diff options
Diffstat (limited to 'plugins/OpenSSL')
-rw-r--r-- | plugins/OpenSSL/OpenSSL.vcxproj | 9 | ||||
-rw-r--r-- | plugins/OpenSSL/OpenSSL.vcxproj.filters | 28 | ||||
-rw-r--r-- | plugins/OpenSSL/src/main.cpp | 155 | ||||
-rw-r--r-- | plugins/OpenSSL/src/ssl_openssl.cpp | 241 | ||||
-rw-r--r-- | plugins/OpenSSL/src/stdafx.h | 52 |
5 files changed, 189 insertions, 296 deletions
diff --git a/plugins/OpenSSL/OpenSSL.vcxproj b/plugins/OpenSSL/OpenSSL.vcxproj index 029b2d5914..29d08f9d1f 100644 --- a/plugins/OpenSSL/OpenSSL.vcxproj +++ b/plugins/OpenSSL/OpenSSL.vcxproj @@ -25,4 +25,13 @@ <ImportGroup Label="PropertySheets">
<Import Project="$(ProjectDir)..\..\build\vc.common\plugin.props" />
</ImportGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <ExceptionHandling>Sync</ExceptionHandling>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>delayimp.lib;libeay32.lib;ssleay32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <DelayLoadDLLs>libeay32.dll;ssleay32.dll;crypt32.dll</DelayLoadDLLs>
+ </Link>
+ </ItemDefinitionGroup>
</Project>
\ No newline at end of file diff --git a/plugins/OpenSSL/OpenSSL.vcxproj.filters b/plugins/OpenSSL/OpenSSL.vcxproj.filters index de5ad9f66c..aa02e2411e 100644 --- a/plugins/OpenSSL/OpenSSL.vcxproj.filters +++ b/plugins/OpenSSL/OpenSSL.vcxproj.filters @@ -1,4 +1,32 @@ <?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(ProjectDir)..\..\build\vc.common\common.filters" />
+ <ItemGroup>
+ <ClCompile Include="src\stdafx.cxx">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="src\main.cpp">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="src\ssl_openssl.cpp" />
+ <ClCompile Include="src\main.cpp">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="src\ssl_openssl.cpp" />
+ </ItemGroup>
+ <ItemGroup>
+ <ClInclude Include="src\stdafx.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="src\version.h" />
+ <ClInclude Include="src\stdafx.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="src\version.h" />
+ </ItemGroup>
+ <ItemGroup>
+ <ResourceCompile Include="res\*.rc">
+ <Filter>Resource Files</Filter>
+ </ResourceCompile>
+ </ItemGroup>
</Project>
\ No newline at end of file diff --git a/plugins/OpenSSL/src/main.cpp b/plugins/OpenSSL/src/main.cpp index 9a53429e81..5f0eeaabca 100644 --- a/plugins/OpenSSL/src/main.cpp +++ b/plugins/OpenSSL/src/main.cpp @@ -1,67 +1,88 @@ -/* - -Standard encryption plugin for Miranda NG -Copyright (C) 2012-16 George Hazan - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along -with this program; if not, write to the Free Software Foundation, Inc., -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "stdafx.h" - -int LoadSslModule(void); -void UnloadSslModule(void); - -HINSTANCE hInst; -int hLangpack; - -PLUGININFOEX pluginInfo = { - sizeof(PLUGININFOEX), - __PLUGIN_NAME, - __VERSION_DWORD, - __DESCRIPTION, - __AUTHOR, - __AUTHOREMAIL, - __COPYRIGHT, - __AUTHORWEB, - UNICODE_AWARE | STATIC_PLUGIN, - // {B649702C-13DE-408A-B6C2-FB8FED2A2C90} - { 0xb649702c, 0x13de, 0x408a, { 0xb6, 0xc2, 0xfb, 0x8f, 0xed, 0x2a, 0x2c, 0x90 } } -}; - -BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD, LPVOID) -{ - hInst = hinstDLL; - return TRUE; -} - -extern "C" __declspec(dllexport) PLUGININFOEX* MirandaPluginInfoEx(DWORD) -{ - return &pluginInfo; -} - -extern "C" __declspec(dllexport) const MUUID MirandaInterfaces[] = { MIID_SSL, MIID_LAST }; - -extern "C" int __declspec(dllexport) Load(void) -{ - mir_getLP(&pluginInfo); - - return LoadSslModule(); -} - -extern "C" int __declspec(dllexport) Unload(void) -{ - UnloadSslModule(); - return 0; -} +/*
+
+Standard encryption plugin for Miranda NG
+Copyright (C) 2012-16 George Hazan
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "stdafx.h"
+
+int LoadSslModule(void);
+void UnloadSslModule(void);
+
+HMODULE g_hOpenSSL;
+HMODULE g_hOpenSSLCrypto;
+HMODULE g_hWinCrypt;
+
+FARPROC WINAPI delayHook(unsigned dliNotify, PDelayLoadInfo dli)
+{
+ switch (dliNotify)
+ {
+ case dliNotePreLoadLibrary:
+ if (!strcmpi(dli->szDll, "libeay32.dll"))
+ return (FARPROC)g_hOpenSSLCrypto;
+ else if (!strcmpi(dli->szDll, "ssleay32.dll"))
+ return (FARPROC)g_hOpenSSL;
+ else if (!strcmpi(dli->szDll, "crypt32.dll"))
+ return (FARPROC)g_hWinCrypt;
+ }
+ return NULL;
+}
+
+extern "C" PfnDliHook __pfnDliNotifyHook2 = delayHook;
+
+HINSTANCE hInst;
+int hLangpack;
+
+PLUGININFOEX pluginInfo = {
+ sizeof(PLUGININFOEX),
+ __PLUGIN_NAME,
+ __VERSION_DWORD,
+ __DESCRIPTION,
+ __AUTHOR,
+ __AUTHOREMAIL,
+ __COPYRIGHT,
+ __AUTHORWEB,
+ UNICODE_AWARE | STATIC_PLUGIN,
+ // {B649702C-13DE-408A-B6C2-FB8FED2A2C90}
+ { 0xb649702c, 0x13de, 0x408a, { 0xb6, 0xc2, 0xfb, 0x8f, 0xed, 0x2a, 0x2c, 0x90 } }
+};
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD, LPVOID)
+{
+ hInst = hinstDLL;
+ return TRUE;
+}
+
+extern "C" __declspec(dllexport) PLUGININFOEX* MirandaPluginInfoEx(DWORD)
+{
+ return &pluginInfo;
+}
+
+extern "C" __declspec(dllexport) const MUUID MirandaInterfaces[] = { MIID_SSL, MIID_LAST };
+
+extern "C" int __declspec(dllexport) Load(void)
+{
+ mir_getLP(&pluginInfo);
+
+ return LoadSslModule();
+}
+
+extern "C" int __declspec(dllexport) Unload(void)
+{
+ UnloadSslModule();
+ return 0;
+}
diff --git a/plugins/OpenSSL/src/ssl_openssl.cpp b/plugins/OpenSSL/src/ssl_openssl.cpp index 67015a9dac..43c1604396 100644 --- a/plugins/OpenSSL/src/ssl_openssl.cpp +++ b/plugins/OpenSSL/src/ssl_openssl.cpp @@ -25,105 +25,9 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include "stdafx.h" #include <m_popup.h> -#define SECURITY_WIN32 -#include <security.h> - -#include <openssl\ssl.h> - -static HMODULE g_hOpenSSL; -static HMODULE g_hOpenSSLCrypto; static HANDLE g_hSslMutex; static bool bSslInitDone; -/* OpenSSL dynamic imports */ - -typedef void(*pfnRAND_screen)(void); -typedef int(*pfnSSL_library_init) (void); -typedef int(*pfnCRYPTO_set_mem_functions)(void *(*m)(size_t), void *(*r)(void *, size_t), void(*f)(void *)); -typedef void(*pfnSSL_load_error_strings)(void); -typedef void(*pfnSSL_free)(SSL *ssl); -typedef int(*pfnSSL_connect)(SSL *ssl); -typedef int(*pfnSSL_read)(SSL *ssl, void *buf, int num); -typedef int(*pfnSSL_set_fd)(SSL *s, int fd); -typedef int(*pfnSSL_peek)(SSL *ssl, void *buf, int num); -typedef int(*pfnSSL_pending)(const SSL *s); -typedef int(*pfnSSL_write)(SSL *ssl, const void *buf, int num); -typedef SSL * (*pfnSSL_new)(SSL_CTX *ctx); -typedef int(*pfnSSL_shutdown)(SSL *s); -typedef void(*pfnSSL_CTX_free)(SSL_CTX *); -typedef SSL_CTX * (*pfnSSL_CTX_new)(const SSL_METHOD *meth); -typedef long(*pfnSSL_CTX_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); -typedef int(*pfnSSL_get_error)(const SSL *s, int ret_code); - -typedef const SSL_CIPHER * (*pfnSSL_get_current_cipher)(const SSL *s); -typedef const char * (*pfnSSL_CIPHER_get_name)(const SSL_CIPHER *c); - -typedef STACK_OF(X509) * (*pfnSSL_get_peer_cert_chain)(const SSL *s); -typedef X509 * (*pfnSSL_get_peer_certificate)(const SSL *s); -typedef void(*pfnCRYPTO_free)(void *ptr); -typedef void(*pfnX509_free)(X509 *x509); -typedef int(*pfni2d_X509)(X509 *x, unsigned char **out); - -typedef const SSL_METHOD * (*pfnSSLv23_client_method)(void); - -static struct LIBOPENSSL -{ - pfnRAND_screen RAND_screen; - pfnSSL_connect SSL_connect; - pfnSSL_free SSL_free; - pfnSSL_get_error SSL_get_error; - pfnSSL_library_init SSL_library_init; - pfnSSL_load_error_strings SSL_load_error_strings; - pfnSSL_new SSL_new; - pfnSSL_peek SSL_peek; - pfnSSL_pending SSL_pending; - pfnSSL_read SSL_read; - pfnSSL_write SSL_write; - pfnSSL_set_fd SSL_set_fd; - pfnSSL_shutdown SSL_shutdown; - pfnSSL_CTX_free SSL_CTX_free; - pfnSSL_CTX_new SSL_CTX_new; - pfnSSL_CTX_ctrl SSL_CTX_ctrl; - pfnCRYPTO_set_mem_functions CRYPTO_set_mem_functions; - - pfnSSLv23_client_method SSLv23_client_method; - - pfnSSL_get_current_cipher SSL_get_current_cipher; - pfnSSL_CIPHER_get_name SSL_CIPHER_get_name; - - pfnSSL_get_peer_certificate SSL_get_peer_certificate; - pfnSSL_get_peer_cert_chain SSL_get_peer_cert_chain; - pfnCRYPTO_free CRYPTO_free; - pfnX509_free X509_free; - pfni2d_X509 i2d_X509; -} g_OpenSSL; - - -/* Crypt32 dynamic imports */ - -typedef BOOL(WINAPI *pfnCertGetCertificateChain)(HCERTCHAINENGINE, PCCERT_CONTEXT, LPFILETIME, HCERTSTORE, PCERT_CHAIN_PARA, DWORD, LPVOID, PCCERT_CHAIN_CONTEXT*); -typedef VOID(WINAPI *pfnCertFreeCertificateChain)(PCCERT_CHAIN_CONTEXT); -typedef BOOL(WINAPI *pfnCertFreeCertificateContext)(PCCERT_CONTEXT); -typedef BOOL(WINAPI *pfnCertVerifyCertificateChainPolicy)(LPCSTR, PCCERT_CHAIN_CONTEXT, PCERT_CHAIN_POLICY_PARA, PCERT_CHAIN_POLICY_STATUS); -typedef HCERTSTORE(WINAPI *pfnCertOpenStore)(LPCSTR, DWORD, HCRYPTPROV_LEGACY, DWORD, const void *); - -typedef BOOL(WINAPI *pfnCertCloseStore)(HCERTSTORE, DWORD); -typedef BOOL(WINAPI *pfnCertAddCertificateContextToStore)(HCERTSTORE, PCCERT_CONTEXT, DWORD, PCCERT_CONTEXT*); -typedef PCCERT_CONTEXT(WINAPI *pfnCertCreateCertificateContext)(DWORD, const BYTE *, DWORD); - -static struct LIBCRYPT -{ - pfnCertGetCertificateChain CertGetCertificateChain; - pfnCertFreeCertificateChain CertFreeCertificateChain; - pfnCertFreeCertificateContext CertFreeCertificateContext; - pfnCertVerifyCertificateChainPolicy CertVerifyCertificateChainPolicy; - pfnCertOpenStore CertOpenStore; - pfnCertCloseStore CertCloseStore; - pfnCertAddCertificateContextToStore CertAddCertificateContextToStore; - pfnCertCreateCertificateContext CertCreateCertificateContext; -} g_Crypt; - - enum SocketState { sockOpen, @@ -144,13 +48,11 @@ struct SslHandle void SslLog(const char *fmt, ...) { va_list va; - char szText[1024]; - va_start(va, fmt); - mir_vsnprintf(szText, sizeof(szText), fmt, va); + CMStringA msg; + msg.FormatV(fmt, va); + CallServiceSync(MS_NETLIB_LOG, (WPARAM)NULL, (LPARAM)msg.GetString()); va_end(va); - - CallServiceSync(MS_NETLIB_LOG, (WPARAM)NULL, (LPARAM)szText); } static void SSL_library_unload(void) @@ -179,54 +81,13 @@ static bool SSL_library_load(void) if (!bSslInitDone) { g_hOpenSSLCrypto = LoadLibraryA("libeay32.dll"); g_hOpenSSL = LoadLibraryA("ssleay32.dll"); - if (g_hOpenSSL && g_hOpenSSLCrypto) { - // load function pointers - #define LOAD_FN(struc,lib, name) struc.##name = (pfn##name)GetProcAddress(lib, #name); - LOAD_FN(g_OpenSSL, g_hOpenSSLCrypto, RAND_screen); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_connect); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_free); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_get_error); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_library_init); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_load_error_strings); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_new); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_peek); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_pending); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_read); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_write); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_set_fd); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_shutdown); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_CTX_free); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_CTX_new); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_CTX_ctrl); - LOAD_FN(g_OpenSSL, g_hOpenSSLCrypto, CRYPTO_set_mem_functions); - - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSLv23_client_method); - - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_get_current_cipher); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_CIPHER_get_name); - - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_get_peer_certificate); - LOAD_FN(g_OpenSSL, g_hOpenSSL, SSL_get_peer_cert_chain); - LOAD_FN(g_OpenSSL, g_hOpenSSLCrypto, CRYPTO_free); - LOAD_FN(g_OpenSSL, g_hOpenSSLCrypto, X509_free); - LOAD_FN(g_OpenSSL, g_hOpenSSLCrypto, i2d_X509); - - HINSTANCE hCrypt = LoadLibraryA("crypt32.dll"); - if (hCrypt) { - LOAD_FN(g_Crypt, hCrypt, CertGetCertificateChain); - LOAD_FN(g_Crypt, hCrypt, CertFreeCertificateChain); - LOAD_FN(g_Crypt, hCrypt, CertFreeCertificateContext); - LOAD_FN(g_Crypt, hCrypt, CertVerifyCertificateChainPolicy); - LOAD_FN(g_Crypt, hCrypt, CertOpenStore); - LOAD_FN(g_Crypt, hCrypt, CertCloseStore); - LOAD_FN(g_Crypt, hCrypt, CertAddCertificateContextToStore); - LOAD_FN(g_Crypt, hCrypt, CertCreateCertificateContext); - } - + g_hWinCrypt = LoadLibraryA("crypt32.dll"); + if (g_hOpenSSL && g_hOpenSSLCrypto && g_hWinCrypt) + { // init OpenSSL - g_OpenSSL.SSL_library_init(); - g_OpenSSL.SSL_load_error_strings(); - g_OpenSSL.CRYPTO_set_mem_functions(mir_calloc, mir_realloc, mir_free); + SSL_library_init(); + SSL_load_error_strings(); + CRYPTO_set_mem_functions(mir_calloc, mir_realloc, mir_free); // FIXME check errors bSslInitDone = true; @@ -236,7 +97,6 @@ static bool SSL_library_load(void) } } - ReleaseMutex(g_hSslMutex); return bSslInitDone; } @@ -245,7 +105,7 @@ const char* SSL_GetCipherName(SslHandle *ssl) if (!ssl || !ssl->session) return NULL; - return g_OpenSSL.SSL_CIPHER_get_name(g_OpenSSL.SSL_get_current_cipher(ssl->session)); + return SSL_CIPHER_get_name(SSL_get_current_cipher(ssl->session)); } static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) @@ -285,8 +145,8 @@ void NetlibSslFree(SslHandle *ssl) if (ssl == NULL) return; /* Delete Context */ - if (ssl->session) g_OpenSSL.SSL_free(ssl->session); - if (ssl->ctx) g_OpenSSL.SSL_CTX_free(ssl->ctx); + if (ssl->session) SSL_free(ssl->session); + if (ssl->ctx) SSL_CTX_free(ssl->ctx); memset(ssl, 0, sizeof(SslHandle)); mir_free(ssl); } @@ -294,7 +154,7 @@ void NetlibSslFree(SslHandle *ssl) BOOL NetlibSslPending(SslHandle *ssl) { /* return true if there is either unsend or buffered received data (ie. after peek) */ - return ssl && ssl->session && (g_OpenSSL.SSL_pending(ssl->session) > 0); + return ssl && ssl->session && (SSL_pending(ssl->session) > 0); } static bool ClientConnect(SslHandle *ssl, const char*) @@ -303,33 +163,33 @@ static bool ClientConnect(SslHandle *ssl, const char*) // contrary to what it's named, SSLv23 announces all supported ciphers/versions, // generally TLS1.2 in a TLS1.0 Client Hello - meth = (SSL_METHOD*)g_OpenSSL.SSLv23_client_method(); + meth = (SSL_METHOD*)SSLv23_client_method(); if (!meth) { SslLog("SSL setup failure: client method"); return false; } - ssl->ctx = g_OpenSSL.SSL_CTX_new(meth); + ssl->ctx = SSL_CTX_new(meth); if (!ssl->ctx) { SslLog("SSL setup failure: context"); return false; } // disable dangerous cipher suites - g_OpenSSL.SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3, NULL); + SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_OPTIONS, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3, NULL); // SSL_read/write should transparently handle renegotiations - g_OpenSSL.SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, NULL); + SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, NULL); - g_OpenSSL.RAND_screen(); - ssl->session = g_OpenSSL.SSL_new(ssl->ctx); + RAND_screen(); + ssl->session = SSL_new(ssl->ctx); if (!ssl->session) { SslLog("SSL setup failure: session"); return false; } - g_OpenSSL.SSL_set_fd(ssl->session, ssl->s); + SSL_set_fd(ssl->session, ssl->s); - int err = g_OpenSSL.SSL_connect(ssl->session); + int err = SSL_connect(ssl->session); if (err != 1) { - err = g_OpenSSL.SSL_get_error(ssl->session, err); + err = SSL_get_error(ssl->session, err); SslLog("SSL negotiation failure (%d)", err); return false; } @@ -346,11 +206,11 @@ static PCCERT_CONTEXT SSL_X509ToCryptCert(X509 * x509) unsigned char * buf = NULL; PCCERT_CONTEXT pCertContext = NULL; - len = g_OpenSSL.i2d_X509(x509, &buf); + len = i2d_X509(x509, &buf); if ((len >= 0) && buf) { - pCertContext = g_Crypt.CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, len); + pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, len); - g_OpenSSL.CRYPTO_free(buf); + CRYPTO_free(buf); } return pCertContext; } @@ -362,23 +222,23 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) */ PCCERT_CONTEXT anchor = NULL; // create cert store - HCERTSTORE store = g_Crypt.CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL); + HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL); if (store) { - X509 *server_cert = g_OpenSSL.SSL_get_peer_certificate(session); + X509 *server_cert = SSL_get_peer_certificate(session); if (server_cert) { // add the server's cert first, to make sure CryptAPI builds the correct chain PCCERT_CONTEXT primary_cert; - BOOL ok = g_Crypt.CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(server_cert), CERT_STORE_ADD_ALWAYS, &primary_cert); + BOOL ok = CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(server_cert), CERT_STORE_ADD_ALWAYS, &primary_cert); if (ok && primary_cert) { // add all remaining certs to store (note: stack needs not be freed, it is not a copy) - STACK_OF(X509) *server_chain = g_OpenSSL.SSL_get_peer_cert_chain(session); + STACK_OF(X509) *server_chain = SSL_get_peer_cert_chain(session); if (server_chain) { X509 *next_cert; int i; for (i = 0; i < server_chain->stack.num; i++) { next_cert = (X509 *)server_chain->stack.data[i]; - g_Crypt.CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(next_cert), CERT_STORE_ADD_USE_EXISTING, NULL); + CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(next_cert), CERT_STORE_ADD_USE_EXISTING, NULL); } } @@ -386,13 +246,13 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) anchor = primary_cert; } else { - if (primary_cert) g_Crypt.CertFreeCertificateContext(primary_cert); + if (primary_cert) CertFreeCertificateContext(primary_cert); } - g_OpenSSL.X509_free(server_cert); + X509_free(server_cert); } - g_Crypt.CertCloseStore(store, 0); + CertCloseStore(store, 0); } return anchor; @@ -400,9 +260,6 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertFlags) { - if (!g_Crypt.CertGetCertificateChain) - return true; - static LPSTR rgszUsages[] = { szOID_PKIX_KP_SERVER_AUTH, @@ -431,7 +288,7 @@ static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertF ChainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; ChainPara.RequestedUsage.Usage.cUsageIdentifier = _countof(rgszUsages); ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = rgszUsages; - if (!g_Crypt.CertGetCertificateChain(NULL, pServerCert, NULL, pServerCert->hCertStore, + if (!CertGetCertificateChain(NULL, pServerCert, NULL, pServerCert->hCertStore, &ChainPara, 0, NULL, &pChainContext)) { scRet = GetLastError(); goto cleanup; @@ -447,7 +304,7 @@ static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertF PolicyStatus.cbSize = sizeof(PolicyStatus); - if (!g_Crypt.CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, pChainContext, + if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, pChainContext, &PolicyPara, &PolicyStatus)) { scRet = GetLastError(); goto cleanup; @@ -462,9 +319,9 @@ static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertF cleanup: if (pChainContext) - g_Crypt.CertFreeCertificateChain(pChainContext); + CertFreeCertificateChain(pChainContext); if (pServerCert) - g_Crypt.CertFreeCertificateContext(pServerCert); + CertFreeCertificateContext(pServerCert); mir_free(pwszServerName); ReportSslError(scRet, __LINE__, true); @@ -474,13 +331,10 @@ cleanup: SslHandle* NetlibSslConnect(SOCKET s, const char* host, int verify) { /* negotiate SSL session, verify cert, return NULL if failed */ - bool res = SSL_library_load(); - if (!res) - return NULL; - + SslHandle *ssl = (SslHandle*)mir_calloc(sizeof(SslHandle)); ssl->s = s; - res = ClientConnect(ssl, host); + bool res = ClientConnect(ssl, host); if (res && verify) { DWORD dwFlags = 0; @@ -502,7 +356,7 @@ void NetlibSslShutdown(SslHandle *ssl) if (ssl == NULL || ssl->session == NULL) return; - g_OpenSSL.SSL_shutdown(ssl->session); + SSL_shutdown(ssl->session); } int NetlibSslRead(SslHandle *ssl, char *buf, int num, int peek) @@ -513,12 +367,12 @@ int NetlibSslRead(SslHandle *ssl, char *buf, int num, int peek) int err = 0; if (peek) - err = g_OpenSSL.SSL_peek(ssl->session, buf, num); + err = SSL_peek(ssl->session, buf, num); else - err = g_OpenSSL.SSL_read(ssl->session, buf, num); + err = SSL_read(ssl->session, buf, num); if (err <= 0) { - int err2 = g_OpenSSL.SSL_get_error(ssl->session, err); + int err2 = SSL_get_error(ssl->session, err); switch (err2) { case SSL_ERROR_ZERO_RETURN: SslLog("SSL connection gracefully closed"); @@ -541,11 +395,11 @@ int NetlibSslWrite(SslHandle *ssl, const char *buf, int num) if (!ssl || !ssl->session) return SOCKET_ERROR; if (num <= 0) return 0; - int err = g_OpenSSL.SSL_write(ssl->session, buf, num); + int err = SSL_write(ssl->session, buf, num); if (err > 0) return err; - int err2 = g_OpenSSL.SSL_get_error(ssl->session, err); + int err2 = SSL_get_error(ssl->session, err); switch (err2) { case SSL_ERROR_ZERO_RETURN: SslLog("SSL connection gracefully closed"); @@ -579,6 +433,11 @@ static INT_PTR GetSslApi(WPARAM, LPARAM lParam) int LoadSslModule(void) { + if (!SSL_library_load()) + { + MessageBoxW(NULL, TranslateT("OpenSSL library loading failed"), TranslateT("OpenSSL Error"), MB_ICONERROR | MB_OK); + return 1; + } CreateServiceFunction(MS_SYSTEM_GET_SI, GetSslApi); g_hSslMutex = CreateMutex(NULL, FALSE, NULL); return 0; diff --git a/plugins/OpenSSL/src/stdafx.h b/plugins/OpenSSL/src/stdafx.h index 35838e54a9..794cb197f3 100644 --- a/plugins/OpenSSL/src/stdafx.h +++ b/plugins/OpenSSL/src/stdafx.h @@ -22,53 +22,29 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -#include <tchar.h> -#include <winsock2.h> -#include <shlobj.h> -#include <commctrl.h> -#include <vssym32.h> +#define SECURITY_WIN32 +#define HSSL_DEFINED -#include <stdio.h> -#include <time.h> -#include <stddef.h> -#include <process.h> -#include <io.h> -#include <limits.h> -#include <string.h> -#include <locale.h> -#include <direct.h> -#include <malloc.h> +typedef struct SslHandle *HSSL; -#include <win2k.h> +#include <tchar.h> +#include <shlobj.h> +#include <delayimp.h> +#include <security.h> -#include <m_system.h> -#include <m_system_cpp.h> -#include <m_core.h> #include <newpluginapi.h> -#include <m_utils.h> #include <m_netlib.h> #include <m_langpack.h> -#include <m_button.h> -#include <m_protosvc.h> -#include <m_protocols.h> -#include <m_options.h> -#include <m_skin.h> -#include <m_contacts.h> -#include <m_message.h> -#include <m_userinfo.h> -#include <m_findadd.h> -#include <m_ignore.h> -#include <m_icolib.h> -#include <m_modernopt.h> -#include <m_timezones.h> #include <m_string.h> +#include <m_ssl.h> -#include "version.h" +#include <openssl\ssl.h> +#include <openssl\rand.h> -#define HSSL_DEFINED -typedef struct SslHandle *HSSL; +#include "version.h" -#include "m_ssl.h" -#include "m_netlib.h" +extern HMODULE g_hOpenSSL; +extern HMODULE g_hOpenSSLCrypto; +extern HMODULE g_hWinCrypt; extern HINSTANCE hInst; |