kapitan/IXWebSocket
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clang-format

Browse Source
This commit is contained in:
Benjamin Sergeant 2020-04-24 15:34:00 -07:00
parent 677f79b0ea
commit 9f770b10c0
8 changed files with 183 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ixwebsocket/IXSocketMbedTLS.cpp
View File

@ -104,15 +104,23 @@ namespace ix
{ {
; // FIXME ; // FIXME
} }
else { else
if (_tlsOptions.isUsingInMemoryCAs()) { {
const char *buffer = _tlsOptions.caFile.c_str(); if (_tlsOptions.isUsingInMemoryCAs())
size_t bufferSize = _tlsOptions.caFile.size() + 1; // Needs to include null terminating character otherwise mbedtls will fail. {
if (mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)buffer, bufferSize) < 0) { const char* buffer = _tlsOptions.caFile.c_str();
size_t bufferSize =
_tlsOptions.caFile.size() + 1; // Needs to include null terminating
// character otherwise mbedtls will fail.
if (mbedtls_x509_crt_parse(
&_cacert, (const unsigned char*) buffer, bufferSize) < 0)
{
errMsg = "Cannot parse CA from memory."; errMsg = "Cannot parse CA from memory.";
return false; return false;
} }
} else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0) { }
else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0)
{
errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'"; errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'";
return false; return false;
} }

95
ixwebsocket/IXSocketOpenSSL.cpp
View File

@ -195,58 +195,63 @@ namespace ix
return ctx; return ctx;
} }
bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots) { bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots)
{
// Create certificate store // Create certificate store
X509_STORE *certificate_store = SSL_CTX_get_cert_store(_ssl_context); X509_STORE* certificate_store = SSL_CTX_get_cert_store(_ssl_context);
if (certificate_store == nullptr) if (certificate_store == nullptr) return false;
return false;
// Configure to allow intermediate certs // Configure to allow intermediate certs
X509_STORE_set_flags(certificate_store, X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN); X509_STORE_set_flags(certificate_store,
X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN);
// Create a new buffer and populate it with the roots // Create a new buffer and populate it with the roots
BIO *buffer = BIO_new_mem_buf((void *)roots.c_str(), static_cast<int>(roots.length())); BIO* buffer = BIO_new_mem_buf((void*) roots.c_str(), static_cast<int>(roots.length()));
if (buffer == nullptr) if (buffer == nullptr) return false;
return false;
// Read each root in the buffer and add to the certificate store // Read each root in the buffer and add to the certificate store
bool success = true; bool success = true;
size_t number_of_roots = 0; size_t number_of_roots = 0;
while (true) { while (true)
{
// Read the next root in the buffer // Read the next root in the buffer
X509 *root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void *)""); X509* root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void*) "");
if (root == nullptr) { if (root == nullptr)
{
// No more certs left in the buffer, we're done. // No more certs left in the buffer, we're done.
ERR_clear_error(); ERR_clear_error();
break; break;
} }
// Try adding the root to the certificate store // Try adding the root to the certificate store
ERR_clear_error(); ERR_clear_error();
if (!X509_STORE_add_cert(certificate_store, root)) { if (!X509_STORE_add_cert(certificate_store, root))
// Failed to add. If the error is unrelated to the x509 lib or the cert already exists, we're safe to continue. {
// Failed to add. If the error is unrelated to the x509 lib or the cert already
// exists, we're safe to continue.
unsigned long error = ERR_get_error(); unsigned long error = ERR_get_error();
if (ERR_GET_LIB(error) != ERR_LIB_X509 || ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
{
// Failed. Clean up and bail. // Failed. Clean up and bail.
success = false; success = false;
X509_free(root); X509_free(root);
break; break;
} }
} }
// Clean up and loop // Clean up and loop
X509_free(root); X509_free(root);
number_of_roots++; number_of_roots++;
} }
// Clean up buffer // Clean up buffer
BIO_free(buffer); BIO_free(buffer);
// Make sure we loaded at least one certificate. // Make sure we loaded at least one certificate.
if (number_of_roots == 0) if (number_of_roots == 0) success = false;
success = false;
return success; return success;
} }
@ -457,24 +462,30 @@ namespace ix
return false; return false;
} }
#endif #endif
} else { }
if (_tlsOptions.isUsingInMemoryCAs()) { else
{
if (_tlsOptions.isUsingInMemoryCAs())
{
// Load from memory // Load from memory
openSSLAddCARootsFromString(_tlsOptions.caFile); openSSLAddCARootsFromString(_tlsOptions.caFile);
} else { }
else
{
if (SSL_CTX_load_verify_locations( if (SSL_CTX_load_verify_locations(
_ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1) _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1)
{ {
auto sslErr = ERR_get_error(); auto sslErr = ERR_get_error();
errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + _tlsOptions.caFile + errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" +
"\") failed: "; _tlsOptions.caFile + "\") failed: ";
errMsg += ERR_error_string(sslErr, nullptr); errMsg += ERR_error_string(sslErr, nullptr);
return false; return false;
} }
SSL_CTX_set_verify(_ssl_context, SSL_CTX_set_verify(
SSL_VERIFY_PEER, _ssl_context, SSL_VERIFY_PEER, [](int preverify, X509_STORE_CTX*) -> int {
[](int preverify, X509_STORE_CTX*) -> int { return preverify; }); return preverify;
});
SSL_CTX_set_verify_depth(_ssl_context, 4); SSL_CTX_set_verify_depth(_ssl_context, 4);
} }
} }
@ -587,24 +598,28 @@ namespace ix
} }
else else
{ {
if (_tlsOptions.isUsingInMemoryCAs()) { if (_tlsOptions.isUsingInMemoryCAs())
{
// Load from memory // Load from memory
openSSLAddCARootsFromString(_tlsOptions.caFile); openSSLAddCARootsFromString(_tlsOptions.caFile);
} else { }
else
{
const char* root_ca_file = _tlsOptions.caFile.c_str(); const char* root_ca_file = _tlsOptions.caFile.c_str();
STACK_OF(X509_NAME) * rootCAs; STACK_OF(X509_NAME) * rootCAs;
rootCAs = SSL_load_client_CA_file(root_ca_file); rootCAs = SSL_load_client_CA_file(root_ca_file);
if (rootCAs == NULL) if (rootCAs == NULL)
{ {
auto sslErr = ERR_get_error(); auto sslErr = ERR_get_error();
errMsg = "OpenSSL failed - SSL_load_client_CA_file('" + _tlsOptions.caFile + errMsg = "OpenSSL failed - SSL_load_client_CA_file('" +
"') failed: "; _tlsOptions.caFile + "') failed: ";
errMsg += ERR_error_string(sslErr, nullptr); errMsg += ERR_error_string(sslErr, nullptr);
} }
else else
{ {
SSL_CTX_set_client_CA_list(_ssl_context, rootCAs); SSL_CTX_set_client_CA_list(_ssl_context, rootCAs);
if (SSL_CTX_load_verify_locations(_ssl_context, root_ca_file, nullptr) != 1) if (SSL_CTX_load_verify_locations(
_ssl_context, root_ca_file, nullptr) != 1)
{ {
auto sslErr = ERR_get_error(); auto sslErr = ERR_get_error();
errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" + errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" +

3
ixwebsocket/IXSocketTLSOptions.cpp
View File

@ -58,7 +58,8 @@ namespace ix
return caFile == kTLSCAFileUseSystemDefaults; return caFile == kTLSCAFileUseSystemDefaults;
} }
bool SocketTLSOptions::isUsingInMemoryCAs() const { bool SocketTLSOptions::isUsingInMemoryCAs() const
{
return caFile.find("-----BEGIN CERTIFICATE-----") != std::string::npos; return caFile.find("-----BEGIN CERTIFICATE-----") != std::string::npos;
} }

2
ixwebsocket/IXSocketTLSOptions.h
View File

@ -36,7 +36,7 @@ namespace ix
bool hasCertAndKey() const; bool hasCertAndKey() const;
bool isUsingSystemDefaults() const; bool isUsingSystemDefaults() const;
bool isUsingInMemoryCAs() const; bool isUsingInMemoryCAs() const;
bool isPeerVerifyDisabled() const; bool isPeerVerifyDisabled() const;

6
ixwebsocket/IXUrlParser.cpp
View File

@ -128,8 +128,8 @@ namespace
/* /*
* <scheme>:<scheme-specific-part> * <scheme>:<scheme-specific-part>
* <scheme> := [a-z\+\-\.]+ * <scheme> := [a-z\+\-\.]+
* For resiliency, programs interpreting URLs should treat upper case letters as equivalent to * For resiliency, programs interpreting URLs should treat upper case letters as
*lower case in scheme names *equivalent to lower case in scheme names
*/ */
// try to read scheme // try to read scheme
@ -332,7 +332,7 @@ namespace
return Result; return Result;
} }
} } // namespace
namespace ix namespace ix
{ {

156
ixwebsocket/IXWebSocketHandshakeKeyGen.h
View File

@ -18,66 +18,87 @@
#pragma once #pragma once
#include <cstdint>
#include <cstddef> #include <cstddef>
#include <string> #include <cstdint>
#include <string.h> #include <string.h>
#include <string>
class WebSocketHandshakeKeyGen { class WebSocketHandshakeKeyGen
template <int N, typename T> {
struct static_for { template<int N, typename T>
void operator()(uint32_t *a, uint32_t *b) { struct static_for
{
void operator()(uint32_t* a, uint32_t* b)
{
static_for<N - 1, T>()(a, b); static_for<N - 1, T>()(a, b);
T::template f<N - 1>(a, b); T::template f<N - 1>(a, b);
} }
}; };
template <typename T> template<typename T>
struct static_for<0, T> { struct static_for<0, T>
void operator()(uint32_t * /*a*/, uint32_t * /*hash*/) {} {
void operator()(uint32_t* /*a*/, uint32_t* /*hash*/)
{
}
}; };
template <int state> template<int state>
struct Sha1Loop { struct Sha1Loop
static inline uint32_t rol(uint32_t value, size_t bits) {return (value << bits) | (value >> (32 - bits));} {
static inline uint32_t blk(uint32_t b[16], size_t i) { static inline uint32_t rol(uint32_t value, size_t bits)
{
return (value << bits) | (value >> (32 - bits));
}
static inline uint32_t blk(uint32_t b[16], size_t i)
{
return rol(b[(i + 13) & 15] ^ b[(i + 8) & 15] ^ b[(i + 2) & 15] ^ b[i], 1); return rol(b[(i + 13) & 15] ^ b[(i + 8) & 15] ^ b[(i + 2) & 15] ^ b[i], 1);
} }
template <int i> template<int i>
static inline void f(uint32_t *a, uint32_t *b) { static inline void f(uint32_t* a, uint32_t* b)
switch (state) { {
case 1: switch (state)
a[i % 5] += ((a[(3 + i) % 5] & (a[(2 + i) % 5] ^ a[(1 + i) % 5])) ^ a[(1 + i) % 5]) + b[i] + 0x5a827999 + rol(a[(4 + i) % 5], 5); {
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); case 1:
break; a[i % 5] +=
case 2: ((a[(3 + i) % 5] & (a[(2 + i) % 5] ^ a[(1 + i) % 5])) ^ a[(1 + i) % 5]) +
b[i] = blk(b, i); b[i] + 0x5a827999 + rol(a[(4 + i) % 5], 5);
a[(1 + i) % 5] += ((a[(4 + i) % 5] & (a[(3 + i) % 5] ^ a[(2 + i) % 5])) ^ a[(2 + i) % 5]) + b[i] + 0x5a827999 + rol(a[(5 + i) % 5], 5); a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30);
a[(4 + i) % 5] = rol(a[(4 + i) % 5], 30); break;
break; case 2:
case 3: b[i] = blk(b, i);
b[(i + 4) % 16] = blk(b, (i + 4) % 16); a[(1 + i) % 5] +=
a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + b[(i + 4) % 16] + 0x6ed9eba1 + rol(a[(4 + i) % 5], 5); ((a[(4 + i) % 5] & (a[(3 + i) % 5] ^ a[(2 + i) % 5])) ^ a[(2 + i) % 5]) +
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); b[i] + 0x5a827999 + rol(a[(5 + i) % 5], 5);
break; a[(4 + i) % 5] = rol(a[(4 + i) % 5], 30);
case 4: break;
b[(i + 8) % 16] = blk(b, (i + 8) % 16); case 3:
a[i % 5] += (((a[(3 + i) % 5] | a[(2 + i) % 5]) & a[(1 + i) % 5]) | (a[(3 + i) % 5] & a[(2 + i) % 5])) + b[(i + 8) % 16] + 0x8f1bbcdc + rol(a[(4 + i) % 5], 5); b[(i + 4) % 16] = blk(b, (i + 4) % 16);
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) +
break; b[(i + 4) % 16] + 0x6ed9eba1 + rol(a[(4 + i) % 5], 5);
case 5: a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30);
b[(i + 12) % 16] = blk(b, (i + 12) % 16); break;
a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) + b[(i + 12) % 16] + 0xca62c1d6 + rol(a[(4 + i) % 5], 5); case 4:
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30); b[(i + 8) % 16] = blk(b, (i + 8) % 16);
break; a[i % 5] += (((a[(3 + i) % 5] | a[(2 + i) % 5]) & a[(1 + i) % 5]) |
case 6: (a[(3 + i) % 5] & a[(2 + i) % 5])) +
b[i] += a[4 - i]; b[(i + 8) % 16] + 0x8f1bbcdc + rol(a[(4 + i) % 5], 5);
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30);
break;
case 5:
b[(i + 12) % 16] = blk(b, (i + 12) % 16);
a[i % 5] += (a[(3 + i) % 5] ^ a[(2 + i) % 5] ^ a[(1 + i) % 5]) +
b[(i + 12) % 16] + 0xca62c1d6 + rol(a[(4 + i) % 5], 5);
a[(3 + i) % 5] = rol(a[(3 + i) % 5], 30);
break;
case 6: b[i] += a[4 - i];
} }
} }
}; };
static inline void sha1(uint32_t hash[5], uint32_t b[16]) { static inline void sha1(uint32_t hash[5], uint32_t b[16])
{
uint32_t a[5] = {hash[4], hash[3], hash[2], hash[1], hash[0]}; uint32_t a[5] = {hash[4], hash[3], hash[2], hash[1], hash[0]};
static_for<16, Sha1Loop<1>>()(a, b); static_for<16, Sha1Loop<1>>()(a, b);
static_for<4, Sha1Loop<2>>()(a, b); static_for<4, Sha1Loop<2>>()(a, b);
@ -87,9 +108,11 @@ class WebSocketHandshakeKeyGen {
static_for<5, Sha1Loop<6>>()(a, hash); static_for<5, Sha1Loop<6>>()(a, hash);
} }
static inline void base64(unsigned char *src, char *dst) { static inline void base64(unsigned char* src, char* dst)
const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; {
for (int i = 0; i < 18; i += 3) { const char* b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
for (int i = 0; i < 18; i += 3)
{
*dst++ = b64[(src[i] >> 2) & 63]; *dst++ = b64[(src[i] >> 2) & 63];
*dst++ = b64[((src[i] & 3) << 4) | ((src[i + 1] & 240) >> 4)]; *dst++ = b64[((src[i] & 3) << 4) | ((src[i + 1] & 240) >> 4)];
*dst++ = b64[((src[i + 1] & 15) << 2) | ((src[i + 2] & 192) >> 6)]; *dst++ = b64[((src[i + 1] & 15) << 2) | ((src[i + 2] & 192) >> 6)];
@ -102,34 +125,47 @@ class WebSocketHandshakeKeyGen {
} }
public: public:
static inline void generate(const std::string& inputStr, char output[28]) { static inline void generate(const std::string& inputStr, char output[28])
{
char input[25] = {}; char input[25] = {};
strncpy(input, inputStr.c_str(), 25 - 1); strncpy(input, inputStr.c_str(), 25 - 1);
input[25 - 1] = '\0'; input[25 - 1] = '\0';
uint32_t b_output[5] = { uint32_t b_output[5] = {0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0};
0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 uint32_t b_input[16] = {0,
}; 0,
uint32_t b_input[16] = { 0,
0, 0, 0, 0, 0, 0, 0x32353845, 0x41464135, 0x2d453931, 0x342d3437, 0x44412d39, 0,
0x3543412d, 0x43354142, 0x30444338, 0x35423131, 0x80000000 0,
}; 0,
0x32353845,
0x41464135,
0x2d453931,
0x342d3437,
0x44412d39,
0x3543412d,
0x43354142,
0x30444338,
0x35423131,
0x80000000};
for (int i = 0; i < 6; i++) { for (int i = 0; i < 6; i++)
b_input[i] = (input[4 * i + 3] & 0xff) | (input[4 * i + 2] & 0xff) << 8 | (input[4 * i + 1] & 0xff) << 16 | (input[4 * i + 0] & 0xff) << 24; {
b_input[i] = (input[4 * i + 3] & 0xff) | (input[4 * i + 2] & 0xff) << 8 |
(input[4 * i + 1] & 0xff) << 16 | (input[4 * i + 0] & 0xff) << 24;
} }
sha1(b_output, b_input); sha1(b_output, b_input);
uint32_t last_b[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 480}; uint32_t last_b[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 480};
sha1(b_output, last_b); sha1(b_output, last_b);
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++)
{
uint32_t tmp = b_output[i]; uint32_t tmp = b_output[i];
char *bytes = (char *) &b_output[i]; char* bytes = (char*) &b_output[i];
bytes[3] = tmp & 0xff; bytes[3] = tmp & 0xff;
bytes[2] = (tmp >> 8) & 0xff; bytes[2] = (tmp >> 8) & 0xff;
bytes[1] = (tmp >> 16) & 0xff; bytes[1] = (tmp >> 16) & 0xff;
bytes[0] = (tmp >> 24) & 0xff; bytes[0] = (tmp >> 24) & 0xff;
} }
base64((unsigned char *) b_output, output); base64((unsigned char*) b_output, output);
} }
}; };

12
test/IXDNSLookupTest.cpp
View File

@ -31,7 +31,11 @@ TEST_CASE("dns", "[net]")
auto dnsLookup = std::make_shared<DNSLookup>("wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww", 80); auto dnsLookup = std::make_shared<DNSLookup>("wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww", 80);
std::string errMsg; std::string errMsg;
struct addrinfo* res = dnsLookup->resolve(errMsg, [] { return false; }); struct addrinfo* res = dnsLookup->resolve(errMsg,
[]
{
return false;
});
std::cerr << "Error message: " << errMsg << std::endl; std::cerr << "Error message: " << errMsg << std::endl;
REQUIRE(res == nullptr); REQUIRE(res == nullptr);
} }
@ -42,7 +46,11 @@ TEST_CASE("dns", "[net]")
std::string errMsg; std::string errMsg;
// The callback returning true means we are requesting cancellation // The callback returning true means we are requesting cancellation
struct addrinfo* res = dnsLookup->resolve(errMsg, [] { return true; }); struct addrinfo* res = dnsLookup->resolve(errMsg,
[]
{
return true;
});
std::cerr << "Error message: " << errMsg << std::endl; std::cerr << "Error message: " << errMsg << std::endl;
REQUIRE(res == nullptr); REQUIRE(res == nullptr);
} }

4
test/IXUnityBuildsTest.cpp
View File

@ -18,10 +18,10 @@
#include <ixwebsocket/IXSetThreadName.h> #include <ixwebsocket/IXSetThreadName.h>
#include <ixwebsocket/IXSocket.h> #include <ixwebsocket/IXSocket.h>
#include <ixwebsocket/IXSocketAppleSSL.h> #include <ixwebsocket/IXSocketAppleSSL.h>
#include <ixwebsocket/IXSocketOpenSSL.h>
#include <ixwebsocket/IXSocketMbedTLS.h>
#include <ixwebsocket/IXSocketConnect.h> #include <ixwebsocket/IXSocketConnect.h>
#include <ixwebsocket/IXSocketFactory.h> #include <ixwebsocket/IXSocketFactory.h>
#include <ixwebsocket/IXSocketMbedTLS.h>
#include <ixwebsocket/IXSocketOpenSSL.h>
#include <ixwebsocket/IXSocketServer.h> #include <ixwebsocket/IXSocketServer.h>
#include <ixwebsocket/IXUrlParser.h> #include <ixwebsocket/IXUrlParser.h>
#include <ixwebsocket/IXWebSocket.h> #include <ixwebsocket/IXWebSocket.h>