diff options
| author | Marc Laukien <marc@zeroc.com> | 2002-04-02 17:08:47 +0000 |
|---|---|---|
| committer | Marc Laukien <marc@zeroc.com> | 2002-04-02 17:08:47 +0000 |
| commit | c98649e0be8c8bcbc8eba686f9a08f1ed17d36cb (patch) | |
| tree | cd9ddef90cf2f5496be9abc07e3018bb294d8213 /cpp/src/Ice/OpenSSLUtils.cpp | |
| parent | removed shutdown() from acceptor (diff) | |
| download | ice-c98649e0be8c8bcbc8eba686f9a08f1ed17d36cb.tar.bz2 ice-c98649e0be8c8bcbc8eba686f9a08f1ed17d36cb.tar.xz ice-c98649e0be8c8bcbc8eba686f9a08f1ed17d36cb.zip | |
cleanup
Diffstat (limited to 'cpp/src/Ice/OpenSSLUtils.cpp')
| -rw-r--r-- | cpp/src/Ice/OpenSSLUtils.cpp | 716 |
1 files changed, 358 insertions, 358 deletions
diff --git a/cpp/src/Ice/OpenSSLUtils.cpp b/cpp/src/Ice/OpenSSLUtils.cpp index 132778e4078..ecd5e1cc62a 100644 --- a/cpp/src/Ice/OpenSSLUtils.cpp +++ b/cpp/src/Ice/OpenSSLUtils.cpp @@ -1,358 +1,358 @@ -// **********************************************************************
-//
-// Copyright (c) 2001
-// MutableRealms, Inc.
-// Huntsville, AL, USA
-//
-// All Rights Reserved
-//
-// **********************************************************************
-
-#include <Ice/OpenSSLUtils.h>
-#include <Ice/SystemInternalF.h>
-#include <Ice/SystemOpenSSL.h>
-#include <Ice/SslFactory.h>
-#include <IceUtil/Mutex.h>
-#include <openssl/err.h>
-#include <assert.h>
-
-using std::string;
-
-//
-// TODO: These Diffie-Hellman params have been blatantly stolen from
-// OpenSSL's demo programs. We SHOULD define our own here, but
-// these will suffice for testing purposes. Please note, these
-// are not keys themselves, simply a DH Group that allows OpenSSL
-// to create Diffie-Hellman keys.
-//
-
-// Instantiation of temporary Diffie-Hellman 512bit key.
-unsigned char tempDiffieHellman512p[] =
-{
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
-};
-
-unsigned char tempDiffieHellman512g[] =
-{
- 0x02,
-};
-
-// Ensures that the sslGetErrors() function is synchronized.
-static ::IceUtil::Mutex sslErrorsMutex;
-
-//
-// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time)
-// are routines that have been abducted from the OpenSSL X509 library,
-// and modified to work with the STL basic_string template.
-
-static const char *mon[12]=
-{
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
-};
-
-string
-IceSSL::OpenSSL::getGeneralizedTime(ASN1_GENERALIZEDTIME *tm)
-{
- assert(tm != 0);
-
- char buf[30];
- int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- int i = tm->length;
-
- char* v = (char *) tm->data;
-
- if (i < 12)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i=0; i<12; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0');
- M = (v[4] - '0') * 10 + (v[5] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[6] - '0') * 10 + (v[7] - '0');
- h = (v[8] - '0') * 10 + (v[9] - '0');
- m = (v[10] - '0') * 10 + (v[11] - '0');
-
- if ((v[12] >= '0') && (v[12] <= '9') &&
- (v[13] >= '0') && (v[13] <= '9'))
- {
- s = (v[12] - '0') * 10 + (v[13] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-IceSSL::OpenSSL::getUTCTime(ASN1_UTCTIME *tm)
-{
- assert(tm != 0);
-
- char buf[30];
- int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
- int i = tm->length;
- char* v = (char *) tm->data;
-
- if (i < 10)
- {
- goto err;
- }
-
- if (v[i-1] == 'Z')
- {
- gmt=1;
- }
-
- for (i = 0; i < 10; i++)
- {
- if ((v[i] > '9') || (v[i] < '0'))
- {
- goto err;
- }
- }
-
- y = (v[0] - '0') * 10 + (v[1] - '0');
-
- if (y < 50)
- {
- y+=100;
- }
-
- M = (v[2] - '0') * 10 + (v[3] - '0');
-
- if ((M > 12) || (M < 1))
- {
- goto err;
- }
-
- d = (v[4] - '0') * 10 + (v[5] - '0');
- h = (v[6] - '0') * 10 + (v[7] - '0');
- m = (v[8] - '0') * 10 + (v[9] - '0');
-
- if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
- {
- s = (v[10] - '0') * 10 + (v[11] - '0');
- }
-
- sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
- return string(buf);
-
-err:
- return string("Bad time value");
-}
-
-string
-IceSSL::OpenSSL::getASN1time(ASN1_TIME *tm)
-{
- assert(tm != 0);
-
- string theTime;
-
- switch (tm->type)
- {
- case V_ASN1_UTCTIME :
- {
- theTime = getUTCTime(tm);
- break;
- }
-
- case V_ASN1_GENERALIZEDTIME :
- {
- theTime = getGeneralizedTime(tm);
- break;
- }
-
- default :
- {
- theTime = "Bad time value";
- break;
- }
- }
-
- return theTime;
-}
-
-DH*
-IceSSL::OpenSSL::loadDHParam(const char* dhfile)
-{
- assert(dhfile != 0);
-
- DH* ret = 0;
- BIO* bio = BIO_new_file(dhfile,"r");
-
- if (bio != 0)
- {
- ret = PEM_read_bio_DHparams(bio, 0, 0, 0);
- BIO_free(bio);
- }
-
- return ret;
-}
-
-DH*
-IceSSL::OpenSSL::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen)
-{
- assert(p != 0);
- assert(g != 0);
-
- DH* dh = DH_new();
-
- if (dh != 0)
- {
- dh->p = BN_bin2bn(p, plen, 0);
-
- dh->g = BN_bin2bn(g, glen, 0);
-
- if ((dh->p == 0) || (dh->g == 0))
- {
- DH_free(dh);
- dh = 0;
- }
- }
-
- return dh;
-}
-
-DH*
-IceSSL::OpenSSL::getTempDH512()
-{
- DH* dh = getTempDH(tempDiffieHellman512p, sizeof(tempDiffieHellman512p),
- tempDiffieHellman512g, sizeof(tempDiffieHellman512g));
-
- return dh;
-}
-
-string
-IceSSL::OpenSSL::sslGetErrors()
-{
- IceUtil::Mutex::Lock sync(sslErrorsMutex);
-
- string errorMessage;
- char buf[200];
- char bigBuffer[1024];
- const char* file = 0;
- const char* data = 0;
- int line = 0;
- int flags = 0;
- unsigned errorCode = 0;
- int errorNum = 1;
-
- unsigned long es = CRYPTO_thread_id();
-
- while ((errorCode = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
- {
- sprintf(bigBuffer,"%6d - Thread ID: %lu\n", errorNum, es);
- errorMessage += bigBuffer;
-
- sprintf(bigBuffer,"%6d - Error: %u\n", errorNum, errorCode);
- errorMessage += bigBuffer;
-
- // Request an error from the OpenSSL library
- ERR_error_string_n(errorCode, buf, sizeof(buf));
- sprintf(bigBuffer,"%6d - Message: %s\n", errorNum, buf);
- errorMessage += bigBuffer;
-
- sprintf(bigBuffer,"%6d - Location: %s, %d\n", errorNum, file, line);
- errorMessage += bigBuffer;
-
- if (flags & ERR_TXT_STRING)
- {
- sprintf(bigBuffer,"%6d - Data: %s\n", errorNum, data);
- errorMessage += bigBuffer;
- }
-
- errorNum++;
- }
-
- ERR_clear_error();
-
- return errorMessage;
-}
-
-extern "C"
-{
-
-RSA*
-tmpRSACallback(SSL* sslConnection, int isExport, int keyLength)
-{
- assert(sslConnection != 0);
-
- IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
- assert(sslSystem != 0);
-
- IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
- assert(openSslSystem != 0);
-
- RSA* rsaKey = openSslSystem->getRSAKey(isExport, keyLength);
- assert(rsaKey != 0);
-
- return rsaKey;
-}
-
-DH*
-tmpDHCallback(SSL* sslConnection, int isExport, int keyLength)
-{
- assert(sslConnection != 0);
-
- IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection);
- assert(sslSystem != 0);
-
- IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get());
- assert(openSslSystem != 0);
-
- DH* dh = openSslSystem->getDHParams(isExport, keyLength);
- assert(dh != 0);
-
- return dh;
-}
-
-// verifyCallback - Certificate Verification callback function.
-int
-verifyCallback(int ok, X509_STORE_CTX* ctx)
-{
- assert(ctx != 0);
-
- // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get
- // the Connection object, if only I had some way to retrieve the index of the object
- // in this function. Hence, we have to invent our own reference system here.
- SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
- assert(sslConnection != 0);
-
- IceSSL::OpenSSL::ConnectionPtr connection = IceSSL::OpenSSL::Connection::getConnection(sslConnection);
- assert(connection != 0);
-
- // Call the connection, get it to perform the verification.
- return connection->verifyCertificate(ok, ctx);
-}
-
-}
-
+// ********************************************************************** +// +// Copyright (c) 2001 +// MutableRealms, Inc. +// Huntsville, AL, USA +// +// All Rights Reserved +// +// ********************************************************************** + +#include <Ice/OpenSSLUtils.h> +#include <Ice/SystemInternalF.h> +#include <Ice/SystemOpenSSL.h> +#include <Ice/SslFactory.h> +#include <IceUtil/Mutex.h> +#include <openssl/err.h> +#include <assert.h> + +using std::string; + +// +// TODO: These Diffie-Hellman params have been blatantly stolen from +// OpenSSL's demo programs. We SHOULD define our own here, but +// these will suffice for testing purposes. Please note, these +// are not keys themselves, simply a DH Group that allows OpenSSL +// to create Diffie-Hellman keys. +// + +// Instantiation of temporary Diffie-Hellman 512bit key. +unsigned char tempDiffieHellman512p[] = +{ + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, +}; + +unsigned char tempDiffieHellman512g[] = +{ + 0x02, +}; + +// Ensures that the sslGetErrors() function is synchronized. +static ::IceUtil::Mutex sslErrorsMutex; + +// +// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time) +// are routines that have been abducted from the OpenSSL X509 library, +// and modified to work with the STL basic_string template. + +static const char *mon[12]= +{ + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" +}; + +string +IceSSL::OpenSSL::getGeneralizedTime(ASN1_GENERALIZEDTIME *tm) +{ + assert(tm != 0); + + char buf[30]; + int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + int i = tm->length; + + char* v = (char *) tm->data; + + if (i < 12) + { + goto err; + } + + if (v[i-1] == 'Z') + { + gmt=1; + } + + for (i=0; i<12; i++) + { + if ((v[i] > '9') || (v[i] < '0')) + { + goto err; + } + } + + y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0'); + M = (v[4] - '0') * 10 + (v[5] - '0'); + + if ((M > 12) || (M < 1)) + { + goto err; + } + + d = (v[6] - '0') * 10 + (v[7] - '0'); + h = (v[8] - '0') * 10 + (v[9] - '0'); + m = (v[10] - '0') * 10 + (v[11] - '0'); + + if ((v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) + { + s = (v[12] - '0') * 10 + (v[13] - '0'); + } + + sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":""); + return string(buf); + +err: + return string("Bad time value"); +} + +string +IceSSL::OpenSSL::getUTCTime(ASN1_UTCTIME *tm) +{ + assert(tm != 0); + + char buf[30]; + int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + int i = tm->length; + char* v = (char *) tm->data; + + if (i < 10) + { + goto err; + } + + if (v[i-1] == 'Z') + { + gmt=1; + } + + for (i = 0; i < 10; i++) + { + if ((v[i] > '9') || (v[i] < '0')) + { + goto err; + } + } + + y = (v[0] - '0') * 10 + (v[1] - '0'); + + if (y < 50) + { + y+=100; + } + + M = (v[2] - '0') * 10 + (v[3] - '0'); + + if ((M > 12) || (M < 1)) + { + goto err; + } + + d = (v[4] - '0') * 10 + (v[5] - '0'); + h = (v[6] - '0') * 10 + (v[7] - '0'); + m = (v[8] - '0') * 10 + (v[9] - '0'); + + if ((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) + { + s = (v[10] - '0') * 10 + (v[11] - '0'); + } + + sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":""); + return string(buf); + +err: + return string("Bad time value"); +} + +string +IceSSL::OpenSSL::getASN1time(ASN1_TIME *tm) +{ + assert(tm != 0); + + string theTime; + + switch (tm->type) + { + case V_ASN1_UTCTIME : + { + theTime = getUTCTime(tm); + break; + } + + case V_ASN1_GENERALIZEDTIME : + { + theTime = getGeneralizedTime(tm); + break; + } + + default : + { + theTime = "Bad time value"; + break; + } + } + + return theTime; +} + +DH* +IceSSL::OpenSSL::loadDHParam(const char* dhfile) +{ + assert(dhfile != 0); + + DH* ret = 0; + BIO* bio = BIO_new_file(dhfile,"r"); + + if (bio != 0) + { + ret = PEM_read_bio_DHparams(bio, 0, 0, 0); + BIO_free(bio); + } + + return ret; +} + +DH* +IceSSL::OpenSSL::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen) +{ + assert(p != 0); + assert(g != 0); + + DH* dh = DH_new(); + + if (dh != 0) + { + dh->p = BN_bin2bn(p, plen, 0); + + dh->g = BN_bin2bn(g, glen, 0); + + if ((dh->p == 0) || (dh->g == 0)) + { + DH_free(dh); + dh = 0; + } + } + + return dh; +} + +DH* +IceSSL::OpenSSL::getTempDH512() +{ + DH* dh = getTempDH(tempDiffieHellman512p, sizeof(tempDiffieHellman512p), + tempDiffieHellman512g, sizeof(tempDiffieHellman512g)); + + return dh; +} + +string +IceSSL::OpenSSL::sslGetErrors() +{ + IceUtil::Mutex::Lock sync(sslErrorsMutex); + + string errorMessage; + char buf[200]; + char bigBuffer[1024]; + const char* file = 0; + const char* data = 0; + int line = 0; + int flags = 0; + unsigned errorCode = 0; + int errorNum = 1; + + unsigned long es = CRYPTO_thread_id(); + + while ((errorCode = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) + { + sprintf(bigBuffer,"%6d - Thread ID: %lu\n", errorNum, es); + errorMessage += bigBuffer; + + sprintf(bigBuffer,"%6d - Error: %u\n", errorNum, errorCode); + errorMessage += bigBuffer; + + // Request an error from the OpenSSL library + ERR_error_string_n(errorCode, buf, sizeof(buf)); + sprintf(bigBuffer,"%6d - Message: %s\n", errorNum, buf); + errorMessage += bigBuffer; + + sprintf(bigBuffer,"%6d - Location: %s, %d\n", errorNum, file, line); + errorMessage += bigBuffer; + + if (flags & ERR_TXT_STRING) + { + sprintf(bigBuffer,"%6d - Data: %s\n", errorNum, data); + errorMessage += bigBuffer; + } + + errorNum++; + } + + ERR_clear_error(); + + return errorMessage; +} + +extern "C" +{ + +RSA* +tmpRSACallback(SSL* sslConnection, int isExport, int keyLength) +{ + assert(sslConnection != 0); + + IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection); + assert(sslSystem != 0); + + IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get()); + assert(openSslSystem != 0); + + RSA* rsaKey = openSslSystem->getRSAKey(isExport, keyLength); + assert(rsaKey != 0); + + return rsaKey; +} + +DH* +tmpDHCallback(SSL* sslConnection, int isExport, int keyLength) +{ + assert(sslConnection != 0); + + IceSSL::SystemInternalPtr sslSystem = IceSSL::Factory::getSystemFromHandle(sslConnection); + assert(sslSystem != 0); + + IceSSL::OpenSSL::System* openSslSystem = dynamic_cast<IceSSL::OpenSSL::System*>(sslSystem.get()); + assert(openSslSystem != 0); + + DH* dh = openSslSystem->getDHParams(isExport, keyLength); + assert(dh != 0); + + return dh; +} + +// verifyCallback - Certificate Verification callback function. +int +verifyCallback(int ok, X509_STORE_CTX* ctx) +{ + assert(ctx != 0); + + // Tricky method to get access to our connection. I would use SSL_get_ex_data() to get + // the Connection object, if only I had some way to retrieve the index of the object + // in this function. Hence, we have to invent our own reference system here. + SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); + assert(sslConnection != 0); + + IceSSL::OpenSSL::ConnectionPtr connection = IceSSL::OpenSSL::Connection::getConnection(sslConnection); + assert(connection != 0); + + // Call the connection, get it to perform the verification. + return connection->verifyCertificate(ok, ctx); +} + +} + |