ssl_task.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369
  1. /* ssl/ssl_task.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* VMS */
  59. /*
  60. * DECnet object for servicing SSL. We accept the inbound and speak a
  61. * simple protocol for multiplexing the 2 data streams (application and
  62. * ssl data) over this logical link.
  63. *
  64. * Logical names:
  65. * SSL_CIPHER Defines a list of cipher specifications the server
  66. * will support in order of preference.
  67. * SSL_SERVER_CERTIFICATE
  68. * Points to PEM (privacy enhanced mail) file that
  69. * contains the server certificate and private password.
  70. * SYS$NET Logical created by netserver.exe as hook for completing
  71. * DECnet logical link.
  72. *
  73. * Each NSP message sent over the DECnet link has the following structure:
  74. * struct rpc_msg {
  75. * char channel;
  76. * char function;
  77. * short length;
  78. * char data[MAX_DATA];
  79. * } msg;
  80. *
  81. * The channel field designates the virtual data stream this message applies
  82. * to and is one of:
  83. * A - Application data (payload).
  84. * R - Remote client connection that initiated the SSL connection. Encrypted
  85. * data is sent over this connection.
  86. * G - General data, reserved for future use.
  87. *
  88. * The data streams are half-duplex read/write and have following functions:
  89. * G - Get, requests that up to msg.length bytes of data be returned. The
  90. * data is returned in the next 'C' function response that matches the
  91. * requesting channel.
  92. * P - Put, requests that the first msg.length bytes of msg.data be appended
  93. * to the designated stream.
  94. * C - Confirms a get or put. Every get and put will get a confirm response,
  95. * you cannot initiate another function on a channel until the previous
  96. * operation has been confirmed.
  97. *
  98. * The 2 channels may interleave their operations, for example:
  99. * Server msg Client msg
  100. * A, Get, 4092 ---->
  101. * <---- R, get, 4092
  102. * R, Confirm, {hello} ---->
  103. * <---- R, put, {srv hello}
  104. * R, Confirm, 0 ---->
  105. * . (SSL handshake completed)
  106. * . (read first app data).
  107. * <---- A, confirm, {http data}
  108. * A, Put, {http data} ---->
  109. * <---- A, confirm, 0
  110. *
  111. * The length field is not permitted to be larger that 4092 bytes.
  112. *
  113. * Author: Dave Jones
  114. * Date: 22-JUL-1996
  115. */
  116. #include <stdlib.h>
  117. #include <stdio.h>
  118. #include <iodef.h> /* VMS IO$_ definitions */
  119. #include <descrip.h> /* VMS string descriptors */
  120. extern int SYS$QIOW(), SYS$ASSIGN();
  121. int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
  122. #include <string.h> /* from ssltest.c */
  123. #include <errno.h>
  124. #include "e_os.h"
  125. #include <openssl/buffer.h>
  126. #include <openssl/x509.h>
  127. #include <openssl/ssl.h>
  128. #include <openssl/err.h>
  129. int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
  130. int error);
  131. BIO *bio_err=NULL;
  132. BIO *bio_stdout=NULL;
  133. BIO_METHOD *BIO_s_rtcp();
  134. static char *cipher=NULL;
  135. int verbose=1;
  136. #ifdef FIONBIO
  137. static int s_nbio=0;
  138. #endif
  139. #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
  140. /*************************************************************************/
  141. struct rpc_msg { /* Should have member alignment inhibited */
  142. char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
  143. char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
  144. unsigned short int length; /* Amount of data returned or max to return */
  145. char data[4092]; /* variable data */
  146. };
  147. #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
  148. static $DESCRIPTOR(sysnet, "SYS$NET");
  149. typedef unsigned short io_channel;
  150. struct io_status {
  151. unsigned short status;
  152. unsigned short count;
  153. unsigned long stsval;
  154. };
  155. int doit(io_channel chan, SSL_CTX *s_ctx );
  156. /*****************************************************************************/
  157. /* Decnet I/O routines.
  158. */
  159. static int get ( io_channel chan, char *buffer, int maxlen, int *length )
  160. {
  161. int status;
  162. struct io_status iosb;
  163. status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
  164. buffer, maxlen, 0, 0, 0, 0 );
  165. if ( (status&1) == 1 ) status = iosb.status;
  166. if ( (status&1) == 1 ) *length = iosb.count;
  167. return status;
  168. }
  169. static int put ( io_channel chan, char *buffer, int length )
  170. {
  171. int status;
  172. struct io_status iosb;
  173. status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
  174. buffer, length, 0, 0, 0, 0 );
  175. if ( (status&1) == 1 ) status = iosb.status;
  176. return status;
  177. }
  178. /***************************************************************************/
  179. /* Handle operations on the 'G' channel.
  180. */
  181. static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
  182. {
  183. return 48;
  184. }
  185. /***************************************************************************/
  186. int main ( int argc, char **argv )
  187. {
  188. int status, length;
  189. io_channel chan;
  190. struct rpc_msg msg;
  191. char *CApath=NULL,*CAfile=NULL;
  192. int badop=0;
  193. int ret=1;
  194. int client_auth=0;
  195. int server_auth=0;
  196. SSL_CTX *s_ctx=NULL;
  197. /*
  198. * Confirm logical link with initiating client.
  199. */
  200. LIB$INIT_TIMER();
  201. status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
  202. printf("status of assign to SYS$NET: %d\n", status );
  203. /*
  204. * Initialize standard out and error files.
  205. */
  206. if (bio_err == NULL)
  207. if ((bio_err=BIO_new(BIO_s_file())) != NULL)
  208. BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
  209. if (bio_stdout == NULL)
  210. if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
  211. BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
  212. /*
  213. * get the preferred cipher list and other initialization
  214. */
  215. if (cipher == NULL) cipher=getenv("SSL_CIPHER");
  216. printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
  217. SSL_load_error_strings();
  218. OpenSSL_add_all_algorithms();
  219. /* DRM, this was the original, but there is no such thing as SSLv2()
  220. s_ctx=SSL_CTX_new(SSLv2());
  221. */
  222. s_ctx=SSL_CTX_new(SSLv2_server_method());
  223. if (s_ctx == NULL) goto end;
  224. SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
  225. SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
  226. printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
  227. /*
  228. * Take commands from client until bad status.
  229. */
  230. LIB$SHOW_TIMER();
  231. status = doit ( chan, s_ctx );
  232. LIB$SHOW_TIMER();
  233. /*
  234. * do final cleanup and exit.
  235. */
  236. end:
  237. if (s_ctx != NULL) SSL_CTX_free(s_ctx);
  238. LIB$SHOW_TIMER();
  239. return 1;
  240. }
  241. int doit(io_channel chan, SSL_CTX *s_ctx )
  242. {
  243. int status, length, link_state;
  244. struct rpc_msg msg;
  245. SSL *s_ssl=NULL;
  246. BIO *c_to_s=NULL;
  247. BIO *s_to_c=NULL;
  248. BIO *c_bio=NULL;
  249. BIO *s_bio=NULL;
  250. int i;
  251. int done=0;
  252. s_ssl=SSL_new(s_ctx);
  253. if (s_ssl == NULL) goto err;
  254. c_to_s=BIO_new(BIO_s_rtcp());
  255. s_to_c=BIO_new(BIO_s_rtcp());
  256. if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
  257. /* original, DRM 24-SEP-1997
  258. BIO_set_fd ( c_to_s, "", chan );
  259. BIO_set_fd ( s_to_c, "", chan );
  260. */
  261. BIO_set_fd ( c_to_s, 0, chan );
  262. BIO_set_fd ( s_to_c, 0, chan );
  263. c_bio=BIO_new(BIO_f_ssl());
  264. s_bio=BIO_new(BIO_f_ssl());
  265. if ((c_bio == NULL) || (s_bio == NULL)) goto err;
  266. SSL_set_accept_state(s_ssl);
  267. SSL_set_bio(s_ssl,c_to_s,s_to_c);
  268. BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
  269. /* We can always do writes */
  270. printf("Begin doit main loop\n");
  271. /*
  272. * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
  273. */
  274. for (link_state = 0; link_state < 3; ) {
  275. /*
  276. * Wait for remote end to request data action on A channel.
  277. */
  278. while ( link_state == 0 ) {
  279. status = get ( chan, (char *) &msg, sizeof(msg), &length );
  280. if ( (status&1) == 0 ) {
  281. printf("Error in main loop get: %d\n", status );
  282. link_state = 3;
  283. break;
  284. }
  285. if ( length < RPC_HDR_SIZE ) {
  286. printf("Error in main loop get size: %d\n", length );
  287. break;
  288. link_state = 3;
  289. }
  290. if ( msg.channel != 'A' ) {
  291. printf("Error in main loop, unexpected channel: %c\n",
  292. msg.channel );
  293. break;
  294. link_state = 3;
  295. }
  296. if ( msg.function == 'G' ) {
  297. link_state = 1;
  298. } else if ( msg.function == 'P' ) {
  299. link_state = 2; /* write pending */
  300. } else if ( msg.function == 'X' ) {
  301. link_state = 3;
  302. } else {
  303. link_state = 3;
  304. }
  305. }
  306. if ( link_state == 1 ) {
  307. i = BIO_read ( s_bio, msg.data, msg.length );
  308. if ( i < 0 ) link_state = 3;
  309. else {
  310. msg.channel = 'A';
  311. msg.function = 'C'; /* confirm */
  312. msg.length = i;
  313. status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
  314. if ( (status&1) == 0 ) break;
  315. link_state = 0;
  316. }
  317. } else if ( link_state == 2 ) {
  318. i = BIO_write ( s_bio, msg.data, msg.length );
  319. if ( i < 0 ) link_state = 3;
  320. else {
  321. msg.channel = 'A';
  322. msg.function = 'C'; /* confirm */
  323. msg.length = 0;
  324. status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
  325. if ( (status&1) == 0 ) break;
  326. link_state = 0;
  327. }
  328. }
  329. }
  330. fprintf(stdout,"DONE\n");
  331. err:
  332. /* We have to set the BIO's to NULL otherwise they will be
  333. * free()ed twice. Once when th s_ssl is SSL_free()ed and
  334. * again when c_ssl is SSL_free()ed.
  335. * This is a hack required because s_ssl and c_ssl are sharing the same
  336. * BIO structure and SSL_set_bio() and SSL_free() automatically
  337. * BIO_free non NULL entries.
  338. * You should not normally do this or be required to do this */
  339. s_ssl->rbio=NULL;
  340. s_ssl->wbio=NULL;
  341. if (c_to_s != NULL) BIO_free(c_to_s);
  342. if (s_to_c != NULL) BIO_free(s_to_c);
  343. if (c_bio != NULL) BIO_free(c_bio);
  344. if (s_bio != NULL) BIO_free(s_bio);
  345. return(0);
  346. }