From 4819e2ce3a6a8fbbc664da9b5e035e71675ea568 Mon Sep 17 00:00:00 2001 From: rdb Date: Mon, 20 Jan 2020 11:56:27 +0100 Subject: [PATCH] nativenet: drop unused Socket_TCP_SSL This removes the dependency of libpanda on OpenSSL. --- makepanda/makepanda.py | 6 +- makepanda/makepanda.vcproj | 2 - panda/src/nativenet/config_nativenet.cxx | 4 - .../src/nativenet/p3nativenet_composite1.cxx | 1 - panda/src/nativenet/socket_ip.h | 1 - panda/src/nativenet/socket_tcp_ssl.cxx | 21 -- panda/src/nativenet/socket_tcp_ssl.h | 299 ------------------ 7 files changed, 3 insertions(+), 331 deletions(-) delete mode 100644 panda/src/nativenet/socket_tcp_ssl.cxx delete mode 100644 panda/src/nativenet/socket_tcp_ssl.h diff --git a/makepanda/makepanda.py b/makepanda/makepanda.py index 455d2b31fb..cc8304cfa4 100755 --- a/makepanda/makepanda.py +++ b/makepanda/makepanda.py @@ -3478,10 +3478,10 @@ PyTargetAdd('p3pnmimage_pfmFile_ext.obj', opts=OPTS, input='pfmFile_ext.cxx') # DIRECTORY: panda/src/nativenet/ # -OPTS=['DIR:panda/src/nativenet', 'OPENSSL', 'BUILDING:PANDA'] +OPTS=['DIR:panda/src/nativenet', 'BUILDING:PANDA'] TargetAdd('p3nativenet_composite1.obj', opts=OPTS, input='p3nativenet_composite1.cxx') -OPTS=['DIR:panda/src/nativenet', 'OPENSSL'] +OPTS=['DIR:panda/src/nativenet'] IGATEFILES=GetDirectoryContents('panda/src/nativenet', ["*.h", "*_composite*.cxx"]) TargetAdd('libp3nativenet.in', opts=OPTS, input=IGATEFILES) TargetAdd('libp3nativenet.in', opts=['IMOD:panda3d.core', 'ILIB:libp3nativenet', 'SRCDIR:panda/src/nativenet']) @@ -3794,7 +3794,7 @@ TargetAdd('libp3dxml.in', opts=['IMOD:panda3d.core', 'ILIB:libp3dxml', 'SRCDIR:p # OPTS=['DIR:panda/metalibs/panda', 'BUILDING:PANDA', 'JPEG', 'PNG', 'HARFBUZZ', - 'TIFF', 'OPENEXR', 'ZLIB', 'OPENSSL', 'FREETYPE', 'FFTW', 'ADVAPI', 'WINSOCK2', + 'TIFF', 'OPENEXR', 'ZLIB', 'FREETYPE', 'FFTW', 'ADVAPI', 'WINSOCK2', 'SQUISH', 'NVIDIACG', 'VORBIS', 'OPUS', 'WINUSER', 'WINMM', 'WINGDI', 'IPHLPAPI', 'SETUPAPI', 'IOKIT'] diff --git a/makepanda/makepanda.vcproj b/makepanda/makepanda.vcproj index 288a50784d..f777f99a85 100644 --- a/makepanda/makepanda.vcproj +++ b/makepanda/makepanda.vcproj @@ -3848,7 +3848,6 @@ - @@ -3859,7 +3858,6 @@ - diff --git a/panda/src/nativenet/config_nativenet.cxx b/panda/src/nativenet/config_nativenet.cxx index f90e106e81..af8b2d77cf 100644 --- a/panda/src/nativenet/config_nativenet.cxx +++ b/panda/src/nativenet/config_nativenet.cxx @@ -16,7 +16,6 @@ #include "socket_ip.h" #include "socket_tcp.h" #include "socket_tcp_listen.h" -#include "socket_tcp_ssl.h" #include "socket_udp_incoming.h" #include "socket_udp_outgoing.h" #include "socket_udp.h" @@ -55,9 +54,6 @@ init_libnativenet() { Socket_IP::init_type(); Socket_TCP::init_type(); Socket_TCP_Listen::init_type(); -#ifdef HAVE_OPENSSL - Socket_TCP_SSL::init_type(); -#endif Socket_UDP_Incoming::init_type(); Socket_UDP_Outgoing::init_type(); Socket_UDP::init_type(); diff --git a/panda/src/nativenet/p3nativenet_composite1.cxx b/panda/src/nativenet/p3nativenet_composite1.cxx index 1c842ac105..015473f8f8 100644 --- a/panda/src/nativenet/p3nativenet_composite1.cxx +++ b/panda/src/nativenet/p3nativenet_composite1.cxx @@ -4,7 +4,6 @@ #include "socket_ip.cxx" #include "socket_tcp.cxx" #include "socket_tcp_listen.cxx" -#include "socket_tcp_ssl.cxx" #include "socket_udp.cxx" #include "socket_udp_incoming.cxx" #include "socket_udp_outgoing.cxx" diff --git a/panda/src/nativenet/socket_ip.h b/panda/src/nativenet/socket_ip.h index 3c03db2b3b..4b3ab34c7e 100644 --- a/panda/src/nativenet/socket_ip.h +++ b/panda/src/nativenet/socket_ip.h @@ -56,7 +56,6 @@ private: friend class Socket_TCP_Listen; friend class Socket_UDP_Incoming; friend class Socket_UDP_Outgoing; - friend class Socket_TCP_SSL; public: static TypeHandle get_class_type() { diff --git a/panda/src/nativenet/socket_tcp_ssl.cxx b/panda/src/nativenet/socket_tcp_ssl.cxx deleted file mode 100644 index 0444d41802..0000000000 --- a/panda/src/nativenet/socket_tcp_ssl.cxx +++ /dev/null @@ -1,21 +0,0 @@ -/** - * PANDA 3D SOFTWARE - * Copyright (c) Carnegie Mellon University. All rights reserved. - * - * All use of this software is subject to the terms of the revised BSD - * license. You should have received a copy of this license along - * with this source code in a file named "LICENSE." - * - * @file socket_tcp_ssl.cxx - * @author drose - * @date 2007-03-01 - */ - -#include "socket_tcp_ssl.h" - -#ifdef HAVE_OPENSSL - -SSL_CTX *global_ssl_ctx; -TypeHandle Socket_TCP_SSL::_type_handle; - -#endif // HAVE_OPENSSL diff --git a/panda/src/nativenet/socket_tcp_ssl.h b/panda/src/nativenet/socket_tcp_ssl.h deleted file mode 100644 index 8f16f188dc..0000000000 --- a/panda/src/nativenet/socket_tcp_ssl.h +++ /dev/null @@ -1,299 +0,0 @@ -#ifndef __SOCKET_TCP_SSL_H__ -#define __SOCKET_TCP_SSL_H__ - -#include "pandabase.h" -#include "config_nativenet.h" -#include "socket_ip.h" -#include "numeric_types.h" - -#ifdef HAVE_OPENSSL - -#include /* SSLeay stuff */ -#include -#include -#include -#include -#include - -extern EXPCL_PANDA_NATIVENET SSL_CTX *global_ssl_ctx; - -struct SSlStartup { - SSlStartup() { - const SSL_METHOD *meth; - SSLeay_add_ssl_algorithms(); - // meth = SSLv23_server_method(); - meth = SSLv23_method(); - SSL_load_error_strings(); - // I hate this cast, but older versions of OpenSSL need it. - global_ssl_ctx = SSL_CTX_new((SSL_METHOD *) meth); - } - - ~SSlStartup() { - SSL_CTX_free (global_ssl_ctx); - global_ssl_ctx = nullptr; - } - - bool isactive() { return global_ssl_ctx != nullptr; }; -}; - -/** - * - */ -class EXPCL_PANDA_NATIVENET Socket_TCP_SSL : public Socket_IP { -public: - inline Socket_TCP_SSL(SOCKET); - inline Socket_TCP_SSL() : _ssl(nullptr) {} - - virtual inline ~Socket_TCP_SSL() - { - CleanSslUp(); - } - - inline int SetNoDelay(); - inline int SetLinger(int interval_seconds = 0); - inline int DontLinger(); - - inline int SetSendBufferSize(int insize); - inline bool ActiveOpen(const Socket_Address &theaddress); - inline int SendData(const char *data, int size); - inline int RecvData(char *data, int size); - inline bool ErrorIs_WouldBlocking(int err); - - inline SSL *get_ssl() { return _ssl; }; - - inline void DetailErrorFormat(void); - -private: - SSL *_ssl; - - void CleanSslUp() { - if (_ssl != nullptr) { - SSL_shutdown(_ssl); - SSL_free(_ssl); - _ssl = nullptr; - } - } - -public: - static TypeHandle get_class_type() { - return _type_handle; - } - static void init_type() { - Socket_IP::init_type(); - register_type(_type_handle, "Socket_TCP_SSL", - Socket_IP::get_class_type()); - } - virtual TypeHandle get_type() const { - return get_class_type(); - } - virtual TypeHandle force_init_type() {init_type(); return get_class_type();} - -private: - static TypeHandle _type_handle; -}; - -/** - * - */ -inline Socket_TCP_SSL:: -Socket_TCP_SSL(SOCKET sck) : ::Socket_IP(sck) { - // right know this will only work for a accepted ie a server socket ?? - SetNonBlocking(); // maybe should be blocking? - - _ssl = SSL_new(global_ssl_ctx); - if (_ssl == nullptr) { - return; - } - - SSL_set_fd(_ssl, (int)GetSocket()); - - SSL_accept(_ssl); - ERR_clear_error(); - - // printf(" Ssl Accept = %d \n",err); -} - -/** - * Disable Nagle algorithm. Don't delay send to coalesce packets - */ -inline int Socket_TCP_SSL:: -SetNoDelay() { - int nodel = 1; - int ret1; - ret1 = setsockopt(_socket, IPPROTO_TCP, TCP_NODELAY, (char *)&nodel, sizeof(nodel)); - - if (ret1 != 0) { - return BASIC_ERROR; - } - return ALL_OK; -} - -/** - * will control the behavior of SO_LINGER for a TCP socket - */ -int Socket_TCP_SSL:: -SetLinger(int interval_seconds) { - linger ll; - ll.l_linger = interval_seconds; - ll.l_onoff = 1; - int ret1 = setsockopt(_socket, SOL_SOCKET, SO_LINGER, (const char *)&ll, sizeof(linger)); - if (ret1 != 0) { - return BASIC_ERROR; - } - return ALL_OK; -} - -/** - * Turn off the linger flag. The socket will quickly release buffered items - * and free up OS resources. You may lose a stream if you use this flag and - * do not negotiate the close at the application layer. - */ -int Socket_TCP_SSL:: -DontLinger() { - linger ll; - ll.l_linger = 0; - ll.l_onoff = 0; - int ret1 = setsockopt(_socket, SOL_SOCKET, SO_LINGER, (const char *)&ll, sizeof(linger)); - if (ret1 != 0) { - return BASIC_ERROR; - } - return ALL_OK; -} - -/** - * Just like it sounds. Sets a buffered socket recv buffer size. This - * function does not refuse ranges outside hard-coded OS limits - */ -int Socket_TCP_SSL:: -SetSendBufferSize(int insize) { - if (setsockopt(_socket, (int) SOL_SOCKET, (int) SO_SNDBUF, (char *) &insize, sizeof(int))) { - return BASIC_ERROR; - } - return ALL_OK; -} - -/** -* This function will try and set the socket up for active open to a specified -* address and port provided by the input parameter -*/ -bool Socket_TCP_SSL:: -ActiveOpen(const Socket_Address &theaddress) { - _socket = DO_NEWTCP(theaddress.get_family()); - if (_socket == BAD_SOCKET) { - return false; - } - - if (DO_CONNECT(_socket, &theaddress.GetAddressInfo()) != 0) { - return ErrorClose(); - } - - _ssl = SSL_new(global_ssl_ctx); - if (_ssl == nullptr) { - return false; - } - SSL_set_fd(_ssl, (int)GetSocket()); - if (SSL_connect(_ssl) == -1) { - return false; - } - return true; - - // return SetSslUp(); -} - -/** - * Ok Lets Send the Data - if error 0 if socket closed for write or lengh is 0 - * + bytes writen ( May be smaller than requested) - */ -inline int Socket_TCP_SSL:: -SendData(const char *data, int size) { - if (_ssl == nullptr) { - return -1; - } - -// ERR_clear_error(); - - return SSL_write(_ssl, data, size); -} - -/** - * Read the data from the connection - if error 0 if socket closed for read or - * length is 0 + bytes read ( May be smaller than requested) - */ -inline int Socket_TCP_SSL:: -RecvData(char *data, int len) { - if (_ssl == nullptr) { - return -1; - } - - ERR_clear_error(); - - return SSL_read(_ssl, data, len); -} - -/** - * Is last error a blocking error ?? True is last error was a blocking error - */ -inline bool Socket_TCP_SSL:: -ErrorIs_WouldBlocking(int err) { - if (_ssl == nullptr || err >= 0) { - nativenet_cat.warning() - << "Socket_TCP_SSL::ErrorIs_WouldBlocking->Called With Error number " - << err << " or _ssl is NULL\n"; - return false; - } - - int ssl_error_code = SSL_get_error(_ssl,err); - bool answer = false; - - switch(ssl_error_code) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_CONNECT: -// case SSL_ERROR_WANT_ACCEPT: - answer = true; - break; -// hmm not sure we need this .. hmmmm - case SSL_ERROR_SYSCALL: - if(GETERROR() == LOCAL_BLOCKING_ERROR) { - answer = true; - } else { - DetailErrorFormat(); -// LOGWARNING("Socket_TCP_SSL::ErrorIs_WouldBlocking-> Not A blocking Error1 -// SSl_CODe=[%d] OS=[%d]",ssl_error_code,GETERROR()); - } - break; - default: - DetailErrorFormat(); -// LOGWARNING("Socket_TCP_SSL::ErrorIs_WouldBlocking-> Not A blocking Error2 -// SSl_CODe=[%d] OS=[%d]",ssl_error_code,GETERROR()); - answer = false; - break; - } - -// ERR_clear_error(); - return answer; -} - -inline void Socket_TCP_SSL:: -DetailErrorFormat(void) { - return; // turn on for debuging - - uint32_t l; - char buf[256]; - char buf2[4096]; - const char *file,*data; - int line,flags; - uint32_t es; - - es = CRYPTO_thread_id(); - while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof(buf)); - BIO_snprintf(buf2, sizeof(buf2), "***%lu:%s:%s:%d:%s\n", (unsigned long) es, buf, file, line, (flags & ERR_TXT_STRING) ? data : "NoText"); - nativenet_cat.warning() - << "Socket_TCP_SSL::DetailErrorFormat->[" << buf2 << "]\n"; - } -} - -#endif // HAVE_OPENSSL - -#endif //__SOCKET_TCP_SSL_H__