[T106][ZXW-22]7520V3SCV2.01.01.02P42U09_VEC_V0.8_AP_VEC origin source commit

Change-Id: Ic6e05d89ecd62fc34f82b23dcf306c93764aec4b
diff --git a/ap/app/cwmp/netcwmp/libcwmp/src/ssl.c b/ap/app/cwmp/netcwmp/libcwmp/src/ssl.c
new file mode 100755
index 0000000..888d433
--- /dev/null
+++ b/ap/app/cwmp/netcwmp/libcwmp/src/ssl.c
@@ -0,0 +1,286 @@
+ 

+#include "cwmp/http.h"

+#include "cwmp/log.h"

+//#include "cwmp_private.h"

+#include <cwmp/md5.h>

+

+

+

+

+

+#ifdef USE_CWMP_OPENSSL

+

+static char openssl_password[32];

+

+

+BIO *bio_err=0;

+static char *pass;

+static int password_cb(char *buf,int num,

+  int rwflag,void *userdata);

+static void sigpipe_handle(int x);

+

+/* A simple error and exit routine*/

+int err_exit(string)

+  char *string;

+  {

+    cwmp_log_error("%s\n",string);

+    //exit(0);

+  }

+

+/* Print SSL errors and exit*/

+int berr_exit(string)

+  char *string;

+  {

+    cwmp_log_error("%s\n",string);

+    ERR_print_errors(bio_err);

+    //exit(0);

+  }

+

+/*The password code is not thread safe*/

+static int password_cb(char *buf,int num,

+  int rwflag,void *userdata)

+  {

+    if(num<strlen(pass)+1)

+      return(0);

+

+    strcpy(buf,pass);

+    return(strlen(pass));

+  }

+

+static void sigpipe_handle(int x){

+}

+

+SSL_CTX *openssl_initialize_ctx(char *keyfile,char *password)

+{

+    SSL_METHOD *meth;

+    SSL_CTX *ctx;

+    

+    if(!bio_err){

+      /* Global system initialization*/

+      SSL_library_init();

+      SSL_load_error_strings();

+      

+      /* An error write context */

+      bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

+    }

+

+    /* Set up a SIGPIPE handler */

+    //signal(SIGPIPE,sigpipe_handle);

+    

+    /* Create our context*/

+    meth=SSLv23_method();

+    ctx=SSL_CTX_new(meth);

+

+    /* Load our keys and certificates*/

+    if(!(SSL_CTX_use_certificate_chain_file(ctx,

+      keyfile)))

+      berr_exit("Can't read certificate file");

+

+    pass=password;

+    SSL_CTX_set_default_passwd_cb(ctx,

+      password_cb);

+    if(!(SSL_CTX_use_PrivateKey_file(ctx,

+      keyfile,SSL_FILETYPE_PEM)))

+      berr_exit("Can't read key file");

+

+    /* Load the CAs we trust*/

+    /*

+    if(!(SSL_CTX_load_verify_locations(ctx,

+      CA_LIST,0)))

+      berr_exit("Can't read CA list");

+    */

+    

+#if (OPENSSL_VERSION_NUMBER < 0x00905100L)

+    SSL_CTX_set_verify_depth(ctx,1);

+#endif

+    

+    return ctx;

+  }

+     

+void openssl_destroy_ctx(ctx)

+  SSL_CTX *ctx;

+  {

+    SSL_CTX_free(ctx);

+  }

+

+

+SSL * openssl_connect(SSL_CTX * ctx, int fd)

+{

+    BIO *sbio;

+    SSL * ssl=SSL_new(ctx);

+            sbio=BIO_new_socket(fd,BIO_NOCLOSE);

+            SSL_set_bio(ssl,sbio,sbio);

+        

+            if(SSL_connect(ssl)<=0)

+            {

+              cwmp_log_alert("SSL connect error");

+              SSL_free(ssl);

+              return NULL;

+            }

+            else

+                {

+                cwmp_log_info("SSL connect to host ok.\n");  

+                     

+            }

+            

+      return ssl;

+    

+}

+

+

+

+/*

+

+static int openssl_password_cb(char *buf, int num, int rwflag, void *userdata)

+{    

+    if (num < strlen(openssl_password)+1)

+	    return 0;

+    

+    strcpy(buf,openssl_password);

+    return(strlen(buf));

+}

+

+

+void openssl_init(void) {

+    

+}

+

+

+

+int openssl_verify_callback(int ok, X509_STORE_CTX *store) {

+    char data[256];

+ 

+    if (!ok) {

+        X509 *cert = X509_STORE_CTX_get_current_cert(store);

+        int  depth = X509_STORE_CTX_get_error_depth(store);

+        int  err = X509_STORE_CTX_get_error(store);

+ 

+        cwmp_log_error("Error with certificate at depth: %i\n", depth);

+        X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);

+        cwmp_log_error("issuer   = %s\n", data);

+        X509_NAME_oneline(X509_get_subject_name(cert), data, 256);

+        cwmp_log_error("subject  = %s\n", data);

+        cwmp_log_error("err %i:%s\n", err, X509_verify_cert_error_string(err));

+    }

+ 

+    return ok;

+}

+

+*/

+

+//SSL_CTX *openssl_setup_client_ctx(const char * cafile, const char * password) 

+//{

+//    SSL_CTX *ctx;

+//    

+//    if (!SSL_library_init()) {

+//        fprintf(stderr, "OpenSSL initialization failed!\n");

+//        cwmp_log_error("OpenSSL initialization failed!\n");

+//        exit(-1);

+//    }

+//    SSL_load_error_strings();

+// 

+//    ctx = SSL_CTX_new(SSLv3_client_method());

+//    

+//    /* Load our keys and certificates*/

+//    if(!(SSL_CTX_use_certificate_chain_file(ctx, cafile)))

+//    {

+//      cwmp_log_error("Can't read certificate file");

+//      

+//      //return NULL;

+//    }

+// 

+//    strncpy(openssl_password, password, 32);

+// 

+//    SSL_CTX_set_default_passwd_cb(ctx, openssl_password_cb);

+//    if(!(SSL_CTX_use_PrivateKey_file(ctx,

+//      cafile,SSL_FILETYPE_PEM)))

+//    {

+//      cwmp_log_error("Can't read key file");

+//      //return NULL

+//    }

+//

+//    /* Load the CAs we trust*/

+//    /*if(!(SSL_CTX_load_verify_locations(ctx, CA_LIST,0)))

+//    {

+//      cwmp_log_error("Can't read CA list");

+//      //return NULL

+//    }

+//    */

+//    SSL_CTX_set_verify_depth(ctx,4);

+//    SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);

+//    

+//    

+///*     

+//    

+//    if (SSL_CTX_load_verify_locations(ctx, cafile, cadir) != 1)

+//        cwmp_log_error("Error loading CA file and/or directory");

+//    if (SSL_CTX_set_default_verify_paths(ctx) != 1) 

+//        cwmp_log_error("Error loading default CA file and/or directory");

+//        

+//    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, openssl_verify_callback);

+//    SSL_CTX_set_verify_depth(ctx, 4);

+//    SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);

+//    if (SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != 1) 

+//        cwmp_log_error("Error setting cipher list (no valid ciphers)");

+//        

+//*/        

+//    cwmp_log_debug("init openssl success.\n");

+//    return ctx;

+//}

+

+

+

+int openssl_check_cert(SSL *ssl, char *host)  

+  {

+    X509 *peer;

+    char peer_CN[256];

+    

+    if(SSL_get_verify_result(ssl)!=X509_V_OK)

+    {

+      cwmp_log_error("Certificate doesn't verify");

+      //return CWMP_ERROR;

+    }

+

+    /*Check the cert chain. The chain length

+      is automatically checked by OpenSSL when

+      we set the verify depth in the ctx */

+

+    /*Check the common name*/

+    peer=SSL_get_peer_certificate(ssl);

+    X509_NAME_get_text_by_NID

+      (X509_get_subject_name(peer),

+      NID_commonName, peer_CN, 256);

+    if(strcasecmp(peer_CN,host))

+    {

+       cwmp_log_error("Common name doesn't match host name");

+       //return CWMP_ERROR;

+    }

+    

+    return CWMP_OK;

+    

+  }

+  

+

+//int http_socket_ssl_create(http_socket_t **news, SSL_CTX *ctx, pool_t * pool)

+//{

+//    int stat;

+//    stat = http_socket_calloc(news, pool);

+//    if (stat == CWMP_ERROR)

+//    {

+//        return CWMP_ERROR;

+//    }

+//    

+//    if(! (*news)->use_ssl)

+//    { 

+//        return CWMP_ERROR;    

+//    }

+//   

+//    (*news)->ssl = SSL_new(ctx);

+//    return CWMP_OK;

+//}

+//

+

+

+

+#endif

+