2 // Copyright (C) 2011 Suguru Kawamoto
\r
4 // socket関連関数をOpenSSL用に置換
\r
6 // コンパイルにはOpenSSLのヘッダーファイルが必要
\r
7 // 実行にはOpenSSLのDLLが必要
\r
9 #include <ws2tcpip.h>
\r
10 #include <windows.h>
\r
11 #include <mmsystem.h>
\r
12 #include <openssl/ssl.h>
\r
14 #include "socketwrapper.h"
\r
15 #include "protectprocess.h"
\r
16 #include "mbswrapper.h"
\r
17 #include "punycode.h"
\r
21 typedef void (__cdecl* _SSL_load_error_strings)();
\r
22 typedef int (__cdecl* _SSL_library_init)();
\r
23 typedef SSL_METHOD* (__cdecl* _SSLv23_method)();
\r
24 typedef SSL* (__cdecl* _SSL_new)(SSL_CTX*);
\r
25 typedef void (__cdecl* _SSL_free)(SSL*);
\r
26 typedef long (__cdecl* _SSL_ctrl)(SSL*, int, long, void*);
\r
27 typedef int (__cdecl* _SSL_shutdown)(SSL*);
\r
28 typedef int (__cdecl* _SSL_get_fd)(SSL*);
\r
29 typedef int (__cdecl* _SSL_set_fd)(SSL*, int);
\r
30 typedef int (__cdecl* _SSL_accept)(SSL*);
\r
31 typedef int (__cdecl* _SSL_connect)(SSL*);
\r
32 typedef int (__cdecl* _SSL_write)(SSL*, const void*, int);
\r
33 typedef int (__cdecl* _SSL_peek)(SSL*, void*, int);
\r
34 typedef int (__cdecl* _SSL_read)(SSL*, void*, int);
\r
35 typedef int (__cdecl* _SSL_get_error)(SSL*, int);
\r
36 typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);
\r
37 typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);
\r
38 typedef SSL_SESSION* (__cdecl* _SSL_get_session)(SSL*);
\r
39 typedef int (__cdecl* _SSL_set_session)(SSL*, SSL_SESSION*);
\r
40 typedef int (__cdecl* _SSL_set_cipher_list)(SSL*, const char*);
\r
41 typedef SSL_CTX* (__cdecl* _SSL_CTX_new)(SSL_METHOD*);
\r
42 typedef void (__cdecl* _SSL_CTX_free)(SSL_CTX*);
\r
43 typedef X509_STORE* (__cdecl* _SSL_CTX_get_cert_store)(const SSL_CTX*);
\r
44 typedef long (__cdecl* _SSL_CTX_ctrl)(SSL_CTX*, int, long, void*);
\r
45 typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();
\r
46 typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);
\r
47 typedef int (__cdecl* _BIO_free)(BIO*);
\r
48 typedef BIO* (__cdecl* _BIO_new_mem_buf)(void*, int);
\r
49 typedef long (__cdecl* _BIO_ctrl)(BIO*, int, long, void*);
\r
50 typedef void (__cdecl* _X509_free)(X509*);
\r
51 typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long);
\r
52 typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);
\r
53 typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);
\r
54 typedef void (__cdecl* _X509_CRL_free)(X509_CRL*);
\r
55 typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PrivateKey)(BIO*, EVP_PKEY**, pem_password_cb*, void*);
\r
56 typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PUBKEY)(BIO*, EVP_PKEY**, pem_password_cb*, void*);
\r
57 typedef X509* (__cdecl* _PEM_read_bio_X509)(BIO*, X509**, pem_password_cb*, void*);
\r
58 typedef X509_CRL* (__cdecl* _PEM_read_bio_X509_CRL)(BIO*, X509_CRL**, pem_password_cb*, void*);
\r
59 typedef int (__cdecl* _X509_STORE_add_cert)(X509_STORE*, X509*);
\r
60 typedef int (__cdecl* _X509_STORE_add_crl)(X509_STORE*, X509_CRL*);
\r
61 typedef void (__cdecl* _EVP_PKEY_free)(EVP_PKEY*);
\r
62 typedef RSA* (__cdecl* _EVP_PKEY_get1_RSA)(EVP_PKEY*);
\r
63 typedef void (__cdecl* _RSA_free)(RSA*);
\r
64 typedef int (__cdecl* _RSA_size)(const RSA*);
\r
65 typedef int (__cdecl* _RSA_private_encrypt)(int, const unsigned char*, unsigned char*, RSA*, int);
\r
66 typedef int (__cdecl* _RSA_public_decrypt)(int, const unsigned char*, unsigned char*, RSA*, int);
\r
67 typedef unsigned char* (__cdecl* _SHA1)(const unsigned char*, size_t, unsigned char*);
\r
68 typedef unsigned char* (__cdecl* _SHA224)(const unsigned char*, size_t, unsigned char*);
\r
69 typedef unsigned char* (__cdecl* _SHA256)(const unsigned char*, size_t, unsigned char*);
\r
70 typedef unsigned char* (__cdecl* _SHA384)(const unsigned char*, size_t, unsigned char*);
\r
71 typedef unsigned char* (__cdecl* _SHA512)(const unsigned char*, size_t, unsigned char*);
\r
73 _SSL_load_error_strings p_SSL_load_error_strings;
\r
74 _SSL_library_init p_SSL_library_init;
\r
75 _SSLv23_method p_SSLv23_method;
\r
77 _SSL_free p_SSL_free;
\r
78 _SSL_ctrl p_SSL_ctrl;
\r
79 _SSL_shutdown p_SSL_shutdown;
\r
80 _SSL_get_fd p_SSL_get_fd;
\r
81 _SSL_set_fd p_SSL_set_fd;
\r
82 _SSL_accept p_SSL_accept;
\r
83 _SSL_connect p_SSL_connect;
\r
84 _SSL_write p_SSL_write;
\r
85 _SSL_peek p_SSL_peek;
\r
86 _SSL_read p_SSL_read;
\r
87 _SSL_get_error p_SSL_get_error;
\r
88 _SSL_get_peer_certificate p_SSL_get_peer_certificate;
\r
89 _SSL_get_verify_result p_SSL_get_verify_result;
\r
90 _SSL_get_session p_SSL_get_session;
\r
91 _SSL_set_session p_SSL_set_session;
\r
92 _SSL_set_cipher_list p_SSL_set_cipher_list;
\r
93 _SSL_CTX_new p_SSL_CTX_new;
\r
94 _SSL_CTX_free p_SSL_CTX_free;
\r
95 _SSL_CTX_get_cert_store p_SSL_CTX_get_cert_store;
\r
96 _SSL_CTX_ctrl p_SSL_CTX_ctrl;
\r
97 _BIO_s_mem p_BIO_s_mem;
\r
99 _BIO_free p_BIO_free;
\r
100 _BIO_new_mem_buf p_BIO_new_mem_buf;
\r
101 _BIO_ctrl p_BIO_ctrl;
\r
102 _X509_free p_X509_free;
\r
103 _X509_print_ex p_X509_print_ex;
\r
104 _X509_get_subject_name p_X509_get_subject_name;
\r
105 _X509_NAME_print_ex p_X509_NAME_print_ex;
\r
106 _X509_CRL_free p_X509_CRL_free;
\r
107 _PEM_read_bio_PrivateKey p_PEM_read_bio_PrivateKey;
\r
108 _PEM_read_bio_PUBKEY p_PEM_read_bio_PUBKEY;
\r
109 _PEM_read_bio_X509 p_PEM_read_bio_X509;
\r
110 _PEM_read_bio_X509_CRL p_PEM_read_bio_X509_CRL;
\r
111 _X509_STORE_add_cert p_X509_STORE_add_cert;
\r
112 _X509_STORE_add_crl p_X509_STORE_add_crl;
\r
113 _EVP_PKEY_free p_EVP_PKEY_free;
\r
114 _EVP_PKEY_get1_RSA p_EVP_PKEY_get1_RSA;
\r
115 _RSA_free p_RSA_free;
\r
116 _RSA_size p_RSA_size;
\r
117 _RSA_private_encrypt p_RSA_private_encrypt;
\r
118 _RSA_public_decrypt p_RSA_public_decrypt;
\r
125 #define MAX_SSL_SOCKET 16
\r
127 BOOL g_bOpenSSLLoaded;
\r
128 HMODULE g_hOpenSSL;
\r
129 HMODULE g_hOpenSSLCommon;
\r
130 CRITICAL_SECTION g_OpenSSLLock;
\r
131 DWORD g_OpenSSLTimeout;
\r
132 LPSSLTIMEOUTCALLBACK g_pOpenSSLTimeoutCallback;
\r
133 LPSSLCONFIRMCALLBACK g_pOpenSSLConfirmCallback;
\r
134 SSL_CTX* g_pOpenSSLCTX;
\r
135 SSL* g_pOpenSSLHandle[MAX_SSL_SOCKET];
\r
137 BOOL __stdcall DefaultSSLTimeoutCallback(BOOL* pbAborted)
\r
143 BOOL __stdcall DefaultSSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)
\r
151 if(g_bOpenSSLLoaded)
\r
153 #ifdef ENABLE_PROCESS_PROTECTION
\r
154 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
\r
155 #if defined(_M_IX86)
\r
156 // ssleay32.dll 1.0.2d
\r
157 RegisterTrustedModuleSHA1Hash("\x62\x0F\x18\x08\xDC\x7D\x84\xB5\xBF\xFE\x65\xF7\xEB\x02\x87\xF9\xE0\x0B\x9D\x0B");
\r
158 // libeay32.dll 1.0.2d
\r
159 RegisterTrustedModuleSHA1Hash("\x2E\x10\xA6\xD2\x3D\x94\x00\xB8\x87\x17\x6D\x12\xB5\x9A\x68\xE7\xFC\x11\xAC\x14");
\r
160 #elif defined(_M_AMD64)
\r
161 // ssleay32.dll 1.0.2d
\r
162 RegisterTrustedModuleSHA1Hash("\xD1\xE2\xC3\xA0\xEB\x28\xD0\x15\x2E\x0E\x9E\x3E\xF5\xF7\x42\x45\x58\xA2\x5E\xD1");
\r
163 // libeay32.dll 1.0.2d
\r
164 RegisterTrustedModuleSHA1Hash("\xE4\x26\xA0\xC7\x95\xA3\x2B\x9A\x9A\x43\x6A\xA6\xEA\x00\x34\xAD\xBC\x63\x68\x46");
\r
167 g_hOpenSSL = LoadLibrary("ssleay32.dll");
\r
168 // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止
\r
170 // g_hOpenSSL = LoadLibrary("libssl32.dll");
\r
172 || !(p_SSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))
\r
173 || !(p_SSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))
\r
174 || !(p_SSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))
\r
175 || !(p_SSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))
\r
176 || !(p_SSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))
\r
177 || !(p_SSL_ctrl = (_SSL_ctrl)GetProcAddress(g_hOpenSSL, "SSL_ctrl"))
\r
178 || !(p_SSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))
\r
179 || !(p_SSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))
\r
180 || !(p_SSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))
\r
181 || !(p_SSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))
\r
182 || !(p_SSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))
\r
183 || !(p_SSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))
\r
184 || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))
\r
185 || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))
\r
186 || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error"))
\r
187 || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate"))
\r
188 || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result"))
\r
189 || !(p_SSL_get_session = (_SSL_get_session)GetProcAddress(g_hOpenSSL, "SSL_get_session"))
\r
190 || !(p_SSL_set_session = (_SSL_set_session)GetProcAddress(g_hOpenSSL, "SSL_set_session"))
\r
191 || !(p_SSL_set_cipher_list = (_SSL_set_cipher_list)GetProcAddress(g_hOpenSSL, "SSL_set_cipher_list"))
\r
192 || !(p_SSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))
\r
193 || !(p_SSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))
\r
194 || !(p_SSL_CTX_get_cert_store = (_SSL_CTX_get_cert_store)GetProcAddress(g_hOpenSSL, "SSL_CTX_get_cert_store"))
\r
195 || !(p_SSL_CTX_ctrl = (_SSL_CTX_ctrl)GetProcAddress(g_hOpenSSL, "SSL_CTX_ctrl")))
\r
198 FreeLibrary(g_hOpenSSL);
\r
202 g_hOpenSSLCommon = LoadLibrary("libeay32.dll");
\r
203 if(!g_hOpenSSLCommon
\r
204 || !(p_BIO_s_mem = (_BIO_s_mem)GetProcAddress(g_hOpenSSLCommon, "BIO_s_mem"))
\r
205 || !(p_BIO_new = (_BIO_new)GetProcAddress(g_hOpenSSLCommon, "BIO_new"))
\r
206 || !(p_BIO_free = (_BIO_free)GetProcAddress(g_hOpenSSLCommon, "BIO_free"))
\r
207 || !(p_BIO_new_mem_buf = (_BIO_new_mem_buf)GetProcAddress(g_hOpenSSLCommon, "BIO_new_mem_buf"))
\r
208 || !(p_BIO_ctrl = (_BIO_ctrl)GetProcAddress(g_hOpenSSLCommon, "BIO_ctrl"))
\r
209 || !(p_X509_free = (_X509_free)GetProcAddress(g_hOpenSSLCommon, "X509_free"))
\r
210 || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))
\r
211 || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))
\r
212 || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex"))
\r
213 || !(p_X509_CRL_free = (_X509_CRL_free)GetProcAddress(g_hOpenSSLCommon, "X509_CRL_free"))
\r
214 || !(p_PEM_read_bio_PrivateKey = (_PEM_read_bio_PrivateKey)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PrivateKey"))
\r
215 || !(p_PEM_read_bio_PUBKEY = (_PEM_read_bio_PUBKEY)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PUBKEY"))
\r
216 || !(p_PEM_read_bio_X509 = (_PEM_read_bio_X509)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509"))
\r
217 || !(p_PEM_read_bio_X509_CRL = (_PEM_read_bio_X509_CRL)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509_CRL"))
\r
218 || !(p_X509_STORE_add_cert = (_X509_STORE_add_cert)GetProcAddress(g_hOpenSSLCommon, "X509_STORE_add_cert"))
\r
219 || !(p_X509_STORE_add_crl = (_X509_STORE_add_crl)GetProcAddress(g_hOpenSSLCommon, "X509_STORE_add_crl"))
\r
220 || !(p_EVP_PKEY_free = (_EVP_PKEY_free)GetProcAddress(g_hOpenSSLCommon, "EVP_PKEY_free"))
\r
221 || !(p_EVP_PKEY_get1_RSA = (_EVP_PKEY_get1_RSA)GetProcAddress(g_hOpenSSLCommon, "EVP_PKEY_get1_RSA"))
\r
222 || !(p_RSA_free = (_RSA_free)GetProcAddress(g_hOpenSSLCommon, "RSA_free"))
\r
223 || !(p_RSA_size = (_RSA_size)GetProcAddress(g_hOpenSSLCommon, "RSA_size"))
\r
224 || !(p_RSA_private_encrypt = (_RSA_private_encrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_private_encrypt"))
\r
225 || !(p_RSA_public_decrypt = (_RSA_public_decrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_public_decrypt"))
\r
226 || !(p_SHA1 = (_SHA1)GetProcAddress(g_hOpenSSLCommon, "SHA1"))
\r
227 || !(p_SHA224 = (_SHA224)GetProcAddress(g_hOpenSSLCommon, "SHA224"))
\r
228 || !(p_SHA256 = (_SHA256)GetProcAddress(g_hOpenSSLCommon, "SHA256"))
\r
229 || !(p_SHA384 = (_SHA384)GetProcAddress(g_hOpenSSLCommon, "SHA384"))
\r
230 || !(p_SHA512 = (_SHA512)GetProcAddress(g_hOpenSSLCommon, "SHA512")))
\r
233 FreeLibrary(g_hOpenSSL);
\r
235 if(g_hOpenSSLCommon)
\r
236 FreeLibrary(g_hOpenSSLCommon);
\r
237 g_hOpenSSLCommon = NULL;
\r
240 InitializeCriticalSection(&g_OpenSSLLock);
\r
241 p_SSL_load_error_strings();
\r
242 p_SSL_library_init();
\r
243 SetSSLTimeoutCallback(60000, DefaultSSLTimeoutCallback);
\r
244 SetSSLConfirmCallback(DefaultSSLConfirmCallback);
\r
245 g_bOpenSSLLoaded = TRUE;
\r
253 if(!g_bOpenSSLLoaded)
\r
255 EnterCriticalSection(&g_OpenSSLLock);
\r
256 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
258 if(g_pOpenSSLHandle[i])
\r
260 p_SSL_shutdown(g_pOpenSSLHandle[i]);
\r
261 p_SSL_free(g_pOpenSSLHandle[i]);
\r
262 g_pOpenSSLHandle[i] = NULL;
\r
266 p_SSL_CTX_free(g_pOpenSSLCTX);
\r
267 g_pOpenSSLCTX = NULL;
\r
268 FreeLibrary(g_hOpenSSL);
\r
270 FreeLibrary(g_hOpenSSLCommon);
\r
271 g_hOpenSSLCommon = NULL;
\r
272 LeaveCriticalSection(&g_OpenSSLLock);
\r
273 DeleteCriticalSection(&g_OpenSSLLock);
\r
274 g_bOpenSSLLoaded = FALSE;
\r
277 // OpenSSLが使用可能かどうか確認
\r
278 BOOL IsOpenSSLLoaded()
\r
280 return g_bOpenSSLLoaded;
\r
283 SSL** GetUnusedSSLPointer()
\r
286 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
288 if(!g_pOpenSSLHandle[i])
\r
289 return &g_pOpenSSLHandle[i];
\r
294 SSL** FindSSLPointerFromSocket(SOCKET s)
\r
297 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
299 if(g_pOpenSSLHandle[i])
\r
301 if(p_SSL_get_fd(g_pOpenSSLHandle[i]) == s)
\r
302 return &g_pOpenSSLHandle[i];
\r
308 BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted)
\r
324 if(pX509 = p_SSL_get_peer_certificate(pSSL))
\r
326 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
328 p_X509_print_ex(pBIO, pX509, 0, XN_FLAG_RFC2253);
\r
329 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
331 if(pData = (char*)malloc(Length + sizeof(char)))
\r
333 memcpy(pData, pBuffer, Length);
\r
334 *(char*)((size_t)pData + Length) = '\0';
\r
339 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
341 p_X509_NAME_print_ex(pBIO, p_X509_get_subject_name(pX509), 0, XN_FLAG_RFC2253);
\r
342 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
344 if(pSubject = (char*)malloc(Length + sizeof(char)))
\r
346 memcpy(pSubject, pBuffer, Length);
\r
347 *(char*)((size_t)pSubject + Length) = '\0';
\r
352 p_X509_free(pX509);
\r
354 if(pX509 && p_SSL_get_verify_result(pSSL) == X509_V_OK)
\r
359 if(strncmp(pCN, "CN=", strlen("CN=")) == 0)
\r
361 pCN += strlen("CN=");
\r
362 if(p = strchr(pCN, ','))
\r
366 if(pCN = strchr(pCN, ','))
\r
369 bResult = g_pOpenSSLConfirmCallback(pbAborted, bVerified, pData, pCN);
\r
377 void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)
\r
379 if(!g_bOpenSSLLoaded)
\r
381 EnterCriticalSection(&g_OpenSSLLock);
\r
382 g_OpenSSLTimeout = Timeout;
\r
383 g_pOpenSSLTimeoutCallback = pCallback;
\r
384 LeaveCriticalSection(&g_OpenSSLLock);
\r
387 void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)
\r
389 if(!g_bOpenSSLLoaded)
\r
391 EnterCriticalSection(&g_OpenSSLLock);
\r
392 g_pOpenSSLConfirmCallback = pCallback;
\r
393 LeaveCriticalSection(&g_OpenSSLLock);
\r
398 BOOL SetSSLRootCertificate(const void* pData, DWORD Length)
\r
401 X509_STORE* pStore;
\r
408 X509_CRL* pX509_CRL;
\r
409 if(!g_bOpenSSLLoaded)
\r
412 EnterCriticalSection(&g_OpenSSLLock);
\r
415 g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());
\r
416 p_SSL_CTX_ctrl(g_pOpenSSLCTX, SSL_CTRL_MODE, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY, NULL);
\r
420 if(pStore = p_SSL_CTX_get_cert_store(g_pOpenSSLCTX))
\r
432 if(memcmp(p, "-----BEGIN CERTIFICATE-----", 27) == 0)
\r
439 if(memcmp(p, "-----END CERTIFICATE-----", 25) == 0)
\r
444 if(pBIO = p_BIO_new_mem_buf(pBegin, (int)((size_t)pEnd - (size_t)pBegin)))
\r
446 if(pX509 = p_PEM_read_bio_X509(pBIO, NULL, NULL, NULL))
\r
448 if(p_X509_STORE_add_cert(pStore, pX509) == 1)
\r
450 p_X509_free(pX509);
\r
470 if(memcmp(p, "-----BEGIN X509 CRL-----", 24) == 0)
\r
477 if(memcmp(p, "-----END X509 CRL-----", 22) == 0)
\r
482 if(pBIO = p_BIO_new_mem_buf(pBegin, (int)((size_t)pEnd - (size_t)pBegin)))
\r
484 if(pX509_CRL = p_PEM_read_bio_X509_CRL(pBIO, NULL, NULL, NULL))
\r
486 if(p_X509_STORE_add_crl(pStore, pX509_CRL) == 1)
\r
488 p_X509_CRL_free(pX509_CRL);
\r
500 LeaveCriticalSection(&g_OpenSSLLock);
\r
506 BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName)
\r
509 const char* pAsterisk;
\r
510 size_t BeforeAsterisk;
\r
511 const char* pBeginAsterisk;
\r
512 const char* pEndAsterisk;
\r
515 if(HostName && CommonName)
\r
517 if(pAsterisk = strchr(CommonName, '*'))
\r
519 BeforeAsterisk = ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char);
\r
520 pBeginAsterisk = HostName + BeforeAsterisk;
\r
521 while(*pAsterisk == '*')
\r
525 pEndAsterisk = HostName + strlen(HostName) - strlen(pAsterisk);
\r
526 // "*"より前は大文字小文字を無視して完全一致
\r
527 if(_strnicmp(HostName, CommonName, BeforeAsterisk) == 0)
\r
529 // "*"より後は大文字小文字を無視して完全一致
\r
530 if(_stricmp(pEndAsterisk, pAsterisk) == 0)
\r
532 // "*"と一致する範囲に"."が含まれてはならない
\r
533 pDot = strchr(pBeginAsterisk, '.');
\r
534 if(!pDot || pDot >= pEndAsterisk)
\r
539 else if(_stricmp(HostName, CommonName) == 0)
\r
545 #pragma warning(push)
\r
546 #pragma warning(disable:4090)
\r
549 BOOL EncryptSignature(const char* PrivateKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength)
\r
556 if(!g_bOpenSSLLoaded)
\r
559 if(pBIO = p_BIO_new_mem_buf((void*)PrivateKey, sizeof(char) * strlen(PrivateKey)))
\r
561 if(pPKEY = p_PEM_read_bio_PrivateKey(pBIO, NULL, NULL, (void*)Password))
\r
563 if(pRSA = p_EVP_PKEY_get1_RSA(pPKEY))
\r
565 if(p_RSA_size(pRSA) <= (int)OutLength)
\r
567 i = p_RSA_private_encrypt((int)InLength, (const unsigned char*)pIn, (unsigned char*)pOut, pRSA, RSA_PKCS1_PADDING);
\r
570 *pOutLength = (DWORD)i;
\r
576 p_EVP_PKEY_free(pPKEY);
\r
584 // 主に自動更新ファイルのハッシュの改竄確認
\r
585 BOOL DecryptSignature(const char* PublicKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength)
\r
592 if(!g_bOpenSSLLoaded)
\r
595 if(pBIO = p_BIO_new_mem_buf((void*)PublicKey, sizeof(char) * strlen(PublicKey)))
\r
597 if(pPKEY = p_PEM_read_bio_PUBKEY(pBIO, NULL, NULL, Password))
\r
599 if(pRSA = p_EVP_PKEY_get1_RSA(pPKEY))
\r
601 if(p_RSA_size(pRSA) <= (int)OutLength)
\r
603 i = p_RSA_public_decrypt((int)InLength, (const unsigned char*)pIn, (unsigned char*)pOut, pRSA, RSA_PKCS1_PADDING);
\r
606 *pOutLength = (DWORD)i;
\r
612 p_EVP_PKEY_free(pPKEY);
\r
619 #pragma warning(pop)
\r
622 // 他にも同等の関数はあるが主にマルウェア対策のための冗長化
\r
623 BOOL GetHashSHA1(const void* pData, DWORD Size, void* pHash)
\r
625 if(!g_bOpenSSLLoaded)
\r
627 p_SHA1((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
631 BOOL GetHashSHA224(const void* pData, DWORD Size, void* pHash)
\r
633 if(!g_bOpenSSLLoaded)
\r
635 p_SHA224((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
639 BOOL GetHashSHA256(const void* pData, DWORD Size, void* pHash)
\r
641 if(!g_bOpenSSLLoaded)
\r
643 p_SHA256((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
647 BOOL GetHashSHA384(const void* pData, DWORD Size, void* pHash)
\r
649 if(!g_bOpenSSLLoaded)
\r
651 p_SHA384((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
655 BOOL GetHashSHA512(const void* pData, DWORD Size, void* pHash)
\r
657 if(!g_bOpenSSLLoaded)
\r
659 p_SHA512((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
664 BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted, BOOL bStrengthen)
\r
671 SSL_SESSION* pSession;
\r
674 if(!g_bOpenSSLLoaded)
\r
677 Time = timeGetTime();
\r
678 EnterCriticalSection(&g_OpenSSLLock);
\r
681 g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());
\r
682 p_SSL_CTX_ctrl(g_pOpenSSLCTX, SSL_CTRL_MODE, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY, NULL);
\r
686 if(ppSSL = GetUnusedSSLPointer())
\r
688 if(*ppSSL = p_SSL_new(g_pOpenSSLCTX))
\r
690 if(p_SSL_set_fd(*ppSSL, s) != 0)
\r
692 bInherited = FALSE;
\r
693 if(parent != INVALID_SOCKET)
\r
695 if(ppSSLParent = FindSSLPointerFromSocket(parent))
\r
697 if(pSession = p_SSL_get_session(*ppSSLParent))
\r
699 if(p_SSL_set_session(*ppSSL, pSession) == 1)
\r
708 p_SSL_ctrl(*ppSSL, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3, NULL);
\r
709 p_SSL_set_cipher_list(*ppSSL, "HIGH");
\r
712 // SSLのネゴシエーションには時間がかかる場合がある
\r
716 Return = p_SSL_connect(*ppSSL);
\r
719 Error = p_SSL_get_error(*ppSSL, Return);
\r
720 if(Error == SSL_ERROR_WANT_READ || Error == SSL_ERROR_WANT_WRITE)
\r
722 LeaveCriticalSection(&g_OpenSSLLock);
\r
723 if(g_pOpenSSLTimeoutCallback(pbAborted) || (g_OpenSSLTimeout > 0 && timeGetTime() - Time >= g_OpenSSLTimeout))
\r
725 EnterCriticalSection(&g_OpenSSLLock);
\r
732 if(ConfirmSSLCertificate(*ppSSL, pbAborted))
\r
737 LeaveCriticalSection(&g_OpenSSLLock);
\r
740 EnterCriticalSection(&g_OpenSSLLock);
\r
745 LeaveCriticalSection(&g_OpenSSLLock);
\r
747 EnterCriticalSection(&g_OpenSSLLock);
\r
752 LeaveCriticalSection(&g_OpenSSLLock);
\r
754 EnterCriticalSection(&g_OpenSSLLock);
\r
759 LeaveCriticalSection(&g_OpenSSLLock);
\r
764 BOOL DetachSSL(SOCKET s)
\r
768 if(!g_bOpenSSLLoaded)
\r
771 EnterCriticalSection(&g_OpenSSLLock);
\r
772 if(ppSSL = FindSSLPointerFromSocket(s))
\r
774 p_SSL_shutdown(*ppSSL);
\r
775 p_SSL_free(*ppSSL);
\r
779 LeaveCriticalSection(&g_OpenSSLLock);
\r
783 // SSLとしてマークされているか確認
\r
784 // マークされていればTRUEを返す
\r
785 BOOL IsSSLAttached(SOCKET s)
\r
788 if(!g_bOpenSSLLoaded)
\r
790 EnterCriticalSection(&g_OpenSSLLock);
\r
791 ppSSL = FindSSLPointerFromSocket(s);
\r
792 LeaveCriticalSection(&g_OpenSSLLock);
\r
798 SOCKET FTPS_socket(int af, int type, int protocol)
\r
800 return socket(af, type, protocol);
\r
803 int FTPS_bind(SOCKET s, const struct sockaddr *addr, int namelen)
\r
805 return bind(s, addr, namelen);
\r
808 int FTPS_listen(SOCKET s, int backlog)
\r
810 return listen(s, backlog);
\r
814 // ただし初めからSSLのネゴシエーションを行う
\r
815 SOCKET FTPS_accept(SOCKET s, struct sockaddr *addr, int *addrlen)
\r
819 r = accept(s, addr, addrlen);
\r
821 if(!AttachSSL(r, INVALID_SOCKET, &bAborted, TRUE))
\r
824 return INVALID_SOCKET;
\r
830 // ただし初めからSSLのネゴシエーションを行う
\r
831 int FTPS_connect(SOCKET s, const struct sockaddr *name, int namelen)
\r
835 r = connect(s, name, namelen);
\r
837 if(!AttachSSL(r, INVALID_SOCKET, &bAborted, TRUE))
\r
838 return SOCKET_ERROR;
\r
842 // closesocket相当の関数
\r
843 int FTPS_closesocket(SOCKET s)
\r
846 return closesocket(s);
\r
850 int FTPS_send(SOCKET s, const char * buf, int len, int flags)
\r
854 if(!g_bOpenSSLLoaded)
\r
855 return send(s, buf, len, flags);
\r
856 EnterCriticalSection(&g_OpenSSLLock);
\r
857 ppSSL = FindSSLPointerFromSocket(s);
\r
858 LeaveCriticalSection(&g_OpenSSLLock);
\r
860 return send(s, buf, len, flags);
\r
861 r = p_SSL_write(*ppSSL, buf, len);
\r
863 return SOCKET_ERROR;
\r
868 int FTPS_recv(SOCKET s, char * buf, int len, int flags)
\r
872 if(!g_bOpenSSLLoaded)
\r
873 return recv(s, buf, len, flags);
\r
874 EnterCriticalSection(&g_OpenSSLLock);
\r
875 ppSSL = FindSSLPointerFromSocket(s);
\r
876 LeaveCriticalSection(&g_OpenSSLLock);
\r
878 return recv(s, buf, len, flags);
\r
879 if(flags & MSG_PEEK)
\r
880 r = p_SSL_peek(*ppSSL, buf, len);
\r
882 r = p_SSL_read(*ppSSL, buf, len);
\r
884 return SOCKET_ERROR;
\r
890 const struct in6_addr IN6ADDR_NONE = {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}};
\r
901 } GETHOSTBYNAMEDATA;
\r
903 DWORD WINAPI WSAAsyncGetHostByNameIPv6ThreadProc(LPVOID lpParameter)
\r
905 GETHOSTBYNAMEDATA* pData;
\r
906 struct hostent* pHost;
\r
907 struct addrinfo* pAddr;
\r
908 struct addrinfo* p;
\r
910 pData = (GETHOSTBYNAMEDATA*)lpParameter;
\r
911 if(getaddrinfo(pData->name, NULL, NULL, &pAddr) == 0)
\r
916 if(p->ai_family == pData->Family)
\r
918 switch(p->ai_family)
\r
921 pHost = (struct hostent*)pData->buf;
\r
922 if((size_t)pData->buflen >= sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in_addr)
\r
923 && p->ai_addrlen >= sizeof(struct sockaddr_in))
\r
925 pHost->h_name = NULL;
\r
926 pHost->h_aliases = NULL;
\r
927 pHost->h_addrtype = p->ai_family;
\r
928 pHost->h_length = sizeof(struct in_addr);
\r
929 pHost->h_addr_list = (char**)(&pHost[1]);
\r
930 pHost->h_addr_list[0] = (char*)(&pHost->h_addr_list[2]);
\r
931 pHost->h_addr_list[1] = NULL;
\r
932 memcpy(pHost->h_addr_list[0], &((struct sockaddr_in*)p->ai_addr)->sin_addr, sizeof(struct in_addr));
\r
933 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in_addr)));
\r
936 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(WSAENOBUFS << 16));
\r
939 pHost = (struct hostent*)pData->buf;
\r
940 if((size_t)pData->buflen >= sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in6_addr)
\r
941 && p->ai_addrlen >= sizeof(struct sockaddr_in6))
\r
943 pHost->h_name = NULL;
\r
944 pHost->h_aliases = NULL;
\r
945 pHost->h_addrtype = p->ai_family;
\r
946 pHost->h_length = sizeof(struct in6_addr);
\r
947 pHost->h_addr_list = (char**)(&pHost[1]);
\r
948 pHost->h_addr_list[0] = (char*)(&pHost->h_addr_list[2]);
\r
949 pHost->h_addr_list[1] = NULL;
\r
950 memcpy(pHost->h_addr_list[0], &((struct sockaddr_in6*)p->ai_addr)->sin6_addr, sizeof(struct in6_addr));
\r
951 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in6_addr)));
\r
954 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(WSAENOBUFS << 16));
\r
963 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(ERROR_INVALID_FUNCTION << 16));
\r
964 freeaddrinfo(pAddr);
\r
967 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(ERROR_INVALID_FUNCTION << 16));
\r
968 // CreateThreadが返すハンドルが重複するのを回避
\r
970 CloseHandle(pData->h);
\r
976 // IPv6対応のWSAAsyncGetHostByName相当の関数
\r
977 // FamilyにはAF_INETまたはAF_INET6を指定可能
\r
979 HANDLE WSAAsyncGetHostByNameIPv6(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen, short Family)
\r
982 GETHOSTBYNAMEDATA* pData;
\r
984 if(pData = malloc(sizeof(GETHOSTBYNAMEDATA)))
\r
986 pData->hWnd = hWnd;
\r
987 pData->wMsg = wMsg;
\r
988 if(pData->name = malloc(sizeof(char) * (strlen(name) + 1)))
\r
990 strcpy(pData->name, name);
\r
992 pData->buflen = buflen;
\r
993 pData->Family = Family;
\r
994 if(pData->h = CreateThread(NULL, 0, WSAAsyncGetHostByNameIPv6ThreadProc, pData, CREATE_SUSPENDED, NULL))
\r
996 ResumeThread(pData->h);
\r
997 hResult = pData->h;
\r
1006 free(pData->name);
\r
1013 // WSAAsyncGetHostByNameIPv6用のWSACancelAsyncRequest相当の関数
\r
1014 int WSACancelAsyncRequestIPv6(HANDLE hAsyncTaskHandle)
\r
1017 Result = SOCKET_ERROR;
\r
1018 if(TerminateThread(hAsyncTaskHandle, 0))
\r
1020 CloseHandle(hAsyncTaskHandle);
\r
1026 char* AddressToStringIPv4(char* str, void* in)
\r
1031 p = (unsigned char*)in;
\r
1032 sprintf(str, "%u.%u.%u.%u", p[0], p[1], p[2], p[3]);
\r
1036 char* AddressToStringIPv6(char* str, void* in6)
\r
1046 p = (unsigned char*)in6;
\r
1049 for(i = 0; i < 8; i++)
\r
1051 for(j = i; j < 8; j++)
\r
1053 if(p[j * 2] != 0 || p[j * 2 + 1] != 0)
\r
1056 if(j - i > MaxZeroLen)
\r
1059 MaxZeroLen = j - i;
\r
1063 for(i = 0; i < 8; i++)
\r
1071 else if(i < MaxZero || i >= MaxZero + MaxZeroLen)
\r
1073 sprintf(Tmp, "%x", (((int)p[i * 2] & 0xff) << 8) | ((int)p[i * 2 + 1] & 0xff));
\r
1082 // IPv6対応のinet_ntoa相当の関数
\r
1084 char* inet6_ntoa(struct in6_addr in6)
\r
1087 static char Adrs[40];
\r
1089 memset(Adrs, 0, sizeof(Adrs));
\r
1090 pResult = AddressToStringIPv6(Adrs, &in6);
\r
1094 // IPv6対応のinet_addr相当の関数
\r
1096 struct in6_addr inet6_addr(const char* cp)
\r
1098 struct in6_addr Result;
\r
1102 memset(&Result, 0, sizeof(Result));
\r
1104 for(i = 0; i < 8; i++)
\r
1108 memcpy(&Result, &IN6ADDR_NONE, sizeof(struct in6_addr));
\r
1111 if(i >= AfterZero)
\r
1113 if(strncmp(cp, ":", 1) == 0)
\r
1116 if(i == 0 && strncmp(cp, ":", 1) == 0)
\r
1120 while(p = strstr(p, ":"))
\r
1128 Result.u.Word[i] = (USHORT)strtol(cp, &p, 16);
\r
1129 Result.u.Word[i] = ((Result.u.Word[i] & 0xff00) >> 8) | ((Result.u.Word[i] & 0x00ff) << 8);
\r
1130 if(strncmp(p, ":", 1) != 0 && strlen(p) > 0)
\r
1132 memcpy(&Result, &IN6ADDR_NONE, sizeof(struct in6_addr));
\r
1135 if(cp = strstr(cp, ":"))
\r
1143 BOOL ConvertDomainNameToPunycode(LPSTR Output, DWORD Count, LPCSTR Input)
\r
1146 punycode_uint* pUnicode;
\r
1149 LPCSTR InputString;
\r
1150 punycode_uint Length;
\r
1151 punycode_uint OutputLength;
\r
1153 if(pUnicode = malloc(sizeof(punycode_uint) * strlen(Input)))
\r
1157 InputString = Input;
\r
1159 while(*InputString != '\0')
\r
1161 *p = (punycode_uint)GetNextCharM(InputString, NULL, &InputString);
\r
1169 if(Count >= strlen("xn--") + 1)
\r
1171 strcpy(Output, "xn--");
\r
1172 OutputLength = Count - strlen("xn--");
\r
1173 if(punycode_encode(Length, pUnicode, NULL, (punycode_uint*)&OutputLength, Output + strlen("xn--")) == punycode_success)
\r
1175 Output[strlen("xn--") + OutputLength] = '\0';
\r
1184 if(Count >= strlen(Input) + 1)
\r
1186 strcpy(Output, Input);
\r
1193 BOOL ConvertNameToPunycode(LPSTR Output, LPCSTR Input)
\r
1202 Length = strlen(Input);
\r
1203 if(pm0 = AllocateStringM(Length + 1))
\r
1205 if(pm1 = AllocateStringM(Length * 4 + 1))
\r
1207 strcpy(pm0, Input);
\r
1211 if(pNext = strchr(p, '.'))
\r
1216 if(ConvertDomainNameToPunycode(pm1, Length * 4, p))
\r
1217 strcat(Output, pm1);
\r
1219 strcat(Output, ".");
\r
1223 FreeDuplicatedString(pm1);
\r
1225 FreeDuplicatedString(pm0);
\r
1230 HANDLE WSAAsyncGetHostByNameM(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen)
\r
1234 if(pa0 = AllocateStringA(strlen(name) * 4))
\r
1236 if(ConvertNameToPunycode(pa0, name))
\r
1237 r = WSAAsyncGetHostByName(hWnd, wMsg, pa0, buf, buflen);
\r
1239 FreeDuplicatedString(pa0);
\r
1243 HANDLE WSAAsyncGetHostByNameIPv6M(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen, short Family)
\r
1247 if(pa0 = AllocateStringA(strlen(name) * 4))
\r
1249 if(ConvertNameToPunycode(pa0, name))
\r
1250 r = WSAAsyncGetHostByNameIPv6(hWnd, wMsg, pa0, buf, buflen, Family);
\r
1252 FreeDuplicatedString(pa0);
\r
OSDN Git Service
