Home Esplora Aiuto
Accedi
lqq
/
RealICQClient
Segui 2
Vota 0
Forka 0
File Problemi 9 Pull Requests 0 Wiki
Albero (Tree): 961757edfd
Rami (Branch) Tag
RealICQClient
/
Includes
/
BauglirWebSocket2_pascal_library.2.0.4
/
lib
/
ssl_openssl.pas

ssl_openssl.pas 21 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822 
  1. {==============================================================================|
    2. 

  2. | Project : Ararat Synapse                                       | 001.001.000 |
    3. 

  3. |==============================================================================|
    4. 

  4. | Content: SSL support by OpenSSL                                              |
    5. 

  5. |==============================================================================|
    6. 

  6. | Copyright (c)1999-2008, Lukas Gebauer                                        |
    7. 

  7. | All rights reserved.                                                         |
    8. 

  8. |                                                                              |
    9. 

  9. | Redistribution and use in source and binary forms, with or without           |
    10. 

  10. | modification, are permitted provided that the following conditions are met:  |
    11. 

  11. |                                                                              |
    12. 

  12. | Redistributions of source code must retain the above copyright notice, this  |
    13. 

  13. | list of conditions and the following disclaimer.                             |
    14. 

  14. |                                                                              |
    15. 

  15. | Redistributions in binary form must reproduce the above copyright notice,    |
    16. 

  16. | this list of conditions and the following disclaimer in the documentation    |
    17. 

  17. | and/or other materials provided with the distribution.                       |
    18. 

  18. |                                                                              |
    19. 

  19. | Neither the name of Lukas Gebauer nor the names of its contributors may      |
    20. 

  20. | be used to endorse or promote products derived from this software without    |
    21. 

  21. | specific prior written permission.                                           |
    22. 

  22. |                                                                              |
    23. 

  23. | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"  |
    24. 

  24. | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE    |
    25. 

  25. | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE   |
    26. 

  26. | ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR  |
    27. 

  27. | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL       |
    28. 

  28. | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR   |
    29. 

  29. | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER   |
    30. 

  30. | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT           |
    31. 

  31. | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY    |
    32. 

  32. | OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH  |
    33. 

  33. | DAMAGE.                                                                      |
    34. 

  34. |==============================================================================|
    35. 

  35. | The Initial Developer of the Original Code is Lukas Gebauer (Czech Republic).|
    36. 

  36. | Portions created by Lukas Gebauer are Copyright (c)2005-2008.                |
    37. 

  37. | All Rights Reserved.                                                         |
    38. 

  38. |==============================================================================|
    39. 

  39. | Contributor(s):                                                              |
    40. 

  40. |==============================================================================|
    41. 

  41. | History: see HISTORY.HTM from distribution package                           |
    42. 

  42. |          (Found at URL: http://www.ararat.cz/synapse/)                       |
    43. 

  43. |==============================================================================}
    44. 

  44. 

  45. //requires OpenSSL libraries!
    46. 

  46. 

  47. {:@abstract(SSL plugin for OpenSSL)
    48. 

  48. 

  49. You need OpenSSL libraries version 0.9.7. It can work with 0.9.6 too, but
    50. 

  50. application mysteriously crashing when you are using freePascal on Linux.
    51. 

  51. Use Kylix on Linux is OK! If you have version 0.9.7 on Linux, then I not see
    52. 

  52. any problems with FreePascal.
    53. 

  53. 

  54. OpenSSL libraries are loaded dynamicly - you not need OpenSSl librares even you
    55. 

  55. compile your application with this unit. SSL just not working when you not have
    56. 

  56. OpenSSL libraries.
    57. 

  57. 

  58. This plugin have limited support for .NET too! Because is not possible to use
    59. 

  59. callbacks with CDECL calling convention under .NET, is not supported
    60. 

  60. key/certificate passwords and multithread locking. :-(
    61. 

  61. 

  62. For handling keys and certificates you can use this properties:
    63. 

  63. 

  64. @link(TCustomSSL.CertificateFile) for PEM or ASN1 DER (cer) format. @br
    65. 

  65. @link(TCustomSSL.Certificate) for ASN1 DER format only. @br
    66. 

  66. @link(TCustomSSL.PrivateKeyFile) for PEM or ASN1 DER (key) format. @br
    67. 

  67. @link(TCustomSSL.PrivateKey) for ASN1 DER format only. @br
    68. 

  68. @link(TCustomSSL.CertCAFile) for PEM CA certificate bundle. @br
    69. 

  69. @link(TCustomSSL.PFXFile) for PFX format. @br
    70. 

  70. @link(TCustomSSL.PFX) for PFX format from binary string. @br
    71. 

  71. 

  72. This plugin is capable to create Ad-Hoc certificates. When you start SSL/TLS
    73. 

  73. server without explicitly assigned key and certificate, then this plugin create
    74. 

  74. Ad-Hoc key and certificate for each incomming connection by self. It slowdown
    75. 

  75. accepting of new connections!
    76. 

  76. }
    77. 

  77. 

  78. {$IFDEF FPC}
    79. 

  79.   {$MODE DELPHI}
    80. 

  80. {$ENDIF}
    81. 

  81. {$H+}
    82. 

  82. 

  83. unit ssl_openssl;
    84. 

  84. 

  85. interface
    86. 

  86. 

  87. uses
    88. 

  88.   SysUtils, Classes,
    89. 

  89.   blcksock, synsock, synautil,
    90. 

  90. {$IFDEF CIL}
    91. 

  91.   System.Text,
    92. 

  92. {$ENDIF}
    93. 

  93.   ssl_openssl_lib;
    94. 

  94. 

  95. type
    96. 

  96.   {:@abstract(class implementing OpenSSL SSL plugin.)
    97. 

  97.    Instance of this class will be created for each @link(TTCPBlockSocket).
    98. 

  98.    You not need to create instance of this class, all is done by Synapse itself!}
    99. 

  99.   TSSLOpenSSL = class(TCustomSSL)
    100. 

  100.   protected
    101. 

  101.     FSsl: PSSL;
    102. 

  102.     Fctx: PSSL_CTX;
    103. 

  103.     function SSLCheck: Boolean;
    104. 

  104.     function SetSslKeys: boolean;
    105. 

  105.     function Init(server:Boolean): Boolean;
    106. 

  106.     function DeInit: Boolean;
    107. 

  107.     function Prepare(server:Boolean): Boolean;
    108. 

  108.     function LoadPFX(pfxdata: ansistring): Boolean;
    109. 

  109.     function CreateSelfSignedCert(Host: string): Boolean; override;
    110. 

  110.   public
    111. 

  111.     {:See @inherited}
    112. 

  112.     constructor Create(const Value: TTCPBlockSocket); override;
    113. 

  113.     destructor Destroy; override;
    114. 

  114.     {:See @inherited}
    115. 

  115.     function LibVersion: String; override;
    116. 

  116.     {:See @inherited}
    117. 

  117.     function LibName: String; override;
    118. 

  118.     {:See @inherited and @link(ssl_cryptlib) for more details.}
    119. 

  119.     function Connect: boolean; override;
    120. 

  120.     {:See @inherited and @link(ssl_cryptlib) for more details.}
    121. 

  121.     function Accept: boolean; override;
    122. 

  122.     {:See @inherited}
    123. 

  123.     function Shutdown: boolean; override;
    124. 

  124.     {:See @inherited}
    125. 

  125.     function BiShutdown: boolean; override;
    126. 

  126.     {:See @inherited}
    127. 

  127.     function SendBuffer(Buffer: TMemory; Len: Integer): Integer; override;
    128. 

  128.     {:See @inherited}
    129. 

  129.     function RecvBuffer(Buffer: TMemory; Len: Integer): Integer; override;
    130. 

  130.     {:See @inherited}
    131. 

  131.     function WaitingData: Integer; override;
    132. 

  132.     {:See @inherited}
    133. 

  133.     function GetSSLVersion: string; override;
    134. 

  134.     {:See @inherited}
    135. 

  135.     function GetPeerSubject: string; override;
    136. 

  136.     {:See @inherited}
    137. 

  137.     function GetPeerIssuer: string; override;
    138. 

  138.     {:See @inherited}
    139. 

  139.     function GetPeerName: string; override;
    140. 

  140.     {:See @inherited}
    141. 

  141.     function GetPeerFingerprint: string; override;
    142. 

  142.     {:See @inherited}
    143. 

  143.     function GetCertInfo: string; override;
    144. 

  144.     {:See @inherited}
    145. 

  145.     function GetCipherName: string; override;
    146. 

  146.     {:See @inherited}
    147. 

  147.     function GetCipherBits: integer; override;
    148. 

  148.     {:See @inherited}
    149. 

  149.     function GetCipherAlgBits: integer; override;
    150. 

  150.     {:See @inherited}
    151. 

  151.     function GetVerifyCert: integer; override;
    152. 

  152.   end;
    153. 

  153. 

  154. implementation
    155. 

  155. 

  156. {==============================================================================}
    157. 

  157. 

  158. {$IFNDEF CIL}
    159. 

  159. function PasswordCallback(buf:PAnsiChar; size:Integer; rwflag:Integer; userdata: Pointer):Integer; cdecl;
    160. 

  160. var
    161. 

  161.   Password: AnsiString;
    162. 

  162. begin
    163. 

  163.   Password := '';
    164. 

  164.   if TCustomSSL(userdata) is TCustomSSL then
    165. 

  165.     Password := TCustomSSL(userdata).KeyPassword;
    166. 

  166.   if Length(Password) > (Size - 1) then
    167. 

  167.     SetLength(Password, Size - 1);
    168. 

  168.   Result := Length(Password);
    169. 

  169.   StrLCopy(buf, PAnsiChar(Password + #0), Result + 1);
    170. 

  170. end;
    171. 

  171. {$ENDIF}
    172. 

  172. 

  173. {==============================================================================}
    174. 

  174. 

  175. constructor TSSLOpenSSL.Create(const Value: TTCPBlockSocket);
    176. 

  176. begin
    177. 

  177.   inherited Create(Value);
    178. 

  178.   FCiphers := 'DEFAULT';
    179. 

  179.   FSsl := nil;
    180. 

  180.   Fctx := nil;
    181. 

  181. end;
    182. 

  182. 

  183. destructor TSSLOpenSSL.Destroy;
    184. 

  184. begin
    185. 

  185.   DeInit;
    186. 

  186.   inherited Destroy;
    187. 

  187. end;
    188. 

  188. 

  189. function TSSLOpenSSL.LibVersion: String;
    190. 

  190. begin
    191. 

  191.   Result := SSLeayversion(0);
    192. 

  192. end;
    193. 

  193. 

  194. function TSSLOpenSSL.LibName: String;
    195. 

  195. begin
    196. 

  196.   Result := 'ssl_openssl';
    197. 

  197. end;
    198. 

  198. 

  199. function TSSLOpenSSL.SSLCheck: Boolean;
    200. 

  200. var
    201. 

  201. {$IFDEF CIL}
    202. 

  202.   sb: StringBuilder;
    203. 

  203. {$ENDIF}
    204. 

  204.   s : AnsiString;
    205. 

  205. begin
    206. 

  206.   Result := true;
    207. 

  207.   FLastErrorDesc := '';
    208. 

  208.   FLastError := ErrGetError;
    209. 

  209.   ErrClearError;
    210. 

  210.   if FLastError <> 0 then
    211. 

  211.   begin
    212. 

  212.     Result := False;
    213. 

  213. {$IFDEF CIL}
    214. 

  214.     sb := StringBuilder.Create(256);
    215. 

  215.     ErrErrorString(FLastError, sb, 256);
    216. 

  216.     FLastErrorDesc := Trim(sb.ToString);
    217. 

  217. {$ELSE}
    218. 

  218.     s := StringOfChar(#0, 256);
    219. 

  219.     ErrErrorString(FLastError, s, Length(s));
    220. 

  220.     FLastErrorDesc := s;
    221. 

  221. {$ENDIF}
    222. 

  222.   end;
    223. 

  223. end;
    224. 

  224. 

  225. function TSSLOpenSSL.CreateSelfSignedCert(Host: string): Boolean;
    226. 

  226. var
    227. 

  227.   pk: EVP_PKEY;
    228. 

  228.   x: PX509;
    229. 

  229.   rsa: PRSA;
    230. 

  230.   t: PASN1_UTCTIME;
    231. 

  231.   name: PX509_NAME;
    232. 

  232.   b: PBIO;
    233. 

  233.   xn, y: integer;
    234. 

  234.   s: AnsiString;
    235. 

  235. {$IFDEF CIL}
    236. 

  236.   sb: StringBuilder;
    237. 

  237. {$ENDIF}
    238. 

  238. begin
    239. 

  239.   Result := True;
    240. 

  240.   pk := EvpPkeynew;
    241. 

  241.   x := X509New;
    242. 

  242.   try
    243. 

  243.     rsa := RsaGenerateKey(1024, $10001, nil, nil);
    244. 

  244.     EvpPkeyAssign(pk, EVP_PKEY_RSA, rsa);
    245. 

  245.     X509SetVersion(x, 2);
    246. 

  246.     Asn1IntegerSet(X509getSerialNumber(x), 0);
    247. 

  247.     t := Asn1UtctimeNew;
    248. 

  248.     try
    249. 

  249.       X509GmtimeAdj(t, -60 * 60 *24);
    250. 

  250.       X509SetNotBefore(x, t);
    251. 

  251.       X509GmtimeAdj(t, 60 * 60 * 60 *24);
    252. 

  252.       X509SetNotAfter(x, t);
    253. 

  253.     finally
    254. 

  254.       Asn1UtctimeFree(t);
    255. 

  255.     end;
    256. 

  256.     X509SetPubkey(x, pk);
    257. 

  257.     Name := X509GetSubjectName(x);
    258. 

  258.     X509NameAddEntryByTxt(Name, 'C', $1001, 'CZ', -1, -1, 0);
    259. 

  259.     X509NameAddEntryByTxt(Name, 'CN', $1001, host, -1, -1, 0);
    260. 

  260.     x509SetIssuerName(x, Name);
    261. 

  261.     x509Sign(x, pk, EvpGetDigestByName('SHA1'));
    262. 

  262.     b := BioNew(BioSMem);
    263. 

  263.     try
    264. 

  264.       i2dX509Bio(b, x);
    265. 

  265.       xn := bioctrlpending(b);
    266. 

  266. {$IFDEF CIL}
    267. 

  267.       sb := StringBuilder.Create(xn);
    268. 

  268.       y := bioread(b, sb, xn);
    269. 

  269.       if y > 0 then
    270. 

  270.       begin
    271. 

  271.         sb.Length := y;
    272. 

  272.         s := sb.ToString;
    273. 

  273.       end;
    274. 

  274. {$ELSE}
    275. 

  275.       setlength(s, xn);
    276. 

  276.       y := bioread(b, s, xn);
    277. 

  277.       if y > 0 then
    278. 

  278.         setlength(s, y);
    279. 

  279. {$ENDIF}
    280. 

  280.     finally
    281. 

  281.       BioFreeAll(b);
    282. 

  282.     end;
    283. 

  283.     FCertificate := s;
    284. 

  284.     b := BioNew(BioSMem);
    285. 

  285.     try
    286. 

  286.       i2dPrivatekeyBio(b, pk);
    287. 

  287.       xn := bioctrlpending(b);
    288. 

  288. {$IFDEF CIL}
    289. 

  289.       sb := StringBuilder.Create(xn);
    290. 

  290.       y := bioread(b, sb, xn);
    291. 

  291.       if y > 0 then
    292. 

  292.       begin
    293. 

  293.         sb.Length := y;
    294. 

  294.         s := sb.ToString;
    295. 

  295.       end;
    296. 

  296. {$ELSE}
    297. 

  297.       setlength(s, xn);
    298. 

  298.       y := bioread(b, s, xn);
    299. 

  299.       if y > 0 then
    300. 

  300.         setlength(s, y);
    301. 

  301. {$ENDIF}
    302. 

  302.     finally
    303. 

  303.       BioFreeAll(b);
    304. 

  304.     end;
    305. 

  305.     FPrivatekey := s;
    306. 

  306.   finally
    307. 

  307.     X509free(x);
    308. 

  308.     EvpPkeyFree(pk);
    309. 

  309.   end;
    310. 

  310. end;
    311. 

  311. 

  312. function TSSLOpenSSL.LoadPFX(pfxdata: Ansistring): Boolean;
    313. 

  313. var
    314. 

  314.   cert, pkey, ca: SslPtr;
    315. 

  315.   b: PBIO;
    316. 

  316.   p12: SslPtr;
    317. 

  317. begin
    318. 

  318.   Result := False;
    319. 

  319.   b := BioNew(BioSMem);
    320. 

  320.   try
    321. 

  321.     BioWrite(b, pfxdata, Length(PfxData));
    322. 

  322.     p12 := d2iPKCS12bio(b, nil);
    323. 

  323.     if not Assigned(p12) then
    324. 

  324.       Exit;
    325. 

  325.     try
    326. 

  326.       cert := nil;
    327. 

  327.       pkey := nil;
    328. 

  328.       ca := nil;
    329. 

  329.       if PKCS12parse(p12, FKeyPassword, pkey, cert, ca) > 0 then
    330. 

  330.         if SSLCTXusecertificate(Fctx, cert) > 0 then
    331. 

  331.           if SSLCTXusePrivateKey(Fctx, pkey) > 0 then
    332. 

  332.             Result := True;
    333. 

  333.     finally
    334. 

  334.       PKCS12free(p12);
    335. 

  335.     end;
    336. 

  336.   finally
    337. 

  337.     BioFreeAll(b);
    338. 

  338.   end;
    339. 

  339. end;
    340. 

  340. 

  341. function TSSLOpenSSL.SetSslKeys: boolean;
    342. 

  342. var
    343. 

  343.   st: TFileStream;
    344. 

  344.   s: string;
    345. 

  345. begin
    346. 

  346.   Result := False;
    347. 

  347.   if not assigned(FCtx) then
    348. 

  348.     Exit;
    349. 

  349.   try
    350. 

  350.     if FCertificateFile <> '' then
    351. 

  351.       if SslCtxUseCertificateChainFile(FCtx, FCertificateFile) <> 1 then
    352. 

  352.         if SslCtxUseCertificateFile(FCtx, FCertificateFile, SSL_FILETYPE_PEM) <> 1 then
    353. 

  353.           if SslCtxUseCertificateFile(FCtx, FCertificateFile, SSL_FILETYPE_ASN1) <> 1 then
    354. 

  354.             Exit;
    355. 

  355.     if FCertificate <> '' then
    356. 

  356.       if SslCtxUseCertificateASN1(FCtx, length(FCertificate), FCertificate) <> 1 then
    357. 

  357.         Exit;
    358. 

  358.     SSLCheck;
    359. 

  359.     if FPrivateKeyFile <> '' then
    360. 

  360.       if SslCtxUsePrivateKeyFile(FCtx, FPrivateKeyFile, SSL_FILETYPE_PEM) <> 1 then
    361. 

  361.         if SslCtxUsePrivateKeyFile(FCtx, FPrivateKeyFile, SSL_FILETYPE_ASN1) <> 1 then
    362. 

  362.           Exit;
    363. 

  363.     if FPrivateKey <> '' then
    364. 

  364.       if SslCtxUsePrivateKeyASN1(EVP_PKEY_RSA, FCtx, FPrivateKey, length(FPrivateKey)) <> 1 then
    365. 

  365.         Exit;
    366. 

  366.     SSLCheck;
    367. 

  367.     if FCertCAFile <> '' then
    368. 

  368.       if SslCtxLoadVerifyLocations(FCtx, FCertCAFile, '') <> 1 then
    369. 

  369.         Exit;
    370. 

  370.     if FPFXfile <> '' then
    371. 

  371.     begin
    372. 

  372.       try
    373. 

  373.         st := TFileStream.Create(FPFXfile, fmOpenRead	 or fmShareDenyNone);
    374. 

  374.         try
    375. 

  375.           s := ReadStrFromStream(st, st.Size);
    376. 

  376.         finally
    377. 

  377.           st.Free;
    378. 

  378.         end;
    379. 

  379.         if not LoadPFX(s) then
    380. 

  380.           Exit;
    381. 

  381.       except
    382. 

  382.         on Exception do
    383. 

  383.           Exit;
    384. 

  384.       end;
    385. 

  385.     end;
    386. 

  386.     if FPFX <> '' then
    387. 

  387.       if not LoadPFX(FPfx) then
    388. 

  388.         Exit;
    389. 

  389.     SSLCheck;
    390. 

  390.     Result := True;
    391. 

  391.   finally
    392. 

  392.     SSLCheck;
    393. 

  393.   end;
    394. 

  394. end;
    395. 

  395. 

  396. function TSSLOpenSSL.Init(server:Boolean): Boolean;
    397. 

  397. var
    398. 

  398.   s: AnsiString;
    399. 

  399. begin
    400. 

  400.   Result := False;
    401. 

  401.   FLastErrorDesc := '';
    402. 

  402.   FLastError := 0;
    403. 

  403.   Fctx := nil;
    404. 

  404.   case FSSLType of
    405. 

  405.     LT_SSLv2:
    406. 

  406.       Fctx := SslCtxNew(SslMethodV2);
    407. 

  407.     LT_SSLv3:
    408. 

  408.       Fctx := SslCtxNew(SslMethodV3);
    409. 

  409.     LT_TLSv1:
    410. 

  410.       Fctx := SslCtxNew(SslMethodTLSV1);
    411. 

  411.     LT_all:
    412. 

  412.       Fctx := SslCtxNew(SslMethodV23);
    413. 

  413.   else
    414. 

  414.     Exit;
    415. 

  415.   end;
    416. 

  416.   if Fctx = nil then
    417. 

  417.   begin
    418. 

  418.     SSLCheck;
    419. 

  419.     Exit;
    420. 

  420.   end
    421. 

  421.   else
    422. 

  422.   begin
    423. 

  423.     s := FCiphers;
    424. 

  424.     SslCtxSetCipherList(Fctx, s);
    425. 

  425.     if FVerifyCert then
    426. 

  426.       SslCtxSetVerify(FCtx, SSL_VERIFY_PEER, nil)
    427. 

  427.     else
    428. 

  428.       SslCtxSetVerify(FCtx, SSL_VERIFY_NONE, nil);
    429. 

  429. {$IFNDEF CIL}
    430. 

  430.     SslCtxSetDefaultPasswdCb(FCtx, @PasswordCallback);
    431. 

  431.     SslCtxSetDefaultPasswdCbUserdata(FCtx, self);
    432. 

  432. {$ENDIF}
    433. 

  433. 

  434.     if server and (FCertificateFile = '') and (FCertificate = '')
    435. 

  435.       and (FPFXfile = '') and (FPFX = '') then
    436. 

  436.     begin
    437. 

  437.       CreateSelfSignedcert(FSocket.ResolveIPToName(FSocket.GetRemoteSinIP));
    438. 

  438.     end;
    439. 

  439. 

  440.     if not SetSSLKeys then
    441. 

  441.       Exit
    442. 

  442.     else
    443. 

  443.     begin
    444. 

  444.       Fssl := nil;
    445. 

  445.       Fssl := SslNew(Fctx);
    446. 

  446.       if Fssl = nil then
    447. 

  447.       begin
    448. 

  448.         SSLCheck;
    449. 

  449.         exit;
    450. 

  450.       end;
    451. 

  451.     end;
    452. 

  452.   end;
    453. 

  453.   Result := true;
    454. 

  454. end;
    455. 

  455. 

  456. function TSSLOpenSSL.DeInit: Boolean;
    457. 

  457. begin
    458. 

  458.   Result := True;
    459. 

  459.   if assigned (Fssl) then
    460. 

  460.     sslfree(Fssl);
    461. 

  461.   Fssl := nil;
    462. 

  462.   if assigned (Fctx) then
    463. 

  463.   begin
    464. 

  464.     SslCtxFree(Fctx);
    465. 

  465.     Fctx := nil;
    466. 

  466.     ErrRemoveState(0);
    467. 

  467.   end;
    468. 

  468.   FSSLEnabled := False;
    469. 

  469. end;
    470. 

  470. 

  471. function TSSLOpenSSL.Prepare(server:Boolean): Boolean;
    472. 

  472. begin
    473. 

  473.   Result := false;
    474. 

  474.   DeInit;
    475. 

  475.   if Init(server) then
    476. 

  476.     Result := true
    477. 

  477.   else
    478. 

  478.     DeInit;
    479. 

  479. end;
    480. 

  480. 

  481. function TSSLOpenSSL.Connect: boolean;
    482. 

  482. var
    483. 

  483.   x: integer;
    484. 

  484. begin
    485. 

  485.   Result := False;
    486. 

  486.   if FSocket.Socket = INVALID_SOCKET then
    487. 

  487.     Exit;
    488. 

  488.   if Prepare(False) then
    489. 

  489.   begin
    490. 

  490. {$IFDEF CIL}
    491. 

  491.     if sslsetfd(FSsl, FSocket.Socket.Handle.ToInt32) < 1 then
    492. 

  492. {$ELSE}
    493. 

  493.     if sslsetfd(FSsl, FSocket.Socket) < 1 then
    494. 

  494. {$ENDIF}
    495. 

  495.     begin
    496. 

  496.       SSLCheck;
    497. 

  497.       Exit;
    498. 

  498.     end;
    499. 

  499.     x := sslconnect(FSsl);
    500. 

  500.     if x < 1 then
    501. 

  501.     begin
    502. 

  502.       SSLcheck;
    503. 

  503.       Exit;
    504. 

  504.     end;
    505. 

  505.   if FverifyCert then
    506. 

  506.     if GetVerifyCert <> 0 then
    507. 

  507.       Exit;
    508. 

  508.     FSSLEnabled := True;
    509. 

  509.     Result := True;
    510. 

  510.   end;
    511. 

  511. end;
    512. 

  512. 

  513. function TSSLOpenSSL.Accept: boolean;
    514. 

  514. var
    515. 

  515.   x: integer;
    516. 

  516. begin
    517. 

  517.   Result := False;
    518. 

  518.   if FSocket.Socket = INVALID_SOCKET then
    519. 

  519.     Exit;
    520. 

  520.   if Prepare(True) then
    521. 

  521.   begin
    522. 

  522. {$IFDEF CIL}
    523. 

  523.     if sslsetfd(FSsl, FSocket.Socket.Handle.ToInt32) < 1 then
    524. 

  524. {$ELSE}
    525. 

  525.     if sslsetfd(FSsl, FSocket.Socket) < 1 then
    526. 

  526. {$ENDIF}
    527. 

  527.     begin
    528. 

  528.       SSLCheck;
    529. 

  529.       Exit;
    530. 

  530.     end;
    531. 

  531.     x := sslAccept(FSsl);
    532. 

  532.     if x < 1 then
    533. 

  533.     begin
    534. 

  534.       SSLcheck;
    535. 

  535.       Exit;
    536. 

  536.     end;
    537. 

  537.     FSSLEnabled := True;
    538. 

  538.     Result := True;
    539. 

  539.   end;
    540. 

  540. end;
    541. 

  541. 

  542. function TSSLOpenSSL.Shutdown: boolean;
    543. 

  543. begin
    544. 

  544.   if assigned(FSsl) then
    545. 

  545.     sslshutdown(FSsl);
    546. 

  546.   DeInit;
    547. 

  547.   Result := True;
    548. 

  548. end;
    549. 

  549. 

  550. function TSSLOpenSSL.BiShutdown: boolean;
    551. 

  551. var
    552. 

  552.   x: integer;
    553. 

  553. begin
    554. 

  554.   if assigned(FSsl) then
    555. 

  555.   begin
    556. 

  556.     x := sslshutdown(FSsl);
    557. 

  557.     if x = 0 then
    558. 

  558.     begin
    559. 

  559.       Synsock.Shutdown(FSocket.Socket, 1);
    560. 

  560.       sslshutdown(FSsl);
    561. 

  561.     end;
    562. 

  562.   end;
    563. 

  563.   DeInit;
    564. 

  564.   Result := True;
    565. 

  565. end;
    566. 

  566. 

  567. function TSSLOpenSSL.SendBuffer(Buffer: TMemory; Len: Integer): Integer;
    568. 

  568. var
    569. 

  569.   err: integer;
    570. 

  570. {$IFDEF CIL}
    571. 

  571.   s: ansistring;
    572. 

  572. {$ENDIF}
    573. 

  573. begin
    574. 

  574.   FLastError := 0;
    575. 

  575.   FLastErrorDesc := '';
    576. 

  576.   repeat
    577. 

  577. {$IFDEF CIL}
    578. 

  578.     s := StringOf(Buffer);
    579. 

  579.     Result := SslWrite(FSsl, s, Len);
    580. 

  580. {$ELSE}
    581. 

  581.     Result := SslWrite(FSsl, Buffer , Len);
    582. 

  582. {$ENDIF}
    583. 

  583.     err := SslGetError(FSsl, Result);
    584. 

  584.   until (err <> SSL_ERROR_WANT_READ) and (err <> SSL_ERROR_WANT_WRITE);
    585. 

  585.   if err = SSL_ERROR_ZERO_RETURN then
    586. 

  586.     Result := 0
    587. 

  587.   else
    588. 

  588.     if (err <> 0) then
    589. 

  589.       FLastError := err;
    590. 

  590. end;
    591. 

  591. 

  592. function TSSLOpenSSL.RecvBuffer(Buffer: TMemory; Len: Integer): Integer;
    593. 

  593. var
    594. 

  594.   err: integer;
    595. 

  595. {$IFDEF CIL}
    596. 

  596.   sb: stringbuilder;
    597. 

  597.   s: ansistring;
    598. 

  598. {$ENDIF}
    599. 

  599. begin
    600. 

  600.   FLastError := 0;
    601. 

  601.   FLastErrorDesc := '';
    602. 

  602.   repeat
    603. 

  603. {$IFDEF CIL}
    604. 

  604.     sb := StringBuilder.Create(Len);
    605. 

  605.     Result := SslRead(FSsl, sb, Len);
    606. 

  606.     if Result > 0 then
    607. 

  607.     begin
    608. 

  608.       sb.Length := Result;
    609. 

  609.       s := sb.ToString;
    610. 

  610.       System.Array.Copy(BytesOf(s), Buffer, length(s));
    611. 

  611.     end;
    612. 

  612. {$ELSE}
    613. 

  613.     Result := SslRead(FSsl, Buffer , Len);
    614. 

  614. {$ENDIF}
    615. 

  615.     err := SslGetError(FSsl, Result);
    616. 

  616.   until (err <> SSL_ERROR_WANT_READ) and (err <> SSL_ERROR_WANT_WRITE);
    617. 

  617.   if err = SSL_ERROR_ZERO_RETURN then
    618. 

  618.     Result := 0
    619. 

  619.   else
    620. 

  620.     if (err <> 0) then
    621. 

  621.       FLastError := err;
    622. 

  622. end;
    623. 

  623. 

  624. function TSSLOpenSSL.WaitingData: Integer;
    625. 

  625. begin
    626. 

  626.   Result := sslpending(Fssl);
    627. 

  627. end;
    628. 

  628. 

  629. function TSSLOpenSSL.GetSSLVersion: string;
    630. 

  630. begin
    631. 

  631.   if not assigned(FSsl) then
    632. 

  632.     Result := ''
    633. 

  633.   else
    634. 

  634.     Result := SSlGetVersion(FSsl);
    635. 

  635. end;
    636. 

  636. 

  637. function TSSLOpenSSL.GetPeerSubject: string;
    638. 

  638. var
    639. 

  639.   cert: PX509;
    640. 

  640.   s: ansistring;
    641. 

  641. {$IFDEF CIL}
    642. 

  642.   sb: StringBuilder;
    643. 

  643. {$ENDIF}
    644. 

  644. begin
    645. 

  645.   if not assigned(FSsl) then
    646. 

  646.   begin
    647. 

  647.     Result := '';
    648. 

  648.     Exit;
    649. 

  649.   end;
    650. 

  650.   cert := SSLGetPeerCertificate(Fssl);
    651. 

  651.   if not assigned(cert) then
    652. 

  652.   begin
    653. 

  653.     Result := '';
    654. 

  654.     Exit;
    655. 

  655.   end;
    656. 

  656. {$IFDEF CIL}
    657. 

  657.   sb := StringBuilder.Create(4096);
    658. 

  658.   Result := X509NameOneline(X509GetSubjectName(cert), sb, 4096);
    659. 

  659. {$ELSE}
    660. 

  660.   setlength(s, 4096);
    661. 

  661.   Result := X509NameOneline(X509GetSubjectName(cert), s, Length(s));
    662. 

  662. {$ENDIF}
    663. 

  663.   X509Free(cert);
    664. 

  664. end;
    665. 

  665. 

  666. function TSSLOpenSSL.GetPeerName: string;
    667. 

  667. var
    668. 

  668.   s: ansistring;
    669. 

  669. begin
    670. 

  670.   s := GetPeerSubject;
    671. 

  671.   s := SeparateRight(s, '/CN=');
    672. 

  672.   Result := Trim(SeparateLeft(s, '/'));
    673. 

  673. end;
    674. 

  674. 

  675. function TSSLOpenSSL.GetPeerIssuer: string;
    676. 

  676. var
    677. 

  677.   cert: PX509;
    678. 

  678.   s: ansistring;
    679. 

  679. {$IFDEF CIL}
    680. 

  680.   sb: StringBuilder;
    681. 

  681. {$ENDIF}
    682. 

  682. begin
    683. 

  683.   if not assigned(FSsl) then
    684. 

  684.   begin
    685. 

  685.     Result := '';
    686. 

  686.     Exit;
    687. 

  687.   end;
    688. 

  688.   cert := SSLGetPeerCertificate(Fssl);
    689. 

  689.   if not assigned(cert) then
    690. 

  690.   begin
    691. 

  691.     Result := '';
    692. 

  692.     Exit;
    693. 

  693.   end;
    694. 

  694. {$IFDEF CIL}
    695. 

  695.   sb := StringBuilder.Create(4096);
    696. 

  696.   Result := X509NameOneline(X509GetIssuerName(cert), sb, 4096);
    697. 

  697. {$ELSE}
    698. 

  698.   setlength(s, 4096);
    699. 

  699.   Result := X509NameOneline(X509GetIssuerName(cert), s, Length(s));
    700. 

  700. {$ENDIF}
    701. 

  701.   X509Free(cert);
    702. 

  702. end;
    703. 

  703. 

  704. function TSSLOpenSSL.GetPeerFingerprint: string;
    705. 

  705. var
    706. 

  706.   cert: PX509;
    707. 

  707.   x: integer;
    708. 

  708. {$IFDEF CIL}
    709. 

  709.   sb: StringBuilder;
    710. 

  710. {$ENDIF}
    711. 

  711. begin
    712. 

  712.   if not assigned(FSsl) then
    713. 

  713.   begin
    714. 

  714.     Result := '';
    715. 

  715.     Exit;
    716. 

  716.   end;
    717. 

  717.   cert := SSLGetPeerCertificate(Fssl);
    718. 

  718.   if not assigned(cert) then
    719. 

  719.   begin
    720. 

  720.     Result := '';
    721. 

  721.     Exit;
    722. 

  722.   end;
    723. 

  723. {$IFDEF CIL}
    724. 

  724.   sb := StringBuilder.Create(EVP_MAX_MD_SIZE);
    725. 

  725.   X509Digest(cert, EvpGetDigestByName('MD5'), sb, x);
    726. 

  726.   sb.Length := x;
    727. 

  727.   Result := sb.ToString;
    728. 

  728. {$ELSE}
    729. 

  729.   setlength(Result, EVP_MAX_MD_SIZE);
    730. 

  730.   X509Digest(cert, EvpGetDigestByName('MD5'), Result, x);
    731. 

  731.   SetLength(Result, x);
    732. 

  732. {$ENDIF}
    733. 

  733.   X509Free(cert);
    734. 

  734. end;
    735. 

  735. 

  736. function TSSLOpenSSL.GetCertInfo: string;
    737. 

  737. var
    738. 

  738.   cert: PX509;
    739. 

  739.   x, y: integer;
    740. 

  740.   b: PBIO;
    741. 

  741.   s: AnsiString;
    742. 

  742. {$IFDEF CIL}
    743. 

  743.   sb: stringbuilder;
    744. 

  744. {$ENDIF}
    745. 

  745. begin
    746. 

  746.   if not assigned(FSsl) then
    747. 

  747.   begin
    748. 

  748.     Result := '';
    749. 

  749.     Exit;
    750. 

  750.   end;
    751. 

  751.   cert := SSLGetPeerCertificate(Fssl);
    752. 

  752.   if not assigned(cert) then
    753. 

  753.   begin
    754. 

  754.     Result := '';
    755. 

  755.     Exit;
    756. 

  756.   end;
    757. 

  757.   b := BioNew(BioSMem);
    758. 

  758.   try
    759. 

  759.     X509Print(b, cert);
    760. 

  760.     x := bioctrlpending(b);
    761. 

  761. {$IFDEF CIL}
    762. 

  762.     sb := StringBuilder.Create(x);
    763. 

  763.     y := bioread(b, sb, x);
    764. 

  764.     if y > 0 then
    765. 

  765.     begin
    766. 

  766.       sb.Length := y;
    767. 

  767.       s := sb.ToString;
    768. 

  768.     end;
    769. 

  769. {$ELSE}
    770. 

  770.     setlength(s,x);
    771. 

  771.     y := bioread(b,s,x);
    772. 

  772.     if y > 0 then
    773. 

  773.       setlength(s, y);
    774. 

  774. {$ENDIF}
    775. 

  775.     Result := ReplaceString(s, LF, CRLF);
    776. 

  776.   finally
    777. 

  777.     BioFreeAll(b);
    778. 

  778.   end;
    779. 

  779. end;
    780. 

  780. 

  781. function TSSLOpenSSL.GetCipherName: string;
    782. 

  782. begin
    783. 

  783.   if not assigned(FSsl) then
    784. 

  784.     Result := ''
    785. 

  785.   else
    786. 

  786.     Result := SslCipherGetName(SslGetCurrentCipher(FSsl));
    787. 

  787. end;
    788. 

  788. 

  789. function TSSLOpenSSL.GetCipherBits: integer;
    790. 

  790. var
    791. 

  791.   x: integer;
    792. 

  792. begin
    793. 

  793.   if not assigned(FSsl) then
    794. 

  794.     Result := 0
    795. 

  795.   else
    796. 

  796.     Result := SSLCipherGetBits(SslGetCurrentCipher(FSsl), x);
    797. 

  797. end;
    798. 

  798. 

  799. function TSSLOpenSSL.GetCipherAlgBits: integer;
    800. 

  800. begin
    801. 

  801.   if not assigned(FSsl) then
    802. 

  802.     Result := 0
    803. 

  803.   else
    804. 

  804.     SSLCipherGetBits(SslGetCurrentCipher(FSsl), Result);
    805. 

  805. end;
    806. 

  806. 

  807. function TSSLOpenSSL.GetVerifyCert: integer;
    808. 

  808. begin
    809. 

  809.   if not assigned(FSsl) then
    810. 

  810.     Result := 1
    811. 

  811.   else
    812. 

  812.     Result := SslGetVerifyResult(FSsl);
    813. 

  813. end;
    814. 

  814. 

  815. {==============================================================================}
    816. 

  816. 

  817. initialization
    818. 

  818.   if InitSSLInterface then
    819. 

  819.     SSLImplementation := TSSLOpenSSL;
    820. 

  820. 

  821. end.
    822. 

  822.