void OpenSSLInitializer::initialize()
{
Poco::FastMutex::ScopedLock lock(_mutex);
if (++_rc == 1)
{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new Poco::FastMutex[nMutexes];
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS // SF# 1828231: random unhandled exceptions when linking with ssl
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
#endif
CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
}
}
void OpenSSLInitializer::initialize()
{
if (++_rc == 1)
{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
OPENSSL_config(NULL);
#endif
if(! _disableSSLInitialization) {
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
}
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
if(CRYPTO_get_locking_callback() == NULL) {
int nMutexes = CRYPTO_num_locks();
_mutexes = new Poco::FastMutex[nMutexes];
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS
// Not needed on Windows (see SF #110: random unhandled exceptions when linking with ssl).
// https://sourceforge.net/p/poco/bugs/110/
//
// From http://www.openssl.org/docs/crypto/threads.html :
// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(),
// then a default implementation is used - on Windows and BeOS this uses the system's
// default thread identifying APIs"
#ifndef OPENSSL_NO_DEPRECATED
CRYPTO_set_id_callback(&OpenSSLInitializer::id);
#else
CRYPTO_THREADID tid;
CRYPTO_THREADID_set_numeric(&tid, OpenSSLInitializer::id());
#endif /* OPENSSL_NO_DEPRECATED */
#endif
CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
}
}
}
void SSLInitializer::initialize()
{
if (++_rc == 1)
{
poco_assert (1 == SSL_library_init()); // always returns 1
SSL_load_error_strings();
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks();
_mutexes = new FastMutex[nMutexes];
CRYPTO_set_locking_callback(&SSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS // SF# 1828231: random unhandled exceptions when linking with ssl
CRYPTO_set_id_callback(&SSLInitializer::id);
#endif
CRYPTO_set_dynlock_create_callback(&SSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&SSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&SSLInitializer::dynlockDestroy);
}
}
// TODO make perhaps a FlowHandshake
UInt8 Handshake::handshakeHandler(UInt8 id,PacketReader& request,PacketWriter& response) {
switch(id){
case 0x30: {
request.read8(); // passer un caractere (boite dans boite)
UInt8 epdLen = request.read8()-1;
UInt8 type = request.read8();
string epd;
request.readRaw(epdLen,epd);
string tag;
request.readRaw(16,tag);
response.writeString8(tag);
// UDP hole punching
if(type == 0x0f)
return _gateway.p2pHandshake(tag,response,peer().address,(const UInt8*)epd.c_str());
if(type == 0x0a){
/// Handshake
// RESPONSE 38
// New Cookie
char cookie[65];
RandomInputStream ris;
ris.read(cookie,64);
cookie[64]='\0';
response.write8(64);
response.writeRaw(cookie,64);
_cookies[cookie] = new Cookie(epd);
// instance id (certificat in the middle)
response.writeRaw(_certificat,sizeof(_certificat));
return 0x70;
} else {
ERROR("Unkown handshake first way with '%02x' type",type);
}
break;
}
case 0x38: {
_farId = request.read32();
string cookie;
request.readRaw(request.read8(),cookie);
map<string,Cookie*>::iterator itCookie = _cookies.find(cookie.c_str());
if(itCookie==_cookies.end()) {
ERROR("Handshake cookie '%s' unknown",cookie.c_str());
return 0;
}
request.read8(); // why 0x81?
// signature
string farSignature;
request.readString8(farSignature); // 81 02 1D 02 stable
// farPubKeyPart
UInt8 farPubKeyPart[128];
request.readRaw((char*)farPubKeyPart,sizeof(farPubKeyPart));
string farCertificat;
request.readString8(farCertificat);
// peerId = SHA256(farSignature+farPubKey)
string temp(farSignature);
temp.append((char*)farPubKeyPart,sizeof(farPubKeyPart));
EVP_Digest(temp.c_str(),temp.size(),(UInt8*)peer().id,NULL,EVP_sha256(),NULL);
// Compute Diffie-Hellman secret
UInt8 pubKey[128];
UInt8 sharedSecret[128];
RTMFP::EndDiffieHellman(RTMFP::BeginDiffieHellman(pubKey),farPubKeyPart,sharedSecret);
// Compute Keys
UInt8 requestKey[AES_KEY_SIZE];
UInt8 responseKey[AES_KEY_SIZE];
RTMFP::ComputeAsymetricKeys(sharedSecret,pubKey,_signature,farCertificat,requestKey,responseKey);
// RESPONSE
Util::UnpackUrl(itCookie->second->queryUrl,(string&)peer().path,(map<string,string>&)peer().parameters);
response << _gateway.createSession(_farId,peer(),requestKey,responseKey);
response.write8(0x81);
response.writeString8(_signature);
response.writeRaw((char*)pubKey,sizeof(pubKey));
response.write8(0x58);
// remove cookie
_cookies.erase(itCookie);
// db_add_public(s); // TODO
return 0x78;
}
default:
ERROR("Unkown handshake packet id '%02x'",id);
}
return 0;
}