From c763e0be7221cc055d61eec9d30c1ff8a4a0fc32 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Mon, 7 Jun 2021 20:48:09 +0300 Subject: fixes #2912 (Drop WinCrypto API support) --- bin15/mir_full.sln | 25 - bin15/miranda32.sln | 14 - bin16/mir_full.sln | 25 - bin16/miranda32.sln | 14 - include/m_netlib.h | 50 +- include/m_ssl.h | 72 -- include/newpluginapi.h | 1 - libs/win32/mir_app.lib | Bin 221344 -> 222676 bytes libs/win64/mir_app.lib | Bin 217150 -> 218378 bytes plugins/OpenSSL/OpenSSL.vcxproj | 45 -- plugins/OpenSSL/OpenSSL.vcxproj.filters | 28 - plugins/OpenSSL/res/version.rc | 9 - plugins/OpenSSL/src/main.cpp | 72 -- plugins/OpenSSL/src/ssl_openssl.cpp | 417 ----------- plugins/OpenSSL/src/stdafx.cxx | 18 - plugins/OpenSSL/src/stdafx.h | 46 -- plugins/OpenSSL/src/version.h | 13 - plugins/PluginUpdater/src/DlgUpdate.cpp | 2 + protocols/Gadu-Gadu/src/gg.cpp | 4 - protocols/Gadu-Gadu/src/gg.h | 1 - protocols/Gadu-Gadu/src/libgadu/events.cpp | 4 +- protocols/Gadu-Gadu/src/libgadu/libgadu.cpp | 10 +- protocols/Gadu-Gadu/src/libgadu/libgadu.h | 2 +- src/core/stdssl/CMakeLists.txt | 3 - src/core/stdssl/res/version.rc | 9 - src/core/stdssl/src/main.cpp | 57 -- src/core/stdssl/src/netlibssl.cpp | 833 --------------------- src/core/stdssl/src/stdafx.cxx | 19 - src/core/stdssl/src/stdafx.h | 49 -- src/core/stdssl/src/version.h | 12 - src/core/stdssl/stdssl.vcxproj | 45 -- src/core/stdssl/stdssl.vcxproj.filters | 28 - src/mir_app/mir_app.vcxproj | 3 +- src/mir_app/mir_app.vcxproj.filters | 3 + src/mir_app/src/mir_app.def | 6 + src/mir_app/src/mir_app64.def | 6 + src/mir_app/src/miranda.h | 2 +- src/mir_app/src/modules.cpp | 2 - src/mir_app/src/netlib.cpp | 8 +- src/mir_app/src/netlib.h | 2 - src/mir_app/src/netlib_http.cpp | 2 +- src/mir_app/src/netlib_log.cpp | 2 +- src/mir_app/src/netlib_openconn.cpp | 22 - src/mir_app/src/netlib_pktrecver.cpp | 2 +- src/mir_app/src/netlib_sock.cpp | 22 +- src/mir_app/src/netlib_ssl.cpp | 434 +++++++++++ src/mir_app/src/newplugins.cpp | 37 +- src/mir_app/src/pluginopts.cpp | 2 +- src/mir_app/src/stdafx.h | 4 +- src/mir_core/src/stdafx.h | 1 - .../bin15/z2_PackPluginUpdater_x32.txt | 2 - .../bin15/z2_PackPluginUpdater_x64.txt | 2 - tools/build_scripts/bin15/z3_PackArchives.txt | 1 - tools/build_scripts/z2_PackPluginUpdater.txt | 1 - tools/installer_ng/MirandaNG.iss | 1 - tools/installer_ng_stable/MirandaNG.iss | 1 - 56 files changed, 512 insertions(+), 1983 deletions(-) delete mode 100644 include/m_ssl.h delete mode 100644 plugins/OpenSSL/OpenSSL.vcxproj delete mode 100644 plugins/OpenSSL/OpenSSL.vcxproj.filters delete mode 100644 plugins/OpenSSL/res/version.rc delete mode 100644 plugins/OpenSSL/src/main.cpp delete mode 100644 plugins/OpenSSL/src/ssl_openssl.cpp delete mode 100644 plugins/OpenSSL/src/stdafx.cxx delete mode 100644 plugins/OpenSSL/src/stdafx.h delete mode 100644 plugins/OpenSSL/src/version.h delete mode 100644 src/core/stdssl/CMakeLists.txt delete mode 100644 src/core/stdssl/res/version.rc delete mode 100644 src/core/stdssl/src/main.cpp delete mode 100644 src/core/stdssl/src/netlibssl.cpp delete mode 100644 src/core/stdssl/src/stdafx.cxx delete mode 100644 src/core/stdssl/src/stdafx.h delete mode 100644 src/core/stdssl/src/version.h delete mode 100644 src/core/stdssl/stdssl.vcxproj delete mode 100644 src/core/stdssl/stdssl.vcxproj.filters create mode 100644 src/mir_app/src/netlib_ssl.cpp diff --git a/bin15/mir_full.sln b/bin15/mir_full.sln index 6729aad9fa..fe471eef32 100644 --- a/bin15/mir_full.sln +++ b/bin15/mir_full.sln @@ -208,11 +208,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdCrypt", "..\src\core\std {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdSSL", "..\src\core\stdssl\stdssl.vcxproj", "{2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}" - ProjectSection(ProjectDependencies) = postProject - {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CmdLine", "..\plugins\CmdLine\CmdLine.vcxproj", "{73BA9CA5-640D-4F30-A157-A73557A25F98}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MimCmd", "..\plugins\MimCmd\MimCmd.vcxproj", "{1E3BB48A-FFBC-4A03-8C43-9124A484BE51}" @@ -349,8 +344,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dummy", "..\protocols\Dummy EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Steam", "..\protocols\Steam\Steam.vcxproj", "{8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "OpenSSL", "..\plugins\OpenSSL\OpenSSL.vcxproj", "{6C0C35E7-6522-403C-BB60-9805CDB9E52F}" -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HwHotKeys", "..\plugins\HwHotKeys\HwHotKeys.vcxproj", "{639E2B3A-64F2-4152-B5BB-12468E5D60B6}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SkypeWeb", "..\protocols\SkypeWeb\SkypeWeb.vcxproj", "{66A9BDEB-150F-45DC-B20F-9892C0B43834}" @@ -1145,14 +1138,6 @@ Global {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|Win32.Build.0 = Release|Win32 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.ActiveCfg = Release|x64 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.Build.0 = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.ActiveCfg = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.Build.0 = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.ActiveCfg = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.Build.0 = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.ActiveCfg = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.Build.0 = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.ActiveCfg = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.Build.0 = Release|x64 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|Win32.ActiveCfg = Debug|Win32 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|Win32.Build.0 = Debug|Win32 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|x64.ActiveCfg = Debug|x64 @@ -1695,14 +1680,6 @@ Global {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|Win32.Build.0 = Release|Win32 {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|x64.ActiveCfg = Release|x64 {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|x64.Build.0 = Release|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|Win32.ActiveCfg = Debug|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|Win32.Build.0 = Debug|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|x64.ActiveCfg = Debug|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|x64.Build.0 = Debug|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|Win32.ActiveCfg = Release|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|Win32.Build.0 = Release|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|x64.ActiveCfg = Release|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|x64.Build.0 = Release|x64 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|Win32.ActiveCfg = Debug|Win32 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|Win32.Build.0 = Debug|Win32 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|x64.ActiveCfg = Debug|x64 @@ -2088,7 +2065,6 @@ Global {E71C1722-A41D-4475-87F4-29961A3654BB} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {F47EAB99-C78F-4A92-87D5-B0E16FE5A133} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3} = {E7FB43FB-3563-4568-8846-A88FC37449BF} - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {9C6040B8-1173-40FA-A3DB-DE044CCD8250} = {F13387B0-1C74-48EC-9AEC-65E3B9DE29E4} {576EEEFD-E423-482B-879A-F0515D40B8E1} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {A4855451-6447-437C-B024-B36C3C7901EA} = {F9C41695-3353-4564-A154-58106829B19C} @@ -2119,7 +2095,6 @@ Global {7F5EA8BC-8F2B-478E-8F05-0ED4B691B776} = {D8EA3AE1-64AA-42ED-9F13-83F6C7B5AA55} {D3B4DDFF-D3A5-4452-AE9D-B43B3C97C821} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} - {6C0C35E7-6522-403C-BB60-9805CDB9E52F} = {30218E20-9E62-4027-BB87-2627B17F6CA3} {66A9BDEB-150F-45DC-B20F-9892C0B43834} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {BCFAB658-326E-466D-995B-E76636C1DEA4} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {B4327D10-ACDC-4C12-9555-749DD49A7BB0} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} diff --git a/bin15/miranda32.sln b/bin15/miranda32.sln index a4a0c86903..adce26e02c 100644 --- a/bin15/miranda32.sln +++ b/bin15/miranda32.sln @@ -92,11 +92,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdCrypt", "..\src\core\std {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdSSL", "..\src\core\stdssl\stdssl.vcxproj", "{2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}" - ProjectSection(ProjectDependencies) = postProject - {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TopToolBar", "..\plugins\TopToolBar\TopToolBar.vcxproj", "{ECE691D0-BFB3-483B-A699-084269EFCE89}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TabSRMM_icons", "..\plugins\TabSRMM\TabSRMM_icons\NOVA\ICONS_NOVA_15.vcxproj", "{F553F140-B7D3-4984-90B1-00D4831B8A6E}" @@ -373,14 +368,6 @@ Global {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|Win32.Build.0 = Release|Win32 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.ActiveCfg = Release|x64 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.Build.0 = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.ActiveCfg = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.Build.0 = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.ActiveCfg = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.Build.0 = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.ActiveCfg = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.Build.0 = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.ActiveCfg = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.Build.0 = Release|x64 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|Win32.ActiveCfg = Debug|Win32 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|Win32.Build.0 = Debug|Win32 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|x64.ActiveCfg = Debug|x64 @@ -541,7 +528,6 @@ Global {E71C1722-A41D-4475-87F4-29961A3654BB} = {85220459-761D-4E24-A381-D35A95880254} {F47EAB99-C78F-4A92-87D5-B0E16FE5A133} = {85220459-761D-4E24-A381-D35A95880254} {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3} = {85220459-761D-4E24-A381-D35A95880254} - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3} = {85220459-761D-4E24-A381-D35A95880254} {ECE691D0-BFB3-483B-A699-084269EFCE89} = {6221EF9E-F53A-4381-B760-4C0208E5D597} {F553F140-B7D3-4984-90B1-00D4831B8A6E} = {949AF443-676D-4B48-B21E-9B6FC3A4808D} {796B43EF-DACE-4145-8571-31886F45A2C0} = {949AF443-676D-4B48-B21E-9B6FC3A4808D} diff --git a/bin16/mir_full.sln b/bin16/mir_full.sln index 205fa66aad..1392c07ab2 100644 --- a/bin16/mir_full.sln +++ b/bin16/mir_full.sln @@ -208,11 +208,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdCrypt", "..\src\core\std {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdSSL", "..\src\core\stdssl\stdssl.vcxproj", "{2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}" - ProjectSection(ProjectDependencies) = postProject - {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CmdLine", "..\plugins\CmdLine\CmdLine.vcxproj", "{73BA9CA5-640D-4F30-A157-A73557A25F98}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MimCmd", "..\plugins\MimCmd\MimCmd.vcxproj", "{1E3BB48A-FFBC-4A03-8C43-9124A484BE51}" @@ -349,8 +344,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dummy", "..\protocols\Dummy EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Steam", "..\protocols\Steam\Steam.vcxproj", "{8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "OpenSSL", "..\plugins\OpenSSL\OpenSSL.vcxproj", "{6C0C35E7-6522-403C-BB60-9805CDB9E52F}" -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HwHotKeys", "..\plugins\HwHotKeys\HwHotKeys.vcxproj", "{639E2B3A-64F2-4152-B5BB-12468E5D60B6}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SkypeWeb", "..\protocols\SkypeWeb\SkypeWeb.vcxproj", "{66A9BDEB-150F-45DC-B20F-9892C0B43834}" @@ -1145,14 +1138,6 @@ Global {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|Win32.Build.0 = Release|Win32 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.ActiveCfg = Release|x64 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.Build.0 = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.ActiveCfg = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.Build.0 = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.ActiveCfg = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.Build.0 = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.ActiveCfg = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.Build.0 = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.ActiveCfg = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.Build.0 = Release|x64 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|Win32.ActiveCfg = Debug|Win32 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|Win32.Build.0 = Debug|Win32 {73BA9CA5-640D-4F30-A157-A73557A25F98}.Debug|x64.ActiveCfg = Debug|x64 @@ -1695,14 +1680,6 @@ Global {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|Win32.Build.0 = Release|Win32 {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|x64.ActiveCfg = Release|x64 {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB}.Release|x64.Build.0 = Release|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|Win32.ActiveCfg = Debug|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|Win32.Build.0 = Debug|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|x64.ActiveCfg = Debug|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Debug|x64.Build.0 = Debug|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|Win32.ActiveCfg = Release|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|Win32.Build.0 = Release|Win32 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|x64.ActiveCfg = Release|x64 - {6C0C35E7-6522-403C-BB60-9805CDB9E52F}.Release|x64.Build.0 = Release|x64 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|Win32.ActiveCfg = Debug|Win32 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|Win32.Build.0 = Debug|Win32 {639E2B3A-64F2-4152-B5BB-12468E5D60B6}.Debug|x64.ActiveCfg = Debug|x64 @@ -2088,7 +2065,6 @@ Global {E71C1722-A41D-4475-87F4-29961A3654BB} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {F47EAB99-C78F-4A92-87D5-B0E16FE5A133} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3} = {E7FB43FB-3563-4568-8846-A88FC37449BF} - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {9C6040B8-1173-40FA-A3DB-DE044CCD8250} = {F13387B0-1C74-48EC-9AEC-65E3B9DE29E4} {576EEEFD-E423-482B-879A-F0515D40B8E1} = {E7FB43FB-3563-4568-8846-A88FC37449BF} {A4855451-6447-437C-B024-B36C3C7901EA} = {F9C41695-3353-4564-A154-58106829B19C} @@ -2119,7 +2095,6 @@ Global {7F5EA8BC-8F2B-478E-8F05-0ED4B691B776} = {D8EA3AE1-64AA-42ED-9F13-83F6C7B5AA55} {D3B4DDFF-D3A5-4452-AE9D-B43B3C97C821} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {8236EA1F-579A-4AFB-9DFE-5FA056AEDDBB} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} - {6C0C35E7-6522-403C-BB60-9805CDB9E52F} = {30218E20-9E62-4027-BB87-2627B17F6CA3} {66A9BDEB-150F-45DC-B20F-9892C0B43834} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {BCFAB658-326E-466D-995B-E76636C1DEA4} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} {B4327D10-ACDC-4C12-9555-749DD49A7BB0} = {A035B524-0F2D-45D0-BCF2-3C20279C77E2} diff --git a/bin16/miranda32.sln b/bin16/miranda32.sln index 3a6982b734..57196b15ed 100644 --- a/bin16/miranda32.sln +++ b/bin16/miranda32.sln @@ -92,11 +92,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdCrypt", "..\src\core\std {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StdSSL", "..\src\core\stdssl\stdssl.vcxproj", "{2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}" - ProjectSection(ProjectDependencies) = postProject - {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} = {D9EFEA4B-B817-4DE1-BD62-68A5DB8F5F60} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TopToolBar", "..\plugins\TopToolBar\TopToolBar.vcxproj", "{ECE691D0-BFB3-483B-A699-084269EFCE89}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TabSRMM_icons", "..\plugins\TabSRMM\TabSRMM_icons\NOVA\ICONS_NOVA_16.vcxproj", "{F553F140-B7D3-4984-90B1-00D4831B8A6E}" @@ -375,14 +370,6 @@ Global {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|Win32.Build.0 = Release|Win32 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.ActiveCfg = Release|x64 {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3}.Release|x64.Build.0 = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.ActiveCfg = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|Win32.Build.0 = Debug|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.ActiveCfg = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Debug|x64.Build.0 = Debug|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.ActiveCfg = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|Win32.Build.0 = Release|Win32 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.ActiveCfg = Release|x64 - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3}.Release|x64.Build.0 = Release|x64 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|Win32.ActiveCfg = Debug|Win32 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|Win32.Build.0 = Debug|Win32 {ECE691D0-BFB3-483B-A699-084269EFCE89}.Debug|x64.ActiveCfg = Debug|x64 @@ -551,7 +538,6 @@ Global {E71C1722-A41D-4475-87F4-29961A3654BB} = {85220459-761D-4E24-A381-D35A95880254} {F47EAB99-C78F-4A92-87D5-B0E16FE5A133} = {85220459-761D-4E24-A381-D35A95880254} {8D0F60DE-DB07-49FD-8E1F-0DE558BE6DE3} = {85220459-761D-4E24-A381-D35A95880254} - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3} = {85220459-761D-4E24-A381-D35A95880254} {ECE691D0-BFB3-483B-A699-084269EFCE89} = {6221EF9E-F53A-4381-B760-4C0208E5D597} {F553F140-B7D3-4984-90B1-00D4831B8A6E} = {949AF443-676D-4B48-B21E-9B6FC3A4808D} {796B43EF-DACE-4145-8571-31886F45A2C0} = {949AF443-676D-4B48-B21E-9B6FC3A4808D} diff --git a/include/m_netlib.h b/include/m_netlib.h index 7cc1524cb4..b821af977a 100644 --- a/include/m_netlib.h +++ b/include/m_netlib.h @@ -403,12 +403,6 @@ struct NETLIBCONNINFO EXTERN_C MIR_APP_DLL(int) Netlib_GetConnectionInfo(HNETLIBCONN hConnection, NETLIBCONNINFO *connInfo); -///////////////////////////////////////////////////////////////////////////////////////// -// Gets TLS channel binging data for a socket -// Returns true if successful - -EXTERN_C MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen); - ///////////////////////////////////////////////////////////////////////////////////////// // Gets connection Information // @@ -743,13 +737,6 @@ EXTERN_C MIR_APP_DLL(int) Netlib_GetMorePackets(HANDLE hReceiver, NETLIBPACKETRE EXTERN_C MIR_APP_DLL(int) Netlib_SetPollingTimeout(HNETLIBCONN hConnection, int iTimeout); -///////////////////////////////////////////////////////////////////////////////////////// -// Makes connection SSL -// -// Returns 0 on failure 1 on success - -EXTERN_C MIR_APP_DLL(int) Netlib_StartSsl(HNETLIBCONN hConnection, const char *host); - ///////////////////////////////////////////////////////////////////////////////////////// // netlib log funcitons @@ -764,20 +751,47 @@ EXTERN_C MIR_APP_DLL(void) Netlib_Dump(HNETLIBCONN nlc, const void *buf, size_t // Inits a required security provider. Right now only NTLM is supported // Returns HANDLE = NULL on error or non-null value on success // Known providers: Basic, NTLM, Negotiate, Kerberos, GSSAPI - (Kerberos SASL) - EXTERN_C MIR_APP_DLL(HANDLE) Netlib_InitSecurityProvider(const wchar_t *szProviderName, const wchar_t *szPrincipal = nullptr); -///////////////////////////////////////////////////////////////////////////////////////// // Destroys a security provider's handle, provided by Netlib_InitSecurityProvider. // Right now only NTLM is supported - EXTERN_C MIR_APP_DLL(void) Netlib_DestroySecurityProvider(HANDLE hProvider); -///////////////////////////////////////////////////////////////////////////////////////// // Returns the NTLM response string. The result value should be freed using mir_free - EXTERN_C MIR_APP_DLL(char*) Netlib_NtlmCreateResponse(HANDLE hProvider, const char *szChallenge, wchar_t *szLogin, wchar_t *szPass, unsigned &complete); +///////////////////////////////////////////////////////////////////////////////////////// +// SSL/TLS support + +#if !defined(HSSL_DEFINED) +DECLARE_HANDLE(HSSL); +#endif + +// Makes connection SSL +// Returns 0 on failure 1 on success +EXTERN_C MIR_APP_DLL(int) Netlib_StartSsl(HNETLIBCONN hConnection, const char *host); + +// negotiates SSL session, verifies cert, returns NULL if failed +EXTERN_C MIR_APP_DLL(HSSL) Netlib_SslConnect(SOCKET s, const char* host, int verify); + +// return true if there is either unsend or buffered received data (ie. after peek) +EXTERN_C MIR_APP_DLL(BOOL) Netlib_SslPending(HSSL ssl); + +// reads number of bytes, keeps in buffer if peek != 0 +EXTERN_C MIR_APP_DLL(int) Netlib_SslRead(HSSL ssl, char *buf, int num, int peek); + +// writes data to the SSL socket +EXTERN_C MIR_APP_DLL(int) Netlib_SslWrite(HSSL ssl, const char *buf, int num); + +// closes SSL session, but keeps socket open +EXTERN_C MIR_APP_DLL(void) Netlib_SslShutdown(HSSL ssl); + +// frees all data associated with the SSL socket +EXTERN_C MIR_APP_DLL(void) Netlib_SslFree(HSSL ssl); + +// gets TLS channel binging data for a socket +EXTERN_C MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen); + ///////////////////////////////////////////////////////////////////////////////////////// // WebSocket support diff --git a/include/m_ssl.h b/include/m_ssl.h deleted file mode 100644 index 3365aacf71..0000000000 --- a/include/m_ssl.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - -Miranda NG: the free IM client for Microsoft* Windows* - -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org) -Copyright (c) 2000-08 Miranda ICQ/IM project, -all portions of this codebase are copyrighted to the people -listed in contributors.txt. - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#ifndef M_SSL_H__ -#define M_SSL_H__ 1 - -#include - -#if !defined(HSSL_DEFINED) - DECLARE_HANDLE(HSSL); -#endif - -typedef HSSL (__cdecl *pfnConnect)(SOCKET s, const char* host, int verify); -typedef BOOL (__cdecl *pfnPending)(HSSL ssl); -typedef int (__cdecl *pfnRead)(HSSL ssl, char *buf, int num, int peek); -typedef int (__cdecl *pfnWrite)(HSSL ssl, const char *buf, int num); -typedef void (__cdecl *pfnShutdown)(HSSL ssl); -typedef void (__cdecl *pfnSfree)(HSSL ssl); -typedef void *(__cdecl *pfnUnique)(HSSL ssl, int *cbLen); - -struct SSL_API -{ - int cbSize; - - pfnConnect connect; - pfnPending pending; - pfnRead read; - pfnWrite write; - pfnShutdown shutdown; - pfnSfree sfree; - pfnUnique unique; -}; - -/* -a service to obtain the SSL API - -wParam = 0; -lParam = (LPARAM)(SSL_API*). - -returns TRUE if all is Ok, and FALSE otherwise -*/ - -#define MS_SYSTEM_GET_SI "Miranda/System/GetSslApi" - -__forceinline INT_PTR mir_getSI(SSL_API *dest) -{ - dest->cbSize = sizeof(*dest); - return CallService(MS_SYSTEM_GET_SI, 0, (LPARAM)dest); -} - -#endif // M_SSL_H__ diff --git a/include/newpluginapi.h b/include/newpluginapi.h index 515fda9205..21ec09fd54 100644 --- a/include/newpluginapi.h +++ b/include/newpluginapi.h @@ -83,7 +83,6 @@ MIR_APP_DLL(void) SetPluginOnWhiteList(const char *szPluginName, bool bAllow); #define MIID_AUTOAWAY {0x9c87f7dc, 0x3bd7, 0x4983, {0xb7, 0xfb, 0xb8, 0x48, 0xfd, 0xbc, 0x91, 0xf0}} #define MIID_USERONLINE {0x130829e0, 0x2463, 0x4ff8, {0xbb, 0xc8, 0xce, 0x73, 0xc0, 0x18, 0x84, 0x42}} #define MIID_CRYPTO {0x415ca6e1, 0x895f, 0x40e6, {0x87, 0xbd, 0x9b, 0x39, 0x60, 0x16, 0xd0, 0xe5}} -#define MIID_SSL {0x3bbbbd20, 0x20e6, 0x479b, {0xbd, 0x4b, 0xe8, 0x4d, 0xe2, 0x62, 0x71, 0x20}} #define MIID_POPUP {0xb275f4a4, 0xe347, 0x4515, {0xaf, 0x71, 0x77, 0xd0, 0x1e, 0xef, 0x54, 0x41}} ///////////////////////////////////////////////////////////////////////////////////////// diff --git a/libs/win32/mir_app.lib b/libs/win32/mir_app.lib index 78d3785dd6..6b49ba4a0c 100644 Binary files a/libs/win32/mir_app.lib and b/libs/win32/mir_app.lib differ diff --git a/libs/win64/mir_app.lib b/libs/win64/mir_app.lib index 8a29686761..65f2a15f86 100644 Binary files a/libs/win64/mir_app.lib and b/libs/win64/mir_app.lib differ diff --git a/plugins/OpenSSL/OpenSSL.vcxproj b/plugins/OpenSSL/OpenSSL.vcxproj deleted file mode 100644 index e7d62d396e..0000000000 --- a/plugins/OpenSSL/OpenSSL.vcxproj +++ /dev/null @@ -1,45 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - OpenSSL - {6C0C35E7-6522-403C-BB60-9805CDB9E52F} - - - - - - - - - Create - - - - - - - - - - libcrypto.lib;libssl.lib;crypt32.lib;%(AdditionalDependencies) - - - \ No newline at end of file diff --git a/plugins/OpenSSL/OpenSSL.vcxproj.filters b/plugins/OpenSSL/OpenSSL.vcxproj.filters deleted file mode 100644 index 990d0f77d6..0000000000 --- a/plugins/OpenSSL/OpenSSL.vcxproj.filters +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - Source Files - - - Source Files - - - Source Files - - - - - Header Files - - - Header Files - - - - - Resource Files - - - \ No newline at end of file diff --git a/plugins/OpenSSL/res/version.rc b/plugins/OpenSSL/res/version.rc deleted file mode 100644 index 5a5ddd63ed..0000000000 --- a/plugins/OpenSSL/res/version.rc +++ /dev/null @@ -1,9 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#ifdef APSTUDIO_INVOKED -#error this file is not editable by Microsoft Visual C++ -#endif //APSTUDIO_INVOKED - -#include "..\src\version.h" - -#include "..\..\build\Version.rc" diff --git a/plugins/OpenSSL/src/main.cpp b/plugins/OpenSSL/src/main.cpp deleted file mode 100644 index 32ccfff362..0000000000 --- a/plugins/OpenSSL/src/main.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* - -Standard encryption plugin for Miranda NG -Copyright (C) 2012-21 George Hazan - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along -with this program; if not, write to the Free Software Foundation, Inc., -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "stdafx.h" - -int LoadSslModule(void); -void UnloadSslModule(void); - -struct CMPlugin : public PLUGIN -{ - CMPlugin(); - - int Load() override; - int Unload() override; -} -g_plugin; - - -///////////////////////////////////////////////////////////////////////////////////////// - -PLUGININFOEX pluginInfoEx = { - sizeof(PLUGININFOEX), - __PLUGIN_NAME, - __VERSION_DWORD, - __DESCRIPTION, - __AUTHOR, - __COPYRIGHT, - __AUTHORWEB, - UNICODE_AWARE, - // {B649702C-13DE-408A-B6C2-FB8FED2A2C90} - { 0xb649702c, 0x13de, 0x408a, { 0xb6, 0xc2, 0xfb, 0x8f, 0xed, 0x2a, 0x2c, 0x90 } } -}; - -CMPlugin::CMPlugin() : - PLUGIN(nullptr, pluginInfoEx) -{} - -///////////////////////////////////////////////////////////////////////////////////////// - -extern "C" __declspec(dllexport) const MUUID MirandaInterfaces[] = { MIID_SSL, MIID_LAST }; - -///////////////////////////////////////////////////////////////////////////////////////// - -int CMPlugin::Load() -{ - return LoadSslModule(); -} - -///////////////////////////////////////////////////////////////////////////////////////// - -int CMPlugin::Unload() -{ - UnloadSslModule(); - return 0; -} diff --git a/plugins/OpenSSL/src/ssl_openssl.cpp b/plugins/OpenSSL/src/ssl_openssl.cpp deleted file mode 100644 index 497d58a4e0..0000000000 --- a/plugins/OpenSSL/src/ssl_openssl.cpp +++ /dev/null @@ -1,417 +0,0 @@ -/* - -Miranda NG: the free IM client for Microsoft* Windows* - -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org), -Copyright (c) 2000-12 Miranda IM project, -all portions of this codebase are copyrighted to the people -listed in contributors.txt. - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include "stdafx.h" -#include - -static HANDLE g_hSslMutex; -static bool bSslInitDone; - -enum SocketState -{ - sockOpen, - sockClosed, - sockError -}; - -struct SslHandle : public MZeroedObject -{ - ~SslHandle() - { - if (session) - SSL_free(session); - if (ctx) - SSL_CTX_free(ctx); - } - - SOCKET s; - SSL_CTX *ctx; - SSL *session; - SocketState state; -}; - -static void SSL_library_unload(void) -{ - /* Load Library Pointers */ - if (!bSslInitDone) - return; - - WaitForSingleObject(g_hSslMutex, INFINITE); - - bSslInitDone = false; - ReleaseMutex(g_hSslMutex); -} - -static bool SSL_library_load(void) -{ - /* Load Library Pointers */ - if (bSslInitDone) - return true; - - WaitForSingleObject(g_hSslMutex, INFINITE); - - if (!bSslInitDone) { // init OpenSSL - SSL_library_init(); - SSL_load_error_strings(); - // FIXME check errors - - bSslInitDone = true; - } - - return bSslInitDone; -} - -const char* SSL_GetCipherName(SslHandle *ssl) -{ - if (!ssl || !ssl->session) - return nullptr; - - return SSL_CIPHER_get_name(SSL_get_current_cipher(ssl->session)); -} - -static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) -{ - CMStringW tszMsg(FORMAT, L"SSL connection failure(%x %u) :", scRet, line); - - switch (scRet) { - case 0: - case ERROR_NOT_READY: - return; - - case SEC_E_INVALID_TOKEN: - tszMsg += TranslateW_LP(L"Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"); - break; - - case CERT_E_CN_NO_MATCH: - case SEC_E_WRONG_PRINCIPAL: - tszMsg += TranslateW_LP(L"Host we are connecting to is not the one certificate was issued for"); - break; - - default: - wchar_t szMsgBuf[256]; - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, nullptr, scRet, LANG_USER_DEFAULT, szMsgBuf, _countof(szMsgBuf), nullptr); - tszMsg += szMsgBuf; - } - - Netlib_LogfW(nullptr, tszMsg); - - SetLastError(scRet); - PUShowMessageW(tszMsg.GetBuffer(), SM_WARNING); -} - -void NetlibSslFree(SslHandle *ssl) -{ - delete ssl; -} - -BOOL NetlibSslPending(HSSL ssl) -{ - /* return true if there is either unsend or buffered received data (ie. after peek) */ - return ssl && ssl->session && (SSL_pending(ssl->session) > 0); -} - -static bool ClientConnect(SslHandle *ssl, const char*) -{ - SSL_METHOD *meth = (SSL_METHOD*)SSLv23_client_method(); - - // contrary to what it's named, SSLv23 announces all supported ciphers/versions, - // generally TLS1.2 in a TLS1.0 Client Hello - if (!meth) { - Netlib_Logf(nullptr, "SSL setup failure: client method"); - return false; - } - ssl->ctx = SSL_CTX_new(meth); - if (!ssl->ctx) { - Netlib_Logf(nullptr, "SSL setup failure: context"); - return false; - } - - // SSL_read/write should transparently handle renegotiations - SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr); - - RAND_screen(); - ssl->session = SSL_new(ssl->ctx); - if (!ssl->session) { - Netlib_Logf(nullptr, "SSL setup failure: session"); - return false; - } - SSL_set_fd(ssl->session, ssl->s); - - int err = SSL_connect(ssl->session); - - if (err != 1) { - err = SSL_get_error(ssl->session, err); - Netlib_Logf(nullptr, "SSL negotiation failure (%d)", err); - return false; - } - - const char *suite = SSL_GetCipherName(ssl); - if (suite != nullptr) - Netlib_Logf(nullptr, "SSL established with %s", suite); - return true; -} - -static PCCERT_CONTEXT SSL_X509ToCryptCert(X509 * x509) -{ - unsigned char *buf = nullptr; - PCCERT_CONTEXT pCertContext = nullptr; - - int len = i2d_X509(x509, &buf); - if ((len >= 0) && buf) { - pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, len); - - CRYPTO_free(buf, __FILE__, __LINE__); - } - return pCertContext; -} - -static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) -{ - /* convert the active certificate chain provided in the handshake of 'session' into - the format used by CryptAPI. - */ - PCCERT_CONTEXT anchor = nullptr; - // create cert store - HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, nullptr); - - if (store) { - X509 *server_cert = SSL_get_peer_certificate(session); - if (server_cert) { - // add the server's cert first, to make sure CryptAPI builds the correct chain - PCCERT_CONTEXT primary_cert; - BOOL ok = CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(server_cert), CERT_STORE_ADD_ALWAYS, &primary_cert); - if (ok && primary_cert) { - // add all remaining certs to store (note: stack needs not be freed, it is not a copy) - STACK_OF(X509) *server_chain = SSL_get_peer_cert_chain(session); - if (server_chain) { - for (int i = 0; i < OPENSSL_sk_num((OPENSSL_STACK *)server_chain); i++) { - X509 *next_cert = (X509 *)OPENSSL_sk_value((OPENSSL_STACK *)server_chain, i); - CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(next_cert), CERT_STORE_ADD_USE_EXISTING, nullptr); - } - } - - // return primary cert; MUST be freed by caller which will free the associated store - anchor = primary_cert; - } - else { - if (primary_cert) - CertFreeCertificateContext(primary_cert); - } - - X509_free(server_cert); - } - - CertCloseStore(store, 0); - } - - return anchor; -} - -static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertFlags) -{ - static LPSTR rgszUsages[] = - { - szOID_PKIX_KP_SERVER_AUTH, - szOID_SERVER_GATED_CRYPTO, - szOID_SGC_NETSCAPE - }; - - CERT_CHAIN_PARA ChainPara = { 0 }; - HTTPSPolicyCallbackData polHttps = { 0 }; - CERT_CHAIN_POLICY_PARA PolicyPara = { 0 }; - CERT_CHAIN_POLICY_STATUS PolicyStatus = { 0 }; - PCCERT_CHAIN_CONTEXT pChainContext = nullptr; - PCCERT_CONTEXT pServerCert = nullptr; - DWORD scRet; - - PWSTR pwszServerName = mir_a2u(pszServerName); - - pServerCert = SSL_CertChainToCryptAnchor(ssl->session); - - if (pServerCert == nullptr) { - scRet = SEC_E_WRONG_PRINCIPAL; - goto cleanup; - } - - ChainPara.cbSize = sizeof(ChainPara); - ChainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; - ChainPara.RequestedUsage.Usage.cUsageIdentifier = _countof(rgszUsages); - ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = rgszUsages; - if (!CertGetCertificateChain(nullptr, pServerCert, nullptr, pServerCert->hCertStore, - &ChainPara, 0, nullptr, &pChainContext)) { - scRet = GetLastError(); - goto cleanup; - } - - polHttps.cbStruct = sizeof(HTTPSPolicyCallbackData); - polHttps.dwAuthType = AUTHTYPE_SERVER; - polHttps.fdwChecks = dwCertFlags; - polHttps.pwszServerName = pwszServerName; - - PolicyPara.cbSize = sizeof(PolicyPara); - PolicyPara.pvExtraPolicyPara = &polHttps; - - PolicyStatus.cbSize = sizeof(PolicyStatus); - - if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, pChainContext, - &PolicyPara, &PolicyStatus)) { - scRet = GetLastError(); - goto cleanup; - } - - if (PolicyStatus.dwError) { - scRet = PolicyStatus.dwError; - goto cleanup; - } - - scRet = SEC_E_OK; - -cleanup: - if (pChainContext) - CertFreeCertificateChain(pChainContext); - if (pServerCert) - CertFreeCertificateContext(pServerCert); - mir_free(pwszServerName); - - ReportSslError(scRet, __LINE__, true); - return scRet == SEC_E_OK; -} - -SslHandle* NetlibSslConnect(SOCKET s, const char* host, int verify) -{ - /* negotiate SSL session, verify cert, return NULL if failed */ - - SslHandle *ssl = new SslHandle(); - ssl->s = s; - bool res = ClientConnect(ssl, host); - - if (res && verify) { - DWORD dwFlags = 0; - if (!host || inet_addr(host) != INADDR_NONE) - dwFlags |= 0x00001000; - res = VerifyCertificate(ssl, host, dwFlags); - } - - if (res) - return ssl; - - delete ssl; - return nullptr; -} - -void NetlibSslShutdown(SslHandle *ssl) -{ - /* Close SSL session, but keep socket open */ - if (ssl == nullptr || ssl->session == nullptr) - return; - - SSL_shutdown(ssl->session); -} - -int NetlibSslRead(SslHandle *ssl, char *buf, int num, int peek) -{ - /* read number of bytes, keep in buffer if peek!=0 */ - if (!ssl || !ssl->session) return SOCKET_ERROR; - if (num <= 0) return 0; - - int err = 0; - if (peek) - err = SSL_peek(ssl->session, buf, num); - else - err = SSL_read(ssl->session, buf, num); - - if (err <= 0) { - int err2 = SSL_get_error(ssl->session, err); - if (err2 == SSL_ERROR_ZERO_RETURN) { - Netlib_Logf(nullptr, "SSL connection gracefully closed"); - ssl->state = sockClosed; - return 0; - } - - Netlib_Logf(nullptr, "SSL failure recieving data (%d, %d, %d)", err, err2, WSAGetLastError()); - ssl->state = sockError; - return SOCKET_ERROR; - } - - return err; -} - -int NetlibSslWrite(SslHandle *ssl, const char *buf, int num) -{ - /* write number of bytes */ - if (!ssl || !ssl->session) return SOCKET_ERROR; - if (num <= 0) return 0; - - int err = SSL_write(ssl->session, buf, num); - if (err > 0) - return err; - - int err2 = SSL_get_error(ssl->session, err); - switch (err2) { - case SSL_ERROR_ZERO_RETURN: - Netlib_Logf(nullptr, "SSL connection gracefully closed"); - ssl->state = sockClosed; - break; - default: - Netlib_Logf(nullptr, "SSL failure sending data (%d, %d, %d)", err, err2, WSAGetLastError()); - ssl->state = sockError; - return SOCKET_ERROR; - } - return 0; -} - -static INT_PTR GetSslApi(WPARAM, LPARAM lParam) -{ - SSL_API *pSsl = (SSL_API*)lParam; - if (pSsl == nullptr) - return FALSE; - - if (pSsl->cbSize != sizeof(SSL_API)) - return FALSE; - - pSsl->connect = NetlibSslConnect; - pSsl->pending = NetlibSslPending; - pSsl->read = NetlibSslRead; - pSsl->write = NetlibSslWrite; - pSsl->shutdown = NetlibSslShutdown; - pSsl->sfree = NetlibSslFree; - return TRUE; -} - -int LoadSslModule(void) -{ - if (!SSL_library_load()) { - MessageBoxW(nullptr, TranslateW_LP(L"OpenSSL library loading failed"), TranslateW_LP(L"OpenSSL error"), MB_ICONERROR | MB_OK); - return 1; - } - CreateServiceFunction(MS_SYSTEM_GET_SI, GetSslApi); - g_hSslMutex = CreateMutex(nullptr, FALSE, nullptr); - return 0; -} - -void UnloadSslModule(void) -{ - SSL_library_unload(); - CloseHandle(g_hSslMutex); -} diff --git a/plugins/OpenSSL/src/stdafx.cxx b/plugins/OpenSSL/src/stdafx.cxx deleted file mode 100644 index f70c8f3ec0..0000000000 --- a/plugins/OpenSSL/src/stdafx.cxx +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org) - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation version 2 -of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -*/ - -#include "stdafx.h" \ No newline at end of file diff --git a/plugins/OpenSSL/src/stdafx.h b/plugins/OpenSSL/src/stdafx.h deleted file mode 100644 index fa2c4a3fd0..0000000000 --- a/plugins/OpenSSL/src/stdafx.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - -Miranda NG: the free IM client for Microsoft* Windows* - -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org), -Copyright (c) 2000-12 Miranda IM project, -all portions of this codebase are copyrighted to the people -listed in contributors.txt. - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#pragma once - -#define SECURITY_WIN32 -#define HSSL_DEFINED - -typedef struct SslHandle *HSSL; - -#include -#include - -#define DELAYIMP_INSECURE_WRITABLE_HOOKS -#include - -#include -#include -#include -#include - -#include -#include - -#include "version.h" diff --git a/plugins/OpenSSL/src/version.h b/plugins/OpenSSL/src/version.h deleted file mode 100644 index b706465fe3..0000000000 --- a/plugins/OpenSSL/src/version.h +++ /dev/null @@ -1,13 +0,0 @@ -#define __MAJOR_VERSION 0 -#define __MINOR_VERSION 1 -#define __RELEASE_NUM 0 -#define __BUILD_NUM 2 - -#include - -#define __PLUGIN_NAME "OpenSSL SSL API module" -#define __FILENAME "OpenSSL.dll" -#define __DESCRIPTION "Core driver to provide OpenSSL-based SSL services. It provides TLS 1.2/1.3 support for legacy operating systems." -#define __AUTHOR "Miranda NG team" -#define __AUTHORWEB "https://miranda-ng.org/p/OpenSSL/" -#define __COPYRIGHT "© 2014-21 Miranda NG team" diff --git a/plugins/PluginUpdater/src/DlgUpdate.cpp b/plugins/PluginUpdater/src/DlgUpdate.cpp index e177fe13ec..569757fc63 100644 --- a/plugins/PluginUpdater/src/DlgUpdate.cpp +++ b/plugins/PluginUpdater/src/DlgUpdate.cpp @@ -572,6 +572,7 @@ static renameTable[] = { L"stdidle.dll", nullptr }, { L"stdhelp.dll", nullptr }, { L"stdauth.dll", nullptr }, + { L"stdssl.dll", nullptr }, { L"advaimg.dll", nullptr }, { L"aim.dll", nullptr }, @@ -591,6 +592,7 @@ static renameTable[] = { L"msvcp100.dll", nullptr }, { L"msvcr100.dll", nullptr }, { L"mtextcontrol.dll", nullptr }, + { L"openssl.dll", nullptr }, { L"sms.dll", nullptr }, { L"tlen.dll", nullptr }, { L"whatsapp.dll", nullptr }, diff --git a/protocols/Gadu-Gadu/src/gg.cpp b/protocols/Gadu-Gadu/src/gg.cpp index cb5bda1bc6..1ac8dae385 100644 --- a/protocols/Gadu-Gadu/src/gg.cpp +++ b/protocols/Gadu-Gadu/src/gg.cpp @@ -24,7 +24,6 @@ #include // Other variables -SSL_API sslApi; CMPlugin g_plugin; static unsigned long crc_table[256]; @@ -203,9 +202,6 @@ void GaduProto::cleanuplastplugin(DWORD version) // static int gg_modulesloaded(WPARAM, LPARAM) { - // Get SSL API - mir_getSI(&sslApi); - // File Association Manager support gg_links_init(); diff --git a/protocols/Gadu-Gadu/src/gg.h b/protocols/Gadu-Gadu/src/gg.h index a3f0a1278e..40b8ac3413 100644 --- a/protocols/Gadu-Gadu/src/gg.h +++ b/protocols/Gadu-Gadu/src/gg.h @@ -262,7 +262,6 @@ struct GaduProto; extern PLUGININFOEX pluginInfoEx; extern IconItem iconList[]; -extern SSL_API sslApi; ///////////////////////////////////////////////// // Methods diff --git a/protocols/Gadu-Gadu/src/libgadu/events.cpp b/protocols/Gadu-Gadu/src/libgadu/events.cpp index 2374ade04c..078e19811e 100644 --- a/protocols/Gadu-Gadu/src/libgadu/events.cpp +++ b/protocols/Gadu-Gadu/src/libgadu/events.cpp @@ -69,8 +69,6 @@ #endif #endif -extern SSL_API sslApi; - /** * Zwalnia pamięć zajmowaną przez informację o zdarzeniu. * @@ -795,7 +793,7 @@ struct gg_event *gg_watch_fd(struct gg_session *sess) { gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd() GG_STATE_TLS_NEGOTIATION\n"); - sess->ssl = sslApi.connect(sess->fd, 0, 0); + sess->ssl = Netlib_SslConnect(sess->fd, 0, 0); if (sess->ssl == NULL) { gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd() TLS negotiation failed\n"); diff --git a/protocols/Gadu-Gadu/src/libgadu/libgadu.cpp b/protocols/Gadu-Gadu/src/libgadu/libgadu.cpp index 931d55810d..405197401b 100644 --- a/protocols/Gadu-Gadu/src/libgadu/libgadu.cpp +++ b/protocols/Gadu-Gadu/src/libgadu/libgadu.cpp @@ -78,8 +78,6 @@ #endif #endif -extern SSL_API sslApi; - /** * Port gniazda nasłuchującego dla połączeń bezpośrednich. * @@ -297,7 +295,7 @@ int gg_read(struct gg_session *sess, char *buf, int length) #ifdef GG_CONFIG_MIRANDA if (sess->ssl != NULL) - return sslApi.read(sess->ssl, buf, length, 0); + return Netlib_SslRead(sess->ssl, buf, length, 0); #elif GG_CONFIG_HAVE_GNUTLS if (sess->ssl != NULL) { for (;;) { @@ -376,7 +374,7 @@ static int gg_write_common(struct gg_session *sess, const char *buf, int length) #ifdef GG_CONFIG_MIRANDA if (sess->ssl != NULL) - return sslApi.write(sess->ssl, buf, length); + return Netlib_SslWrite(sess->ssl, buf, length); #elif GG_CONFIG_HAVE_GNUTLS if (sess->ssl != NULL) { for (;;) { @@ -1135,7 +1133,7 @@ void gg_logoff(struct gg_session *sess) #ifdef GG_CONFIG_MIRANDA if (sess->ssl != NULL) - sslApi.shutdown(sess->ssl); + Netlib_SslShutdown(sess->ssl); #elif GG_CONFIG_HAVE_GNUTLS if (sess->ssl != NULL) gnutls_bye(GG_SESSION_GNUTLS(sess), GNUTLS_SHUT_RDWR); @@ -1185,7 +1183,7 @@ void gg_free_session(struct gg_session *sess) #ifdef GG_CONFIG_MIRANDA if (sess->ssl != NULL) - sslApi.sfree(sess->ssl); + Netlib_SslFree(sess->ssl); #elif GG_CONFIG_HAVE_GNUTLS if (sess->ssl != NULL) { gg_session_gnutls_t *tmp; diff --git a/protocols/Gadu-Gadu/src/libgadu/libgadu.h b/protocols/Gadu-Gadu/src/libgadu/libgadu.h index 8c5e8e626a..0c269fefc7 100644 --- a/protocols/Gadu-Gadu/src/libgadu/libgadu.h +++ b/protocols/Gadu-Gadu/src/libgadu/libgadu.h @@ -37,7 +37,7 @@ #define GG_CONFIG_MIRANDA #ifdef GG_CONFIG_MIRANDA -#include + #include #endif diff --git a/src/core/stdssl/CMakeLists.txt b/src/core/stdssl/CMakeLists.txt deleted file mode 100644 index 6b2c0a91d0..0000000000 --- a/src/core/stdssl/CMakeLists.txt +++ /dev/null @@ -1,3 +0,0 @@ -set(TARGET StdSSL) -include(${CMAKE_SOURCE_DIR}/cmake/core.cmake) -target_link_libraries(${TARGET} ws2_32.lib secur32.lib crypt32.lib) \ No newline at end of file diff --git a/src/core/stdssl/res/version.rc b/src/core/stdssl/res/version.rc deleted file mode 100644 index 5a5ddd63ed..0000000000 --- a/src/core/stdssl/res/version.rc +++ /dev/null @@ -1,9 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#ifdef APSTUDIO_INVOKED -#error this file is not editable by Microsoft Visual C++ -#endif //APSTUDIO_INVOKED - -#include "..\src\version.h" - -#include "..\..\build\Version.rc" diff --git a/src/core/stdssl/src/main.cpp b/src/core/stdssl/src/main.cpp deleted file mode 100644 index 78ec6e2e05..0000000000 --- a/src/core/stdssl/src/main.cpp +++ /dev/null @@ -1,57 +0,0 @@ -/* - -Standard SSL driver for Miranda NG - -Copyright (c) 2014-21 Miranda NG team (https://miranda-ng.org) - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along -with this program; if not, write to the Free Software Foundation, Inc., -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "stdafx.h" - -int LoadSslModule(void); -void UnloadSslModule(void); - -CMPlugin g_plugin; - -PLUGININFOEX pluginInfoEx = { - sizeof(PLUGININFOEX), - __PLUGIN_NAME, - MIRANDA_VERSION_DWORD, - __DESCRIPTION, - __AUTHOR, - __COPYRIGHT, - __AUTHORWEB, - UNICODE_AWARE, - // { 312C4F84 - 75BE - 4404 - BCB1 - C103DBE5A3B8 } - { 0x312C4F84, 0x75BE, 0x4404, {0xBC, 0xB1, 0xC1, 0x03, 0xDB, 0xE5, 0xA3, 0xB8 }} -}; - -CMPlugin::CMPlugin() : - PLUGIN(nullptr, pluginInfoEx) -{} - -extern "C" __declspec(dllexport) const MUUID MirandaInterfaces[] = { MIID_SSL, MIID_LAST }; - -int CMPlugin::Load() -{ - return LoadSslModule(); -} - -int CMPlugin::Unload() -{ - UnloadSslModule(); - return 0; -} diff --git a/src/core/stdssl/src/netlibssl.cpp b/src/core/stdssl/src/netlibssl.cpp deleted file mode 100644 index 5107875790..0000000000 --- a/src/core/stdssl/src/netlibssl.cpp +++ /dev/null @@ -1,833 +0,0 @@ -/* - -Miranda NG: the free IM client for Microsoft* Windows* - -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org), -Copyright (c) 2000-12 Miranda IM project, -all portions of this codebase are copyrighted to the people -listed in contributors.txt. - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#include "stdafx.h" - -typedef BOOL (*SSL_EMPTY_CACHE_FN_M)(VOID); - -static HMODULE g_hSchannel; -static PSecurityFunctionTable g_pSSPI; -static HANDLE g_hSslMutex; -static SSL_EMPTY_CACHE_FN_M MySslEmptyCache; -static CredHandle hCreds; -static bool bSslInitDone; - -typedef enum -{ - sockOpen, - sockClosed, - sockError -} SocketState; - - -struct SslHandle -{ - SOCKET s; - - CtxtHandle hContext; - - BYTE *pbRecDataBuf; - int cbRecDataBuf; - int sbRecDataBuf; - - BYTE *pbIoBuffer; - int cbIoBuffer; - int sbIoBuffer; - - SocketState state; -}; - -static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) -{ - wchar_t szMsgBuf[256]; - switch (scRet) { - case 0: - case ERROR_NOT_READY: - return; - - case SEC_E_INVALID_TOKEN: - wcsncpy_s(szMsgBuf, TranslateT("Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"), _TRUNCATE); - break; - - case CERT_E_CN_NO_MATCH: - case SEC_E_WRONG_PRINCIPAL: - wcsncpy_s(szMsgBuf, TranslateT("Host we are connecting to is not the one certificate was issued for"), _TRUNCATE); - break; - - default: - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, nullptr, scRet, LANG_USER_DEFAULT, szMsgBuf, _countof(szMsgBuf), nullptr); - } - - wchar_t szMsgBuf2[512]; - mir_snwprintf(szMsgBuf2, L"SSL connection failure (%x %u): %s", scRet, line, szMsgBuf); - - char* szMsg = mir_utf8encodeW(szMsgBuf2); - Netlib_Logf(nullptr, szMsg); - mir_free(szMsg); - - SetLastError(scRet); - PUShowMessageW(szMsgBuf2, SM_WARNING); -} - -static bool AcquireCredentials(void) -{ - SCHANNEL_CRED SchannelCred; - TimeStamp tsExpiry; - SECURITY_STATUS scRet; - - memset(&SchannelCred, 0, sizeof(SchannelCred)); - - SchannelCred.dwVersion = SCHANNEL_CRED_VERSION; - SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1_X_CLIENTS; - SchannelCred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS | SCH_CRED_MANUAL_CRED_VALIDATION; - - // Create an SSPI credential. - scRet = g_pSSPI->AcquireCredentialsHandle( - nullptr, // Name of principal - UNISP_NAME, // Name of package - SECPKG_CRED_OUTBOUND, // Flags indicating use - nullptr, // Pointer to logon ID - &SchannelCred, // Package specific data - nullptr, // Pointer to GetKey() func - nullptr, // Value to pass to GetKey() - &hCreds, // (out) Cred Handle - &tsExpiry); // (out) Lifetime (optional) - - ReportSslError(scRet, __LINE__); - return scRet == SEC_E_OK; -} - -static bool SSL_library_init(void) -{ - if (bSslInitDone) - return true; - - WaitForSingleObject(g_hSslMutex, INFINITE); - - g_pSSPI = InitSecurityInterface(); - if (g_pSSPI) { - g_hSchannel = LoadLibraryA("schannel.dll"); - if (g_hSchannel) - MySslEmptyCache = (SSL_EMPTY_CACHE_FN_M)GetProcAddress(g_hSchannel, "SslEmptyCache"); - AcquireCredentials(); - bSslInitDone = true; - } - - ReleaseMutex(g_hSslMutex); - return bSslInitDone; -} - -void NetlibSslFree(SslHandle *ssl) -{ - if (ssl == nullptr) return; - - g_pSSPI->DeleteSecurityContext(&ssl->hContext); - - mir_free(ssl->pbRecDataBuf); - mir_free(ssl->pbIoBuffer); - memset(ssl, 0, sizeof(SslHandle)); - mir_free(ssl); -} - -BOOL NetlibSslPending(SslHandle *ssl) -{ - return ssl != nullptr && (ssl->cbRecDataBuf != 0 || ssl->cbIoBuffer != 0); -} - -static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertFlags) -{ - static LPSTR rgszUsages[] = - { - szOID_PKIX_KP_SERVER_AUTH, - szOID_SERVER_GATED_CRYPTO, - szOID_SGC_NETSCAPE - }; - - CERT_CHAIN_PARA ChainPara = { 0 }; - HTTPSPolicyCallbackData polHttps = { 0 }; - CERT_CHAIN_POLICY_PARA PolicyPara = { 0 }; - CERT_CHAIN_POLICY_STATUS PolicyStatus = { 0 }; - PCCERT_CHAIN_CONTEXT pChainContext = nullptr; - PCCERT_CONTEXT pServerCert = nullptr; - DWORD scRet; - - PWSTR pwszServerName = mir_a2u(pszServerName); - - scRet = g_pSSPI->QueryContextAttributes(&ssl->hContext, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &pServerCert); - if (scRet != SEC_E_OK) - goto cleanup; - - if (pServerCert == nullptr) { - scRet = SEC_E_WRONG_PRINCIPAL; - goto cleanup; - } - - ChainPara.cbSize = sizeof(ChainPara); - ChainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; - ChainPara.RequestedUsage.Usage.cUsageIdentifier = _countof(rgszUsages); - ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = rgszUsages; - - if (!CertGetCertificateChain(nullptr, pServerCert, nullptr, pServerCert->hCertStore, &ChainPara, 0, nullptr, &pChainContext)) { - scRet = GetLastError(); - goto cleanup; - } - - polHttps.cbStruct = sizeof(HTTPSPolicyCallbackData); - polHttps.dwAuthType = AUTHTYPE_SERVER; - polHttps.fdwChecks = dwCertFlags; - polHttps.pwszServerName = pwszServerName; - - PolicyPara.cbSize = sizeof(PolicyPara); - PolicyPara.pvExtraPolicyPara = &polHttps; - - PolicyStatus.cbSize = sizeof(PolicyStatus); - - if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, pChainContext, &PolicyPara, &PolicyStatus)) { - scRet = GetLastError(); - goto cleanup; - } - - if (PolicyStatus.dwError) { - scRet = PolicyStatus.dwError; - goto cleanup; - } - - scRet = SEC_E_OK; - -cleanup: - if (pChainContext) - CertFreeCertificateChain(pChainContext); - if (pServerCert) - CertFreeCertificateContext(pServerCert); - mir_free(pwszServerName); - - ReportSslError(scRet, __LINE__, true); - return scRet == SEC_E_OK; -} - -static SECURITY_STATUS ClientHandshakeLoop(SslHandle *ssl, BOOL fDoInitialRead) -{ - DWORD dwSSPIFlags = - ISC_REQ_SEQUENCE_DETECT | - ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | - ISC_REQ_EXTENDED_ERROR | - ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; - - ssl->cbIoBuffer = 0; - - BOOL fDoRead = fDoInitialRead; - - SECURITY_STATUS scRet = SEC_I_CONTINUE_NEEDED; - - // Loop until the handshake is finished or an error occurs. - while (scRet == SEC_I_CONTINUE_NEEDED || scRet == SEC_E_INCOMPLETE_MESSAGE || scRet == SEC_I_INCOMPLETE_CREDENTIALS) { - // Read server data - if (0 == ssl->cbIoBuffer || scRet == SEC_E_INCOMPLETE_MESSAGE) { - if (fDoRead) { - static const TIMEVAL tv = { 6, 0 }; - fd_set fd; - - // If buffer not large enough reallocate buffer - if (ssl->sbIoBuffer <= ssl->cbIoBuffer) { - ssl->sbIoBuffer += 4096; - ssl->pbIoBuffer = (PUCHAR)mir_realloc(ssl->pbIoBuffer, ssl->sbIoBuffer); - } - - FD_ZERO(&fd); - FD_SET(ssl->s, &fd); - if (select(1, &fd, nullptr, nullptr, &tv) != 1) { - Netlib_Logf(nullptr, "SSL Negotiation failure recieving data (timeout) (bytes %u)", ssl->cbIoBuffer); - scRet = ERROR_NOT_READY; - break; - } - - DWORD cbData = recv(ssl->s, (char*)ssl->pbIoBuffer + ssl->cbIoBuffer, ssl->sbIoBuffer - ssl->cbIoBuffer, 0); - if (cbData == SOCKET_ERROR) { - Netlib_Logf(nullptr, "SSL Negotiation failure recieving data (%d)", WSAGetLastError()); - scRet = ERROR_NOT_READY; - break; - } - if (cbData == 0) { - Netlib_Logf(nullptr, "SSL Negotiation connection gracefully closed"); - scRet = ERROR_NOT_READY; - break; - } - - ssl->cbIoBuffer += cbData; - } - else fDoRead = TRUE; - } - - // Set up the input buffers. Buffer 0 is used to pass in data - // received from the server. Schannel will consume some or all - // of this. Leftover data (if any) will be placed in buffer 1 and - // given a buffer type of SECBUFFER_EXTRA. - - SecBuffer InBuffers[2]; - InBuffers[0].pvBuffer = ssl->pbIoBuffer; - InBuffers[0].cbBuffer = ssl->cbIoBuffer; - InBuffers[0].BufferType = SECBUFFER_TOKEN; - - InBuffers[1].pvBuffer = nullptr; - InBuffers[1].cbBuffer = 0; - InBuffers[1].BufferType = SECBUFFER_EMPTY; - - SecBufferDesc InBuffer; - InBuffer.cBuffers = _countof(InBuffers); - InBuffer.pBuffers = InBuffers; - InBuffer.ulVersion = SECBUFFER_VERSION; - - // Set up the output buffers. These are initialized to NULL - // so as to make it less likely we'll attempt to free random - // garbage later. - - SecBuffer OutBuffers[1]; - OutBuffers[0].pvBuffer = nullptr; - OutBuffers[0].BufferType = SECBUFFER_TOKEN; - OutBuffers[0].cbBuffer = 0; - - SecBufferDesc OutBuffer; - OutBuffer.cBuffers = _countof(OutBuffers); - OutBuffer.pBuffers = OutBuffers; - OutBuffer.ulVersion = SECBUFFER_VERSION; - - TimeStamp tsExpiry; - DWORD dwSSPIOutFlags; - scRet = g_pSSPI->InitializeSecurityContext(&hCreds, &ssl->hContext, nullptr, dwSSPIFlags, 0, 0, - &InBuffer, 0, nullptr, &OutBuffer, &dwSSPIOutFlags, &tsExpiry); - - // If success (or if the error was one of the special extended ones), - // send the contents of the output buffer to the server. - if (scRet == SEC_E_OK || scRet == SEC_I_CONTINUE_NEEDED || (FAILED(scRet) && (dwSSPIOutFlags & ISC_RET_EXTENDED_ERROR))) { - if (OutBuffers[0].cbBuffer != 0 && OutBuffers[0].pvBuffer != nullptr) { - DWORD cbData = send(ssl->s, (char*)OutBuffers[0].pvBuffer, OutBuffers[0].cbBuffer, 0); - if (cbData == SOCKET_ERROR || cbData == 0) { - Netlib_Logf(nullptr, "SSL Negotiation failure sending data (%d)", WSAGetLastError()); - g_pSSPI->FreeContextBuffer(OutBuffers[0].pvBuffer); - return SEC_E_INTERNAL_ERROR; - } - - // Free output buffer. - g_pSSPI->FreeContextBuffer(OutBuffers[0].pvBuffer); - OutBuffers[0].pvBuffer = nullptr; - } - } - - // we need to read more data from the server and try again. - if (scRet == SEC_E_INCOMPLETE_MESSAGE) - continue; - - // handshake completed successfully. - if (scRet == SEC_E_OK) { - // Store remaining data for further use - if (InBuffers[1].BufferType == SECBUFFER_EXTRA) { - memmove(ssl->pbIoBuffer, ssl->pbIoBuffer + (ssl->cbIoBuffer - InBuffers[1].cbBuffer), InBuffers[1].cbBuffer); - ssl->cbIoBuffer = InBuffers[1].cbBuffer; - } - else ssl->cbIoBuffer = 0; - break; - } - - // Check for fatal error. - if (FAILED(scRet)) break; - - // server just requested client authentication. - if (scRet == SEC_I_INCOMPLETE_CREDENTIALS) { - // Server has requested client authentication and - // GetNewClientCredentials(ssl); - - // Go around again. - fDoRead = FALSE; - scRet = SEC_I_CONTINUE_NEEDED; - continue; - } - - // Copy any leftover data from the buffer, and go around again. - if (InBuffers[1].BufferType == SECBUFFER_EXTRA) { - memmove(ssl->pbIoBuffer, ssl->pbIoBuffer + (ssl->cbIoBuffer - InBuffers[1].cbBuffer), InBuffers[1].cbBuffer); - ssl->cbIoBuffer = InBuffers[1].cbBuffer; - } - else ssl->cbIoBuffer = 0; - } - - // Delete the security context in the case of a fatal error. - ReportSslError(scRet, __LINE__); - - if (ssl->cbIoBuffer == 0) { - mir_free(ssl->pbIoBuffer); - ssl->pbIoBuffer = nullptr; - ssl->sbIoBuffer = 0; - } - - return scRet; -} - -static bool ClientConnect(SslHandle *ssl, const char *host) -{ - if (SecIsValidHandle(&ssl->hContext)) { - g_pSSPI->DeleteSecurityContext(&ssl->hContext); - SecInvalidateHandle(&ssl->hContext); - } - - if (MySslEmptyCache) MySslEmptyCache(); - - DWORD dwSSPIFlags = ISC_REQ_SEQUENCE_DETECT | - ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | - ISC_REQ_EXTENDED_ERROR | - ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; - - // Initiate a ClientHello message and generate a token. - SecBuffer OutBuffers[1]; - OutBuffers[0].pvBuffer = nullptr; - OutBuffers[0].BufferType = SECBUFFER_TOKEN; - OutBuffers[0].cbBuffer = 0; - - SecBufferDesc OutBuffer; - OutBuffer.cBuffers = _countof(OutBuffers); - OutBuffer.pBuffers = OutBuffers; - OutBuffer.ulVersion = SECBUFFER_VERSION; - - TimeStamp tsExpiry; - DWORD dwSSPIOutFlags; - SECURITY_STATUS scRet = g_pSSPI->InitializeSecurityContext(&hCreds, nullptr, _A2T(host), dwSSPIFlags, 0, 0, nullptr, 0, - &ssl->hContext, &OutBuffer, &dwSSPIOutFlags, &tsExpiry); - if (scRet != SEC_I_CONTINUE_NEEDED) { - ReportSslError(scRet, __LINE__); - return 0; - } - - // Send response to server if there is one. - if (OutBuffers[0].cbBuffer != 0 && OutBuffers[0].pvBuffer != nullptr) { - DWORD cbData = send(ssl->s, (char*)OutBuffers[0].pvBuffer, OutBuffers[0].cbBuffer, 0); - if (cbData == SOCKET_ERROR || cbData == 0) { - Netlib_Logf(nullptr, "SSL failure sending connection data (%d %d)", ssl->s, WSAGetLastError()); - g_pSSPI->FreeContextBuffer(OutBuffers[0].pvBuffer); - return 0; - } - - // Free output buffer. - g_pSSPI->FreeContextBuffer(OutBuffers[0].pvBuffer); - OutBuffers[0].pvBuffer = nullptr; - } - - return ClientHandshakeLoop(ssl, TRUE) == SEC_E_OK; -} - -SslHandle* NetlibSslConnect(SOCKET s, const char* host, int verify) -{ - SslHandle *ssl = (SslHandle*)mir_calloc(sizeof(SslHandle)); - ssl->s = s; - - SecInvalidateHandle(&ssl->hContext); - - DWORD dwFlags = 0; - - if (!host || inet_addr(host) != INADDR_NONE) - dwFlags |= 0x00001000; - - bool res = SSL_library_init(); - - if (res) res = ClientConnect(ssl, host); - if (res && verify) res = VerifyCertificate(ssl, host, dwFlags); - - if (!res) { - NetlibSslFree(ssl); - ssl = nullptr; - } - return ssl; -} - -void NetlibSslShutdown(SslHandle *ssl) -{ - if (ssl == nullptr || !SecIsValidHandle(&ssl->hContext)) - return; - - DWORD dwType = SCHANNEL_SHUTDOWN; - - SecBuffer OutBuffers[1]; - OutBuffers[0].pvBuffer = &dwType; - OutBuffers[0].BufferType = SECBUFFER_TOKEN; - OutBuffers[0].cbBuffer = sizeof(dwType); - - SecBufferDesc OutBuffer; - OutBuffer.cBuffers = _countof(OutBuffers); - OutBuffer.pBuffers = OutBuffers; - OutBuffer.ulVersion = SECBUFFER_VERSION; - - SECURITY_STATUS scRet = g_pSSPI->ApplyControlToken(&ssl->hContext, &OutBuffer); - if (FAILED(scRet)) - return; - - // Build an SSL close notify message. - - DWORD dwSSPIFlags = ISC_REQ_SEQUENCE_DETECT | - ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | - ISC_RET_EXTENDED_ERROR | - ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; - - OutBuffers[0].pvBuffer = nullptr; - OutBuffers[0].BufferType = SECBUFFER_TOKEN; - OutBuffers[0].cbBuffer = 0; - - OutBuffer.cBuffers = 1; - OutBuffer.pBuffers = OutBuffers; - OutBuffer.ulVersion = SECBUFFER_VERSION; - - TimeStamp tsExpiry; - DWORD dwSSPIOutFlags; - scRet = g_pSSPI->InitializeSecurityContext(&hCreds, &ssl->hContext, nullptr, dwSSPIFlags, 0, 0, nullptr, 0, - &ssl->hContext, &OutBuffer, &dwSSPIOutFlags, &tsExpiry); - if (FAILED(scRet)) - return; - - // Send the close notify message to the server. - if (OutBuffers[0].pvBuffer != nullptr && OutBuffers[0].cbBuffer != 0) { - send(ssl->s, (char*)OutBuffers[0].pvBuffer, OutBuffers[0].cbBuffer, 0); - g_pSSPI->FreeContextBuffer(OutBuffers[0].pvBuffer); - } -} - -static int NetlibSslReadSetResult(SslHandle *ssl, char *buf, int num, int peek) -{ - if (ssl->cbRecDataBuf == 0) - return (ssl->state == sockClosed ? 0 : SOCKET_ERROR); - - int bytes = min(num, ssl->cbRecDataBuf); - int rbytes = ssl->cbRecDataBuf - bytes; - - memcpy(buf, ssl->pbRecDataBuf, bytes); - if (!peek) { - memmove(ssl->pbRecDataBuf, ssl->pbRecDataBuf + bytes, rbytes); - ssl->cbRecDataBuf = rbytes; - } - - return bytes; -} - -int NetlibSslRead(SslHandle *ssl, char *buf, int num, int peek) -{ - if (ssl == nullptr) return SOCKET_ERROR; - - if (num <= 0) return 0; - - if (ssl->state != sockOpen || (ssl->cbRecDataBuf != 0 && (!peek || ssl->cbRecDataBuf >= num))) - return NetlibSslReadSetResult(ssl, buf, num, peek); - - SECURITY_STATUS scRet = SEC_E_OK; - - while (true) { - if (0 == ssl->cbIoBuffer || scRet == SEC_E_INCOMPLETE_MESSAGE) { - if (ssl->sbIoBuffer <= ssl->cbIoBuffer) { - ssl->sbIoBuffer += 2048; - ssl->pbIoBuffer = (PUCHAR)mir_realloc(ssl->pbIoBuffer, ssl->sbIoBuffer); - } - - if (peek) { - static const TIMEVAL tv = { 0 }; - fd_set fd; - FD_ZERO(&fd); - FD_SET(ssl->s, &fd); - - DWORD cbData = select(1, &fd, nullptr, nullptr, &tv); - if (cbData == SOCKET_ERROR) { - ssl->state = sockError; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - if (cbData == 0 && ssl->cbRecDataBuf) - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - DWORD cbData = recv(ssl->s, (char*)ssl->pbIoBuffer + ssl->cbIoBuffer, ssl->sbIoBuffer - ssl->cbIoBuffer, 0); - if (cbData == SOCKET_ERROR) { - Netlib_Logf(nullptr, "SSL failure recieving data (%d)", WSAGetLastError()); - ssl->state = sockError; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - if (cbData == 0) { - Netlib_Logf(nullptr, "SSL connection gracefully closed"); - if (peek && ssl->cbRecDataBuf) { - ssl->state = sockClosed; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - // Server disconnected. - if (ssl->cbIoBuffer) { - ssl->state = sockError; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - return 0; - } - ssl->cbIoBuffer += cbData; - } - - // Attempt to decrypt the received data. - SecBuffer Buffers[4]; - Buffers[0].pvBuffer = ssl->pbIoBuffer; - Buffers[0].cbBuffer = ssl->cbIoBuffer; - Buffers[0].BufferType = SECBUFFER_DATA; - - Buffers[1].BufferType = SECBUFFER_EMPTY; - Buffers[2].BufferType = SECBUFFER_EMPTY; - Buffers[3].BufferType = SECBUFFER_EMPTY; - - SecBufferDesc Message; - Message.ulVersion = SECBUFFER_VERSION; - Message.cBuffers = _countof(Buffers); - Message.pBuffers = Buffers; - - if (g_pSSPI->DecryptMessage != nullptr && g_pSSPI->DecryptMessage != PVOID(0x80000000)) - scRet = g_pSSPI->DecryptMessage(&ssl->hContext, &Message, 0, nullptr); - else - scRet = ((DECRYPT_MESSAGE_FN)g_pSSPI->Reserved4)(&ssl->hContext, &Message, 0, nullptr); - - // The input buffer contains only a fragment of an - // encrypted record. Loop around and read some more - // data. - if (scRet == SEC_E_INCOMPLETE_MESSAGE) - continue; - - if (scRet != SEC_E_OK && scRet != SEC_I_RENEGOTIATE && scRet != SEC_I_CONTEXT_EXPIRED) { - ReportSslError(scRet, __LINE__); - ssl->state = sockError; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - // Locate data and (optional) extra buffers. - SecBuffer *pDataBuffer = nullptr; - SecBuffer *pExtraBuffer = nullptr; - for (int i = 1; i < _countof(Buffers); i++) { - if (pDataBuffer == nullptr && Buffers[i].BufferType == SECBUFFER_DATA) - pDataBuffer = &Buffers[i]; - - if (pExtraBuffer == nullptr && Buffers[i].BufferType == SECBUFFER_EXTRA) - pExtraBuffer = &Buffers[i]; - } - - // Return decrypted data. - DWORD resNum = 0; - if (pDataBuffer) { - DWORD bytes = peek ? 0 : min((DWORD)num, pDataBuffer->cbBuffer); - DWORD rbytes = pDataBuffer->cbBuffer - bytes; - if (rbytes > 0) { - int nbytes = ssl->cbRecDataBuf + rbytes; - if (ssl->sbRecDataBuf < nbytes) { - ssl->sbRecDataBuf = nbytes; - ssl->pbRecDataBuf = (PUCHAR)mir_realloc(ssl->pbRecDataBuf, nbytes); - } - memcpy(ssl->pbRecDataBuf + ssl->cbRecDataBuf, (char*)pDataBuffer->pvBuffer + bytes, rbytes); - ssl->cbRecDataBuf = nbytes; - } - - if (peek) { - resNum = bytes = min(num, ssl->cbRecDataBuf); - memcpy(buf, ssl->pbRecDataBuf, bytes); - } - else { - resNum = bytes; - memcpy(buf, pDataBuffer->pvBuffer, bytes); - } - } - - // Move any "extra" data to the input buffer. - if (pExtraBuffer) { - memmove(ssl->pbIoBuffer, pExtraBuffer->pvBuffer, pExtraBuffer->cbBuffer); - ssl->cbIoBuffer = pExtraBuffer->cbBuffer; - } - else ssl->cbIoBuffer = 0; - - if (pDataBuffer && resNum) - return resNum; - - // Server signaled end of session - if (scRet == SEC_I_CONTEXT_EXPIRED) { - Netlib_Logf(nullptr, "SSL Server signaled SSL Shutdown"); - ssl->state = sockClosed; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - - if (scRet == SEC_I_RENEGOTIATE) { - // The server wants to perform another handshake - // sequence. - - scRet = ClientHandshakeLoop(ssl, FALSE); - if (scRet != SEC_E_OK) { - ssl->state = sockError; - return NetlibSslReadSetResult(ssl, buf, num, peek); - } - } - } -} - -int NetlibSslWrite(SslHandle *ssl, const char *buf, int num) -{ - if (ssl == nullptr) return SOCKET_ERROR; - - SecPkgContext_StreamSizes Sizes; - SECURITY_STATUS scRet = g_pSSPI->QueryContextAttributes(&ssl->hContext, SECPKG_ATTR_STREAM_SIZES, &Sizes); - if (scRet != SEC_E_OK) - return scRet; - - PUCHAR pbDataBuffer = (PUCHAR)mir_calloc(Sizes.cbMaximumMessage + Sizes.cbHeader + Sizes.cbTrailer); - - PUCHAR pbMessage = pbDataBuffer + Sizes.cbHeader; - - DWORD sendOff = 0; - while (sendOff < (DWORD)num) { - DWORD cbMessage = min(Sizes.cbMaximumMessage, (DWORD)num - sendOff); - memcpy(pbMessage, buf + sendOff, cbMessage); - - SecBuffer Buffers[4] = { 0 }; - Buffers[0].pvBuffer = pbDataBuffer; - Buffers[0].cbBuffer = Sizes.cbHeader; - Buffers[0].BufferType = SECBUFFER_STREAM_HEADER; - - Buffers[1].pvBuffer = pbMessage; - Buffers[1].cbBuffer = cbMessage; - Buffers[1].BufferType = SECBUFFER_DATA; - - Buffers[2].pvBuffer = pbMessage + cbMessage; - Buffers[2].cbBuffer = Sizes.cbTrailer; - Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER; - - Buffers[3].BufferType = SECBUFFER_EMPTY; - - SecBufferDesc Message; - Message.ulVersion = SECBUFFER_VERSION; - Message.cBuffers = _countof(Buffers); - Message.pBuffers = Buffers; - - if (g_pSSPI->EncryptMessage != nullptr) - scRet = g_pSSPI->EncryptMessage(&ssl->hContext, 0, &Message, 0); - else - scRet = ((ENCRYPT_MESSAGE_FN)g_pSSPI->Reserved3)(&ssl->hContext, 0, &Message, 0); - - if (FAILED(scRet)) break; - - // Calculate encrypted packet size - DWORD cbData = Buffers[0].cbBuffer + Buffers[1].cbBuffer + Buffers[2].cbBuffer; - - // Send the encrypted data to the server. - cbData = send(ssl->s, (char*)pbDataBuffer, cbData, 0); - if (cbData == SOCKET_ERROR || cbData == 0) { - Netlib_Logf(nullptr, "SSL failure sending data (%d)", WSAGetLastError()); - scRet = SEC_E_INTERNAL_ERROR; - break; - } - - sendOff += cbMessage; - } - - mir_free(pbDataBuffer); - return scRet == SEC_E_OK ? num : SOCKET_ERROR; -} - -static void* NetlibSslUnique(SslHandle *ssl, int *cbLen) -{ - *cbLen = 0; - - SEC_CHANNEL_BINDINGS bindings; - SECURITY_STATUS scRet = g_pSSPI->QueryContextAttributesW(&ssl->hContext, SECPKG_ATTR_UNIQUE_BINDINGS, &bindings); - if (scRet != SEC_E_OK) { - Netlib_Logf(nullptr, "NetlibSslUnique() failed with error %08x", scRet); - return nullptr; - } - - BYTE *pBuf; - if (!IsBadReadPtr((void*)bindings.cbInitiatorLength, sizeof(bindings))) - pBuf = (BYTE *)bindings.cbInitiatorLength; - else if(!IsBadReadPtr((void *)bindings.dwInitiatorOffset, sizeof(bindings))) - pBuf = (BYTE *)bindings.dwInitiatorOffset; - else { - char tmp[sizeof(bindings)*2 + 1]; - bin2hex(&bindings, sizeof(bindings), tmp); - Netlib_Logf(nullptr, "Failed bindings: %s", tmp); - return nullptr; - } - - bindings = *(SEC_CHANNEL_BINDINGS *)pBuf; - pBuf += bindings.dwApplicationDataOffset; - if (memcmp(pBuf, "tls-unique:", 11)) { - char tmp[sizeof(bindings) * 2 + 1]; - bin2hex(&bindings, sizeof(bindings), tmp); - Netlib_Logf(nullptr, "NetlibSslUnique() failed: bad buffer: %s", tmp); - - if (!IsBadReadPtr(pBuf, bindings.cbApplicationDataLength)) { - ptrA buf((char*)mir_alloc(bindings.cbApplicationDataLength*2 + 1)); - bin2hex(pBuf, bindings.cbApplicationDataLength, buf); - Netlib_Logf(nullptr, "buffer: %s", buf.get()); - } - return nullptr; - } - - pBuf += 11; bindings.cbApplicationDataLength -= 11; - *cbLen = bindings.cbApplicationDataLength; - void *res = mir_alloc(bindings.cbApplicationDataLength); - memcpy(res, pBuf, bindings.cbApplicationDataLength); - return res; -} - -static INT_PTR GetSslApi(WPARAM, LPARAM lParam) -{ - SSL_API *si = (SSL_API*)lParam; - if (si == nullptr) - return FALSE; - - if (si->cbSize != sizeof(SSL_API)) - return FALSE; - - si->connect = NetlibSslConnect; - si->pending = NetlibSslPending; - si->read = NetlibSslRead; - si->write = NetlibSslWrite; - si->shutdown = NetlibSslShutdown; - si->sfree = NetlibSslFree; - si->unique = NetlibSslUnique; - return TRUE; -} - -int LoadSslModule(void) -{ - CreateServiceFunction(MS_SYSTEM_GET_SI, GetSslApi); - g_hSslMutex = CreateMutex(nullptr, FALSE, nullptr); - SecInvalidateHandle(&hCreds); - return 0; -} - -void UnloadSslModule(void) -{ - if (g_pSSPI && SecIsValidHandle(&hCreds)) - g_pSSPI->FreeCredentialsHandle(&hCreds); - CloseHandle(g_hSslMutex); - if (g_hSchannel) - FreeLibrary(g_hSchannel); -} diff --git a/src/core/stdssl/src/stdafx.cxx b/src/core/stdssl/src/stdafx.cxx deleted file mode 100644 index 54551e19fd..0000000000 --- a/src/core/stdssl/src/stdafx.cxx +++ /dev/null @@ -1,19 +0,0 @@ -/* - -Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org) - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation version 2 -of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -*/ - -#include "stdafx.h" \ No newline at end of file diff --git a/src/core/stdssl/src/stdafx.h b/src/core/stdssl/src/stdafx.h deleted file mode 100644 index cf27aacf2c..0000000000 --- a/src/core/stdssl/src/stdafx.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - -Copyright 2000-12 Miranda IM, 2012-21 Miranda NG team, -all portions of this codebase are copyrighted to the people -listed in contributors.txt. - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#pragma once - -#define SECURITY_WIN32 -#define HSSL_DEFINED - -typedef struct SslHandle *HSSL; - -#include -#include -#include - -#include - -#include -#include -#include -#include -#include - -#include "version.h" - -struct CMPlugin : public PLUGIN -{ - CMPlugin(); - - int Load() override; - int Unload() override; -}; diff --git a/src/core/stdssl/src/version.h b/src/core/stdssl/src/version.h deleted file mode 100644 index 4942f48931..0000000000 --- a/src/core/stdssl/src/version.h +++ /dev/null @@ -1,12 +0,0 @@ - -#include - -#define __FILEVERSION_STRING MIRANDA_VERSION_FILEVERSION -#define __VERSION_STRING_DOTS MIRANDA_VERSION_STRING - -#define __PLUGIN_NAME "Standard SSL Driver" -#define __FILENAME "stdssl.dll" -#define __DESCRIPTION "Core driver for Windows native SSL support." -#define __AUTHOR "Miranda NG team" -#define __AUTHORWEB "https://miranda-ng.org/p/StdSSL/" -#define __COPYRIGHT "© 2014-21 Miranda NG team" diff --git a/src/core/stdssl/stdssl.vcxproj b/src/core/stdssl/stdssl.vcxproj deleted file mode 100644 index 775b4a0de9..0000000000 --- a/src/core/stdssl/stdssl.vcxproj +++ /dev/null @@ -1,45 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - StdSSL - {2C9F6CB6-3E70-4E7A-945D-2A7C148B0DF3} - - - - - - - - - Create - - - - - - - - - - secur32.lib;crypt32.lib;wsock32.lib;%(AdditionalDependencies) - - - \ No newline at end of file diff --git a/src/core/stdssl/stdssl.vcxproj.filters b/src/core/stdssl/stdssl.vcxproj.filters deleted file mode 100644 index 556fe36d5c..0000000000 --- a/src/core/stdssl/stdssl.vcxproj.filters +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - Source Files - - - Source Files - - - Source Files - - - - - Header Files - - - Header Files - - - - - Resource Files - - - \ No newline at end of file diff --git a/src/mir_app/mir_app.vcxproj b/src/mir_app/mir_app.vcxproj index 4af6e20925..3991cc00a4 100644 --- a/src/mir_app/mir_app.vcxproj +++ b/src/mir_app/mir_app.vcxproj @@ -124,6 +124,7 @@ + @@ -191,7 +192,7 @@ src/mir_app64.def /ignore:4197 %(AdditionalOptions) type=%27win32%27 name=%27Microsoft.Windows.Common-Controls%27 version=%276.0.0.0%27 processorArchitecture=%27*%27 publicKeyToken=%276595b64144ccf1df%27 language=%27*%27;type=%27win32%27 name=%27Microsoft.Windows.Gdiplus%27 version=%271.0.0.0%27 processorArchitecture=%27amd64%27 publicKeyToken=%276595b64144ccf1df%27 language=%27*%27;%(AdditionalManifestDependencies) - libcrypto.lib;%(AdditionalDependencies) + libcrypto.lib;libssl.lib;crypt32.lib;%(AdditionalDependencies) res/miranda32.exe.manifest diff --git a/src/mir_app/mir_app.vcxproj.filters b/src/mir_app/mir_app.vcxproj.filters index 8c239e56a1..aebb101b75 100644 --- a/src/mir_app/mir_app.vcxproj.filters +++ b/src/mir_app/mir_app.vcxproj.filters @@ -395,6 +395,9 @@ Source Files + + Source Files + diff --git a/src/mir_app/src/mir_app.def b/src/mir_app/src/mir_app.def index 5b47571ebc..541ff70dad 100644 --- a/src/mir_app/src/mir_app.def +++ b/src/mir_app/src/mir_app.def @@ -781,3 +781,9 @@ Chat_Mute @868 _WebSocket_SendBinary@12 @869 NONAME _WebSocket_SendText@8 @870 NONAME ?OnContactAdded@PROTO_INTERFACE@@UAEXI@Z @871 NONAME +_Netlib_SslConnect@12 @872 NONAME +_Netlib_SslFree@4 @873 NONAME +_Netlib_SslPending@4 @874 NONAME +_Netlib_SslRead@16 @875 NONAME +_Netlib_SslShutdown@4 @876 NONAME +_Netlib_SslWrite@12 @877 NONAME diff --git a/src/mir_app/src/mir_app64.def b/src/mir_app/src/mir_app64.def index 3c61daf61d..04a989d599 100644 --- a/src/mir_app/src/mir_app64.def +++ b/src/mir_app/src/mir_app64.def @@ -781,3 +781,9 @@ Chat_Mute @868 WebSocket_SendBinary @869 NONAME WebSocket_SendText @870 NONAME ?OnContactAdded@PROTO_INTERFACE@@UEAAXI@Z @871 NONAME +Netlib_SslConnect @872 NONAME +Netlib_SslFree @873 NONAME +Netlib_SslPending @874 NONAME +Netlib_SslRead @875 NONAME +Netlib_SslShutdown @876 NONAME +Netlib_SslWrite @877 NONAME diff --git a/src/mir_app/src/miranda.h b/src/mir_app/src/miranda.h index ec43c2c428..dc1d7594b4 100644 --- a/src/mir_app/src/miranda.h +++ b/src/mir_app/src/miranda.h @@ -69,7 +69,7 @@ extern DWORD hMainThreadId; extern HANDLE hOkToExitEvent, hModulesLoadedEvent; extern HANDLE hAccListChanged; extern wchar_t mirandabootini[MAX_PATH]; -extern struct pluginEntry *plugin_checker, *plugin_crshdmp, *plugin_service, *plugin_ssl, *plugin_clist; +extern struct pluginEntry *plugin_checker, *plugin_crshdmp, *plugin_service, *plugin_clist; extern bool g_bModulesLoadedFired, g_bMirandaTerminated; /**** newplugins.cpp *******************************************************************/ diff --git a/src/mir_app/src/modules.cpp b/src/mir_app/src/modules.cpp index c3cdaeb716..7f6aa752b4 100644 --- a/src/mir_app/src/modules.cpp +++ b/src/mir_app/src/modules.cpp @@ -34,7 +34,6 @@ int LoadNewPluginsModuleInfos(void); // core: preloading plugins int LoadSendRecvAuthModule(void); // core: auth dialogs int LoadNewPluginsModule(void); // core: N.O. plugins int LoadNetlibModule(void); // core: network -int LoadSslModule(void); int LoadProtocolsModule(void); // core: protocol manager int LoadAccountsModule(void); // core: account manager int LoadIgnoreModule(void); // protocol filter: ignore @@ -101,7 +100,6 @@ int LoadDefaultModules(void) // the database will select which db plugin to use, or fail if no profile is selected if (LoadDatabaseModule()) return 1; if (LoadNetlibModule()) return 1; - if (LoadSslModule()) return 1; // database is available here InitIni(); diff --git a/src/mir_app/src/netlib.cpp b/src/mir_app/src/netlib.cpp index 624d02860b..5dd7bf4f97 100644 --- a/src/mir_app/src/netlib.cpp +++ b/src/mir_app/src/netlib.cpp @@ -43,8 +43,6 @@ static int CompareNetlibUser(const NetlibUser* p1, const NetlibUser* p2) LIST netlibUser(5, CompareNetlibUser); mir_cs csNetlibUser; -SSL_API sslApi; - void NetlibFreeUserSettingsStruct(NETLIBUSERSETTINGS *settings) { mir_free(settings->szIncomingPorts); @@ -253,8 +251,8 @@ void NetlibDoCloseSocket(NetlibConnection *nlc, bool noShutdown) Netlib_Logf(nlc->nlu, "(%p:%u) Connection closed internal", nlc, nlc->s); if (nlc->hSsl) { if (!noShutdown) - sslApi.shutdown(nlc->hSsl); - sslApi.sfree(nlc->hSsl); + Netlib_SslShutdown(nlc->hSsl); + Netlib_SslFree(nlc->hSsl); nlc->hSsl = nullptr; } @@ -405,7 +403,7 @@ MIR_APP_DLL(void) Netlib_Shutdown(HNETLIBCONN h) { NetlibConnection *nlc = h; if (!nlc->termRequested) { - if (nlc->hSsl) sslApi.shutdown(nlc->hSsl); + if (nlc->hSsl) Netlib_SslShutdown(nlc->hSsl); if (nlc->s != INVALID_SOCKET) shutdown(nlc->s, SD_BOTH); if (nlc->s2 != INVALID_SOCKET) shutdown(nlc->s2, SD_BOTH); nlc->termRequested = true; diff --git a/src/mir_app/src/netlib.h b/src/mir_app/src/netlib.h index b75eb0f8ad..aeae2a7bd0 100644 --- a/src/mir_app/src/netlib.h +++ b/src/mir_app/src/netlib.h @@ -33,8 +33,6 @@ int GetNetlibHandleType(void*); #define NLHRF_SMARTREMOVEHOST 0x00000004 // for internal purposes only -extern struct SSL_API sslApi; - struct NetlibUser { int handleType; diff --git a/src/mir_app/src/netlib_http.cpp b/src/mir_app/src/netlib_http.cpp index c0c689e236..9db81ae182 100644 --- a/src/mir_app/src/netlib_http.cpp +++ b/src/mir_app/src/netlib_http.cpp @@ -83,7 +83,7 @@ static int RecvWithTimeoutTime(NetlibConnection *nlc, unsigned dwTimeoutTime, ch { DWORD dwTimeNow; - if (nlc->foreBuf.isEmpty() && !sslApi.pending(nlc->hSsl)) { + if (nlc->foreBuf.isEmpty() && !Netlib_SslPending(nlc->hSsl)) { while ((dwTimeNow = GetTickCount()) < dwTimeoutTime) { unsigned dwDeltaTime = min(dwTimeoutTime - dwTimeNow, 1000); int res = WaitUntilReadable(nlc->s, dwDeltaTime); diff --git a/src/mir_app/src/netlib_log.cpp b/src/mir_app/src/netlib_log.cpp index 0514b1d890..9a3955eeae 100644 --- a/src/mir_app/src/netlib_log.cpp +++ b/src/mir_app/src/netlib_log.cpp @@ -493,7 +493,7 @@ MIR_APP_DLL(void) Netlib_Dump(HNETLIBCONN nlc, const void *pBuf, size_t len, boo isText = false; else if (!(flags & MSG_DUMPASTEXT)) { if (logOptions.autoDetectText) { - for (int i = 0; i < len; i++) { + for (size_t i = 0; i < len; i++) { if ((buf[i] < ' ' && buf[i] != '\t' && buf[i] != '\r' && buf[i] != '\n') || buf[i] >= 0x80) { isText = false; break; diff --git a/src/mir_app/src/netlib_openconn.cpp b/src/mir_app/src/netlib_openconn.cpp index 6c352ea09e..7fd4badd57 100644 --- a/src/mir_app/src/netlib_openconn.cpp +++ b/src/mir_app/src/netlib_openconn.cpp @@ -837,28 +837,6 @@ MIR_APP_DLL(HNETLIBCONN) Netlib_OpenConnection(NetlibUser *nlu, const NETLIBOPEN return nlc; } -MIR_APP_DLL(int) Netlib_StartSsl(HNETLIBCONN hConnection, const char *szHost) -{ - NetlibConnection *nlc = (NetlibConnection*)hConnection; - if (nlc == nullptr) - return 0; - - NetlibUser *nlu = nlc->nlu; - if (szHost == nullptr) - szHost = nlc->nloc.szHost; - szHost = NEWSTR_ALLOCA(szHost); - - Netlib_Logf(nlu, "(%d %s) Starting SSL negotiation", int(nlc->s), szHost); - - nlc->hSsl = sslApi.connect(nlc->s, szHost, nlu->settings.validateSSL); - if (nlc->hSsl == nullptr) - Netlib_Logf(nlu, "(%d %s) Failure to negotiate SSL connection", int(nlc->s), szHost); - else - Netlib_Logf(nlu, "(%d %s) SSL negotiation successful", int(nlc->s), szHost); - - return nlc->hSsl != nullptr; -} - NetlibConnection::NetlibConnection() { handleType = NLH_CONNECTION; diff --git a/src/mir_app/src/netlib_pktrecver.cpp b/src/mir_app/src/netlib_pktrecver.cpp index 44a48b7450..1ef5fbd5cc 100644 --- a/src/mir_app/src/netlib_pktrecver.cpp +++ b/src/mir_app/src/netlib_pktrecver.cpp @@ -66,7 +66,7 @@ MIR_APP_DLL(int) Netlib_GetMorePackets(HANDLE hReceiver, NETLIBPACKETRECVER *nlp } if (nlprParam->dwTimeout != INFINITE) { - if (!sslApi.pending(nlpr->nlc->hSsl) && WaitUntilReadable(nlpr->nlc->s, nlprParam->dwTimeout) <= 0) { + if (!Netlib_SslPending(nlpr->nlc->hSsl) && WaitUntilReadable(nlpr->nlc->s, nlprParam->dwTimeout) <= 0) { *nlprParam = nlpr->packetRecver; return SOCKET_ERROR; } diff --git a/src/mir_app/src/netlib_sock.cpp b/src/mir_app/src/netlib_sock.cpp index d829541e2f..4cfe8ee4ff 100644 --- a/src/mir_app/src/netlib_sock.cpp +++ b/src/mir_app/src/netlib_sock.cpp @@ -37,7 +37,7 @@ MIR_APP_DLL(int) Netlib_Send(HNETLIBCONN nlc, const char *buf, int len, int flag int result; Netlib_Dump(nlc, (PBYTE)buf, len, true, flags); if (nlc->hSsl) - result = sslApi.write(nlc->hSsl, buf, len); + result = Netlib_SslWrite(nlc->hSsl, buf, len); else result = send(nlc->s, buf, len, flags & 0xFFFF); @@ -63,7 +63,7 @@ MIR_APP_DLL(int) Netlib_Recv(HNETLIBCONN nlc, char *buf, int len, int flags) nlc->foreBuf.remove(recvResult); } else if (nlc->hSsl) - recvResult = sslApi.read(nlc->hSsl, buf, len, (flags & MSG_PEEK) != 0); + recvResult = Netlib_SslRead(nlc->hSsl, buf, len, (flags & MSG_PEEK) != 0); else recvResult = recv(nlc->s, buf, len, flags & 0xFFFF); @@ -92,7 +92,7 @@ static int ConnectionListToSocketList(const HNETLIBCONN *hConns, fd_set *fd, int return 0; } FD_SET(nlcCheck->s, fd); - if (!nlcCheck->foreBuf.isEmpty() || sslApi.pending(nlcCheck->hSsl)) + if (!nlcCheck->foreBuf.isEmpty() || Netlib_SslPending(nlcCheck->hSsl)) pending++; } return 1; @@ -160,7 +160,7 @@ MIR_APP_DLL(int) Netlib_SelectEx(NETLIBSELECTEX *nls) conn = (NetlibConnection*)nls->hReadConns[j]; if (conn == nullptr || conn == INVALID_HANDLE_VALUE) break; - if (sslApi.pending(conn->hSsl)) + if (Netlib_SslPending(conn->hSsl)) nls->hReadStatus[j] = TRUE; nls->hReadStatus[j] = FD_ISSET(conn->s, &readfd); } @@ -227,20 +227,6 @@ MIR_APP_DLL(int) Netlib_GetConnectionInfo(HNETLIBCONN nlc, NETLIBCONNINFO *connI ///////////////////////////////////////////////////////////////////////////////////////// -MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen) -{ - if (nlc == nullptr || nlc->hSsl == nullptr || sslApi.unique == nullptr) - return nullptr; - - void *pBuf = sslApi.unique(nlc->hSsl, &cbLen); - if (pBuf == nullptr || !cbLen) - return nullptr; - - return pBuf; -} - -///////////////////////////////////////////////////////////////////////////////////////// - inline bool IsAddrGlobal(const IN6_ADDR *a) { unsigned char High = a->s6_bytes[0] & 0xf0; diff --git a/src/mir_app/src/netlib_ssl.cpp b/src/mir_app/src/netlib_ssl.cpp new file mode 100644 index 0000000000..abb87557d4 --- /dev/null +++ b/src/mir_app/src/netlib_ssl.cpp @@ -0,0 +1,434 @@ +/* + +Miranda NG: the free IM client for Microsoft* Windows* + +Copyright (C) 2012-21 Miranda NG team (https://miranda-ng.org), +Copyright (c) 2000-12 Miranda IM project, +all portions of this codebase are copyrighted to the people +listed in contributors.txt. + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#include "stdafx.h" +#include "netlib.h" + +#include +#include + +static bool bSslInitDone; + +enum SocketState +{ + sockOpen, + sockClosed, + sockError +}; + +struct SslHandle : public MZeroedObject +{ + ~SslHandle() + { + if (session) + SSL_free(session); + if (ctx) + SSL_CTX_free(ctx); + } + + SOCKET s; + SSL_CTX *ctx; + SSL *session; + SocketState state; +}; + +static void SSL_library_unload(void) +{ + /* Load Library Pointers */ + if (!bSslInitDone) + return; + + bSslInitDone = false; +} + +static bool SSL_library_load(void) +{ + /* Load Library Pointers */ + if (bSslInitDone) + return true; + + if (!bSslInitDone) { // init OpenSSL + SSL_library_init(); + SSL_load_error_strings(); + // FIXME check errors + + bSslInitDone = true; + } + + return bSslInitDone; +} + +const char* SSL_GetCipherName(SslHandle *ssl) +{ + if (!ssl || !ssl->session) + return nullptr; + + return SSL_CIPHER_get_name(SSL_get_current_cipher(ssl->session)); +} + +static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) +{ + CMStringW tszMsg(FORMAT, L"SSL connection failure(%x %u) :", scRet, line); + + switch (scRet) { + case 0: + case ERROR_NOT_READY: + return; + + case SEC_E_INVALID_TOKEN: + tszMsg += TranslateW_LP(L"Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"); + break; + + case CERT_E_CN_NO_MATCH: + case SEC_E_WRONG_PRINCIPAL: + tszMsg += TranslateW_LP(L"Host we are connecting to is not the one certificate was issued for"); + break; + + default: + wchar_t szMsgBuf[256]; + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, nullptr, scRet, LANG_USER_DEFAULT, szMsgBuf, _countof(szMsgBuf), nullptr); + tszMsg += szMsgBuf; + } + + Netlib_LogfW(nullptr, tszMsg); + + SetLastError(scRet); + PUShowMessageW(tszMsg.GetBuffer(), SM_WARNING); +} + +static bool ClientConnect(SslHandle *ssl, const char*) +{ + SSL_METHOD *meth = (SSL_METHOD*)SSLv23_client_method(); + + // contrary to what it's named, SSLv23 announces all supported ciphers/versions, + // generally TLS1.2 in a TLS1.0 Client Hello + if (!meth) { + Netlib_Logf(nullptr, "SSL setup failure: client method"); + return false; + } + ssl->ctx = SSL_CTX_new(meth); + if (!ssl->ctx) { + Netlib_Logf(nullptr, "SSL setup failure: context"); + return false; + } + + // SSL_read/write should transparently handle renegotiations + SSL_CTX_ctrl(ssl->ctx, SSL_CTRL_MODE, SSL_MODE_AUTO_RETRY, nullptr); + + RAND_screen(); + ssl->session = SSL_new(ssl->ctx); + if (!ssl->session) { + Netlib_Logf(nullptr, "SSL setup failure: session"); + return false; + } + SSL_set_fd(ssl->session, ssl->s); + + int err = SSL_connect(ssl->session); + + if (err != 1) { + err = SSL_get_error(ssl->session, err); + Netlib_Logf(nullptr, "SSL negotiation failure (%d)", err); + return false; + } + + const char *suite = SSL_GetCipherName(ssl); + if (suite != nullptr) + Netlib_Logf(nullptr, "SSL established with %s", suite); + return true; +} + +static PCCERT_CONTEXT SSL_X509ToCryptCert(X509 * x509) +{ + unsigned char *buf = nullptr; + PCCERT_CONTEXT pCertContext = nullptr; + + int len = i2d_X509(x509, &buf); + if ((len >= 0) && buf) { + pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, len); + + CRYPTO_free(buf, __FILE__, __LINE__); + } + return pCertContext; +} + +static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) +{ + /* convert the active certificate chain provided in the handshake of 'session' into + the format used by CryptAPI. + */ + PCCERT_CONTEXT anchor = nullptr; + // create cert store + HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, nullptr); + + if (store) { + X509 *server_cert = SSL_get_peer_certificate(session); + if (server_cert) { + // add the server's cert first, to make sure CryptAPI builds the correct chain + PCCERT_CONTEXT primary_cert; + BOOL ok = CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(server_cert), CERT_STORE_ADD_ALWAYS, &primary_cert); + if (ok && primary_cert) { + // add all remaining certs to store (note: stack needs not be freed, it is not a copy) + STACK_OF(X509) *server_chain = SSL_get_peer_cert_chain(session); + if (server_chain) { + for (int i = 0; i < OPENSSL_sk_num((OPENSSL_STACK *)server_chain); i++) { + X509 *next_cert = (X509 *)OPENSSL_sk_value((OPENSSL_STACK *)server_chain, i); + CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(next_cert), CERT_STORE_ADD_USE_EXISTING, nullptr); + } + } + + // return primary cert; MUST be freed by caller which will free the associated store + anchor = primary_cert; + } + else { + if (primary_cert) + CertFreeCertificateContext(primary_cert); + } + + X509_free(server_cert); + } + + CertCloseStore(store, 0); + } + + return anchor; +} + +static LPSTR rgszUsages[] = +{ + szOID_PKIX_KP_SERVER_AUTH, + szOID_SERVER_GATED_CRYPTO, + szOID_SGC_NETSCAPE +}; + +static bool VerifyCertificate(SslHandle *ssl, PCSTR pszServerName, DWORD dwCertFlags) +{ + DWORD scRet; + + ptrW pwszServerName(mir_a2u(pszServerName)); + + HTTPSPolicyCallbackData polHttps = {}; + CERT_CHAIN_POLICY_PARA PolicyPara = {}; + CERT_CHAIN_POLICY_STATUS PolicyStatus = {}; + CERT_CHAIN_PARA ChainPara = {}; + + PCCERT_CHAIN_CONTEXT pChainContext = nullptr; + PCCERT_CONTEXT pServerCert = SSL_CertChainToCryptAnchor(ssl->session); + if (pServerCert == nullptr) { + scRet = SEC_E_WRONG_PRINCIPAL; + goto cleanup; + } + + ChainPara.cbSize = sizeof(ChainPara); + ChainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR; + ChainPara.RequestedUsage.Usage.cUsageIdentifier = _countof(rgszUsages); + ChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = rgszUsages; + + if (!CertGetCertificateChain(nullptr, pServerCert, nullptr, pServerCert->hCertStore, &ChainPara, 0, nullptr, &pChainContext)) { + scRet = GetLastError(); + goto cleanup; + } + + polHttps.cbStruct = sizeof(HTTPSPolicyCallbackData); + polHttps.dwAuthType = AUTHTYPE_SERVER; + polHttps.fdwChecks = dwCertFlags; + polHttps.pwszServerName = pwszServerName; + + PolicyPara.cbSize = sizeof(PolicyPara); + PolicyPara.pvExtraPolicyPara = &polHttps; + + PolicyStatus.cbSize = sizeof(PolicyStatus); + + if (!CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_SSL, pChainContext, &PolicyPara, &PolicyStatus)) { + scRet = GetLastError(); + goto cleanup; + } + + if (PolicyStatus.dwError) { + scRet = PolicyStatus.dwError; + goto cleanup; + } + + scRet = SEC_E_OK; + +cleanup: + if (pChainContext) + CertFreeCertificateChain(pChainContext); + if (pServerCert) + CertFreeCertificateContext(pServerCert); + + ReportSslError(scRet, __LINE__, true); + return scRet == SEC_E_OK; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// negotiate SSL session, verify cert, return NULL if failed + +MIR_APP_DLL(HSSL) Netlib_SslConnect(SOCKET s, const char* host, int verify) +{ + SslHandle *ssl = new SslHandle(); + ssl->s = s; + bool res = ClientConnect(ssl, host); + + if (res && verify) { + DWORD dwFlags = 0; + if (!host || inet_addr(host) != INADDR_NONE) + dwFlags |= 0x00001000; + res = VerifyCertificate(ssl, host, dwFlags); + } + + if (res) + return ssl; + + delete ssl; + return nullptr; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// return true if there is either unsend or buffered received data (ie. after peek) + +MIR_APP_DLL(BOOL) Netlib_SslPending(HSSL ssl) +{ + return ssl && ssl->session && (SSL_pending(ssl->session) > 0); +} + +///////////////////////////////////////////////////////////////////////////////////////// +// reads number of bytes, keeps in buffer if peek != 0 + +MIR_APP_DLL(int) Netlib_SslRead(HSSL ssl, char *buf, int num, int peek) +{ + if (!ssl || !ssl->session) return SOCKET_ERROR; + if (num <= 0) return 0; + + int err = 0; + if (peek) + err = SSL_peek(ssl->session, buf, num); + else + err = SSL_read(ssl->session, buf, num); + + if (err <= 0) { + int err2 = SSL_get_error(ssl->session, err); + if (err2 == SSL_ERROR_ZERO_RETURN) { + Netlib_Logf(nullptr, "SSL connection gracefully closed"); + ssl->state = sockClosed; + return 0; + } + + Netlib_Logf(nullptr, "SSL failure recieving data (%d, %d, %d)", err, err2, WSAGetLastError()); + ssl->state = sockError; + return SOCKET_ERROR; + } + + return err; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// writes data to the SSL socket + +MIR_APP_DLL(int) Netlib_SslWrite(HSSL ssl, const char *buf, int num) +{ + if (!ssl || !ssl->session) + return SOCKET_ERROR; + if (num <= 0) + return 0; + + int err = SSL_write(ssl->session, buf, num); + if (err > 0) + return err; + + int err2 = SSL_get_error(ssl->session, err); + switch (err2) { + case SSL_ERROR_ZERO_RETURN: + Netlib_Logf(nullptr, "SSL connection gracefully closed"); + ssl->state = sockClosed; + break; + + default: + Netlib_Logf(nullptr, "SSL failure sending data (%d, %d, %d)", err, err2, WSAGetLastError()); + ssl->state = sockError; + return SOCKET_ERROR; + } + return 0; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// closes SSL session, but keeps socket open + +MIR_APP_DLL(void) Netlib_SslShutdown(HSSL ssl) +{ + if (ssl && ssl->session) + SSL_shutdown(ssl->session); +} + +///////////////////////////////////////////////////////////////////////////////////////// +// frees all data associated with the SSL socket + +MIR_APP_DLL(void) Netlib_SslFree(HSSL ssl) +{ + delete ssl; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// makes connection SSL +// returns 0 on failure / 1 on success + +MIR_APP_DLL(int) Netlib_StartSsl(HNETLIBCONN hConnection, const char *szHost) +{ + NetlibConnection *nlc = (NetlibConnection*)hConnection; + if (nlc == nullptr) + return 0; + + NetlibUser *nlu = nlc->nlu; + if (szHost == nullptr) + szHost = nlc->nloc.szHost; + szHost = NEWSTR_ALLOCA(szHost); + + Netlib_Logf(nlu, "(%d %s) Starting SSL negotiation", int(nlc->s), szHost); + + nlc->hSsl = Netlib_SslConnect(nlc->s, szHost, nlu->settings.validateSSL); + if (nlc->hSsl == nullptr) + Netlib_Logf(nlu, "(%d %s) Failure to negotiate SSL connection", int(nlc->s), szHost); + else + Netlib_Logf(nlu, "(%d %s) SSL negotiation successful", int(nlc->s), szHost); + + return nlc->hSsl != nullptr; +} + +///////////////////////////////////////////////////////////////////////////////////////// +// gets TLS channel binging data for a socket + +MIR_APP_DLL(void*) Netlib_GetTlsUnique(HNETLIBCONN nlc, int &cbLen) +{ + if (nlc == nullptr || nlc->hSsl == nullptr) + return nullptr; + + char buf[1000]; + size_t len = SSL_get_finished(nlc->hSsl->session, buf, sizeof(buf)); + if (len == 0) + return nullptr; + + cbLen = (int)len; + void *pBuf = mir_alloc(len); + memcpy(pBuf, buf, len); + return pBuf; +} diff --git a/src/mir_app/src/newplugins.cpp b/src/mir_app/src/newplugins.cpp index 9f91136a80..210d129118 100644 --- a/src/mir_app/src/newplugins.cpp +++ b/src/mir_app/src/newplugins.cpp @@ -59,7 +59,7 @@ HANDLE hevLoadModule, hevUnloadModule; wchar_t mirandabootini[MAX_PATH]; static int askAboutIgnoredPlugins; -pluginEntry *plugin_checker, *plugin_crshdmp, *plugin_service, *plugin_ssl, *plugin_clist; +pluginEntry *plugin_checker, *plugin_crshdmp, *plugin_service, *plugin_clist; ///////////////////////////////////////////////////////////////////////////////////////// @@ -111,19 +111,21 @@ static const MUUID pluginBannedList[] = { 0xf0fdf73a, 0x753d, 0x499d, { 0x8d, 0xba, 0x33, 0x6d, 0xb7, 0x9c, 0xdd, 0x41 } }, // advancedautoaway { 0xa5bb1b7a, 0xb7cd, 0x4cbb, { 0xa7, 0xdb, 0xce, 0xb4, 0xeb, 0x71, 0xda, 0x49 } }, // keepstatus { 0x4b733944, 0x5a70, 0x4b52, { 0xab, 0x2d, 0x68, 0xb1, 0xef, 0x38, 0xff, 0xe8 } }, // startupstatus + { 0x8d0a046d, 0x8ea9, 0x4c55, { 0xb5, 0x68, 0x38, 0xda, 0x52, 0x05, 0x64, 0xfd } }, // stdauth { 0x9d6c3213, 0x02b4, 0x4fe1, { 0x92, 0xe6, 0x52, 0x6d, 0xe1, 0x4f, 0x8d, 0x65 } }, // stdchat + { 0x1e64fd80, 0x299e, 0x48a0, { 0x94, 0x41, 0xde, 0x28, 0x68, 0x56, 0x3b, 0x6f } }, // stdhelp + { 0x53ac190b, 0xe223, 0x4341, { 0x82, 0x5f, 0x70, 0x9d, 0x85, 0x20, 0x21, 0x5b } }, // stdidle + { 0x312C4F84, 0x75BE, 0x4404, { 0xBC, 0xB1, 0xC1, 0x03, 0xDB, 0xE5, 0xA3, 0xB8 } }, // stdssl { 0x621f886b, 0xa7f6, 0x457f, { 0x9d, 0x62, 0x8e, 0xe8, 0x4c, 0x27, 0x59, 0x93 } }, // modernopt { 0x08B86253, 0xEC6E, 0x4d09, { 0xB7, 0xA9, 0x64, 0xAC, 0xDF, 0x06, 0x27, 0xB8 } }, // gtalkext { 0x4f1ff7fa, 0x4d75, 0x44b9, { 0x93, 0xb0, 0x2c, 0xed, 0x2e, 0x4f, 0x9e, 0x3e } }, // whatsapp { 0xb908773a, 0x86f7, 0x4a91, { 0x86, 0x74, 0x6a, 0x20, 0xba, 0x0e, 0x67, 0xd1 } }, // dropbox { 0x748f8934, 0x781a, 0x528d, { 0x52, 0x08, 0x00, 0x12, 0x65, 0x40, 0x4a, 0xb3 } }, // tlen - { 0x8d0a046d, 0x8ea9, 0x4c55, { 0xb5, 0x68, 0x38, 0xda, 0x52, 0x05, 0x64, 0xfd } }, // stdauth - { 0x1e64fd80, 0x299e, 0x48a0, { 0x94, 0x41, 0xde, 0x28, 0x68, 0x56, 0x3b, 0x6f } }, // stdhelp { 0x3750a5a3, 0xbf0d, 0x490e, { 0xb6, 0x5d, 0x41, 0xac, 0x4d, 0x29, 0xae, 0xb3 } }, // aim { 0x7c070f7c, 0x459e, 0x46b7, { 0x8e, 0x6d, 0xbc, 0x6e, 0xfa, 0xa2, 0x2f, 0x78 } }, // advaimg - { 0x53ac190b, 0xe223, 0x4341, { 0x82, 0x5f, 0x70, 0x9d, 0x85, 0x20, 0x21, 0x5b } }, // stdidle { 0x6f376b33, 0xd3f4, 0x4c4f, { 0xa9, 0x6b, 0x77, 0xda, 0x08, 0x04, 0x3b, 0x06 } }, // importtxt { 0xe7c48bab, 0x8ace, 0x4cb3, { 0x84, 0x46, 0xd4, 0xb7, 0x34, 0x81, 0xf4, 0x97 } }, // mra + { 0xb649702c, 0x13de, 0x408a, { 0xb6, 0xc2, 0xfb, 0x8f, 0xed, 0x2a, 0x2c, 0x90 } }, // openssl { 0x73a9615c, 0x7d4e, 0x4555, { 0xba, 0xdb, 0xee, 0x05, 0xdc, 0x92, 0x8e, 0xff } }, // icqoscar8 { 0xcf97fd5d, 0xb911, 0x47a8, { 0xaf, 0x03, 0xd2, 0x19, 0x68, 0xb5, 0xb8, 0x94 } }, // sms { 0x26a9125d, 0x7863, 0x4e01, { 0xaf, 0x0e, 0xd1, 0x4e, 0xf9, 0x5c, 0x50, 0x54 } }, // old Popup.dll @@ -388,11 +390,6 @@ pluginEntry* OpenPlugin(wchar_t *tszFileName, wchar_t *dir, wchar_t *path) clistPlugins.insert(p); p->bIsClist = true; } - // plugin declared that it's a ssl provider. mark it for the future load - else if (hasMuuid(pIds, MIID_SSL)) { - plugin_ssl = p; - p->bIsLast = true; - } // plugin declared that it's a service mode plugin. // load it for a profile manager's window else if (hasMuuid(pIds, MIID_SERVICEMODE)) { @@ -656,28 +653,6 @@ MIR_APP_DLL(int) SetServiceModePlugin(const char *szPluginName, WPARAM wParam, L return 1; } -///////////////////////////////////////////////////////////////////////////////////////// - -int LoadSslModule(void) -{ - bool bExtSSLLoaded = false; - - if (plugin_ssl != nullptr) { - if (!TryLoadPlugin(plugin_ssl, false)) { - Plugin_Uninit(plugin_ssl); - } - else - bExtSSLLoaded = true; - } - if (!bExtSSLLoaded) { - MuuidReplacement stdSsl = { MIID_SSL, L"stdssl", nullptr }; - if (!LoadCorePlugin(stdSsl)) - return 1; - } - mir_getSI(&sslApi); - return 0; -} - ///////////////////////////////////////////////////////////////////////////////////////// // Event hook to unload all non-core plugins // hooked very late, after all the internal plugins, blah diff --git a/src/mir_app/src/pluginopts.cpp b/src/mir_app/src/pluginopts.cpp index 90b489b082..2e5b87960f 100644 --- a/src/mir_app/src/pluginopts.cpp +++ b/src/mir_app/src/pluginopts.cpp @@ -135,7 +135,7 @@ static BOOL dialogListPlugins(WIN32_FIND_DATA *fd, wchar_t *path, WPARAM, LPARAM CCtrlListView *pCtrl = (CCtrlListView*)lParam; bool bNoCheckbox = (dat->flags & STATIC_PLUGIN) != 0; - if (bNoCheckbox || hasMuuid(pIds, MIID_CLIST) || hasMuuid(pIds, MIID_SSL)) + if (bNoCheckbox || hasMuuid(pIds, MIID_CLIST)) dat->bRequiresRestart = true; LVITEM it = { 0 }; diff --git a/src/mir_app/src/stdafx.h b/src/mir_app/src/stdafx.h index bbcc675087..890c13c082 100644 --- a/src/mir_app/src/stdafx.h +++ b/src/mir_app/src/stdafx.h @@ -29,6 +29,9 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #define INCL_WINSOCK_API_TYPEDEFS 1 +#define HSSL_DEFINED 1 +typedef struct SslHandle *HSSL; + #include #include #include @@ -92,7 +95,6 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include #include #include -#include #include #include #include diff --git a/src/mir_core/src/stdafx.h b/src/mir_core/src/stdafx.h index 4934c8b1d9..9b9d913bfc 100644 --- a/src/mir_core/src/stdafx.h +++ b/src/mir_core/src/stdafx.h @@ -67,7 +67,6 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #include "miranda.h" -#include #include #include diff --git a/tools/build_scripts/bin15/z2_PackPluginUpdater_x32.txt b/tools/build_scripts/bin15/z2_PackPluginUpdater_x32.txt index 44e9e22897..807c2a29cb 100644 --- a/tools/build_scripts/bin15/z2_PackPluginUpdater_x32.txt +++ b/tools/build_scripts/bin15/z2_PackPluginUpdater_x32.txt @@ -99,7 +99,6 @@ Plugins\notifyanything.dll Plugins\nudge.dll Plugins\omegle.dll Plugins\openfolder.dll -Plugins\openssl.dll Plugins\packupdater.dll Plugins\pasteit.dll Plugins\ping.dll @@ -173,7 +172,6 @@ Core\stdemail.dll Core\stdfile.dll Core\stdmsg.dll Core\stdpopup.dll -Core\stdssl.dll Core\stduihist.dll Core\stduserinfo.dll Core\stduseronline.dll diff --git a/tools/build_scripts/bin15/z2_PackPluginUpdater_x64.txt b/tools/build_scripts/bin15/z2_PackPluginUpdater_x64.txt index 1d747d3f7f..347362b426 100644 --- a/tools/build_scripts/bin15/z2_PackPluginUpdater_x64.txt +++ b/tools/build_scripts/bin15/z2_PackPluginUpdater_x64.txt @@ -99,7 +99,6 @@ Plugins\notifyanything.dll Plugins\nudge.dll Plugins\omegle.dll Plugins\openfolder.dll -Plugins\openssl.dll Plugins\packupdater.dll Plugins\pasteit.dll Plugins\ping.dll @@ -173,7 +172,6 @@ Core\stdemail.dll Core\stdfile.dll Core\stdmsg.dll Core\stdpopup.dll -Core\stdssl.dll Core\stduihist.dll Core\stduserinfo.dll Core\stduseronline.dll diff --git a/tools/build_scripts/bin15/z3_PackArchives.txt b/tools/build_scripts/bin15/z3_PackArchives.txt index e2a1e8466f..45d226c456 100644 --- a/tools/build_scripts/bin15/z3_PackArchives.txt +++ b/tools/build_scripts/bin15/z3_PackArchives.txt @@ -51,7 +51,6 @@ Core\StdEmail.dll Core\StdFile.dll Core\StdMsg.dll Core\StdPopup.dll -Core\StdSSL.dll Core\StdUIHist.dll Core\StdUrl.dll Core\StdUserInfo.dll diff --git a/tools/build_scripts/z2_PackPluginUpdater.txt b/tools/build_scripts/z2_PackPluginUpdater.txt index 8921772be4..40c1288a2b 100644 --- a/tools/build_scripts/z2_PackPluginUpdater.txt +++ b/tools/build_scripts/z2_PackPluginUpdater.txt @@ -6,7 +6,6 @@ Core\StdEmail.dll Core\StdFile.dll Core\StdMsg.dll Core\StdPopup.dll -Core\StdSSL.dll Core\StdUIHist.dll Core\StdUrl.dll Core\StdUserInfo.dll diff --git a/tools/installer_ng/MirandaNG.iss b/tools/installer_ng/MirandaNG.iss index 6ec06c7787..e88ff297fb 100644 --- a/tools/installer_ng/MirandaNG.iss +++ b/tools/installer_ng/MirandaNG.iss @@ -83,7 +83,6 @@ Source: "Files\Core\StdEmail.dll"; DestDir: "{app}\Core"; Components: program; F Source: "Files\Core\StdFile.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdMsg.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdPopup.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() -Source: "Files\Core\StdSSL.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUIHist.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUserInfo.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUserOnline.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() diff --git a/tools/installer_ng_stable/MirandaNG.iss b/tools/installer_ng_stable/MirandaNG.iss index fc02572c0e..79d30a6c66 100644 --- a/tools/installer_ng_stable/MirandaNG.iss +++ b/tools/installer_ng_stable/MirandaNG.iss @@ -83,7 +83,6 @@ Source: "Files\Core\StdEmail.dll"; DestDir: "{app}\Core"; Components: program; F Source: "Files\Core\StdFile.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdMsg.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdPopup.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() -Source: "Files\Core\StdSSL.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUIHist.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUserInfo.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() Source: "Files\Core\StdUserOnline.dll"; DestDir: "{app}\Core"; Components: program; Flags: ignoreversion; AfterInstall: ShowPercent() -- cgit v1.2.3