📄 ssl.c
字号:
\*____________________________________________________________________________*/
void locking_setup(void)
{
int i;
SSL_sync = OPENSSL_malloc( CRYPTO_num_locks() * sizeof(PISync *) );
for (i=0; i<CRYPTO_num_locks(); i++)
{
SSL_sync[i] = PIPlatform_allocLocalMutex();
}
CRYPTO_set_locking_callback( (void (*)(int,int,const char *,int))locking_callback );
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
void locking_cleanup(void)
{
int i;
CRYPTO_set_locking_callback( NULL );
for (i=0; i<CRYPTO_num_locks(); i++)
PISync_delete( SSL_sync[i] );
OPENSSL_free( SSL_sync );
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI void SSL_register_PassphraseDlg( cbPassword *pPassPhraseDlg )
{
if (ppPassPhraseDlg==NULL) {
ppPassPhraseDlg = pPassPhraseDlg;
}
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_onClassLoad( PIClass_LoadAction eLoad, int i,
const char *a[] )
{
if ( eLoad==STARTUP )
{
int i;
/*
** Algorithms and strings
*/
SSL_library_init();
SSL_load_error_strings();
/*
** Synchronization
*/
locking_setup();
/*
** Register standard passphrase handler dialog
*/
SSL_register_PassphraseDlg( &fnPassPhraseDlg );
/*
** Give the SSLeay message on startup
*/
fprintf(stdout, "This product includes software developed by the OpenSSL Project \
for use in the OpenSSL Toolkit (http://www.openssl.org/).\n" );
/*
** Add cipher information
*/
pDBCiphers = PIDB_new( 0, "Ciphers" );
for( i=0; aCiphers[i].pName; i++ )
{
PIDB_add( pDBCiphers, PIDBTYPE_OPAQUE, aCiphers[i].pName,
(void *)&(aCiphers[i]), 0 );
};
}
else if ( eLoad==SHUTDOWN )
{
PIDB_delete( pDBCiphers );
/*
** Cleanup stuff
*/
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
/*
** Cleanup synchronization
*/
locking_cleanup();
};
return PIAPI_COMPLETED;
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_constructor( PIObject *pObj,
int iArgc, const char *ppArgv[] )
{
SSLConf *pConf;
PISSL *pPrototype;
pConf = PIUtil_malloc( sizeof( SSLConf ) );
memset( pConf, 0, sizeof( SSLConf ) );
pConf->iVersion = 23;
pConf->iVerify = SSL_VERIFY_NONE;
pConf->iVerifyDepth = 8;
pConf->iBugs = 0;
pConf->iHack = 0;
pConf->iDisable = 0;
pConf->pPassPhrase = 0;
pConf->pPasswordDlg = ppPassPhraseDlg;
/* ---
Initialize the IOfilterConf structure
--- */
pConf->iServer = 1;
pPrototype = PIUtil_malloc( sizeof( PISSL ) );
memset( pPrototype, 0, sizeof( PISSL ) );
pPrototype->pConf = pConf;
pPrototype->iIsPrototype = 1;
PIObject_setUserData( pObj, pPrototype );
if ( !SSL_init( pObj, iArgc, ppArgv ) )
{
return PIAPI_ERROR;
};
return PIAPI_COMPLETED;
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_copyConstructor( PIObject *pObj, int iArgc,
const char *ppArgv[] )
{
BIO *pBio;
PISSL *pPrototypeSSL;
PISSL *pChildSSL;
int iTmp;
const char *pCipher;
CipherInformation *pCipherInfo;
/* ---
Copy constructor
--- */
pPrototypeSSL = PIObject_getUserData( pObj );
pChildSSL = PIUtil_malloc( sizeof( PISSL ) );
memset( pChildSSL, 0, sizeof( PISSL ) );
PIObject_setUserData( pObj, pChildSSL );
pChildSSL->iError = 1; /* set error flag */
pChildSSL->pConf = pPrototypeSSL->pConf;
pChildSSL->iIsPrototype = 0;
pChildSSL->pIOObject = PIObject_copy(
pPrototypeSSL->pIOObject,
iArgc,
ppArgv
);
/* ---
Successful?
--- */
if ( !pChildSSL->pIOObject )
{
goto setup_error;
};
/* ---
Save this objects DB and then set this DB to be that of the
contained IO object, this allows the callee to access parameters
in the lower level IO object chain
--- */
pChildSSL->pSaveDB = PIObject_getDB( pObj );
PIObject_setDB( pObj, PIObject_getDB( pChildSSL->pIOObject ) );
// SSL is switched off
if ( pChildSSL->pConf->iDisable ) return PIAPI_COMPLETED;
/* ---
Setup the SSL portion of this request
--- */
pBio = BIO_new( &methods_PIIO_SSLeay );
pChildSSL->pBio = pBio;
CRYPTO_set_ex_data( &(pBio->ex_data), 0, (char *)pChildSSL->pIOObject );
assert( pChildSSL->pConf->pCtx );
pChildSSL->pSSL = SSL_new( pChildSSL->pConf->pCtx );
if ( !pChildSSL->pSSL )
{
RUNTIME_ERR( pChildSSL->pConf->pStdioDebug, "SSL_new() failed." );
goto setup_error;
};
CRYPTO_set_ex_data( &(pChildSSL->pSSL)->ex_data, 0, (char *)pChildSSL );
/*
** Set debug callback ?
*/
if ( pChildSSL->pConf->pDebugFile )
{
BIO_set_callback( pBio, fnBioDump );
BIO_set_callback_arg( pBio, pChildSSL );
SSL_CTX_set_info_callback( pChildSSL->pConf->pCtx, fnSSLInfo );
};
SSL_set_bio( pChildSSL->pSSL, pBio, pBio );
if ( pChildSSL->pConf->iServer )
{
/*
** Server connection, do SSL_accept()
*/
SSL_set_verify( pChildSSL->pSSL, pChildSSL->pConf->iVerify, NULL );
iTmp = SSL_accept( pChildSSL->pSSL );
if ( iTmp==-1 )
{
RUNTIME_ERR( pChildSSL->pConf->pStdioDebug, "SSL_accept() failed." );
goto setup_error;
};
}
else
{
/*
** Client connection, do SSL_connect()
*/
iTmp = SSL_connect( pChildSSL->pSSL );
if ( iTmp==-1 )
{
RUNTIME_ERR( pChildSSL->pConf->pStdioDebug, "SSL_connect() failed." );
goto setup_error;
};
};
/*
** Set SSL DB values
*/
pCipher = SSL_get_cipher( pChildSSL->pSSL );
pCipherInfo = PIDB_lookup( pDBCiphers, PIDBTYPE_OPAQUE,
pCipher, 0 );
if ( pCipherInfo )
{
enum { BUF_SIZE=63 };
char szBuf[ BUF_SIZE + 1 ];
/*
** Set keysize and cipher name, the HTTP logic components
** can generate the correct environment variables given these
*/
PIDB_add( PIObject_getDB( pObj ), PIDBTYPE_STRING, "CipherName",
(void *)pCipherInfo->pName, 0 );
sprintf( szBuf, "%d", pCipherInfo->iKeySize );
PIDB_add( PIObject_getDB( pObj ), PIDBTYPE_STRING, "KeySize", szBuf,
0 );
sprintf( szBuf, "%d", pCipherInfo->iSecretKeySize );
PIDB_add( PIObject_getDB( pObj ), PIDBTYPE_STRING, "SecretKeySize",
szBuf, 0 );
}
else
{
enum { BUF_SIZE=255 };
char szBuf[ BUF_SIZE + 1 ];
sprintf(szBuf,"SSL: Unknown cipher, '%s'\n", pCipher ? pCipher : "" );
RUNTIME_ERR( pChildSSL->pConf->pStdioDebug, szBuf );
goto setup_error;
};
/*
** Clear error flag
*/
pChildSSL->iError = 0;
setup_error:
return PIAPI_COMPLETED;
}
/*____________________________________________________________________________*\
*
Function: SSL_out
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_out( PIObject *pObj, void *pData, int iLen,
int *piSent, int iArgc, const char *ppArgv[] )
{
PISSL *pPISSL;
int iRet;
pPISSL = (PISSL *)PIObject_getUserData( pObj );
assert( pPISSL );
if ( pPISSL->pConf->iDisable )
{
iRet = PIIO_out( pPISSL->pIOObject, pData, iLen, piSent, 0, 0 );
return iRet;
}
else
{
if ( pPISSL->iError )
{ return PIAPI_ERROR; };
assert( pPISSL->pSSL );
iRet = SSL_write( pPISSL->pSSL, (char *)pData, iLen );
};
if ( iRet>=0 )
{
*piSent = iRet;
return PIAPI_COMPLETED;
};
/* else */
return PIAPI_ERROR;
}
/*____________________________________________________________________________*\
*
Function: SSL_in
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_in( PIObject *pObj, void *pData, int iLen,
int *piReceived, int iArgc, const char *ppArgv[] )
{
PISSL *pPISSL;
int iRet;
pPISSL = (PISSL *)PIObject_getUserData( pObj );
assert( pPISSL );
if ( pPISSL->pConf->iDisable )
{
iRet = PIIO_in( pPISSL->pIOObject, pData, iLen, piReceived, 0, 0 );
return iRet;
}
else
{
if ( pPISSL->iError )
{ return PIAPI_ERROR; };
assert( pPISSL->pSSL );
iRet = SSL_read( pPISSL->pSSL, (char *)pData, iLen );
};
if ( iRet>=0 )
{
*piReceived = iRet;
return PIAPI_COMPLETED;
};
/* else */
return PIAPI_ERROR;
}
/*____________________________________________________________________________*\
*
Function:
Synopsis:
Description:
\*____________________________________________________________________________*/
PUBLIC_PIAPI int SSL_destructor( PIObject *pObj, int i, const char *a[] )
{
PISSL *pPISSL = (PISSL *)PIObject_getUserData( pObj );
if ( pPISSL->iIsPrototype )
{
PIUtil_free( pPISSL->pConf->pCACertP );
PIUtil_free( pPISSL->pConf->pCACertF );
PIUtil_free( pPISSL->pConf->pKeyF );
PIUtil_free( pPISSL->pConf->pCertF );
PIUtil_free( pPISSL->pConf->pDebugFile );
if ( pPISSL->pConf->pBIODebug )
{
fflush(pPISSL->pConf->pBIODebug->ptr);
BIO_flush( pPISSL->pConf->pBIODebug );
BIO_free( pPISSL->pConf->pBIODebug );
pPISSL->pConf->pBIODebug = 0;
/*
** Can't do this because the file object is global
*/
// fflush( pPISSL->pConf->pStdioDebug );
// fclose( pPISSL->pConf->pStdioDebug );
};
SSL_CTX_free( pPISSL->pConf->pCtx );
PIUtil_free( pPISSL->pConf->pCipherList );
PIUtil_free( pPISSL->pConf );
}
else
{
if ( pPISSL->pBio )
{ BIO_flush( pPISSL->pBio ); };
if ( pPISSL->pSSL )
{ SSL_free( pPISSL->pSSL ); };
/* ---
Restore DB
--- */
if ( pPISSL->pSaveDB )
{ PIObject_setDB( pObj, pPISSL->pSaveDB ); };
};
if ( pPISSL->pIOObject )
{ PIObject_delete( pPISSL->pIOObject, 0, 0 ); };
PIUtil_free( pPISSL );
return PIAPI_COMPLETED;
}
/* ---
Class configuration specification
--- */
#if 0
/*___+++CNF_BEGIN+++___*/
<Class>
Name SSLClass
Type IO
Library SSL
OnClassLoad SSL_onClassLoad
Constructor SSL_constructor
CopyConstructor SSL_copyConstructor
Destructor SSL_destructor
Out SSL_out
In SSL_in
</Class>
<Object>
Name SSL
Class SSLClass
</Object>
/*___+++CNF_END+++___*/
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -