ssl.h File Reference


Detailed Description

Provides SSL socket communication.

Definition in file ssl.h.

#include <string>
#include <vector>
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "sock.h"

Include dependency graph for ssl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  s_ssl_bot
 Stores configuration data (ssl.txt) for one bot to accept its connection via SSL. More...
struct  s_ssl_conf
 Stores configuration from ssl.txt. More...

Functions

bool ssl_client_connection (SSL *&ssl, s_socket *server, char *err_str, char *client_cert, char *client_key)
 Attaches socket of client connected to server to OpenSSL.
bool ssl_client_read (SSL *ssl, s_socket *client, char *err_str, char *buf, size_t buf_len, size_t &buf_got)
 Reads from cache.
void ssl_close (SSL *ssl, s_socket *peer)
 Closes the SSL connection in OpenSSL (not socket).
void ssl_do_read_write (SSL *ssl)
 Performs cached reads and writes.
bool ssl_init (char *err_str, char *trustedCAs)
 Initializes OpenSSL.
bool ssl_server_accept (SSL *ssl, s_socket *client)
 Accepts incomming client connection in OpenSSL.
bool ssl_server_connection (SSL *&ssl, s_socket *client, char *err_str, char *server_cert, char *server_key, char *expected_client_cert)
 Attaches socket connection to OpenSSL.
bool ssl_server_read (SSL *ssl, s_socket *client, char *err_str, char *buf, size_t buf_len, size_t &buf_got)
 Reads from cache.
bool ssl_write (SSL *ssl, s_socket *peer, char *err_str, char *buf, size_t buf_len)
 Writes to send cache.


Function Documentation

bool ssl_client_connection SSL *&  ssl,
s_socket server,
char *  err_str,
char *  client_cert,
char *  client_key
 

Attaches socket of client connected to server to OpenSSL.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl Receives SSL descriptor of connection
server Socket descriptor of connection
err_str If return value is true, there's error string
client_cert Path to file containing client's certificate chain to use for connection
client_key Private key for clients's certificate
Returns:
true for error

Definition at line 965 of file ssl.cpp.

References mydata_t::always_continue, s_ssl_receive_later::cert_verified, ctx, s_ssl_receive_later::data, s_ssl_receive_later::expected_client_cert, extra_data, s_socket::handle, s_ssl_receive_later::has_error, s_extra_data::index, log_ssl(), mydata_t::ok, s_ssl_receive_later::s, s_ssl_receive_later::ssl, s_extra_data::ssl, s_socket::ssl_accepted, s_socket::ssl_data_index, ssl_error(), ssl_receive_later, ssl_verify_error(), mydata_t::verbose_mode, verify_callback(), mydata_t::verify_depth, and verify_depth_.

Referenced by botnet_loop().

00966 {
00967     server->ssl_accepted=true;
00968 
00969     int err;
00970 
00971     //X509*    server_cert;
00972 
00973     ssl = SSL_new (ctx);
00974     if(!ssl) {
00975         strcpy(err_str,"attempt to use NULL SSL handle");
00976         ssl_error("ssl_client_connection",err_str);
00977         log_ssl(err_str);
00978         return true;
00979     }
00980 
00981     SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,verify_callback);
00982     SSL_set_verify_depth(ssl,verify_depth_ + 1);
00983 
00984     if (SSL_use_certificate_file(ssl, client_cert, SSL_FILETYPE_PEM) <= 0) {
00985         ERR_error_string(ERR_get_error(),err_str);
00986         ssl_error("SSL_use_certificate_file",err_str);
00987         log_ssl(err_str);
00988         return true;
00989     }
00990     if (SSL_use_RSAPrivateKey_file(ssl, client_key, SSL_FILETYPE_PEM) <= 0) {
00991         ERR_error_string(ERR_get_error(),err_str);
00992         ssl_error("SSL_use_RSAPrivateKey_file",err_str);
00993         log_ssl(err_str);
00994         return true;
00995     }
00996 
00997     if (!SSL_check_private_key(ssl)) {
00998         sprintf(err_str,"Private key does not match the certificate public key\n");
00999         ssl_error("SSL_check_private_key",err_str);
01000         log_ssl(err_str);
01001         return true;
01002     }
01003 
01004     int mydata_index = SSL_get_ex_new_index(0,NULL , NULL, NULL, NULL);
01005     server->ssl_data_index=mydata_index;
01006     s_extra_data e;
01007     e.ssl=ssl;
01008     e.index=mydata_index;
01009     extra_data.push_back(e);
01010 
01011     mydata_t* mydata=new mydata_t;
01012     mydata->verify_depth = verify_depth_;
01013     mydata->always_continue=false;
01014     mydata->verbose_mode=false;
01015     mydata->ok=true;
01016     SSL_set_ex_data(ssl, mydata_index, mydata);
01017 
01018     SSL_set_fd (ssl, (int)server->handle);
01019     err = SSL_connect (ssl);
01020     if(err==-1 && ERR_get_error()!=0) {
01021         ERR_error_string(ERR_get_error(),err_str);
01022         ssl_error("SSL_connect",err_str);
01023         log_ssl(err_str);
01024         if(ssl_verify_error(ssl,err_str))
01025             log_ssl(err_str);
01026         return true;
01027     }
01028 
01029     /* Following two steps are optional and not required for
01030        data exchange to be successful. */
01031   
01032     /* Get the cipher - opt */
01033 
01034     //printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
01035   
01036     /* Get server's certificate (note: beware of dynamic allocation) - opt */
01037 
01038     /*server_cert = SSL_get_peer_certificate (ssl);
01039     if(!server_cert)
01040         return true;
01041   
01042     str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
01043     if(!str)
01044         return true;
01045     OPENSSL_free (str);
01046 
01047     str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
01048     if(!str)
01049         return true;
01050     OPENSSL_free (str);
01051 
01052     /* We could do all sorts of certificate verification stuff here before
01053        deallocating the certificate. *
01054 
01055     X509_free (server_cert);*/
01056 
01057     /* --------------------------------------------------- */
01058     /* DATA EXCHANGE - Send a message and receive a reply. */
01059 
01060     {
01061         s_ssl_receive_later r;
01062         r.data.clear();
01063         r.has_error=false;
01064         r.ssl=ssl;
01065         r.s=*server;
01066         r.cert_verified=false;
01067         r.expected_client_cert="";
01068         ssl_receive_later.push_back(r);
01069     }
01070 
01071     return false;
01072 }

Here is the call graph for this function:

bool ssl_client_read SSL *  ssl,
s_socket client,
char *  err_str,
char *  buf,
size_t  buf_len,
size_t &  buf_got
 

Reads from cache.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection
client Socket descriptor of connection
err_str If return value is true, there's error string
buf Buffer for read
buf_len Length of that buffer
buf_got Returns number of bytes actually read
Returns:
true for error

Definition at line 1087 of file ssl.cpp.

References ssl_server_read().

Referenced by botnet_receive().

01088 {
01089     return ssl_server_read(ssl,client,err_str,buf,buf_len,buf_got);
01090 }

Here is the call graph for this function:

void ssl_close SSL *  ssl,
s_socket peer
 

Closes the SSL connection in OpenSSL (not socket).

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection
peer Socket descriptor of connection

Definition at line 909 of file ssl.cpp.

References extra_data, s_socket::ssl_data_index, ssl_receive_later, and ssl_send_later.

Referenced by botnet_link(), botnet_loop(), botnet_receive(), botnet_send_command(), botnet_send_control(), and dcc_loop().

00910 {
00911     if(!ssl)
00912         return;
00913 
00914     {
00915         vector<s_ssl_send_later>::iterator i1;
00916         for(i1=ssl_send_later.begin(); i1!=ssl_send_later.end(); i1++) {
00917             if((*i1).ssl==ssl) {
00918                 list<s_ssl_data>::iterator i;
00919                 for(i=(*i1).data.begin(); i!=(*i1).data.end(); i++)
00920                     delete[] (*i).data;
00921                 (*i1).data.clear();
00922                 ssl_send_later.erase(i1);
00923                 break;
00924             }
00925         }
00926 
00927         vector<s_ssl_receive_later>::iterator i2;
00928         for(i2=ssl_receive_later.begin(); i2!=ssl_receive_later.end(); i2++) {
00929             if((*i2).ssl==ssl) {
00930                 list<s_ssl_data>::iterator i;
00931                 for(i=(*i2).data.begin(); i!=(*i2).data.end(); i++)
00932                     delete[] (*i).data;
00933                 (*i2).data.clear();
00934                 ssl_receive_later.erase(i2);
00935                 break;
00936             }
00937         }
00938     }
00939 
00940     mydata_t* mydata = (mydata_t*) SSL_get_ex_data(ssl, peer->ssl_data_index);
00941     if(mydata)
00942         delete mydata;
00943     vector<s_extra_data>::iterator i1;
00944     for(i1=extra_data.begin(); i1!=extra_data.end(); i1++) {
00945         if((*i1).ssl==ssl) {
00946             extra_data.erase(i1);
00947             break;
00948         }
00949     }
00950     SSL_free (ssl);
00951 }

void ssl_do_read_write SSL *  ssl  ) 
 

Performs cached reads and writes.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection

Definition at line 283 of file ssl.cpp.

References s_ssl_data::data, s_ssl_data::error, s_ssl_data::len, log_ssl(), ssl_error(), ssl_process_error_on_verify(), ssl_read_cert(), ssl_receive_later, and ssl_send_later.

Referenced by botnet_loop(), ssl_server_read(), and ssl_write().

00284 {
00285     char err_str[1024];
00286 
00287     vector<s_ssl_receive_later>::iterator i2;
00288     for(i2=ssl_receive_later.begin(); i2!=ssl_receive_later.end(); i2++) {
00289         if((*i2).ssl==ssl) {
00290             unsigned int max_size=1024*20;
00291             char* buf_=new char[max_size];
00292 
00293             timeval t;
00294             t.tv_sec=0;
00295             t.tv_usec=10;
00296 
00297             fd_set a;
00298             FD_ZERO(&a);
00299             FD_SET((*i2).s.handle,&a);
00300 
00301             int i=select((int)(*i2).s.handle+1,&a,NULL,NULL,&t);
00302             if(i==0) {
00303                 delete[] buf_;
00304                 break;
00305             }
00306 
00307             int err;
00308             try {
00309                 err=SSL_read (ssl, buf_, max_size);
00310             } catch(...) {
00311                 err=-1;
00312             }
00313             if(err==-1 && (ERR_get_error()==SSL_ERROR_WANT_READ || ERR_get_error()==SSL_ERROR_WANT_WRITE)) {
00314                 delete[] buf_;
00315                 break;
00316             }
00317             if(err==-1 && ERR_get_error()!=0) {
00318                 ERR_error_string(ERR_get_error(),err_str);
00319                 ssl_error("SSL_read",err_str);
00320                 log_ssl(err_str);
00321 
00322                 delete[] buf_;
00323                 if(!(*i2).has_error) {
00324                     s_ssl_data d;
00325                     d.error=ERR_get_error();
00326                     (*i2).data.push_back(d);
00327                     (*i2).has_error=true;
00328                     break;
00329                 }
00330             }
00331             if(!(*i2).has_error && ssl_process_error_on_verify(ssl)) {
00332                 s_ssl_data d;
00333                 d.data=NULL;
00334                 d.len=0;
00335                 d.error=-1;
00336                 (*i2).data.push_back(d);
00337                 (*i2).has_error=true;
00338             }
00339             size_t size_=((signed)err>0?err:0);
00340             if(size_==0) {
00341                 delete[] buf_;
00342                 break;
00343             }
00344             if(size_) {
00345                 s_ssl_data d;
00346                 d.error=0;
00347                 d.len=size_;
00348                 d.data=buf_;
00349                 (*i2).data.push_back(d);
00350 
00351                 if(!(*i2).cert_verified) {
00352                     X509* client_cert = SSL_get_peer_certificate (ssl);
00353                     if (client_cert != NULL) {
00354                         if (SSL_get_verify_result(ssl) == X509_V_OK) {
00355                             // The client sent a certificate which verified OK
00356                             bool ok=false;
00357                             if(!(*i2).expected_client_cert.empty()) {
00358                                 X509* ecc=ssl_read_cert((char*)(*i2).expected_client_cert.c_str());
00359                                 X509_check_purpose(ecc,-1,0); // compute SHA1 hash
00360                                 if(ecc==NULL) {
00361                                     ok=false;
00362                                 } else {
00363                                     char* hash1=(char*)&(ecc->sha1_hash);
00364                                     char* hash2=(char*)&(client_cert->sha1_hash);
00365                                     ok=true;
00366                                     for(int i1=0; i1<sizeof(client_cert->sha1_hash); i1++, hash1++, hash2++)
00367                                         if(*hash1!=*hash2) {
00368                                             ok=false;
00369                                             break;
00370                                         }
00371                                 }
00372                             } else
00373                                 ok=true;
00374                             if(ok) {
00375                                 (*i2).cert_verified=true;
00376                                 X509_free (client_cert);
00377                             } else {
00378                                 char err_str[1024];
00379                                 strcpy(err_str,"certificate verification failed");
00380                                 ssl_error("ssl_server_read",err_str);
00381                                 log_ssl(err_str);
00382                                 X509_free (client_cert);
00383                                 (*i2).has_error=true;
00384                                 s_ssl_data d;
00385                                 d.error=-1;
00386                                 d.len=0;
00387                                 d.data=NULL;
00388                                 (*i2).data.push_back(d);
00389                             }
00390                         } else {
00391                             char err_str[1024];
00392                             strcpy(err_str,"certificate verification failed");
00393                             ssl_error("ssl_server_read",err_str);
00394                             log_ssl(err_str);
00395                             X509_free (client_cert);
00396                             (*i2).has_error=true;
00397                             s_ssl_data d;
00398                             d.error=-1;
00399                             d.len=0;
00400                             d.data=NULL;
00401                             (*i2).data.push_back(d);
00402                         }
00403                     } else {
00404                         char err_str[1024];
00405                         strcpy(err_str,"certificate verification failed");
00406                         ssl_error("ssl_server_read",err_str);
00407                         log_ssl(err_str);
00408                         (*i2).has_error=true;
00409                         s_ssl_data d;
00410                         d.error=-1;
00411                         d.len=0;
00412                         d.data=NULL;
00413                         (*i2).data.push_back(d);
00414                     }
00415                 }
00416             }
00417         }
00418     }
00419 
00420     vector<s_ssl_send_later>::iterator i1;
00421     for(i1=ssl_send_later.begin(); i1!=ssl_send_later.end(); i1++) {
00422     again:
00423         list<s_ssl_data>::iterator i2;
00424         try {
00425             i2=(*i1).data.begin();
00426         } catch(...) {
00427             continue;
00428         }
00429         for(i2=(*i1).data.begin(); i2!=(*i1).data.end(); i2++) {
00430             size_t l=1024;
00431             if((*i2).len<l)
00432                 l=(*i2).len;
00433 
00434             size_t Sent;
00435             //int err;
00436             try {
00437                 Sent=SSL_write (ssl, (*i2).data, (int)(*i2).len);
00438             } catch(...) {
00439                 Sent=(size_t)-1;
00440             }
00441             if(Sent==(size_t)-1 && ERR_get_error()!=SSL_ERROR_WANT_READ && ERR_get_error()!=SSL_ERROR_WANT_WRITE) {
00442                 if(!(*i1).has_error && ERR_get_error()!=0) {
00443                     ERR_error_string(ERR_get_error(),err_str);
00444                     ssl_error("SSL_write",err_str);
00445                     log_ssl(err_str);
00446                     s_ssl_data d;
00447                     d.data=NULL;
00448                     d.len=0;
00449                     d.error=ERR_get_error();
00450                     (*i1).data.push_back(d);
00451                     (*i1).has_error=true;
00452                 }
00453                 if(!(*i1).has_error && ssl_process_error_on_verify(ssl)) {
00454                     s_ssl_data d;
00455                     d.data=NULL;
00456                     d.len=0;
00457                     d.error=-1;
00458                     (*i1).data.push_back(d);
00459                     (*i1).has_error=true;
00460                 }
00461                 break;
00462             }
00463             if((signed)Sent<0)
00464                 Sent=0;
00465 
00466             if(Sent<(*i2).len) {
00467                 char* buf_=new char[(*i2).len-Sent];
00468                 memcpy(buf_,&(*i2).data[Sent],(*i2).len-Sent);
00469                 delete[] (*i2).data;
00470                 (*i2).len-=Sent;
00471                 (*i2).data=buf_;
00472             } else {
00473                 delete[] (*i2).data;
00474                 (*i1).data.pop_front();
00475             }
00476             goto again;
00477         }
00478     }
00479 }

Here is the call graph for this function:

bool ssl_init char *  err_str,
char *  trustedCAs
 

Initializes OpenSSL.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
err_str If return value is true, there's error string
trustedCAs Path to file containing certificates of CA's tu trust
Returns:
true for error

Definition at line 671 of file ssl.cpp.

References ctx, log_ssl(), meth, ssl_error(), verify_callback(), and verify_depth_.

Referenced by main().

00672 {
00673     /* SSL preliminaries. We keep the certificate and key with the context. */
00674 
00675     SSL_load_error_strings();
00676 
00677     SSL_library_init();                      /* initialize library */
00678     //actions_to_seed_PRNG();
00679 
00680     SSLeay_add_ssl_algorithms();
00681     meth = SSLv3_method();
00682     ctx = SSL_CTX_new (meth);
00683 
00684     if (!ctx) {
00685         //ERR_print_errors_fp(stderr);
00686         ERR_error_string(ERR_get_error(),err_str);
00687         ssl_error("SSL_CTX_new",err_str);
00688         log_ssl(err_str);
00689         return true;
00690     }
00691 
00692     STACK_OF(X509_NAME) *cert_names=SSL_load_client_CA_file(trustedCAs);
00693     if(!cert_names) {
00694         ERR_error_string(ERR_get_error(),err_str);
00695         ssl_error("SSL_load_client_CA_file",err_str);
00696         if(strlen(err_str)+strlen(trustedCAs)+64<1024) {
00697             strcat(err_str,"(using file \"");
00698             strcat(err_str,trustedCAs);
00699             strcat(err_str,"\")");
00700         }
00701         log_ssl(err_str);
00702         return true;
00703     }
00704     SSL_CTX_set_client_CA_list(ctx,cert_names);
00705 
00706     if(!SSL_CTX_load_verify_locations(ctx,trustedCAs,NULL)) {
00707         ERR_error_string(ERR_get_error(),err_str);
00708         ssl_error("SSL_CTX_load_verify_locations",err_str);
00709         log_ssl(err_str);
00710         return true;
00711     }
00712 
00713     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,verify_callback);
00714     SSL_CTX_set_verify_depth(ctx,verify_depth_ + 1);
00715 
00716     return false;
00717 }

Here is the call graph for this function:

bool ssl_server_accept SSL *  ssl,
s_socket client
 

Accepts incomming client connection in OpenSSL.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection
client Socket descriptor of connection
Returns:
true if connection has been accepted, otherwise false

Definition at line 1146 of file ssl.cpp.

References s_socket::handle, and s_socket::ssl_accepted.

Referenced by dcc_loop().

01147 {
01148     if(!ssl)
01149         return false;
01150 
01151     int err;
01152 
01153     if(!client->ssl_accepted) {
01154         timeval t;
01155         t.tv_sec=0;
01156         t.tv_usec=10;
01157         fd_set a;
01158         FD_ZERO(&a);
01159         FD_SET(client->handle,&a);
01160         int ii=select((int)client->handle+1,&a,NULL,NULL,&t);
01161         if(ii==0)
01162             return false;
01163         err = SSL_accept (ssl);
01164         /*if(err==-1) {
01165             char err_str[1024];
01166             ERR_error_string(ERR_get_error(),err_str);
01167             //log_ssl(err_str);
01168             return false;
01169         }*/
01170         return client->ssl_accepted=true;
01171     }
01172     return true;
01173 }

bool ssl_server_connection SSL *&  ssl,
s_socket client,
char *  err_str,
char *  server_cert,
char *  server_key,
char *  expected_client_cert
 

Attaches socket connection to OpenSSL.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl Returns SSL descriptor, if succeeded
client Socket descriptor to attach
err_str If return value is true, there's error string
server_cert Path to file containing server's certificate chain to use for connection
server_key Private key for server's certificate
expected_client_cert Path to file containing expected client's certificate
Returns:
true for error

Definition at line 732 of file ssl.cpp.

References mydata_t::always_continue, s_ssl_receive_later::cert_verified, ctx, s_ssl_receive_later::data, mydata_t::err, s_ssl_receive_later::expected_client_cert, extra_data, s_socket::handle, s_ssl_receive_later::has_error, s_extra_data::index, log_ssl(), mydata_t::ok, s_ssl_receive_later::s, s_ssl_receive_later::ssl, s_extra_data::ssl, s_socket::ssl_data_index, ssl_error(), ssl_receive_later, mydata_t::verbose_mode, mydata_t::verify_depth, and verify_depth_.

Referenced by dcc_loop().

00733 {
00734     ssl = SSL_new (ctx);
00735     if(!ssl) {
00736         strcpy(err_str,"attempt to use NULL SSL handle");
00737         ssl_error("SSL_new",err_str);
00738         log_ssl(err_str);
00739         return true;
00740     }
00741 
00742     /*SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,verify_callback);
00743     SSL_set_verify_depth(ssl,verify_depth_ + 1);*/
00744   
00745     /*
00746      * Set up the SSL specific data into "mydata" and store it into th SSL
00747      * structure.
00748      */
00749 
00750     if (SSL_use_certificate_file(ssl, server_cert, SSL_FILETYPE_PEM) <= 0) {
00751         ERR_error_string(ERR_get_error(),err_str);
00752         ssl_error("SSL_use_certificate_file",err_str);
00753         log_ssl(err_str);
00754         return true;
00755     }
00756     if (SSL_use_RSAPrivateKey_file(ssl, server_key, SSL_FILETYPE_PEM) <= 0) {
00757         ERR_error_string(ERR_get_error(),err_str);
00758         ssl_error("SSL_use_RSAPrivateKey_file",err_str);
00759         log_ssl(err_str);
00760         return true;
00761     }
00762 
00763     if (!SSL_check_private_key(ssl)) {
00764         sprintf(err_str,"Private key does not match the certificate public key\n");
00765         ssl_error("SSL_check_private_key",err_str);
00766         log_ssl(err_str);
00767         return true;
00768     }
00769 
00770     int mydata_index = SSL_get_ex_new_index(0,NULL , NULL, NULL, NULL);
00771     client->ssl_data_index=mydata_index;
00772     s_extra_data e;
00773     e.ssl=ssl;
00774     e.index=mydata_index;
00775     extra_data.push_back(e);
00776 
00777     mydata_t* mydata=new mydata_t;
00778     mydata->verify_depth = verify_depth_;
00779     mydata->always_continue=false;
00780     mydata->verbose_mode=false;
00781     mydata->ok=true;
00782     mydata->err[0]=0;
00783     SSL_set_ex_data(ssl, mydata_index, mydata);
00784 
00785     SSL_set_fd (ssl, (int)client->handle);
00786 
00787     {
00788         s_ssl_receive_later r;
00789         r.data.clear();
00790         r.has_error=false;
00791         r.ssl=ssl;
00792         r.s=*client;
00793         r.cert_verified=false;
00794         r.expected_client_cert=expected_client_cert;
00795         ssl_receive_later.push_back(r);
00796     }
00797 
00798     return false;
00799 }

Here is the call graph for this function:

bool ssl_server_read SSL *  ssl,
s_socket client,
char *  err_str,
char *  buf,
size_t  buf_len,
size_t &  buf_got
 

Reads from cache.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection
client Socket descriptor of connection
err_str If return value is true, there's error string
buf Buffer for read
buf_len Length of that buffer
buf_got Returns number of bytes actually read
Returns:
true for error

Definition at line 814 of file ssl.cpp.

References s_socket::handle, log_ssl(), mydata_t::ok, s_socket::ssl_accepted, s_socket::ssl_data_index, ssl_do_read_write(), ssl_error(), SSL_read_(), and ssl_verify_error().

Referenced by ssl_client_read().

00815 {
00816     buf_got=0;
00817 
00818     if(!ssl) {
00819         strcpy(err_str,"attempt to use NULL SSL handle");
00820         ssl_error("ssl_server_read",err_str);
00821         log_ssl(err_str);
00822         return true;
00823     }
00824 
00825     int err;
00826 
00827     if(!client->ssl_accepted) {
00828         timeval t;
00829         t.tv_sec=0;
00830         t.tv_usec=10;
00831         fd_set a;
00832         FD_ZERO(&a);
00833         FD_SET(client->handle,&a);
00834         int ii=select((int)client->handle+1,&a,NULL,NULL,&t);
00835         if(ii==0)
00836             return false;
00837         err = SSL_accept (ssl);
00838         /*if(err==-1) {
00839             return false;
00840         }*/
00841         client->ssl_accepted=true;
00842     }
00843 
00844     /* Get the cipher - opt */
00845 
00846     //printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
00847   
00848     /* Get client's certificate (note: beware of dynamic allocation) - opt */
00849 
00850     /*if (client_cert != NULL) {
00851         //printf ("Client certificate:\n");
00852     
00853         str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
00854         if(!str)
00855             return true;
00856         //printf ("\t subject: %s\n", str);
00857         OPENSSL_free (str);
00858     
00859         str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
00860         if(!str)
00861             return true;
00862         //printf ("\t issuer: %s\n", str);
00863         OPENSSL_free (str);
00864     
00865         /* We could do all sorts of certificate verification stuff here before
00866            deallocating the certificate. *
00867 
00868         X509_free (client_cert);
00869     } else
00870         //printf ("Client does not have certificate.\n");
00871         ;*/
00872 
00873     /* DATA EXCHANGE - Receive message and send reply. */
00874 
00875     mydata_t* mydata = (mydata_t*) SSL_get_ex_data(ssl, client->ssl_data_index);
00876 
00877     if(!mydata->ok) {
00878         strcpy(err_str,"certificate verification failed");
00879         ssl_error("ssl_server_read",err_str);
00880         log_ssl(err_str);
00881         return true;
00882     }
00883 
00884     ssl_do_read_write(ssl);
00885 
00886     size_t read;
00887     err = SSL_read_ (ssl, buf, buf_len,read);
00888 
00889     if(err!=0) {
00890         ERR_error_string(err,err_str);
00891         ssl_error("SSL_read",err_str);
00892         log_ssl(err_str);
00893         if(ssl_verify_error(ssl,err_str))
00894             log_ssl(err_str);
00895         return true;
00896     }
00897     buf_got=read;
00898     return false;
00899 }

Here is the call graph for this function:

bool ssl_write SSL *  ssl,
s_socket peer,
char *  err_str,
char *  buf,
size_t  buf_len
 

Writes to send cache.

Author:
VooDooMan
Version:
1
Date:
2004
Parameters:
ssl SSL descriptor of connection
peer Socket descriptor of connection
err_str If return value is true, there's error string
buf Buffer for read
buf_len Length of that buffer
Returns:
true for error

Definition at line 1104 of file ssl.cpp.

References log_ssl(), mydata_t::ok, s_socket::ssl_data_index, ssl_do_read_write(), ssl_error(), ssl_verify_error(), and SSL_write_().

Referenced by botnet_send_command(), and botnet_send_control().

01105 {
01106     if(!ssl) {
01107         strcpy(err_str,"attempt to use NULL SSL handle");
01108         ssl_error("ssl_write",err_str);
01109         log_ssl(err_str);
01110         return true;
01111     }
01112 
01113     mydata_t* mydata = (mydata_t*) SSL_get_ex_data(ssl, peer->ssl_data_index);
01114 
01115     if(!mydata->ok) {
01116         strcpy(err_str,"certificate verification failed");
01117         ssl_error("ssl_write",err_str);
01118         log_ssl(err_str);
01119         return true;
01120     }
01121 
01122     ssl_do_read_write(ssl);
01123 
01124     /*size_t err = */SSL_write_ (ssl, buf, buf_len);
01125     if(ssl_verify_error(ssl,err_str)) {
01126         log_ssl(err_str);
01127         return true;
01128     }
01129     /*if(err==-1 && ERR_get_error()!=SSL_ERROR_WANT_READ && ERR_get_error()!=SSL_ERROR_WANT_WRITE) {
01130         ERR_error_string(ERR_get_error(),err_str);
01131         log_ssl(err_str);
01132         return true;
01133     }*/
01134     return false;
01135 }

Here is the call graph for this function:


Generated on Sun Jul 10 05:43:03 2005 for VooDoo cIRCle by doxygen 1.4.3

Hosted by SourceForge.net Logo