| List: | Commits | « Previous MessageNext Message » | |
| From: | msvensson | Date: | September 25 2006 4:46pm |
| Subject: | bk commit into 5.1 tree (msvensson:1.2321) | ||
| View as plain text | |||
Below is the list of changes that have just been committed into a local 5.1 repository of msvensson. When msvensson does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2006-09-25 16:46:37+02:00, msvensson@neptunus.(none) +13 -0 Merge neptunus.(none):/home/msvensson/mysql/yassl_import/my50-yassl_import into neptunus.(none):/home/msvensson/mysql/yassl_import/my51-yassl_import MERGE: 1.1810.2120.1 extra/yassl/Makefile.am@stripped, 2006-09-25 16:46:34+02:00, msvensson@neptunus.(none) +1 -2 Manual merge 5.0 -> 5.1 MERGE: 1.2.1.3 extra/yassl/include/openssl/ssl.h@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.14.1.2 extra/yassl/include/yassl_int.hpp@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.11.1.2 extra/yassl/src/Makefile.am@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.10.2.1 extra/yassl/src/ssl.cpp@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +4 -10 Auto merged MERGE: 1.16.1.3 extra/yassl/src/template_instnt.cpp@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.10.1.2 extra/yassl/src/yassl_imp.cpp@stripped, 2006-09-25 16:45:09+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.8.1.3 extra/yassl/src/yassl_int.cpp@stripped, 2006-09-25 16:45:10+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.19.1.3 extra/yassl/taocrypt/Makefile.am@stripped, 2006-09-25 16:46:34+02:00, msvensson@neptunus.(none) +1 -2 Manual merge 5.0 -> 5.1 MERGE: 1.1.1.4 extra/yassl/taocrypt/benchmark/Makefile.am@stripped, 2006-09-25 16:45:10+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.1.1.1 extra/yassl/taocrypt/src/Makefile.am@stripped, 2006-09-25 16:45:10+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.13.1.1 extra/yassl/taocrypt/test/Makefile.am@stripped, 2006-09-25 16:45:10+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.1.1.1 extra/yassl/testsuite/Makefile.am@stripped, 2006-09-25 16:45:10+02:00, msvensson@neptunus.(none) +0 -0 Auto merged MERGE: 1.3.2.1 # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: msvensson # Host: neptunus.(none) # Root: /home/msvensson/mysql/yassl_import/my51-yassl_import/RESYNC --- 1.2/extra/yassl/taocrypt/benchmark/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.3/extra/yassl/taocrypt/benchmark/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,4 +1,4 @@ -INCLUDES = -I../include -I../../mySTL +INCLUDES = -I../include -I../mySTL bin_PROGRAMS = benchmark benchmark_SOURCES = benchmark.cpp benchmark_LDADD = $(top_builddir)/extra/yassl/taocrypt/src/libtaocrypt.la --- 1.2/extra/yassl/taocrypt/test/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.3/extra/yassl/taocrypt/test/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,4 +1,4 @@ -INCLUDES = -I../include -I../../mySTL +INCLUDES = -I../include -I../mySTL bin_PROGRAMS = test test_SOURCES = test.cpp test_LDADD = $(top_builddir)/extra/yassl/taocrypt/src/libtaocrypt.la --- 1.6/extra/yassl/testsuite/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.7/extra/yassl/testsuite/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,4 +1,4 @@ -INCLUDES = -I../include -I../taocrypt/include -I../mySTL +INCLUDES = -I../include -I../taocrypt/include -I../taocrypt/mySTL bin_PROGRAMS = testsuite testsuite_SOURCES = testsuite.cpp ../taocrypt/test/test.cpp \ ../examples/client/client.cpp ../examples/server/server.cpp \ --- 1.7/extra/yassl/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.8/extra/yassl/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,3 +1,3 @@ SUBDIRS = taocrypt src testsuite -EXTRA_DIST = yassl.dsp yassl.dsw yassl.vcproj $(wildcard mySTL/*.hpp) \ +EXTRA_DIST = yassl.dsp yassl.dsw yassl.vcproj \ CMakeLists.txt --- 1.16/extra/yassl/include/openssl/ssl.h 2006-09-25 16:46:43 +02:00 +++ 1.17/extra/yassl/include/openssl/ssl.h 2006-09-25 16:46:43 +02:00 @@ -41,7 +41,7 @@ #include "rsa.h" -#define YASSL_VERSION "1.3.7" +#define YASSL_VERSION "1.4.2" #if defined(__cplusplus) @@ -504,6 +504,8 @@ #define NID_commonName 13 #define V_ASN1_UTF8STRING 12 #define GEN_DNS 2 + +#define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */ typedef struct MD4_CTX { --- 1.13/extra/yassl/include/yassl_int.hpp 2006-09-25 16:46:43 +02:00 +++ 1.14/extra/yassl/include/yassl_int.hpp 2006-09-25 16:46:43 +02:00 @@ -40,6 +40,13 @@ #include "lock.hpp" #include "openssl/ssl.h" // ASN1_STRING and DH +#ifdef _POSIX_THREADS + #include <pthread.h> +#endif + + +namespace STL = STL_NAMESPACE; + namespace yaSSL { @@ -80,12 +87,35 @@ }; +// client connect state for nonblocking restart +enum ConnectState { + CONNECT_BEGIN = 0, + CLIENT_HELLO_SENT, + FIRST_REPLY_DONE, + FINISHED_DONE, + SECOND_REPLY_DONE +}; + + +// server accpet state for nonblocking restart +enum AcceptState { + ACCEPT_BEGIN = 0, + ACCEPT_FIRST_REPLY_DONE, + SERVER_HELLO_DONE, + ACCEPT_SECOND_REPLY_DONE, + ACCEPT_FINISHED_DONE, + ACCEPT_THIRD_REPLY_DONE +}; + + // combines all states class States { RecordLayerState recordLayer_; HandShakeState handshakeLayer_; ClientState clientState_; ServerState serverState_; + ConnectState connectState_; + AcceptState acceptState_; char errorString_[MAX_ERROR_SZ]; YasslError what_; public: @@ -95,6 +125,8 @@ const HandShakeState& getHandShake() const; const ClientState& getClient() const; const ServerState& getServer() const; + const ConnectState& GetConnect() const; + const AcceptState& GetAccept() const; const char* getString() const; YasslError What() const; @@ -102,6 +134,8 @@ HandShakeState& useHandShake(); ClientState& useClient(); ServerState& useServer(); + ConnectState& UseConnect(); + AcceptState& UseAccept(); char* useString(); void SetError(YasslError); private: @@ -142,8 +176,9 @@ X509_NAME(const char*, size_t sz); ~X509_NAME(); - char* GetName(); + const char* GetName() const; ASN1_STRING* GetEntry(int i); + size_t GetLength() const; private: X509_NAME(const X509_NAME&); // hide copy X509_NAME& operator=(const X509_NAME&); // and assign @@ -157,6 +192,9 @@ ~StringHolder(); ASN1_STRING* GetString(); +private: + StringHolder(const StringHolder&); // hide copy + StringHolder& operator=(const StringHolder&); // and assign }; @@ -176,6 +214,7 @@ ASN1_STRING* GetBefore(); ASN1_STRING* GetAfter(); + private: X509(const X509&); // hide copy X509& operator=(const X509&); // and assign @@ -202,6 +241,7 @@ uint bornOn_; // create time in seconds uint timeout_; // timeout in seconds RandomPool& random_; // will clean master secret + X509* peerX509_; public: explicit SSL_SESSION(RandomPool&); SSL_SESSION(const SSL&, RandomPool&); @@ -212,17 +252,20 @@ const Cipher* GetSuite() const; uint GetBornOn() const; uint GetTimeOut() const; + X509* GetPeerX509() const; void SetTimeOut(uint); SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption private: SSL_SESSION(const SSL_SESSION&); // hide copy + + void CopyX509(X509*); }; // holds all sessions class Sessions { - mySTL::list<SSL_SESSION*> list_; + STL::list<SSL_SESSION*> list_; RandomPool random_; // for session cleaning Mutex mutex_; // no-op for single threaded @@ -241,8 +284,42 @@ }; +#ifdef _POSIX_THREADS + typedef pthread_t THREAD_ID_T; +#else + typedef DWORD THREAD_ID_T; +#endif + +// thread error data +struct ThreadError { + THREAD_ID_T threadID_; + int errorID_; +}; + + +// holds all errors +class Errors { + STL::list<ThreadError> list_; + Mutex mutex_; + + Errors() {} // only GetErrors can create +public: + int Lookup(bool peek); // self lookup + void Add(int); + void Remove(); // remove self + + ~Errors() {} + + friend Errors& GetErrors(); // singleton creator +private: + Errors(const Errors&); // hide copy + Errors& operator=(const Errors); // and assign +}; + + Sessions& GetSessions(); // forward singletons sslFactory& GetSSL_Factory(); +Errors& GetErrors(); // openSSL method and context types @@ -252,8 +329,10 @@ bool verifyPeer_; // request or send certificate bool verifyNone_; // whether to verify certificate bool failNoCert_; + bool multipleProtocol_; // for SSLv23 compatibility public: - explicit SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv); + SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv, + bool multipleProtocol = false); ProtocolVersion getVersion() const; ConnectionEnd getSide() const; @@ -265,6 +344,7 @@ bool verifyPeer() const; bool verifyNone() const; bool failNoCert() const; + bool multipleProtocol() const; private: SSL_METHOD(const SSL_METHOD&); // hide copy SSL_METHOD& operator=(const SSL_METHOD&); // and assign @@ -334,7 +414,7 @@ // the SSL context class SSL_CTX { public: - typedef mySTL::list<x509*> CertList; + typedef STL::list<x509*> CertList; private: SSL_METHOD* method_; x509* certificate_; @@ -342,6 +422,8 @@ CertList caList_; Ciphers ciphers_; DH_Parms dhParms_; + pem_password_cb passwordCb_; + void* userData_; Stats stats_; Mutex mutex_; // for Stats public: @@ -354,12 +436,16 @@ const Ciphers& GetCiphers() const; const DH_Parms& GetDH_Parms() const; const Stats& GetStats() const; + pem_password_cb GetPasswordCb() const; + void* GetUserData() const; void setVerifyPeer(); void setVerifyNone(); void setFailNoCert(); bool SetCipherList(const char*); bool SetDH(const DH&); + void SetPasswordCb(pem_password_cb cb); + void SetUserData(void*); void IncrementStats(StatsField); void AddCA(x509* ca); @@ -434,13 +520,14 @@ // holds input and output buffers class Buffers { public: - typedef mySTL::list<input_buffer*> inputList; - typedef mySTL::list<output_buffer*> outputList; + typedef STL::list<input_buffer*> inputList; + typedef STL::list<output_buffer*> outputList; private: inputList dataList_; // list of users app data / handshake outputList handShakeList_; // buffered handshake msgs + input_buffer* rawInput_; // buffered raw input yet to process public: - Buffers() {} + Buffers(); ~Buffers(); const inputList& getData() const; @@ -448,6 +535,9 @@ inputList& useData(); outputList& useHandShake(); + + void SetRawInput(input_buffer*); // takes ownership + input_buffer* TakeRawInput(); // takes ownership private: Buffers(const Buffers&); // hide copy Buffers& operator=(const Buffers&); // and assign @@ -502,6 +592,7 @@ const sslFactory& getFactory() const; const Socket& getSocket() const; YasslError GetError() const; + bool GetMultiProtocol() const; Crypto& useCrypto(); Security& useSecurity(); @@ -509,6 +600,7 @@ sslHashes& useHashes(); Socket& useSocket(); Log& useLog(); + Buffers& useBuffers(); // sets void set_pending(Cipher suite); --- 1.12/extra/yassl/src/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.13/extra/yassl/src/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,4 +1,4 @@ -INCLUDES = -I../include -I../taocrypt/include -I../mySTL +INCLUDES = -I../include -I../taocrypt/include -I../taocrypt/mySTL noinst_LTLIBRARIES = libyassl.la libyassl_la_SOURCES = buffer.cpp cert_wrapper.cpp crypto_wrapper.cpp \ --- 1.21/extra/yassl/src/ssl.cpp 2006-09-25 16:46:43 +02:00 +++ 1.22/extra/yassl/src/ssl.cpp 2006-09-25 16:46:43 +02:00 @@ -42,6 +42,9 @@ #include "yassl_int.hpp" #include "md5.hpp" // for TaoCrypt MD5 size assert #include "md4.hpp" // for TaoCrypt MD4 size assert +#include "file.hpp" // for TaoCrypt Source +#include "coding.hpp" // HexDecoder +#include "helpers.hpp" // for placement new hack #include <stdio.h> #ifdef _WIN32 @@ -55,7 +58,6 @@ namespace yaSSL { -using mySTL::min; int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) @@ -93,11 +95,55 @@ } } else { - x = PemToDer(input, type); + EncryptedInfo info; + x = PemToDer(input, type, &info); if (!x) { fclose(input); return SSL_BAD_FILE; } + if (info.set) { + // decrypt + char password[80]; + pem_password_cb cb = ctx->GetPasswordCb(); + if (!cb) { + fclose(input); + return SSL_BAD_FILE; + } + int passwordSz = cb(password, sizeof(password), 0, + ctx->GetUserData()); + byte key[AES_256_KEY_SZ]; // max sizes + byte iv[AES_IV_SZ]; + + // use file's salt for key derivation, but not real iv + TaoCrypt::Source source(info.iv, info.ivSz); + TaoCrypt::HexDecoder dec(source); + memcpy(info.iv, source.get_buffer(), min((uint)sizeof(info.iv), + source.size())); + EVP_BytesToKey(info.name, "MD5", info.iv, (byte*)password, + passwordSz, 1, key, iv); + + STL::auto_ptr<BulkCipher> cipher; + if (strncmp(info.name, "DES-CBC", 7) == 0) + cipher.reset(NEW_YS DES); + else if (strncmp(info.name, "DES-EDE3-CBC", 13) == 0) + cipher.reset(NEW_YS DES_EDE); + else if (strncmp(info.name, "AES-128-CBC", 13) == 0) + cipher.reset(NEW_YS AES(AES_128_KEY_SZ)); + else if (strncmp(info.name, "AES-192-CBC", 13) == 0) + cipher.reset(NEW_YS AES(AES_192_KEY_SZ)); + else if (strncmp(info.name, "AES-256-CBC", 13) == 0) + cipher.reset(NEW_YS AES(AES_256_KEY_SZ)); + else { + fclose(input); + return SSL_BAD_FILE; + } + cipher->set_decryptKey(key, info.iv); + STL::auto_ptr<x509> newx(NEW_YS x509(x->get_length())); + cipher->decrypt(newx->use_buffer(), x->get_buffer(), + x->get_length()); + ysDelete(x); + x = newx.release(); + } } } fclose(input); @@ -140,8 +186,17 @@ SSL_METHOD* SSLv23_server_method() { - // compatibility only, no version 2 support - return SSLv3_server_method(); + // compatibility only, no version 2 support, but does SSL 3 and TLS 1 + return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1), true); +} + + +SSL_METHOD* SSLv23_client_method() +{ + // compatibility only, no version 2 support, but does SSL 3 and TLS 1 + // though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline + // TODO: maybe add support to send SSLv2 hello ??? + return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1), true); } @@ -178,14 +233,29 @@ int SSL_connect(SSL* ssl) { + if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ)) + ssl->SetError(no_error); + + ClientState neededState; + + switch (ssl->getStates().GetConnect()) { + + case CONNECT_BEGIN : sendClientHello(*ssl); - ClientState neededState = ssl->getSecurity().get_resuming() ? + if (!ssl->GetError()) + ssl->useStates().UseConnect() = CLIENT_HELLO_SENT; + + case CLIENT_HELLO_SENT : + neededState = ssl->getSecurity().get_resuming() ? serverFinishedComplete : serverHelloDoneComplete; while (ssl->getStates().getClient() < neededState) { if (ssl->GetError()) break; processReply(*ssl); } + if (!ssl->GetError()) + ssl->useStates().UseConnect() = FIRST_REPLY_DONE; + case FIRST_REPLY_DONE : if(ssl->getCrypto().get_certManager().sendVerify()) sendCertificate(*ssl); @@ -198,18 +268,32 @@ sendChangeCipher(*ssl); sendFinished(*ssl, client_end); ssl->flushBuffer(); + + if (!ssl->GetError()) + ssl->useStates().UseConnect() = FINISHED_DONE; + + case FINISHED_DONE : if (!ssl->getSecurity().get_resuming()) while (ssl->getStates().getClient() < serverFinishedComplete) { if (ssl->GetError()) break; processReply(*ssl); } + if (!ssl->GetError()) + ssl->useStates().UseConnect() = SECOND_REPLY_DONE; + case SECOND_REPLY_DONE : ssl->verifyState(serverFinishedComplete); ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); - if (ssl->GetError()) + if (ssl->GetError()) { + GetErrors().Add(ssl->GetError()); return SSL_FATAL_ERROR; + } return SSL_SUCCESS; + + default : + return SSL_FATAL_ERROR; // unkown state + } } @@ -228,7 +312,17 @@ int SSL_accept(SSL* ssl) { + if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ)) + ssl->SetError(no_error); + + switch (ssl->getStates().GetAccept()) { + + case ACCEPT_BEGIN : processReply(*ssl); + if (!ssl->GetError()) + ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE; + + case ACCEPT_FIRST_REPLY_DONE : sendServerHello(*ssl); if (!ssl->getSecurity().get_resuming()) { @@ -242,27 +336,51 @@ sendServerHelloDone(*ssl); ssl->flushBuffer(); + } + + if (!ssl->GetError()) + ssl->useStates().UseAccept() = SERVER_HELLO_DONE; + case SERVER_HELLO_DONE : + if (!ssl->getSecurity().get_resuming()) { while (ssl->getStates().getServer() < clientFinishedComplete) { if (ssl->GetError()) break; processReply(*ssl); } } + if (!ssl->GetError()) + ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE; + + case ACCEPT_SECOND_REPLY_DONE : sendChangeCipher(*ssl); sendFinished(*ssl, server_end); ssl->flushBuffer(); + + if (!ssl->GetError()) + ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE; + + case ACCEPT_FINISHED_DONE : if (ssl->getSecurity().get_resuming()) { while (ssl->getStates().getServer() < clientFinishedComplete) { if (ssl->GetError()) break; processReply(*ssl); } } + if (!ssl->GetError()) + ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE; + case ACCEPT_THIRD_REPLY_DONE : ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); - if (ssl->GetError()) + if (ssl->GetError()) { + GetErrors().Add(ssl->GetError()); return SSL_FATAL_ERROR; + } return SSL_SUCCESS; + + default: + return SSL_FATAL_ERROR; // unknown state + } } @@ -278,6 +396,8 @@ int SSL_clear(SSL* ssl) { ssl->useSocket().closeSocket(); + GetErrors().Remove(); + return SSL_SUCCESS; } @@ -289,6 +409,8 @@ ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true); ssl->useSocket().closeSocket(); + GetErrors().Remove(); + return SSL_SUCCESS; } @@ -762,9 +884,8 @@ // be created BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal) { - using mySTL::auto_ptr; bool created = false; - auto_ptr<BIGNUM> bn(ysDelete); + mySTL::auto_ptr<BIGNUM> bn; if (!retVal) { created = true; @@ -825,7 +946,7 @@ const EVP_CIPHER* EVP_des_ede3_cbc(void) { - static const char* type = "DES_EDE3_CBC"; + static const char* type = "DES-EDE3-CBC"; return type; } @@ -836,16 +957,37 @@ // only support MD5 for now if (strncmp(md, "MD5", 3)) return 0; - // only support DES_EDE3_CBC for now - if (strncmp(type, "DES_EDE3_CBC", 12)) return 0; + int keyLen = 0; + int ivLen = 0; + + // only support CBC DES and AES for now + if (strncmp(type, "DES-CBC", 7) == 0) { + keyLen = DES_KEY_SZ; + ivLen = DES_IV_SZ; + } + else if (strncmp(type, "DES-EDE3-CBC", 12) == 0) { + keyLen = DES_EDE_KEY_SZ; + ivLen = DES_IV_SZ; + } + else if (strncmp(type, "AES-128-CBC", 11) == 0) { + keyLen = AES_128_KEY_SZ; + ivLen = AES_IV_SZ; + } + else if (strncmp(type, "AES-192-CBC", 11) == 0) { + keyLen = AES_192_KEY_SZ; + ivLen = AES_IV_SZ; + } + else if (strncmp(type, "AES-256-CBC", 11) == 0) { + keyLen = AES_256_KEY_SZ; + ivLen = AES_IV_SZ; + } + else + return 0; yaSSL::MD5 myMD; uint digestSz = myMD.get_digestSize(); byte digest[SHA_LEN]; // max size - yaSSL::DES_EDE cipher; - int keyLen = cipher.get_keySize(); - int ivLen = cipher.get_ivSize(); int keyLeft = keyLen; int ivLeft = ivLen; int keyOutput = 0; @@ -878,7 +1020,7 @@ if (ivLeft && digestLeft) { int store = min(ivLeft, digestLeft); - memcpy(&iv[ivLen - ivLeft], digest, store); + memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store); keyOutput += store; ivLeft -= store; @@ -954,10 +1096,9 @@ } -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata) +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata) { - // yaSSL doesn't support yet, unencrypt your PEM file with userdata - // before handing off to yaSSL + ctx->SetUserData(userdata); } @@ -1034,12 +1175,6 @@ } -SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */ -{ - return SSLv3_client_method(); -} - - SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */ { return 0; @@ -1363,9 +1498,9 @@ } - void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb) + void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb) { - // TDOD: + ctx->SetPasswordCb(cb); } @@ -1428,7 +1563,7 @@ void ERR_remove_state(unsigned long) { - // TODO: + GetErrors().Remove(); } @@ -1437,16 +1572,30 @@ return l & 0xfff; } + unsigned long err_helper(bool peek = false) + { + int ysError = GetErrors().Lookup(peek); + + // translate cert error for libcurl, it uses OpenSSL hex code + switch (ysError) { + case TaoCrypt::SIG_OTHER_E: + return CERTFICATE_ERROR; + break; + default : + return 0; + } + } + unsigned long ERR_peek_error() { - return 0; // TODO: + return err_helper(true); } unsigned long ERR_get_error() { - return ERR_peek_error(); + return err_helper(); } --- 1.12/extra/yassl/src/template_instnt.cpp 2006-09-25 16:46:43 +02:00 +++ 1.13/extra/yassl/src/template_instnt.cpp 2006-09-25 16:46:43 +02:00 @@ -65,6 +65,19 @@ template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero); +template bool list<yaSSL::ThreadError>::erase(list<yaSSL::ThreadError>::iterator); +template void list<yaSSL::ThreadError>::push_back(yaSSL::ThreadError); +template void list<yaSSL::ThreadError>::pop_front(); +template void list<yaSSL::ThreadError>::pop_back(); +template list<yaSSL::ThreadError>::~list(); +template pair<int, yaSSL::Message* (*)()>* GetArrayMemory<pair<int, yaSSL::Message* (*)()> >(size_t); +template void FreeArrayMemory<pair<int, yaSSL::Message* (*)()> >(pair<int, yaSSL::Message* (*)()>*); +template pair<int, yaSSL::HandShakeBase* (*)()>* GetArrayMemory<pair<int, yaSSL::HandShakeBase* (*)()> >(size_t); +template void FreeArrayMemory<pair<int, yaSSL::HandShakeBase* (*)()> >(pair<int, yaSSL::HandShakeBase* (*)()>*); +template pair<int, yaSSL::ServerKeyBase* (*)()>* GetArrayMemory<pair<int, yaSSL::ServerKeyBase* (*)()> >(size_t); +template void FreeArrayMemory<pair<int, yaSSL::ServerKeyBase* (*)()> >(pair<int, yaSSL::ServerKeyBase* (*)()>*); +template pair<int, yaSSL::ClientKeyBase* (*)()>* GetArrayMemory<pair<int, yaSSL::ClientKeyBase* (*)()> >(size_t); +template void FreeArrayMemory<pair<int, yaSSL::ClientKeyBase* (*)()> >(pair<int, yaSSL::ClientKeyBase* (*)()>*); } namespace yaSSL { @@ -90,8 +103,12 @@ template void ysDelete<Message>(Message*); template void ysDelete<sslFactory>(sslFactory*); template void ysDelete<Sessions>(Sessions*); +template void ysDelete<Errors>(Errors*); template void ysArrayDelete<unsigned char>(unsigned char*); template void ysArrayDelete<char>(char*); + +template int min<int>(int, int); +template unsigned int min<unsigned int>(unsigned int, unsigned int); } #endif // HAVE_EXPLICIT_TEMPLATE_INSTANTIATION --- 1.11/extra/yassl/src/yassl_imp.cpp 2006-09-25 16:46:43 +02:00 +++ 1.12/extra/yassl/src/yassl_imp.cpp 2006-09-25 16:46:43 +02:00 @@ -139,7 +139,7 @@ parms_.alloc_pub(pubSz)); short sigSz = 0; - mySTL::auto_ptr<Auth> auth(ysDelete); + mySTL::auto_ptr<Auth> auth; const CertManager& cert = ssl.getCrypto().get_certManager(); if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) @@ -151,9 +151,11 @@ sigSz += DSS_ENCODED_EXTRA; } - sigSz += auth->get_signatureLength(); - + if (!sigSz) { + ssl.SetError(privateKey_error); + return; + } length_ = 8; // pLen + gLen + YsLen + SigLen length_ += pSz + gSz + pubSz + sigSz; @@ -612,7 +614,7 @@ { ssl.verifyState(*this); const HandShakeFactory& hsf = ssl.getFactory().getHandShake(); - mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_), ysDelete); + mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_)); if (!hs.get()) { ssl.SetError(factory_error); return; @@ -1214,6 +1216,20 @@ // Server Hello processing handler void ServerHello::Process(input_buffer&, SSL& ssl) { + if (ssl.GetMultiProtocol()) { // SSLv23 support + if (ssl.isTLS() && server_version_.minor_ < 1) + // downgrade to SSLv3 + ssl.useSecurity().use_connection().TurnOffTLS(); + } + else if (ssl.isTLS() && server_version_.minor_ < 1) { + ssl.SetError(badVersion_error); + return; + } + else if (!ssl.isTLS() && (server_version_.major_ == 3 && + server_version_.minor_ >= 1)) { + ssl.SetError(badVersion_error); + return; + } ssl.set_pending(cipher_suite_[1]); ssl.set_random(random_, server_end); if (id_len_) @@ -1384,11 +1400,23 @@ // Client Hello processing handler void ClientHello::Process(input_buffer&, SSL& ssl) { - if (ssl.isTLS() && client_version_.minor_ == 0) { + if (ssl.GetMultiProtocol()) { // SSLv23 support + if (ssl.isTLS() && client_version_.minor_ < 1) { + // downgrade to SSLv3 ssl.useSecurity().use_connection().TurnOffTLS(); ProtocolVersion pv = ssl.getSecurity().get_connection().version_; ssl.useSecurity().use_parms().SetSuites(pv); // reset w/ SSL suites } + } + else if (ssl.isTLS() && client_version_.minor_ < 1) { + ssl.SetError(badVersion_error); + return; + } + else if (!ssl.isTLS() && (client_version_.major_ == 3 && + client_version_.minor_ >= 1)) { + ssl.SetError(badVersion_error); + return; + } ssl.set_random(random_, client_end); while (id_len_) { // trying to resume @@ -1541,7 +1569,7 @@ CertificateRequest::~CertificateRequest() { - mySTL::for_each(certificate_authorities_.begin(), + STL::for_each(certificate_authorities_.begin(), certificate_authorities_.end(), del_ptr_zero()) ; } @@ -1634,9 +1662,9 @@ request.typeTotal_ - REQUEST_HEADER, tmp); output.write(tmp, sizeof(tmp)); - mySTL::list<DistinguishedName>::const_iterator first = + STL::list<DistinguishedName>::const_iterator first = request.certificate_authorities_.begin(); - mySTL::list<DistinguishedName>::const_iterator last = + STL::list<DistinguishedName>::const_iterator last = request.certificate_authorities_.end(); while (first != last) { uint16 sz; @@ -1684,7 +1712,7 @@ uint16 sz = 0; byte len[VERIFY_HEADER]; - mySTL::auto_ptr<byte> sig(ysArrayDelete); + mySTL::auto_array<byte> sig; // sign const CertManager& cert = ssl.getCrypto().get_certManager(); --- 1.22/extra/yassl/src/yassl_int.cpp 2006-09-25 16:46:43 +02:00 +++ 1.23/extra/yassl/src/yassl_int.cpp 2006-09-25 16:46:43 +02:00 @@ -33,6 +33,10 @@ #include "handshake.hpp" #include "timer.hpp" +#ifdef _POSIX_THREADS + #include "pthread.h" +#endif + #ifdef YASSL_PURE_C @@ -74,7 +78,6 @@ namespace yaSSL { -using mySTL::min; @@ -155,6 +158,7 @@ States::States() : recordLayer_(recordReady), handshakeLayer_(preHandshake), clientState_(serverNull), serverState_(clientNull), + connectState_(CONNECT_BEGIN), acceptState_(ACCEPT_BEGIN), what_(no_error) {} const RecordLayerState& States::getRecord() const @@ -181,6 +185,18 @@ } +const ConnectState& States::GetConnect() const +{ + return connectState_; +} + + +const AcceptState& States::GetAccept() const +{ + return acceptState_; +} + + const char* States::getString() const { return errorString_; @@ -217,6 +233,18 @@ } +ConnectState& States::UseConnect() +{ + return connectState_; +} + + +AcceptState& States::UseAccept() +{ + return acceptState_; +} + + char* States::useString() { return errorString_; @@ -722,6 +750,12 @@ } +Buffers& SSL::useBuffers() +{ + return buffers_; +} + + // locals namespace { @@ -959,7 +993,7 @@ uint SSL::bufferedData() { - return mySTL::for_each(buffers_.getData().begin(),buffers_.getData().end(), + return STL::for_each(buffers_.getData().begin(),buffers_.getData().end(), SumData()).total_; } @@ -1002,7 +1036,7 @@ data.set_length(0); // output, actual data filled dataSz = min(dataSz, bufferedData()); - Buffers::inputList::iterator front = buffers_.getData().begin(); + Buffers::inputList::iterator front = buffers_.useData().begin(); while (elements) { uint frontSz = (*front)->get_remaining(); @@ -1027,7 +1061,7 @@ { if (GetError()) return; - uint sz = mySTL::for_each(buffers_.getHandShake().begin(), + uint sz = STL::for_each(buffers_.getHandShake().begin(), buffers_.getHandShake().end(), SumBuffer()).total_; output_buffer out(sz); @@ -1213,8 +1247,10 @@ void SSL::set_session(SSL_SESSION* s) { - if (s && GetSessions().lookup(s->GetID(), &secure_.use_resume())) + if (s && GetSessions().lookup(s->GetID(), &secure_.use_resume())) { secure_.set_resuming(true); + crypto_.use_certManager().setPeerX509(s->GetPeerX509()); + } } @@ -1260,6 +1296,12 @@ } +bool SSL::GetMultiProtocol() const +{ + return secure_.GetContext()->getMethod()->multipleProtocol(); +} + + Crypto& SSL::useCrypto() { return crypto_; @@ -1314,9 +1356,25 @@ } +void SSL_SESSION::CopyX509(X509* x) +{ + assert(peerX509_ == 0); + if (x == 0) return; + + X509_NAME* issuer = x->GetIssuer(); + X509_NAME* subject = x->GetSubject(); + ASN1_STRING* before = x->GetBefore(); + ASN1_STRING* after = x->GetAfter(); + + peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), + subject->GetName(), subject->GetLength(), (const char*) before->data, + before->length, (const char*) after->data, after->length); +} + + // store connection parameters SSL_SESSION::SSL_SESSION(const SSL& ssl, RandomPool& ran) - : timeout_(DEFAULT_TIMEOUT), random_(ran) + : timeout_(DEFAULT_TIMEOUT), random_(ran), peerX509_(0) { const Connection& conn = ssl.getSecurity().get_connection(); @@ -1325,12 +1383,14 @@ memcpy(suite_, ssl.getSecurity().get_parms().suite_, SUITE_LEN); bornOn_ = lowResTimer(); + + CopyX509(ssl.getCrypto().get_certManager().get_peerX509()); } // for resumption copy in ssl::parameters SSL_SESSION::SSL_SESSION(RandomPool& ran) - : bornOn_(0), timeout_(0), random_(ran) + : bornOn_(0), timeout_(0), random_(ran), peerX509_(0) { memset(sessionID_, 0, ID_LEN); memset(master_secret_, 0, SECRET_LEN); @@ -1347,6 +1407,12 @@ bornOn_ = that.bornOn_; timeout_ = that.timeout_; + if (peerX509_) { + ysDelete(peerX509_); + peerX509_ = 0; + } + CopyX509(that.peerX509_); + return *this; } @@ -1369,6 +1435,12 @@ } +X509* SSL_SESSION::GetPeerX509() const +{ + return peerX509_; +} + + uint SSL_SESSION::GetBornOn() const { return bornOn_; @@ -1395,6 +1467,8 @@ { volatile opaque* p = master_secret_; clean(p, SECRET_LEN, random_); + + ysDelete(peerX509_); } @@ -1418,6 +1492,15 @@ } +static Errors* errorsInstance = 0; + +Errors& GetErrors() +{ + if (!errorsInstance) + errorsInstance = NEW_YS Errors; + return *errorsInstance; +} + typedef Mutex::Lock Lock; @@ -1433,14 +1516,15 @@ Sessions::~Sessions() { - mySTL::for_each(list_.begin(), list_.end(), del_ptr_zero()); + STL::for_each(list_.begin(), list_.end(), del_ptr_zero()); } // locals namespace yassl_int_cpp_local2 { // for explicit templates -typedef mySTL::list<SSL_SESSION*>::iterator iterator; +typedef STL::list<SSL_SESSION*>::iterator sess_iterator; +typedef STL::list<ThreadError>::iterator thr_iterator; struct sess_match { const opaque* id_; @@ -1455,6 +1539,28 @@ }; +THREAD_ID_T GetSelf() +{ +#ifndef _POSIX_THREADS + return GetCurrentThreadId(); +#else + return pthread_self(); +#endif +} + +struct thr_match { + THREAD_ID_T id_; + explicit thr_match() : id_(GetSelf()) {} + + bool operator()(ThreadError thr) + { + if (thr.threadID_ == id_) + return true; + return false; + } +}; + + } // local namespace using namespace yassl_int_cpp_local2; @@ -1463,8 +1569,8 @@ SSL_SESSION* Sessions::lookup(const opaque* id, SSL_SESSION* copy) { Lock guard(mutex_); - iterator find = mySTL::find_if(list_.begin(), list_.end(), sess_match(id)); - + sess_iterator find = STL::find_if(list_.begin(), list_.end(), + sess_match(id)); if (find != list_.end()) { uint current = lowResTimer(); if ( ((*find)->GetBornOn() + (*find)->GetTimeOut()) < current) { @@ -1484,8 +1590,8 @@ void Sessions::remove(const opaque* id) { Lock guard(mutex_); - iterator find = mySTL::find_if(list_.begin(), list_.end(), sess_match(id)); - + sess_iterator find = STL::find_if(list_.begin(), list_.end(), + sess_match(id)); if (find != list_.end()) { del_ptr_zero()(*find); list_.erase(find); @@ -1493,9 +1599,51 @@ } -SSL_METHOD::SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv) +// remove a self thread error +void Errors::Remove() +{ + Lock guard(mutex_); + thr_iterator find = STL::find_if(list_.begin(), list_.end(), + thr_match()); + if (find != list_.end()) + list_.erase(find); +} + + +// lookup self error code +int Errors::Lookup(bool peek) +{ + Lock guard(mutex_); + thr_iterator find = STL::find_if(list_.begin(), list_.end(), + thr_match()); + if (find != list_.end()) { + int ret = find->errorID_; + if (!peek) + list_.erase(find); + return ret; + } + else + return 0; +} + + +// add a new error code for self +void Errors::Add(int error) +{ + ThreadError add; + add.errorID_ = error; + add.threadID_ = GetSelf(); + + Remove(); // may have old error + + Lock guard(mutex_); + list_.push_back(add); +} + + +SSL_METHOD::SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv, bool multiProto) : version_(pv), side_(ce), verifyPeer_(false), verifyNone_(false), - failNoCert_(false) + failNoCert_(false), multipleProtocol_(multiProto) {} @@ -1547,8 +1695,15 @@ } +bool SSL_METHOD::multipleProtocol() const +{ + return multipleProtocol_; +} + + SSL_CTX::SSL_CTX(SSL_METHOD* meth) - : method_(meth), certificate_(0), privateKey_(0) + : method_(meth), certificate_(0), privateKey_(0), passwordCb_(0), + userData_(0) {} @@ -1558,7 +1713,7 @@ ysDelete(certificate_); ysDelete(privateKey_); - mySTL::for_each(caList_.begin(), caList_.end(), del_ptr_zero()); + STL::for_each(caList_.begin(), caList_.end(), del_ptr_zero()); } @@ -1611,6 +1766,30 @@ } +pem_password_cb SSL_CTX::GetPasswordCb() const +{ + return passwordCb_; +} + + +void SSL_CTX::SetPasswordCb(pem_password_cb cb) +{ + passwordCb_ = cb; +} + + +void* SSL_CTX::GetUserData() const +{ + return userData_; +} + + +void SSL_CTX::SetUserData(void* data) +{ + userData_ = data; +} + + void SSL_CTX::setVerifyPeer() { method_->setVerifyPeer(); @@ -1914,12 +2093,33 @@ } +Buffers::Buffers() : rawInput_(0) +{} + + Buffers::~Buffers() { - mySTL::for_each(handShakeList_.begin(), handShakeList_.end(), + STL::for_each(handShakeList_.begin(), handShakeList_.end(), del_ptr_zero()) ; - mySTL::for_each(dataList_.begin(), dataList_.end(), + STL::for_each(dataList_.begin(), dataList_.end(), del_ptr_zero()) ; + ysDelete(rawInput_); +} + + +void Buffers::SetRawInput(input_buffer* ib) +{ + assert(rawInput_ == 0); + rawInput_ = ib; +} + + +input_buffer* Buffers::TakeRawInput() +{ + input_buffer* ret = rawInput_; + rawInput_ = 0; + + return ret; } @@ -2026,12 +2226,18 @@ } -char* X509_NAME::GetName() +const char* X509_NAME::GetName() const { return name_; } +size_t X509_NAME::GetLength() const +{ + return sz_; +} + + X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, const char* b, int bSz, const char* a, int aSz) : issuer_(i, iSz), subject_(s, sSz), @@ -2114,10 +2320,12 @@ TaoCrypt::CleanUp(); yaSSL::ysDelete(yaSSL::sslFactoryInstance); yaSSL::ysDelete(yaSSL::sessionsInstance); + yaSSL::ysDelete(yaSSL::errorsInstance); // In case user calls more than once, prevent seg fault yaSSL::sslFactoryInstance = 0; yaSSL::sessionsInstance = 0; + yaSSL::errorsInstance = 0; } @@ -2126,6 +2334,7 @@ template yaSSL::yassl_int_cpp_local1::SumData for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::yassl_int_cpp_local1::SumData>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::yassl_int_cpp_local1::SumData); template yaSSL::yassl_int_cpp_local1::SumBuffer for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::yassl_int_cpp_local1::SumBuffer>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::yassl_int_cpp_local1::SumBuffer); template mySTL::list<yaSSL::SSL_SESSION*>::iterator find_if<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::yassl_int_cpp_local2::sess_match>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::yassl_int_cpp_local2::sess_match); +template mySTL::list<yaSSL::ThreadError>::iterator find_if<mySTL::list<yaSSL::ThreadError>::iterator, yaSSL::yassl_int_cpp_local2::thr_match>(mySTL::list<yaSSL::ThreadError>::iterator, mySTL::list<yaSSL::ThreadError>::iterator, yaSSL::yassl_int_cpp_local2::thr_match); } #endif --- 1.6/extra/yassl/taocrypt/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.7/extra/yassl/taocrypt/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,2 +1,2 @@ SUBDIRS = src test benchmark -EXTRA_DIST = taocrypt.dsw taocrypt.dsp taocrypt.vcproj CMakeLists.txt +EXTRA_DIST = taocrypt.dsw taocrypt.dsp taocrypt.vcproj CMakeLists.txt $(wildcard mySTL/*.hpp) --- 1.14/extra/yassl/taocrypt/src/Makefile.am 2006-09-25 16:46:43 +02:00 +++ 1.15/extra/yassl/taocrypt/src/Makefile.am 2006-09-25 16:46:43 +02:00 @@ -1,4 +1,4 @@ -INCLUDES = -I../include -I../../mySTL +INCLUDES = -I../include -I../mySTL noinst_LTLIBRARIES = libtaocrypt.la
| Thread | ||
|---|---|---|
| • bk commit into 5.1 tree (msvensson:1.2321) | msvensson | 25 Sep |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.883 sec. using MySQL 5.1.14-beta-log