ospopenssl.c

mgcp协议源代码。支持多种编码：g711

    if (expected != (int)*ospvLength)
    {
                                sslerr = SSL_get_error(conref, bytesread);
                                OSPM_DBGERRORLOG(sslerr, "SSL_read() failed");
                                errorcode = OSPC_ERR_SSL_READ_FAILED;
    }
    
    OSPM_DBGEXIT(("EXIT : OSPPSSLWrapGetData() (%d)\n", errorcode));
    
    return errorcode;
}

int
OSPPSSLWrapSendData(
                    void           *ospvBuffer, 
                    unsigned int   *ospvLength, 
                    OSPTSSLSESSION *ospvSSLSession)
{
    int  errorcode      = OSPC_ERR_NO_ERROR,
        expected       = 0,
        sslerr         = 0,
        byteswritten   = 0;
    SSL *conref         = OSPC_OSNULL;
    
    OSPM_DBGENTER(("ENTER: OSPPSSLWrapSendData()\n"));
    
    conref = (SSL *)OSPPSSLSessionGetContext(ospvSSLSession);
    
    ERR_print_errors(bio_stdout);
    
    do
    {
        byteswritten = SSL_write(conref, (char *)ospvBuffer, *ospvLength);
        expected += byteswritten;
    } while (expected != (int)*ospvLength && byteswritten > 0);
    
    if (expected != (int)*ospvLength)
    {
        sslerr = SSL_get_error(conref, byteswritten);
        OSPM_PRINTF("SSLERROR: Error: %d\n",sslerr);
        OSPM_DBGERRORLOG(sslerr, "SSL_write() failed");
        errorcode = OSPC_ERR_SSL_WRITE_FAILED;
    }
    OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSendData() (%d)\n", errorcode));
    return errorcode;
}

int
OSPPSSLWrapSessionGracefulShutdown(OSPTSSLSESSION *ospvSSLSession)
{
    OSPM_DBGENTER(("ENTER: OSPPSSLWrapSessionGracefulShutdown()\n"));
    OSPM_ARGUSED(ospvSSLSession);
    OSPM_DBGEXIT(("EXIT : OSPPSSLWrapSessionGracefulShutdown() (%d)\n", 0));
    return OSPC_ERR_NO_ERROR;
}

int 
OSPPSSLWrapGetServerRootCACert(
                               void **ospvRootCACert,
                               int *ospvRootCACertLen,
                               OSPTSSLSESSION *ospvSSLSession)
{
    
    OSPM_DBGENTER(("ENTER: OSPPSSLWrapGetServerRootCACert()\n"));
    
    OSPM_ARGUSED(ospvSSLSession);
    OSPM_ARGUSED(ospvRootCACert);
    OSPM_ARGUSED(ospvRootCACertLen);
    
    OSPM_DBGEXIT(("EXIT : OSPPSSLWrapGetServerRootCACert() (%d)\n", 0));
    return OSPC_ERR_NO_ERROR;
    
}

void OSPPSSLWrapFreeServerRootCACert(void **ospvRootCACert)
{
    OSPM_DBGENTER(("ENTER: OSPPSSLWrapFreeServerRootCACert()\n"));
    OSPM_ARGUSED(ospvRootCACert);
    OSPM_DBGEXIT(("EXIT : OSPPSSLWrapFreeServerRootCACert() (%d)\n", 0));
    return ;
}

int 
OSPPSSLVerifyCallback(int ok, X509_STORE_CTX *ctx)
{
    int verify_depth=1;
    int verify_error=X509_V_OK;
    
    char buf[256];
    X509 *err_cert;
    int err,depth;
    
    err_cert=X509_STORE_CTX_get_current_cert(ctx);
    err=    X509_STORE_CTX_get_error(ctx);
    depth=  X509_STORE_CTX_get_error_depth(ctx);
    
    X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
    BIO_printf(bio_stdout,"depth=%d %s\n",depth,buf);
    if (!ok)
    {
        BIO_printf(bio_stdout,"verify error:num=%d:%s\n",err,
            X509_verify_cert_error_string(err));
        if (verify_depth >= depth || err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
        {
            ok=1;
            verify_error=X509_V_OK;
        }
        else
        {
            ok=0;
            verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
        }
    }
    switch (ctx->error)
    {
    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
        BIO_printf(bio_stdout,"issuer= %s\n",buf);
        break;
    case X509_V_ERR_CERT_NOT_YET_VALID:
    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
        BIO_printf(bio_stdout,"notBefore=");
        ASN1_TIME_print(bio_stdout,X509_get_notBefore(ctx->current_cert));
        BIO_printf(bio_stdout,"\n");
        break;
    case X509_V_ERR_CERT_HAS_EXPIRED:
    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
        BIO_printf(bio_stdout,"notAfter=");
        ASN1_TIME_print(bio_stdout,X509_get_notAfter(ctx->current_cert));
        BIO_printf(bio_stdout,"\n");
        break;
    }
    BIO_printf(bio_stdout,"verify return:%d\n",ok);
    return(ok);
}

long bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret)
{
    BIO *out;
    
    out=(BIO *)BIO_get_callback_arg(bio);
    
    if (out == NULL) return(ret);
    
    if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
    {
        BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
            bio,argp,argi,ret,ret);
        BIO_dump(out,argp,(int)ret);
        return(ret);
    }
    else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
    {
        BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
            bio,argp,argi,ret,ret);
        BIO_dump(out,argp,(int)ret);
    }
    return(ret);
}

int OSPPSSLLoadCerts(OSPTSEC *security)
{
    unsigned        count       = 0,
                    i           = 0;
    unsigned        certlen     = 0;
    unsigned char   *ca         = OSPC_OSNULL, 
                    *pkey       = OSPC_OSNULL,
                    certbuf[OSPC_MAX_CERT_BUFFER]="";
    X509            *x509       = OSPC_OSNULL;
    SSL_CTX         **ctx       = OSPC_OSNULL;
    int             errorcode   = OSPC_ERR_SEC_MODULE;
    
    OSPM_DBGENTER(("ENTER: OSPPSSLLoadCerts()\n"));
    
    /*
    ** Make sure the Security Object is present, this object contains
    ** the certificates (CA,LOCAL,PRIVATE)
    */
    
    if (security != OSPC_OSNULL)
    {
        if((ctx = (SSL_CTX **)&(security->ContextRef))!=OSPC_OSNULL)
            if((errorcode=OSPPSecGetNumberOfAuthorityCertificates(security,&count))==OSPC_ERR_NO_ERROR) 
        {
                if(count<=0)
                {
                    errorcode= OSPC_ERR_SEC_NO_AUTHORITY_CERTIFICATES;
                    OSPM_DBGERRORLOG(errorcode, "There are no CA Certificates available");
                }
                else
                {
                    for(i=0;i<count;i++) 
                    {
                        if(security->AuthorityCertInfo[i]!=OSPC_OSNULL) 
                        {
                            if((errorcode=OSPPX509CertGetCertificate(security->AuthorityCertInfo[i], 
                                &ca, &certlen))==OSPC_ERR_NO_ERROR)
                {
                                if((x509=d2i_X509(NULL,&ca,certlen))!=OSPC_OSNULL) 
                                {
                                    SSL_CTX_add_client_CA(*ctx,x509);
                                } 
                                else 
                                {
                                    errorcode= OSPC_ERR_SEC_NO_SPACE_FOR_CERTIFICATE ;
                                    OSPM_DBGERRORLOG(errorcode, "Unable to create X509 certificate authority");
                                    ERR_print_errors(bio_stdout);
                                    break;
                                }
                }
                        }
                    }
                }
                
                if(errorcode==OSPC_ERR_NO_ERROR) 
                {
                    certlen=OSPC_MAX_CERT_BUFFER;
                    if((errorcode=OSPPSecCopyLocalCertificate(security,
                        &certlen,&certbuf[0]))!=OSPC_ERR_NO_ERROR) 
                    {
                        errorcode=OSPC_ERR_SEC_LOCAL_CERTINFO_UNDEFINED;
                        OSPM_DBGERRORLOG(errorcode, "Unable to get Local Certificate");
                    }
                    else
                    {
                        ca=&certbuf[0];
                        if((x509=d2i_X509(NULL,&ca,certlen))!=OSPC_OSNULL) 
                        {
                            if(SSL_CTX_use_certificate(*ctx,x509)>0) 
                            {
                                if(certlen>OSPC_MAX_CERT_BUFFER)
                                {
                                    errorcode=OSPC_ERR_SEC_CERTIFICATE_TOO_BIG;
                                    OSPM_DBGERRORLOG(errorcode, "Private Key is too big");
                                }
                                else
                                {
                                    if((errorcode=OSPPSecGetPrivateKeyData(security,&pkey,
                                        (unsigned int *)&certlen))!=OSPC_ERR_NO_ERROR)
                                    {
                                        errorcode=OSPC_ERR_SEC_PRIVATE_KEY_NOT_FOUND;
                                        OSPM_DBGERRORLOG(errorcode, "Unable to get private key");
                                    }
                                    else
                                    {
                                        if(!SSL_CTX_use_RSAPrivateKey_ASN1(*ctx,pkey,(long)certlen)) 
                                        {
                                            errorcode= OSPC_ERR_SEC_NO_PRIVATE_KEY ;
                                            OSPM_DBGERRORLOG(errorcode, "Unable to load RSAPrivate Key");
                                            ERR_print_errors(bio_stdout);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
        }
    }
    else
    {
        errorcode=OSPC_ERR_SEC_MODULE;
        OSPM_DBGERRORLOG(errorcode, "Security Context is not valid");
    }
    
    OSPM_DBGEXIT(("EXIT : OSPPSSLLoadCerts() (%d)\n", 0));
    return 0;
}