📄 ssl.c
字号:
{ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 56, 56 },
{ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 56, 56 },
{ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 56, 56 },
{ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 128,128},
{ TLS1_TXT_RSA_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_ADH_WITH_AES_128_SHA, 128,128},
{ TLS1_TXT_RSA_WITH_AES_256_SHA, 256,256},
{ TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 256,256},
{ TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 256,256},
{ TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 256,256},
{ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 256,256},
{ TLS1_TXT_ADH_WITH_AES_256_SHA, 256,256},
/* this must always be last */
{ 0, 0 }
};
static PIDB *pDBCiphers;
/* ---
BIO methods, hook in lower level IO object
--- */
static BIO_METHOD methods_PIIO_SSLeay=
{
BIO_TYPE_FILTER, /* is this right? */
"PIIOObject",
PIIO_SSLeay_write,
PIIO_SSLeay_read,
PIIO_SSLeay_puts,
NULL, /* PIIO_SSLeay_gets, */
PIIO_SSLeay_ctrl,
PIIO_SSLeay_new,
PIIO_SSLeay_free,
NULL
};
/* ---
Name of parameters
--- */
#define KEY_CONF_IOOBJECT "IOObject"
#define KEY_CONF_VERSION "Version"
#define KEY_CONF_VERIFY "Verify"
#define KEY_CONF_VERIFYDEPTH "VerifyDepth"
#define KEY_CONF_PRIVATEKEYFILE "PrivateKeyFile"
#define KEY_CONF_CACERTIFICATEPATH "CACertificatePath"
#define KEY_CONF_CACERTIFICATEFILE "CACertificateFile"
#define KEY_CONF_CERTIFICATEFILE "CertificateFile"
#define KEY_CONF_TYPE "Type"
#define KEY_CONF_FLAG "Flag"
#define KEY_CONF_DEBUGFILE "DebugFile"
#define KEY_CONF_CIPHERLIST "CipherList"
#define KEY_CONF_RANDOMSEEDFILE "RandomSeedFile"
#define KEY_CONF_RANDOMSEEDSIZE "RandomSeedSize"
#define KEY_CONF_PASSPHRASE "PassPhrase"
#define VALUE_PASSIVE "Passive"
#define VALUE_ACTIVE "Active"
#define VALUE_BUGS "Bugs"
#define VALUE_HACK "Hack"
#define VALUE_DISABLE "Disable"
/*____________________________________________________________________________*\
*
Description:
Global data: function pointer for password callback
\*____________________________________________________________________________*/
cbPassword *ppPassPhraseDlg = NULL;
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
#if ( PISSL_DEBUG )
void fnSSLInfo( SSL *s,int where, int ret)
{
char *str;
int w;
w=where& ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str="SSL_connect";
else if (w & SSL_ST_ACCEPT) str="SSL_accept";
else str="undefined";
if (where & SSL_CB_LOOP)
{
fprintf(stderr,"%s:%s\n",str,SSL_state_string_long(s));
}
else if (where & SSL_CB_ALERT)
{
str=(where & SSL_CB_READ)?"read":"write";
fprintf(stderr,"SSL3 alert %s:%s:%s\n",
str,
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
else if (where & SSL_CB_EXIT)
{
if (ret == 0)
fprintf(stderr,"%s:failed in %s\n",
str,SSL_state_string_long(s));
else if (ret < 0)
{
fprintf(stderr,"%s:error in %s\n",
str,SSL_state_string_long(s));
}
}
}
#else /* PISSL_DEBUG */
void fnSSLInfo( SSL *s, int where, int ret)
{
char *str;
int w;
PISSL *pSSL = (PISSL *)CRYPTO_get_ex_data(&s->ex_data, 0 );
BIO *pDbgErr = pSSL->pConf->pBIODebug;
w=where& ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str="SSL_connect";
else if (w & SSL_ST_ACCEPT) str="SSL_accept";
else str="undefined";
if (where & SSL_CB_LOOP)
{
BIO_printf(pDbgErr,"%s:%s\n",str,SSL_state_string_long(s));
}
else if (where & SSL_CB_ALERT)
{
str=(where & SSL_CB_READ)?"read":"write";
BIO_printf(pDbgErr,"SSL3 alert %s:%s:%s\n",
str,
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
else if (where & SSL_CB_EXIT)
{
if (ret == 0)
BIO_printf(pDbgErr,"%s:failed in %s\n",
str,SSL_state_string_long(s));
else if (ret < 0)
{
BIO_printf(pDbgErr,"%s:error in %s\n",
str,SSL_state_string_long(s));
}
}
}
#endif /* PISSL_DEBUG */
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
This function is the main reason that we have to mess around with
those global variables - it offers no possibility to pass the
global debugging BIO * in as an argument, not that I can see anyway.
\*____________________________________________________________________________*/
int fnVerify( int ok, X509_STORE_CTX *ctx )
{
char buf[256];
X509 *err_cert;
int verify_error, error_depth;
SSL *s = (SSL *)X509_STORE_CTX_get_app_data( ctx );
PISSL *pSSL = (PISSL *)CRYPTO_get_ex_data(&s->ex_data, 0 );
BIO *pDbgErr = pSSL->pConf->pBIODebug;
err_cert=X509_STORE_CTX_get_current_cert(ctx);
verify_error=X509_STORE_CTX_get_error(ctx);
error_depth=X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
BIO_printf(pDbgErr,"depth=%d %s\n",error_depth,buf);
if (!ok)
{
BIO_printf(pDbgErr,"verify error:num=%d:%s\n",verify_error,
X509_verify_cert_error_string(verify_error));
}
if (pSSL->pConf->iVerifyDepth < error_depth)
{
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
switch (verify_error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
BIO_printf(pDbgErr,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(pDbgErr,"notBefore=");
ASN1_UTCTIME_print(pDbgErr,X509_get_notBefore(ctx->current_cert));
BIO_printf(pDbgErr,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(pDbgErr,"notAfter=");
ASN1_UTCTIME_print(pDbgErr,X509_get_notAfter(ctx->current_cert));
BIO_printf(pDbgErr,"\n");
break;
}
if ( verify_error != X509_V_OK )
{
ok = 0;
};
BIO_printf(pDbgErr,"verify return:%d\n",ok);
return(ok);
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static RSA *fnTmpRSA(SSL *s, int is_export, int keylength)
{
static RSA *rsa_tmp=NULL;
PISSL *pSSL = (PISSL *)CRYPTO_get_ex_data(&s->ex_data, 0 );
BIO *pDbgErr = pSSL->pConf->pBIODebug;
if (rsa_tmp == NULL)
{
if (!s_quiet)
{
BIO_printf(pDbgErr,"Generating temp (%d bit) RSA key...", keylength);
BIO_flush(pDbgErr);
}
#ifndef NO_RSA
rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
#endif
if (!s_quiet)
{
BIO_printf(pDbgErr,"\n");
BIO_flush(pDbgErr);
}
}
return(rsa_tmp);
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
long fnBioDump( BIO *bio, int cmd, const char *argp, int argi, long argl, long ret)
{
PISSL *pSSL;
BIO *out;
pSSL = (PISSL *)BIO_get_callback_arg(bio);
out=pSSL->pConf->pBIODebug;
if (out == NULL) return(ret);
if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
{
BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
bio,argp,argi,ret,ret);
BIO_dump(out,argp,(int)ret);
return(ret);
}
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
bio,argp,argi,ret,ret);
BIO_dump(out,argp,(int)ret);
}
return(ret);
}
int fnPassPhraseDlg(char *buf, int bufsize)
{
int i;
int len = -1;
char *prompt = "Enter private key passphrase: ";
for (;;) {
if ((i = EVP_read_pw_string(buf, bufsize, prompt, 0)) != 0) {
PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
}
len = strlen(buf);
if (len < 1)
fprintf(stderr, "SSL: Pass phrase empty (needs to be at least 1 character).\n");
else
break;
}
return len;
}
static int fnPassPhrase(char *buf, int bufsize, int verify, void *userdata)
{
SSLConf *pConf = (SSLConf *)userdata;
int iRet = 0;
if ( pConf->pPassPhrase &&
(int)strlen( pConf->pPassPhrase ) <= bufsize )
{
iRet = strlen(strncpy(buf, pConf->pPassPhrase, bufsize));
}
else if ( pConf->pPasswordDlg )
{
iRet = pConf->pPasswordDlg(buf, bufsize);
}
return iRet;
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static int PIIO_SSLeay_write( BIO *h, const char *pBuf, int iLen )
{
PIObject *pIO;
int iSent;
int iRet;
/* --- get the lower level IO object --- */
pIO = (PIObject *)CRYPTO_get_ex_data(&(h->ex_data), 0 );
iRet = PIIO_out( pIO, (char *)pBuf, iLen, &iSent, 0, 0 );
switch( iRet )
{
case PIAPI_COMPLETED:
return iSent;
case PIAPI_ERROR:
default:
return -1;
};
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static int PIIO_SSLeay_read(BIO *h, char *pBuf, int iLen )
{
PIObject *pIO;
int iRead;
int iRet;
/* --- get the lower level IO object --- */
pIO = (PIObject *)CRYPTO_get_ex_data(&(h->ex_data), 0 );
iRet = PIIO_in( pIO, pBuf, iLen, &iRead, 0, 0 );
switch( iRet )
{
case PIAPI_COMPLETED:
return iRead;
case PIAPI_ERROR:
default:
return -1;
};
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static int PIIO_SSLeay_puts( BIO *h, const char *str )
{
int iLen;
assert( str );
iLen = strlen( str );
return PIIO_SSLeay_write( h, str, iLen );
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static long PIIO_SSLeay_ctrl(BIO *h,int cmd,long arg1,char *arg2)
{
/* --- is this right ? --- */
return 1;
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static int PIIO_SSLeay_new(BIO *bi)
{
bi->init=1;
bi->num=0;
bi->ptr=NULL;
bi->flags=0;
return(1);
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
static int PIIO_SSLeay_free(BIO *bi)
{
bi->init=0;
bi->flags=0;
return(1);
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
int SSL_fnParameter( void *pData, const char *pVar, const char *pVal,
const char *pWhere )
{
PIObject *pObject = (PIObject *)pData;
PISSL *pSSL = (PISSL *)PIObject_getUserData( pObject );
SSLConf *pConf = pSSL->pConf;
assert( pVar );
assert( pVal );
if ( !PIUtil_stricmp( pVar, KEY_CONF_VERSION ) )
{
int iTmp = atoi( pVal );
if ( iTmp!=2 && iTmp!=3 && iTmp!=23 && iTmp!=10 )
{
PILog_addMessage(
PIObject_getDB( pObject ),
PIObject_getConfigurationDB( pObject ),
PILOG_ERROR, "%sSSL: Bad SSL version %d. Accepted \
version numbers are 2, 3 or 23 or 10 for TLS1.0.", pWhere, iTmp );
return 0;
};
pConf->iVersion = iTmp;
}
else if ( !PIUtil_stricmp( pVar, KEY_CONF_VERIFY ) )
{
int iTmp = atoi( pVal );
switch( iTmp )
{
case 0:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -