/**

* @file SecureSocket.cpp

* @brief implementation of the Secure Socket class

* @author Mohamed Amine Mzoughi <[email protected]>

*/

#ifdef OPENSSL

#include "SecureSocket.h"

#include <iostream>

#ifdef _WIN32

// to avoid link problems in prod/test program

// Update : with the newer versions of OpenSSL, there's no need to include it

//#include <openssl/applink.c>

#endif

ASecureSocket::SSLSocket::SSLSocket()

: m_SockFd(INVALID_SOCKET)

, m_pSSL(nullptr)

, m_pCTXSSL(nullptr)

, m_pMTHDSSL(nullptr)

{

}

ASecureSocket::SSLSocket::SSLSocket(SSLSocket&& Sockother)

: m_SockFd(Sockother.m_SockFd)

, m_pSSL(Sockother.m_pSSL)

, m_pCTXSSL(Sockother.m_pCTXSSL)

, m_pMTHDSSL(Sockother.m_pMTHDSSL)

{

Sockother.m_SockFd = INVALID_SOCKET;

Sockother.m_pSSL = nullptr;

Sockother.m_pCTXSSL = nullptr;

Sockother.m_pMTHDSSL = nullptr;

}

ASecureSocket::SSLSocket& ASecureSocket::SSLSocket::operator=(SSLSocket&& Sockother)

{

if (this != &Sockother)

{

m_SockFd = Sockother.m_SockFd;

m_pSSL = Sockother.m_pSSL;

m_pCTXSSL = Sockother.m_pCTXSSL;

m_pMTHDSSL = Sockother.m_pMTHDSSL;

// reset Sockother

Sockother.m_SockFd = INVALID_SOCKET;

Sockother.m_pSSL = nullptr;

Sockother.m_pCTXSSL = nullptr;

Sockother.m_pMTHDSSL = nullptr;

}

return *this;

}

ASecureSocket::SSLSocket::~SSLSocket()

{

Disconnect();

}

void ASecureSocket::SSLSocket::Disconnect()

{

if (m_pSSL != nullptr)

{

/* send the close_notify alert to the peer. */

SSL_shutdown(m_pSSL); // must be called before SSL_free

SSL_free(m_pSSL);

m_pSSL = nullptr;

}

SocketClose(m_SockFd);

if (m_pCTXSSL != nullptr)

{

SSL_CTX_free(m_pCTXSSL);

m_pCTXSSL = nullptr;

}

}

bool ASecureSocket::SSLSocket::HasPending() const

{

return SSL_has_pending(m_pSSL) == 1;

}

int ASecureSocket::SSLSocket::PendingBytes() const

{

return SSL_pending(m_pSSL);

}

std::atomic<int> ASecureSocket::s_iSecureSocketCount = ATOMIC_VAR_INIT(0);

/**

* @brief constructor of the Secure Socket

*

* @param oLogger - a callabck to a logger function void(const std::string&)

* @param eSSLVersion - SSL/TLS protocol version

*/

ASecureSocket::ASecureSocket(const LogFnCallback& oLogger,

const OpenSSLProtocol& eSSLVersion,

const SettingsFlag& eSettings /*= ALL_FLAGS*/)

: ASocket(oLogger, eSettings)

, m_eOpenSSLProtocol(eSSLVersion)

{

int expected = 0;

if (s_iSecureSocketCount.compare_exchange_strong(expected, 1))

{

// Initialize OpenSSL

InitializeSSL();

}

else

{

s_iSecureSocketCount.fetch_add(1, std::memory_order_relaxed);

}

}

/**

* @brief destructor of the secure socket object

* It's a pure virtual destructor but an implementation is provided below.

* this to avoid creating a dummy pure virtual method to transform the class

* to an abstract one.

*/

ASecureSocket::~ASecureSocket()

{

int value = s_iSecureSocketCount.load(std::memory_order_relaxed);

do

{

if (value == 0)

{

return;

}

if (s_iSecureSocketCount.compare_exchange_weak(value, value - 1))

{

if (value == 1)

{

DestroySSL();

}

return;

}

} while (true);

}

void ASecureSocket::InitializeSSL()

{

/* Initialize malloc, free, etc for OpenSSL's use. */

//CRYPTO_malloc_init();

/* Initialize OpenSSL's SSL libraries: load encryption & hash algorithms for SSL */

(void)SSL_library_init(); //always returns 1

/* Load the error strings for good error reporting */

SSL_load_error_strings();

/* Load BIO error strings. */

//ERR_load_BIO_strings();

/* Load all available encryption algorithms. */

OpenSSL_add_all_algorithms();

}

void ASecureSocket::DestroySSL()

{

ERR_free_strings();

EVP_cleanup();

}

bool ASecureSocket::SetUpCtxClient(SSLSocket& Socket)

{

switch (m_eOpenSSLProtocol)

{

default:

case OpenSSLProtocol::TLS:

// Standard Protocol as of 11/2018, OpenSSL will choose highest possible TLS standard between peers

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_client_method());

break;

case OpenSSLProtocol::SSL_V23:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv23_client_method());

break;

#if 0

#ifdef _WIN32

// deprecated in newer versions of OpenSSL

case OpenSSLProtocol::SSL_V2:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv2_client_method());

break;

#endif

// deprecated

case OpenSSLProtocol::SSL_V3:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv3_client_method());

break;

#endif

case OpenSSLProtocol::TLS_V1:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLSv1_client_method());

break;

}

if (Socket.m_pMTHDSSL == nullptr)

{

//SocketLog("[WARN ]ASecureSocket, XXX_client_method failed[%lu:%s]", ERR_get_error(), ERR_error_string(ERR_get_error(), nullptr));

}

Socket.m_pCTXSSL = SSL_CTX_new(Socket.m_pMTHDSSL);

if (Socket.m_pCTXSSL == nullptr)

{

//SocketLog("[ERROR]ASecureSocket, client SSL_CTX_new failed[%lu:%s]", ERR_get_error(), ERR_error_string(ERR_get_error(), nullptr));

//ERR_print_errors_fp(stdout);

return false;

}

return true;

}

bool ASecureSocket::SetUpCtxServer(SSLSocket& Socket)

{

switch (m_eOpenSSLProtocol)

{

default:

case OpenSSLProtocol::TLS:

// Standard Protocol as of 11/2018, OpenSSL will choose highest possible TLS standard between peers

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_server_method());

break;

#if 0

#ifdef _WIN32

case OpenSSLProtocol::SSL_V2:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv2_server_method());

break;

#endif

// deprecated

case OpenSSLProtocol::SSL_V3:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv3_server_method());

break;

#endif

case OpenSSLProtocol::TLS_V1:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLSv1_server_method());

break;

case OpenSSLProtocol::SSL_V23:

Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(SSLv23_server_method());

break;

}

if (Socket.m_pMTHDSSL == nullptr)

{

//SocketLog("[WARN ]ASecureSocket, XXX_server_method failed[%lu:%s]", ERR_get_error(), ERR_error_string(ERR_get_error(), nullptr));

}

Socket.m_pCTXSSL = SSL_CTX_new(Socket.m_pMTHDSSL);

if (Socket.m_pCTXSSL == nullptr)

{

//SocketLog("[ERROR]ASecureSocket, server SSL_CTX_new failed[%lu:%s]", ERR_get_error(), ERR_error_string(ERR_get_error(), nullptr));

return false;

}

//SSL_CTX_set_verify(Socket.m_pCTXSSL, SSL_VERIFY_NONE, nullptr);

return true;

}

void ASecureSocket::ShutdownSSL(SSLSocket& SSLSock)

{

SSLSock.Disconnect();

}

const char* ASecureSocket::GetSSLErrorString(int iErrorCode)

{

switch (iErrorCode)

{

case SSL_ERROR_NONE:

return "The TLS/SSL I/O operation completed.";

case SSL_ERROR_ZERO_RETURN:

return "The TLS/SSL connection has been closed.";

case SSL_ERROR_WANT_READ:

return "The read operation did not complete; "

"the same TLS/SSL I/O function should be called again later.";

case SSL_ERROR_WANT_WRITE:

return "The write operation did not complete; "

"the same TLS/SSL I/O function should be called again later.";

case SSL_ERROR_WANT_CONNECT:

return "The connect operation did not complete; "

"the same TLS/SSL I/O function should be called again later.";

case SSL_ERROR_WANT_ACCEPT:

return "The accept operation did not complete; "

"the same TLS/SSL I/O function should be called again later.";

case SSL_ERROR_WANT_X509_LOOKUP:

return "The operation did not complete because an application callback set"

" by SSL_CTX_set_client_cert_cb() has asked to be called again. "

"The TLS/SSL I/O function should be called again later.";

case SSL_ERROR_SYSCALL:

return "Some I/O error occurred. The OpenSSL error queue may contain"

" more information on the error.";

case SSL_ERROR_SSL:

return "A failure in the SSL library occurred, usually a protocol error. "

"The OpenSSL error queue contains more information on the error.";

default:

return "Unknown error !";

}

}

int ASecureSocket::AlwaysTrueCallback(X509_STORE_CTX* pCTX, void* pArg)

{

return 1;

}

#endif