Ecosystem/xmrig
Ecosystem/xmrig
1
0
Fork 0
mirror of https://github.com/xmrig/xmrig.git synced 2025-01-18 16:55:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sync TLS changes.

Browse source
This commit is contained in:
XMRig 2022-04-19 16:34:18 +07:00
parent 8a167cb2a7
commit de97f3492e
No known key found for this signature in database
GPG key ID: 446A53638BE94409
12 changed files with 305 additions and 254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
src/base/io/log/Tags.cpp
View file

@ -1,6 +1,6 @@
/* XMRig
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -16,11 +16,27 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/io/log/Tags.h"
#include "base/io/log/Log.h"
#ifndef XMRIG_FEATURE_EVENTS
namespace xmrig {
const char *tls_tag()
{
static const char *tag = GREEN_BG_BOLD(WHITE_BOLD_S " tls ");
return tag;
}
} // namespace xmrig
#endif
#ifdef XMRIG_LEGACY
const char *xmrig::Tags::config()
{
static const char *tag = CYAN_BG_BOLD(WHITE_BOLD_S " config ");
@ -29,6 +45,15 @@ const char *xmrig::Tags::config()
}
const char *xmrig::Tags::signal()
{
static const char *tag = YELLOW_BG_BOLD(WHITE_BOLD_S " signal ");
return tag;
}
#endif
const char *xmrig::Tags::network()
{
static const char *tag = BLUE_BG_BOLD(WHITE_BOLD_S " net ");
@ -45,14 +70,6 @@ const char* xmrig::Tags::origin()
}
const char *xmrig::Tags::signal()
{
static const char *tag = YELLOW_BG_BOLD(WHITE_BOLD_S " signal ");
return tag;
}
#ifdef XMRIG_MINER_PROJECT
const char *xmrig::Tags::cpu()
{

9
src/base/io/log/Tags.h
View file

@ -1,6 +1,6 @@
/* XMRig
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -30,10 +30,13 @@ namespace xmrig {
class Tags
{
public:
# ifdef XMRIG_LEGACY
static const char *config();
static const char *signal();
# endif
static const char *network();
static const char *origin();
static const char *signal();
# ifdef XMRIG_MINER_PROJECT
static const char *cpu();

6
src/base/kernel/Process.cpp
View file

@ -30,7 +30,7 @@
#include "version.h"
#ifndef XMRIG_LEGACY
#ifdef XMRIG_FEATURE_EVENTS
# include "base/kernel/Events.h"
# include "base/kernel/events/ExitEvent.h"
#endif
@ -256,7 +256,7 @@ void xmrig::Process::exit(int code)
d_fn()->exitCode = code;
}
# ifndef XMRIG_LEGACY
# ifdef XMRIG_FEATURE_EVENTS
events().post<ExitEvent>(exitCode());
# endif
}
@ -268,7 +268,7 @@ void xmrig::Process::setUserAgent(const String &userAgent)
}
#ifndef XMRIG_LEGACY
#ifdef XMRIG_FEATURE_EVENTS
xmrig::Events &xmrig::Process::events()
{
return d_fn()->events;

2
src/base/kernel/Process.h
View file

@ -68,7 +68,7 @@ public:
static void exit(int code = -1);
static void setUserAgent(const String &userAgent);
# ifndef XMRIG_LEGACY
# ifdef XMRIG_FEATURE_EVENTS
static Events &events();
# endif

6
src/base/net/https/HttpsContext.cpp
View file

@ -1,6 +1,6 @@
/* XMRig
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -27,7 +27,7 @@
xmrig::HttpsContext::HttpsContext(TlsContext *tls, const std::weak_ptr<IHttpListener> &listener) :
HttpContext(HTTP_REQUEST, listener),
ServerTls(tls ? tls->ctx() : nullptr)
ServerTls(tls ? tls->handle() : nullptr)
{
if (!tls) {
m_mode = TLS_OFF;

8
src/base/net/https/HttpsServer.cpp
View file

@ -1,6 +1,6 @@
/* XMRig
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -34,8 +34,6 @@ xmrig::HttpsServer::HttpsServer(const std::shared_ptr<IHttpListener> &listener)
xmrig::HttpsServer::~HttpsServer()
{
HttpContext::closeAll();
delete m_tls;
}
@ -49,7 +47,7 @@ bool xmrig::HttpsServer::setTls(const TlsConfig &config)
void xmrig::HttpsServer::onConnection(uv_stream_t *stream, uint16_t)
{
auto ctx = new HttpsContext(m_tls, m_listener);
auto ctx = new HttpsContext(m_tls.get(), m_listener);
uv_accept(stream, ctx->stream());
uv_read_start(ctx->stream(), NetBuffer::onAlloc, onRead); // NOLINT(clang-analyzer-cplusplus.NewDeleteLeaks)

2
src/base/net/https/HttpsServer.h
View file

@ -58,8 +58,8 @@ protected:
private:
static void onRead(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf);
std::shared_ptr<TlsContext> m_tls;
std::weak_ptr<IHttpListener> m_listener;
TlsContext *m_tls = nullptr;
};

153
src/base/net/tls/TlsConfig.cpp
View file

@ -1,7 +1,7 @@
/* XMRig
* Copyright (c) 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -24,15 +24,25 @@
#include "base/net/tls/TlsGen.h"
#ifdef APP_DEBUG
# include "base/io/log/Log.h"
# include "base/kernel/Config.h"
#endif
namespace xmrig {
extern const char *tls_tag();
const char *TlsConfig::kCert = "cert";
const char *TlsConfig::kEnabled = "enabled";
const char *TlsConfig::kCertKey = "cert_key";
const char *TlsConfig::kCertKey = "cert-key";
const char *TlsConfig::kCiphers = "ciphers";
const char *TlsConfig::kCipherSuites = "ciphersuites";
const char *TlsConfig::kDhparam = "dhparam";
const char *TlsConfig::kField = "tls";
const char *TlsConfig::kGen = "gen";
const char *TlsConfig::kProtocols = "protocols";
@ -45,54 +55,18 @@ static const char *kTLSv1_3 = "TLSv1.3";
} // namespace xmrig
/**
* "cert" load TLS certificate chain from file.
* "cert_key" load TLS private key from file.
* "ciphers" set list of available ciphers (TLSv1.2 and below).
* "ciphersuites" set list of available TLSv1.3 ciphersuites.
* "dhparam" load DH parameters for DHE ciphers from file.
*/
xmrig::TlsConfig::TlsConfig(const rapidjson::Value &value)
xmrig::TlsConfig::TlsConfig(const Arguments &arguments)
{
if (value.IsObject()) {
m_enabled = Json::getBool(value, kEnabled, m_enabled);
setProtocols(Json::getString(value, kProtocols));
setCert(Json::getString(value, kCert));
setKey(Json::getString(value, kCertKey));
setCiphers(Json::getString(value, kCiphers));
setCipherSuites(Json::getString(value, kCipherSuites));
setDH(Json::getString(value, kDhparam));
if (m_key.isNull()) {
setKey(Json::getString(value, "cert-key"));
}
if (m_enabled && !isValid()) {
generate(Json::getString(value, kGen));
}
}
else if (value.IsBool()) {
m_enabled = value.GetBool();
if (m_enabled) {
generate();
}
}
# ifdef XMRIG_FORCE_TLS
else if (value.IsNull()) {
generate();
}
# endif
else if (value.IsString()) {
generate(value.GetString());
}
else {
m_enabled = false;
}
}
//xmrig::TlsConfig::TlsConfig(const rapidjson::Value &value, const TlsConfig &current)
//{
//}
bool xmrig::TlsConfig::generate(const char *commonName)
{
TlsGen gen;
@ -101,20 +75,34 @@ bool xmrig::TlsConfig::generate(const char *commonName)
gen.generate(commonName);
}
catch (std::exception &ex) {
LOG_ERR("%s", ex.what());
m_enabled = false;
LOG_ERR("%s " RED_BOLD("%s"), tls_tag(), ex.what());
return false;
}
setCert(gen.cert());
setKey(gen.certKey());
m_enabled = true;
m_cert = gen.cert();
m_key = gen.certKey();
m_enabled = true;
return true;
}
bool xmrig::TlsConfig::isEqual(const TlsConfig &other) const
{
return (m_enabled == other.m_enabled
&& m_protocols == other.m_protocols
&& m_cert == other.m_cert
&& m_ciphers == other.m_ciphers
&& m_ciphersuites == other.m_ciphersuites
&& m_dhparam == other.m_dhparam
&& m_key == other.m_key
);
}
rapidjson::Value xmrig::TlsConfig::toJSON(rapidjson::Document &doc) const
{
using namespace rapidjson;
@ -151,13 +139,66 @@ rapidjson::Value xmrig::TlsConfig::toJSON(rapidjson::Document &doc) const
obj.AddMember(StringRef(kCert), m_cert.toJSON(), allocator);
obj.AddMember(StringRef(kCertKey), m_key.toJSON(), allocator);
obj.AddMember(StringRef(kCiphers), m_ciphers.toJSON(), allocator);
obj.AddMember(StringRef(kCipherSuites), m_cipherSuites.toJSON(), allocator);
obj.AddMember(StringRef(kCipherSuites), m_ciphersuites.toJSON(), allocator);
obj.AddMember(StringRef(kDhparam), m_dhparam.toJSON(), allocator);
return obj;
}
void xmrig::TlsConfig::print() const
{
# ifdef APP_DEBUG
LOG_DEBUG("%s " MAGENTA_BOLD("TLS")
MAGENTA("<enabled=") CYAN("%d")
MAGENTA(", protocols=") CYAN("%u")
MAGENTA(", cert=") "\"%s\""
MAGENTA(", ciphers=") "\"%s\""
MAGENTA(", ciphersuites=") "\"%s\""
MAGENTA(", dhparam=") "\"%s\""
MAGENTA(", key=") "\"%s\""
MAGENTA(">"),
Config::tag(), m_enabled, m_protocols, m_cert.data(), m_ciphers.data(), m_ciphersuites.data(), m_dhparam.data(), m_key.data());
# endif
}
void xmrig::TlsConfig::init(const rapidjson::Value &value, const TlsConfig &current)
{
if (value.IsObject()) {
setProtocols(Json::getString(value, kProtocols));
m_enabled = Json::getBool(value, kEnabled, current.m_enabled);
m_cert = Json::getString(value, kCert, current.m_cert);
m_key = Json::getString(value, kCertKey, current.m_key);
m_ciphers = Json::getString(value, kCiphers, current.m_ciphers);
m_ciphersuites = Json::getString(value, kCipherSuites, current.m_ciphersuites);
m_dhparam = Json::getString(value, kDhparam, current.m_dhparam);
if (m_key.isNull()) {
m_key = Json::getString(value, "cert_key", current.m_key);
}
if (m_enabled && !isValid()) {
generate(Json::getString(value, kGen));
}
}
else if (value.IsBool()) {
m_enabled = value.GetBool();
if (m_enabled) {
generate();
}
}
else if (value.IsString()) {
generate(value.GetString());
}
else {
m_enabled = false;
}
}
void xmrig::TlsConfig::setProtocols(const char *protocols)
{
const std::vector<String> vec = String(protocols).split(' ');
@ -183,11 +224,9 @@ void xmrig::TlsConfig::setProtocols(const rapidjson::Value &protocols)
{
m_protocols = 0;
if (protocols.IsUint()) {
return setProtocols(protocols.GetUint());
}
if (protocols.IsString()) {
return setProtocols(protocols.GetString());
setProtocols(protocols.GetString());
} else if (protocols.IsUint()) {
m_protocols = protocols.GetUint();
}
}

54
src/base/net/tls/TlsConfig.h
View file

@ -1,7 +1,7 @@
/* XMRig
* Copyright (c) 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -21,13 +21,15 @@
#define XMRIG_TLSCONFIG_H
#include "3rdparty/rapidjson/fwd.h"
#include "base/tools/String.h"
namespace xmrig {
class Arguments;
class TlsConfig
{
public:
@ -37,6 +39,7 @@ public:
static const char *kCipherSuites;
static const char *kDhparam;
static const char *kEnabled;
static const char *kField;
static const char *kGen;
static const char *kProtocols;
@ -48,39 +51,44 @@ public:
};
TlsConfig() = default;
TlsConfig(const rapidjson::Value &value);
TlsConfig(const Arguments &arguments);
inline bool isEnabled() const { return m_enabled && isValid(); }
inline bool isValid() const { return !m_cert.isEmpty() && !m_key.isEmpty(); }
inline const char *cert() const { return m_cert.data(); }
inline const char *ciphers() const { return m_ciphers.isEmpty() ? nullptr : m_ciphers.data(); }
inline const char *cipherSuites() const { return m_cipherSuites.isEmpty() ? nullptr : m_cipherSuites.data(); }
inline const char *dhparam() const { return m_dhparam.isEmpty() ? nullptr : m_dhparam.data(); }
inline const char *key() const { return m_key.data(); }
inline uint32_t protocols() const { return m_protocols; }
inline void setCert(const char *cert) { m_cert = cert; }
inline void setCiphers(const char *ciphers) { m_ciphers = ciphers; }
inline void setCipherSuites(const char *ciphers) { m_cipherSuites = ciphers; }
inline void setDH(const char *dhparam) { m_dhparam = dhparam; }
inline void setKey(const char *key) { m_key = key; }
inline void setProtocols(uint32_t protocols) { m_protocols = protocols; }
inline TlsConfig(const rapidjson::Value &value, const TlsConfig &current) { init(value, current); }
inline TlsConfig(const rapidjson::Value &value) { init(value, {}); }
inline bool isEnabled() const { return m_enabled; }
inline bool isValid() const { return !m_cert.isEmpty() && !m_key.isEmpty(); }
inline const String &cert() const { return m_cert; }
inline const String &ciphers() const { return m_ciphers; }
inline const String &ciphersuites() const { return m_ciphersuites; }
inline const String &dhparam() const { return m_dhparam; }
inline const String &key() const { return m_key; }
inline uint32_t protocols() const { return m_protocols; }
inline bool operator!=(const TlsConfig &other) const { return !isEqual(other); }
inline bool operator==(const TlsConfig &other) const { return isEqual(other); }
bool generate(const char *commonName = nullptr);
bool isEqual(const TlsConfig &other) const;
rapidjson::Value toJSON(rapidjson::Document &doc) const;
void print() const;
private:
void init(const rapidjson::Value &value, const TlsConfig &current);
void setProtocols(const char *protocols);
void setProtocols(const rapidjson::Value &protocols);
private:
bool m_enabled = true;
bool m_enabled = false;
uint32_t m_protocols = 0;
String m_cert;
String m_ciphers;
String m_cipherSuites;
String m_ciphersuites;
String m_dhparam;
String m_key;
};
} /* namespace xmrig */
} // namespace xmrig
#endif /* XMRIG_TLSCONFIG_H */
#endif // XMRIG_TLSCONFIG_H

252
src/base/net/tls/TlsContext.cpp
View file

@ -1,7 +1,7 @@
/* XMRig
* Copyright (c) 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -18,13 +18,14 @@
*/
#include "base/net/tls/TlsContext.h"
#include "3rdparty/fmt/core.h"
#include "base/io/Env.h"
#include "base/io/log/Log.h"
#include "base/net/tls/TlsConfig.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <stdexcept>
// https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#Compatibility_Layer
@ -44,8 +45,106 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
namespace xmrig {
class TlsContext::Private
{
public:
void load(const TlsConfig &config);
SSL_CTX *ctx = nullptr;
private:
static inline const char *error() { return ERR_reason_error_string(ERR_get_error()); }
static DH *get_dh2048();
void setDH(const String &dhparam) const;
void setProtocols(uint32_t protocols) const;
};
} // namespace xmrig
xmrig::TlsContext::~TlsContext()
{
SSL_CTX_free(d->ctx);
}
SSL_CTX *xmrig::TlsContext::handle() const
{
return d->ctx;
}
xmrig::TlsContext::TlsContext() :
d(std::make_shared<Private>())
{
}
std::shared_ptr<xmrig::TlsContext> xmrig::TlsContext::create(const TlsConfig &config)
{
if (!config.isEnabled()) {
return nullptr;
}
auto tls = std::shared_ptr<TlsContext>(new TlsContext());
tls->d->load(config);
return tls;
}
void xmrig::TlsContext::Private::load(const TlsConfig &config)
{
if ((ctx = SSL_CTX_new(SSLv23_server_method())) == nullptr) {
throw std::runtime_error("Unable to create SSL context");
}
const auto cert = Env::expand(config.cert());
if (cert.isNull()) {
throw std::runtime_error("Unable to load cert file");
}
if (SSL_CTX_use_certificate_chain_file(ctx, cert) <= 0) {
throw std::runtime_error(fmt::format("Unable to load cert file \"{}\": \"{}\"", cert.data(), error()));
}
const auto key = Env::expand(config.key());
if (key.isNull()) {
throw std::runtime_error("Unable to load key file");
}
if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0) {
throw std::runtime_error(fmt::format("Unable to load key file \"{}\": \"{}\"", key.data(), error()));
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_max_early_data(ctx, 0);
# endif
setProtocols(config.protocols());
if (!config.ciphers().isNull() && SSL_CTX_set_cipher_list(ctx, config.ciphers()) <= 0) {
throw std::runtime_error(fmt::format("Unable to set cipher list: \"{}\"", error()));
}
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
if (!config.ciphersuites().isNull() && SSL_CTX_set_ciphersuites(ctx, config.ciphersuites()) <= 0) {
throw std::runtime_error(fmt::format("Unable to set ciphersuites: \"{}\"", error()));
}
# endif
setDH(Env::expand(config.dhparam()));
}
// https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
static DH *get_dh2048()
DH *xmrig::TlsContext::Private::get_dh2048()
{
static unsigned char dhp_2048[] = {
0xB2, 0x91, 0xA7, 0x05, 0x31, 0xCE, 0x12, 0x9D, 0x03, 0x43,
@ -78,6 +177,7 @@ static DH *get_dh2048()
static unsigned char dhg_2048[] = { 0x02 };
auto dh = DH_new();
if (dh == nullptr) {
return nullptr;
@ -97,167 +197,63 @@ static DH *get_dh2048()
return dh;
}
} // namespace xmrig
xmrig::TlsContext::~TlsContext()
{
SSL_CTX_free(m_ctx);
}
xmrig::TlsContext *xmrig::TlsContext::create(const TlsConfig &config)
{
if (!config.isEnabled()) {
return nullptr;
}
auto tls = new TlsContext();
if (!tls->load(config)) {
delete tls;
return nullptr;
}
return tls;
}
bool xmrig::TlsContext::load(const TlsConfig &config)
{
m_ctx = SSL_CTX_new(SSLv23_server_method());
if (m_ctx == nullptr) {
LOG_ERR("Unable to create SSL context");
return false;
}
const auto cert = Env::expand(config.cert());
if (SSL_CTX_use_certificate_chain_file(m_ctx, cert) <= 0) {
LOG_ERR("SSL_CTX_use_certificate_chain_file(\"%s\") failed.", config.cert());
return false;
}
const auto key = Env::expand(config.key());
if (SSL_CTX_use_PrivateKey_file(m_ctx, key, SSL_FILETYPE_PEM) <= 0) {
LOG_ERR("SSL_CTX_use_PrivateKey_file(\"%s\") failed.", config.key());
return false;
}
SSL_CTX_set_options(m_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_options(m_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_max_early_data(m_ctx, 0);
# endif
setProtocols(config.protocols());
return setCiphers(config.ciphers()) && setCipherSuites(config.cipherSuites()) && setDH(config.dhparam());
}
bool xmrig::TlsContext::setCiphers(const char *ciphers)
{
if (ciphers == nullptr || SSL_CTX_set_cipher_list(m_ctx, ciphers) == 1) {
return true;
}
LOG_ERR("SSL_CTX_set_cipher_list(\"%s\") failed.", ciphers);
return true;
}
bool xmrig::TlsContext::setCipherSuites(const char *ciphersuites)
{
if (ciphersuites == nullptr) {
return true;
}
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
if (SSL_CTX_set_ciphersuites(m_ctx, ciphersuites) == 1) {
return true;
}
# endif
LOG_ERR("SSL_CTX_set_ciphersuites(\"%s\") failed.", ciphersuites);
return false;
}
bool xmrig::TlsContext::setDH(const char *dhparam)
void xmrig::TlsContext::Private::setDH(const String &dhparam) const
{
DH *dh = nullptr;
if (dhparam != nullptr) {
BIO *bio = BIO_new_file(Env::expand(dhparam), "r");
if (bio == nullptr) {
LOG_ERR("BIO_new_file(\"%s\") failed.", dhparam);
return false;
}
dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
if (dh == nullptr) {
LOG_ERR("PEM_read_bio_DHparams(\"%s\") failed.", dhparam);
if (!dhparam.isEmpty()) {
BIO *bio = BIO_new_file(dhparam, "r");
if (bio) {
dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
BIO_free(bio);
return false;
}
BIO_free(bio);
if (!dh) {
throw std::runtime_error(fmt::format("Unable to load DH params \"{}\": \"{}\"", dhparam.data(), error()));
}
}
else {
dh = get_dh2048();
}
const int rc = SSL_CTX_set_tmp_dh(m_ctx, dh); // NOLINT(cppcoreguidelines-pro-type-cstyle-cast)
const int rc = SSL_CTX_set_tmp_dh(ctx, dh); // NOLINT(cppcoreguidelines-pro-type-cstyle-cast)
DH_free(dh);
if (rc == 0) {
LOG_ERR("SSL_CTX_set_tmp_dh(\"%s\") failed.", dhparam);
return false;
if (rc <= 0) {
throw std::runtime_error(fmt::format("Unable to set DH params: \"{}\"", error()));
}
return true;
}
void xmrig::TlsContext::setProtocols(uint32_t protocols)
void xmrig::TlsContext::Private::setProtocols(uint32_t protocols) const
{
if (protocols == 0) {
return;
}
if (!(protocols & TlsConfig::TLSv1)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
}
# ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_1);
SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_1);
if (!(protocols & TlsConfig::TLSv1_1)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_1);
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1);
}
# endif
# ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_2);
SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2);
if (!(protocols & TlsConfig::TLSv1_2)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_2);
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
}
# endif
# ifdef SSL_OP_NO_TLSv1_3
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_3);
if (!(protocols & TlsConfig::TLSv1_3)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
}
# endif
}

26
src/base/net/tls/TlsContext.h
View file

@ -1,7 +1,7 @@
/* XMRig
* Copyright (c) 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright (c) 2018-2021 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2021 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright (c) 2018-2022 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2022 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -24,9 +24,6 @@
#include "base/tools/Object.h"
#include <cstdint>
using SSL_CTX = struct ssl_ctx_st;
@ -43,23 +40,18 @@ public:
~TlsContext();
static TlsContext *create(const TlsConfig &config);
static std::shared_ptr<TlsContext> create(const TlsConfig &config);
inline SSL_CTX *ctx() const { return m_ctx; }
SSL_CTX *handle() const;
private:
TlsContext() = default;
XMRIG_DECL_PRIVATE()
bool load(const TlsConfig &config);
bool setCiphers(const char *ciphers);
bool setCipherSuites(const char *ciphersuites);
bool setDH(const char *dhparam);
void setProtocols(uint32_t protocols);
SSL_CTX *m_ctx = nullptr;
TlsContext();
};
} /* namespace xmrig */
} // namespace xmrig
#endif /* XMRIG_TLSCONTEXT_H */
#endif // XMRIG_TLSCONTEXT_H

2
src/base/net/tls/TlsGen.cpp
View file

@ -105,9 +105,7 @@ void xmrig::TlsGen::generate(const char *commonName)
throw std::runtime_error("unable to write certificate to disk.");
}
# if !defined(XMRIG_LEGACY)
LOG_NOTICE("%s " MAGENTA_BOLD("generated") WHITE_BOLD(" \"%s/%s\" ") "CN=" WHITE_BOLD("\"%s\""), tls_tag(), m_cert.data(), m_certKey.data(), cn());
# endif
}