ck_ssl.c

KERMIT工具 这在办公室下载不了,很多人都没有载不到.

/* Return 1, client cert is available */
/* Return 0, no client cert is available */
/* Return -1, callback must be called again. SSL_want_x509_lookup() == 1 */
int
#ifdef CK_ANSIC
ssl_client_cert_callback(SSL * s, X509 ** x509, EVP_PKEY ** pkey)
#else /* CK_ANSIC */
ssl_client_cert_callback(s, x509, pkey)
    SSL * s;
    X509 ** x509;
    EVP_PKEY ** pkey;
#endif /* CK_ANSIC */
{
    if ( ssl_debug_flag ) {
        const char * cipher_list=SSL_get_cipher(s);
        printf("ssl_client_cert_callback called (%s)\r\n",
                cipher_list?cipher_list:"UNKNOWN");
    }
#ifdef COMMENT
    if ( s == tls_con ) {
        if (tls_load_certs(tls_cts,tls_con,0)) {
            *x509 = SSL_get_certificate(s);
            *pkey = SSL_get_privatekey(s);
            return(1);
        }
    } else if ( s == ssl_con ) {
        if (tls_load_certs(ssl_ctx,ssl_con,0)) {
            *x509 = SSL_get_certificate(s);
            *pkey = SSL_get_privatekey(s);
            return(1);
        }
    }
    return(0);
#else /* COMMENT */
    return(0);
#endif /* COMMENT */
}
#endif /* USE_CERT_CB */

#ifndef MS_CALLBACK
#define MS_CALLBACK
#endif /* MS_CALLBACK */

static RSA MS_CALLBACK *
#ifdef CK_ANSIC
tmp_rsa_cb(SSL * s, int export, int keylength)
#else /* CK_ANSIC */
tmp_rsa_cb(s,export,keylength)
SSL *s;
int export;
int keylength;
#endif /* CK_ANSIC */
{
    static RSA *rsa_tmp=NULL;
    extern int quiet;

#ifndef NO_RSA
    if (rsa_tmp == NULL)
    {
        if (ssl_debug_flag)
            printf("Generating temporary (%d bit) RSA key...\r\n",keylength);

        rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);

        if (ssl_debug_flag)
            printf("\r\n");
    }
#else /* NO_RSA */
    if (ssl_debug_flag)
        printf("Unable to generate temporary RSA key...\r\n");
#endif
    return(rsa_tmp);
}


#ifndef NO_DH
static unsigned char dh512_p[]={
    0xE9,0x4E,0x3A,0x64,0xFA,0x65,0x5F,0xA6,0x44,0xC7,0xFC,0xF1,
    0x16,0x8B,0x11,0x11,0x7A,0xF0,0xB2,0x49,0x80,0x56,0xA3,0xF8,
    0x0F,0x7D,0x01,0x68,0x5D,0xF6,0x8A,0xEA,0x8C,0xDD,0x01,0xDC,
    0x43,0x18,0xE0,0xC4,0x89,0x80,0xE6,0x2D,0x44,0x77,0x45,0xFD,
    0xBA,0xFC,0x43,0x35,0x12,0xC0,0xED,0x32,0xD3,0x16,0xEF,0x51,
    0x09,0x44,0xA2,0xDB,
};
static unsigned char dh512_g[]={
    0x05,
};

static unsigned char dh768_p[]={
    0x8B,0x2A,0x8C,0x6C,0x0F,0x87,0xC7,0x34,0xEE,0x2E,0xFB,0x60,
    0x94,0xB3,0xBF,0x95,0xBA,0x84,0x74,0x86,0xEA,0xE0,0xA4,0x33,
    0xE0,0x8F,0x7C,0x79,0x5C,0x62,0xE2,0x91,0xC5,0x6D,0x68,0xB9,
    0x6C,0x5E,0x4E,0x94,0x0C,0x8E,0x56,0x8E,0xEB,0x98,0x7C,0x6E,
    0x0E,0xF2,0xD5,0xAA,0x22,0x27,0x3F,0x0F,0xAF,0x10,0xB5,0x0B,
    0x16,0xCC,0x05,0x27,0xBB,0x58,0x6D,0x61,0x4B,0x2B,0xAB,0xDC,
    0x6A,0x15,0xBC,0x36,0x75,0x4D,0xEC,0xAB,0xFA,0xB6,0xE1,0xB1,
    0x13,0x70,0xD8,0x77,0xCD,0x5E,0x51,0x77,0x81,0x0D,0x77,0x43,
};
static unsigned char dh768_g[]={
    0x05,
};

static unsigned char dh1024_p[]={
    0xA4,0x75,0xCF,0x35,0x00,0xAF,0x3C,0x17,0xCE,0xB0,0xD0,0x52,
    0x43,0xA0,0x0E,0xFA,0xA2,0xC9,0xBE,0x0B,0x76,0x7A,0xD9,0x2E,
    0xF4,0x97,0xAC,0x02,0x24,0x69,0xF6,0x36,0x4F,0xAB,0xCC,0x43,
    0xC1,0x74,0xFF,0xA3,0xD4,0x04,0x0F,0x11,0x2B,0x6D,0x8C,0x47,
    0xC9,0xCF,0x40,0x93,0x9B,0x7D,0x1E,0x52,0x85,0xB2,0x17,0x55,
    0x9C,0xF2,0x41,0x02,0x2A,0x9D,0x5F,0x24,0x22,0xC6,0x04,0xC4,
    0xAB,0x92,0x6D,0xC7,0xC8,0xF3,0x41,0x58,0x6C,0x86,0xFD,0xB8,
    0x0F,0x2D,0xDD,0xBF,0xA8,0x40,0x0C,0x58,0xC8,0xF2,0x3F,0x18,
    0xEF,0xF1,0x93,0x3E,0xBA,0x16,0x41,0xBE,0x32,0x6C,0xC5,0x63,
    0xFF,0x8A,0x02,0x3D,0xAC,0xD5,0x5A,0x49,0x64,0x34,0x14,0x2E,
    0xFB,0x2E,0xE7,0x39,0x1A,0x0F,0x3C,0x33,
};
static unsigned char dh1024_g[]={
    0x05,
};

static unsigned char dh1536_p[]={
    0xA3,0x2B,0x75,0x0E,0x7B,0x31,0x82,0xCA,0xF2,0xFC,0xF3,0x3D,
    0xCE,0x5F,0xCD,0x5B,0x95,0xF6,0x2F,0xA4,0x5D,0x08,0x26,0xD2,
    0x5F,0xC0,0x3F,0xC5,0xD8,0xA2,0xFE,0x83,0x26,0xBC,0xEB,0x7D,
    0xF0,0x4E,0xD2,0xA6,0xBB,0x3C,0x88,0x63,0xCE,0x98,0xDE,0x08,
    0xE2,0xE1,0xAF,0xE2,0x38,0xA8,0xFA,0x68,0x76,0x8D,0xBF,0xDF,
    0xBB,0x30,0x15,0xFE,0xBD,0x22,0xCC,0x03,0x4E,0x5E,0x33,0xA3,
    0x6D,0xD6,0x68,0x12,0x97,0x17,0x4B,0xB5,0x84,0x5F,0x5F,0xA3,
    0x5C,0x2F,0xA4,0x10,0xC1,0xAD,0xBF,0xAC,0x30,0xCA,0x47,0x64,
    0x63,0xFE,0xEE,0xEE,0xA1,0x64,0x73,0x70,0xAA,0xF9,0xFE,0xC6,
    0xAD,0x5E,0xF6,0xF3,0x9C,0xDF,0x34,0x53,0x34,0x72,0xA6,0xA4,
    0xBB,0x81,0x5A,0x43,0x41,0xFD,0x41,0x05,0x5B,0x77,0x7B,0x84,
    0x03,0xFA,0x8A,0xFA,0xF7,0x8E,0x0F,0xCB,0x51,0xA2,0xB8,0x45,
    0xFF,0x59,0x42,0xEF,0xCF,0xF6,0x25,0x37,0xE2,0x6D,0xFF,0x69,
    0x11,0xF5,0x77,0x59,0x79,0x1C,0x5F,0x05,0xFC,0x7A,0x65,0x81,
    0x03,0x4A,0x78,0xC6,0xE9,0x48,0x73,0xF6,0x10,0xBC,0x99,0x1C,
    0xEE,0x44,0x2F,0x8B,0x70,0xCA,0xA8,0xB6,0x02,0x83,0x3E,0x0B,
};
static unsigned char dh1536_g[]={
    0x05,
};

static unsigned char dh2048_p[]={
    0xFA,0x4E,0xE4,0x3B,0xFA,0xC1,0x87,0xDD,0xE7,0xC6,0x8B,0xE6,
    0x13,0x85,0xBC,0x9B,0x2B,0x8B,0x5B,0x46,0xBB,0x8B,0x86,0x6D,
    0xD7,0xB6,0xD5,0x49,0xC5,0x54,0xF2,0x3E,0xD2,0x39,0x64,0x9B,
    0x0E,0x33,0x39,0x8F,0xFA,0xFA,0xD9,0x78,0xED,0x34,0x82,0x29,
    0x37,0x58,0x4D,0x5D,0x40,0xCB,0x69,0xE3,0x8A,0x9F,0x17,0x0C,
    0x01,0x23,0x6B,0x05,0x01,0xAF,0x33,0xDE,0xDF,0x1A,0xBB,0x7B,
    0x6A,0x9F,0xD8,0xED,0x8D,0x5E,0x44,0x19,0x5B,0xE0,0xB6,0x23,
    0xF9,0x7A,0x96,0x6E,0x94,0x33,0x31,0x49,0xBA,0x84,0xD5,0x12,
    0xD7,0x6D,0xDC,0x35,0x54,0x64,0xA3,0xD8,0x04,0x26,0xC5,0xAF,
    0x7F,0xE3,0xFE,0x6F,0xBE,0xD5,0x17,0x72,0x4B,0xA6,0xD0,0xA7,
    0x5F,0x18,0xF5,0xF0,0x2D,0x11,0x9A,0xF6,0xD5,0x3B,0x6C,0x61,
    0x3C,0x6F,0x8E,0x09,0x4F,0x2C,0xE1,0x26,0x06,0x51,0xB3,0x19,
    0x85,0x85,0x13,0xF9,0xC2,0x6E,0x80,0x28,0x9E,0x8A,0xA0,0x01,
    0x46,0xD1,0x85,0x44,0x8C,0xE6,0xEE,0x7E,0x1E,0x17,0x3D,0xBA,
    0x54,0xFF,0xE8,0x0E,0xDD,0x51,0xF3,0x74,0x7F,0x0D,0x0B,0xAB,
    0xCA,0x84,0x8D,0x24,0x5D,0x56,0xD4,0x47,0x02,0xFC,0x93,0x9F,
    0xAE,0x9B,0x5C,0xDB,0x63,0xEB,0x65,0x01,0x38,0xC2,0x7B,0x30,
    0x1E,0x17,0x1C,0x75,0xF5,0x16,0x3B,0x4F,0x5F,0x41,0x32,0xB5,
    0xFF,0x9E,0x61,0xFD,0xD2,0x62,0x6E,0xFD,0x8A,0x28,0x93,0x59,
    0x2D,0x70,0x14,0x4D,0xE1,0x86,0xD5,0x90,0xB4,0xDF,0x72,0x71,
    0xE0,0xB4,0xD0,0xD6,0x82,0x3A,0x4A,0x04,0x58,0x32,0x0B,0xD3,
    0x51,0x13,0x32,0x63,
};
static unsigned char dh2048_g[]={
    0x02,
};

static DH *
get_dh512()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL)
        return(NULL);
    dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
    dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);
    return(dh);
}

static DH *
get_dh768()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL)
        return(NULL);
    dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
    dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);
    return(dh);
}

static DH *
get_dh1024()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL)
        return(NULL);
    dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
    dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);
    return(dh);
}

static DH *
get_dh1536()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL)
        return(NULL);
    dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
    dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);
    return(dh);
}

static DH *
get_dh2048()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL)
        return(NULL);
    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
    if ((dh->p == NULL) || (dh->g == NULL))
        return(NULL);
    return(dh);
}
#endif /* NO_DH */

static DH MS_CALLBACK *
#ifdef CK_ANSIC
tmp_dh_cb(SSL * s, int export, int keylength)
#else /* CK_ANSIC */
tmp_dh_cb(s,export,keylength)
SSL *s;
int export;
int keylength;
#endif /* CK_ANSIC */
{
    static DH *dh_tmp=NULL;
    BIO *bio=NULL;
    extern int quiet;

#ifndef NO_DH
    if (dh_tmp == NULL)
    {
        if (ssl_dh_param_file  &&
             (bio=BIO_new_file(ssl_dh_param_file,"r")) != NULL)
            dh_tmp=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
        if (bio != NULL)
            BIO_free(bio);

        if ( dh_tmp == NULL ) {
            if ( keylength < 768 )
                dh_tmp = get_dh512();
            else if ( keylength < 1024 )
                dh_tmp = get_dh768();
            else if ( keylength < 1536 )
                dh_tmp = get_dh1024();
            else if ( keylength < 2048 )
                dh_tmp = get_dh1536();
            else
                dh_tmp = get_dh2048();
        }
    }
#else /* NO_DH */
    if (ssl_debug_flag)
        printf("DH not supported...\r\n");
#endif /* NO_DH */
    return(dh_tmp);
}

static void
ssl_display_comp(SSL * ssl)
{
    if ( !ck_ssleay_is_installed() )
        return;

    if (ssl == NULL)
        return;

    if (ssl->expand == NULL || ssl->expand->meth == NULL)
        printf("Compression: None\r\n");
    else {
        printf("Compression: %s\r\n",ssl->expand->meth->name);
    }
}

int
#ifdef CK_ANSIC
ssl_display_connect_details(SSL * ssl_con, int server, int verbose)
#else /* CK_ANSIC */
ssl_display_connect_details(ssl_con,server,verbose)
SSL *ssl_con;
int server;
int verbose;
#endif /* CK_ANSIC */
{
    X509 *peer;
    SSL_CIPHER * cipher;
    const char *cipher_list;
    char buf[512]="";

    if ( !ck_ssleay_is_installed() )
        return(0);

    if ( inserver && !tn_deb )
        return(0);

    /* the cipher list *can* be NULL ... useless but it happens! */
    cipher = SSL_get_current_cipher(ssl_con);
    cipher_list = SSL_CIPHER_get_name(cipher);
    SSL_CIPHER_description(cipher,buf,sizeof(buf));
    if (cipher_list==NULL)
        cipher_list="<NULL>";
    printf("[TLS - %s",buf);
    ssl_display_comp(ssl_con);

    if ( server ) {
        cipher_list=SSL_get_shared_ciphers(ssl_con,buf,512);
        if (cipher_list==NULL)
            cipher_list="<NULL>";
        printf("[TLS - shared ciphers=%s]\r\n",
                cipher_list);
        }       
    if ( server || tn_deb ) {
        peer=SSL_get_peer_certificate(ssl_con);
        if (peer != NULL) {
            X509_NAME_oneline(X509_get_subject_name(peer),buf,512);
            printf("[TLS - subject=%s]\r\n",buf);
            X509_NAME_oneline(X509_get_issuer_name(peer),buf,512);
            printf("[TLS - issuer=%s]\r\n",buf);
            /* X509_free(peer); */
        } else if (!tls_is_krb5(0)) {
            if ( !sstelnet && !tcp_incoming ) {
                printf("[TLS - No certificate provided.]\r\n");
                printf(
     "[TLS - The identity of the host could not be verified.]\r\n");
            }
        }
    }
    return(0);
}

/*
 * Use SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *, void * userdata)
 * to set the value of the userdata.  We are going to use it to store the
 * prompt.
 */

int
#ifdef CK_ANSIC
ssl_passwd_callback(char *buf, int len, int rwflag, VOID * userdata)
#else /* CK_ANSIC */
ssl_passwd_callback(buf,len,rwflag,userdata)
    char * buf; int len; int rwflag; VOID *userdata;
#endif /* CK_ANSIC */
{
    extern char pwbuf[];
    extern int  pwflg, pwcrypt;
    int   ok;