00001
00026 #include "ssl_tool.h"
00027 #include "dh_tool.h"
00028
00029
00030 #ifdef ENABLE_SSL
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00065
00066
00090
00091
00092 int gen_CRYPT_SharedKey(int keyex, Buffer spki, Buffer* shdkey, void* ptr)
00093 {
00094 if (spki.buf==NULL || shdkey==NULL) return FALSE;
00095
00096 if (keyex==SSL_DH) {
00097 DH* dhkey = (DH*)ptr;
00098 *shdkey = get_DHsharedkey(spki, dhkey);
00099 }
00100 else if (keyex==SSL_RSA) {
00101 *shdkey = dup_Buffer(spki);
00102 }
00103 else return FALSE;
00104
00105 return TRUE;
00106 }
00107
00108
00109
00111
00112
00113 int udp_send_crypt_Buffer_sockaddr_in(int sock, Buffer* data, struct sockaddr_in* sv, Buffer* key, EVP_CIPHER* cipher)
00114 {
00115 int cc = 0;
00116 Buffer buf;
00117
00118 if (data==NULL) return JBXL_ARGS_ERROR;
00119
00120 if (key!=NULL && cipher!=NULL) {
00121 buf = encode_EVPAPI_Buffer(*data, *key, cipher);
00122 cc = udp_send_Buffer_sockaddr_in(sock, &buf, sv);
00123 free_Buffer(&buf);
00124 }
00125 else {
00126 cc = udp_send_Buffer_sockaddr_in(sock, data, sv);
00127 }
00128
00129 return cc;
00130 }
00131
00132
00133
00134 int udp_recv_crypt_Buffer_sockaddr_in(int sock, Buffer* data, struct sockaddr_in* sv, Buffer* key, EVP_CIPHER* cipher)
00135 {
00136 Buffer buf;
00137
00138 buf = make_Buffer(RECVBUFSZ);
00139 int cc = udp_recv_Buffer_sockaddr_in(sock, &buf, sv);
00140 if (cc<=0) {
00141 free_Buffer(&buf);
00142 return cc;
00143 }
00144
00145 if (key!=NULL && cipher!=NULL) {
00146 Buffer dec = decode_EVPAPI_Buffer(buf, *key, cipher);
00147 copy_Buffer(&dec, data);
00148 free_Buffer(&dec);
00149 }
00150 else {
00151 copy_Buffer(&buf, data);
00152 }
00153
00154 cc = data->vldsz;
00155 free_Buffer(&buf);
00156 return cc;
00157 }
00158
00159
00160
00162
00163
00164 int udp_send_crypt_Buffer(int sock, Buffer* data, struct addrinfo* sv, Buffer* key, EVP_CIPHER* cipher)
00165 {
00166 int cc = 0;
00167 Buffer buf;
00168
00169 if (data==NULL) return JBXL_ARGS_ERROR;
00170
00171 if (key!=NULL && cipher!=NULL) {
00172 buf = encode_EVPAPI_Buffer(*data, *key, cipher);
00173 cc = udp_send_Buffer(sock, &buf, sv);
00174 free_Buffer(&buf);
00175 }
00176 else {
00177 cc = udp_send_Buffer(sock, data, sv);
00178 }
00179
00180 return cc;
00181 }
00182
00183
00184
00185 int udp_recv_crypt_Buffer(int sock, Buffer* data, struct addrinfo* sv, Buffer* key, EVP_CIPHER* cipher)
00186 {
00187 Buffer buf;
00188
00189 buf = make_Buffer(RECVBUFSZ);
00190 int cc = udp_recv_Buffer(sock, &buf, sv);
00191 if (cc<=0) {
00192 free_Buffer(&buf);
00193 return cc;
00194 }
00195
00196 if (key!=NULL && cipher!=NULL) {
00197 Buffer dec = decode_EVPAPI_Buffer(buf, *key, cipher);
00198 copy_Buffer(&dec, data);
00199 free_Buffer(&dec);
00200 }
00201 else {
00202 copy_Buffer(&buf, data);
00203 }
00204
00205 cc = data->vldsz;
00206 free_Buffer(&buf);
00207 return cc;
00208 }
00209
00210
00211
00212 int tcp_send_crypt_Buffer(int sock, Buffer* data, Buffer* key, EVP_CIPHER* cipher)
00213 {
00214 int cc = 0;
00215 Buffer buf;
00216
00217 if (data==NULL) return JBXL_ARGS_ERROR;
00218
00219 if (key!=NULL && cipher!=NULL) {
00220 buf = encode_EVPAPI_Buffer(*data, *key, cipher);
00221 cc = tcp_send_Buffer(sock, &buf);
00222 free_Buffer(&buf);
00223 }
00224 else {
00225 cc = tcp_send_Buffer(sock, data);
00226 }
00227
00228 return cc;
00229 }
00230
00231
00232
00233 int tcp_recv_crypt_Buffer(int sock, Buffer* data, Buffer* key, EVP_CIPHER* cipher)
00234 {
00235 Buffer buf;
00236
00237 buf = make_Buffer(RECVBUFSZ);
00238 int cc = tcp_recv_Buffer(sock, &buf);
00239 if (cc<=0) {
00240 free_Buffer(&buf);
00241 return cc;
00242 }
00243
00244 if (key!=NULL && cipher!=NULL) {
00245 Buffer dec = decode_EVPAPI_Buffer(buf, *key, cipher);
00246 copy_Buffer(&dec, data);
00247 free_Buffer(&dec);
00248 }
00249 else {
00250 copy_Buffer(&buf, data);
00251 }
00252
00253 cc = data->vldsz;
00254 free_Buffer(&buf);
00255 return cc;
00256 }
00257
00258
00259
00260 Buffer get_plain_Buffer(Buffer data, Buffer* key, EVP_CIPHER* cipher)
00261 {
00262 Buffer buf = init_Buffer();
00263 if (key==NULL || cipher==NULL) return buf;
00264
00265 buf = decode_EVPAPI_Buffer(data, *key, cipher);
00266 return buf;
00267 }
00268
00269
00270
00271 Buffer get_crypt_Buffer(Buffer data, Buffer* key, EVP_CIPHER* cipher)
00272 {
00273 Buffer buf = init_Buffer();
00274 if (key==NULL || cipher==NULL) return buf;
00275
00276 buf = encode_EVPAPI_Buffer(data, *key, cipher);
00277 return buf;
00278 }
00279
00280
00281
00306 int tcp_send_crypt_mesg(int sock, char* mesg, Buffer* key, EVP_CIPHER* cipher)
00307 {
00308 int cc = 0;
00309 Buffer buf, enc;
00310
00311 if (mesg==NULL) return JBXL_ARGS_ERROR;
00312
00313
00314 if (key!=NULL && cipher!=NULL) {
00315 buf = make_Buffer_bystr(mesg);
00316 enc = encode_EVPAPI_Buffer(buf, *key, cipher);
00317 free_Buffer(&buf);
00318 if (enc.vldsz>0) {
00319 buf = encode_base64_Buffer(enc);
00320 free_Buffer(&enc);
00321
00322
00323 cc = tcp_send_sBufferln(sock, &buf);
00324 free_Buffer(&buf);
00325 }
00326 }
00327 else {
00328 cc = tcp_send_mesg(sock, mesg);
00329 }
00330
00331 return cc;
00332 }
00333
00334
00335
00360 int tcp_send_crypt_sBuffer(int sock, Buffer* mesg, Buffer* key, EVP_CIPHER* cipher)
00361 {
00362 int cc = 0;
00363 Buffer buf, enc;
00364
00365 if (mesg==NULL) return JBXL_ARGS_ERROR;
00366
00367
00368 if (key!=NULL && cipher!=NULL) {
00369 enc = encode_EVPAPI_Buffer(*mesg, *key, cipher);
00370 if (enc.vldsz>0) {
00371 buf = encode_base64_Buffer(enc);
00372 free_Buffer(&enc);
00373
00374
00375 cc = tcp_send_sBufferln(sock, &buf);
00376 free_Buffer(&buf);
00377 }
00378 }
00379 else {
00380 cc = tcp_send_sBuffer(sock, mesg);
00381 }
00382
00383 return cc;
00384 }
00385
00386
00387
00401 Buffer get_plain_message(char* mesg, Buffer* key, EVP_CIPHER* cipher)
00402 {
00403 Buffer buf, dec;
00404
00405 buf = make_Buffer_bystr(mesg);
00406
00407 if (key==NULL || cipher==NULL) return buf;
00408
00409 dec = decode_base64_Buffer(buf);
00410 if (dec.vldsz>0) {
00411 free_Buffer(&buf);
00412 buf = decode_EVPAPI_Buffer(dec, *key, cipher);
00413 free_Buffer(&dec);
00414
00415 }
00416 return buf;
00417 }
00418
00419
00420
00434 Buffer get_plain_sBuffer(Buffer mesg, Buffer* key, EVP_CIPHER* cipher)
00435 {
00436 Buffer buf, dec;
00437
00438 buf = dup_Buffer(mesg);
00439
00440 if (key==NULL || cipher==NULL) return buf;
00441
00442 dec = decode_base64_Buffer(buf);
00443 if (dec.vldsz>0) {
00444 free_Buffer(&buf);
00445 buf = decode_EVPAPI_Buffer(dec, *key, cipher);
00446 free_Buffer(&dec);
00447
00448 }
00449 return buf;
00450 }
00451
00452
00453
00467 Buffer get_crypt_message(char* mesg, Buffer* key, EVP_CIPHER* cipher)
00468 {
00469 Buffer buf, enc;
00470
00471 buf = make_Buffer_bystr(mesg);
00472 if (key==NULL || cipher==NULL) return buf;
00473
00474 enc = encode_EVPAPI_Buffer(buf, *key, cipher);
00475 if (enc.vldsz>0) {
00476 free_Buffer(&buf);
00477 buf = encode_base64_Buffer(enc);
00478 free_Buffer(&enc);
00479 }
00480
00481 return buf;
00482 }
00483
00484
00485
00499 Buffer get_crypt_sBuffer(Buffer mesg, Buffer* key, EVP_CIPHER* cipher)
00500 {
00501 Buffer buf, enc;
00502
00503 buf = dup_Buffer(mesg);
00504 if (key==NULL || cipher==NULL) return buf;
00505
00506 enc = encode_EVPAPI_Buffer(buf, *key, cipher);
00507 if (enc.vldsz>0) {
00508 free_Buffer(&buf);
00509 buf = encode_base64_Buffer(enc);
00510 free_Buffer(&enc);
00511 }
00512
00513 return buf;
00514 }
00515
00516
00517
00518
00520
00521
00522
00538 int check_server_spki(Buffer ipaddr, Buffer spki, char* filename)
00539 {
00540 Buffer buf;
00541 FILE* fp;
00542
00543 buf = init_Buffer();
00544
00545 fp = fopen(filename, "rb");
00546 if (fp!=NULL) {
00547 buf = read_spki_with_ipaddr(ipaddr, fp);
00548 fclose(fp);
00549 if (buf.buf!=NULL) {
00550 if (bincmp_Buffer(buf, spki)) {
00551 free_Buffer(&buf);
00552 return FALSE;
00553 }
00554 }
00555 }
00556
00557 if (buf.buf==NULL) {
00558 fp = file_chmod_open(filename, (char*)"a", S_IRUSR | S_IWUSR);
00559 save_spki_with_ipaddr(ipaddr, spki, fp);
00560 fclose(fp);
00561 }
00562
00563 return TRUE;
00564 }
00565
00566
00567
00584 int save_spki_with_ipaddr(Buffer ipa, Buffer pki, FILE* fp)
00585 {
00586 unsigned int md;
00587
00588 if (fp==NULL) return FALSE;
00589
00590 md = JBXL_FIO_IPADDRESS | JBXL_FIO_STRING;
00591 if (!save_tagged_Buffer(ipa, fp, md, FALSE)) return FALSE;
00592
00593 md = JBXL_FIO_SPKI | JBXL_FIO_ORIGINAL;
00594 if (!save_tagged_Buffer(pki, fp, md, FALSE)) return FALSE;
00595
00596 return TRUE;
00597 }
00598
00599
00600
00611 Buffer read_spki_with_ipaddr(Buffer ipa, FILE* fp)
00612 {
00613 unsigned int md;
00614 Buffer ips, pki;
00615
00616 pki = init_Buffer();
00617 if (ipa.buf==NULL) return pki;
00618
00619 md = JBXL_FIO_IPADDRESS | JBXL_FIO_STRING;
00620
00621 ips = read_tagged_Buffer(fp, &md);
00622 while (!feof(fp) && strcmp_Buffer(ipa, ips)) {
00623 ips = read_tagged_Buffer(fp, &md);
00624 }
00625
00626 if (!strcmp_Buffer(ipa, ips)) {
00627 md = JBXL_FIO_SPKI | JBXL_FIO_ORIGINAL;
00628 pki = read_tagged_Buffer(fp, &md);
00629 }
00630 free_Buffer(&ips);
00631
00632 return pki;
00633 }
00634
00635
00636
00637
00639
00640
00641
00662 EVP_CIPHER* init_EVPAPI_Buffer(int type)
00663 {
00664 EVP_CIPHER* cipher = NULL;
00665
00666 if (type==SSL_AES128CBC) {
00667 cipher = (EVP_CIPHER*)EVP_aes_128_cbc();
00668 }
00669 else if (type==SSL_3DES3CBC) {
00670 cipher = (EVP_CIPHER*)EVP_des_ede3_cbc();
00671 }
00672
00673 return cipher;
00674 }
00675
00676
00677
00688 Buffer decode_EVPAPI_Buffer(Buffer buf, Buffer shdkey, EVP_CIPHER* cipher)
00689 {
00690 int sz, ss;
00691 Buffer dec;
00692 EVP_CIPHER_CTX* ctx;
00693 unsigned char* iv;
00694
00695 dec = init_Buffer();
00696 if (shdkey.buf==NULL || cipher==NULL) return dec;
00697
00698 iv = (unsigned char*)&(shdkey.buf[shdkey.vldsz - SSL_IV_SIZE]);
00699
00700 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00701 ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
00702 EVP_CIPHER_CTX_init(ctx);
00703 #else
00704 ctx = EVP_CIPHER_CTX_new();
00705 EVP_CIPHER_CTX_reset(ctx);
00706 #endif
00707
00708 EVP_DecryptInit_ex(ctx, cipher, NULL, shdkey.buf, iv);
00709
00710 dec = make_Buffer(buf.vldsz + EVP_CIPHER_CTX_block_size(ctx) + 1);
00711 if (dec.buf==NULL) return dec;
00712
00713 EVP_DecryptUpdate(ctx, dec.buf, &sz, buf.buf, buf.vldsz);
00714 EVP_DecryptFinal_ex(ctx, &(dec.buf[sz]), &ss);
00715 dec.vldsz = sz + ss;
00716 dec.buf[dec.vldsz] = '\0';
00717
00718 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00719 EVP_CIPHER_CTX_cleanup(ctx);
00720 #endif
00721 free(ctx);
00722 return dec;
00723 }
00724
00725
00726
00740 Buffer encode_EVPAPI_Buffer(Buffer buf, Buffer shdkey, EVP_CIPHER* cipher)
00741 {
00742 int i, len, ss=0, sz;
00743 Buffer enc;
00744 EVP_CIPHER_CTX* ctx;
00745 unsigned char* iv;
00746
00747 enc = init_Buffer();
00748
00749 if (shdkey.buf==NULL || cipher==NULL) return enc;
00750
00751 iv = (unsigned char*)&(shdkey.buf[shdkey.vldsz - SSL_IV_SIZE]);
00752
00753 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00754 ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
00755 EVP_CIPHER_CTX_init(ctx);
00756 #else
00757 ctx = EVP_CIPHER_CTX_new();
00758 EVP_CIPHER_CTX_reset(ctx);
00759 #endif
00760
00761 EVP_EncryptInit_ex(ctx, cipher, NULL, shdkey.buf, iv);
00762
00763 len = buf.vldsz;
00764 enc = make_Buffer(len + EVP_CIPHER_CTX_block_size(ctx));
00765 if (enc.buf==NULL) return enc;
00766
00767 for (i=0; i<len/SSL_ENC_BLCKSZ; i++) {
00768 EVP_EncryptUpdate(ctx, &(enc.buf[ss]), &sz, &(buf.buf[i*SSL_ENC_BLCKSZ]), SSL_ENC_BLCKSZ);
00769 ss += sz;
00770 }
00771 if (len%SSL_ENC_BLCKSZ!=0) {
00772 EVP_EncryptUpdate(ctx, &(enc.buf[ss]), &sz, &(buf.buf[i*SSL_ENC_BLCKSZ]), len%SSL_ENC_BLCKSZ);
00773 ss += sz;
00774 }
00775 EVP_EncryptFinal_ex(ctx, &(enc.buf[ss]), &sz);
00776 enc.vldsz = ss + sz;
00777
00778 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00779 EVP_CIPHER_CTX_cleanup(ctx);
00780 #endif
00781 free(ctx);
00782
00783 return enc;
00784 }
00785
00786
00787
00791 void free_EVP_CIPHER(EVP_CIPHER** p_cipher)
00792 {
00793 if (p_cipher==NULL || *p_cipher==NULL) return;
00794
00795
00796 *p_cipher = NULL;
00797
00798 return;
00799 }
00800
00801
00802
00804
00805
00806
00807
00808
00824 void ssl_init()
00825 {
00826 SSL_library_init();
00827 SSL_load_error_strings();
00828 }
00829
00830
00831
00844 SSL_CTX* ssl_client_setup(char* ca)
00845 {
00846 SSL_CTX* ssl_ctx;
00847
00848 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00849 ssl_ctx = SSL_CTX_new(SSLv23_client_method());
00850 #else
00851 ssl_ctx = SSL_CTX_new(TLS_client_method());
00852 #endif
00853 if (ssl_ctx==NULL) return NULL;
00854
00855
00856 if (ca!=NULL) SSL_CTX_load_verify_locations(ssl_ctx, ca, NULL);
00857
00858 return ssl_ctx;
00859 }
00860
00861
00862
00880 SSL* ssl_client_socket(int sock, SSL_CTX* ssl_ctx, int mode)
00881 {
00882 if (ssl_ctx==NULL) return NULL;
00883
00884 SSL* ssl = SSL_new(ssl_ctx);
00885 if (ssl==NULL) {
00886
00887 return NULL;
00888 }
00889
00890 int ret = SSL_set_fd(ssl, sock);
00891 if (ret!=1) {
00892 ssl_close(ssl);
00893 return NULL;
00894 }
00895
00896
00897 ret = SSL_connect(ssl);
00898 if (ret!=1) {
00899 ssl_close(ssl);
00900 return NULL;
00901 }
00902
00903
00904 if (mode==ON) {
00905 long lrt = SSL_get_verify_result(ssl);
00906 if (lrt!=X509_V_OK) {
00907 ssl_close(ssl);
00908 return NULL;
00909 }
00910 }
00911
00912 return ssl;
00913 }
00914
00915
00916
00932 SSL_CTX* ssl_server_setup(char* crt_fn, char* key_fn, char* chn_fn)
00933 {
00934 int ret;
00935 SSL_CTX* ssl_ctx;
00936
00937
00938 #if OPENSSL_VERSION_NUMBER < 0x10101000L
00939 ssl_ctx = SSL_CTX_new(SSLv23_server_method());
00940 #else
00941 ssl_ctx = SSL_CTX_new(TLS_server_method());
00942 #endif
00943 if (ssl_ctx==NULL) return NULL;
00944
00945
00946 if (crt_fn!=NULL && key_fn!=NULL) {
00947 if (chn_fn!=NULL) {
00948 ret = SSL_CTX_use_certificate_file(ssl_ctx, crt_fn, SSL_FILETYPE_PEM);
00949 }
00950 else {
00951 ret = ssl_read_fullchain_cert_file(ssl_ctx, crt_fn);
00952 }
00953
00954 if (ret==1) {
00955 ret = SSL_CTX_use_PrivateKey_file(ssl_ctx, key_fn, SSL_FILETYPE_PEM);
00956 }
00957
00958 if (ret==1 && chn_fn!=NULL) {
00959 ret = ssl_add_chain_file(ssl_ctx, chn_fn);
00960 }
00961
00962 if (ret!=1) {
00963 SSL_CTX_free(ssl_ctx);
00964 return NULL;
00965 }
00966
00967
00968
00969 }
00970
00971 return ssl_ctx;
00972 }
00973
00974
00975
00986 int ssl_add_chain_file(SSL_CTX* ssl_ctx, char* file)
00987 {
00988 int ret = 0;
00989 if (file==NULL) return ret;
00990
00991 BIO* bio = BIO_new(BIO_s_file());
00992 if (bio==NULL) return ret;
00993
00994 BIO_read_filename(bio, file);
00995 X509* x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
00996 while(x509!=NULL) {
00997 ret = SSL_CTX_add_extra_chain_cert(ssl_ctx, x509);
00998 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
00999 }
01000 BIO_free(bio);
01001
01002 return ret;
01003 }
01004
01005
01006
01017 int ssl_read_fullchain_cert_file(SSL_CTX* ssl_ctx, char* file)
01018 {
01019 int ret = 0;
01020 if (file==NULL) return ret;
01021
01022 BIO* bio = NULL;
01023 X509* x509 = NULL;
01024
01025 bio = BIO_new(BIO_s_file());
01026 if (bio==NULL) return ret;
01027 BIO_read_filename(bio, file);
01028
01029
01030 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
01031 if (x509!=NULL) {
01032 ret = SSL_CTX_use_certificate(ssl_ctx, x509);
01033 }
01034
01035 if (ret==1) {
01036 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
01037 while(x509!=NULL) {
01038 ret = SSL_CTX_add_extra_chain_cert(ssl_ctx, x509);
01039 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
01040 }
01041 }
01042
01043 BIO_free(bio);
01044
01045 return ret;
01046 }
01047
01048
01049
01050
01051 #define SSL_ACCEPT_COUNT_MAX 10
01052
01066 SSL* ssl_server_socket(int sock, SSL_CTX* ssl_ctx)
01067 {
01068 if (ssl_ctx==NULL) return NULL;
01069 int cnt_max = SSL_ACCEPT_COUNT_MAX;
01070
01071 SSL* ssl = SSL_new(ssl_ctx);
01072 if (ssl==NULL) {
01073
01074 return NULL;
01075 }
01076
01077 int ret = SSL_set_fd(ssl, sock);
01078 if (ret!=1) {
01079 ssl_close(ssl);
01080 return NULL;
01081 }
01082
01083 int cnt = 0;
01084 SSL_set_accept_state(ssl);
01085 do {
01086 ret = SSL_accept(ssl);
01087 ret = SSL_get_error(ssl, ret);
01088 cnt++;
01089 } while (cnt<=cnt_max && (ret==SSL_ERROR_WANT_READ || ret==SSL_ERROR_WANT_WRITE || ret==SSL_ERROR_SYSCALL));
01090
01091 if (ret==SSL_ERROR_SSL || cnt>cnt_max) {
01092 if (ret!=SSL_ERROR_SSL) ssl_close(ssl);
01093 return NULL;
01094 }
01095
01096 return ssl;
01097 }
01098
01099
01100
01108 void ssl_close(SSL* ssl)
01109 {
01110 if (ssl!=NULL) {
01111
01112 SSL_shutdown(ssl);
01113 SSL_free(ssl);
01114
01115 }
01116 }
01117
01118
01119
01130 tList* ssl_get_cert_info(SSL* ssl)
01131 {
01132 tList* lt;
01133 tList* lp;
01134 char* pp;
01135 char buf[LBUF];
01136 X509* x509;
01137 BIO* bio;
01138
01139 pp = (char*)SSL_get_cipher(ssl);
01140 lt = lp = add_tList_node_str(NULL, "cipher", pp);
01141
01142 pp = (char*)SSL_get_cipher_version(ssl);
01143 lp = add_tList_node_str(lp, "version", pp);
01144
01145 x509 = SSL_get_peer_certificate(ssl);
01146 if (x509==NULL) return lt;
01147
01148 bio = BIO_new(BIO_s_mem());
01149 if (bio==NULL) {
01150 X509_free(x509);
01151 return lt;
01152 }
01153
01154 X509_NAME_print_ex(bio, X509_get_subject_name(x509), 0, XN_FLAG_RFC2253);
01155 BIO_gets(bio, buf, LBUF);
01156 lp = add_tList_node_str(lp, "subject", buf);
01157
01158 X509_NAME_print_ex(bio, X509_get_issuer_name(x509), 0, XN_FLAG_RFC2253);
01159 BIO_gets(bio, buf, LBUF);
01160 lp = add_tList_node_str(lp, "issuer", buf);
01161
01162 ASN1_TIME_print(bio, X509_get_notBefore(x509));
01163 BIO_gets(bio, buf, LBUF);
01164 lp = add_tList_node_str(lp, "before", buf);
01165
01166 ASN1_TIME_print(bio, X509_get_notAfter(x509));
01167 BIO_gets(bio, buf, LBUF);
01168 lp = add_tList_node_str(lp, "after", buf);
01169
01170 BIO_free(bio);
01171 X509_free(x509);
01172
01173 return lt;
01174 }
01175
01176
01177
01178
01180
01181
01198 int ssl_recv(SSL* ssl, char* rmsg, int size)
01199 {
01200 int cc;
01201
01202 if (ssl==NULL || rmsg==NULL) return JBXL_ARGS_ERROR;
01203
01204 memset(rmsg, 0, size);
01205 cc = SSL_read(ssl, rmsg, size-1);
01206
01207 if (cc<0) cc = JBXL_SSL_RECV_ERROR;
01208 return cc;
01209 }
01210
01211
01212
01230 int ssl_send(SSL* ssl, char* smsg, int size)
01231 {
01232 int cc;
01233
01234 if (ssl==NULL || smsg==NULL) return JBXL_ARGS_ERROR;
01235
01236 if (size<=0) size = strlen(smsg);
01237 cc = SSL_write(ssl, smsg, size);
01238
01239 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01240 return cc;
01241 }
01242
01243
01244
01268 int ssl_recv_wait(int sock, SSL* ssl, char* mesg, int sz, int tm)
01269 {
01270 int cc;
01271
01272 if (ssl==NULL || mesg==NULL) return JBXL_ARGS_ERROR;
01273
01274
01275 if (recv_wait(sock, tm)) {
01276 cc = ssl_recv(ssl, mesg, sz);
01277
01278 }
01279 else {
01280
01281 return JBXL_NET_RECV_TIMEOUT;
01282 }
01283
01284 return cc;
01285 }
01286
01287
01288
01301 int ssl_send_mesgln(SSL* ssl, char* mesg)
01302 {
01303 int cc, sz;
01304 char* buf;
01305
01306 if (ssl==NULL || mesg==NULL) return JBXL_ARGS_ERROR;
01307
01308 sz = strlen(mesg) + 3;
01309 buf = (char*)malloc(sz);
01310 if (buf==NULL) return JBXL_MALLOC_ERROR;
01311
01312 strncpy(buf, mesg, sz);
01313 strncat(buf, "\r\n", 2);
01314 cc = ssl_send(ssl, buf, strlen(buf));
01315
01316 free(buf);
01317 return cc;
01318 }
01319
01320
01321
01355 int ssl_recv_mstream(int sock, SSL* ssl, char* mesg, int sz, mstream* sb, int tm)
01356 {
01357 int cc;
01358 unsigned char* pp;
01359
01360 if (ssl==NULL) return JBXL_ARGS_ERROR;
01361 if (mesg==NULL || sb==NULL) return JBXL_ARGS_ERROR;
01362
01363
01364 if (sb->buf==NULL) {
01365 *sb = make_mstream(RECVBUFSZ);
01366 if (sb->buf==NULL) return JBXL_MALLOC_ERROR;
01367 }
01368
01369 while (sb->datano==0) {
01370 cc = ssl_recv_wait(sock, ssl, mesg, sz, tm);
01371 if (cc<=0) return cc;
01372 put_mstream(sb, (unsigned char*)mesg);
01373
01374 }
01375
01376 pp = get_mstream(sb);
01377 if (pp==NULL) return JBXL_NET_BUF_ERROR;
01378 if (strlen((const char*)pp)>=(unsigned int)sz) {
01379 memcpy(mesg, pp, sz-1);
01380 free(pp);
01381 return JBXL_NET_BUFSZ_ERROR;
01382 }
01383 memcpy(mesg, pp, strlen((const char*)pp));
01384
01385 free(pp);
01386 return strlen(mesg);
01387 }
01388
01389
01390
01391
01393
01394
01408 int ssl_recv_Buffer(SSL* ssl, Buffer* str)
01409 {
01410 int cc;
01411
01412 if (ssl==NULL || str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01413
01414 memset(str->buf, 0, str->bufsz);
01415 str->vldsz = 0;
01416 str->state = JBXL_NORMAL;
01417
01418 cc = SSL_read(ssl, str->buf, str->bufsz-1);
01419 if (cc>=0) str->vldsz = cc;
01420 else cc = JBXL_SSL_RECV_ERROR;
01421
01422 return cc;
01423 }
01424
01425
01426
01439 int ssl_send_Buffer(SSL* ssl, Buffer* str)
01440 {
01441 int cc;
01442
01443 if (ssl==NULL || str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01444
01445 if (str->vldsz<0) str->vldsz = strlen((const char*)str->buf);
01446 cc = SSL_write(ssl, str->buf, str->vldsz);
01447
01448 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01449 return cc;
01450 }
01451
01452
01453
01474 int ssl_recv_Buffer_wait(int sock, SSL* ssl, Buffer* str, int tm)
01475 {
01476 int cc;
01477
01478 if (ssl==NULL || str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01479
01480
01481 str->vldsz = 0;
01482 cc = ssl_recv_wait(sock, ssl, (char*)str->buf, str->bufsz, tm);
01483 if (cc>=0) str->vldsz = cc;
01484
01485 return cc;
01486 }
01487
01488
01489
01502 int ssl_send_sBuffer(SSL* ssl, Buffer* str)
01503 {
01504 int cc;
01505
01506 if (ssl==NULL || str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01507
01508 cc = SSL_write(ssl, str->buf, strlen((const char*)str->buf));
01509
01510 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01511 return cc;
01512 }
01513
01514
01515
01528 int ssl_send_sBufferln(SSL* ssl, Buffer* str)
01529 {
01530 int cc;
01531 Buffer buf;
01532
01533 if (ssl==NULL || str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01534
01535 buf = dup_Buffer(*str);
01536 cat_s2Buffer("\r\n", &buf);
01537 cc = SSL_write(ssl, buf.buf, strlen((const char*)buf.buf));
01538 free_Buffer(&buf);
01539
01540 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01541 return cc;
01542 }
01543
01544
01545
01576 int ssl_recv_mstream_Buffer(int sock, SSL* ssl, Buffer* mesg, mstream* sb, int tm)
01577 {
01578 int cc;
01579 unsigned char* pp;
01580
01581 if (ssl==NULL) return JBXL_ARGS_ERROR;
01582 if (mesg==NULL || mesg->buf==NULL || sb==NULL) return JBXL_ARGS_ERROR;
01583 *mesg = make_Buffer(LBUF);
01584
01585 if (sb->buf==NULL) {
01586 *sb = make_mstream(RECVBUFSZ);
01587 if (sb->buf==NULL) return JBXL_MALLOC_ERROR;
01588 }
01589
01590 while (sb->datano==0) {
01591 cc = ssl_recv_Buffer_wait(sock, ssl, mesg, tm);
01592 if (cc<=0) {
01593 free_Buffer(mesg);
01594 return cc;
01595 }
01596 put_mstream(sb, mesg->buf);
01597 clear_Buffer(mesg);
01598 }
01599
01600 pp = get_mstream(sb);
01601 if (pp==NULL) return JBXL_NET_BUF_ERROR;
01602 copy_s2Buffer((char*)pp, mesg);
01603 free(pp);
01604
01605 return mesg->vldsz;
01606 }
01607
01608
01609
01633 int ssl_recv_lines_Buffer(int sock, SSL* ssl, Buffer* mesg, int tm)
01634 {
01635 int cc;
01636 Buffer msg, buf;
01637
01638 if (ssl==NULL || mesg==NULL || mesg->buf==NULL) return JBXL_ARGS_ERROR;
01639 buf = make_Buffer(LBUF);
01640
01641 cc = ssl_recv_Buffer_wait(sock, ssl, &buf, tm);
01642 while (cc>0) {
01643 cat_Buffer(&buf, &msg);
01644 if (buf.buf[cc-1]==CHAR_LF) break;
01645 clear_Buffer(&buf);
01646 cc = ssl_recv_Buffer_wait(sock, ssl, &buf, tm);
01647 }
01648 free_Buffer(&buf);
01649
01650 if (cc<=0) {
01651 free_Buffer(mesg);
01652 return cc;
01653 }
01654
01655 return mesg->vldsz;
01656 }
01657
01658
01659
01660
01662
01663
01682 int ssl_tcp_recv(int sock, SSL* ssl, char* rmsg, int size)
01683 {
01684 int cc;
01685
01686 if (rmsg==NULL) return JBXL_ARGS_ERROR;
01687 memset(rmsg, 0, size);
01688
01689 if (ssl!=NULL) cc = SSL_read(ssl, rmsg, size-1);
01690 else cc = recv(sock, rmsg, size-1, 0);
01691
01692 if (cc<0) cc = JBXL_SSL_RECV_ERROR;
01693 return cc;
01694 }
01695
01696
01697
01716 int ssl_tcp_send(int sock, SSL* ssl, char* smsg, int size)
01717 {
01718 int cc;
01719
01720 if (smsg==NULL) return JBXL_ARGS_ERROR;
01721
01722 if (size<=0) size = strlen(smsg);
01723 if (ssl!=NULL) cc = SSL_write(ssl, smsg, size);
01724 else cc = send(sock, smsg, size, 0);
01725
01726 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01727 return cc;
01728 }
01729
01730
01731
01755 int ssl_tcp_recv_wait(int sock, SSL* ssl, char* mesg, int sz, int tm)
01756 {
01757 int cc;
01758
01759 if (mesg==NULL) return JBXL_ARGS_ERROR;
01760
01761 if (recv_wait(sock, tm)) {
01762 cc = ssl_tcp_recv(sock, ssl, mesg, sz);
01763
01764 }
01765 else {
01766
01767 return JBXL_NET_RECV_TIMEOUT;
01768 }
01769
01770 return cc;
01771 }
01772
01773
01774
01789 int ssl_tcp_send_mesgln(int sock, SSL* ssl, char* mesg)
01790 {
01791 int cc, sz;
01792 char* buf;
01793
01794 if (mesg==NULL) return JBXL_ARGS_ERROR;
01795
01796 sz = strlen(mesg) + 3;
01797 buf = (char*)malloc(sz);
01798 if (buf==NULL) return JBXL_MALLOC_ERROR;
01799
01800 strncpy(buf, mesg, sz);
01801 strncat(buf, "\r\n", 2);
01802 cc = ssl_tcp_send(sock, ssl, buf, strlen(buf));
01803
01804 free(buf);
01805 return cc;
01806 }
01807
01808
01809
01844 int ssl_tcp_recv_mstream(int sock, SSL* ssl, char* mesg, int sz, mstream* sb, int tm)
01845 {
01846 int cc;
01847 unsigned char* pp;
01848
01849 if (mesg==NULL || sb==NULL) return JBXL_ARGS_ERROR;
01850
01851
01852 if (sb->buf==NULL) {
01853 *sb = make_mstream(RECVBUFSZ);
01854 if (sb->buf==NULL) return JBXL_MALLOC_ERROR;
01855 }
01856
01857 while (sb->datano==0) {
01858 cc = ssl_tcp_recv_wait(sock, ssl, mesg, sz, tm);
01859 if (cc<=0) return cc;
01860 put_mstream(sb, (unsigned char*)mesg);
01861
01862 }
01863
01864 pp = get_mstream(sb);
01865 if (pp==NULL) return JBXL_NET_BUF_ERROR;
01866 if (strlen((const char*)pp)>=(unsigned int)sz) {
01867 memcpy(mesg, pp, sz-1);
01868 free(pp);
01869 return JBXL_NET_BUFSZ_ERROR;
01870 }
01871 memcpy(mesg, pp, strlen((const char*)pp));
01872
01873 free(pp);
01874 return strlen(mesg);
01875 }
01876
01877
01878
01893 int ssl_tcp_recv_Buffer(int sock, SSL* ssl, Buffer* str)
01894 {
01895 int cc;
01896
01897 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01898
01899 memset(str->buf, 0, str->bufsz);
01900 str->vldsz = 0;
01901 str->state = JBXL_NORMAL;
01902
01903 if (ssl!=NULL) cc = SSL_read(ssl, str->buf, str->bufsz-1);
01904 else cc = recv(sock, str->buf, str->bufsz-1, 0);
01905
01906 if (cc>=0) str->vldsz = cc;
01907 else cc = JBXL_SSL_RECV_ERROR;
01908 return cc;
01909 }
01910
01911
01912
01926 int ssl_tcp_send_Buffer(int sock, SSL* ssl, Buffer* str)
01927 {
01928 int cc;
01929
01930 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01931
01932 if (str->vldsz<0) str->vldsz = strlen((const char*)str->buf);
01933 if (ssl!=NULL) {
01934 cc = SSL_write(ssl, str->buf, str->vldsz);
01935 }
01936 else {
01937 cc = send(sock, str->buf, str->vldsz, 0);
01938 }
01939
01940 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
01941 return cc;
01942 }
01943
01944
01945
01966 int ssl_tcp_recv_Buffer_wait(int sock, SSL* ssl, Buffer* str, int tm)
01967 {
01968 int cc;
01969
01970 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
01971
01972 str->vldsz = 0;
01973 cc = ssl_tcp_recv_wait(sock, ssl, (char*)str->buf, str->bufsz, tm);
01974 if (cc>=0) str->vldsz = cc;
01975
01976
01977 return cc;
01978 }
01979
01980
01981
01998 int ssl_tcp_recv_Buffer_tosize(int sock, SSL* ssl, Buffer* str, Buffer* mod, int size)
01999 {
02000 int cc, sz;
02001 int modon = FALSE;
02002
02003 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
02004 if (mod!=NULL && mod->buf!=NULL) modon = TRUE;
02005
02006 if (modon) memset(mod->buf, 0, mod->vldsz);
02007 Buffer buf = make_Buffer(RECVBUFSZ);
02008
02009 sz = str->vldsz;
02010 while (sz<size) {
02011 cc = ssl_tcp_recv_Buffer(sock, ssl, &buf);
02012 if (cc>0) {
02013 cat_Buffer(&buf, str);
02014 sz += cc;
02015 }
02016 else {
02017 if (cc<0) sz = cc;
02018 break;
02019 }
02020 }
02021 free_Buffer(&buf);
02022
02023 if (sz>size && modon) {
02024 copy_b2Buffer((void*)(str->buf+size), mod, sz-size);
02025 str->vldsz = size;
02026 }
02027 return sz;
02028 }
02029
02030
02031
02054 int ssl_tcp_recv_Buffer_tosize_wait(int sock, SSL* ssl, Buffer* str, Buffer* mod, int size, int tm)
02055 {
02056 int cc, sz;
02057 int modon = FALSE;
02058
02059 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
02060 if (mod!=NULL && mod->buf!=NULL) modon = TRUE;
02061
02062 if (modon) memset(mod->buf, 0, mod->vldsz);
02063 Buffer buf = make_Buffer(RECVBUFSZ);
02064
02065 sz = str->vldsz;
02066 while (sz<size) {
02067 cc = ssl_tcp_recv_Buffer_wait(sock, ssl, &buf, tm);
02068 if (cc>0) {
02069 cat_Buffer(&buf, str);
02070 sz += cc;
02071 }
02072 else {
02073 if (cc<0) sz = cc;
02074 break;
02075 }
02076 }
02077 free_Buffer(&buf);
02078
02079 if (sz>size && modon) {
02080 copy_b2Buffer((void*)(str->buf+size), mod, sz-size);
02081 str->vldsz = size;
02082 }
02083 return sz;
02084 }
02085
02086
02087
02101 int ssl_tcp_send_sBuffer(int sock, SSL* ssl, Buffer* str)
02102 {
02103 int cc;
02104
02105 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
02106
02107 if (ssl!=NULL) cc = SSL_write(ssl, str->buf, strlen((const char*)str->buf));
02108 else cc = send(sock, str->buf, strlen((const char*)str->buf), 0);
02109
02110 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
02111 return cc;
02112 }
02113
02114
02115
02129 int ssl_tcp_send_sBufferln(int sock, SSL* ssl, Buffer* str)
02130 {
02131 int cc;
02132 Buffer buf;
02133
02134 if (str==NULL || str->buf==NULL) return JBXL_ARGS_ERROR;
02135
02136 buf = dup_Buffer(*str);
02137 cat_s2Buffer("\r\n", &buf);
02138
02139 if (ssl!=NULL) cc = SSL_write(ssl, buf.buf, strlen((const char*)buf.buf));
02140 else cc = send(sock, buf.buf, strlen((const char*)buf.buf), 0);
02141
02142 free_Buffer(&buf);
02143
02144 if (cc<0) cc = JBXL_SSL_SEND_ERROR;
02145 return cc;
02146 }
02147
02148
02149
02179 int ssl_tcp_recv_mstream_Buffer(int sock, SSL* ssl, Buffer* mesg, mstream* sb, int tm)
02180 {
02181 int cc;
02182 unsigned char* pp;
02183
02184 if (mesg==NULL || mesg->buf==NULL || sb==NULL) return JBXL_ARGS_ERROR;
02185 *mesg = make_Buffer(LBUF);
02186
02187 if (sb->buf==NULL) {
02188 *sb = make_mstream(RECVBUFSZ);
02189 if (sb->buf==NULL) return JBXL_MALLOC_ERROR;
02190 }
02191
02192 while (sb->datano==0) {
02193 cc = ssl_tcp_recv_Buffer_wait(sock, ssl, mesg, tm);
02194 if (cc<=0) {
02195 free_Buffer(mesg);
02196 return cc;
02197 }
02198 put_mstream(sb, mesg->buf);
02199 clear_Buffer(mesg);
02200 }
02201
02202 pp = get_mstream(sb);
02203 if (pp==NULL) return JBXL_NET_BUF_ERROR;
02204 copy_s2Buffer((char*)pp, mesg);
02205 free(pp);
02206
02207 return mesg->vldsz;
02208 }
02209
02210
02211
02234 int ssl_tcp_recv_lines_Buffer(int sock, SSL* ssl, Buffer* mesg, int tm)
02235 {
02236 int cc;
02237 Buffer msg, buf;
02238
02239 if (mesg==NULL || mesg->buf==NULL) return JBXL_ARGS_ERROR;
02240 buf = make_Buffer(LBUF);
02241
02242 cc = ssl_tcp_recv_Buffer_wait(sock, ssl, &buf, tm);
02243 while (cc>0) {
02244 cat_Buffer(&buf, &msg);
02245 if (buf.buf[cc-1]==CHAR_LF) break;
02246 clear_Buffer(&buf);
02247 cc = ssl_tcp_recv_Buffer_wait(sock, ssl, &buf, tm);
02248 }
02249 free_Buffer(&buf);
02250
02251 if (cc<=0) {
02252 free_Buffer(mesg);
02253 return cc;
02254 }
02255
02256 return mesg->vldsz;
02257 }
02258
02259
02260
02261 #endif
