ladybird/Libraries/LibTLS/TLSv12.h

/*
 * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
 * Copyright (c) 2025, Altomani Gianluca <altomanigianluca@gmail.com>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#pragma once

#include <LibCore/Socket.h>
#include <LibCrypto/Certificate/Certificate.h>
#include <LibTLS/OpenSSLForward.h>

namespace TLS {

struct Options {

#define OPTION_WITH_DEFAULTS(typ, name, ...) \
    static typ default_##name()              \
    {                                        \
        return typ { __VA_ARGS__ };          \
    }                                        \
    typ name = default_##name();             \
    Options& set_##name(typ new_value)&      \
    {                                        \
        name = move(new_value);              \
        return *this;                        \
    }                                        \
    Options&& set_##name(typ new_value)&&    \
    {                                        \
        name = move(new_value);              \
        return move(*this);                  \
    }

    OPTION_WITH_DEFAULTS(Optional<ByteString>, root_certificates_path, )
    OPTION_WITH_DEFAULTS(bool, blocking, true)
};

class TLSv12 final : public Core::Socket {
public:
    /// Reads into a buffer, with the maximum size being the size of the buffer.
    /// The amount of bytes read can be smaller than the size of the buffer.
    /// Returns either the bytes that were read, or an error in the case of
    /// failure.
    virtual ErrorOr<Bytes> read_some(Bytes) override;

    /// Tries to write the entire contents of the buffer. It is possible for
    /// less than the full buffer to be written. Returns either the amount of
    /// bytes written into the stream, or an error in the case of failure.
    virtual ErrorOr<size_t> write_some(ReadonlyBytes) override;

    virtual bool is_eof() const override;
    virtual bool is_open() const override;

    virtual void close() override;

    virtual ErrorOr<size_t> pending_bytes() const override;
    virtual ErrorOr<bool> can_read_without_blocking(int = 0) const override;
    virtual ErrorOr<void> set_blocking(bool block) override;
    virtual ErrorOr<void> set_close_on_exec(bool enabled) override;

    static ErrorOr<NonnullOwnPtr<TLSv12>> connect(Core::SocketAddress const&, ByteString const& host, Options = {});
    static ErrorOr<NonnullOwnPtr<TLSv12>> connect(ByteString const& host, u16 port, Options = {});

    ~TLSv12() override;

private:
    explicit TLSv12(NonnullOwnPtr<Core::TCPSocket>, SSL_CTX*, SSL*, BIO*);

    static ErrorOr<NonnullOwnPtr<TLSv12>> connect_internal(NonnullOwnPtr<Core::TCPSocket>, ByteString const&, Options);

    void handle_fatal_error();

    SSL_CTX* m_ssl_ctx { nullptr };
    SSL* m_ssl { nullptr };
    BIO* m_bio { nullptr };

    // Keep this around or the socket will be closed
    NonnullOwnPtr<Core::TCPSocket> m_socket;
};

}
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`/*`
AK+Userland: Use mpfard@serenityos.org for my copyright headers 2021-04-23 00:43:01 +04:30			`* Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>`
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`* Copyright (c) 2025, Altomani Gianluca <altomanigianluca@gmail.com>`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`*`
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt * 2021-04-22 01:24:48 -07:00			`* SPDX-License-Identifier: BSD-2-Clause`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`*/`

			`#pragma once`

LibCore: Move Stream-based sockets into the `Core` namespace 2023-02-08 23:05:44 +01:00			`#include <LibCore/Socket.h>`
LibTLS+LibWeb+LibCrypto: Move `Certificate` to LibCrypto By moving `Certificate` to `LibCrypto` it is possible to reuse a bunch of code from in `LibCrypto` itself. It also moves some constants and pieces of code to a more appropriate place than `LibTLS`. This also makes future work on WebCryptoAPI easier. 2024-11-24 21:55:03 +01:00			`#include <LibCrypto/Certificate/Certificate.h>`
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`#include <LibTLS/OpenSSLForward.h>`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30
			`namespace TLS {`

Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`struct Options {`

			`#define OPTION_WITH_DEFAULTS(typ, name, ...) \`
			`static typ default_##name() \`
			`{ \`
			`return typ { __VA_ARGS__ }; \`
			`} \`
			`typ name = default_##name(); \`
			`Options& set_##name(typ new_value)& \`
			`{ \`
			`name = move(new_value); \`
			`return *this; \`
			`} \`
			`Options&& set_##name(typ new_value)&& \`
			`{ \`
			`name = move(new_value); \`
			`return move(*this); \`
			`}`

LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`OPTION_WITH_DEFAULTS(Optional<ByteString>, root_certificates_path, )`
LibTLS: Support opening connection as non-blocking For OpenSSL to work properly, the socket must be non-blocking since before the SSL connection is established. 2025-02-19 14:20:26 +01:00			`OPTION_WITH_DEFAULTS(bool, blocking, true)`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`};`

			`class TLSv12 final : public Core::Socket {`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`public:`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`/// Reads into a buffer, with the maximum size being the size of the buffer.`
			`/// The amount of bytes read can be smaller than the size of the buffer.`
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`/// Returns either the bytes that were read, or an error in the case of`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`/// failure.`
			`virtual ErrorOr<Bytes> read_some(Bytes) override;`

			`/// Tries to write the entire contents of the buffer. It is possible for`
			`/// less than the full buffer to be written. Returns either the amount of`
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`/// bytes written into the stream, or an error in the case of failure.`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`virtual ErrorOr<size_t> write_some(ReadonlyBytes) override;`

LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`virtual bool is_eof() const override;`
			`virtual bool is_open() const override;`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00
			`virtual void close() override;`

LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`virtual ErrorOr<size_t> pending_bytes() const override;`
			`virtual ErrorOr<bool> can_read_without_blocking(int = 0) const override;`
			`virtual ErrorOr<void> set_blocking(bool block) override;`
			`virtual ErrorOr<void> set_close_on_exec(bool enabled) override;`
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful). 2022-02-02 19:21:55 +03:30
LibTLS: Pass socket address as const reference 2025-02-22 12:42:48 +01:00			`static ErrorOr<NonnullOwnPtr<TLSv12>> connect(Core::SocketAddress const&, ByteString const& host, Options = {});`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00			`static ErrorOr<NonnullOwnPtr<TLSv12>> connect(ByteString const& host, u16 port, Options = {});`

LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`~TLSv12() override;`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30
			`private:`
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`explicit TLSv12(NonnullOwnPtr<Core::TCPSocket>, SSL_CTX, SSL, BIO*);`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`static ErrorOr<NonnullOwnPtr<TLSv12>> connect_internal(NonnullOwnPtr<Core::TCPSocket>, ByteString const&, Options);`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00
LibTLS: Close connection on fatal error The OpenSSL documentation mentions that after `SSL_ERROR_SYSCALL` or `SSL_ERROR_SSL` no further operations should be performed and `SSL_shutdown` should not be called. When a fatal error occurs, close the underlying socket and free the `SSL` struct. 2025-02-22 12:44:22 +01:00			`void handle_fatal_error();`

LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`SSL_CTX* m_ssl_ctx { nullptr };`
			`SSL* m_ssl { nullptr };`
			`BIO* m_bio { nullptr };`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00
LibTLS: Replace `TLSv12` implementation with OpenSSL 2025-02-14 09:49:33 +01:00			`// Keep this around or the socket will be closed`
			`NonnullOwnPtr<Core::TCPSocket> m_socket;`
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`};`
Revert "LibTLS+Everywhere: Switch to using WolfSSL" This reverts commit 8bb610b97a4394f50e23b84956ed6b399065f224. Linking wolfSSL seems to cause more legal trouble than it's worth due to it being GPLv2, so let's undo this for now. 2024-07-06 23:12:39 +02:00
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^) 2020-04-21 01:57:23 +04:30			`}`