2 // Copyright (C) 2011 Suguru Kawamoto
\r
4 // socket関連関数をOpenSSL用に置換
\r
6 // コンパイルにはOpenSSLのヘッダーファイルが必要
\r
7 // 実行にはOpenSSLのDLLが必要
\r
9 #include <ws2tcpip.h>
\r
10 #include <windows.h>
\r
11 #include <mmsystem.h>
\r
12 #include <openssl/ssl.h>
\r
14 #include "socketwrapper.h"
\r
15 #include "protectprocess.h"
\r
16 #include "mbswrapper.h"
\r
17 #include "punycode.h"
\r
22 //typedef void (__cdecl* _SSL_load_error_strings)();
\r
23 //typedef int (__cdecl* _SSL_library_init)();
\r
24 typedef int (__cdecl* _OPENSSL_init_ssl)(uint64_t, OPENSSL_INIT_SETTINGS*);
\r
26 //typedef SSL_METHOD* (__cdecl* _SSLv23_method)();
\r
27 typedef SSL_METHOD* (__cdecl* _TLS_method)();
\r
28 typedef SSL* (__cdecl* _SSL_new)(SSL_CTX*);
\r
29 typedef void (__cdecl* _SSL_free)(SSL*);
\r
30 typedef long (__cdecl* _SSL_ctrl)(SSL*, int, long, void*);
\r
31 typedef int (__cdecl* _SSL_shutdown)(SSL*);
\r
32 typedef int (__cdecl* _SSL_get_fd)(SSL*);
\r
33 typedef int (__cdecl* _SSL_set_fd)(SSL*, int);
\r
34 typedef int (__cdecl* _SSL_accept)(SSL*);
\r
35 typedef int (__cdecl* _SSL_connect)(SSL*);
\r
36 typedef int (__cdecl* _SSL_write)(SSL*, const void*, int);
\r
37 typedef int (__cdecl* _SSL_peek)(SSL*, void*, int);
\r
38 typedef int (__cdecl* _SSL_read)(SSL*, void*, int);
\r
39 typedef int (__cdecl* _SSL_get_error)(SSL*, int);
\r
40 typedef X509* (__cdecl* _SSL_get_peer_certificate)(const SSL*);
\r
41 typedef long (__cdecl* _SSL_get_verify_result)(const SSL*);
\r
42 typedef SSL_SESSION* (__cdecl* _SSL_get_session)(SSL*);
\r
43 typedef int (__cdecl* _SSL_set_session)(SSL*, SSL_SESSION*);
\r
44 typedef int (__cdecl* _SSL_set_cipher_list)(SSL*, const char*);
\r
45 typedef SSL_CTX* (__cdecl* _SSL_CTX_new)(SSL_METHOD*);
\r
46 typedef void (__cdecl* _SSL_CTX_free)(SSL_CTX*);
\r
47 typedef X509_STORE* (__cdecl* _SSL_CTX_get_cert_store)(const SSL_CTX*);
\r
48 typedef long (__cdecl* _SSL_CTX_ctrl)(SSL_CTX*, int, long, void*);
\r
49 typedef BIO_METHOD* (__cdecl* _BIO_s_mem)();
\r
50 typedef BIO* (__cdecl* _BIO_new)(BIO_METHOD*);
\r
51 typedef int (__cdecl* _BIO_free)(BIO*);
\r
52 typedef BIO* (__cdecl* _BIO_new_mem_buf)(void*, int);
\r
53 typedef long (__cdecl* _BIO_ctrl)(BIO*, int, long, void*);
\r
54 typedef void (__cdecl* _X509_free)(X509*);
\r
55 typedef int (__cdecl* _X509_print_ex)(BIO*, X509*, unsigned long, unsigned long);
\r
56 typedef X509_NAME* (__cdecl* _X509_get_subject_name)(X509*);
\r
57 typedef int (__cdecl* _X509_NAME_print_ex)(BIO*, X509_NAME*, int, unsigned long);
\r
58 typedef void (__cdecl* _X509_CRL_free)(X509_CRL*);
\r
59 typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PrivateKey)(BIO*, EVP_PKEY**, pem_password_cb*, void*);
\r
60 typedef EVP_PKEY* (__cdecl* _PEM_read_bio_PUBKEY)(BIO*, EVP_PKEY**, pem_password_cb*, void*);
\r
61 typedef X509* (__cdecl* _PEM_read_bio_X509)(BIO*, X509**, pem_password_cb*, void*);
\r
62 typedef X509_CRL* (__cdecl* _PEM_read_bio_X509_CRL)(BIO*, X509_CRL**, pem_password_cb*, void*);
\r
63 typedef int (__cdecl* _X509_STORE_add_cert)(X509_STORE*, X509*);
\r
64 typedef int (__cdecl* _X509_STORE_add_crl)(X509_STORE*, X509_CRL*);
\r
65 typedef void (__cdecl* _EVP_PKEY_free)(EVP_PKEY*);
\r
66 typedef RSA* (__cdecl* _EVP_PKEY_get1_RSA)(EVP_PKEY*);
\r
67 typedef void (__cdecl* _RSA_free)(RSA*);
\r
68 typedef int (__cdecl* _RSA_size)(const RSA*);
\r
69 typedef int (__cdecl* _RSA_private_encrypt)(int, const unsigned char*, unsigned char*, RSA*, int);
\r
70 typedef int (__cdecl* _RSA_public_decrypt)(int, const unsigned char*, unsigned char*, RSA*, int);
\r
71 typedef unsigned char* (__cdecl* _SHA1)(const unsigned char*, size_t, unsigned char*);
\r
72 typedef unsigned char* (__cdecl* _SHA224)(const unsigned char*, size_t, unsigned char*);
\r
73 typedef unsigned char* (__cdecl* _SHA256)(const unsigned char*, size_t, unsigned char*);
\r
74 typedef unsigned char* (__cdecl* _SHA384)(const unsigned char*, size_t, unsigned char*);
\r
75 typedef unsigned char* (__cdecl* _SHA512)(const unsigned char*, size_t, unsigned char*);
\r
78 //_SSL_load_error_strings p_SSL_load_error_strings;
\r
79 //_SSL_library_init p_SSL_library_init;
\r
80 _OPENSSL_init_ssl p_OPENSSL_init_ssl;
\r
82 //_SSLv23_method p_SSLv23_method;
\r
83 _TLS_method p_TLS_method;
\r
85 _SSL_free p_SSL_free;
\r
86 _SSL_ctrl p_SSL_ctrl;
\r
87 _SSL_shutdown p_SSL_shutdown;
\r
88 _SSL_get_fd p_SSL_get_fd;
\r
89 _SSL_set_fd p_SSL_set_fd;
\r
90 _SSL_accept p_SSL_accept;
\r
91 _SSL_connect p_SSL_connect;
\r
92 _SSL_write p_SSL_write;
\r
93 _SSL_peek p_SSL_peek;
\r
94 _SSL_read p_SSL_read;
\r
95 _SSL_get_error p_SSL_get_error;
\r
96 _SSL_get_peer_certificate p_SSL_get_peer_certificate;
\r
97 _SSL_get_verify_result p_SSL_get_verify_result;
\r
98 _SSL_get_session p_SSL_get_session;
\r
99 _SSL_set_session p_SSL_set_session;
\r
100 _SSL_set_cipher_list p_SSL_set_cipher_list;
\r
101 _SSL_CTX_new p_SSL_CTX_new;
\r
102 _SSL_CTX_free p_SSL_CTX_free;
\r
103 _SSL_CTX_get_cert_store p_SSL_CTX_get_cert_store;
\r
104 _SSL_CTX_ctrl p_SSL_CTX_ctrl;
\r
105 _BIO_s_mem p_BIO_s_mem;
\r
106 _BIO_new p_BIO_new;
\r
107 _BIO_free p_BIO_free;
\r
108 _BIO_new_mem_buf p_BIO_new_mem_buf;
\r
109 _BIO_ctrl p_BIO_ctrl;
\r
110 _X509_free p_X509_free;
\r
111 _X509_print_ex p_X509_print_ex;
\r
112 _X509_get_subject_name p_X509_get_subject_name;
\r
113 _X509_NAME_print_ex p_X509_NAME_print_ex;
\r
114 _X509_CRL_free p_X509_CRL_free;
\r
115 _PEM_read_bio_PrivateKey p_PEM_read_bio_PrivateKey;
\r
116 _PEM_read_bio_PUBKEY p_PEM_read_bio_PUBKEY;
\r
117 _PEM_read_bio_X509 p_PEM_read_bio_X509;
\r
118 _PEM_read_bio_X509_CRL p_PEM_read_bio_X509_CRL;
\r
119 _X509_STORE_add_cert p_X509_STORE_add_cert;
\r
120 _X509_STORE_add_crl p_X509_STORE_add_crl;
\r
121 _EVP_PKEY_free p_EVP_PKEY_free;
\r
122 _EVP_PKEY_get1_RSA p_EVP_PKEY_get1_RSA;
\r
123 _RSA_free p_RSA_free;
\r
124 _RSA_size p_RSA_size;
\r
125 _RSA_private_encrypt p_RSA_private_encrypt;
\r
126 _RSA_public_decrypt p_RSA_public_decrypt;
\r
133 #define MAX_SSL_SOCKET 16
\r
135 BOOL g_bOpenSSLLoaded;
\r
136 HMODULE g_hOpenSSL;
\r
137 HMODULE g_hOpenSSLCommon;
\r
138 CRITICAL_SECTION g_OpenSSLLock;
\r
139 DWORD g_OpenSSLTimeout;
\r
140 LPSSLTIMEOUTCALLBACK g_pOpenSSLTimeoutCallback;
\r
141 LPSSLCONFIRMCALLBACK g_pOpenSSLConfirmCallback;
\r
142 SSL_CTX* g_pOpenSSLCTX;
\r
143 SSL* g_pOpenSSLHandle[MAX_SSL_SOCKET];
\r
145 BOOL __stdcall DefaultSSLTimeoutCallback(BOOL* pbAborted)
\r
151 BOOL __stdcall DefaultSSLConfirmCallback(BOOL* pbAborted, BOOL bVerified, LPCSTR Certificate, LPCSTR CommonName)
\r
159 if(g_bOpenSSLLoaded)
\r
161 #ifdef ENABLE_PROCESS_PROTECTION
\r
162 // 同梱するOpenSSLのバージョンに合わせてSHA1ハッシュ値を変更すること
\r
163 #if defined(_M_IX86)
\r
164 // ssleay32.dll 1.1.0h
\r
165 RegisterTrustedModuleSHA1Hash("\x36\xFA\x98\xA1\xBE\x62\xB2\x07\xF0\xB8\x20\xE0\xB2\x86\x41\x68\xE2\x8D\x8B\x0F");
\r
166 // libeay32.dll 1.1.0h
\r
167 RegisterTrustedModuleSHA1Hash("\x2C\xD5\x65\x74\x2A\x8D\xE3\x22\x8F\xFE\xA9\x6D\xB5\x9D\x34\xFB\xBB\x23\x73\xFD");
\r
168 #elif defined(_M_AMD64)
\r
169 // ssleay32.dll 1.1.0h
\r
170 RegisterTrustedModuleSHA1Hash("\x1A\xA5\x43\xC8\x19\x85\x16\xC0\x19\x04\x8D\xD2\xE0\xF3\xF8\x73\x4D\x9E\xA0\x2F");
\r
171 // libeay32.dll 1.1.0h
\r
172 RegisterTrustedModuleSHA1Hash("\xC4\x4E\xD4\x5B\xEF\xA6\xC0\x9F\x6A\x45\xEC\x26\xDE\xEC\x3A\xC0\x24\x00\xF1\x66");
\r
175 g_hOpenSSL = LoadLibrary("ssleay32.dll");
\r
176 // バージョン固定のためlibssl32.dllの読み込みは脆弱性の原因になり得るので廃止
\r
178 // g_hOpenSSL = LoadLibrary("libssl32.dll");
\r
181 // || !(p_SSL_load_error_strings = (_SSL_load_error_strings)GetProcAddress(g_hOpenSSL, "SSL_load_error_strings"))
\r
182 // || !(p_SSL_library_init = (_SSL_library_init)GetProcAddress(g_hOpenSSL, "SSL_library_init"))
\r
183 || !(p_OPENSSL_init_ssl = (_OPENSSL_init_ssl)GetProcAddress(g_hOpenSSL, "OPENSSL_init_ssl"))
\r
185 // || !(p_SSLv23_method = (_SSLv23_method)GetProcAddress(g_hOpenSSL, "SSLv23_method"))
\r
186 || !(p_TLS_method = (_TLS_method)GetProcAddress(g_hOpenSSL, "TLS_method"))
\r
187 || !(p_SSL_new = (_SSL_new)GetProcAddress(g_hOpenSSL, "SSL_new"))
\r
188 || !(p_SSL_free = (_SSL_free)GetProcAddress(g_hOpenSSL, "SSL_free"))
\r
189 || !(p_SSL_ctrl = (_SSL_ctrl)GetProcAddress(g_hOpenSSL, "SSL_ctrl"))
\r
190 || !(p_SSL_shutdown = (_SSL_shutdown)GetProcAddress(g_hOpenSSL, "SSL_shutdown"))
\r
191 || !(p_SSL_get_fd = (_SSL_get_fd)GetProcAddress(g_hOpenSSL, "SSL_get_fd"))
\r
192 || !(p_SSL_set_fd = (_SSL_set_fd)GetProcAddress(g_hOpenSSL, "SSL_set_fd"))
\r
193 || !(p_SSL_accept = (_SSL_accept)GetProcAddress(g_hOpenSSL, "SSL_accept"))
\r
194 || !(p_SSL_connect = (_SSL_connect)GetProcAddress(g_hOpenSSL, "SSL_connect"))
\r
195 || !(p_SSL_write = (_SSL_write)GetProcAddress(g_hOpenSSL, "SSL_write"))
\r
196 || !(p_SSL_peek = (_SSL_peek)GetProcAddress(g_hOpenSSL, "SSL_peek"))
\r
197 || !(p_SSL_read = (_SSL_read)GetProcAddress(g_hOpenSSL, "SSL_read"))
\r
198 || !(p_SSL_get_error = (_SSL_get_error)GetProcAddress(g_hOpenSSL, "SSL_get_error"))
\r
199 || !(p_SSL_get_peer_certificate = (_SSL_get_peer_certificate)GetProcAddress(g_hOpenSSL, "SSL_get_peer_certificate"))
\r
200 || !(p_SSL_get_verify_result = (_SSL_get_verify_result)GetProcAddress(g_hOpenSSL, "SSL_get_verify_result"))
\r
201 || !(p_SSL_get_session = (_SSL_get_session)GetProcAddress(g_hOpenSSL, "SSL_get_session"))
\r
202 || !(p_SSL_set_session = (_SSL_set_session)GetProcAddress(g_hOpenSSL, "SSL_set_session"))
\r
203 || !(p_SSL_set_cipher_list = (_SSL_set_cipher_list)GetProcAddress(g_hOpenSSL, "SSL_set_cipher_list"))
\r
204 || !(p_SSL_CTX_new = (_SSL_CTX_new)GetProcAddress(g_hOpenSSL, "SSL_CTX_new"))
\r
205 || !(p_SSL_CTX_free = (_SSL_CTX_free)GetProcAddress(g_hOpenSSL, "SSL_CTX_free"))
\r
206 || !(p_SSL_CTX_get_cert_store = (_SSL_CTX_get_cert_store)GetProcAddress(g_hOpenSSL, "SSL_CTX_get_cert_store"))
\r
207 || !(p_SSL_CTX_ctrl = (_SSL_CTX_ctrl)GetProcAddress(g_hOpenSSL, "SSL_CTX_ctrl")))
\r
210 FreeLibrary(g_hOpenSSL);
\r
214 g_hOpenSSLCommon = LoadLibrary("libeay32.dll");
\r
215 if(!g_hOpenSSLCommon
\r
216 || !(p_BIO_s_mem = (_BIO_s_mem)GetProcAddress(g_hOpenSSLCommon, "BIO_s_mem"))
\r
217 || !(p_BIO_new = (_BIO_new)GetProcAddress(g_hOpenSSLCommon, "BIO_new"))
\r
218 || !(p_BIO_free = (_BIO_free)GetProcAddress(g_hOpenSSLCommon, "BIO_free"))
\r
219 || !(p_BIO_new_mem_buf = (_BIO_new_mem_buf)GetProcAddress(g_hOpenSSLCommon, "BIO_new_mem_buf"))
\r
220 || !(p_BIO_ctrl = (_BIO_ctrl)GetProcAddress(g_hOpenSSLCommon, "BIO_ctrl"))
\r
221 || !(p_X509_free = (_X509_free)GetProcAddress(g_hOpenSSLCommon, "X509_free"))
\r
222 || !(p_X509_print_ex = (_X509_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_print_ex"))
\r
223 || !(p_X509_get_subject_name = (_X509_get_subject_name)GetProcAddress(g_hOpenSSLCommon, "X509_get_subject_name"))
\r
224 || !(p_X509_NAME_print_ex = (_X509_NAME_print_ex)GetProcAddress(g_hOpenSSLCommon, "X509_NAME_print_ex"))
\r
225 || !(p_X509_CRL_free = (_X509_CRL_free)GetProcAddress(g_hOpenSSLCommon, "X509_CRL_free"))
\r
226 || !(p_PEM_read_bio_PrivateKey = (_PEM_read_bio_PrivateKey)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PrivateKey"))
\r
227 || !(p_PEM_read_bio_PUBKEY = (_PEM_read_bio_PUBKEY)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_PUBKEY"))
\r
228 || !(p_PEM_read_bio_X509 = (_PEM_read_bio_X509)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509"))
\r
229 || !(p_PEM_read_bio_X509_CRL = (_PEM_read_bio_X509_CRL)GetProcAddress(g_hOpenSSLCommon, "PEM_read_bio_X509_CRL"))
\r
230 || !(p_X509_STORE_add_cert = (_X509_STORE_add_cert)GetProcAddress(g_hOpenSSLCommon, "X509_STORE_add_cert"))
\r
231 || !(p_X509_STORE_add_crl = (_X509_STORE_add_crl)GetProcAddress(g_hOpenSSLCommon, "X509_STORE_add_crl"))
\r
232 || !(p_EVP_PKEY_free = (_EVP_PKEY_free)GetProcAddress(g_hOpenSSLCommon, "EVP_PKEY_free"))
\r
233 || !(p_EVP_PKEY_get1_RSA = (_EVP_PKEY_get1_RSA)GetProcAddress(g_hOpenSSLCommon, "EVP_PKEY_get1_RSA"))
\r
234 || !(p_RSA_free = (_RSA_free)GetProcAddress(g_hOpenSSLCommon, "RSA_free"))
\r
235 || !(p_RSA_size = (_RSA_size)GetProcAddress(g_hOpenSSLCommon, "RSA_size"))
\r
236 || !(p_RSA_private_encrypt = (_RSA_private_encrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_private_encrypt"))
\r
237 || !(p_RSA_public_decrypt = (_RSA_public_decrypt)GetProcAddress(g_hOpenSSLCommon, "RSA_public_decrypt"))
\r
238 || !(p_SHA1 = (_SHA1)GetProcAddress(g_hOpenSSLCommon, "SHA1"))
\r
239 || !(p_SHA224 = (_SHA224)GetProcAddress(g_hOpenSSLCommon, "SHA224"))
\r
240 || !(p_SHA256 = (_SHA256)GetProcAddress(g_hOpenSSLCommon, "SHA256"))
\r
241 || !(p_SHA384 = (_SHA384)GetProcAddress(g_hOpenSSLCommon, "SHA384"))
\r
242 || !(p_SHA512 = (_SHA512)GetProcAddress(g_hOpenSSLCommon, "SHA512")))
\r
245 FreeLibrary(g_hOpenSSL);
\r
247 if(g_hOpenSSLCommon)
\r
248 FreeLibrary(g_hOpenSSLCommon);
\r
249 g_hOpenSSLCommon = NULL;
\r
252 InitializeCriticalSection(&g_OpenSSLLock);
\r
254 // p_SSL_load_error_strings();
\r
255 p_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
\r
256 // p_SSL_library_init();
\r
257 p_OPENSSL_init_ssl(0, NULL);
\r
258 SetSSLTimeoutCallback(60000, DefaultSSLTimeoutCallback);
\r
259 SetSSLConfirmCallback(DefaultSSLConfirmCallback);
\r
260 g_bOpenSSLLoaded = TRUE;
\r
268 if(!g_bOpenSSLLoaded)
\r
270 EnterCriticalSection(&g_OpenSSLLock);
\r
271 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
273 if(g_pOpenSSLHandle[i])
\r
275 p_SSL_shutdown(g_pOpenSSLHandle[i]);
\r
276 p_SSL_free(g_pOpenSSLHandle[i]);
\r
277 g_pOpenSSLHandle[i] = NULL;
\r
281 p_SSL_CTX_free(g_pOpenSSLCTX);
\r
282 g_pOpenSSLCTX = NULL;
\r
284 // FreeLibrary(g_hOpenSSL);
\r
285 // g_hOpenSSL = NULL;
\r
286 // FreeLibrary(g_hOpenSSLCommon);
\r
287 // g_hOpenSSLCommon = NULL;
\r
288 FreeLibrary(g_hOpenSSLCommon);
\r
289 g_hOpenSSLCommon = NULL;
\r
290 FreeLibrary(g_hOpenSSL);
\r
292 LeaveCriticalSection(&g_OpenSSLLock);
\r
293 DeleteCriticalSection(&g_OpenSSLLock);
\r
294 g_bOpenSSLLoaded = FALSE;
\r
297 // OpenSSLが使用可能かどうか確認
\r
298 BOOL IsOpenSSLLoaded()
\r
300 return g_bOpenSSLLoaded;
\r
303 SSL** GetUnusedSSLPointer()
\r
306 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
308 if(!g_pOpenSSLHandle[i])
\r
309 return &g_pOpenSSLHandle[i];
\r
314 SSL** FindSSLPointerFromSocket(SOCKET s)
\r
317 for(i = 0; i < MAX_SSL_SOCKET; i++)
\r
319 if(g_pOpenSSLHandle[i])
\r
321 if(p_SSL_get_fd(g_pOpenSSLHandle[i]) == s)
\r
322 return &g_pOpenSSLHandle[i];
\r
328 BOOL ConfirmSSLCertificate(SSL* pSSL, BOOL* pbAborted)
\r
344 if(pX509 = p_SSL_get_peer_certificate(pSSL))
\r
346 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
348 p_X509_print_ex(pBIO, pX509, 0, XN_FLAG_RFC2253);
\r
349 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
351 if(pData = (char*)malloc(Length + sizeof(char)))
\r
353 memcpy(pData, pBuffer, Length);
\r
354 *(char*)((size_t)pData + Length) = '\0';
\r
359 if(pBIO = p_BIO_new(p_BIO_s_mem()))
\r
361 p_X509_NAME_print_ex(pBIO, p_X509_get_subject_name(pX509), 0, XN_FLAG_RFC2253);
\r
362 if((Length = p_BIO_ctrl(pBIO, BIO_CTRL_INFO, 0, &pBuffer)) > 0)
\r
364 if(pSubject = (char*)malloc(Length + sizeof(char)))
\r
366 memcpy(pSubject, pBuffer, Length);
\r
367 *(char*)((size_t)pSubject + Length) = '\0';
\r
372 p_X509_free(pX509);
\r
374 if(pX509 && p_SSL_get_verify_result(pSSL) == X509_V_OK)
\r
379 if(strncmp(pCN, "CN=", strlen("CN=")) == 0)
\r
381 pCN += strlen("CN=");
\r
382 if(p = strchr(pCN, ','))
\r
386 if(pCN = strchr(pCN, ','))
\r
389 bResult = g_pOpenSSLConfirmCallback(pbAborted, bVerified, pData, pCN);
\r
397 void SetSSLTimeoutCallback(DWORD Timeout, LPSSLTIMEOUTCALLBACK pCallback)
\r
399 if(!g_bOpenSSLLoaded)
\r
401 EnterCriticalSection(&g_OpenSSLLock);
\r
402 g_OpenSSLTimeout = Timeout;
\r
403 g_pOpenSSLTimeoutCallback = pCallback;
\r
404 LeaveCriticalSection(&g_OpenSSLLock);
\r
407 void SetSSLConfirmCallback(LPSSLCONFIRMCALLBACK pCallback)
\r
409 if(!g_bOpenSSLLoaded)
\r
411 EnterCriticalSection(&g_OpenSSLLock);
\r
412 g_pOpenSSLConfirmCallback = pCallback;
\r
413 LeaveCriticalSection(&g_OpenSSLLock);
\r
418 BOOL SetSSLRootCertificate(const void* pData, DWORD Length)
\r
421 X509_STORE* pStore;
\r
428 X509_CRL* pX509_CRL;
\r
429 if(!g_bOpenSSLLoaded)
\r
432 EnterCriticalSection(&g_OpenSSLLock);
\r
436 // g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());
\r
437 g_pOpenSSLCTX = p_SSL_CTX_new(p_TLS_method());
\r
438 p_SSL_CTX_ctrl(g_pOpenSSLCTX, SSL_CTRL_MODE, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY, NULL);
\r
442 if(pStore = p_SSL_CTX_get_cert_store(g_pOpenSSLCTX))
\r
454 if(memcmp(p, "-----BEGIN CERTIFICATE-----", 27) == 0)
\r
461 if(memcmp(p, "-----END CERTIFICATE-----", 25) == 0)
\r
466 if(pBIO = p_BIO_new_mem_buf(pBegin, (int)((size_t)pEnd - (size_t)pBegin)))
\r
468 if(pX509 = p_PEM_read_bio_X509(pBIO, NULL, NULL, NULL))
\r
470 if(p_X509_STORE_add_cert(pStore, pX509) == 1)
\r
472 p_X509_free(pX509);
\r
492 if(memcmp(p, "-----BEGIN X509 CRL-----", 24) == 0)
\r
499 if(memcmp(p, "-----END X509 CRL-----", 22) == 0)
\r
504 if(pBIO = p_BIO_new_mem_buf(pBegin, (int)((size_t)pEnd - (size_t)pBegin)))
\r
506 if(pX509_CRL = p_PEM_read_bio_X509_CRL(pBIO, NULL, NULL, NULL))
\r
508 if(p_X509_STORE_add_crl(pStore, pX509_CRL) == 1)
\r
510 p_X509_CRL_free(pX509_CRL);
\r
522 LeaveCriticalSection(&g_OpenSSLLock);
\r
528 BOOL IsHostNameMatched(LPCSTR HostName, LPCSTR CommonName)
\r
531 const char* pAsterisk;
\r
532 size_t BeforeAsterisk;
\r
533 const char* pBeginAsterisk;
\r
534 const char* pEndAsterisk;
\r
537 if(HostName && CommonName)
\r
539 if(pAsterisk = strchr(CommonName, '*'))
\r
541 BeforeAsterisk = ((size_t)pAsterisk - (size_t)CommonName) / sizeof(char);
\r
542 pBeginAsterisk = HostName + BeforeAsterisk;
\r
543 while(*pAsterisk == '*')
\r
547 pEndAsterisk = HostName + strlen(HostName) - strlen(pAsterisk);
\r
548 // "*"より前は大文字小文字を無視して完全一致
\r
549 if(_strnicmp(HostName, CommonName, BeforeAsterisk) == 0)
\r
551 // "*"より後は大文字小文字を無視して完全一致
\r
552 if(_stricmp(pEndAsterisk, pAsterisk) == 0)
\r
554 // "*"と一致する範囲に"."が含まれてはならない
\r
555 pDot = strchr(pBeginAsterisk, '.');
\r
556 if(!pDot || pDot >= pEndAsterisk)
\r
561 else if(_stricmp(HostName, CommonName) == 0)
\r
567 #pragma warning(push)
\r
568 #pragma warning(disable:4090)
\r
571 BOOL EncryptSignature(const char* PrivateKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength)
\r
578 if(!g_bOpenSSLLoaded)
\r
581 if(pBIO = p_BIO_new_mem_buf((void*)PrivateKey, sizeof(char) * strlen(PrivateKey)))
\r
583 if(pPKEY = p_PEM_read_bio_PrivateKey(pBIO, NULL, NULL, (void*)Password))
\r
585 if(pRSA = p_EVP_PKEY_get1_RSA(pPKEY))
\r
587 if(p_RSA_size(pRSA) <= (int)OutLength)
\r
589 i = p_RSA_private_encrypt((int)InLength, (const unsigned char*)pIn, (unsigned char*)pOut, pRSA, RSA_PKCS1_PADDING);
\r
592 *pOutLength = (DWORD)i;
\r
598 p_EVP_PKEY_free(pPKEY);
\r
606 // 主に自動更新ファイルのハッシュの改竄確認
\r
607 BOOL DecryptSignature(const char* PublicKey, const char* Password, const void* pIn, DWORD InLength, void* pOut, DWORD OutLength, DWORD* pOutLength)
\r
614 if(!g_bOpenSSLLoaded)
\r
617 if(pBIO = p_BIO_new_mem_buf((void*)PublicKey, sizeof(char) * strlen(PublicKey)))
\r
619 if(pPKEY = p_PEM_read_bio_PUBKEY(pBIO, NULL, NULL, Password))
\r
621 if(pRSA = p_EVP_PKEY_get1_RSA(pPKEY))
\r
623 if(p_RSA_size(pRSA) <= (int)OutLength)
\r
625 i = p_RSA_public_decrypt((int)InLength, (const unsigned char*)pIn, (unsigned char*)pOut, pRSA, RSA_PKCS1_PADDING);
\r
628 *pOutLength = (DWORD)i;
\r
634 p_EVP_PKEY_free(pPKEY);
\r
641 #pragma warning(pop)
\r
644 // 他にも同等の関数はあるが主にマルウェア対策のための冗長化
\r
645 BOOL GetHashSHA1(const void* pData, DWORD Size, void* pHash)
\r
647 if(!g_bOpenSSLLoaded)
\r
649 p_SHA1((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
653 BOOL GetHashSHA224(const void* pData, DWORD Size, void* pHash)
\r
655 if(!g_bOpenSSLLoaded)
\r
657 p_SHA224((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
661 BOOL GetHashSHA256(const void* pData, DWORD Size, void* pHash)
\r
663 if(!g_bOpenSSLLoaded)
\r
665 p_SHA256((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
669 BOOL GetHashSHA384(const void* pData, DWORD Size, void* pHash)
\r
671 if(!g_bOpenSSLLoaded)
\r
673 p_SHA384((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
677 BOOL GetHashSHA512(const void* pData, DWORD Size, void* pHash)
\r
679 if(!g_bOpenSSLLoaded)
\r
681 p_SHA512((const unsigned char*)pData, (size_t)Size, (unsigned char*)pHash);
\r
686 BOOL AttachSSL(SOCKET s, SOCKET parent, BOOL* pbAborted, BOOL bStrengthen)
\r
693 SSL_SESSION* pSession;
\r
696 if(!g_bOpenSSLLoaded)
\r
699 Time = timeGetTime();
\r
700 EnterCriticalSection(&g_OpenSSLLock);
\r
704 // g_pOpenSSLCTX = p_SSL_CTX_new(p_SSLv23_method());
\r
705 g_pOpenSSLCTX = p_SSL_CTX_new(p_TLS_method());
\r
706 p_SSL_CTX_ctrl(g_pOpenSSLCTX, SSL_CTRL_MODE, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY, NULL);
\r
710 if(ppSSL = GetUnusedSSLPointer())
\r
712 if(*ppSSL = p_SSL_new(g_pOpenSSLCTX))
\r
714 if(p_SSL_set_fd(*ppSSL, s) != 0)
\r
716 bInherited = FALSE;
\r
717 if(parent != INVALID_SOCKET)
\r
719 if(ppSSLParent = FindSSLPointerFromSocket(parent))
\r
721 if(pSession = p_SSL_get_session(*ppSSLParent))
\r
723 if(p_SSL_set_session(*ppSSL, pSession) == 1)
\r
733 // p_SSL_ctrl(*ppSSL, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3, NULL);
\r
734 p_SSL_set_cipher_list(*ppSSL, "HIGH");
\r
737 // SSLのネゴシエーションには時間がかかる場合がある
\r
741 Return = p_SSL_connect(*ppSSL);
\r
744 Error = p_SSL_get_error(*ppSSL, Return);
\r
745 if(Error == SSL_ERROR_WANT_READ || Error == SSL_ERROR_WANT_WRITE)
\r
747 LeaveCriticalSection(&g_OpenSSLLock);
\r
748 if(g_pOpenSSLTimeoutCallback(pbAborted) || (g_OpenSSLTimeout > 0 && timeGetTime() - Time >= g_OpenSSLTimeout))
\r
750 EnterCriticalSection(&g_OpenSSLLock);
\r
757 if(ConfirmSSLCertificate(*ppSSL, pbAborted))
\r
762 LeaveCriticalSection(&g_OpenSSLLock);
\r
765 EnterCriticalSection(&g_OpenSSLLock);
\r
770 LeaveCriticalSection(&g_OpenSSLLock);
\r
772 EnterCriticalSection(&g_OpenSSLLock);
\r
777 LeaveCriticalSection(&g_OpenSSLLock);
\r
779 EnterCriticalSection(&g_OpenSSLLock);
\r
784 LeaveCriticalSection(&g_OpenSSLLock);
\r
789 BOOL DetachSSL(SOCKET s)
\r
793 if(!g_bOpenSSLLoaded)
\r
796 EnterCriticalSection(&g_OpenSSLLock);
\r
797 if(ppSSL = FindSSLPointerFromSocket(s))
\r
799 p_SSL_shutdown(*ppSSL);
\r
800 p_SSL_free(*ppSSL);
\r
804 LeaveCriticalSection(&g_OpenSSLLock);
\r
808 // SSLとしてマークされているか確認
\r
809 // マークされていればTRUEを返す
\r
810 BOOL IsSSLAttached(SOCKET s)
\r
813 if(!g_bOpenSSLLoaded)
\r
815 EnterCriticalSection(&g_OpenSSLLock);
\r
816 ppSSL = FindSSLPointerFromSocket(s);
\r
817 LeaveCriticalSection(&g_OpenSSLLock);
\r
823 SOCKET FTPS_socket(int af, int type, int protocol)
\r
825 return socket(af, type, protocol);
\r
828 int FTPS_bind(SOCKET s, const struct sockaddr *addr, int namelen)
\r
830 return bind(s, addr, namelen);
\r
833 int FTPS_listen(SOCKET s, int backlog)
\r
835 return listen(s, backlog);
\r
839 // ただし初めからSSLのネゴシエーションを行う
\r
840 SOCKET FTPS_accept(SOCKET s, struct sockaddr *addr, int *addrlen)
\r
844 r = accept(s, addr, addrlen);
\r
846 if(!AttachSSL(r, INVALID_SOCKET, &bAborted, TRUE))
\r
849 return INVALID_SOCKET;
\r
855 // ただし初めからSSLのネゴシエーションを行う
\r
856 int FTPS_connect(SOCKET s, const struct sockaddr *name, int namelen)
\r
860 r = connect(s, name, namelen);
\r
862 if(!AttachSSL(r, INVALID_SOCKET, &bAborted, TRUE))
\r
863 return SOCKET_ERROR;
\r
867 // closesocket相当の関数
\r
868 int FTPS_closesocket(SOCKET s)
\r
871 return closesocket(s);
\r
875 int FTPS_send(SOCKET s, const char * buf, int len, int flags)
\r
879 if(!g_bOpenSSLLoaded)
\r
880 return send(s, buf, len, flags);
\r
881 EnterCriticalSection(&g_OpenSSLLock);
\r
882 ppSSL = FindSSLPointerFromSocket(s);
\r
883 LeaveCriticalSection(&g_OpenSSLLock);
\r
885 return send(s, buf, len, flags);
\r
886 r = p_SSL_write(*ppSSL, buf, len);
\r
888 return SOCKET_ERROR;
\r
893 int FTPS_recv(SOCKET s, char * buf, int len, int flags)
\r
897 if(!g_bOpenSSLLoaded)
\r
898 return recv(s, buf, len, flags);
\r
899 EnterCriticalSection(&g_OpenSSLLock);
\r
900 ppSSL = FindSSLPointerFromSocket(s);
\r
901 LeaveCriticalSection(&g_OpenSSLLock);
\r
903 return recv(s, buf, len, flags);
\r
904 if(flags & MSG_PEEK)
\r
905 r = p_SSL_peek(*ppSSL, buf, len);
\r
907 r = p_SSL_read(*ppSSL, buf, len);
\r
909 return SOCKET_ERROR;
\r
915 const struct in6_addr IN6ADDR_NONE = {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}};
\r
926 } GETHOSTBYNAMEDATA;
\r
928 DWORD WINAPI WSAAsyncGetHostByNameIPv6ThreadProc(LPVOID lpParameter)
\r
930 GETHOSTBYNAMEDATA* pData;
\r
931 struct hostent* pHost;
\r
932 struct addrinfo* pAddr;
\r
933 struct addrinfo* p;
\r
935 pData = (GETHOSTBYNAMEDATA*)lpParameter;
\r
936 if(getaddrinfo(pData->name, NULL, NULL, &pAddr) == 0)
\r
941 if(p->ai_family == pData->Family)
\r
943 switch(p->ai_family)
\r
946 pHost = (struct hostent*)pData->buf;
\r
947 if((size_t)pData->buflen >= sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in_addr)
\r
948 && p->ai_addrlen >= sizeof(struct sockaddr_in))
\r
950 pHost->h_name = NULL;
\r
951 pHost->h_aliases = NULL;
\r
952 pHost->h_addrtype = p->ai_family;
\r
953 pHost->h_length = sizeof(struct in_addr);
\r
954 pHost->h_addr_list = (char**)(&pHost[1]);
\r
955 pHost->h_addr_list[0] = (char*)(&pHost->h_addr_list[2]);
\r
956 pHost->h_addr_list[1] = NULL;
\r
957 memcpy(pHost->h_addr_list[0], &((struct sockaddr_in*)p->ai_addr)->sin_addr, sizeof(struct in_addr));
\r
958 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in_addr)));
\r
961 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(WSAENOBUFS << 16));
\r
964 pHost = (struct hostent*)pData->buf;
\r
965 if((size_t)pData->buflen >= sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in6_addr)
\r
966 && p->ai_addrlen >= sizeof(struct sockaddr_in6))
\r
968 pHost->h_name = NULL;
\r
969 pHost->h_aliases = NULL;
\r
970 pHost->h_addrtype = p->ai_family;
\r
971 pHost->h_length = sizeof(struct in6_addr);
\r
972 pHost->h_addr_list = (char**)(&pHost[1]);
\r
973 pHost->h_addr_list[0] = (char*)(&pHost->h_addr_list[2]);
\r
974 pHost->h_addr_list[1] = NULL;
\r
975 memcpy(pHost->h_addr_list[0], &((struct sockaddr_in6*)p->ai_addr)->sin6_addr, sizeof(struct in6_addr));
\r
976 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(sizeof(struct hostent) + sizeof(char*) * 2 + sizeof(struct in6_addr)));
\r
979 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(WSAENOBUFS << 16));
\r
988 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(ERROR_INVALID_FUNCTION << 16));
\r
989 freeaddrinfo(pAddr);
\r
992 PostMessage(pData->hWnd, pData->wMsg, (WPARAM)pData->h, (LPARAM)(ERROR_INVALID_FUNCTION << 16));
\r
993 // CreateThreadが返すハンドルが重複するのを回避
\r
995 CloseHandle(pData->h);
\r
1001 // IPv6対応のWSAAsyncGetHostByName相当の関数
\r
1002 // FamilyにはAF_INETまたはAF_INET6を指定可能
\r
1004 HANDLE WSAAsyncGetHostByNameIPv6(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen, short Family)
\r
1007 GETHOSTBYNAMEDATA* pData;
\r
1009 if(pData = malloc(sizeof(GETHOSTBYNAMEDATA)))
\r
1011 pData->hWnd = hWnd;
\r
1012 pData->wMsg = wMsg;
\r
1013 if(pData->name = malloc(sizeof(char) * (strlen(name) + 1)))
\r
1015 strcpy(pData->name, name);
\r
1017 pData->buflen = buflen;
\r
1018 pData->Family = Family;
\r
1019 if(pData->h = CreateThread(NULL, 0, WSAAsyncGetHostByNameIPv6ThreadProc, pData, CREATE_SUSPENDED, NULL))
\r
1021 ResumeThread(pData->h);
\r
1022 hResult = pData->h;
\r
1031 free(pData->name);
\r
1038 // WSAAsyncGetHostByNameIPv6用のWSACancelAsyncRequest相当の関数
\r
1039 int WSACancelAsyncRequestIPv6(HANDLE hAsyncTaskHandle)
\r
1042 Result = SOCKET_ERROR;
\r
1043 if(TerminateThread(hAsyncTaskHandle, 0))
\r
1045 CloseHandle(hAsyncTaskHandle);
\r
1051 char* AddressToStringIPv4(char* str, void* in)
\r
1056 p = (unsigned char*)in;
\r
1057 sprintf(str, "%u.%u.%u.%u", p[0], p[1], p[2], p[3]);
\r
1061 char* AddressToStringIPv6(char* str, void* in6)
\r
1071 p = (unsigned char*)in6;
\r
1074 for(i = 0; i < 8; i++)
\r
1076 for(j = i; j < 8; j++)
\r
1078 if(p[j * 2] != 0 || p[j * 2 + 1] != 0)
\r
1081 if(j - i > MaxZeroLen)
\r
1084 MaxZeroLen = j - i;
\r
1088 for(i = 0; i < 8; i++)
\r
1096 else if(i < MaxZero || i >= MaxZero + MaxZeroLen)
\r
1098 sprintf(Tmp, "%x", (((int)p[i * 2] & 0xff) << 8) | ((int)p[i * 2 + 1] & 0xff));
\r
1107 // IPv6対応のinet_ntoa相当の関数
\r
1109 char* inet6_ntoa(struct in6_addr in6)
\r
1112 static char Adrs[40];
\r
1114 memset(Adrs, 0, sizeof(Adrs));
\r
1115 pResult = AddressToStringIPv6(Adrs, &in6);
\r
1119 // IPv6対応のinet_addr相当の関数
\r
1121 struct in6_addr inet6_addr(const char* cp)
\r
1123 struct in6_addr Result;
\r
1127 memset(&Result, 0, sizeof(Result));
\r
1129 for(i = 0; i < 8; i++)
\r
1133 memcpy(&Result, &IN6ADDR_NONE, sizeof(struct in6_addr));
\r
1136 if(i >= AfterZero)
\r
1138 if(strncmp(cp, ":", 1) == 0)
\r
1141 if(i == 0 && strncmp(cp, ":", 1) == 0)
\r
1145 while(p = strstr(p, ":"))
\r
1153 Result.u.Word[i] = (USHORT)strtol(cp, &p, 16);
\r
1154 Result.u.Word[i] = ((Result.u.Word[i] & 0xff00) >> 8) | ((Result.u.Word[i] & 0x00ff) << 8);
\r
1155 if(strncmp(p, ":", 1) != 0 && strlen(p) > 0)
\r
1157 memcpy(&Result, &IN6ADDR_NONE, sizeof(struct in6_addr));
\r
1160 if(cp = strstr(cp, ":"))
\r
1168 BOOL ConvertDomainNameToPunycode(LPSTR Output, DWORD Count, LPCSTR Input)
\r
1171 punycode_uint* pUnicode;
\r
1174 LPCSTR InputString;
\r
1175 punycode_uint Length;
\r
1176 punycode_uint OutputLength;
\r
1178 if(pUnicode = malloc(sizeof(punycode_uint) * strlen(Input)))
\r
1182 InputString = Input;
\r
1184 while(*InputString != '\0')
\r
1186 *p = (punycode_uint)GetNextCharM(InputString, NULL, &InputString);
\r
1194 if(Count >= strlen("xn--") + 1)
\r
1196 strcpy(Output, "xn--");
\r
1197 OutputLength = Count - strlen("xn--");
\r
1198 if(punycode_encode(Length, pUnicode, NULL, (punycode_uint*)&OutputLength, Output + strlen("xn--")) == punycode_success)
\r
1200 Output[strlen("xn--") + OutputLength] = '\0';
\r
1209 if(Count >= strlen(Input) + 1)
\r
1211 strcpy(Output, Input);
\r
1218 BOOL ConvertNameToPunycode(LPSTR Output, LPCSTR Input)
\r
1227 Length = strlen(Input);
\r
1228 if(pm0 = AllocateStringM(Length + 1))
\r
1230 if(pm1 = AllocateStringM(Length * 4 + 1))
\r
1232 strcpy(pm0, Input);
\r
1236 if(pNext = strchr(p, '.'))
\r
1241 if(ConvertDomainNameToPunycode(pm1, Length * 4, p))
\r
1242 strcat(Output, pm1);
\r
1244 strcat(Output, ".");
\r
1248 FreeDuplicatedString(pm1);
\r
1250 FreeDuplicatedString(pm0);
\r
1255 HANDLE WSAAsyncGetHostByNameM(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen)
\r
1259 if(pa0 = AllocateStringA(strlen(name) * 4))
\r
1261 if(ConvertNameToPunycode(pa0, name))
\r
1262 r = WSAAsyncGetHostByName(hWnd, wMsg, pa0, buf, buflen);
\r
1264 FreeDuplicatedString(pa0);
\r
1268 HANDLE WSAAsyncGetHostByNameIPv6M(HWND hWnd, u_int wMsg, const char * name, char * buf, int buflen, short Family)
\r
1272 if(pa0 = AllocateStringA(strlen(name) * 4))
\r
1274 if(ConvertNameToPunycode(pa0, name))
\r
1275 r = WSAAsyncGetHostByNameIPv6(hWnd, wMsg, pa0, buf, buflen, Family);
\r
1277 FreeDuplicatedString(pa0);
\r