📄 ospsslref.c
字号:
/**########################################################################*########################################################################*########################################################################* * COPYRIGHT (c) 1998, 1999 by TransNexus, LLC * * This software contains proprietary and confidential information * of TransNexus, LLC. Except as may be set forth in the license * agreement under which this software is supplied, use, disclosure, * or reproduction is prohibited without the prior, express, written* consent of TransNexus, LLC. * *******#########################################################################*#########################################################################*#########################################################################*//* * ospsslref.c - SSL API bridge to SSLREF v3.0 */#include "osp.h"#include "ospsocket.h"#include "ospssl.h"#include "osputils.h"#include "ospcomm.h"#include "ospsecurity.h"/* SSLREF headers */#include "ssl.h"#include "asn1util.h"#ifdef BSAFE#include "bsafe.h"#endif#define SSLREF_DEFAULTVERSION SSL_Version_3_0#define OSPC_MAX_CERT_BUFFER 4096/* * local function prototypes */SSLErr OSPPSSLWrapParsePrivateKey(SSLBuffer, SSLRSAPrivateKey *);SSLErr OSPPSSLWrapAddCertificates(OSPTSEC *, SSLContext *);SSLErr OSPPSSLWrapAddDistinguishedName(OSPTSEC *, SSLContext *);/* * internal callback prototypes */SSLErr SSLREF_AddSessionId(SSLBuffer, SSLBuffer, void *);SSLErr SSLREF_Alloc(SSLBuffer *, void *);SSLErr SSLREF_ClientRead(SSLBuffer, uint32 *, void *); SSLErr SSLREF_ClientWrite(SSLBuffer, uint32 *, void *); SSLErr SSLREF_ConvertTime(uint32 *, void *);SSLErr SSLREF_DeleteSessionId(SSLBuffer, void *);SSLErr SSLREF_Free(SSLBuffer *, void *);SSLErr SSLREF_GetSessionId(SSLBuffer, SSLBuffer *, void *);SSLErr SSLREF_Random(SSLBuffer, void *);SSLErr SSLREF_Realloc(SSLBuffer *, uint32, void *);SSLErr SSLREF_SeedRandom(void **);SSLErr SSLREF_Time(uint32 *, void *);intOSPPSSLWrapInit(void *ospvRef){ int errorcode = OSPC_ERR_NO_ERROR; OSPM_DBGENTER(("ENTER: OSPPSSLWrapInit()\n")); OSPM_ARGUSED(ospvRef); OSPM_DBGEXIT(("EXIT : OSPPSSLWrapInit()\n")); return errorcode;}voidOSPPSSLWrapCleanup(void *ospvRef){ OSPM_DBGENTER(("ENTER: OSPPSSLWrapCleanup()\n")); OSPM_ARGUSED(ospvRef); OSPM_DBGEXIT(("EXIT : OSPPSSLWrapCleanup()\n")); return;}intOSPPSSLWrapSessionContextNew( void *ospvConnection, void *ospvContextRef){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; SSLContext **ctx = OSPC_OSNULL; SSLProtocolVersion version = SSLREF_DEFAULTVERSION; OSPTSSLSESSION *sslsession = OSPC_OSNULL; OSPTSEC *security = OSPC_OSNULL; OSPM_DBGENTER(("ENTER: OSPPSSLWrapSessionContextNew()\n")); sslsession = ((OSPTHTTP *)ospvConnection)->SSLSession; security = (OSPTSEC *)ospvContextRef; ctx = (SSLContext **)&sslsession->Context; OSPM_MALLOC(*ctx, SSLContext, SSLContextSize()); if (*ctx == OSPC_OSNULL) { errorcode = OSPC_ERR_SSL_MALLOC_FAILED; OSPM_DBGERRORLOG(errorcode, "malloc of new SSL Context failed"); } else { /* * configure the callback functions for the context */ if ((sslref_errcode = SSLInitContext(*ctx)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLInitContext() failed"); } else if ((sslref_errcode = SSLSetAllocFunc(*ctx, SSLREF_Alloc)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetAllocFunc() failed"); } else if ((sslref_errcode = SSLSetFreeFunc(*ctx, SSLREF_Free)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetFreeFunc() failed"); } else if ((sslref_errcode = SSLSetReallocFunc(*ctx, SSLREF_Realloc)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetReallocFunc() failed"); } else if ((sslref_errcode = SSLSetRandomFunc(*ctx, SSLREF_Random)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetRandomFunc() failed"); } else if ((sslref_errcode = SSLSetTimeFunc(*ctx, SSLREF_Time)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetTimeFunc() failed"); } else if ((sslref_errcode = SSLSetConvertTimeFunc(*ctx, SSLREF_ConvertTime)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetConvertTimeFunc() failed"); } else if ((sslref_errcode = SSLSetReadFunc(*ctx, SSLREF_ClientRead)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetReadFunc() failed"); } else if ((sslref_errcode = SSLSetWriteFunc(*ctx, SSLREF_ClientWrite)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetWriteFunc() failed"); } else if ((sslref_errcode = SSLSetAddSessionFunc(*ctx, SSLREF_AddSessionId)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetAddSessionFunc() failed"); } else if ((sslref_errcode = SSLSetGetSessionFunc(*ctx, SSLREF_GetSessionId)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetGetSessionFunc() failed"); } else if ((sslref_errcode = SSLSetDeleteSessionFunc(*ctx, SSLREF_DeleteSessionId)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetDeleteSessionFunc() failed"); }#ifdef BSAFE else if ((sslref_errcode = SSLREF_SeedRandom( &(sslsession->RandomRef))) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLREF_SeedRandom() failed"); } SSLSetRandomRef(*ctx, *(B_ALGORITHM_OBJ*)(sslsession->RandomRef));#endif /* * set protocol version */ if (errorcode == OSPC_ERR_NO_ERROR && (sslref_errcode = SSLSetProtocolVersion(*ctx, version)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_VERSION_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetProtocolVersion() failed"); } /* * set session reference */ if (errorcode == OSPC_ERR_NO_ERROR && (sslref_errcode = SSLSetSessionRef(*ctx, ospvConnection)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_SESSION_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetSessionRef() failed"); } /* * set protocol side (client) */ if (errorcode == OSPC_ERR_NO_ERROR && (sslref_errcode = SSLSetProtocolSide(*ctx, SSL_ClientSide)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_INIT_CTX_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetProtocolSide() failed"); } /* * client authentication requirements */#ifdef OSPC_ENABLE_SSL_CLIENT_AUTHENTICATION if (errorcode == OSPC_ERR_NO_ERROR) { SSLBuffer key; SSLRSAPrivateKey rsaKey; errorcode = OSPPSecGetPrivateKeyData(security, &(key.data), (unsigned int *)&(key.length)); if (errorcode == OSPC_ERR_NO_ERROR) { sslref_errcode = OSPPSSLWrapParsePrivateKey(key, &rsaKey); if (sslref_errcode == SSLNoErr) { sslref_errcode = SSLSetPrivateKey(*ctx, &rsaKey); if (sslref_errcode == SSLNoErr) { sslref_errcode = OSPPSSLWrapAddCertificates(security, *ctx); if (sslref_errcode == SSLNoErr) { sslref_errcode = OSPPSSLWrapAddDistinguishedName(security, *ctx); if (sslref_errcode != SSLNoErr) { errorcode = OSPC_ERR_SSL_ADD_DN_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "OSPPSSLWrapAddDistinguishedName() failed"); } } else { errorcode = OSPC_ERR_SSL_ADD_CERTS_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "OSPPSSLWrapAddCertificates() failed"); } } else { errorcode = OSPC_ERR_SSL_SET_PRIVKEY_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetPrivateKey() failed"); } } else { OSPM_DBGERRORLOG(sslref_errcode, "OSPPSSLWrapParsePrivateKey() failed"); errorcode = OSPC_ERR_SSL_PARSE_PRIVKEY_FAILED; } } else { OSPM_DBGERRORLOG(errorcode, "OSPPSecGetPrivateKeyData() failed"); } }#endif /* OSPC_ENABLE_SSL_CLIENT_AUTHENTICATION */ } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSessionContextNew() (%d)\n", errorcode)); return errorcode;}SSLErr OSPPSSLWrapAddDistinguishedName( OSPTSEC *ospvSecurity, SSLContext *ospvSSLContext){ OSPM_ARGUSED(ospvSSLContext); OSPM_ARGUSED(ospvSecurity); return SSLNoErr; }SSLErr OSPPSSLWrapAddCertificates( OSPTSEC *ospvSecurity, SSLContext *ospvSSLContext){ SSLErr sslref_errcode = SSLNoErr; int errorcode = OSPC_ERR_NO_ERROR, certindex = -1, previndex = -1, certorder = 0; unsigned int certlen = 0; SSLBuffer cert; unsigned char certbuf[OSPC_MAX_CERT_BUFFER]; while (errorcode == OSPC_ERR_NO_ERROR && sslref_errcode == SSLNoErr) { certlen = OSPC_MAX_CERT_BUFFER; previndex = certindex; cert.length = 0; errorcode = OSPPSecValidCertChain(ospvSecurity, &certindex, certbuf, &certlen); if (errorcode == OSPC_ERR_NO_ERROR) { if (certlen > 0) { OSPM_MALLOC(cert.data, unsigned char, certlen+1); if (cert.data != OSPC_OSNULL) { cert.length = certlen; OSPM_MEMCPY(cert.data, certbuf, certlen); /* add cert */ sslref_errcode = SSLAddCertificate(ospvSSLContext, cert, certorder++, 0); if (sslref_errcode == SSLNoErr) { if (previndex == certindex && previndex >= 0) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -