From 76a4d0edd9170c8ae8adf73733ce78052f9af287 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Wed, 16 Jun 2021 18:41:40 +0300 Subject: in OpenSSL 1.1.1 we can share the same context among all network connections --- src/mir_app/src/netlib.cpp | 4 ++ src/mir_app/src/netlib.h | 20 ++++---- src/mir_app/src/netlib_ssl.cpp | 102 +++++++++++++++++++++++------------------ 3 files changed, 73 insertions(+), 53 deletions(-) (limited to 'src') diff --git a/src/mir_app/src/netlib.cpp b/src/mir_app/src/netlib.cpp index 5dd7bf4f97..eefbfd6641 100644 --- a/src/mir_app/src/netlib.cpp +++ b/src/mir_app/src/netlib.cpp @@ -439,6 +439,7 @@ void UnloadNetlibModule(void) if (hConnectionOpenMutex) CloseHandle(hConnectionOpenMutex); WSACleanup(); + OpenSsl_Unload(); } int LoadNetlibModule(void) @@ -448,6 +449,9 @@ int LoadNetlibModule(void) WSADATA wsadata; WSAStartup(MAKEWORD(2, 2), &wsadata); + if (!OpenSsl_Init()) + return 1; + hConnectionHeaderMutex = CreateMutex(nullptr, FALSE, nullptr); NetlibLogInit(); diff --git a/src/mir_app/src/netlib.h b/src/mir_app/src/netlib.h index aeae2a7bd0..c08718b5bd 100644 --- a/src/mir_app/src/netlib.h +++ b/src/mir_app/src/netlib.h @@ -145,43 +145,47 @@ extern LIST netlibUser; extern HANDLE hEventConnected; extern HANDLE hEventDisconnected; -// netlibautoproxy.c +// netlibautoproxy.cpp void NetlibLoadIeProxy(void); void NetlibUnloadIeProxy(void); char* NetlibGetIeProxy(char *szUrl); bool NetlibGetIeProxyConn(NetlibConnection *nlc, bool forceHttps); -// netlibbind.c +// netlibbind.cpp int NetlibFreeBoundPort(NetlibBoundPort *nlbp); bool BindSocketToPort(const char *szPorts, SOCKET s, SOCKET s6, int* portn); -// netlibhttp.c +// netlibhttp.cpp void NetlibHttpSetLastErrorUsingHttpResult(int result); NETLIBHTTPREQUEST* NetlibHttpRecv(NetlibConnection* nlc, DWORD hflags, DWORD dflags, bool isConnect = false); void NetlibConnFromUrl(const char* szUrl, bool secur, NETLIBOPENCONNECTION &nloc); -// netliblog.c +// netliblog.cpp void NetlibLogShowOptions(void); void NetlibLogInit(void); void NetlibLogShutdown(void); -// netlibopenconn.c +// netlibopenconn.cpp DWORD DnsLookup(NetlibUser *nlu, const char *szHost); int WaitUntilReadable(SOCKET s, DWORD dwTimeout, bool check = false); int WaitUntilWritable(SOCKET s, DWORD dwTimeout); bool NetlibDoConnect(NetlibConnection *nlc); bool NetlibReconnect(NetlibConnection *nlc); -// netlibopts.c +// netlibopts.cpp int NetlibOptInitialise(WPARAM wParam, LPARAM lParam); void NetlibSaveUserSettingsStruct(const char *szSettingsModule, const NETLIBUSERSETTINGS *settings); -// netlibsock.c +// netlibsock.cpp #define NL_SELECT_READ 0x0001 #define NL_SELECT_WRITE 0x0002 #define NL_SELECT_ALL (NL_SELECT_READ+NL_SELECT_WRITE) -// netlibupnp.c +// netlibssl.cpp +bool OpenSsl_Init(); +void OpenSsl_Unload(); + +// netlibupnp.cpp bool NetlibUPnPAddPortMapping(WORD intport, char *proto, WORD *extport, DWORD *extip, bool search); void NetlibUPnPDeletePortMapping(WORD extport, char* proto); void NetlibUPnPCleanup(void*); diff --git a/src/mir_app/src/netlib_ssl.cpp b/src/mir_app/src/netlib_ssl.cpp index 861e801095..1d752454df 100644 --- a/src/mir_app/src/netlib_ssl.cpp +++ b/src/mir_app/src/netlib_ssl.cpp @@ -44,41 +44,15 @@ struct SslHandle : public MZeroedObject { if (session) SSL_free(session); - if (ctx) - SSL_CTX_free(ctx); } SOCKET s; - SSL_CTX *ctx; SSL *session; SocketState state; }; -static void SSL_library_unload(void) -{ - /* Load Library Pointers */ - if (!bSslInitDone) - return; - - bSslInitDone = false; -} - -static bool SSL_library_load(void) -{ - /* Load Library Pointers */ - if (bSslInitDone) - return true; - - if (!bSslInitDone) { // init OpenSSL - SSL_library_init(); - SSL_load_error_strings(); - // FIXME check errors - - bSslInitDone = true; - } - - return bSslInitDone; -} +static SSL_CTX *g_ctx; +static mir_cs csSsl; static void dump_error(SSL *session, int err) { @@ -129,25 +103,11 @@ static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) static bool ClientConnect(SslHandle *ssl, const char*) { - SSL_METHOD *meth = (SSL_METHOD*)SSLv23_client_method(); - - // contrary to what it's named, SSLv23 announces all supported ciphers/versions, - // generally TLS1.2 in a TLS1.0 Client Hello - if (!meth) { - Netlib_Logf(nullptr, "SSL setup failure: client method"); - return false; - } - ssl->ctx = SSL_CTX_new(meth); - if (!ssl->ctx) { - Netlib_Logf(nullptr, "SSL setup failure: context"); - return false; + { + mir_cslock lck(csSsl); + ssl->session = SSL_new(g_ctx); } - // SSL_read/write should transparently handle renegotiations - SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr); - - RAND_screen(); - ssl->session = SSL_new(ssl->ctx); if (!ssl->session) { Netlib_Logf(nullptr, "SSL setup failure: session"); return false; @@ -437,3 +397,55 @@ MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen) memcpy(pBuf, buf, len); return pBuf; } + +///////////////////////////////////////////////////////////////////////////////////////// +// module entry point + +bool OpenSsl_Init(void) +{ + /* Load Library Pointers */ + if (bSslInitDone) + return true; + + if (!bSslInitDone) { // init OpenSSL + SSL_library_init(); + SSL_load_error_strings(); + // FIXME check errors + + const SSL_METHOD *meth = TLS_client_method(); + if (!meth) { + Netlib_Logf(nullptr, "SSL setup failure: client method"); + return false; + } + + g_ctx = SSL_CTX_new(meth); + if (!g_ctx) { + Netlib_Logf(nullptr, "SSL setup failure: context"); + return false; + } + + VARSW wszPemFile(L"%miranda_path%\\libs\\microsoft.pem"); + SSL_CTX_load_verify_locations(g_ctx, _T2A(wszPemFile), NULL); + + // SSL_read/write should transparently handle renegotiations + SSL_CTX_ctrl(g_ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr); + + RAND_screen(); + + bSslInitDone = true; + } + + return bSslInitDone; +} + +void OpenSsl_Unload(void) +{ + /* Load Library Pointers */ + if (!bSslInitDone) + return; + + if (g_ctx) + SSL_CTX_free(g_ctx); + + bSslInitDone = false; +} -- cgit v1.2.3