2 // Copyright (C) 2011 Suguru Kawamoto
\r
4 // socket関連関数をOpenSSL用に置換
\r
5 // コンパイルにはOpenSSLのヘッダーファイルが必要
\r
6 // 実行にはOpenSSLのDLLが必要
\r
9 #include <mmsystem.h>
\r
10 #include <openssl/ssl.h>
\r
12 #include "socketwrapper.h"
\r
13 #include "protectprocess.h"
\r
15 typedef void (__cdecl* _SSL_load_error_strings)();
\r
16 typedef int (__cdecl* _SSL_library_init)();
\r
17 typedef SSL_METHOD* (__cdecl* _SSLv23_method)();
\r
18 typedef SSL_CTX* (__cdecl* _SSL_CTX_new)(SSL_METHOD*);
\r
19 typedef void (__cdecl* _SSL_CTX_free)(SSL_CTX*);
\r
20 typedef SSL* (__cdecl* _SSL_new)(SSL_CTX*);
\r
21 typedef void (__cdecl* _SSL_free)(SSL*);
\r
22 typedef int (__cdecl* _SSL_shutdown)(SSL*);
\r
23 typedef int (__cdecl* _SSL_get_fd)(SSL*);
\r
24 typedef int (__cdecl* _SSL_set_fd)(SSL*, int);
\r
25 typedef int (__cdecl* _SSL_accept)(SSL*);
\r
26 typedef int (__cdecl* _SSL_connect)(SSL*);
\r
27 typedef int (__cdecl* _SSL_write)(SSL*, const void*, int);
\r
28 typedef int (__cdecl* _SSL_peek)(SSL*, void*, int);
\r
29 typedef int (__cdecl* _SSL_read)(SSL*, void*, int);
\r
30 typedef int (__cdecl* _SSL_get_error)(SSL*, int);
\r
31 typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);
\r
32 typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);
\r
33 typedef SSL_SESSION* (__cdecl* _SSL_get_session)(SSL*);
\r
34 typedef int (__cdecl* _SSL_set_session)(SSL*, SSL_SESSION*);
\r
35 typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();
\r
36 typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);
\r
37 typedef int (__cdecl* _BIO_free)(BIO*);
\r
38 typedef long (__cdecl* _BIO_ctrl)(BIO*, int, long, void*);
\r
39 typedef void (__cdecl* _X509_free)(X509*);
\r
40 typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long);
\r
41 typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);
\r
42 typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);
\r
44 _SSL_load_error_strings p_SSL_load_error_strings;
\r
45 _SSL_library_init p_SSL_library_init;
\r
46 _SSLv23_method p_SSLv23_method;
\r
47 _SSL_CTX_new p_SSL_CTX_new;
\r
48 _SSL_CTX_free p_SSL_CTX_free;
\r
50 _SSL_free p_SSL_free;
\r
51 _SSL_shutdown p_SSL_shutdown;
\r
52 _SSL_get_fd p_SSL_get_fd;
\r
53 _SSL_set_fd p_SSL_set_fd;
\r
54 _SSL_accept p_SSL_accept;
\r
55 _SSL_connect p_SSL_connect;
\r
56 _SSL_write p_SSL_write;
\r
57 _SSL_peek p_SSL_peek;
\r
58 _SSL_read p_SSL_read;
\r
59 _SSL_get_error p_SSL_get_error;
\r
60 _SSL_get_peer_certificate p_SSL_get_peer_certificate;
\r
61 _SSL_get_verify_result p_SSL_get_verify_result;
\r
62 _SSL_get_session p_SSL_get_session;
\r
63 _SSL_set_session p_SSL_set_session;
\r
64 _BIO_s_mem p_BIO_s_mem;
\r
66 _BIO_free p_BIO_free;
\r
67 _BIO_ctrl p_BIO_ctrl;
\r
68 _X509_free p_X509_free;
\r
69 _X509_print_ex p_X509_print_ex;
\r
70 _X509_get_subject_name p_X509_get_subject_name;
\r
71 _X509_NAME_print_ex p_X509_NAME_print_ex;
\r
73 #define MAX_SSL_SOCKET 16
\r
75 BOOL g_bOpenSSLLoaded;
\r
77 HMODULE g_hOpenSSLCommon;
\r
78 CRITICAL_SECTION g_OpenSSLLock;
\r
79 DWORD g_OpenSSLTimeout;
\r
80 LPSSLTIMEOUTCALLBACK g_pOpenSSLTimeoutCallback;
\r
81 LPSSLCONFIRMCALLBACK g_pOpenSSLConfirmCallback;
\r
82 SSL_CTX* g_pOpenSSLCTX;
\r
83 SSL* g_pOpenSSLHandle[MAX_SSL_SOCKET];
\r
85 BOOL __stdcall DefaultSSLTimeoutCallback(BOOL* pbAborted)
\r
91 BOOL __stdcall DefaultSSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)
\r
98 if(g_bOpenSSLLoaded)
\r
100 #ifdef ENABLE_PROCESS_PROTECTION
\r
101 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
\r
102 // ssleay32.dll 1.0.0e
\r
103 // libssl32.dll 1.0.0e
\r
104 RegisterTrustedModuleSHA1Hash("\x4E\xB7\xA0\x22\x14\x4B\x58\x6D\xBC\xF5\x21\x0D\x96\x78\x0D\x79\x7D\x66\xB2\xB0");
\r
105 // libeay32.dll 1.0.0e
\r
106 RegisterTrustedModuleSHA1Hash("\x01\x32\x7A\xAE\x69\x26\xE6\x58\xC7\x63\x22\x1E\x53\x5A\x78\xBC\x61\xC7\xB5\xC1");
\r
108 g_hOpenSSL = LoadLibrary("ssleay32.dll");
\r
110 g_hOpenSSL = LoadLibrary("libssl32.dll");
\r
112 || !(p_SSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))
\r
113 || !(p_SSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))
\r
114 || !(p_SSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))
\r
115 || !(p_SSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))
\r
116 || !(p_SSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))
\r
117 || !(p_SSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))
\r
118 || !(p_SSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))
\r
119 || !(p_SSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))
\r
120 || !(p_SSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))
\r
121 || !(p_SSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))
\r
122 || !(p_SSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))
\r
123 || !(p_SSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))
\r
124 || !(p_SSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))
\r
125 || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))
\r
126 || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))
\r
127 || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error"))
\r
128 || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate"))
\r
129 || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result"))
\r
130 || !(p_SSL_get_session = (_SSL_get_session)GetProcAddress(g_hOpenSSL, "SSL_get_session"))
\r
131 || !(p_SSL_set_session = (_SSL_set_session)GetProcAddress(g_hOpenSSL, "SSL_set_session")))
\r
134 FreeLibrary(g_hOpenSSL);
\r
138 g_hOpenSSLCommon = LoadLibrary("libeay32.dll");
\r
139 if(!g_hOpenSSLCommon
\r
140 || !(p_BIO_s_mem = (_BIO_s_mem)GetProcAddress(g_hOpenSSLCommon, "BIO_s_mem"))
\r
141 || !(p_BIO_new = (_BIO_new)GetProcAddress(g_hOpenSSLCommon, "BIO_new"))
\r
142 || !(p_BIO_free = (_BIO_free)GetProcAddress(g_hOpenSSLCommon, "BIO_free"))
\r
143 || !(p_BIO_ctrl = (_BIO_ctrl)GetProcAddress(g_hOpenSSLCommon, "BIO_ctrl"))
\r
144 || !(p_X509_free = (_X509_free)GetProcAddress(g_hOpenSSLCommon, "X509_free"))
\r
145 || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))
\r
146 || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))
\r
147 || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex")))
\r
150 FreeLibrary(g_hOpenSSL);
\r
152 if(g_hOpenSSLCommon)
\r
153 FreeLibrary(g_hOpenSSLCommon);
\r
154 g_hOpenSSLCommon = NULL;
\r
157 InitializeCriticalSection(&g_OpenSSLLock);
\r
158 p_SSL_load_error_strings();
\r
159 p_SSL_library_init();
\r
160 SetSSLTimeoutCallback(60000, DefaultSSLTimeoutCallback);
\r
161 SetSSLConfirmCallback(DefaultSSLConfirmCallback);
\r
162 g_bOpenSSLLoaded = TRUE;
\r
169 if(!g_bOpenSSLLoaded)
\r
171 EnterCriticalSection(&g_OpenSSLLock);
\r
172 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
174 if(g_pOpenSSLHandle[i])
\r
176 p_SSL_shutdown(g_pOpenSSLHandle[i]);
\r
177 p_SSL_free(g_pOpenSSLHandle[i]);
\r
178 g_pOpenSSLHandle[i] = NULL;
\r
182 p_SSL_CTX_free(g_pOpenSSLCTX);
\r
183 g_pOpenSSLCTX = NULL;
\r
184 FreeLibrary(g_hOpenSSL);
\r
186 FreeLibrary(g_hOpenSSLCommon);
\r
187 g_hOpenSSLCommon = NULL;
\r
188 LeaveCriticalSection(&g_OpenSSLLock);
\r
189 DeleteCriticalSection(&g_OpenSSLLock);
\r
190 g_bOpenSSLLoaded = FALSE;
\r
193 BOOL IsOpenSSLLoaded()
\r
195 return g_bOpenSSLLoaded;
\r
198 SSL** GetUnusedSSLPointer()
\r
201 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
203 if(!g_pOpenSSLHandle[i])
\r
204 return &g_pOpenSSLHandle[i];
\r
209 SSL** FindSSLPointerFromSocket(SOCKET s)
\r
212 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
214 if(g_pOpenSSLHandle[i])
\r
216 if(p_SSL_get_fd(g_pOpenSSLHandle[i]) == s)
\r
217 return &g_pOpenSSLHandle[i];
\r
223 BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted)
\r
239 if(pX509 = p_SSL_get_peer_certificate(pSSL))
\r
241 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
243 p_X509_print_ex(pBIO, pX509, 0, XN_FLAG_RFC2253);
\r
244 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
246 if(pData = (char*)malloc(Length + sizeof(char)))
\r
248 memcpy(pData, pBuffer, Length);
\r
249 *(char*)((size_t)pData + Length) = '\0';
\r
254 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
256 p_X509_NAME_print_ex(pBIO, p_X509_get_subject_name(pX509), 0, XN_FLAG_RFC2253);
\r
257 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
259 if(pSubject = (char*)malloc(Length + sizeof(char)))
\r
261 memcpy(pSubject, pBuffer, Length);
\r
262 *(char*)((size_t)pSubject + Length) = '\0';
\r
267 p_X509_free(pX509);
\r
269 if(p_SSL_get_verify_result(pSSL) == X509_V_OK)
\r
274 if(strncmp(pCN, "CN=", strlen("CN=")) == 0)
\r
276 pCN += strlen("CN=");
\r
277 if(p = strchr(pCN, ','))
\r
281 if(pCN = strchr(pCN, ','))
\r
284 bResult = g_pOpenSSLConfirmCallback(pbAborted, bVerified, pData, pCN);
\r
292 void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)
\r
294 if(!g_bOpenSSLLoaded)
\r
296 EnterCriticalSection(&g_OpenSSLLock);
\r
297 g_OpenSSLTimeout = Timeout;
\r
298 g_pOpenSSLTimeoutCallback = pCallback;
\r
299 LeaveCriticalSection(&g_OpenSSLLock);
\r
302 void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)
\r
304 if(!g_bOpenSSLLoaded)
\r
306 EnterCriticalSection(&g_OpenSSLLock);
\r
307 g_pOpenSSLConfirmCallback = pCallback;
\r
308 LeaveCriticalSection(&g_OpenSSLLock);
\r
311 BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName)
\r
316 if(HostName && CommonName)
\r
318 if(pAsterisk = strchr(CommonName, '*'))
\r
320 if(_strnicmp(HostName, CommonName, ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char)) == 0)
\r
322 while(*pAsterisk == '*')
\r
326 if(_stricmp(HostName + strlen(HostName) - strlen(pAsterisk), pAsterisk) == 0)
\r
330 else if(_stricmp(HostName, CommonName) == 0)
\r
336 BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted)
\r
342 SSL_SESSION* pSession;
\r
345 if(!g_bOpenSSLLoaded)
\r
348 Time = timeGetTime();
\r
349 EnterCriticalSection(&g_OpenSSLLock);
\r
351 g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());
\r
354 if(ppSSL = GetUnusedSSLPointer())
\r
356 if(*ppSSL = p_SSL_new(g_pOpenSSLCTX))
\r
358 if(p_SSL_set_fd(*ppSSL, s) != 0)
\r
360 if(parent != INVALID_SOCKET)
\r
362 if(ppSSLParent = FindSSLPointerFromSocket(parent))
\r
364 if(pSession = p_SSL_get_session(*ppSSLParent))
\r
366 if(p_SSL_set_session(*ppSSL, pSession) == 1)
\r
372 // SSLのネゴシエーションには時間がかかる場合がある
\r
376 Return = p_SSL_connect(*ppSSL);
\r
379 Error = p_SSL_get_error(*ppSSL, Return);
\r
380 if(Error == SSL_ERROR_WANT_READ || Error == SSL_ERROR_WANT_WRITE)
\r
382 LeaveCriticalSection(&g_OpenSSLLock);
\r
383 if(g_pOpenSSLTimeoutCallback(pbAborted) || (g_OpenSSLTimeout > 0 && timeGetTime() - Time >= g_OpenSSLTimeout))
\r
385 EnterCriticalSection(&g_OpenSSLLock);
\r
392 if(ConfirmSSLCertificate(*ppSSL, pbAborted))
\r
397 LeaveCriticalSection(&g_OpenSSLLock);
\r
400 EnterCriticalSection(&g_OpenSSLLock);
\r
405 LeaveCriticalSection(&g_OpenSSLLock);
\r
407 EnterCriticalSection(&g_OpenSSLLock);
\r
412 LeaveCriticalSection(&g_OpenSSLLock);
\r
414 EnterCriticalSection(&g_OpenSSLLock);
\r
419 LeaveCriticalSection(&g_OpenSSLLock);
\r
423 BOOL DetachSSL(SOCKET s)
\r
427 if(!g_bOpenSSLLoaded)
\r
430 EnterCriticalSection(&g_OpenSSLLock);
\r
431 if(ppSSL = FindSSLPointerFromSocket(s))
\r
433 p_SSL_shutdown(*ppSSL);
\r
434 p_SSL_free(*ppSSL);
\r
438 LeaveCriticalSection(&g_OpenSSLLock);
\r
442 BOOL IsSSLAttached(SOCKET s)
\r
445 if(!g_bOpenSSLLoaded)
\r
447 EnterCriticalSection(&g_OpenSSLLock);
\r
448 ppSSL = FindSSLPointerFromSocket(s);
\r
449 LeaveCriticalSection(&g_OpenSSLLock);
\r
455 SOCKET socketS(int af, int type, int protocol)
\r
457 return socket(af, type, protocol);
\r
460 int bindS(SOCKET s, const struct sockaddr *addr, int namelen)
\r
462 return bind(s, addr, namelen);
\r
465 int listenS(SOCKET s, int backlog)
\r
467 return listen(s, backlog);
\r
470 SOCKET acceptS(SOCKET s, struct sockaddr *addr, int *addrlen)
\r
474 r = accept(s, addr, addrlen);
\r
476 if(!AttachSSL(r, INVALID_SOCKET, &bAborted))
\r
479 return INVALID_SOCKET;
\r
484 int connectS(SOCKET s, const struct sockaddr *name, int namelen)
\r
488 r = connect(s, name, namelen);
\r
490 if(!AttachSSL(r, INVALID_SOCKET, &bAborted))
\r
491 return SOCKET_ERROR;
\r
495 int closesocketS(SOCKET s)
\r
498 return closesocket(s);
\r
501 int sendS(SOCKET s, const char * buf, int len, int flags)
\r
504 if(!g_bOpenSSLLoaded)
\r
505 return send(s, buf, len, flags);
\r
506 EnterCriticalSection(&g_OpenSSLLock);
\r
507 ppSSL = FindSSLPointerFromSocket(s);
\r
508 LeaveCriticalSection(&g_OpenSSLLock);
\r
510 return send(s, buf, len, flags);
\r
511 return p_SSL_write(*ppSSL, buf, len);
\r
514 int recvS(SOCKET s, char * buf, int len, int flags)
\r
517 if(!g_bOpenSSLLoaded)
\r
518 return recv(s, buf, len, flags);
\r
519 EnterCriticalSection(&g_OpenSSLLock);
\r
520 ppSSL = FindSSLPointerFromSocket(s);
\r
521 LeaveCriticalSection(&g_OpenSSLLock);
\r
523 return recv(s, buf, len, flags);
\r
524 if(flags & MSG_PEEK)
\r
525 return p_SSL_peek(*ppSSL, buf, len);
\r
526 return p_SSL_read(*ppSSL, buf, len);
\r