📄 ospsslref.c
字号:
/* verify cert chain only - if valid, break */ cert.data = 0; cert.length = 0; sslref_errcode = SSLAddCertificate(ospvSSLContext, cert, 0, 1); if (sslref_errcode == SSLNoErr) { break; } else { OSPM_DBGERRORLOG(sslref_errcode, "SSLAddCertificate() verify failed"); } } else { if (certorder == 1) /* local cert */ { OSPTASN1OBJECT *localcert = OSPC_OSNULL; OSPTASN1ELEMENTINFO *eInfo = OSPC_OSNULL; SSLBuffer dn; errorcode = OSPPX509CertCreate(cert.data, &localcert); if (errorcode == OSPC_ERR_NO_ERROR) { /* Get the local certificate subject name */ errorcode = OSPPASN1ObjectGetElementByDataRef(localcert, &eInfo, OSPEDRID_CERT_SUBJECT); if (errorcode == OSPC_ERR_NO_ERROR) { errorcode = OSPPASN1ElementGetElementData(eInfo, (unsigned char **)&(dn.data), (unsigned int *)&(dn.length)); if (errorcode == OSPC_ERR_NO_ERROR) { sslref_errcode = SSLAddDistinguishedName(ospvSSLContext, dn); if (sslref_errcode != SSLNoErr) { OSPM_DBGERRORLOG(sslref_errcode, "SSLAddDistinguishedName() failed"); } } else { OSPM_DBGERRORLOG(errorcode, "OSPPASN1ElementGetElementData() failed"); } } else { OSPM_DBGERRORLOG(errorcode, "OSPPASN1ObjectGetElementByDataRef() failed"); } } } } } else { OSPM_DBGERRORLOG(sslref_errcode, "SSLAddCertificate() failed"); } } else { sslref_errcode = SSLMemoryErr; OSPM_DBGERRORLOG(sslref_errcode, "OSPPSecValidCertChain() malloc failed"); } } else { sslref_errcode = SSLUnknownErr; OSPM_DBGERRORLOG(sslref_errcode, "OSPPSecValidCertChain() invalid cert length"); } } else { OSPM_DBGERRORLOG(errorcode, "OSPPSecValidCertChain() failed"); sslref_errcode = SSLUnknownErr; } } return sslref_errcode;}SSLErr OSPPSSLWrapParsePrivateKey( SSLBuffer privateKey, SSLRSAPrivateKey *key){ SSLErr err; ASN1Type rsaKeyOuter, rsaKey[9]; int count; OSPM_DBGENTER(("ENTER: OSPPSSLWrapParsePrivateKey()\n")); count = 1; if ((err = ASNParseBER(privateKey, &rsaKeyOuter, &count)) != 0 || count != 1) { OSPM_DBGERRORLOG(err, "count 1: OSPPSSLWrapParsePrivateKey() failed"); return err; } count = 9; if ((err = ASNParseBER(rsaKeyOuter.contents, rsaKey, &count)) != 0 || count != 9) { OSPM_DBGERRORLOG(err, "count 9: OSPPSSLWrapParsePrivateKey() failed"); return err; } { A_PKCS_RSA_PRIVATE_KEY privKey; int rsaErr;#define COPY_SSLBUFFER_TO_ITEM(b,i) i.data = b.data; i.len = b.length; COPY_SSLBUFFER_TO_ITEM(rsaKey[1].contents, privKey.modulus); COPY_SSLBUFFER_TO_ITEM(rsaKey[2].contents, privKey.publicExponent); COPY_SSLBUFFER_TO_ITEM(rsaKey[3].contents, privKey.privateExponent); COPY_SSLBUFFER_TO_ITEM(rsaKey[4].contents, privKey.prime[0]); COPY_SSLBUFFER_TO_ITEM(rsaKey[5].contents, privKey.prime[1]); COPY_SSLBUFFER_TO_ITEM(rsaKey[6].contents, privKey.primeExponent[0]); COPY_SSLBUFFER_TO_ITEM(rsaKey[7].contents, privKey.primeExponent[1]); COPY_SSLBUFFER_TO_ITEM(rsaKey[8].contents, privKey.coefficient); if ((rsaErr = B_CreateKeyObject(key)) != 0) { OSPM_DBGERRORLOG(rsaErr, "OSPPSSLWrapParsePrivateKey() B_CreateKeyObject failed"); return SSLUnknownErr; } if ((rsaErr = B_SetKeyInfo(*key, KI_PKCS_RSAPrivate, (POINTER)&privKey)) != 0) { OSPM_DBGERRORLOG(rsaErr, "OSPPSSLWrapParsePrivateKey() B_SetKeyInfo failed"); return SSLUnknownErr; } } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSessionContextNew()\n")); return SSLNoErr;} /* OSPPSSLWrapParsePrivateKey */intOSPPSSLWrapAttachConnection( OSPTSSLSESSION *ospvSSLSession, void *ospvConnection){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; SSLContext *ctx = OSPC_OSNULL; SSLBuffer sslbuffer = { (uint32)1, (uint8 *)"" }; OSPM_DBGENTER(("ENTER: OSPPSSLWrapAttachConnection()\n")); ctx = (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession); /* * set protocol side (client) */ if ((sslref_errcode = SSLSetIORef(ctx, ospvConnection)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_ATTACH_SOCK_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetIORef() failed"); } /* * this function is required to indicate to the SSL library that * sessions can be reused. */ if ((sslref_errcode = SSLSetPeerID(ctx, sslbuffer)) != SSLNoErr) { errorcode = OSPC_ERR_SSL_ATTACH_SOCK_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLSetPeerId() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapAttachConnection() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapHandshake( OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; OSPM_DBGENTER(("ENTER: OSPPSSLWrapHandshake()\n")); /* * Do SSL handshake with server */ do { sslref_errcode = SSLHandshake( (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession)); } while (sslref_errcode == SSLWouldBlockErr); if (sslref_errcode != SSLNoErr) { errorcode = OSPC_ERR_SSL_HANDSHAKE_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLHandshake() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapHandshake() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapSessionGracefulShutdown( OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; OSPM_DBGENTER(("ENTER: OSPPSSLWrapSessionGracefulShutdown()\n")); OSPM_DBGSEC(("SSL : OSPPSSLWrapSessionGracefulShutdown() SSLClose() called\n")); if ((sslref_errcode = SSLClose( (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession))) != SSLNoErr) { errorcode = OSPC_ERR_SSL_CLOSE_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLClose() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSessionGracefulShutdown() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapSessionContextDelete( OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; OSPM_DBGENTER(("ENTER: OSPPSSLWrapSessionContextDelete()\n"));#ifdef BSAFE B_DestroyAlgorithmObject( (B_ALGORITHM_OBJ *)ospvSSLSession->RandomRef);#endif OSPM_DBGSEC( ("SSL : OSPPSSLWrapSessionContextDelete() SSLDeleteContext() called (%d)\n", errorcode)); SSLDeleteContext((SSLContext *) OSPPSSLSessionGetContext(ospvSSLSession)); OSPM_FREE(ospvSSLSession->Context); ospvSSLSession->Context = (void *)OSPC_OSNULL; OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSessionContextDelete() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapGetData( void *ospvBuffer, unsigned int *ospvLength, OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; SSLContext *ctx = OSPC_OSNULL; OSPM_DBGENTER(("ENTER: OSPPSSLWrapGetData()\n")); ctx = (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession); do { sslref_errcode = SSLRead(ospvBuffer, (uint32 *)ospvLength, ctx); } while (sslref_errcode == SSLWouldBlockErr); if (sslref_errcode != SSLNoErr) { errorcode = OSPC_ERR_SSL_READ_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLRead() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapGetData() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapSendData( void *ospvBuffer, unsigned int *ospvLength, OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; SSLContext *ctx = OSPC_OSNULL; OSPM_DBGENTER(("ENTER: OSPPSSLWrapSendData()\n")); ctx = (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession); do { sslref_errcode = SSLWrite(ospvBuffer, (uint32 *)ospvLength, ctx); } while (sslref_errcode == SSLWouldBlockErr); if (sslref_errcode != SSLNoErr) { errorcode = OSPC_ERR_SSL_WRITE_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLWrite() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSendData() (%d)\n", errorcode)); return errorcode;}intOSPPSSLWrapGetServerRootCACert( void **ospvRootCACert, int *ospvRootCACertLen, OSPTSSLSESSION *ospvSSLSession){ int errorcode = OSPC_ERR_NO_ERROR; SSLErr sslref_errcode = SSLNoErr; SSLContext *ctx = OSPC_OSNULL; SSLBuffer certBuf = { 0, OSPC_OSNULL }; OSPM_DBGENTER(("ENTER: OSPPSSLWrapGetServerRootCACert()\n")); ctx = (SSLContext *)OSPPSSLSessionGetContext(ospvSSLSession); /* * now get the top level cert - Mr. CA Root */ sslref_errcode = SSLGetPeerCertificate(ctx, 0, &certBuf); if (sslref_errcode == SSLNoErr) { *ospvRootCACert = certBuf.data; *ospvRootCACertLen = certBuf.length; } else { errorcode = OSPC_ERR_SSL_GETCERT_FAILED; OSPM_DBGERRORLOG(sslref_errcode, "SSLGetPeerCertificate() failed"); } OSPM_DBGEXIT(("EXIT : OSPPSSLWrapGetServerRootCACert() (%d)\n", errorcode)); return errorcode;}voidOSPPSSLWrapFreeServerRootCACert( void **ospvRootCACert){ if (ospvRootCACert && *ospvRootCACert != OSPC_OSNULL) { OSPM_FREE(*ospvRootCACert); *ospvRootCACert = OSPC_OSNULL; } return;}/* ------------------------------------------------------------*//* SSLREF-specific Callback Functions *//* ------------------------------------------------------------*/SSLErr SSLREF_Alloc( SSLBuffer *ospvBuffer, void *ospvAllocRef){ SSLErr sslref_errcode = SSLNoErr; OSPM_DBGENTER(("ENTER: SSLREF_Alloc()\n")); OSPM_ARGUSED(ospvAllocRef); OSPM_MALLOC(ospvBuffer->data, unsigned char, ospvBuffer->length); if (ospvBuffer->data == OSPC_OSNULL) { sslref_errcode = SSLMemoryErr; } else { OSPM_MEMSET(ospvBuffer->data, 0, ospvBuffer->length); } OSPM_DBGEXIT(("EXIT : SSLREF_Alloc() (%lx)\n", (unsigned long)ospvBuffer->data)); return sslref_errcode;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -