Below is the list of changes that have just been committed into a local
5.0 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2006-11-29 09:21:37+01:00, msvensson@shellback.(none) +54 -0
Import version 1.50 of yaSSL
extra/yassl/README@stripped, 2006-11-09 21:20:55+01:00, msvensson@shellback.(none) +53 -13
Import patch yassl.diff
extra/yassl/examples/client/client.cpp@stripped, 2006-10-19 01:36:53+02:00, msvensson@shellback.(none) +49 -26
Import patch yassl.diff
extra/yassl/examples/echoclient/echoclient.cpp@stripped, 2006-10-17 02:33:14+02:00, msvensson@shellback.(none) +12 -13
Import patch yassl.diff
extra/yassl/examples/echoserver/echoserver.cpp@stripped, 2006-10-19 01:36:53+02:00, msvensson@shellback.(none) +8 -3
Import patch yassl.diff
extra/yassl/examples/server/server.cpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +31 -2
Import patch yassl.diff
extra/yassl/include/factory.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +1 -6
Import patch yassl.diff
extra/yassl/include/openssl/prefix_ssl.h@stripped, 2006-11-29 09:21:33+01:00, msvensson@shellback.(none) +4 -0
New prefic file for ssl.h generated
extra/yassl/include/openssl/ssl.h@stripped, 2006-11-09 21:20:55+01:00, msvensson@shellback.(none) +8 -1
Import patch yassl.diff
extra/yassl/include/socket_wrapper.hpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +3 -3
Import patch yassl.diff
extra/yassl/include/yassl_error.hpp@stripped, 2006-10-19 01:36:53+02:00, msvensson@shellback.(none) +4 -1
Import patch yassl.diff
extra/yassl/include/yassl_imp.hpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +9 -6
Import patch yassl.diff
extra/yassl/include/yassl_int.hpp@stripped, 2006-11-09 21:20:55+01:00, msvensson@shellback.(none) +11 -0
Import patch yassl.diff
extra/yassl/include/yassl_types.hpp@stripped, 2006-10-19 01:36:53+02:00, msvensson@shellback.(none) +2 -1
Import patch yassl.diff
extra/yassl/src/handshake.cpp@stripped, 2006-11-09 21:20:56+01:00, msvensson@shellback.(none) +81 -20
Import patch yassl.diff
extra/yassl/src/make.bat@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +1 -1
Import patch yassl.diff
extra/yassl/src/socket_wrapper.cpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +5 -5
Import patch yassl.diff
extra/yassl/src/ssl.cpp@stripped, 2006-11-09 21:20:56+01:00, msvensson@shellback.(none) +93 -59
Import patch yassl.diff
extra/yassl/src/yassl_error.cpp@stripped, 2006-10-19 01:36:53+02:00, msvensson@shellback.(none) +12 -0
Import patch yassl.diff
extra/yassl/src/yassl_imp.cpp@stripped, 2006-11-09 21:20:56+01:00, msvensson@shellback.(none) +120 -31
Import patch yassl.diff
extra/yassl/src/yassl_int.cpp@stripped, 2006-11-09 21:20:56+01:00, msvensson@shellback.(none) +159 -1
Import patch yassl.diff
extra/yassl/taocrypt/benchmark/make.bat@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +1 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/aes.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +9 -4
Import patch yassl.diff
extra/yassl/taocrypt/include/algebra.hpp@stripped, 2006-11-21 20:21:04+01:00, msvensson@shellback.(none) +2 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/arc4.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +2 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/asn.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +5 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/block.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +6 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/blowfish.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +13 -5
Import patch yassl.diff
extra/yassl/taocrypt/include/des.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +11 -14
Import patch yassl.diff
extra/yassl/taocrypt/include/integer.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +7 -3
Import patch yassl.diff
extra/yassl/taocrypt/include/md5.hpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +7 -0
Import patch yassl.diff
extra/yassl/taocrypt/include/misc.hpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +11 -8
Import patch yassl.diff
extra/yassl/taocrypt/include/modes.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +20 -2
Import patch yassl.diff
extra/yassl/taocrypt/include/ripemd.hpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +7 -0
Import patch yassl.diff
extra/yassl/taocrypt/include/rsa.hpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +2 -1
Import patch yassl.diff
extra/yassl/taocrypt/include/sha.hpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +7 -0
Import patch yassl.diff
extra/yassl/taocrypt/include/twofish.hpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +12 -5
Import patch yassl.diff
extra/yassl/taocrypt/src/aes.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +6 -20
Import patch yassl.diff
extra/yassl/taocrypt/src/algebra.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +5 -1
Import patch yassl.diff
extra/yassl/taocrypt/src/arc4.cpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +12 -3
Import patch yassl.diff
extra/yassl/taocrypt/src/blowfish.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +6 -19
Import patch yassl.diff
extra/yassl/taocrypt/src/des.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +11 -43
Import patch yassl.diff
extra/yassl/taocrypt/src/integer.cpp@stripped, 2006-10-11 23:31:37+02:00, msvensson@shellback.(none) +33 -46
Import patch yassl.diff
extra/yassl/taocrypt/src/make.bat@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +3 -2
Import patch yassl.diff
extra/yassl/taocrypt/src/md4.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +5 -1
Import patch yassl.diff
extra/yassl/taocrypt/src/md5.cpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +15 -22
Import patch yassl.diff
extra/yassl/taocrypt/src/misc.cpp@stripped, 2006-10-17 02:33:15+02:00, msvensson@shellback.(none) +138 -0
Import patch yassl.diff
extra/yassl/taocrypt/src/random.cpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +3 -0
Import patch yassl.diff
extra/yassl/taocrypt/src/ripemd.cpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +17 -21
Import patch yassl.diff
extra/yassl/taocrypt/src/sha.cpp@stripped, 2006-10-05 23:32:32+02:00, msvensson@shellback.(none) +19 -22
Import patch yassl.diff
extra/yassl/taocrypt/src/twofish.cpp@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +6 -19
Import patch yassl.diff
extra/yassl/taocrypt/test/make.bat@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +1 -1
Import patch yassl.diff
extra/yassl/taocrypt/test/test.cpp@stripped, 2006-11-02 19:10:43+01:00, msvensson@shellback.(none) +2 -0
Import patch yassl.diff
extra/yassl/testsuite/make.bat@stripped, 2006-10-05 05:18:12+02:00, msvensson@shellback.(none) +1 -1
Import patch yassl.diff
extra/yassl/testsuite/test.hpp@stripped, 2006-11-09 21:42:16+01:00, msvensson@shellback.(none) +45 -22
Import patch yassl.diff
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: msvensson
# Host: shellback.(none)
# Root: /home/msvensson/mysql/yassl_import/my50-yassl_import
--- 1.4/extra/yassl/examples/client/client.cpp 2006-11-29 09:21:43 +01:00
+++ 1.5/extra/yassl/examples/client/client.cpp 2006-11-29 09:21:43 +01:00
@@ -5,6 +5,35 @@
//#define TEST_RESUME
+void ClientError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& sockfd, const char* msg)
+{
+ SSL_CTX_free(ctx);
+ SSL_free(ssl);
+ tcp_close(sockfd);
+ err_sys(msg);
+}
+
+
+#ifdef NON_BLOCKING
+ void NonBlockingSSL_Connect(SSL* ssl, SSL_CTX* ctx, SOCKET_T& sockfd)
+ {
+ int ret = SSL_connect(ssl);
+ while (ret =! SSL_SUCCESS && SSL_get_error(ssl, 0) ==
+ SSL_ERROR_WANT_READ) {
+ printf("... client would block\n");
+ #ifdef _WIN32
+ Sleep(1000);
+ #else
+ sleep(1);
+ #endif
+ ret = SSL_connect(ssl);
+ }
+ if (ret != SSL_SUCCESS)
+ ClientError(ctx, ssl, sockfd, "SSL_connect failed");
+ }
+#endif
+
+
void client_test(void* args)
{
#ifdef _WIN32
@@ -18,6 +47,9 @@
set_args(argc, argv, *static_cast<func_args*>(args));
tcp_connect(sockfd);
+#ifdef NON_BLOCKING
+ tcp_set_nonblocking(sockfd);
+#endif
SSL_METHOD* method = TLSv1_client_method();
SSL_CTX* ctx = SSL_CTX_new(method);
@@ -27,13 +59,13 @@
SSL_set_fd(ssl, sockfd);
+
+#ifdef NON_BLOCKING
+ NonBlockingSSL_Connect(ssl, ctx, sockfd);
+#else
if (SSL_connect(ssl) != SSL_SUCCESS)
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL_connect failed");
- }
+ ClientError(ctx, ssl, sockfd, "SSL_connect failed");
+#endif
showPeer(ssl);
const char* cipher = 0;
@@ -49,16 +81,14 @@
char msg[] = "hello yassl!";
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL_write failed");
- }
+ ClientError(ctx, ssl, sockfd, "SSL_write failed");
char reply[1024];
- reply[SSL_read(ssl, reply, sizeof(reply))] = 0;
+ int input = SSL_read(ssl, reply, sizeof(reply));
+ if (input > 0) {
+ reply[input] = 0;
printf("Server response: %s\n", reply);
+ }
#ifdef TEST_RESUME
SSL_SESSION* session = SSL_get_session(ssl);
@@ -75,24 +105,17 @@
SSL_set_session(sslResume, session);
if (SSL_connect(sslResume) != SSL_SUCCESS)
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL resume failed");
- }
+ ClientError(ctx, sslResume, sockfd, "SSL_resume failed");
showPeer(sslResume);
if (SSL_write(sslResume, msg, sizeof(msg)) != sizeof(msg))
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL_write failed");
- }
+ ClientError(ctx, sslResume, sockfd, "SSL_write failed");
- reply[SSL_read(sslResume, reply, sizeof(reply))] = 0;
+ input = SSL_read(sslResume, reply, sizeof(reply));
+ if (input > 0) {
+ reply[input] = 0;
printf("Server response: %s\n", reply);
+ }
SSL_shutdown(sslResume);
SSL_free(sslResume);
--- 1.3/extra/yassl/examples/echoclient/echoclient.cpp 2006-11-29 09:21:43 +01:00
+++ 1.4/extra/yassl/examples/echoclient/echoclient.cpp 2006-11-29 09:21:43 +01:00
@@ -3,6 +3,15 @@
#include "../../testsuite/test.hpp"
+void EchoClientError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& sockfd, const char* msg)
+{
+ SSL_CTX_free(ctx);
+ SSL_free(ssl);
+ tcp_close(sockfd);
+ err_sys(msg);
+}
+
+
void echoclient_test(void* args)
{
#ifdef _WIN32
@@ -35,7 +44,7 @@
tcp_connect(sockfd);
- SSL_METHOD* method = TLSv1_client_method();
+ SSL_METHOD* method = SSLv23_client_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_certs(ctx);
SSL* ssl = SSL_new(ctx);
@@ -43,12 +52,7 @@
SSL_set_fd(ssl, sockfd);
if (SSL_connect(ssl) != SSL_SUCCESS)
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL_connect failed");
- }
+ EchoClientError(ctx, ssl, sockfd, "SSL_connect failed");
char send[1024];
char reply[1024];
@@ -57,12 +61,7 @@
int sendSz = strlen(send) + 1;
if (SSL_write(ssl, send, sendSz) != sendSz)
- {
- SSL_CTX_free(ctx);
- SSL_free(ssl);
- tcp_close(sockfd);
- err_sys("SSL_write failed");
- }
+ EchoClientError(ctx, ssl, sockfd, "SSL_write failed");
if (strncmp(send, "quit", 4) == 0) {
fputs("sending server shutdown command: quit!\n", fout);
--- 1.5/extra/yassl/examples/echoserver/echoserver.cpp 2006-11-29 09:21:43 +01:00
+++ 1.6/extra/yassl/examples/echoserver/echoserver.cpp 2006-11-29 09:21:43 +01:00
@@ -56,7 +56,7 @@
tcp_listen(sockfd);
- SSL_METHOD* method = TLSv1_server_method();
+ SSL_METHOD* method = SSLv23_server_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_serverCerts(ctx);
@@ -87,8 +87,12 @@
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
- if (SSL_accept(ssl) != SSL_SUCCESS)
- EchoError(ctx, ssl, sockfd, clientfd, "SSL_accept failed");
+ if (SSL_accept(ssl) != SSL_SUCCESS) {
+ printf("SSL_accept failed\n");
+ SSL_free(ssl);
+ tcp_close(clientfd);
+ continue;
+ }
char command[1024];
int echoSz(0);
@@ -130,6 +134,7 @@
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
}
+ SSL_shutdown(ssl);
SSL_free(ssl);
tcp_close(clientfd);
}
--- 1.4/extra/yassl/examples/server/server.cpp 2006-11-29 09:21:43 +01:00
+++ 1.5/extra/yassl/examples/server/server.cpp 2006-11-29 09:21:43 +01:00
@@ -13,6 +13,26 @@
}
+#ifdef NON_BLOCKING
+ void NonBlockingSSL_Accept(SSL* ssl, SSL_CTX* ctx, SOCKET_T& clientfd)
+ {
+ int ret = SSL_accept(ssl);
+ while (ret != SSL_SUCCESS && SSL_get_error(ssl, 0) ==
+ SSL_ERROR_WANT_READ) {
+ printf("... server would block\n");
+ #ifdef _WIN32
+ Sleep(1000);
+ #else
+ sleep(1);
+ #endif
+ ret = SSL_accept(ssl);
+ }
+ if (ret != SSL_SUCCESS)
+ ServerError(ctx, ssl, clientfd, "SSL_accept failed");
+ }
+#endif
+
+
THREAD_RETURN YASSL_API server_test(void* args)
{
#ifdef _WIN32
@@ -33,7 +53,7 @@
SSL_METHOD* method = TLSv1_server_method();
SSL_CTX* ctx = SSL_CTX_new(method);
- //SSL_CTX_set_cipher_list(ctx, "RC4-SHA");
+ //SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
set_serverCerts(ctx);
DH* dh = set_tmpDH(ctx);
@@ -41,15 +61,22 @@
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
+#ifdef NON_BLOCKING
+ NonBlockingSSL_Accept(ssl, ctx, clientfd);
+#else
if (SSL_accept(ssl) != SSL_SUCCESS)
ServerError(ctx, ssl, clientfd, "SSL_accept failed");
+#endif
showPeer(ssl);
printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));
char command[1024];
- command[SSL_read(ssl, command, sizeof(command))] = 0;
+ int input = SSL_read(ssl, command, sizeof(command));
+ if (input > 0) {
+ command[input] = 0;
printf("First client command: %s\n", command);
+ }
char msg[] = "I hear you, fa shizzle!";
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
@@ -57,6 +84,7 @@
DH_free(dh);
SSL_CTX_free(ctx);
+ SSL_shutdown(ssl);
SSL_free(ssl);
tcp_close(clientfd);
@@ -82,3 +110,4 @@
}
#endif // NO_MAIN_DRIVER
+
--- 1.2/extra/yassl/src/make.bat 2006-11-29 09:21:43 +01:00
+++ 1.3/extra/yassl/src/make.bat 2006-11-29 09:21:43 +01:00
@@ -1,7 +1,7 @@
REM quick and dirty build file for testing different MSDEVs
setlocal
-set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI
+set myFLAGS= /I../include /I../taocrypt/mySTL /I../taocrypt/include /W3 /c /ZI
cl %myFLAGS% buffer.cpp
cl %myFLAGS% cert_wrapper.cpp
--- 1.2/extra/yassl/taocrypt/benchmark/make.bat 2006-11-29 09:21:43 +01:00
+++ 1.3/extra/yassl/taocrypt/benchmark/make.bat 2006-11-29 09:21:43 +01:00
@@ -1,7 +1,7 @@
REM quick and dirty build file for testing different MSDEVs
setlocal
-set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
+set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
cl %myFLAGS% benchmark.cpp
--- 1.3/extra/yassl/taocrypt/include/blowfish.hpp 2006-11-29 09:21:43 +01:00
+++ 1.4/extra/yassl/taocrypt/include/blowfish.hpp 2006-11-29 09:21:43 +01:00
@@ -32,12 +32,21 @@
#include "misc.hpp"
#include "modes.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_BLOWFISH_ASM
+#endif
+
+
namespace TaoCrypt {
enum { BLOWFISH_BLOCK_SIZE = 8 };
@@ -49,15 +58,14 @@
enum { BLOCK_SIZE = BLOWFISH_BLOCK_SIZE, ROUNDS = 16 };
Blowfish(CipherDir DIR, Mode MODE)
- : Mode_BASE(BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(BLOCK_SIZE, DIR, MODE) {}
+#ifdef DO_BLOWFISH_ASM
void Process(byte*, const byte*, word32);
+#endif
void SetKey(const byte* key, word32 sz, CipherDir fake = ENCRYPTION);
void SetIV(const byte* iv) { memcpy(r_, iv, BLOCK_SIZE); }
private:
- CipherDir dir_;
- Mode mode_;
-
static const word32 p_init_[ROUNDS + 2];
static const word32 s_init_[4 * 256];
--- 1.3/extra/yassl/taocrypt/include/twofish.hpp 2006-11-29 09:21:43 +01:00
+++ 1.4/extra/yassl/taocrypt/include/twofish.hpp 2006-11-29 09:21:43 +01:00
@@ -32,12 +32,20 @@
#include "misc.hpp"
#include "modes.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_TWOFISH_ASM
+#endif
+
namespace TaoCrypt {
enum { TWOFISH_BLOCK_SIZE = 16 };
@@ -49,15 +57,14 @@
enum { BLOCK_SIZE = TWOFISH_BLOCK_SIZE };
Twofish(CipherDir DIR, Mode MODE)
- : Mode_BASE(BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(BLOCK_SIZE, DIR, MODE) {}
+#ifdef DO_TWOFISH_ASM
void Process(byte*, const byte*, word32);
+#endif
void SetKey(const byte* key, word32 sz, CipherDir fake = ENCRYPTION);
void SetIV(const byte* iv) { memcpy(r_, iv, BLOCK_SIZE); }
private:
- CipherDir dir_;
- Mode mode_;
-
static const byte q_[2][256];
static const word32 mds_[4][256];
--- 1.3/extra/yassl/taocrypt/src/blowfish.cpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/src/blowfish.cpp 2006-11-29 09:21:44 +01:00
@@ -37,34 +37,21 @@
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_BLOWFISH_ASM
-#endif
-
namespace TaoCrypt {
-#if !defined(DO_BLOWFISH_ASM)
-
-// Generic Version
-void Blowfish::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
-#else
+#if defined(DO_BLOWFISH_ASM)
// ia32 optimized version
void Blowfish::Process(byte* out, const byte* in, word32 sz)
{
+ if (!isMMX) {
+ Mode_BASE::Process(out, in, sz);
+ return;
+ }
+
word32 blocks = sz / BLOCK_SIZE;
if (mode_ == ECB)
--- 1.4/extra/yassl/taocrypt/src/make.bat 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/src/make.bat 2006-11-29 09:21:44 +01:00
@@ -1,7 +1,7 @@
REM quick and dirty build file for testing different MSDEVs
setlocal
-set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
+set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
cl %myFLAGS% aes.cpp
cl %myFLAGS% aestables.cpp
@@ -21,6 +21,7 @@
cl %myFLAGS% hash.cpp
cl %myFLAGS% integer.cpp
cl %myFLAGS% md2.cpp
+cl %myFLAGS% md4.cpp
cl %myFLAGS% md5.cpp
cl %myFLAGS% misc.cpp
@@ -33,5 +34,5 @@
cl %myFLAGS% tftables.cpp
cl %myFLAGS% twofish.cpp
-link.exe -lib /out:taocrypt.lib aes.obj aestables.obj algebra.obj arc4.obj asn.obj bftables.obj blowfish.obj coding.obj des.obj dh.obj dsa.obj file.obj hash.obj integer.obj md2.obj md5.obj misc.obj random.obj ripemd.obj rsa.obj sha.obj template_instnt.obj tftables.obj twofish.obj
+link.exe -lib /out:taocrypt.lib aes.obj aestables.obj algebra.obj arc4.obj asn.obj bftables.obj blowfish.obj coding.obj des.obj dh.obj dsa.obj file.obj hash.obj integer.obj md2.obj md4.obj md5.obj misc.obj random.obj ripemd.obj rsa.obj sha.obj template_instnt.obj tftables.obj twofish.obj
--- 1.3/extra/yassl/taocrypt/src/md4.cpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/src/md4.cpp 2006-11-29 09:21:44 +01:00
@@ -28,7 +28,11 @@
#include "runtime.hpp"
#include "md4.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
--- 1.2/extra/yassl/taocrypt/src/twofish.cpp 2006-11-29 09:21:44 +01:00
+++ 1.3/extra/yassl/taocrypt/src/twofish.cpp 2006-11-29 09:21:44 +01:00
@@ -35,33 +35,20 @@
#include "twofish.hpp"
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_TWOFISH_ASM
-#endif
-
namespace TaoCrypt {
-#if !defined(DO_TWOFISH_ASM)
-
-// Generic Version
-void Twofish::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
-#else
+#if defined(DO_TWOFISH_ASM)
// ia32 optimized version
void Twofish::Process(byte* out, const byte* in, word32 sz)
{
+ if (!isMMX) {
+ Mode_BASE::Process(out, in, sz);
+ return;
+ }
+
word32 blocks = sz / BLOCK_SIZE;
if (mode_ == ECB)
--- 1.2/extra/yassl/taocrypt/test/make.bat 2006-11-29 09:21:44 +01:00
+++ 1.3/extra/yassl/taocrypt/test/make.bat 2006-11-29 09:21:44 +01:00
@@ -1,7 +1,7 @@
REM quick and dirty build file for testing different MSDEVs
setlocal
-set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2
+set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
cl %myFLAGS% test.cpp
--- 1.3/extra/yassl/taocrypt/test/test.cpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/test/test.cpp 2006-11-29 09:21:44 +01:00
@@ -247,6 +247,8 @@
args.argv = argv;
taocrypt_test(&args);
+ TaoCrypt::CleanUp();
+
return args.return_code;
}
--- 1.2/extra/yassl/testsuite/make.bat 2006-11-29 09:21:44 +01:00
+++ 1.3/extra/yassl/testsuite/make.bat 2006-11-29 09:21:44 +01:00
@@ -1,7 +1,7 @@
REM quick and dirty build file for testing different MSDEVs
setlocal
-set myFLAGS= /I../include /I../taocrypt/include /I../mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"
+set myFLAGS= /I../include /I../taocrypt/include /I../taocrypt/mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"
cl %myFLAGS% testsuite.cpp
cl %myFLAGS% ../examples/client/client.cpp
--- 1.9/extra/yassl/testsuite/test.hpp 2006-11-29 09:21:44 +01:00
+++ 1.10/extra/yassl/testsuite/test.hpp 2006-11-29 09:21:44 +01:00
@@ -9,6 +9,8 @@
#include <stdlib.h>
#include <assert.h>
+//#define NON_BLOCKING // test server and client example (not echos)
+
#ifdef _WIN32
#include <winsock2.h>
#include <process.h>
@@ -23,16 +25,17 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <pthread.h>
+#ifdef NON_BLOCKING
+ #include <fcntl.h>
+#endif
#define SOCKET_T int
#endif /* _WIN32 */
-#if !defined(_SOCKLEN_T) && defined(_WIN32)
+#if !defined(_SOCKLEN_T) && \
+ (defined(_WIN32) || defined(__NETWARE__) || defined(__APPLE__))
typedef int socklen_t;
#endif
-#if !defined(_SOCKLEN_T) && defined(__NETWARE__)
- typedef size_t socklen_t;
-#endif
// Check type of third arg to accept
@@ -262,6 +265,20 @@
}
+inline void tcp_set_nonblocking(SOCKET_T& sockfd)
+{
+#ifdef NON_BLOCKING
+ #ifdef _WIN32
+ unsigned long blocking = 1;
+ int ret = ioctlsocket(sockfd, FIONBIO, &blocking);
+ #else
+ int flags = fcntl(sockfd, F_GETFL, 0);
+ int ret = fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
+ #endif
+#endif
+}
+
+
inline void tcp_socket(SOCKET_T& sockfd, sockaddr_in& addr)
{
sockfd = socket(AF_INET, SOCK_STREAM, 0);
@@ -289,8 +306,7 @@
sockaddr_in addr;
tcp_socket(sockfd, addr);
- if (connect(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0)
- {
+ if (connect(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0) {
tcp_close(sockfd);
err_sys("tcp connect failed");
}
@@ -302,19 +318,18 @@
sockaddr_in addr;
tcp_socket(sockfd, addr);
- if (bind(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0)
- {
+ if (bind(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0) {
tcp_close(sockfd);
err_sys("tcp bind failed");
}
- if (listen(sockfd, 3) != 0)
- {
+ if (listen(sockfd, 3) != 0) {
tcp_close(sockfd);
err_sys("tcp listen failed");
}
}
+
inline void tcp_accept(SOCKET_T& sockfd, SOCKET_T& clientfd, func_args& args)
{
tcp_listen(sockfd);
@@ -333,11 +348,14 @@
clientfd = accept(sockfd, (sockaddr*)&client, (ACCEPT_THIRD_T)&client_len);
- if (clientfd == -1)
- {
+ if (clientfd == -1) {
tcp_close(sockfd);
err_sys("tcp accept failed");
}
+
+#ifdef NON_BLOCKING
+ tcp_set_nonblocking(clientfd);
+#endif
}
@@ -363,25 +381,30 @@
inline DH* set_tmpDH(SSL_CTX* ctx)
{
- static unsigned char dh512_p[] =
+ static unsigned char dh1024_p[] =
{
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
+ 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+ 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+ 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+ 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+ 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+ 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+ 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+ 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+ 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+ 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+ 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
};
- static unsigned char dh512_g[] =
+ static unsigned char dh1024_g[] =
{
0x02,
};
DH* dh;
if ( (dh = DH_new()) ) {
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), 0);
+ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+ dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
}
if (!dh->p || !dh->g) {
DH_free(dh);
--- 1.3/extra/yassl/include/openssl/prefix_ssl.h 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/include/openssl/prefix_ssl.h 2006-11-29 09:21:44 +01:00
@@ -52,6 +52,7 @@
#define SSL_set_session yaSSL_set_session
#define SSL_get_session yaSSL_get_session
#define SSL_SESSION_set_timeout yaSSL_SESSION_set_timeout
+#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode
#define SSL_get_peer_certificate yaSSL_get_peer_certificate
#define SSL_get_verify_result yaSSL_get_verify_result
#define SSL_CTX_set_verify yaSSL_CTX_set_verify
@@ -98,6 +99,8 @@
#define SSLv3_client_method yaSSLv3_client_method
#define TLSv1_server_method yaTLSv1_server_method
#define TLSv1_client_method yaTLSv1_client_method
+#define TLSv1_1_server_method yaTLSv1_1_server_method
+#define TLSv1_1_client_method yaTLSv1_1_client_method
#define SSLv23_server_method yaSSLv23_server_method
#define SSL_CTX_use_certificate_file yaSSL_CTX_use_certificate_file
#define SSL_CTX_use_PrivateKey_file yaSSL_CTX_use_PrivateKey_file
@@ -159,3 +162,4 @@
#define MD5_Init yaMD5_Init
#define MD5_Update yaMD5_Update
#define MD5_Final yaMD5_Final
+#define SSL_set_compression yaSSL_set_compression
--- 1.6/extra/yassl/README 2006-11-29 09:21:44 +01:00
+++ 1.7/extra/yassl/README 2006-11-29 09:21:44 +01:00
@@ -1,4 +1,56 @@
-yaSSL Release notes, version 1.4.0 (08/13/06)
+yaSSL Release notes, version 1.5.0 (11/09/06)
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ and full TLS 1.1 support. Use the functions:
+
+ SSL_METHOD *TLSv1_1_server_method(void);
+ SSL_METHOD *TLSv1_1_client_method(void);
+
+ or the SSLv23 versions (even though yaSSL doesn't support SSL 2.0 the v23
+ means to pick the highest of SSL 3.0, TLS 1.0, or TLS 1.1.
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+
+****************yaSSL Release notes, version 1.4.5 (10/15/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ zlib compression support, removal of assembly instructions at runtime if
+ not supported, and initial TLS 1.1 support.
+
+
+ Compression Notes: yaSSL uses zlib for compression and the compression
+ should only be used if yaSSL is at both ends because the implementation
+ details aren't yet standard. If you'd like to turn compression on use
+ the SSL_set_compression() function on the client before calling
+ SSL_connect(). If both the client and server were built with zlib support
+ then the connection will use compression. If the client isn't built with
+ support then SSL_set_compression() will return an error (-1).
+
+ To build yaSSL with zlib support on Unix simply have zlib support on your
+ system and configure will find it if it's in the standard locations. If
+ it's somewhere else use the option ./configure --with-zlib=DIR. If you'd
+ like to disable compression support in yaSSL use ./configure --without-zlib.
+
+ To build yaSSL with zlib support on Windows:
+
+ 1) download zlib from http://www.zlib.net/
+ 2) follow the instructions in zlib from projects/visualc6/README.txt
+ for how to add the zlib project into the yaSSL workspace noting that
+ you'll need to add configuration support for "Win32 Debug" and
+ "Win32 Release" in note 3 under "To use:".
+ 3) define HAVE_LIBZ when building yaSSL
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.4.0 (08/13/06)
This release of yaSSL contains bug fixes, portability enhancements,
@@ -121,18 +173,6 @@
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
-
---To enable ia32 assembly for TaoCrypt ciphers and message digests
-
- On MSVC this is always on
-
- On GCC **, use ./configure --enable-ia32-asm
-
- ** This isn't on by default because of the use of intel syntax and the
- problem that olders versions of gas have with some addressing statements.
- If you enable this and get assemler errors during compilation or can't
- pass the TaoCrypt tests, please send todd@stripped a message and disable
- this option in the meantime.
***************** yaSSL Release notes, version 1.0.5
--- 1.5/extra/yassl/include/factory.hpp 2006-11-29 09:21:44 +01:00
+++ 1.6/extra/yassl/include/factory.hpp 2006-11-29 09:21:44 +01:00
@@ -42,12 +42,7 @@
namespace STL = STL_NAMESPACE;
-// VC60 workaround: it doesn't allow typename in some places
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
- #define CPP_TYPENAME
-#else
- #define CPP_TYPENAME typename
-#endif
+
namespace yaSSL {
--- 1.17/extra/yassl/include/openssl/ssl.h 2006-11-29 09:21:44 +01:00
+++ 1.18/extra/yassl/include/openssl/ssl.h 2006-11-29 09:21:44 +01:00
@@ -41,7 +41,7 @@
#include "rsa.h"
-#define YASSL_VERSION "1.4.3"
+#define YASSL_VERSION "1.5.0"
#if defined(__cplusplus)
@@ -228,6 +228,7 @@
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
long SSL_SESSION_set_timeout(SSL_SESSION*, long);
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode);
X509* SSL_get_peer_certificate(SSL*);
long SSL_get_verify_result(SSL*);
@@ -361,6 +362,8 @@
SSL_METHOD *SSLv3_client_method(void);
SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
+SSL_METHOD *TLSv1_1_server_method(void);
+SSL_METHOD *TLSv1_1_client_method(void);
SSL_METHOD *SSLv23_server_method(void);
int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
@@ -529,6 +532,10 @@
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
+
+
+/* yaSSL adds */
+int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */
--- 1.8/extra/yassl/include/socket_wrapper.hpp 2006-11-29 09:21:44 +01:00
+++ 1.9/extra/yassl/include/socket_wrapper.hpp 2006-11-29 09:21:44 +01:00
@@ -70,8 +70,8 @@
// Wraps Windows Sockets and BSD Sockets
class Socket {
socket_t socket_; // underlying socket descriptor
- bool wouldBlock_; // for non-blocking data
- bool blocking_; // is option set
+ bool wouldBlock_; // if non-blocking data, for last read
+ bool nonBlocking_; // is option set
public:
explicit Socket(socket_t s = INVALID_SOCKET);
~Socket();
@@ -85,7 +85,7 @@
bool wait();
bool WouldBlock() const;
- bool IsBlocking() const;
+ bool IsNonBlocking() const;
void closeSocket();
void shutDown(int how = SD_SEND);
--- 1.6/extra/yassl/include/yassl_error.hpp 2006-11-29 09:21:44 +01:00
+++ 1.7/extra/yassl/include/yassl_error.hpp 2006-11-29 09:21:44 +01:00
@@ -56,7 +56,10 @@
receive_error = 114,
certificate_error = 115,
privateKey_error = 116,
- badVersion_error = 117
+ badVersion_error = 117,
+ compress_error = 118,
+ decompress_error = 119,
+ pms_version_error = 120
// !!!! add error message to .cpp !!!!
--- 1.6/extra/yassl/include/yassl_imp.hpp 2006-11-29 09:21:44 +01:00
+++ 1.7/extra/yassl/include/yassl_imp.hpp 2006-11-29 09:21:44 +01:00
@@ -132,7 +132,6 @@
public:
Data();
Data(uint16 len, opaque* b);
- Data(uint16 len, const opaque* w);
friend output_buffer& operator<<(output_buffer&, const Data&);
@@ -141,9 +140,9 @@
ContentType get_type() const;
uint16 get_length() const;
- const opaque* get_buffer() const;
void set_length(uint16 l);
opaque* set_buffer();
+ void SetData(uint16, const opaque*);
void Process(input_buffer&, SSL&);
private:
Data(const Data&); // hide copy
@@ -232,11 +231,11 @@
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
- friend void buildClientHello(SSL&, ClientHello&, CompressionMethod);
+ friend void buildClientHello(SSL&, ClientHello&);
friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
ClientHello();
- explicit ClientHello(ProtocolVersion pv);
+ ClientHello(ProtocolVersion pv, bool useCompression);
private:
ClientHello(const ClientHello&); // hide copy
ClientHello& operator=(const ClientHello&); // and assign
@@ -253,7 +252,7 @@
opaque cipher_suite_[SUITE_LEN];
CompressionMethod compression_method_;
public:
- explicit ServerHello(ProtocolVersion pv);
+ ServerHello(ProtocolVersion pv, bool useCompression);
ServerHello();
friend input_buffer& operator>>(input_buffer&, ServerHello&);
@@ -629,8 +628,11 @@
bool send_server_key_; // server key exchange?
bool master_clean_; // master secret clean?
bool TLS_; // TLSv1 or greater
+ bool TLSv1_1_; // TLSv1.1 or greater
bool sessionID_Set_; // do we have a session
- ProtocolVersion version_;
+ bool compression_; // zlib compression?
+ ProtocolVersion version_; // negotiated version
+ ProtocolVersion chVersion_; // client hello version
RandomPool& random_;
Connection(ProtocolVersion v, RandomPool& ran);
@@ -640,6 +642,7 @@
void CleanPreMaster();
void CleanMaster();
void TurnOffTLS();
+ void TurnOffTLS1_1();
private:
Connection(const Connection&); // hide copy
Connection& operator=(const Connection&); // and assign
--- 1.14/extra/yassl/include/yassl_int.hpp 2006-11-29 09:21:44 +01:00
+++ 1.15/extra/yassl/include/yassl_int.hpp 2006-11-29 09:21:44 +01:00
@@ -431,6 +431,7 @@
DH_Parms dhParms_;
pem_password_cb passwordCb_;
void* userData_;
+ bool sessionCacheOff_;
Stats stats_;
Mutex mutex_; // for Stats
public:
@@ -445,6 +446,7 @@
const Stats& GetStats() const;
pem_password_cb GetPasswordCb() const;
void* GetUserData() const;
+ bool GetSessionCacheOff() const;
void setVerifyPeer();
void setVerifyNone();
@@ -453,6 +455,7 @@
bool SetDH(const DH&);
void SetPasswordCb(pem_password_cb cb);
void SetUserData(void*);
+ void SetSessionCacheOff();
void IncrementStats(StatsField);
void AddCA(x509* ca);
@@ -600,6 +603,7 @@
const Socket& getSocket() const;
YasslError GetError() const;
bool GetMultiProtocol() const;
+ bool CompressionOn() const;
Crypto& useCrypto();
Security& useSecurity();
@@ -617,9 +621,12 @@
void set_preMaster(const opaque*, uint);
void set_masterSecret(const opaque*);
void SetError(YasslError);
+ int SetCompression();
+ void UnSetCompression();
// helpers
bool isTLS() const;
+ bool isTLSv1_1() const;
void order_error();
void makeMasterSecret();
void makeTLSMasterSecret();
@@ -652,6 +659,10 @@
const SSL& operator=(const SSL&); // and assign
};
+
+// compression
+int Compress(const byte*, int, input_buffer&);
+int DeCompress(input_buffer&, int, input_buffer&);
// conversion functions
--- 1.14/extra/yassl/include/yassl_types.hpp 2006-11-29 09:21:44 +01:00
+++ 1.15/extra/yassl/include/yassl_types.hpp 2006-11-29 09:21:44 +01:00
@@ -211,6 +211,7 @@
const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random
const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds
const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard
+const int COMPRESS_EXTRA = 1024; // extra compression possible addition
typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS
@@ -222,7 +223,7 @@
typedef bool IsExportable;
-enum CompressionMethod { no_compression = 0 };
+enum CompressionMethod { no_compression = 0, zlib = 221 };
enum CipherType { stream, block };
--- 1.13/extra/yassl/src/handshake.cpp 2006-11-29 09:21:44 +01:00
+++ 1.14/extra/yassl/src/handshake.cpp 2006-11-29 09:21:44 +01:00
@@ -40,9 +40,11 @@
// Build a client hello message from cipher suites and compression method
-void buildClientHello(SSL& ssl, ClientHello& hello,
- CompressionMethod compression = no_compression)
+void buildClientHello(SSL& ssl, ClientHello& hello)
{
+ // store for pre master secret
+ ssl.useSecurity().use_connection().chVersion_ = hello.client_version_;
+
ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
if (ssl.getSecurity().get_resuming()) {
hello.id_len_ = ID_LEN;
@@ -55,7 +57,6 @@
memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
hello.suite_len_);
hello.comp_len_ = 1;
- hello.compression_methods_ = compression;
hello.set_length(sizeof(ProtocolVersion) +
RAN_LEN +
@@ -83,7 +84,7 @@
hello.cipher_suite_[0] = ssl.getSecurity().get_parms().suite_[0];
hello.cipher_suite_[1] = ssl.getSecurity().get_parms().suite_[1];
- hello.compression_method_ = no_compression;
+ hello.compression_method_ = hello.compression_method_;
hello.set_length(sizeof(ProtocolVersion) + RAN_LEN + ID_LEN +
sizeof(hello.id_len_) + SUITE_LEN + SIZEOF_ENUM);
@@ -151,12 +152,18 @@
// add handshake from buffer into md5 and sha hashes, exclude record header
-void hashHandShake(SSL& ssl, const output_buffer& output)
+void hashHandShake(SSL& ssl, const output_buffer& output, bool removeIV = false)
{
uint sz = output.get_size() - RECORD_HEADER;
const opaque* buffer = output.get_buffer() + RECORD_HEADER;
+ if (removeIV) { // TLSv1_1 IV
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+ sz -= blockSz;
+ buffer += blockSz;
+ }
+
ssl.useHashes().use_MD5().update(buffer, sz);
ssl.useHashes().use_SHA().update(buffer, sz);
}
@@ -229,6 +236,18 @@
ssl.useCrypto().use_cipher().decrypt(plain.get_buffer(), cipher, sz);
memcpy(cipher, plain.get_buffer(), sz);
ssl.useSecurity().use_parms().encrypt_size_ = sz;
+
+ if (ssl.isTLSv1_1()) // IV
+ input.set_current(input.get_current() +
+ ssl.getCrypto().get_cipher().get_blockSize());
+}
+
+
+// output operator for input_buffer
+output_buffer& operator<<(output_buffer& output, const input_buffer& input)
+{
+ output.write(input.get_buffer(), input.get_size());
+ return output;
}
@@ -239,9 +258,12 @@
uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
uint sz = RECORD_HEADER + HANDSHAKE_HEADER + finishedSz + digestSz;
uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1())
+ sz += blockSz; // IV
sz += 1; // pad byte
- uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
@@ -252,14 +274,21 @@
buildHeaders(ssl, hsHeader, rlHeader, fin);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+ uint ivSz = iv.get_size();
output.allocate(sz);
- output << rlHeader << hsHeader << fin;
+ output << rlHeader << iv << hsHeader << fin;
- hashHandShake(ssl, output);
+ hashHandShake(ssl, output, ssl.isTLSv1_1() ? true : false);
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
- TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
- output.get_size() - RECORD_HEADER, handshake);
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, handshake);
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, handshake);
@@ -282,9 +311,12 @@
uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
uint sz = RECORD_HEADER + msg.get_length() + digestSz;
uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1()) // IV
+ sz += blockSz;
sz += 1; // pad byte
- uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
@@ -294,13 +326,21 @@
buildHeader(ssl, rlHeader, msg);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+
+ uint ivSz = iv.get_size();
output.allocate(sz);
- output << rlHeader << msg;
+ output << rlHeader << iv << msg;
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
- TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
- output.get_size() - RECORD_HEADER, msg.get_type());
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, msg.get_type());
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, msg.get_type());
@@ -456,6 +496,10 @@
// some clients still send sslv2 client hello
void ProcessOldClientHello(input_buffer& input, SSL& ssl)
{
+ if (input.get_remaining() < 2) {
+ ssl.SetError(bad_input);
+ return;
+ }
byte b0 = input[AUTO];
byte b1 = input[AUTO];
@@ -721,6 +765,7 @@
// each message in record, can be more than 1 if not encrypted
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
decrypt_message(ssl, buffer, hdr.length_);
+
mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
if (!msg.get()) {
ssl.SetError(factory_error);
@@ -744,13 +789,13 @@
if (DoProcessReply(ssl))
// didn't complete process
- if (!ssl.getSocket().IsBlocking()) {
- // keep trying now
+ if (!ssl.getSocket().IsNonBlocking()) {
+ // keep trying now, blocking ok
while (!ssl.GetError())
if (DoProcessReply(ssl) == 0) break;
}
else
- // user will have try again later
+ // user will have try again later, non blocking
ssl.SetError(YasslError(SSL_ERROR_WANT_READ));
}
@@ -761,7 +806,8 @@
ssl.verifyState(serverNull);
if (ssl.GetError()) return;
- ClientHello ch(ssl.getSecurity().get_connection().version_);
+ ClientHello ch(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
output_buffer out;
@@ -859,6 +905,7 @@
buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
}
else {
+ if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
GetSessions().add(ssl); // store session
if (side == client_end)
buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
@@ -885,7 +932,20 @@
for (;;) {
int len = min(sz - sent, MAX_RECORD_SIZE);
output_buffer out;
- const Data data(len, static_cast<const opaque*>(buffer) + sent);
+ input_buffer tmp;
+
+ Data data;
+
+ if (ssl.CompressionOn()) {
+ if (Compress(static_cast<const opaque*>(buffer) + sent, len,
+ tmp) == -1) {
+ ssl.SetError(compress_error);
+ return -1;
+ }
+ data.SetData(tmp.get_size(), tmp.get_buffer());
+ }
+ else
+ data.SetData(len, static_cast<const opaque*>(buffer) + sent);
buildMessage(ssl, out, data);
ssl.Send(out.get_buffer(), out.get_size());
@@ -947,7 +1007,8 @@
ssl.verifyState(clientHelloComplete);
if (ssl.GetError()) return;
- ServerHello sh(ssl.getSecurity().get_connection().version_);
+ ServerHello sh(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
--- 1.13/extra/yassl/src/socket_wrapper.cpp 2006-11-29 09:21:44 +01:00
+++ 1.14/extra/yassl/src/socket_wrapper.cpp 2006-11-29 09:21:44 +01:00
@@ -63,7 +63,7 @@
Socket::Socket(socket_t s)
- : socket_(s), wouldBlock_(false), blocking_(false)
+ : socket_(s), wouldBlock_(false), nonBlocking_(false)
{}
@@ -148,8 +148,8 @@
if (recvd == -1) {
if (get_lastError() == SOCKET_EWOULDBLOCK ||
get_lastError() == SOCKET_EAGAIN) {
- wouldBlock_ = true;
- blocking_ = true; // socket can block, only way to tell for win32
+ wouldBlock_ = true; // would have blocked this time only
+ nonBlocking_ = true; // socket nonblocking, win32 only way to tell
return 0;
}
}
@@ -191,9 +191,9 @@
}
-bool Socket::IsBlocking() const
+bool Socket::IsNonBlocking() const
{
- return blocking_;
+ return nonBlocking_;
}
--- 1.19/extra/yassl/src/ssl.cpp 2006-11-29 09:21:44 +01:00
+++ 1.20/extra/yassl/src/ssl.cpp 2006-11-29 09:21:44 +01:00
@@ -184,10 +184,22 @@
}
+SSL_METHOD* TLSv1_1_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
SSL_METHOD* SSLv23_server_method()
{
// compatibility only, no version 2 support, but does SSL 3 and TLS 1
- return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1), true);
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
}
@@ -196,7 +208,7 @@
// compatibility only, no version 2 support, but does SSL 3 and TLS 1
// though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
// TODO: maybe add support to send SSLv2 hello ???
- return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1), true);
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
}
@@ -407,7 +419,6 @@
Alert alert(warning, close_notify);
sendAlert(*ssl, alert);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
- ssl->useSocket().closeSocket();
GetErrors().Remove();
@@ -415,8 +426,21 @@
}
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+ if (mode == SSL_SESS_CACHE_OFF)
+ ctx->SetSessionCacheOff();
+
+ return SSL_SUCCESS;
+}
+
+
SSL_SESSION* SSL_get_session(SSL* ssl)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return 0;
+
return GetSessions().lookup(
ssl->getSecurity().get_connection().sessionID_);
}
@@ -424,6 +448,9 @@
int SSL_set_session(SSL* ssl, SSL_SESSION* session)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return SSL_FAILURE;
+
ssl->set_session(session);
return SSL_SUCCESS;
}
@@ -512,6 +539,19 @@
}
+
+/* turn on yaSSL zlib compression
+ returns 0 for success, else error (not built in)
+ only need to turn on for client, becuase server on by default if built in
+ but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl)
+{
+ return ssl->SetCompression();
+}
+
+
+
X509* SSL_get_peer_certificate(SSL* ssl)
{
return ssl->getCrypto().get_certManager().get_peerX509();
@@ -1359,6 +1399,56 @@
}
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+ ctx->SetPasswordCb(cb);
+}
+
+
+int SSLeay_add_ssl_algorithms() // compatibility only
+{
+ return 1;
+}
+
+
+void ERR_remove_state(unsigned long)
+{
+ GetErrors().Remove();
+}
+
+
+int ERR_GET_REASON(int l)
+{
+ return l & 0xfff;
+}
+
+
+unsigned long err_helper(bool peek = false)
+{
+ int ysError = GetErrors().Lookup(peek);
+
+ // translate cert error for libcurl, it uses OpenSSL hex code
+ switch (ysError) {
+ case TaoCrypt::SIG_OTHER_E:
+ return CERTFICATE_ERROR;
+ break;
+ default :
+ return 0;
+ }
+}
+
+
+unsigned long ERR_peek_error()
+{
+ return err_helper(true);
+}
+
+
+unsigned long ERR_get_error()
+{
+ return err_helper();
+}
+
// functions for stunnel
@@ -1477,13 +1567,6 @@
}
- long SSL_CTX_set_session_cache_mode(SSL_CTX*, long)
- {
- // TDOD:
- return SSL_SUCCESS;
- }
-
-
long SSL_CTX_set_timeout(SSL_CTX*, long)
{
// TDOD:
@@ -1498,12 +1581,6 @@
}
- void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
- {
- ctx->SetPasswordCb(cb);
- }
-
-
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
{
// TDOD:
@@ -1554,49 +1631,6 @@
return 0;
}
-
- int SSLeay_add_ssl_algorithms() // compatibility only
- {
- return 1;
- }
-
-
- void ERR_remove_state(unsigned long)
- {
- GetErrors().Remove();
- }
-
-
- int ERR_GET_REASON(int l)
- {
- return l & 0xfff;
- }
-
- unsigned long err_helper(bool peek = false)
- {
- int ysError = GetErrors().Lookup(peek);
-
- // translate cert error for libcurl, it uses OpenSSL hex code
- switch (ysError) {
- case TaoCrypt::SIG_OTHER_E:
- return CERTFICATE_ERROR;
- break;
- default :
- return 0;
- }
- }
-
-
- unsigned long ERR_peek_error()
- {
- return err_helper(true);
- }
-
-
- unsigned long ERR_get_error()
- {
- return err_helper();
- }
// end stunnel needs
--- 1.8/extra/yassl/src/yassl_error.cpp 2006-11-29 09:21:44 +01:00
+++ 1.9/extra/yassl/src/yassl_error.cpp 2006-11-29 09:21:44 +01:00
@@ -133,6 +133,18 @@
strncpy(buffer, "protocl version mismatch", max);
break;
+ case compress_error :
+ strncpy(buffer, "compression error", max);
+ break;
+
+ case decompress_error :
+ strncpy(buffer, "decompression error", max);
+ break;
+
+ case pms_version_error :
+ strncpy(buffer, "bad PreMasterSecret version error", max);
+ break;
+
// openssl errors
case SSL_ERROR_WANT_READ :
strncpy(buffer, "the read operation would block", max);
--- 1.11/extra/yassl/src/yassl_imp.cpp 2006-11-29 09:21:44 +01:00
+++ 1.12/extra/yassl/src/yassl_imp.cpp 2006-11-29 09:21:44 +01:00
@@ -87,7 +87,7 @@
opaque tmp[SECRET_LEN];
memset(tmp, 0, sizeof(tmp));
ssl.getCrypto().get_random().Fill(tmp, SECRET_LEN);
- ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
tmp[0] = pv.major_;
tmp[1] = pv.minor_;
ssl.set_preMaster(tmp, SECRET_LEN);
@@ -233,6 +233,10 @@
rsa.decrypt(preMasterSecret, secret_, length_,
ssl.getCrypto().get_random());
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
+ if (pv.major_ != preMasterSecret[0] || pv.minor_ != preMasterSecret[1])
+ ssl.SetError(pms_version_error); // continue deriving for timing attack
+
ssl.set_preMaster(preMasterSecret, SECRET_LEN);
ssl.makeMasterSecret();
}
@@ -437,6 +441,7 @@
ProtocolVersion pv, bool haveDH) : entity_(ce)
{
pending_ = true; // suite not set yet
+ strncpy(cipher_name_, "NONE", 5);
if (ciphers.setSuites_) { // use user set list
suites_size_ = ciphers.suiteSz_;
@@ -445,6 +450,7 @@
}
else
SetSuites(pv, ce == server_end && !haveDH); // defaults
+
}
@@ -613,14 +619,18 @@
void HandShakeHeader::Process(input_buffer& input, SSL& ssl)
{
ssl.verifyState(*this);
+ if (ssl.GetError()) return;
const HandShakeFactory& hsf = ssl.getFactory().getHandShake();
mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_));
if (!hs.get()) {
ssl.SetError(factory_error);
return;
}
- hashHandShake(ssl, input, c24to32(length_));
+ uint len = c24to32(length_);
+ hashHandShake(ssl, input, len);
+
+ hs->set_length(len);
input >> *hs;
hs->Process(input, ssl);
}
@@ -849,11 +859,17 @@
opaque mac[SHA_LEN];
input.read(mac, digestSz);
+ if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ int ivExtra = 0;
opaque fill;
- int padSz = ssl.getSecurity().get_parms().encrypt_size_ - aSz -
- digestSz;
+
+ if (ssl.isTLSv1_1())
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+ int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
+ aSz - digestSz;
for (int i = 0; i < padSz; i++)
fill = input[AUTO];
+ }
// verify
if (memcmp(mac, verify, digestSz)) {
@@ -879,9 +895,13 @@
{}
-Data::Data(uint16 len, const opaque* w)
- : length_(len), buffer_(0), write_buffer_(w)
-{}
+void Data::SetData(uint16 len, const opaque* buffer)
+{
+ assert(write_buffer_ == 0);
+
+ length_ = len;
+ write_buffer_ = buffer;
+}
input_buffer& Data::set(input_buffer& in)
{
@@ -907,17 +927,12 @@
}
-const opaque* Data::get_buffer() const
-{
- return write_buffer_;
-}
-
-
void Data::set_length(uint16 l)
{
length_ = l;
}
+
opaque* Data::set_buffer()
{
return buffer_;
@@ -937,27 +952,42 @@
{
int msgSz = ssl.getSecurity().get_parms().encrypt_size_;
int pad = 0, padByte = 0;
+ int ivExtra = 0;
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
- pad = *(input.get_buffer() + input.get_current() + msgSz - 1);
+ if (ssl.isTLSv1_1()) // IV
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+ pad = *(input.get_buffer() + input.get_current() + msgSz -ivExtra - 1);
padByte = 1;
}
int digestSz = ssl.getCrypto().get_digest().get_digestSize();
- int dataSz = msgSz - digestSz - pad - padByte;
+ int dataSz = msgSz - ivExtra - digestSz - pad - padByte;
opaque verify[SHA_LEN];
+ const byte* rawData = input.get_buffer() + input.get_current();
+
// read data
- if (dataSz) {
+ if (dataSz) { // could be compressed
+ if (ssl.CompressionOn()) {
+ input_buffer tmp;
+ if (DeCompress(input, dataSz, tmp) == -1) {
+ ssl.SetError(decompress_error);
+ return;
+ }
+ ssl.addData(NEW_YS input_buffer(tmp.get_size(),
+ tmp.get_buffer(), tmp.get_size()));
+ }
+ else {
input_buffer* data;
ssl.addData(data = NEW_YS input_buffer(dataSz));
input.read(data->get_buffer(), dataSz);
data->add_size(dataSz);
+ }
if (ssl.isTLS())
- TLS_hmac(ssl, verify, data->get_buffer(), dataSz, application_data,
- true);
+ TLS_hmac(ssl, verify, rawData, dataSz, application_data, true);
else
- hmac(ssl, verify, data->get_buffer(), dataSz, application_data,
- true);
+ hmac(ssl, verify, rawData, dataSz, application_data, true);
}
// read mac and fill
@@ -1220,6 +1250,13 @@
if (ssl.isTLS() && server_version_.minor_ < 1)
// downgrade to SSLv3
ssl.useSecurity().use_connection().TurnOffTLS();
+ else if (ssl.isTLSv1_1() && server_version_.minor_ == 1)
+ // downdrage to TLSv1
+ ssl.useSecurity().use_connection().TurnOffTLS1_1();
+ }
+ else if (ssl.isTLSv1_1() && server_version_.minor_ < 2) {
+ ssl.SetError(badVersion_error);
+ return;
}
else if (ssl.isTLS() && server_version_.minor_ < 1) {
ssl.SetError(badVersion_error);
@@ -1252,6 +1289,10 @@
ssl.useSecurity().set_resuming(false);
ssl.useLog().Trace("server denied resumption");
}
+
+ if (ssl.CompressionOn() && !compression_method_)
+ ssl.UnSetCompression(); // server isn't supporting yaSSL zlib request
+
ssl.useStates().useClient() = serverHelloComplete;
}
@@ -1263,8 +1304,9 @@
}
-ServerHello::ServerHello(ProtocolVersion pv)
- : server_version_(pv)
+ServerHello::ServerHello(ProtocolVersion pv, bool useCompression)
+ : server_version_(pv),
+ compression_method_(useCompression ? zlib : no_compression)
{
memset(random_, 0, RAN_LEN);
memset(session_id_, 0, ID_LEN);
@@ -1341,6 +1383,8 @@
// input operator for Client Hello
input_buffer& operator>>(input_buffer& input, ClientHello& hello)
{
+ uint begin = input.get_current(); // could have extensions at end
+
// Protocol
hello.client_version_.major_ = input[AUTO];
hello.client_version_.minor_ = input[AUTO];
@@ -1361,8 +1405,19 @@
// Compression
hello.comp_len_ = input[AUTO];
- while (hello.comp_len_--) // ignore for now
- hello.compression_methods_ = CompressionMethod(input[AUTO]);
+ hello.compression_methods_ = no_compression;
+ while (hello.comp_len_--) {
+ CompressionMethod cm = CompressionMethod(input[AUTO]);
+ if (cm == zlib)
+ hello.compression_methods_ = zlib;
+ }
+
+ uint read = input.get_current() - begin;
+ uint expected = hello.get_length();
+
+ // ignore client hello extensions for now
+ if (read < expected)
+ input.set_current(input.get_current() + expected - read);
return input;
}
@@ -1400,6 +1455,13 @@
// Client Hello processing handler
void ClientHello::Process(input_buffer&, SSL& ssl)
{
+ // store version for pre master secret
+ ssl.useSecurity().use_connection().chVersion_ = client_version_;
+
+ if (client_version_.major_ != 3) {
+ ssl.SetError(badVersion_error);
+ return;
+ }
if (ssl.GetMultiProtocol()) { // SSLv23 support
if (ssl.isTLS() && client_version_.minor_ < 1) {
// downgrade to SSLv3
@@ -1407,20 +1469,29 @@
ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
ssl.useSecurity().use_parms().SetSuites(pv); // reset w/ SSL suites
}
+ else if (ssl.isTLSv1_1() && client_version_.minor_ == 1)
+ // downgrade to TLSv1, but use same suites
+ ssl.useSecurity().use_connection().TurnOffTLS1_1();
+ }
+ else if (ssl.isTLSv1_1() && client_version_.minor_ < 2) {
+ ssl.SetError(badVersion_error);
+ return;
}
else if (ssl.isTLS() && client_version_.minor_ < 1) {
ssl.SetError(badVersion_error);
return;
}
- else if (!ssl.isTLS() && (client_version_.major_ == 3 &&
- client_version_.minor_ >= 1)) {
+ else if (!ssl.isTLS() && client_version_.minor_ >= 1) {
ssl.SetError(badVersion_error);
return;
}
+
ssl.set_random(random_, client_end);
while (id_len_) { // trying to resume
- SSL_SESSION* session = GetSessions().lookup(session_id_);
+ SSL_SESSION* session = 0;
+ if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
+ session = GetSessions().lookup(session_id_);
if (!session) {
ssl.useLog().Trace("session lookup failed");
break;
@@ -1444,6 +1515,9 @@
ssl.matchSuite(cipher_suites_, suite_len_);
ssl.set_pending(ssl.getSecurity().get_parms().suite_[1]);
+ if (compression_methods_ == zlib)
+ ssl.SetCompression();
+
ssl.useStates().useServer() = clientHelloComplete;
}
@@ -1478,8 +1552,9 @@
}
-ClientHello::ClientHello(ProtocolVersion pv)
- : client_version_(pv)
+ClientHello::ClientHello(ProtocolVersion pv, bool useCompression)
+ : client_version_(pv),
+ compression_methods_(useCompression ? zlib : no_compression)
{
memset(random_, 0, RAN_LEN);
}
@@ -1943,8 +2018,13 @@
int digestSz = ssl.getCrypto().get_digest().get_digestSize();
input.read(mac, digestSz);
+ uint ivExtra = 0;
+ if (ssl.getSecurity().get_parms().cipher_type_ == block)
+ if (ssl.isTLSv1_1())
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+
opaque fill;
- int padSz = ssl.getSecurity().get_parms().encrypt_size_ -
+ int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
HANDSHAKE_HEADER - finishedSz - digestSz;
for (int i = 0; i < padSz; i++)
fill = input[AUTO];
@@ -2018,7 +2098,9 @@
Connection::Connection(ProtocolVersion v, RandomPool& ran)
: pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0),
pre_secret_len_(0), send_server_key_(false), master_clean_(false),
- TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran)
+ TLS_(v.major_ >= 3 && v.minor_ >= 1),
+ TLSv1_1_(v.major_ >= 3 && v.minor_ >= 2), compression_(false),
+ version_(v), random_(ran)
{
memset(sessionID_, 0, sizeof(sessionID_));
}
@@ -2040,6 +2122,13 @@
{
TLS_ = false;
version_.minor_ = 0;
+}
+
+
+void Connection::TurnOffTLS1_1()
+{
+ TLSv1_1_ = false;
+ version_.minor_ = 1;
}
--- 1.22/extra/yassl/src/yassl_int.cpp 2006-11-29 09:21:44 +01:00
+++ 1.23/extra/yassl/src/yassl_int.cpp 2006-11-29 09:21:44 +01:00
@@ -38,6 +38,11 @@
#endif
+#ifdef HAVE_LIBZ
+ #include "zlib.h"
+#endif
+
+
#ifdef YASSL_PURE_C
void* operator new(size_t sz, yaSSL::new_t)
@@ -727,6 +732,32 @@
}
+// set yaSSL zlib type compression
+int SSL::SetCompression()
+{
+#ifdef HAVE_LIBZ
+ secure_.use_connection().compression_ = true;
+ return 0;
+#else
+ return -1; // not built in
+#endif
+}
+
+
+// unset yaSSL zlib type compression
+void SSL::UnSetCompression()
+{
+ secure_.use_connection().compression_ = false;
+}
+
+
+// is yaSSL zlib compression on
+bool SSL::CompressionOn() const
+{
+ return secure_.get_connection().compression_;
+}
+
+
// store master secret
void SSL::set_masterSecret(const opaque* sec)
{
@@ -1109,6 +1140,11 @@
{
if (GetError()) return;
+ if (rlHeader.version_.major_ != 3 || rlHeader.version_.minor_ > 2) {
+ SetError(badVersion_error);
+ return;
+ }
+
if (states_.getRecord() == recordNotReady ||
(rlHeader.type_ == application_data && // data and handshake
states_.getHandShake() != handShakeReady) ) // isn't complete yet
@@ -1247,6 +1283,9 @@
void SSL::set_session(SSL_SESSION* s)
{
+ if (getSecurity().GetContext()->GetSessionCacheOff())
+ return;
+
if (s && GetSessions().lookup(s->GetID(), &secure_.use_resume())) {
secure_.set_resuming(true);
crypto_.use_certManager().setPeerX509(s->GetPeerX509());
@@ -1344,6 +1383,12 @@
}
+bool SSL::isTLSv1_1() const
+{
+ return secure_.get_connection().TLSv1_1_;
+}
+
+
void SSL::addData(input_buffer* data)
{
buffers_.useData().push_back(data);
@@ -1703,7 +1748,7 @@
SSL_CTX::SSL_CTX(SSL_METHOD* meth)
: method_(meth), certificate_(0), privateKey_(0), passwordCb_(0),
- userData_(0)
+ userData_(0), sessionCacheOff_(false)
{}
@@ -1784,12 +1829,24 @@
}
+bool SSL_CTX::GetSessionCacheOff() const
+{
+ return sessionCacheOff_;
+}
+
+
void SSL_CTX::SetUserData(void* data)
{
userData_ = data;
}
+void SSL_CTX::SetSessionCacheOff()
+{
+ sessionCacheOff_ = true;
+}
+
+
void SSL_CTX::setVerifyPeer()
{
method_->setVerifyPeer();
@@ -2312,7 +2369,108 @@
}
+#ifdef HAVE_LIBZ
+
+ void* myAlloc(void* /* opaque */, unsigned int item, unsigned int size)
+ {
+ return NEW_YS unsigned char[item * size];
+ }
+
+
+ void myFree(void* /* opaque */, void* memory)
+ {
+ unsigned char* ptr = static_cast<unsigned char*>(memory);
+ yaSSL::ysArrayDelete(ptr);
+ }
+
+
+ // put size in front of compressed data
+ int Compress(const byte* in, int sz, input_buffer& buffer)
+ {
+ byte tmp[LENGTH_SZ];
+ z_stream c_stream; /* compression stream */
+
+ buffer.allocate(sz + sizeof(uint16) + COMPRESS_EXTRA);
+
+ c_stream.zalloc = myAlloc;
+ c_stream.zfree = myFree;
+ c_stream.opaque = (voidpf)0;
+
+ c_stream.next_in = const_cast<byte*>(in);
+ c_stream.avail_in = sz;
+ c_stream.next_out = buffer.get_buffer() + sizeof(tmp);
+ c_stream.avail_out = buffer.get_capacity() - sizeof(tmp);
+
+ if (deflateInit(&c_stream, 8) != Z_OK) return -1;
+ int err = deflate(&c_stream, Z_FINISH);
+ deflateEnd(&c_stream);
+ if (err != Z_OK && err != Z_STREAM_END) return -1;
+
+ c16toa(sz, tmp);
+ memcpy(buffer.get_buffer(), tmp, sizeof(tmp));
+ buffer.add_size(c_stream.total_out + sizeof(tmp));
+
+ return 0;
+ }
+
+
+ // get uncompressed size in front
+ int DeCompress(input_buffer& in, int sz, input_buffer& out)
+ {
+ byte tmp[LENGTH_SZ];
+
+ in.read(tmp, sizeof(tmp));
+
+ uint16 len;
+ ato16(tmp, len);
+
+ out.allocate(len);
+
+ z_stream d_stream; /* decompression stream */
+
+ d_stream.zalloc = myAlloc;
+ d_stream.zfree = myFree;
+ d_stream.opaque = (voidpf)0;
+
+ d_stream.next_in = in.get_buffer() + in.get_current();
+ d_stream.avail_in = sz - sizeof(tmp);
+ d_stream.next_out = out.get_buffer();
+ d_stream.avail_out = out.get_capacity();
+
+ if (inflateInit(&d_stream) != Z_OK) return -1;
+ int err = inflate(&d_stream, Z_FINISH);
+ inflateEnd(&d_stream);
+ if (err != Z_OK && err != Z_STREAM_END) return -1;
+
+ out.add_size(d_stream.total_out);
+ in.set_current(in.get_current() + sz - sizeof(tmp));
+
+ return 0;
+ }
+
+
+#else // LIBZ
+
+ // these versions should never get called
+ int Compress(const byte* in, int sz, input_buffer& buffer)
+ {
+ assert(0);
+ return -1;
+ }
+
+
+ int DeCompress(input_buffer& in, int sz, input_buffer& out)
+ {
+ assert(0);
+ return -1;
+ }
+
+
+#endif // LIBZ
+
+
} // namespace
+
extern "C" void yaSSL_CleanUp()
--- 1.4/extra/yassl/taocrypt/include/aes.hpp 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/include/aes.hpp 2006-11-29 09:21:44 +01:00
@@ -34,6 +34,12 @@
#include "modes.hpp"
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_AES_ASM
+#endif
+
+
+
namespace TaoCrypt {
@@ -46,15 +52,14 @@
enum { BLOCK_SIZE = AES_BLOCK_SIZE };
AES(CipherDir DIR, Mode MODE)
- : Mode_BASE(BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(BLOCK_SIZE, DIR, MODE) {}
+#ifdef DO_AES_ASM
void Process(byte*, const byte*, word32);
+#endif
void SetKey(const byte* key, word32 sz, CipherDir fake = ENCRYPTION);
void SetIV(const byte* iv) { memcpy(r_, iv, BLOCK_SIZE); }
private:
- CipherDir dir_;
- Mode mode_;
-
static const word32 rcon_[];
word32 rounds_;
--- 1.4/extra/yassl/taocrypt/include/algebra.hpp 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/include/algebra.hpp 2006-11-29 09:21:44 +01:00
@@ -75,7 +75,8 @@
typedef Integer Element;
AbstractRing() : AbstractGroup() {m_mg.m_pRing = this;}
- AbstractRing(const AbstractRing &source) {m_mg.m_pRing = this;}
+ AbstractRing(const AbstractRing &source) : AbstractGroup()
+ {m_mg.m_pRing = this;}
AbstractRing& operator=(const AbstractRing &source) {return *this;}
virtual bool IsUnit(const Element &a) const =0;
--- 1.3/extra/yassl/taocrypt/include/arc4.hpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/include/arc4.hpp 2006-11-29 09:21:44 +01:00
@@ -46,7 +46,6 @@
ARC4() {}
void Process(byte*, const byte*, word32);
- void AsmProcess(byte*, const byte*, word32);
void SetKey(const byte*, word32);
private:
byte x_;
@@ -55,6 +54,8 @@
ARC4(const ARC4&); // hide copy
const ARC4 operator=(const ARC4&); // and assign
+
+ void AsmProcess(byte*, const byte*, word32);
};
} // namespace
--- 1.10/extra/yassl/taocrypt/include/asn.hpp 2006-11-29 09:21:44 +01:00
+++ 1.11/extra/yassl/taocrypt/include/asn.hpp 2006-11-29 09:21:44 +01:00
@@ -34,7 +34,11 @@
#include "misc.hpp"
#include "block.hpp"
#include "error.hpp"
-#include STL_LIST_FILE
+#ifdef USE_SYS_STL
+ #include <list>
+#else
+ #include "list.hpp"
+#endif
namespace STL = STL_NAMESPACE;
--- 1.9/extra/yassl/taocrypt/include/block.hpp 2006-11-29 09:21:44 +01:00
+++ 1.10/extra/yassl/taocrypt/include/block.hpp 2006-11-29 09:21:44 +01:00
@@ -34,7 +34,12 @@
#include "misc.hpp"
#include <string.h> // memcpy
#include <stddef.h> // ptrdiff_t
-#include STL_ALGORITHM_FILE
+
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
--- 1.4/extra/yassl/taocrypt/include/des.hpp 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/include/des.hpp 2006-11-29 09:21:44 +01:00
@@ -34,6 +34,12 @@
#include "misc.hpp"
#include "modes.hpp"
+
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_DES_ASM
+#endif
+
+
namespace TaoCrypt {
@@ -53,13 +59,9 @@
class DES : public Mode_BASE, public BasicDES {
public:
DES(CipherDir DIR, Mode MODE)
- : Mode_BASE(DES_BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(DES_BLOCK_SIZE, DIR, MODE) {}
- void Process(byte*, const byte*, word32);
private:
- CipherDir dir_;
- Mode mode_;
-
void ProcessAndXorBlock(const byte*, const byte*, byte*) const;
DES(const DES&); // hide copy
@@ -71,14 +73,10 @@
class DES_EDE2 : public Mode_BASE {
public:
DES_EDE2(CipherDir DIR, Mode MODE)
- : Mode_BASE(DES_BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(DES_BLOCK_SIZE, DIR, MODE) {}
void SetKey(const byte*, word32, CipherDir dir);
- void Process(byte*, const byte*, word32);
private:
- CipherDir dir_;
- Mode mode_;
-
BasicDES des1_;
BasicDES des2_;
@@ -94,15 +92,14 @@
class DES_EDE3 : public Mode_BASE {
public:
DES_EDE3(CipherDir DIR, Mode MODE)
- : Mode_BASE(DES_BLOCK_SIZE), dir_(DIR), mode_(MODE) {}
+ : Mode_BASE(DES_BLOCK_SIZE, DIR, MODE) {}
void SetKey(const byte*, word32, CipherDir dir);
void SetIV(const byte* iv) { memcpy(r_, iv, DES_BLOCK_SIZE); }
+#ifdef DO_DES_ASM
void Process(byte*, const byte*, word32);
+#endif
private:
- CipherDir dir_;
- Mode mode_;
-
BasicDES des1_;
BasicDES des2_;
BasicDES des3_;
--- 1.11/extra/yassl/taocrypt/include/integer.hpp 2006-11-29 09:21:44 +01:00
+++ 1.12/extra/yassl/taocrypt/include/integer.hpp 2006-11-29 09:21:44 +01:00
@@ -45,7 +45,11 @@
#include "random.hpp"
#include "file.hpp"
#include <string.h>
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
#ifdef TAOCRYPT_X86ASM_AVAILABLE
@@ -67,7 +71,8 @@
#endif
// SSE2 intrinsics work in GCC 3.3 or later
-#if defined(__SSE2__) && (__GNUC_MAJOR__ > 3 || __GNUC_MINOR__ > 2)
+#if defined(__SSE2__) && (__GNUC__ == 4 || __GNUC_MAJOR__ > 3 || \
+ __GNUC_MINOR__ > 2)
#define SSE2_INTRINSICS_AVAILABLE
#endif
@@ -106,7 +111,6 @@
#endif
};
- template class TAOCRYPT_DLL AlignedAllocator<word>;
typedef Block<word, AlignedAllocator<word> > AlignedWordBlock;
#else
typedef WordBlock AlignedWordBlock;
--- 1.3/extra/yassl/taocrypt/include/md5.hpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/include/md5.hpp 2006-11-29 09:21:44 +01:00
@@ -31,6 +31,11 @@
#include "hash.hpp"
+
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_MD5_ASM
+#endif
+
namespace TaoCrypt {
@@ -49,7 +54,9 @@
MD5(const MD5&);
MD5& operator= (const MD5&);
+#ifdef DO_MD5_ASM
void Update(const byte*, word32);
+#endif
void Init();
void Swap(MD5&);
--- 1.14/extra/yassl/taocrypt/include/misc.hpp 2006-11-29 09:21:44 +01:00
+++ 1.15/extra/yassl/taocrypt/include/misc.hpp 2006-11-29 09:21:44 +01:00
@@ -151,6 +151,17 @@
#endif
+#ifdef TAOCRYPT_X86ASM_AVAILABLE
+ bool HaveCpuId();
+ bool IsPentium();
+ void CpuId(word32 input, word32 *output);
+
+ extern bool isMMX;
+#endif
+
+
+
+
// Turn on ia32 ASM for Ciphers and Message Digests
// Seperate define since these are more complex, use member offsets
// and user may want to turn off while leaving Big Integer optos on
@@ -200,17 +211,9 @@
#ifdef USE_SYS_STL
// use system STL
- #define STL_VECTOR_FILE <vector>
- #define STL_LIST_FILE <list>
- #define STL_ALGORITHM_FILE <algorithm>
- #define STL_MEMORY_FILE <memory>
#define STL_NAMESPACE std
#else
// use mySTL
- #define STL_VECTOR_FILE "vector.hpp"
- #define STL_LIST_FILE "list.hpp"
- #define STL_ALGORITHM_FILE "algorithm.hpp"
- #define STL_MEMORY_FILE "memory.hpp"
#define STL_NAMESPACE mySTL
#endif
--- 1.7/extra/yassl/taocrypt/include/modes.hpp 2006-11-29 09:21:44 +01:00
+++ 1.8/extra/yassl/taocrypt/include/modes.hpp 2006-11-29 09:21:44 +01:00
@@ -38,6 +38,7 @@
enum Mode { ECB, CBC };
+
// BlockCipher abstraction
template<CipherDir DIR, class T, Mode MODE>
class BlockCipher {
@@ -63,14 +64,16 @@
public:
enum { MaxBlockSz = 16 };
- explicit Mode_BASE(int sz)
+ explicit Mode_BASE(int sz, CipherDir dir, Mode mode)
: blockSz_(sz), reg_(reinterpret_cast<byte*>(r_)),
- tmp_(reinterpret_cast<byte*>(t_))
+ tmp_(reinterpret_cast<byte*>(t_)), dir_(dir), mode_(mode)
{
assert(sz <= MaxBlockSz);
}
virtual ~Mode_BASE() {}
+ virtual void Process(byte*, const byte*, word32);
+
void SetIV(const byte* iv) { memcpy(reg_, iv, blockSz_); }
protected:
int blockSz_;
@@ -80,6 +83,9 @@
word32 r_[MaxBlockSz / sizeof(word32)]; // align reg_ on word32
word32 t_[MaxBlockSz / sizeof(word32)]; // align tmp_ on word32
+ CipherDir dir_;
+ Mode mode_;
+
void ECB_Process(byte*, const byte*, word32);
void CBC_Encrypt(byte*, const byte*, word32);
void CBC_Decrypt(byte*, const byte*, word32);
@@ -90,6 +96,18 @@
private:
virtual void ProcessAndXorBlock(const byte*, const byte*, byte*) const = 0;
};
+
+
+inline void Mode_BASE::Process(byte* out, const byte* in, word32 sz)
+{
+ if (mode_ == ECB)
+ ECB_Process(out, in, sz);
+ else if (mode_ == CBC)
+ if (dir_ == ENCRYPTION)
+ CBC_Encrypt(out, in, sz);
+ else
+ CBC_Decrypt(out, in, sz);
+}
// ECB Process blocks
--- 1.3/extra/yassl/taocrypt/include/ripemd.hpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/include/ripemd.hpp 2006-11-29 09:21:44 +01:00
@@ -31,6 +31,11 @@
#include "hash.hpp"
+
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_RIPEMD_ASM
+#endif
+
namespace TaoCrypt {
@@ -49,7 +54,9 @@
RIPEMD160(const RIPEMD160&);
RIPEMD160& operator= (const RIPEMD160&);
+#ifdef DO_RIPEMD_ASM
void Update(const byte*, word32);
+#endif
void Init();
void Swap(RIPEMD160&);
private:
--- 1.3/extra/yassl/taocrypt/include/rsa.hpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/include/rsa.hpp 2006-11-29 09:21:44 +01:00
@@ -239,7 +239,8 @@
const byte* sig)
{
ByteBlock plain(PK_Lengths(key_.GetModulus()).FixedMaxPlaintextLength());
- SSL_Decrypt(key_, sig, plain.get_buffer());
+ if (SSL_Decrypt(key_, sig, plain.get_buffer()) != sz)
+ return false; // not right justified or bad padding
if ( (memcmp(plain.get_buffer(), message, sz)) == 0)
return true;
--- 1.3/extra/yassl/taocrypt/include/sha.hpp 2006-11-29 09:21:44 +01:00
+++ 1.4/extra/yassl/taocrypt/include/sha.hpp 2006-11-29 09:21:44 +01:00
@@ -31,6 +31,11 @@
#include "hash.hpp"
+
+#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
+ #define DO_SHA_ASM
+#endif
+
namespace TaoCrypt {
@@ -46,7 +51,9 @@
word32 getDigestSize() const { return DIGEST_SIZE; }
word32 getPadSize() const { return PAD_SIZE; }
+#ifdef DO_SHA_ASM
void Update(const byte* data, word32 len);
+#endif
void Init();
SHA(const SHA&);
--- 1.4/extra/yassl/taocrypt/src/aes.cpp 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/src/aes.cpp 2006-11-29 09:21:44 +01:00
@@ -34,33 +34,19 @@
#include "aes.hpp"
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_AES_ASM
-#endif
-
-
namespace TaoCrypt {
-#if !defined(DO_AES_ASM)
-
-// Generic Version
-void AES::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
-#else
+#if defined(DO_AES_ASM)
// ia32 optimized version
void AES::Process(byte* out, const byte* in, word32 sz)
{
+ if (!isMMX) {
+ Mode_BASE::Process(out, in, sz);
+ return;
+ }
+
word32 blocks = sz / BLOCK_SIZE;
if (mode_ == ECB)
--- 1.11/extra/yassl/taocrypt/src/algebra.cpp 2006-11-29 09:21:44 +01:00
+++ 1.12/extra/yassl/taocrypt/src/algebra.cpp 2006-11-29 09:21:44 +01:00
@@ -29,7 +29,11 @@
#include "runtime.hpp"
#include "algebra.hpp"
-#include STL_VECTOR_FILE
+#ifdef USE_SYS_STL
+ #include <vector>
+#else
+ #include "vector.hpp"
+#endif
namespace STL = STL_NAMESPACE;
--- 1.5/extra/yassl/taocrypt/src/arc4.cpp 2006-11-29 09:21:44 +01:00
+++ 1.6/extra/yassl/taocrypt/src/arc4.cpp 2006-11-29 09:21:44 +01:00
@@ -80,12 +80,18 @@
} // namespace
-#ifndef DO_ARC4_ASM
void ARC4::Process(byte* out, const byte* in, word32 length)
{
if (length == 0) return;
+#ifdef DO_ARC4_ASM
+ if (isMMX) {
+ AsmProcess(out, in, length);
+ return;
+ }
+#endif
+
byte *const s = state_;
word32 x = x_;
word32 y = y_;
@@ -100,13 +106,16 @@
y_ = y;
}
-#else // DO_ARC4_ASM
+#ifdef DO_ARC4_ASM
+
#ifdef _MSC_VER
__declspec(naked)
+#else
+ __attribute__ ((noinline))
#endif
-void ARC4::Process(byte* out, const byte* in, word32 length)
+void ARC4::AsmProcess(byte* out, const byte* in, word32 length)
{
#ifdef __GNUC__
#define AS1(x) asm(#x);
--- 1.4/extra/yassl/taocrypt/src/des.cpp 2006-11-29 09:21:44 +01:00
+++ 1.5/extra/yassl/taocrypt/src/des.cpp 2006-11-29 09:21:44 +01:00
@@ -34,16 +34,16 @@
#include "runtime.hpp"
#include "des.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_DES_ASM
-#endif
-
namespace TaoCrypt {
@@ -357,18 +357,6 @@
}
-void DES::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
-
typedef BlockGetAndPut<word32, BigEndian> Block;
@@ -386,17 +374,6 @@
}
-void DES_EDE2::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
void DES_EDE2::SetKey(const byte* key, word32 sz, CipherDir dir)
{
des1_.SetKey(key, sz, dir);
@@ -429,25 +406,16 @@
-#if !defined(DO_DES_ASM)
-
-// Generic Version
-void DES_EDE3::Process(byte* out, const byte* in, word32 sz)
-{
- if (mode_ == ECB)
- ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- if (dir_ == ENCRYPTION)
- CBC_Encrypt(out, in, sz);
- else
- CBC_Decrypt(out, in, sz);
-}
-
-#else
+#if defined(DO_DES_ASM)
// ia32 optimized version
void DES_EDE3::Process(byte* out, const byte* in, word32 sz)
{
+ if (!isMMX) {
+ Mode_BASE::Process(out, in, sz);
+ return;
+ }
+
word32 blocks = sz / DES_BLOCK_SIZE;
if (mode_ == CBC)
--- 1.25/extra/yassl/taocrypt/src/integer.cpp 2006-11-29 09:21:44 +01:00
+++ 1.26/extra/yassl/taocrypt/src/integer.cpp 2006-11-29 09:21:44 +01:00
@@ -55,12 +55,15 @@
#pragma intrinsic (myUMULH)
#endif
+#ifdef __GNUC__
+ #include <signal.h>
+ #include <setjmp.h>
+#endif
+
#ifdef SSE2_INTRINSICS_AVAILABLE
#ifdef __GNUC__
#include <xmmintrin.h>
- #include <signal.h>
- #include <setjmp.h>
#ifdef TAOCRYPT_MEMALIGN_AVAILABLE
#include <malloc.h>
#else
@@ -1015,44 +1018,20 @@
// ************** x86 feature detection ***************
-static bool s_sse2Enabled = true;
-
-static void CpuId(word32 input, word32 *output)
-{
-#ifdef __GNUC__
- __asm__
- (
- // save ebx in case -fPIC is being used
- "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
- : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d"(output[3])
- : "a" (input)
- );
-#else
- __asm
- {
- mov eax, input
- cpuid
- mov edi, output
- mov [edi], eax
- mov [edi+4], ebx
- mov [edi+8], ecx
- mov [edi+12], edx
- }
-#endif
-}
#ifdef SSE2_INTRINSICS_AVAILABLE
+
#ifndef _MSC_VER
-static jmp_buf s_env;
-static void SigIllHandler(int)
-{
+ static jmp_buf s_env;
+ static void SigIllHandler(int)
+ {
longjmp(s_env, 1);
-}
+ }
#endif
static bool HasSSE2()
{
- if (!s_sse2Enabled)
+ if (!IsPentium())
return false;
word32 cpuid[4];
@@ -1081,23 +1060,22 @@
if (setjmp(s_env))
result = false;
else
- __asm __volatile ("xorps %xmm0, %xmm0");
+ __asm __volatile ("xorpd %xmm0, %xmm0");
signal(SIGILL, oldHandler);
return result;
#endif
}
-#endif
+#endif // SSE2_INTRINSICS_AVAILABLE
+
static bool IsP4()
{
- word32 cpuid[4];
-
- CpuId(0, cpuid);
- STL::swap(cpuid[2], cpuid[3]);
- if (memcmp(cpuid+1, "GenuineIntel", 12) != 0)
+ if (!IsPentium())
return false;
+ word32 cpuid[4];
+
CpuId(1, cpuid);
return ((cpuid[0] >> 8) & 0xf) == 0xf;
}
@@ -1147,7 +1125,12 @@
static void SetPentiumFunctionPointers()
{
- if (IsP4())
+ if (!IsPentium())
+ {
+ s_pAdd = &Portable::Add;
+ s_pSub = &Portable::Subtract;
+ }
+ else if (IsP4())
{
s_pAdd = &P4Optimized::Add;
s_pSub = &P4Optimized::Subtract;
@@ -1159,7 +1142,13 @@
}
#ifdef SSE2_INTRINSICS_AVAILABLE
- if (HasSSE2())
+ if (!IsPentium())
+ {
+ s_pMul4 = &Portable::Multiply4;
+ s_pMul8 = &Portable::Multiply8;
+ s_pMul8B = &Portable::Multiply8Bottom;
+ }
+ else if (HasSSE2())
{
s_pMul4 = &P4Optimized::Multiply4;
s_pMul8 = &P4Optimized::Multiply8;
@@ -1177,11 +1166,6 @@
static const char s_RunAtStartupSetPentiumFunctionPointers =
(SetPentiumFunctionPointers(), 0);
-void DisableSSE2()
-{
- s_sse2Enabled = false;
- SetPentiumFunctionPointers();
-}
class LowLevel : public PentiumOptimized
{
@@ -3984,6 +3968,9 @@
template hword DivideThreeWordsByTwo<hword, Word>(hword*, hword, hword, Word*);
#endif
template word DivideThreeWordsByTwo<word, DWord>(word*, word, word, DWord*);
+#ifdef SSE2_INTRINSICS_AVAILABLE
+template class AlignedAllocator<word>;
+#endif
#endif
--- 1.5/extra/yassl/taocrypt/src/md5.cpp 2006-11-29 09:21:44 +01:00
+++ 1.6/extra/yassl/taocrypt/src/md5.cpp 2006-11-29 09:21:44 +01:00
@@ -28,15 +28,16 @@
#include "runtime.hpp"
#include "md5.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_MD5_ASM
-#endif
namespace TaoCrypt {
@@ -84,10 +85,17 @@
}
-// Update digest with data of size len, do in blocks
+#ifdef DO_MD5_ASM
+
+// Update digest with data of size len
void MD5::Update(const byte* data, word32 len)
{
- byte* local = (byte*)buffer_;
+ if (!isMMX) {
+ HASHwithTransform::Update(data, len);
+ return;
+ }
+
+ byte* local = reinterpret_cast<byte*>(buffer_);
// remove buffered data if possible
if (buffLen_) {
@@ -99,27 +107,14 @@
len -= add;
if (buffLen_ == BLOCK_SIZE) {
- ByteReverseIf(local, local, BLOCK_SIZE, LittleEndianOrder);
Transform();
AddLength(BLOCK_SIZE);
buffLen_ = 0;
}
}
- // do block size transforms or all at once for asm
+ // at once for asm
if (buffLen_ == 0) {
- #ifndef DO_MD5_ASM
- while (len >= BLOCK_SIZE) {
- memcpy(&local[0], data, BLOCK_SIZE);
-
- data += BLOCK_SIZE;
- len -= BLOCK_SIZE;
-
- ByteReverseIf(local, local, BLOCK_SIZE, LittleEndianOrder);
- Transform();
- AddLength(BLOCK_SIZE);
- }
- #else
word32 times = len / BLOCK_SIZE;
if (times) {
AsmTransform(data, times);
@@ -128,7 +123,6 @@
len -= add;
data += add;
}
- #endif
}
// cache any data left
@@ -139,7 +133,6 @@
}
-#ifdef DO_MD5_ASM
/*
--- 1.17/extra/yassl/taocrypt/src/misc.cpp 2006-11-29 09:21:44 +01:00
+++ 1.18/extra/yassl/taocrypt/src/misc.cpp 2006-11-29 09:21:44 +01:00
@@ -30,6 +30,20 @@
#include "misc.hpp"
+#ifdef __GNUC__
+ #include <signal.h>
+ #include <setjmp.h>
+#endif
+
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
+
+namespace STL = STL_NAMESPACE;
+
+
#ifdef YASSL_PURE_C
void* operator new(size_t sz, TaoCrypt::new_t)
@@ -154,6 +168,130 @@
else
return value;
}
+
+
+
+#ifdef TAOCRYPT_X86ASM_AVAILABLE
+
+#ifndef _MSC_VER
+ static jmp_buf s_env;
+ static void SigIllHandler(int)
+ {
+ longjmp(s_env, 1);
+ }
+#endif
+
+
+bool HaveCpuId()
+{
+#ifdef _MSC_VER
+ __try
+ {
+ __asm
+ {
+ mov eax, 0
+ cpuid
+ }
+ }
+ __except (1)
+ {
+ return false;
+ }
+ return true;
+#else
+ typedef void (*SigHandler)(int);
+
+ SigHandler oldHandler = signal(SIGILL, SigIllHandler);
+ if (oldHandler == SIG_ERR)
+ return false;
+
+ bool result = true;
+ if (setjmp(s_env))
+ result = false;
+ else
+ __asm__ __volatile
+ (
+ // save ebx in case -fPIC is being used
+ "push %%ebx; mov $0, %%eax; cpuid; pop %%ebx"
+ :
+ :
+ : "%eax", "%ecx", "%edx"
+ );
+
+ signal(SIGILL, oldHandler);
+ return result;
+#endif
+}
+
+
+void CpuId(word32 input, word32 *output)
+{
+#ifdef __GNUC__
+ __asm__
+ (
+ // save ebx in case -fPIC is being used
+ "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
+ : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d"(output[3])
+ : "a" (input)
+ );
+#else
+ __asm
+ {
+ mov eax, input
+ cpuid
+ mov edi, output
+ mov [edi], eax
+ mov [edi+4], ebx
+ mov [edi+8], ecx
+ mov [edi+12], edx
+ }
+#endif
+}
+
+
+bool IsPentium()
+{
+ if (!HaveCpuId())
+ return false;
+
+ word32 cpuid[4];
+
+ CpuId(0, cpuid);
+ STL::swap(cpuid[2], cpuid[3]);
+ if (memcmp(cpuid+1, "GenuineIntel", 12) != 0)
+ return false;
+
+ CpuId(1, cpuid);
+ byte family = ((cpuid[0] >> 8) & 0xf);
+ if (family < 5)
+ return false;
+
+ return true;
+}
+
+
+
+static bool IsMmx()
+{
+ if (!IsPentium())
+ return false;
+
+ word32 cpuid[4];
+
+ CpuId(1, cpuid);
+ if ((cpuid[3] & (1 << 23)) == 0)
+ return false;
+
+ return true;
+}
+
+
+bool isMMX = IsMmx();
+
+
+#endif // TAOCRYPT_X86ASM_AVAILABLE
+
+
} // namespace
--- 1.10/extra/yassl/taocrypt/src/random.cpp 2006-11-29 09:21:44 +01:00
+++ 1.11/extra/yassl/taocrypt/src/random.cpp 2006-11-29 09:21:44 +01:00
@@ -50,8 +50,11 @@
RandomNumberGenerator::RandomNumberGenerator()
{
byte key[32];
+ byte junk[256];
+
seed_.GenerateSeed(key, sizeof(key));
cipher_.SetKey(key, sizeof(key));
+ GenerateBlock(junk, sizeof(junk)); // rid initial state
}
--- 1.5/extra/yassl/taocrypt/src/ripemd.cpp 2006-11-29 09:21:44 +01:00
+++ 1.6/extra/yassl/taocrypt/src/ripemd.cpp 2006-11-29 09:21:44 +01:00
@@ -28,15 +28,16 @@
#include "runtime.hpp"
#include "ripemd.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_RIPEMD_ASM
-#endif
namespace TaoCrypt {
@@ -86,10 +87,17 @@
}
-// Update digest with data of size len, do in blocks
+#ifdef DO_RIPEMD_ASM
+
+// Update digest with data of size len
void RIPEMD160::Update(const byte* data, word32 len)
{
- byte* local = (byte*)buffer_;
+ if (!isMMX) {
+ HASHwithTransform::Update(data, len);
+ return;
+ }
+
+ byte* local = reinterpret_cast<byte*>(buffer_);
// remove buffered data if possible
if (buffLen_) {
@@ -101,27 +109,14 @@
len -= add;
if (buffLen_ == BLOCK_SIZE) {
- ByteReverseIf(local, local, BLOCK_SIZE, LittleEndianOrder);
Transform();
AddLength(BLOCK_SIZE);
buffLen_ = 0;
}
}
- // do block size transforms or all at once for asm
+ // all at once for asm
if (buffLen_ == 0) {
- #ifndef DO_RIPEMD_ASM
- while (len >= BLOCK_SIZE) {
- memcpy(&local[0], data, BLOCK_SIZE);
-
- data += BLOCK_SIZE;
- len -= BLOCK_SIZE;
-
- ByteReverseIf(local, local, BLOCK_SIZE, LittleEndianOrder);
- Transform();
- AddLength(BLOCK_SIZE);
- }
- #else
word32 times = len / BLOCK_SIZE;
if (times) {
AsmTransform(data, times);
@@ -130,7 +125,6 @@
len -= add;
data += add;
}
- #endif
}
// cache any data left
@@ -139,6 +133,8 @@
buffLen_ += len;
}
}
+
+#endif // DO_RIPEMD_ASM
// for all
--- 1.5/extra/yassl/taocrypt/src/sha.cpp 2006-11-29 09:21:44 +01:00
+++ 1.6/extra/yassl/taocrypt/src/sha.cpp 2006-11-29 09:21:44 +01:00
@@ -28,16 +28,16 @@
#include "runtime.hpp"
#include <string.h>
#include "sha.hpp"
-#include STL_ALGORITHM_FILE
+#ifdef USE_SYS_STL
+ #include <algorithm>
+#else
+ #include "algorithm.hpp"
+#endif
namespace STL = STL_NAMESPACE;
-#if defined(TAOCRYPT_X86ASM_AVAILABLE) && defined(TAO_ASM)
- #define DO_SHA_ASM
-#endif
-
namespace TaoCrypt {
@@ -108,10 +108,18 @@
}
-// Update digest with data of size len, do in blocks
+
+#ifdef DO_SHA_ASM
+
+// Update digest with data of size len
void SHA::Update(const byte* data, word32 len)
{
- byte* local = (byte*)buffer_;
+ if (!isMMX) {
+ HASHwithTransform::Update(data, len);
+ return;
+ }
+
+ byte* local = reinterpret_cast<byte*>(buffer_);
// remove buffered data if possible
if (buffLen_) {
@@ -123,27 +131,15 @@
len -= add;
if (buffLen_ == BLOCK_SIZE) {
- ByteReverseIf(local, local, BLOCK_SIZE, BigEndianOrder);
+ ByteReverse(local, local, BLOCK_SIZE);
Transform();
AddLength(BLOCK_SIZE);
buffLen_ = 0;
}
}
- // do block size transforms or all at once for asm
+ // all at once for asm
if (buffLen_ == 0) {
- #ifndef DO_SHA_ASM
- while (len >= BLOCK_SIZE) {
- memcpy(&local[0], data, BLOCK_SIZE);
-
- data += BLOCK_SIZE;
- len -= BLOCK_SIZE;
-
- ByteReverseIf(local, local, BLOCK_SIZE, BigEndianOrder);
- Transform();
- AddLength(BLOCK_SIZE);
- }
- #else
word32 times = len / BLOCK_SIZE;
if (times) {
AsmTransform(data, times);
@@ -152,7 +148,6 @@
len -= add;
data += add;
}
- #endif
}
// cache any data left
@@ -161,6 +156,8 @@
buffLen_ += len;
}
}
+
+#endif // DO_SHA_ASM
void SHA::Transform()
| Thread |
|---|
| • bk commit into 5.0 tree (msvensson:1.2343) | msvensson | 29 Nov |
