedData> shared_data_; | 135 | std::shared_ptr<SslContextSharedData> shared_data; |
| 136 | std::unique_ptr<SSLConnectionBackend> backend_; | 136 | std::unique_ptr<SSLConnectionBackend> backend; |
| 137 | std::optional<int> fd_to_close_; | 137 | std::optional<int> fd_to_close; |
| 138 | bool do_not_close_socket_ = false; | 138 | bool do_not_close_socket = false; |
| 139 | bool get_server_cert_chain_ = false; | 139 | bool get_server_cert_chain = false; |
| 140 | std::shared_ptr<Network::SocketBase> socket_; | 140 | std::shared_ptr<Network::SocketBase> socket; |
| 141 | bool did_set_host_name_ = false; | 141 | bool did_set_host_name = false; |
| 142 | bool did_handshake_ = false; | 142 | bool did_handshake = false; |
| 143 | 143 | ||
| 144 | ResultVal<s32> SetSocketDescriptorImpl(s32 fd) { | 144 | ResultVal<s32> SetSocketDescriptorImpl(s32 fd) { |
| 145 | LOG_DEBUG(Service_SSL, "called, fd={}", fd); | 145 | LOG_DEBUG(Service_SSL, "called, fd={}", fd); |
| 146 | ASSERT(!did_handshake_); | 146 | ASSERT(!did_handshake); |
| 147 | auto bsd = system.ServiceManager().GetService<Service::Sockets::BSD>("bsd:u"); | 147 | auto bsd = system.ServiceManager().GetService<Service::Sockets::BSD>("bsd:u"); |
| 148 | ASSERT_OR_EXECUTE(bsd, { return ResultInternalError; }); | 148 | ASSERT_OR_EXECUTE(bsd, { return ResultInternalError; }); |
| 149 | s32 ret_fd; | 149 | s32 ret_fd; |
| 150 | // Based on https://switchbrew.org/wiki/SSL_services#SetSocketDescriptor | 150 | // Based on https://switchbrew.org/wiki/SSL_services#SetSocketDescriptor |
| 151 | if (do_not_close_socket_) { | 151 | if (do_not_close_socket) { |
| 152 | auto res = bsd->DuplicateSocketImpl(fd); | 152 | auto res = bsd->DuplicateSocketImpl(fd); |
| 153 | if (!res.has_value()) { | 153 | if (!res.has_value()) { |
| 154 | LOG_ERROR(Service_SSL, "Failed to duplicate socket with fd {}", fd); | 154 | LOG_ERROR(Service_SSL, "Failed to duplicate socket with fd {}", fd); |
| 155 | return ResultInvalidSocket; | 155 | return ResultInvalidSocket; |
| 156 | } | 156 | } |
| 157 | fd = *res; | 157 | fd = *res; |
| 158 | fd_to_close_ = fd; | 158 | fd_to_close = fd; |
| 159 | ret_fd = fd; | 159 | ret_fd = fd; |
| 160 | } else { | 160 | } else { |
| 161 | ret_fd = -1; | 161 | ret_fd = -1; |
| @@ -165,34 +165,34 @@ private: | |||
| 165 | LOG_ERROR(Service_SSL, "invalid socket fd {}", fd); | 165 | LOG_ERROR(Service_SSL, "invalid socket fd {}", fd); |
| 166 | return ResultInvalidSocket; | 166 | return ResultInvalidSocket; |
| 167 | } | 167 | } |
| 168 | socket_ = std::move(*sock); | 168 | socket = std::move(*sock); |
| 169 | backend_->SetSocket(socket_); | 169 | backend->SetSocket(socket); |
| 170 | return ret_fd; | 170 | return ret_fd; |
| 171 | } | 171 | } |
| 172 | 172 | ||
| 173 | Result SetHostNameImpl(const std::string& hostname) { | 173 | Result SetHostNameImpl(const std::string& hostname) { |
| 174 | LOG_DEBUG(Service_SSL, "called. hostname={}", hostname); | 174 | LOG_DEBUG(Service_SSL, "called. hostname={}", hostname); |
| 175 | ASSERT(!did_handshake_); | 175 | ASSERT(!did_handshake); |
| 176 | Result res = backend_->SetHostName(hostname); | 176 | Result res = backend->SetHostName(hostname); |
| 177 | if (res == ResultSuccess) { | 177 | if (res == ResultSuccess) { |
| 178 | did_set_host_name_ = true; | 178 | did_set_host_name = true; |
| 179 | } | 179 | } |
| 180 | return res; | 180 | return res; |
| 181 | } | 181 | } |
| 182 | 182 | ||
| 183 | Result SetVerifyOptionImpl(u32 option) { | 183 | Result SetVerifyOptionImpl(u32 option) { |
| 184 | ASSERT(!did_handshake_); | 184 | ASSERT(!did_handshake); |
| 185 | LOG_WARNING(Service_SSL, "(STUBBED) called. option={}", option); | 185 | LOG_WARNING(Service_SSL, "(STUBBED) called. option={}", option); |
| 186 | return ResultSuccess; | 186 | return ResultSuccess; |
| 187 | } | 187 | } |
| 188 | 188 | ||
| 189 | Result SetIOModeImpl(u32 _mode) { | 189 | Result SetIoModeImpl(u32 input_mode) { |
| 190 | auto mode = static_cast<IoMode>(_mode); | 190 | auto mode = static_cast<IoMode>(input_mode); |
| 191 | ASSERT(mode == IoMode::Blocking || mode == IoMode::NonBlocking); | 191 | ASSERT(mode == IoMode::Blocking || mode == IoMode::NonBlocking); |
| 192 | ASSERT_OR_EXECUTE(socket_, { return ResultNoSocket; }); | 192 | ASSERT_OR_EXECUTE(socket, { return ResultNoSocket; }); |
| 193 | 193 | ||
| 194 | const bool non_block = mode == IoMode::NonBlocking; | 194 | const bool non_block = mode == IoMode::NonBlocking; |
| 195 | const Network::Errno error = socket_->SetNonBlock(non_block); | 195 | const Network::Errno error = socket->SetNonBlock(non_block); |
| 196 | if (error != Network::Errno::SUCCESS) { | 196 | if (error != Network::Errno::SUCCESS) { |
| 197 | LOG_ERROR(Service_SSL, "Failed to set native socket non-block flag to {}", non_block); | 197 | LOG_ERROR(Service_SSL, "Failed to set native socket non-block flag to {}", non_block); |
| 198 | } | 198 | } |
| @@ -200,18 +200,18 @@ private: | |||
| 200 | } | 200 | } |
| 201 | 201 | ||
| 202 | Result SetSessionCacheModeImpl(u32 mode) { | 202 | Result SetSessionCacheModeImpl(u32 mode) { |
| 203 | ASSERT(!did_handshake_); | 203 | ASSERT(!did_handshake); |
| 204 | LOG_WARNING(Service_SSL, "(STUBBED) called. value={}", mode); | 204 | LOG_WARNING(Service_SSL, "(STUBBED) called. value={}", mode); |
| 205 | return ResultSuccess; | 205 | return ResultSuccess; |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | Result DoHandshakeImpl() { | 208 | Result DoHandshakeImpl() { |
| 209 | ASSERT_OR_EXECUTE(!did_handshake_ && socket_, { return ResultNoSocket; }); | 209 | ASSERT_OR_EXECUTE(!did_handshake && socket, { return ResultNoSocket; }); |
| 210 | ASSERT_OR_EXECUTE_MSG( | 210 | ASSERT_OR_EXECUTE_MSG( |
| 211 | did_set_host_name_, { return ResultInternalError; }, | 211 | did_set_host_name, { return ResultInternalError; }, |
| 212 | "Expected SetHostName before DoHandshake"); | 212 | "Expected SetHostName before DoHandshake"); |
| 213 | Result res = backend_->DoHandshake(); | 213 | Result res = backend->DoHandshake(); |
| 214 | did_handshake_ = res.IsSuccess(); | 214 | did_handshake = res.IsSuccess(); |
| 215 | return res; | 215 | return res; |
| 216 | } | 216 | } |
| 217 | 217 | ||
| @@ -225,7 +225,7 @@ private: | |||
| 225 | u32 size; | 225 | u32 size; |
| 226 | u32 offset; | 226 | u32 offset; |
| 227 | }; | 227 | }; |
| 228 | if (!get_server_cert_chain_) { | 228 | if (!get_server_cert_chain) { |
| 229 | // Just return the first one, unencoded. | 229 | // Just return the first one, unencoded. |
| 230 | ASSERT_OR_EXECUTE_MSG( | 230 | ASSERT_OR_EXECUTE_MSG( |
| 231 | !certs.empty(), { return {}; }, "Should be at least one server cert"); | 231 | !certs.empty(), { return {}; }, "Should be at least one server cert"); |
| @@ -248,9 +248,9 @@ private: | |||
| 248 | } | 248 | } |
| 249 | 249 | ||
| 250 | ResultVal<std::vector<u8>> ReadImpl(size_t size) { | 250 | ResultVal<std::vector<u8>> ReadImpl(size_t size) { |
| 251 | ASSERT_OR_EXECUTE(did_handshake_, { return ResultInternalError; }); | 251 | ASSERT_OR_EXECUTE(did_handshake, { return ResultInternalError; }); |
| 252 | std::vector<u8> res(size); | 252 | std::vector<u8> res(size); |
| 253 | ResultVal<size_t> actual = backend_->Read(res); | 253 | ResultVal<size_t> actual = backend->Read(res); |
| 254 | if (actual.Failed()) { | 254 | if (actual.Failed()) { |
| 255 | return actual.Code(); | 255 | return actual.Code(); |
| 256 | } | 256 | } |
| @@ -259,8 +259,8 @@ private: | |||
| 259 | } | 259 | } |
| 260 | 260 | ||
| 261 | ResultVal<size_t> WriteImpl(std::span<const u8> data) { | 261 | ResultVal<size_t> WriteImpl(std::span<const u8> data) { |
| 262 | ASSERT_OR_EXECUTE(did_handshake_, { return ResultInternalError; }); | 262 | ASSERT_OR_EXECUTE(did_handshake, { return ResultInternalError; }); |
| 263 | return backend_->Write(data); | 263 | return backend->Write(data); |
| 264 | } | 264 | } |
| 265 | 265 | ||
| 266 | ResultVal<s32> PendingImpl() { | 266 | ResultVal<s32> PendingImpl() { |
| @@ -295,7 +295,7 @@ private: | |||
| 295 | void SetIoMode(HLERequestContext& ctx) { | 295 | void SetIoMode(HLERequestContext& ctx) { |
| 296 | IPC::RequestParser rp{ctx}; | 296 | IPC::RequestParser rp{ctx}; |
| 297 | const u32 mode = rp.Pop<u32>(); | 297 | const u32 mode = rp.Pop<u32>(); |
| 298 | const Result res = SetIOModeImpl(mode); | 298 | const Result res = SetIoModeImpl(mode); |
| 299 | IPC::ResponseBuilder rb{ctx, 2}; | 299 | IPC::ResponseBuilder rb{ctx, 2}; |
| 300 | rb.Push(res); | 300 | rb.Push(res); |
| 301 | } | 301 | } |
| @@ -307,22 +307,26 @@ private: | |||
| 307 | } | 307 | } |
| 308 | 308 | ||
| 309 | void DoHandshakeGetServerCert(HLERequestContext& ctx) { | 309 | void DoHandshakeGetServerCert(HLERequestContext& ctx) { |
| 310 | struct OutputParameters { | ||
| 311 | u32 certs_size; | ||
| 312 | u32 certs_count; | ||
| 313 | }; | ||
| 314 | static_assert(sizeof(OutputParameters) == 0x8); | ||
| 315 | |||
| 310 | const Result res = DoHandshakeImpl(); | 316 | const Result res = DoHandshakeImpl(); |
| 311 | u32 certs_count = 0; | 317 | OutputParameters out{}; |
| 312 | u32 certs_size = 0; | ||
| 313 | if (res == ResultSuccess) { | 318 | if (res == ResultSuccess) { |
| 314 | auto certs = backend_->GetServerCerts(); | 319 | auto certs = backend->GetServerCerts(); |
| 315 | if (certs.Succeeded()) { | 320 | if (certs.Succeeded()) { |
| 316 | const std::vector<u8> certs_buf = SerializeServerCerts(*certs); | 321 | const std::vector<u8> certs_buf = SerializeServerCerts(*certs); |
| 317 | ctx.WriteBuffer(certs_buf); | 322 | ctx.WriteBuffer(certs_buf); |
| 318 | certs_count = static_cast<u32>(certs->size()); | 323 | out.certs_count = static_cast<u32>(certs->size()); |
| 319 | certs_size = static_cast<u32>(certs_buf.size()); | 324 | out.certs_size = static_cast<u32>(certs_buf.size()); |
| 320 | } | 325 | } |
| 321 | } | 326 | } |
| 322 | IPC::ResponseBuilder rb{ctx, 4}; | 327 | IPC::ResponseBuilder rb{ctx, 4}; |
| 323 | rb.Push(res); | 328 | rb.Push(res); |
| 324 | rb.Push(certs_size); | 329 | rb.PushRaw(out); |
| 325 | rb.Push(certs_count); | ||
| 326 | } | 330 | } |
| 327 | 331 | ||
| 328 | void Read(HLERequestContext& ctx) { | 332 | void Read(HLERequestContext& ctx) { |
| @@ -371,10 +375,10 @@ private: | |||
| 371 | 375 | ||
| 372 | switch (parameters.option) { | 376 | switch (parameters.option) { |
| 373 | case OptionType::DoNotCloseSocket: | 377 | case OptionType::DoNotCloseSocket: |
| 374 | do_not_close_socket_ = static_cast<bool>(parameters.value); | 378 | do_not_close_socket = static_cast<bool>(parameters.value); |
| 375 | break; | 379 | break; |
| 376 | case OptionType::GetServerCertChain: | 380 | case OptionType::GetServerCertChain: |
| 377 | get_server_cert_chain_ = static_cast<bool>(parameters.value); | 381 | get_server_cert_chain = static_cast<bool>(parameters.value); |
| 378 | break; | 382 | break; |
| 379 | default: | 383 | default: |
| 380 | LOG_WARNING(Service_SSL, "Unknown option={}, value={}", parameters.option, | 384 | LOG_WARNING(Service_SSL, "Unknown option={}, value={}", parameters.option, |
| @@ -390,7 +394,7 @@ class ISslContext final : public ServiceFramework<ISslContext> { | |||
| 390 | public: | 394 | public: |
| 391 | explicit ISslContext(Core::System& system_, SslVersion version) | 395 | explicit ISslContext(Core::System& system_, SslVersion version) |
| 392 | : ServiceFramework{system_, "ISslContext"}, ssl_version{version}, | 396 | : ServiceFramework{system_, "ISslContext"}, ssl_version{version}, |
| 393 | shared_data_{std::make_shared<SslContextSharedData>()} { | 397 | shared_data{std::make_shared<SslContextSharedData>()} { |
| 394 | static const FunctionInfo functions[] = { | 398 | static const FunctionInfo functions[] = { |
| 395 | {0, &ISslContext::SetOption, "SetOption"}, | 399 | {0, &ISslContext::SetOption, "SetOption"}, |
| 396 | {1, nullptr, "GetOption"}, | 400 | {1, nullptr, "GetOption"}, |
| @@ -412,7 +416,7 @@ public: | |||
| 412 | 416 | ||
| 413 | private: | 417 | private: |
| 414 | SslVersion ssl_version; | 418 | SslVersion ssl_version; |
| 415 | std::shared_ptr<SslContextSharedData> shared_data_; | 419 | std::shared_ptr<SslContextSharedData> shared_data; |
| 416 | 420 | ||
| 417 | void SetOption(HLERequestContext& ctx) { | 421 | void SetOption(HLERequestContext& ctx) { |
| 418 | struct Parameters { | 422 | struct Parameters { |
| @@ -439,17 +443,17 @@ private: | |||
| 439 | IPC::ResponseBuilder rb{ctx, 2, 0, 1}; | 443 | IPC::ResponseBuilder rb{ctx, 2, 0, 1}; |
| 440 | rb.Push(backend_res.Code()); | 444 | rb.Push(backend_res.Code()); |
| 441 | if (backend_res.Succeeded()) { | 445 | if (backend_res.Succeeded()) { |
| 442 | rb.PushIpcInterface<ISslConnection>(system, ssl_version, shared_data_, | 446 | rb.PushIpcInterface<ISslConnection>(system, ssl_version, shared_data, |
| 443 | std::move(*backend_res)); | 447 | std::move(*backend_res)); |
| 444 | } | 448 | } |
| 445 | } | 449 | } |
| 446 | 450 | ||
| 447 | void GetConnectionCount(HLERequestContext& ctx) { | 451 | void GetConnectionCount(HLERequestContext& ctx) { |
| 448 | LOG_WARNING(Service_SSL, "connection_count={}", shared_data_->connection_count); | 452 | LOG_DEBUG(Service_SSL, "connection_count={}", shared_data->connection_count); |
| 449 | 453 | ||
| 450 | IPC::ResponseBuilder rb{ctx, 3}; | 454 | IPC::ResponseBuilder rb{ctx, 3}; |
| 451 | rb.Push(ResultSuccess); | 455 | rb.Push(ResultSuccess); |
| 452 | rb.Push(shared_data_->connection_count); | 456 | rb.Push(shared_data->connection_count); |
| 453 | } | 457 | } |
| 454 | 458 | ||
| 455 | void ImportServerPki(HLERequestContext& ctx) { | 459 | void ImportServerPki(HLERequestContext& ctx) { |
diff --git a/src/core/hle/service/ssl/ssl_backend_openssl.cpp b/src/core/hle/service/ssl/ssl_backend_openssl.cpp index e7d5801fd..f69674f77 100644 --- a/src/core/hle/service/ssl/ssl_backend_openssl.cpp +++ b/src/core/hle/service/ssl/ssl_backend_openssl.cpp | |||
| @@ -51,37 +51,37 @@ public: | |||
| 51 | return ResultInternalError; | 51 | return ResultInternalError; |
| 52 | } | 52 | } |
| 53 | 53 | ||
| 54 | ssl_ = SSL_new(ssl_ctx); | 54 | ssl = SSL_new(ssl_ctx); |
| 55 | if (!ssl_) { | 55 | if (!ssl) { |
| 56 | LOG_ERROR(Service_SSL, "SSL_new failed"); | 56 | LOG_ERROR(Service_SSL, "SSL_new failed"); |
| 57 | return CheckOpenSSLErrors(); | 57 | return CheckOpenSSLErrors(); |
| 58 | } | 58 | } |
| 59 | 59 | ||
| 60 | SSL_set_connect_state(ssl_); | 60 | SSL_set_connect_state(ssl); |
| 61 | 61 | ||
| 62 | bio_ = BIO_new(bio_meth); | 62 | bio = BIO_new(bio_meth); |
| 63 | if (!bio_) { | 63 | if (!bio) { |
| 64 | LOG_ERROR(Service_SSL, "BIO_new failed"); | 64 | LOG_ERROR(Service_SSL, "BIO_new failed"); |
| 65 | return CheckOpenSSLErrors(); | 65 | return CheckOpenSSLErrors(); |
| 66 | } | 66 | } |
| 67 | 67 | ||
| 68 | BIO_set_data(bio_, this); | 68 | BIO_set_data(bio, this); |
| 69 | BIO_set_init(bio_, 1); | 69 | BIO_set_init(bio, 1); |
| 70 | SSL_set_bio(ssl_, bio_, bio_); | 70 | SSL_set_bio(ssl, bio, bio); |
| 71 | 71 | ||
| 72 | return ResultSuccess; | 72 | return ResultSuccess; |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | void SetSocket(std::shared_ptr<Network::SocketBase> socket) override { | 75 | void SetSocket(std::shared_ptr<Network::SocketBase> socket_in) override { |
| 76 | socket_ = socket; | 76 | socket = std::move(socket_in); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | Result SetHostName(const std::string& hostname) override { | 79 | Result SetHostName(const std::string& hostname) override { |
| 80 | if (!SSL_set1_host(ssl_, hostname.c_str())) { // hostname for verification | 80 | if (!SSL_set1_host(ssl, hostname.c_str())) { // hostname for verification |
| 81 | LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname); | 81 | LOG_ERROR(Service_SSL, "SSL_set1_host({}) failed", hostname); |
| 82 | return CheckOpenSSLErrors(); | 82 | return CheckOpenSSLErrors(); |
| 83 | } | 83 | } |
| 84 | if (!SSL_set_tlsext_host_name(ssl_, hostname.c_str())) { // hostname for SNI | 84 | if (!SSL_set_tlsext_host_name(ssl, hostname.c_str())) { // hostname for SNI |
| 85 | LOG_ERROR(Service_SSL, "SSL_set_tlsext_host_name({}) failed", hostname); | 85 | LOG_ERROR(Service_SSL, "SSL_set_tlsext_host_name({}) failed", hostname); |
| 86 | return CheckOpenSSLErrors(); | 86 | return CheckOpenSSLErrors(); |
| 87 | } | 87 | } |
| @@ -89,18 +89,18 @@ public: | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | Result DoHandshake() override { | 91 | Result DoHandshake() override { |
| 92 | SSL_set_verify_result(ssl_, X509_V_OK); | 92 | SSL_set_verify_result(ssl, X509_V_OK); |
| 93 | const int ret = SSL_do_handshake(ssl_); | 93 | const int ret = SSL_do_handshake(ssl); |
| 94 | const long verify_result = SSL_get_verify_result(ssl_); | 94 | const long verify_result = SSL_get_verify_result(ssl); |
| 95 | if (verify_result != X509_V_OK) { | 95 | if (verify_result != X509_V_OK) { |
| 96 | LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}", | 96 | LOG_ERROR(Service_SSL, "SSL cert verification failed because: {}", |
| 97 | X509_verify_cert_error_string(verify_result)); | 97 | X509_verify_cert_error_string(verify_result)); |
| 98 | return CheckOpenSSLErrors(); | 98 | return CheckOpenSSLErrors(); |
| 99 | } | 99 | } |
| 100 | if (ret <= 0) { | 100 | if (ret <= 0) { |
| 101 | const int ssl_err = SSL_get_error(ssl_, ret); | 101 | const int ssl_err = SSL_get_error(ssl, ret); |
| 102 | if (ssl_err == SSL_ERROR_ZERO_RETURN || | 102 | if (ssl_err == SSL_ERROR_ZERO_RETURN || |
| 103 | (ssl_err == SSL_ERROR_SYSCALL && got_read_eof_)) { | 103 | (ssl_err == SSL_ERROR_SYSCALL && got_read_eof)) { |
| 104 | LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); | 104 | LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); |
| 105 | return ResultInternalError; | 105 | return ResultInternalError; |
| 106 | } | 106 | } |
| @@ -110,18 +110,18 @@ public: | |||
| 110 | 110 | ||
| 111 | ResultVal<size_t> Read(std::span<u8> data) override { | 111 | ResultVal<size_t> Read(std::span<u8> data) override { |
| 112 | size_t actual; | 112 | size_t actual; |
| 113 | const int ret = SSL_read_ex(ssl_, data.data(), data.size(), &actual); | 113 | const int ret = SSL_read_ex(ssl, data.data(), data.size(), &actual); |
| 114 | return HandleReturn("SSL_read_ex", actual, ret); | 114 | return HandleReturn("SSL_read_ex", actual, ret); |
| 115 | } | 115 | } |
| 116 | 116 | ||
| 117 | ResultVal<size_t> Write(std::span<const u8> data) override { | 117 | ResultVal<size_t> Write(std::span<const u8> data) override { |
| 118 | size_t actual; | 118 | size_t actual; |
| 119 | const int ret = SSL_write_ex(ssl_, data.data(), data.size(), &actual); | 119 | const int ret = SSL_write_ex(ssl, data.data(), data.size(), &actual); |
| 120 | return HandleReturn("SSL_write_ex", actual, ret); | 120 | return HandleReturn("SSL_write_ex", actual, ret); |
| 121 | } | 121 | } |
| 122 | 122 | ||
| 123 | ResultVal<size_t> HandleReturn(const char* what, size_t actual, int ret) { | 123 | ResultVal<size_t> HandleReturn(const char* what, size_t actual, int ret) { |
| 124 | const int ssl_err = SSL_get_error(ssl_, ret); | 124 | const int ssl_err = SSL_get_error(ssl, ret); |
| 125 | CheckOpenSSLErrors(); | 125 | CheckOpenSSLErrors(); |
| 126 | switch (ssl_err) { | 126 | switch (ssl_err) { |
| 127 | case SSL_ERROR_NONE: | 127 | case SSL_ERROR_NONE: |
| @@ -137,7 +137,7 @@ public: | |||
| 137 | LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_WANT_WRITE", what); | 137 | LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_WANT_WRITE", what); |
| 138 | return ResultWouldBlock; | 138 | return ResultWouldBlock; |
| 139 | default: | 139 | default: |
| 140 | if (ssl_err == SSL_ERROR_SYSCALL && got_read_eof_) { | 140 | if (ssl_err == SSL_ERROR_SYSCALL && got_read_eof) { |
| 141 | LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_SYSCALL because server hung up", what); | 141 | LOG_DEBUG(Service_SSL, "{} => SSL_ERROR_SYSCALL because server hung up", what); |
| 142 | return size_t(0); | 142 | return size_t(0); |
| 143 | } | 143 | } |
| @@ -147,7 +147,7 @@ public: | |||
| 147 | } | 147 | } |
| 148 | 148 | ||
| 149 | ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { | 149 | ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { |
| 150 | STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); | 150 | STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl); |
| 151 | if (!chain) { | 151 | if (!chain) { |
| 152 | LOG_ERROR(Service_SSL, "SSL_get_peer_cert_chain returned nullptr"); | 152 | LOG_ERROR(Service_SSL, "SSL_get_peer_cert_chain returned nullptr"); |
| 153 | return ResultInternalError; | 153 | return ResultInternalError; |
| @@ -169,8 +169,8 @@ public: | |||
| 169 | 169 | ||
| 170 | ~SSLConnectionBackendOpenSSL() { | 170 | ~SSLConnectionBackendOpenSSL() { |
| 171 | // these are null-tolerant: | 171 | // these are null-tolerant: |
| 172 | SSL_free(ssl_); | 172 | SSL_free(ssl); |
| 173 | BIO_free(bio_); | 173 | BIO_free(bio); |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | static void KeyLogCallback(const SSL* ssl, const char* line) { | 176 | static void KeyLogCallback(const SSL* ssl, const char* line) { |
| @@ -188,9 +188,9 @@ public: | |||
| 188 | static int WriteCallback(BIO* bio, const char* buf, size_t len, size_t* actual_p) { | 188 | static int WriteCallback(BIO* bio, const char* buf, size_t len, size_t* actual_p) { |
| 189 | auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); | 189 | auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); |
| 190 | ASSERT_OR_EXECUTE_MSG( | 190 | ASSERT_OR_EXECUTE_MSG( |
| 191 | self->socket_, { return 0; }, "OpenSSL asked to send but we have no socket"); | 191 | self->socket, { return 0; }, "OpenSSL asked to send but we have no socket"); |
| 192 | BIO_clear_retry_flags(bio); | 192 | BIO_clear_retry_flags(bio); |
| 193 | auto [actual, err] = self->socket_->Send({reinterpret_cast<const u8*>(buf), len}, 0); | 193 | auto [actual, err] = self->socket->Send({reinterpret_cast<const u8*>(buf), len}, 0); |
| 194 | switch (err) { | 194 | switch (err) { |
| 195 | case Network::Errno::SUCCESS: | 195 | case Network::Errno::SUCCESS: |
| 196 | *actual_p = actual; | 196 | *actual_p = actual; |
| @@ -207,14 +207,14 @@ public: | |||
| 207 | static int ReadCallback(BIO* bio, char* buf, size_t len, size_t* actual_p) { | 207 | static int ReadCallback(BIO* bio, char* buf, size_t len, size_t* actual_p) { |
| 208 | auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); | 208 | auto self = static_cast<SSLConnectionBackendOpenSSL*>(BIO_get_data(bio)); |
| 209 | ASSERT_OR_EXECUTE_MSG( | 209 | ASSERT_OR_EXECUTE_MSG( |
| 210 | self->socket_, { return 0; }, "OpenSSL asked to recv but we have no socket"); | 210 | self->socket, { return 0; }, "OpenSSL asked to recv but we have no socket"); |
| 211 | BIO_clear_retry_flags(bio); | 211 | BIO_clear_retry_flags(bio); |
| 212 | auto [actual, err] = self->socket_->Recv(0, {reinterpret_cast<u8*>(buf), len}); | 212 | auto [actual, err] = self->socket->Recv(0, {reinterpret_cast<u8*>(buf), len}); |
| 213 | switch (err) { | 213 | switch (err) { |
| 214 | case Network::Errno::SUCCESS: | 214 | case Network::Errno::SUCCESS: |
| 215 | *actual_p = actual; | 215 | *actual_p = actual; |
| 216 | if (actual == 0) { | 216 | if (actual == 0) { |
| 217 | self->got_read_eof_ = true; | 217 | self->got_read_eof = true; |
| 218 | } | 218 | } |
| 219 | return actual ? 1 : 0; | 219 | return actual ? 1 : 0; |
| 220 | case Network::Errno::AGAIN: | 220 | case Network::Errno::AGAIN: |
| @@ -246,11 +246,11 @@ public: | |||
| 246 | } | 246 | } |
| 247 | } | 247 | } |
| 248 | 248 | ||
| 249 | SSL* ssl_ = nullptr; | 249 | SSL* ssl = nullptr; |
| 250 | BIO* bio_ = nullptr; | 250 | BIO* bio = nullptr; |
| 251 | bool got_read_eof_ = false; | 251 | bool got_read_eof = false; |
| 252 | 252 | ||
| 253 | std::shared_ptr<Network::SocketBase> socket_; | 253 | std::shared_ptr<Network::SocketBase> socket; |
| 254 | }; | 254 | }; |
| 255 | 255 | ||
| 256 | ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { | 256 | ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { |
diff --git a/src/core/hle/service/ssl/ssl_backend_schannel.cpp b/src/core/hle/service/ssl/ssl_backend_schannel.cpp index 775d5cc07..a1d6a186e 100644 --- a/src/core/hle/service/ssl/ssl_backend_schannel.cpp +++ b/src/core/hle/service/ssl/ssl_backend_schannel.cpp | |||
| @@ -48,6 +48,12 @@ static void OneTimeInit() { | |||
| 48 | return; | 48 | return; |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | if (getenv("SSLKEYLOGFILE")) { | ||
| 52 | LOG_CRITICAL(Service_SSL, "SSLKEYLOGFILE was set but Schannel does not support exporting " | ||
| 53 | "keys; not logging keys!"); | ||
| 54 | // Not fatal. | ||
| 55 | } | ||
| 56 | |||
| 51 | one_time_init_success = true; | 57 | one_time_init_success = true; |
| 52 | } | 58 | } |
| 53 | 59 | ||
| @@ -70,25 +76,25 @@ public: | |||
| 70 | return ResultSuccess; | 76 | return ResultSuccess; |
| 71 | } | 77 | } |
| 72 | 78 | ||
| 73 | void SetSocket(std::shared_ptr<Network::SocketBase> socket) override { | 79 | void SetSocket(std::shared_ptr<Network::SocketBase> socket_in) override { |
| 74 | socket_ = socket; | 80 | socket = std::move(socket_in); |
| 75 | } | 81 | } |
| 76 | 82 | ||
| 77 | Result SetHostName(const std::string& hostname) override { | 83 | Result SetHostName(const std::string& hostname_in) override { |
| 78 | hostname_ = hostname; | 84 | hostname = hostname_in; |
| 79 | return ResultSuccess; | 85 | return ResultSuccess; |
| 80 | } | 86 | } |
| 81 | 87 | ||
| 82 | Result DoHandshake() override { | 88 | Result DoHandshake() override { |
| 83 | while (1) { | 89 | while (1) { |
| 84 | Result r; | 90 | Result r; |
| 85 | switch (handshake_state_) { | 91 | switch (handshake_state) { |
| 86 | case HandshakeState::Initial: | 92 | case HandshakeState::Initial: |
| 87 | if ((r = FlushCiphertextWriteBuf()) != ResultSuccess || | 93 | if ((r = FlushCiphertextWriteBuf()) != ResultSuccess || |
| 88 | (r = CallInitializeSecurityContext()) != ResultSuccess) { | 94 | (r = CallInitializeSecurityContext()) != ResultSuccess) { |
| 89 | return r; | 95 | return r; |
| 90 | } | 96 | } |
| 91 | // CallInitializeSecurityContext updated `handshake_state_`. | 97 | // CallInitializeSecurityContext updated `handshake_state`. |
| 92 | continue; | 98 | continue; |
| 93 | case HandshakeState::ContinueNeeded: | 99 | case HandshakeState::ContinueNeeded: |
| 94 | case HandshakeState::IncompleteMessage: | 100 | case HandshakeState::IncompleteMessage: |
| @@ -96,20 +102,20 @@ public: | |||
| 96 | (r = FillCiphertextReadBuf()) != ResultSuccess) { | 102 | (r = FillCiphertextReadBuf()) != ResultSuccess) { |
| 97 | return r; | 103 | return r; |
| 98 | } | 104 | } |
| 99 | if (ciphertext_read_buf_.empty()) { | 105 | if (ciphertext_read_buf.empty()) { |
| 100 | LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); | 106 | LOG_ERROR(Service_SSL, "SSL handshake failed because server hung up"); |
| 101 | return ResultInternalError; | 107 | return ResultInternalError; |
| 102 | } | 108 | } |
| 103 | if ((r = CallInitializeSecurityContext()) != ResultSuccess) { | 109 | if ((r = CallInitializeSecurityContext()) != ResultSuccess) { |
| 104 | return r; | 110 | return r; |
| 105 | } | 111 | } |
| 106 | // CallInitializeSecurityContext updated `handshake_state_`. | 112 | // CallInitializeSecurityContext updated `handshake_state`. |
| 107 | continue; | 113 | continue; |
| 108 | case HandshakeState::DoneAfterFlush: | 114 | case HandshakeState::DoneAfterFlush: |
| 109 | if ((r = FlushCiphertextWriteBuf()) != ResultSuccess) { | 115 | if ((r = FlushCiphertextWriteBuf()) != ResultSuccess) { |
| 110 | return r; | 116 | return r; |
| 111 | } | 117 | } |
| 112 | handshake_state_ = HandshakeState::Connected; | 118 | handshake_state = HandshakeState::Connected; |
| 113 | return ResultSuccess; | 119 | return ResultSuccess; |
| 114 | case HandshakeState::Connected: | 120 | case HandshakeState::Connected: |
| 115 | LOG_ERROR(Service_SSL, "Called DoHandshake but we already handshook"); | 121 | LOG_ERROR(Service_SSL, "Called DoHandshake but we already handshook"); |
| @@ -121,24 +127,24 @@ public: | |||
| 121 | } | 127 | } |
| 122 | 128 | ||
| 123 | Result FillCiphertextReadBuf() { | 129 | Result FillCiphertextReadBuf() { |
| 124 | const size_t fill_size = read_buf_fill_size_ ? read_buf_fill_size_ : 4096; | 130 | const size_t fill_size = read_buf_fill_size ? read_buf_fill_size : 4096; |
| 125 | read_buf_fill_size_ = 0; | 131 | read_buf_fill_size = 0; |
| 126 | // This unnecessarily zeroes the buffer; oh well. | 132 | // This unnecessarily zeroes the buffer; oh well. |
| 127 | const size_t offset = ciphertext_read_buf_.size(); | 133 | const size_t offset = ciphertext_read_buf.size(); |
| 128 | ASSERT_OR_EXECUTE(offset + fill_size >= offset, { return ResultInternalError; }); | 134 | ASSERT_OR_EXECUTE(offset + fill_size >= offset, { return ResultInternalError; }); |
| 129 | ciphertext_read_buf_.resize(offset + fill_size, 0); | 135 | ciphertext_read_buf.resize(offset + fill_size, 0); |
| 130 | const auto read_span = std::span(ciphertext_read_buf_).subspan(offset, fill_size); | 136 | const auto read_span = std::span(ciphertext_read_buf).subspan(offset, fill_size); |
| 131 | const auto [actual, err] = socket_->Recv(0, read_span); | 137 | const auto [actual, err] = socket->Recv(0, read_span); |
| 132 | switch (err) { | 138 | switch (err) { |
| 133 | case Network::Errno::SUCCESS: | 139 | case Network::Errno::SUCCESS: |
| 134 | ASSERT(static_cast<size_t>(actual) <= fill_size); | 140 | ASSERT(static_cast<size_t>(actual) <= fill_size); |
| 135 | ciphertext_read_buf_.resize(offset + actual); | 141 | ciphertext_read_buf.resize(offset + actual); |
| 136 | return ResultSuccess; | 142 | return ResultSuccess; |
| 137 | case Network::Errno::AGAIN: | 143 | case Network::Errno::AGAIN: |
| 138 | ciphertext_read_buf_.resize(offset); | 144 | ciphertext_read_buf.resize(offset); |
| 139 | return ResultWouldBlock; | 145 | return ResultWouldBlock; |
| 140 | default: | 146 | default: |
| 141 | ciphertext_read_buf_.resize(offset); | 147 | ciphertext_read_buf.resize(offset); |
| 142 | LOG_ERROR(Service_SSL, "Socket recv returned Network::Errno {}", err); | 148 | LOG_ERROR(Service_SSL, "Socket recv returned Network::Errno {}", err); |
| 143 | return ResultInternalError; | 149 | return ResultInternalError; |
| 144 | } | 150 | } |
| @@ -146,13 +152,13 @@ public: | |||
| 146 | 152 | ||
| 147 | // Returns success if the write buffer has been completely emptied. | 153 | // Returns success if the write buffer has been completely emptied. |
| 148 | Result FlushCiphertextWriteBuf() { | 154 | Result FlushCiphertextWriteBuf() { |
| 149 | while (!ciphertext_write_buf_.empty()) { | 155 | while (!ciphertext_write_buf.empty()) { |
| 150 | const auto [actual, err] = socket_->Send(ciphertext_write_buf_, 0); | 156 | const auto [actual, err] = socket->Send(ciphertext_write_buf, 0); |
| 151 | switch (err) { | 157 | switch (err) { |
| 152 | case Network::Errno::SUCCESS: | 158 | case Network::Errno::SUCCESS: |
| 153 | ASSERT(static_cast<size_t>(actual) <= ciphertext_write_buf_.size()); | 159 | ASSERT(static_cast<size_t>(actual) <= ciphertext_write_buf.size()); |
| 154 | ciphertext_write_buf_.erase(ciphertext_write_buf_.begin(), | 160 | ciphertext_write_buf.erase(ciphertext_write_buf.begin(), |
| 155 | ciphertext_write_buf_.begin() + actual); | 161 | ciphertext_write_buf.begin() + actual); |
| 156 | break; | 162 | break; |
| 157 | case Network::Errno::AGAIN: | 163 | case Network::Errno::AGAIN: |
| 158 | return ResultWouldBlock; | 164 | return ResultWouldBlock; |
| @@ -175,9 +181,9 @@ public: | |||
| 175 | // only used if `initial_call_done` | 181 | // only used if `initial_call_done` |
| 176 | { | 182 | { |
| 177 | // [0] | 183 | // [0] |
| 178 | .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf_.size()), | 184 | .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf.size()), |
| 179 | .BufferType = SECBUFFER_TOKEN, | 185 | .BufferType = SECBUFFER_TOKEN, |
| 180 | .pvBuffer = ciphertext_read_buf_.data(), | 186 | .pvBuffer = ciphertext_read_buf.data(), |
| 181 | }, | 187 | }, |
| 182 | { | 188 | { |
| 183 | // [1] (will be replaced by SECBUFFER_MISSING when SEC_E_INCOMPLETE_MESSAGE is | 189 | // [1] (will be replaced by SECBUFFER_MISSING when SEC_E_INCOMPLETE_MESSAGE is |
| @@ -211,30 +217,30 @@ public: | |||
| 211 | .pBuffers = output_buffers.data(), | 217 | .pBuffers = output_buffers.data(), |
| 212 | }; | 218 | }; |
| 213 | ASSERT_OR_EXECUTE_MSG( | 219 | ASSERT_OR_EXECUTE_MSG( |
| 214 | input_buffers[0].cbBuffer == ciphertext_read_buf_.size(), | 220 | input_buffers[0].cbBuffer == ciphertext_read_buf.size(), |
| 215 | { return ResultInternalError; }, "read buffer too large"); | 221 | { return ResultInternalError; }, "read buffer too large"); |
| 216 | 222 | ||
| 217 | bool initial_call_done = handshake_state_ != HandshakeState::Initial; | 223 | bool initial_call_done = handshake_state != HandshakeState::Initial; |
| 218 | if (initial_call_done) { | 224 | if (initial_call_done) { |
| 219 | LOG_DEBUG(Service_SSL, "Passing {} bytes into InitializeSecurityContext", | 225 | LOG_DEBUG(Service_SSL, "Passing {} bytes into InitializeSecurityContext", |
| 220 | ciphertext_read_buf_.size()); | 226 | ciphertext_read_buf.size()); |
| 221 | } | 227 | } |
| 222 | 228 | ||
| 223 | const SECURITY_STATUS ret = | 229 | const SECURITY_STATUS ret = |
| 224 | InitializeSecurityContextA(&cred_handle, initial_call_done ? &ctxt_ : nullptr, | 230 | InitializeSecurityContextA(&cred_handle, initial_call_done ? &ctxt : nullptr, |
| 225 | // Caller ensured we have set a hostname: | 231 | // Caller ensured we have set a hostname: |
| 226 | const_cast<char*>(hostname_.value().c_str()), req, | 232 | const_cast<char*>(hostname.value().c_str()), req, |
| 227 | 0, // Reserved1 | 233 | 0, // Reserved1 |
| 228 | 0, // TargetDataRep not used with Schannel | 234 | 0, // TargetDataRep not used with Schannel |
| 229 | initial_call_done ? &input_desc : nullptr, | 235 | initial_call_done ? &input_desc : nullptr, |
| 230 | 0, // Reserved2 | 236 | 0, // Reserved2 |
| 231 | initial_call_done ? nullptr : &ctxt_, &output_desc, &attr, | 237 | initial_call_done ? nullptr : &ctxt, &output_desc, &attr, |
| 232 | nullptr); // ptsExpiry | 238 | nullptr); // ptsExpiry |
| 233 | 239 | ||
| 234 | if (output_buffers[0].pvBuffer) { | 240 | if (output_buffers[0].pvBuffer) { |
| 235 | const std::span span(static_cast<u8*>(output_buffers[0].pvBuffer), | 241 | const std::span span(static_cast<u8*>(output_buffers[0].pvBuffer), |
| 236 | output_buffers[0].cbBuffer); | 242 | output_buffers[0].cbBuffer); |
| 237 | ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), span.begin(), span.end()); | 243 | ciphertext_write_buf.insert(ciphertext_write_buf.end(), span.begin(), span.end()); |
| 238 | FreeContextBuffer(output_buffers[0].pvBuffer); | 244 | FreeContextBuffer(output_buffers[0].pvBuffer); |
| 239 | } | 245 | } |
| 240 | 246 | ||
| @@ -251,64 +257,64 @@ public: | |||
| 251 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_I_CONTINUE_NEEDED"); | 257 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_I_CONTINUE_NEEDED"); |
| 252 | if (input_buffers[1].BufferType == SECBUFFER_EXTRA) { | 258 | if (input_buffers[1].BufferType == SECBUFFER_EXTRA) { |
| 253 | LOG_DEBUG(Service_SSL, "EXTRA of size {}", input_buffers[1].cbBuffer); | 259 | LOG_DEBUG(Service_SSL, "EXTRA of size {}", input_buffers[1].cbBuffer); |
| 254 | ASSERT(input_buffers[1].cbBuffer <= ciphertext_read_buf_.size()); | 260 | ASSERT(input_buffers[1].cbBuffer <= ciphertext_read_buf.size()); |
| 255 | ciphertext_read_buf_.erase(ciphertext_read_buf_.begin(), | 261 | ciphertext_read_buf.erase(ciphertext_read_buf.begin(), |
| 256 | ciphertext_read_buf_.end() - input_buffers[1].cbBuffer); | 262 | ciphertext_read_buf.end() - input_buffers[1].cbBuffer); |
| 257 | } else { | 263 | } else { |
| 258 | ASSERT(input_buffers[1].BufferType == SECBUFFER_EMPTY); | 264 | ASSERT(input_buffers[1].BufferType == SECBUFFER_EMPTY); |
| 259 | ciphertext_read_buf_.clear(); | 265 | ciphertext_read_buf.clear(); |
| 260 | } | 266 | } |
| 261 | handshake_state_ = HandshakeState::ContinueNeeded; | 267 | handshake_state = HandshakeState::ContinueNeeded; |
| 262 | return ResultSuccess; | 268 | return ResultSuccess; |
| 263 | case SEC_E_INCOMPLETE_MESSAGE: | 269 | case SEC_E_INCOMPLETE_MESSAGE: |
| 264 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_INCOMPLETE_MESSAGE"); | 270 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_INCOMPLETE_MESSAGE"); |
| 265 | ASSERT(input_buffers[1].BufferType == SECBUFFER_MISSING); | 271 | ASSERT(input_buffers[1].BufferType == SECBUFFER_MISSING); |
| 266 | read_buf_fill_size_ = input_buffers[1].cbBuffer; | 272 | read_buf_fill_size = input_buffers[1].cbBuffer; |
| 267 | handshake_state_ = HandshakeState::IncompleteMessage; | 273 | handshake_state = HandshakeState::IncompleteMessage; |
| 268 | return ResultSuccess; | 274 | return ResultSuccess; |
| 269 | case SEC_E_OK: | 275 | case SEC_E_OK: |
| 270 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_OK"); | 276 | LOG_DEBUG(Service_SSL, "InitializeSecurityContext => SEC_E_OK"); |
| 271 | ciphertext_read_buf_.clear(); | 277 | ciphertext_read_buf.clear(); |
| 272 | handshake_state_ = HandshakeState::DoneAfterFlush; | 278 | handshake_state = HandshakeState::DoneAfterFlush; |
| 273 | return GrabStreamSizes(); | 279 | return GrabStreamSizes(); |
| 274 | default: | 280 | default: |
| 275 | LOG_ERROR(Service_SSL, | 281 | LOG_ERROR(Service_SSL, |
| 276 | "InitializeSecurityContext failed (probably certificate/protocol issue): {}", | 282 | "InitializeSecurityContext failed (probably certificate/protocol issue): {}", |
| 277 | Common::NativeErrorToString(ret)); | 283 | Common::NativeErrorToString(ret)); |
| 278 | handshake_state_ = HandshakeState::Error; | 284 | handshake_state = HandshakeState::Error; |
| 279 | return ResultInternalError; | 285 | return ResultInternalError; |
| 280 | } | 286 | } |
| 281 | } | 287 | } |
| 282 | 288 | ||
| 283 | Result GrabStreamSizes() { | 289 | Result GrabStreamSizes() { |
| 284 | const SECURITY_STATUS ret = | 290 | const SECURITY_STATUS ret = |
| 285 | QueryContextAttributes(&ctxt_, SECPKG_ATTR_STREAM_SIZES, &stream_sizes_); | 291 | QueryContextAttributes(&ctxt, SECPKG_ATTR_STREAM_SIZES, &stream_sizes); |
| 286 | if (ret != SEC_E_OK) { | 292 | if (ret != SEC_E_OK) { |
| 287 | LOG_ERROR(Service_SSL, "QueryContextAttributes(SECPKG_ATTR_STREAM_SIZES) failed: {}", | 293 | LOG_ERROR(Service_SSL, "QueryContextAttributes(SECPKG_ATTR_STREAM_SIZES) failed: {}", |
| 288 | Common::NativeErrorToString(ret)); | 294 | Common::NativeErrorToString(ret)); |
| 289 | handshake_state_ = HandshakeState::Error; | 295 | handshake_state = HandshakeState::Error; |
| 290 | return ResultInternalError; | 296 | return ResultInternalError; |
| 291 | } | 297 | } |
| 292 | return ResultSuccess; | 298 | return ResultSuccess; |
| 293 | } | 299 | } |
| 294 | 300 | ||
| 295 | ResultVal<size_t> Read(std::span<u8> data) override { | 301 | ResultVal<size_t> Read(std::span<u8> data) override { |
| 296 | if (handshake_state_ != HandshakeState::Connected) { | 302 | if (handshake_state != HandshakeState::Connected) { |
| 297 | LOG_ERROR(Service_SSL, "Called Read but we did not successfully handshake"); | 303 | LOG_ERROR(Service_SSL, "Called Read but we did not successfully handshake"); |
| 298 | return ResultInternalError; | 304 | return ResultInternalError; |
| 299 | } | 305 | } |
| 300 | if (data.size() == 0 || got_read_eof_) { | 306 | if (data.size() == 0 || got_read_eof) { |
| 301 | return size_t(0); | 307 | return size_t(0); |
| 302 | } | 308 | } |
| 303 | while (1) { | 309 | while (1) { |
| 304 | if (!cleartext_read_buf_.empty()) { | 310 | if (!cleartext_read_buf.empty()) { |
| 305 | const size_t read_size = std::min(cleartext_read_buf_.size(), data.size()); | 311 | const size_t read_size = std::min(cleartext_read_buf.size(), data.size()); |
| 306 | std::memcpy(data.data(), cleartext_read_buf_.data(), read_size); | 312 | std::memcpy(data.data(), cleartext_read_buf.data(), read_size); |
| 307 | cleartext_read_buf_.erase(cleartext_read_buf_.begin(), | 313 | cleartext_read_buf.erase(cleartext_read_buf.begin(), |
| 308 | cleartext_read_buf_.begin() + read_size); | 314 | cleartext_read_buf.begin() + read_size); |
| 309 | return read_size; | 315 | return read_size; |
| 310 | } | 316 | } |
| 311 | if (!ciphertext_read_buf_.empty()) { | 317 | if (!ciphertext_read_buf.empty()) { |
| 312 | SecBuffer empty{ | 318 | SecBuffer empty{ |
| 313 | .cbBuffer = 0, | 319 | .cbBuffer = 0, |
| 314 | .BufferType = SECBUFFER_EMPTY, | 320 | .BufferType = SECBUFFER_EMPTY, |
| @@ -316,16 +322,16 @@ public: | |||
| 316 | }; | 322 | }; |
| 317 | std::array<SecBuffer, 5> buffers{{ | 323 | std::array<SecBuffer, 5> buffers{{ |
| 318 | { | 324 | { |
| 319 | .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf_.size()), | 325 | .cbBuffer = static_cast<unsigned long>(ciphertext_read_buf.size()), |
| 320 | .BufferType = SECBUFFER_DATA, | 326 | .BufferType = SECBUFFER_DATA, |
| 321 | .pvBuffer = ciphertext_read_buf_.data(), | 327 | .pvBuffer = ciphertext_read_buf.data(), |
| 322 | }, | 328 | }, |
| 323 | empty, | 329 | empty, |
| 324 | empty, | 330 | empty, |
| 325 | empty, | 331 | empty, |
| 326 | }}; | 332 | }}; |
| 327 | ASSERT_OR_EXECUTE_MSG( | 333 | ASSERT_OR_EXECUTE_MSG( |
| 328 | buffers[0].cbBuffer == ciphertext_read_buf_.size(), | 334 | buffers[0].cbBuffer == ciphertext_read_buf.size(), |
| 329 | { return ResultInternalError; }, "read buffer too large"); | 335 | { return ResultInternalError; }, "read buffer too large"); |
| 330 | SecBufferDesc desc{ | 336 | SecBufferDesc desc{ |
| 331 | .ulVersion = SECBUFFER_VERSION, | 337 | .ulVersion = SECBUFFER_VERSION, |
| @@ -333,7 +339,7 @@ public: | |||
| 333 | .pBuffers = buffers.data(), | 339 | .pBuffers = buffers.data(), |
| 334 | }; | 340 | }; |
| 335 | SECURITY_STATUS ret = | 341 | SECURITY_STATUS ret = |
| 336 | DecryptMessage(&ctxt_, &desc, /*MessageSeqNo*/ 0, /*pfQOP*/ nullptr); | 342 | DecryptMessage(&ctxt, &desc, /*MessageSeqNo*/ 0, /*pfQOP*/ nullptr); |
| 337 | switch (ret) { | 343 | switch (ret) { |
| 338 | case SEC_E_OK: | 344 | case SEC_E_OK: |
| 339 | ASSERT_OR_EXECUTE(buffers[0].BufferType == SECBUFFER_STREAM_HEADER, | 345 | ASSERT_OR_EXECUTE(buffers[0].BufferType == SECBUFFER_STREAM_HEADER, |
| @@ -342,24 +348,23 @@ public: | |||
| 342 | { return ResultInternalError; }); | 348 | { return ResultInternalError; }); |
| 343 | ASSERT_OR_EXECUTE(buffers[2].BufferType == SECBUFFER_STREAM_TRAILER, | 349 | ASSERT_OR_EXECUTE(buffers[2].BufferType == SECBUFFER_STREAM_TRAILER, |
| 344 | { return ResultInternalError; }); | 350 | { return ResultInternalError; }); |
| 345 | cleartext_read_buf_.assign(static_cast<u8*>(buffers[1].pvBuffer), | 351 | cleartext_read_buf.assign(static_cast<u8*>(buffers[1].pvBuffer), |
| 346 | static_cast<u8*>(buffers[1].pvBuffer) + | 352 | static_cast<u8*>(buffers[1].pvBuffer) + |
| 347 | buffers[1].cbBuffer); | 353 | buffers[1].cbBuffer); |
| 348 | if (buffers[3].BufferType == SECBUFFER_EXTRA) { | 354 | if (buffers[3].BufferType == SECBUFFER_EXTRA) { |
| 349 | ASSERT(buffers[3].cbBuffer <= ciphertext_read_buf_.size()); | 355 | ASSERT(buffers[3].cbBuffer <= ciphertext_read_buf.size()); |
| 350 | ciphertext_read_buf_.erase(ciphertext_read_buf_.begin(), | 356 | ciphertext_read_buf.erase(ciphertext_read_buf.begin(), |
| 351 | ciphertext_read_buf_.end() - | 357 | ciphertext_read_buf.end() - buffers[3].cbBuffer); |
| 352 | buffers[3].cbBuffer); | ||
| 353 | } else { | 358 | } else { |
| 354 | ASSERT(buffers[3].BufferType == SECBUFFER_EMPTY); | 359 | ASSERT(buffers[3].BufferType == SECBUFFER_EMPTY); |
| 355 | ciphertext_read_buf_.clear(); | 360 | ciphertext_read_buf.clear(); |
| 356 | } | 361 | } |
| 357 | continue; | 362 | continue; |
| 358 | case SEC_E_INCOMPLETE_MESSAGE: | 363 | case SEC_E_INCOMPLETE_MESSAGE: |
| 359 | break; | 364 | break; |
| 360 | case SEC_I_CONTEXT_EXPIRED: | 365 | case SEC_I_CONTEXT_EXPIRED: |
| 361 | // Server hung up by sending close_notify. | 366 | // Server hung up by sending close_notify. |
| 362 | got_read_eof_ = true; | 367 | got_read_eof = true; |
| 363 | return size_t(0); | 368 | return size_t(0); |
| 364 | default: | 369 | default: |
| 365 | LOG_ERROR(Service_SSL, "DecryptMessage failed: {}", | 370 | LOG_ERROR(Service_SSL, "DecryptMessage failed: {}", |
| @@ -371,43 +376,43 @@ public: | |||
| 371 | if (r != ResultSuccess) { | 376 | if (r != ResultSuccess) { |
| 372 | return r; | 377 | return r; |
| 373 | } | 378 | } |
| 374 | if (ciphertext_read_buf_.empty()) { | 379 | if (ciphertext_read_buf.empty()) { |
| 375 | got_read_eof_ = true; | 380 | got_read_eof = true; |
| 376 | return size_t(0); | 381 | return size_t(0); |
| 377 | } | 382 | } |
| 378 | } | 383 | } |
| 379 | } | 384 | } |
| 380 | 385 | ||
| 381 | ResultVal<size_t> Write(std::span<const u8> data) override { | 386 | ResultVal<size_t> Write(std::span<const u8> data) override { |
| 382 | if (handshake_state_ != HandshakeState::Connected) { | 387 | if (handshake_state != HandshakeState::Connected) { |
| 383 | LOG_ERROR(Service_SSL, "Called Write but we did not successfully handshake"); | 388 | LOG_ERROR(Service_SSL, "Called Write but we did not successfully handshake"); |
| 384 | return ResultInternalError; | 389 | return ResultInternalError; |
| 385 | } | 390 | } |
| 386 | if (data.size() == 0) { | 391 | if (data.size() == 0) { |
| 387 | return size_t(0); | 392 | return size_t(0); |
| 388 | } | 393 | } |
| 389 | data = data.subspan(0, std::min<size_t>(data.size(), stream_sizes_.cbMaximumMessage)); | 394 | data = data.subspan(0, std::min<size_t>(data.size(), stream_sizes.cbMaximumMessage)); |
| 390 | if (!cleartext_write_buf_.empty()) { | 395 | if (!cleartext_write_buf.empty()) { |
| 391 | // Already in the middle of a write. It wouldn't make sense to not | 396 | // Already in the middle of a write. It wouldn't make sense to not |
| 392 | // finish sending the entire buffer since TLS has | 397 | // finish sending the entire buffer since TLS has |
| 393 | // header/MAC/padding/etc. | 398 | // header/MAC/padding/etc. |
| 394 | if (data.size() != cleartext_write_buf_.size() || | 399 | if (data.size() != cleartext_write_buf.size() || |
| 395 | std::memcmp(data.data(), cleartext_write_buf_.data(), data.size())) { | 400 | std::memcmp(data.data(), cleartext_write_buf.data(), data.size())) { |
| 396 | LOG_ERROR(Service_SSL, "Called Write but buffer does not match previous buffer"); | 401 | LOG_ERROR(Service_SSL, "Called Write but buffer does not match previous buffer"); |
| 397 | return ResultInternalError; | 402 | return ResultInternalError; |
| 398 | } | 403 | } |
| 399 | return WriteAlreadyEncryptedData(); | 404 | return WriteAlreadyEncryptedData(); |
| 400 | } else { | 405 | } else { |
| 401 | cleartext_write_buf_.assign(data.begin(), data.end()); | 406 | cleartext_write_buf.assign(data.begin(), data.end()); |
| 402 | } | 407 | } |
| 403 | 408 | ||
| 404 | std::vector<u8> header_buf(stream_sizes_.cbHeader, 0); | 409 | std::vector<u8> header_buf(stream_sizes.cbHeader, 0); |
| 405 | std::vector<u8> tmp_data_buf = cleartext_write_buf_; | 410 | std::vector<u8> tmp_data_buf = cleartext_write_buf; |
| 406 | std::vector<u8> trailer_buf(stream_sizes_.cbTrailer, 0); | 411 | std::vector<u8> trailer_buf(stream_sizes.cbTrailer, 0); |
| 407 | 412 | ||
| 408 | std::array<SecBuffer, 3> buffers{{ | 413 | std::array<SecBuffer, 3> buffers{{ |
| 409 | { | 414 | { |
| 410 | .cbBuffer = stream_sizes_.cbHeader, | 415 | .cbBuffer = stream_sizes.cbHeader, |
| 411 | .BufferType = SECBUFFER_STREAM_HEADER, | 416 | .BufferType = SECBUFFER_STREAM_HEADER, |
| 412 | .pvBuffer = header_buf.data(), | 417 | .pvBuffer = header_buf.data(), |
| 413 | }, | 418 | }, |
| @@ -417,7 +422,7 @@ public: | |||
| 417 | .pvBuffer = tmp_data_buf.data(), | 422 | .pvBuffer = tmp_data_buf.data(), |
| 418 | }, | 423 | }, |
| 419 | { | 424 | { |
| 420 | .cbBuffer = stream_sizes_.cbTrailer, | 425 | .cbBuffer = stream_sizes.cbTrailer, |
| 421 | .BufferType = SECBUFFER_STREAM_TRAILER, | 426 | .BufferType = SECBUFFER_STREAM_TRAILER, |
| 422 | .pvBuffer = trailer_buf.data(), | 427 | .pvBuffer = trailer_buf.data(), |
| 423 | }, | 428 | }, |
| @@ -431,17 +436,17 @@ public: | |||
| 431 | .pBuffers = buffers.data(), | 436 | .pBuffers = buffers.data(), |
| 432 | }; | 437 | }; |
| 433 | 438 | ||
| 434 | const SECURITY_STATUS ret = EncryptMessage(&ctxt_, /*fQOP*/ 0, &desc, /*MessageSeqNo*/ 0); | 439 | const SECURITY_STATUS ret = EncryptMessage(&ctxt, /*fQOP*/ 0, &desc, /*MessageSeqNo*/ 0); |
| 435 | if (ret != SEC_E_OK) { | 440 | if (ret != SEC_E_OK) { |
| 436 | LOG_ERROR(Service_SSL, "EncryptMessage failed: {}", Common::NativeErrorToString(ret)); | 441 | LOG_ERROR(Service_SSL, "EncryptMessage failed: {}", Common::NativeErrorToString(ret)); |
| 437 | return ResultInternalError; | 442 | return ResultInternalError; |
| 438 | } | 443 | } |
| 439 | ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), header_buf.begin(), | 444 | ciphertext_write_buf.insert(ciphertext_write_buf.end(), header_buf.begin(), |
| 440 | header_buf.end()); | 445 | header_buf.end()); |
| 441 | ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), tmp_data_buf.begin(), | 446 | ciphertext_write_buf.insert(ciphertext_write_buf.end(), tmp_data_buf.begin(), |
| 442 | tmp_data_buf.end()); | 447 | tmp_data_buf.end()); |
| 443 | ciphertext_write_buf_.insert(ciphertext_write_buf_.end(), trailer_buf.begin(), | 448 | ciphertext_write_buf.insert(ciphertext_write_buf.end(), trailer_buf.begin(), |
| 444 | trailer_buf.end()); | 449 | trailer_buf.end()); |
| 445 | return WriteAlreadyEncryptedData(); | 450 | return WriteAlreadyEncryptedData(); |
| 446 | } | 451 | } |
| 447 | 452 | ||
| @@ -451,15 +456,15 @@ public: | |||
| 451 | return r; | 456 | return r; |
| 452 | } | 457 | } |
| 453 | // write buf is empty | 458 | // write buf is empty |
| 454 | const size_t cleartext_bytes_written = cleartext_write_buf_.size(); | 459 | const size_t cleartext_bytes_written = cleartext_write_buf.size(); |
| 455 | cleartext_write_buf_.clear(); | 460 | cleartext_write_buf.clear(); |
| 456 | return cleartext_bytes_written; | 461 | return cleartext_bytes_written; |
| 457 | } | 462 | } |
| 458 | 463 | ||
| 459 | ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { | 464 | ResultVal<std::vector<std::vector<u8>>> GetServerCerts() override { |
| 460 | PCCERT_CONTEXT returned_cert = nullptr; | 465 | PCCERT_CONTEXT returned_cert = nullptr; |
| 461 | const SECURITY_STATUS ret = | 466 | const SECURITY_STATUS ret = |
| 462 | QueryContextAttributes(&ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &returned_cert); | 467 | QueryContextAttributes(&ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &returned_cert); |
| 463 | if (ret != SEC_E_OK) { | 468 | if (ret != SEC_E_OK) { |
| 464 | LOG_ERROR(Service_SSL, | 469 | LOG_ERROR(Service_SSL, |
| 465 | "QueryContextAttributes(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: {}", | 470 | "QueryContextAttributes(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: {}", |
| @@ -480,8 +485,8 @@ public: | |||
| 480 | } | 485 | } |
| 481 | 486 | ||
| 482 | ~SSLConnectionBackendSchannel() { | 487 | ~SSLConnectionBackendSchannel() { |
| 483 | if (handshake_state_ != HandshakeState::Initial) { | 488 | if (handshake_state != HandshakeState::Initial) { |
| 484 | DeleteSecurityContext(&ctxt_); | 489 | DeleteSecurityContext(&ctxt); |
| 485 | } | 490 | } |
| 486 | } | 491 | } |
| 487 | 492 | ||
| @@ -509,21 +514,21 @@ public: | |||
| 509 | // Another error was returned and we shouldn't allow initialization | 514 | // Another error was returned and we shouldn't allow initialization |
| 510 | // to continue. | 515 | // to continue. |
| 511 | Error, | 516 | Error, |
| 512 | } handshake_state_ = HandshakeState::Initial; | 517 | } handshake_state = HandshakeState::Initial; |
| 513 | 518 | ||
| 514 | CtxtHandle ctxt_; | 519 | CtxtHandle ctxt; |
| 515 | SecPkgContext_StreamSizes stream_sizes_; | 520 | SecPkgContext_StreamSizes stream_sizes; |
| 516 | 521 | ||
| 517 | std::shared_ptr<Network::SocketBase> socket_; | 522 | std::shared_ptr<Network::SocketBase> socket; |
| 518 | std::optional<std::string> hostname_; | 523 | std::optional<std::string> hostname; |
| 519 | 524 | ||
| 520 | std::vector<u8> ciphertext_read_buf_; | 525 | std::vector<u8> ciphertext_read_buf; |
| 521 | std::vector<u8> ciphertext_write_buf_; | 526 | std::vector<u8> ciphertext_write_buf; |
| 522 | std::vector<u8> cleartext_read_buf_; | 527 | std::vector<u8> cleartext_read_buf; |
| 523 | std::vector<u8> cleartext_write_buf_; | 528 | std::vector<u8> cleartext_write_buf; |
| 524 | 529 | ||
| 525 | bool got_read_eof_ = false; | 530 | bool got_read_eof = false; |
| 526 | size_t read_buf_fill_size_ = 0; | 531 | size_t read_buf_fill_size = 0; |
| 527 | }; | 532 | }; |
| 528 | 533 | ||
| 529 | ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { | 534 | ResultVal<std::unique_ptr<SSLConnectionBackend>> CreateSSLConnectionBackend() { |
diff --git a/src/core/internal_network/network.cpp b/src/core/internal_network/network.cpp index 36cf00902..28f89c599 100644 --- a/src/core/internal_network/network.cpp +++ b/src/core/internal_network/network.cpp | |||
| @@ -570,10 +570,10 @@ Socket::Socket(Socket&& rhs) noexcept { | |||
| 570 | } | 570 | } |
| 571 | 571 | ||
| 572 | template <typename T> | 572 | template <typename T> |
| 573 | std::pair<T, Errno> Socket::GetSockOpt(SOCKET fd_, int option) { | 573 | std::pair<T, Errno> Socket::GetSockOpt(SOCKET fd_so, int option) { |
| 574 | T value{}; | 574 | T value{}; |
| 575 | socklen_t len = sizeof(value); | 575 | socklen_t len = sizeof(value); |
| 576 | const int result = getsockopt(fd_, SOL_SOCKET, option, reinterpret_cast<char*>(&value), &len); | 576 | const int result = getsockopt(fd_so, SOL_SOCKET, option, reinterpret_cast<char*>(&value), &len); |
| 577 | if (result != SOCKET_ERROR) { | 577 | if (result != SOCKET_ERROR) { |
| 578 | ASSERT(len == sizeof(value)); | 578 | ASSERT(len == sizeof(value)); |
| 579 | return {value, Errno::SUCCESS}; | 579 | return {value, Errno::SUCCESS}; |
| @@ -582,9 +582,9 @@ std::pair<T, Errno> Socket::GetSockOpt(SOCKET fd_, int option) { | |||
| 582 | } | 582 | } |
| 583 | 583 | ||
| 584 | template <typename T> | 584 | template <typename T> |
| 585 | Errno Socket::SetSockOpt(SOCKET fd_, int option, T value) { | 585 | Errno Socket::SetSockOpt(SOCKET fd_so, int option, T value) { |
| 586 | const int result = | 586 | const int result = |
| 587 | setsockopt(fd_, SOL_SOCKET, option, reinterpret_cast<const char*>(&value), sizeof(value)); | 587 | setsockopt(fd_so, SOL_SOCKET, option, reinterpret_cast<const char*>(&value), sizeof(value)); |
| 588 | if (result != SOCKET_ERROR) { | 588 | if (result != SOCKET_ERROR) { |
| 589 | return Errno::SUCCESS; | 589 | return Errno::SUCCESS; |
| 590 | } | 590 | } |