sslsample.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 620 行 · 第 1/2 页

 * 3. Server determines that to service request it needs to authenticate the
 * client and initiates another handshake requesting client auth.
 * 4. While handshake is in progress, server can do other work or spin waiting
 * for the handshake to complete.
 * 5. Server is notified that handshake has been successfully completed by
 * the custom handshake callback function and it can service the client's
 * request.
 *
 * Note: This function is not implemented in this sample, as we are using
 * blocking sockets.
 */
SECStatus 
myHandshakeCallback(PRFileDesc *socket, void *arg) 
{
    printf("Handshake has completed, ready to send data securely.\n");
    return SECSuccess;
}


/**************************************************************************
** 
** Routines for disabling SSL ciphers.
**
**************************************************************************/

void
disableSSL2Ciphers(void)
{
	int i;

	/* disable all the SSL2 cipher suites */
	for (i = 0; ssl2CipherSuites[i] != 0;  ++i) {
		SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
	}
}

void
disableSSL3Ciphers(void)
{
	int i;

	/* disable all the SSL3 cipher suites */
	for (i = 0; ssl3CipherSuites[i] != 0;  ++i) {
		SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
	}
}

/**************************************************************************
** 
** Error and information routines.
**
**************************************************************************/

void
errWarn(char *function)
{
	PRErrorCode  errorNumber = PR_GetError();
	const char * errorString = SSL_Strerror(errorNumber);

	printf("Error in function %s: %d\n - %s\n",
			function, errorNumber, errorString);
}

void
exitErr(char *function)
{
	errWarn(function);
	/* Exit gracefully. */
	NSS_Shutdown();
	PR_Cleanup();
	exit(1);
}

void 
printSecurityInfo(PRFileDesc *fd)
{
	char * cp;	/* bulk cipher name */
	char * ip;	/* cert issuer DN */
	char * sp;	/* cert subject DN */
	int    op;	/* High, Low, Off */
	int    kp0;	/* total key bits */
	int    kp1;	/* secret key bits */
	int    result;

#if 0
/* statistics from ssl3_SendClientHello (sch) */
extern long ssl3_sch_sid_cache_hits;
extern long ssl3_sch_sid_cache_misses;
extern long ssl3_sch_sid_cache_not_ok;

/* statistics from ssl3_HandleServerHello (hsh) */
extern long ssl3_hsh_sid_cache_hits;
extern long ssl3_hsh_sid_cache_misses;
extern long ssl3_hsh_sid_cache_not_ok;
#endif

/* statistics from ssl3_HandleClientHello (hch) */
extern long ssl3_hch_sid_cache_hits;
extern long ssl3_hch_sid_cache_misses;
extern long ssl3_hch_sid_cache_not_ok;

	result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
	if (result != SECSuccess)
		return;
	printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
		   "subject DN: %s\n"
	   "issuer	DN: %s\n", cp, kp1, kp0, op, sp, ip);
	PR_Free(cp);
	PR_Free(ip);
	PR_Free(sp);

	printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
		ssl3_hch_sid_cache_hits, ssl3_hch_sid_cache_misses,
	ssl3_hch_sid_cache_not_ok);

}


/**************************************************************************
** Begin thread management routines and data.
**************************************************************************/

void
thread_wrapper(void * arg)
{
	GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
	perThread *slot = &threadMGR->threads[threadMGR->index];

	/* wait for parent to finish launching us before proceeding. */
	PR_Lock(threadMGR->threadLock);
	PR_Unlock(threadMGR->threadLock);

	slot->rv = (* slot->startFunc)(slot->a, slot->b);

	PR_Lock(threadMGR->threadLock);
	slot->running = rs_zombie;

	/* notify the thread exit handler. */
	PR_NotifyCondVar(threadMGR->threadEndQ);

	PR_Unlock(threadMGR->threadLock);
}

SECStatus
launch_thread(GlobalThreadMgr *threadMGR,
              startFn         *startFunc,
              void            *a,
              int              b)
{
	perThread *slot;
	int        i;

	if (!threadMGR->threadStartQ) {
		threadMGR->threadLock   = PR_NewLock();
		threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
		threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
	}
	PR_Lock(threadMGR->threadLock);
	while (threadMGR->numRunning >= MAX_THREADS) {
		PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
	}
	for (i = 0; i < threadMGR->numUsed; ++i) {
		slot = &threadMGR->threads[i];
		if (slot->running == rs_idle) 
			break;
	}
	if (i >= threadMGR->numUsed) {
		if (i >= MAX_THREADS) {
			/* something's really wrong here. */
			PORT_Assert(i < MAX_THREADS);
			PR_Unlock(threadMGR->threadLock);
			return SECFailure;
		}
		++(threadMGR->numUsed);
		PORT_Assert(threadMGR->numUsed == i + 1);
		slot = &threadMGR->threads[i];
	}

	slot->a = a;
	slot->b = b;
	slot->startFunc = startFunc;

	threadMGR->index = i;

	slot->prThread = PR_CreateThread(PR_USER_THREAD,
	                                 thread_wrapper, threadMGR,
	                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
	                                 PR_JOINABLE_THREAD, 0);

	if (slot->prThread == NULL) {
		PR_Unlock(threadMGR->threadLock);
		printf("Failed to launch thread!\n");
		return SECFailure;
	} 

	slot->inUse   = 1;
	slot->running = 1;
	++(threadMGR->numRunning);
	PR_Unlock(threadMGR->threadLock);
	printf("Launched thread in slot %d \n", threadMGR->index);

	return SECSuccess;
}

SECStatus 
reap_threads(GlobalThreadMgr *threadMGR)
{
	perThread * slot;
	int			i;

	if (!threadMGR->threadLock)
		return 0;
	PR_Lock(threadMGR->threadLock);
	while (threadMGR->numRunning > 0) {
		PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
		for (i = 0; i < threadMGR->numUsed; ++i) {
			slot = &threadMGR->threads[i];
			if (slot->running == rs_zombie)  {
				/* Handle cleanup of thread here. */
				printf("Thread in slot %d returned %d\n", i, slot->rv);

				/* Now make sure the thread has ended OK. */
				PR_JoinThread(slot->prThread);
				slot->running = rs_idle;
				--threadMGR->numRunning;

				/* notify the thread launcher. */
				PR_NotifyCondVar(threadMGR->threadStartQ);
			}
		}
	}

	/* Safety Sam sez: make sure count is right. */
	for (i = 0; i < threadMGR->numUsed; ++i) {
		slot = &threadMGR->threads[i];
		if (slot->running != rs_idle)  {
			fprintf(stderr, "Thread in slot %d is in state %d!\n", 
			                 i, slot->running);
		}
	}
	PR_Unlock(threadMGR->threadLock);
	return 0;
}

void
destroy_thread_data(GlobalThreadMgr *threadMGR)
{
	PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));

	if (threadMGR->threadEndQ) {
		PR_DestroyCondVar(threadMGR->threadEndQ);
		threadMGR->threadEndQ = NULL;
	}
	if (threadMGR->threadStartQ) {
		PR_DestroyCondVar(threadMGR->threadStartQ);
		threadMGR->threadStartQ = NULL;
	}
	if (threadMGR->threadLock) {
		PR_DestroyLock(threadMGR->threadLock);
		threadMGR->threadLock = NULL;
	}
}

/**************************************************************************
** End	 thread management routines.
**************************************************************************/

void 
lockedVars_Init( lockedVars * lv)
{
	lv->count	= 0;
	lv->waiters = 0;
	lv->lock	= PR_NewLock();
	lv->condVar = PR_NewCondVar(lv->lock);
}

void
lockedVars_Destroy( lockedVars * lv)
{
	PR_DestroyCondVar(lv->condVar);
	lv->condVar = NULL;

	PR_DestroyLock(lv->lock);
	lv->lock = NULL;
}

void
lockedVars_WaitForDone(lockedVars * lv)
{
	PR_Lock(lv->lock);
	while (lv->count > 0) {
		PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
	}
	PR_Unlock(lv->lock);
}

int	/* returns count */
lockedVars_AddToCount(lockedVars * lv, int addend)
{
	int rv;

	PR_Lock(lv->lock);
	rv = lv->count += addend;
	if (rv <= 0) {
	PR_NotifyCondVar(lv->condVar);
	}
	PR_Unlock(lv->lock);
	return rv;
}