Below is the list of changes that have just been committed into a local
5.1 repository of msvensson. When msvensson does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2006-11-29 09:27:43+01:00, msvensson@shellback.(none) +5 -0
Merge shellback.(none):/home/msvensson/mysql/yassl_import/my50-yassl_import
into shellback.(none):/home/msvensson/mysql/yassl_import/my51-yassl_import
MERGE: 1.1810.2320.20
extra/yassl/include/openssl/ssl.h@stripped, 2006-11-29 09:27:39+01:00, msvensson@shellback.(none) +0 -0
Auto merged
MERGE: 1.14.1.4
extra/yassl/include/yassl_int.hpp@stripped, 2006-11-29 09:27:39+01:00, msvensson@shellback.(none) +0 -0
Auto merged
MERGE: 1.11.1.4
extra/yassl/src/ssl.cpp@stripped, 2006-11-29 09:27:39+01:00, msvensson@shellback.(none) +0 -0
Auto merged
MERGE: 1.16.1.4
extra/yassl/src/yassl_imp.cpp@stripped, 2006-11-29 09:27:39+01:00, msvensson@shellback.(none) +0 -0
Auto merged
MERGE: 1.8.1.4
extra/yassl/src/yassl_int.cpp@stripped, 2006-11-29 09:27:39+01:00, msvensson@shellback.(none) +0 -0
Auto merged
MERGE: 1.19.1.4
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: msvensson
# Host: shellback.(none)
# Root: /home/msvensson/mysql/yassl_import/my51-yassl_import/RESYNC
--- 1.18/extra/yassl/include/openssl/ssl.h 2006-11-29 09:27:51 +01:00
+++ 1.19/extra/yassl/include/openssl/ssl.h 2006-11-29 09:27:51 +01:00
@@ -41,7 +41,7 @@
#include "rsa.h"
-#define YASSL_VERSION "1.4.3"
+#define YASSL_VERSION "1.5.0"
#if defined(__cplusplus)
@@ -228,6 +228,7 @@
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
long SSL_SESSION_set_timeout(SSL_SESSION*, long);
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode);
X509* SSL_get_peer_certificate(SSL*);
long SSL_get_verify_result(SSL*);
@@ -361,6 +362,8 @@
SSL_METHOD *SSLv3_client_method(void);
SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
+SSL_METHOD *TLSv1_1_server_method(void);
+SSL_METHOD *TLSv1_1_client_method(void);
SSL_METHOD *SSLv23_server_method(void);
int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
@@ -529,6 +532,10 @@
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
+
+
+/* yaSSL adds */
+int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */
--- 1.15/extra/yassl/include/yassl_int.hpp 2006-11-29 09:27:51 +01:00
+++ 1.16/extra/yassl/include/yassl_int.hpp 2006-11-29 09:27:51 +01:00
@@ -431,6 +431,7 @@
DH_Parms dhParms_;
pem_password_cb passwordCb_;
void* userData_;
+ bool sessionCacheOff_;
Stats stats_;
Mutex mutex_; // for Stats
public:
@@ -445,6 +446,7 @@
const Stats& GetStats() const;
pem_password_cb GetPasswordCb() const;
void* GetUserData() const;
+ bool GetSessionCacheOff() const;
void setVerifyPeer();
void setVerifyNone();
@@ -453,6 +455,7 @@
bool SetDH(const DH&);
void SetPasswordCb(pem_password_cb cb);
void SetUserData(void*);
+ void SetSessionCacheOff();
void IncrementStats(StatsField);
void AddCA(x509* ca);
@@ -600,6 +603,7 @@
const Socket& getSocket() const;
YasslError GetError() const;
bool GetMultiProtocol() const;
+ bool CompressionOn() const;
Crypto& useCrypto();
Security& useSecurity();
@@ -617,9 +621,12 @@
void set_preMaster(const opaque*, uint);
void set_masterSecret(const opaque*);
void SetError(YasslError);
+ int SetCompression();
+ void UnSetCompression();
// helpers
bool isTLS() const;
+ bool isTLSv1_1() const;
void order_error();
void makeMasterSecret();
void makeTLSMasterSecret();
@@ -652,6 +659,10 @@
const SSL& operator=(const SSL&); // and assign
};
+
+// compression
+int Compress(const byte*, int, input_buffer&);
+int DeCompress(input_buffer&, int, input_buffer&);
// conversion functions
--- 1.22/extra/yassl/src/ssl.cpp 2006-11-29 09:27:51 +01:00
+++ 1.23/extra/yassl/src/ssl.cpp 2006-11-29 09:27:51 +01:00
@@ -184,10 +184,22 @@
}
+SSL_METHOD* TLSv1_1_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
SSL_METHOD* SSLv23_server_method()
{
// compatibility only, no version 2 support, but does SSL 3 and TLS 1
- return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1), true);
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
}
@@ -196,7 +208,7 @@
// compatibility only, no version 2 support, but does SSL 3 and TLS 1
// though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
// TODO: maybe add support to send SSLv2 hello ???
- return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1), true);
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
}
@@ -407,7 +419,6 @@
Alert alert(warning, close_notify);
sendAlert(*ssl, alert);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
- ssl->useSocket().closeSocket();
GetErrors().Remove();
@@ -415,8 +426,21 @@
}
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+ if (mode == SSL_SESS_CACHE_OFF)
+ ctx->SetSessionCacheOff();
+
+ return SSL_SUCCESS;
+}
+
+
SSL_SESSION* SSL_get_session(SSL* ssl)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return 0;
+
return GetSessions().lookup(
ssl->getSecurity().get_connection().sessionID_);
}
@@ -424,6 +448,9 @@
int SSL_set_session(SSL* ssl, SSL_SESSION* session)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return SSL_FAILURE;
+
ssl->set_session(session);
return SSL_SUCCESS;
}
@@ -512,6 +539,19 @@
}
+
+/* turn on yaSSL zlib compression
+ returns 0 for success, else error (not built in)
+ only need to turn on for client, becuase server on by default if built in
+ but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl)
+{
+ return ssl->SetCompression();
+}
+
+
+
X509* SSL_get_peer_certificate(SSL* ssl)
{
return ssl->getCrypto().get_certManager().get_peerX509();
@@ -1359,6 +1399,56 @@
}
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+ ctx->SetPasswordCb(cb);
+}
+
+
+int SSLeay_add_ssl_algorithms() // compatibility only
+{
+ return 1;
+}
+
+
+void ERR_remove_state(unsigned long)
+{
+ GetErrors().Remove();
+}
+
+
+int ERR_GET_REASON(int l)
+{
+ return l & 0xfff;
+}
+
+
+unsigned long err_helper(bool peek = false)
+{
+ int ysError = GetErrors().Lookup(peek);
+
+ // translate cert error for libcurl, it uses OpenSSL hex code
+ switch (ysError) {
+ case TaoCrypt::SIG_OTHER_E:
+ return CERTFICATE_ERROR;
+ break;
+ default :
+ return 0;
+ }
+}
+
+
+unsigned long ERR_peek_error()
+{
+ return err_helper(true);
+}
+
+
+unsigned long ERR_get_error()
+{
+ return err_helper();
+}
+
// functions for stunnel
@@ -1477,13 +1567,6 @@
}
- long SSL_CTX_set_session_cache_mode(SSL_CTX*, long)
- {
- // TDOD:
- return SSL_SUCCESS;
- }
-
-
long SSL_CTX_set_timeout(SSL_CTX*, long)
{
// TDOD:
@@ -1498,12 +1581,6 @@
}
- void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
- {
- ctx->SetPasswordCb(cb);
- }
-
-
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
{
// TDOD:
@@ -1554,49 +1631,6 @@
return 0;
}
-
- int SSLeay_add_ssl_algorithms() // compatibility only
- {
- return 1;
- }
-
-
- void ERR_remove_state(unsigned long)
- {
- GetErrors().Remove();
- }
-
-
- int ERR_GET_REASON(int l)
- {
- return l & 0xfff;
- }
-
- unsigned long err_helper(bool peek = false)
- {
- int ysError = GetErrors().Lookup(peek);
-
- // translate cert error for libcurl, it uses OpenSSL hex code
- switch (ysError) {
- case TaoCrypt::SIG_OTHER_E:
- return CERTFICATE_ERROR;
- break;
- default :
- return 0;
- }
- }
-
-
- unsigned long ERR_peek_error()
- {
- return err_helper(true);
- }
-
-
- unsigned long ERR_get_error()
- {
- return err_helper();
- }
// end stunnel needs
--- 1.12/extra/yassl/src/yassl_imp.cpp 2006-11-29 09:27:51 +01:00
+++ 1.13/extra/yassl/src/yassl_imp.cpp 2006-11-29 09:27:51 +01:00
@@ -87,7 +87,7 @@
opaque tmp[SECRET_LEN];
memset(tmp, 0, sizeof(tmp));
ssl.getCrypto().get_random().Fill(tmp, SECRET_LEN);
- ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
tmp[0] = pv.major_;
tmp[1] = pv.minor_;
ssl.set_preMaster(tmp, SECRET_LEN);
@@ -233,6 +233,10 @@
rsa.decrypt(preMasterSecret, secret_, length_,
ssl.getCrypto().get_random());
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
+ if (pv.major_ != preMasterSecret[0] || pv.minor_ != preMasterSecret[1])
+ ssl.SetError(pms_version_error); // continue deriving for timing attack
+
ssl.set_preMaster(preMasterSecret, SECRET_LEN);
ssl.makeMasterSecret();
}
@@ -437,6 +441,7 @@
ProtocolVersion pv, bool haveDH) : entity_(ce)
{
pending_ = true; // suite not set yet
+ strncpy(cipher_name_, "NONE", 5);
if (ciphers.setSuites_) { // use user set list
suites_size_ = ciphers.suiteSz_;
@@ -445,6 +450,7 @@
}
else
SetSuites(pv, ce == server_end && !haveDH); // defaults
+
}
@@ -613,14 +619,18 @@
void HandShakeHeader::Process(input_buffer& input, SSL& ssl)
{
ssl.verifyState(*this);
+ if (ssl.GetError()) return;
const HandShakeFactory& hsf = ssl.getFactory().getHandShake();
mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_));
if (!hs.get()) {
ssl.SetError(factory_error);
return;
}
- hashHandShake(ssl, input, c24to32(length_));
+ uint len = c24to32(length_);
+ hashHandShake(ssl, input, len);
+
+ hs->set_length(len);
input >> *hs;
hs->Process(input, ssl);
}
@@ -849,11 +859,17 @@
opaque mac[SHA_LEN];
input.read(mac, digestSz);
+ if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ int ivExtra = 0;
opaque fill;
- int padSz = ssl.getSecurity().get_parms().encrypt_size_ - aSz -
- digestSz;
+
+ if (ssl.isTLSv1_1())
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+ int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
+ aSz - digestSz;
for (int i = 0; i < padSz; i++)
fill = input[AUTO];
+ }
// verify
if (memcmp(mac, verify, digestSz)) {
@@ -879,9 +895,13 @@
{}
-Data::Data(uint16 len, const opaque* w)
- : length_(len), buffer_(0), write_buffer_(w)
-{}
+void Data::SetData(uint16 len, const opaque* buffer)
+{
+ assert(write_buffer_ == 0);
+
+ length_ = len;
+ write_buffer_ = buffer;
+}
input_buffer& Data::set(input_buffer& in)
{
@@ -907,17 +927,12 @@
}
-const opaque* Data::get_buffer() const
-{
- return write_buffer_;
-}
-
-
void Data::set_length(uint16 l)
{
length_ = l;
}
+
opaque* Data::set_buffer()
{
return buffer_;
@@ -937,27 +952,42 @@
{
int msgSz = ssl.getSecurity().get_parms().encrypt_size_;
int pad = 0, padByte = 0;
+ int ivExtra = 0;
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
- pad = *(input.get_buffer() + input.get_current() + msgSz - 1);
+ if (ssl.isTLSv1_1()) // IV
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+ pad = *(input.get_buffer() + input.get_current() + msgSz -ivExtra - 1);
padByte = 1;
}
int digestSz = ssl.getCrypto().get_digest().get_digestSize();
- int dataSz = msgSz - digestSz - pad - padByte;
+ int dataSz = msgSz - ivExtra - digestSz - pad - padByte;
opaque verify[SHA_LEN];
+ const byte* rawData = input.get_buffer() + input.get_current();
+
// read data
- if (dataSz) {
+ if (dataSz) { // could be compressed
+ if (ssl.CompressionOn()) {
+ input_buffer tmp;
+ if (DeCompress(input, dataSz, tmp) == -1) {
+ ssl.SetError(decompress_error);
+ return;
+ }
+ ssl.addData(NEW_YS input_buffer(tmp.get_size(),
+ tmp.get_buffer(), tmp.get_size()));
+ }
+ else {
input_buffer* data;
ssl.addData(data = NEW_YS input_buffer(dataSz));
input.read(data->get_buffer(), dataSz);
data->add_size(dataSz);
+ }
if (ssl.isTLS())
- TLS_hmac(ssl, verify, data->get_buffer(), dataSz, application_data,
- true);
+ TLS_hmac(ssl, verify, rawData, dataSz, application_data, true);
else
- hmac(ssl, verify, data->get_buffer(), dataSz, application_data,
- true);
+ hmac(ssl, verify, rawData, dataSz, application_data, true);
}
// read mac and fill
@@ -1220,6 +1250,13 @@
if (ssl.isTLS() && server_version_.minor_ < 1)
// downgrade to SSLv3
ssl.useSecurity().use_connection().TurnOffTLS();
+ else if (ssl.isTLSv1_1() && server_version_.minor_ == 1)
+ // downdrage to TLSv1
+ ssl.useSecurity().use_connection().TurnOffTLS1_1();
+ }
+ else if (ssl.isTLSv1_1() && server_version_.minor_ < 2) {
+ ssl.SetError(badVersion_error);
+ return;
}
else if (ssl.isTLS() && server_version_.minor_ < 1) {
ssl.SetError(badVersion_error);
@@ -1252,6 +1289,10 @@
ssl.useSecurity().set_resuming(false);
ssl.useLog().Trace("server denied resumption");
}
+
+ if (ssl.CompressionOn() && !compression_method_)
+ ssl.UnSetCompression(); // server isn't supporting yaSSL zlib request
+
ssl.useStates().useClient() = serverHelloComplete;
}
@@ -1263,8 +1304,9 @@
}
-ServerHello::ServerHello(ProtocolVersion pv)
- : server_version_(pv)
+ServerHello::ServerHello(ProtocolVersion pv, bool useCompression)
+ : server_version_(pv),
+ compression_method_(useCompression ? zlib : no_compression)
{
memset(random_, 0, RAN_LEN);
memset(session_id_, 0, ID_LEN);
@@ -1341,6 +1383,8 @@
// input operator for Client Hello
input_buffer& operator>>(input_buffer& input, ClientHello& hello)
{
+ uint begin = input.get_current(); // could have extensions at end
+
// Protocol
hello.client_version_.major_ = input[AUTO];
hello.client_version_.minor_ = input[AUTO];
@@ -1361,8 +1405,19 @@
// Compression
hello.comp_len_ = input[AUTO];
- while (hello.comp_len_--) // ignore for now
- hello.compression_methods_ = CompressionMethod(input[AUTO]);
+ hello.compression_methods_ = no_compression;
+ while (hello.comp_len_--) {
+ CompressionMethod cm = CompressionMethod(input[AUTO]);
+ if (cm == zlib)
+ hello.compression_methods_ = zlib;
+ }
+
+ uint read = input.get_current() - begin;
+ uint expected = hello.get_length();
+
+ // ignore client hello extensions for now
+ if (read < expected)
+ input.set_current(input.get_current() + expected - read);
return input;
}
@@ -1400,6 +1455,13 @@
// Client Hello processing handler
void ClientHello::Process(input_buffer&, SSL& ssl)
{
+ // store version for pre master secret
+ ssl.useSecurity().use_connection().chVersion_ = client_version_;
+
+ if (client_version_.major_ != 3) {
+ ssl.SetError(badVersion_error);
+ return;
+ }
if (ssl.GetMultiProtocol()) { // SSLv23 support
if (ssl.isTLS() && client_version_.minor_ < 1) {
// downgrade to SSLv3
@@ -1407,20 +1469,29 @@
ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
ssl.useSecurity().use_parms().SetSuites(pv); // reset w/ SSL suites
}
+ else if (ssl.isTLSv1_1() && client_version_.minor_ == 1)
+ // downgrade to TLSv1, but use same suites
+ ssl.useSecurity().use_connection().TurnOffTLS1_1();
+ }
+ else if (ssl.isTLSv1_1() && client_version_.minor_ < 2) {
+ ssl.SetError(badVersion_error);
+ return;
}
else if (ssl.isTLS() && client_version_.minor_ < 1) {
ssl.SetError(badVersion_error);
return;
}
- else if (!ssl.isTLS() && (client_version_.major_ == 3 &&
- client_version_.minor_ >= 1)) {
+ else if (!ssl.isTLS() && client_version_.minor_ >= 1) {
ssl.SetError(badVersion_error);
return;
}
+
ssl.set_random(random_, client_end);
while (id_len_) { // trying to resume
- SSL_SESSION* session = GetSessions().lookup(session_id_);
+ SSL_SESSION* session = 0;
+ if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
+ session = GetSessions().lookup(session_id_);
if (!session) {
ssl.useLog().Trace("session lookup failed");
break;
@@ -1444,6 +1515,9 @@
ssl.matchSuite(cipher_suites_, suite_len_);
ssl.set_pending(ssl.getSecurity().get_parms().suite_[1]);
+ if (compression_methods_ == zlib)
+ ssl.SetCompression();
+
ssl.useStates().useServer() = clientHelloComplete;
}
@@ -1478,8 +1552,9 @@
}
-ClientHello::ClientHello(ProtocolVersion pv)
- : client_version_(pv)
+ClientHello::ClientHello(ProtocolVersion pv, bool useCompression)
+ : client_version_(pv),
+ compression_methods_(useCompression ? zlib : no_compression)
{
memset(random_, 0, RAN_LEN);
}
@@ -1943,8 +2018,13 @@
int digestSz = ssl.getCrypto().get_digest().get_digestSize();
input.read(mac, digestSz);
+ uint ivExtra = 0;
+ if (ssl.getSecurity().get_parms().cipher_type_ == block)
+ if (ssl.isTLSv1_1())
+ ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+
opaque fill;
- int padSz = ssl.getSecurity().get_parms().encrypt_size_ -
+ int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
HANDSHAKE_HEADER - finishedSz - digestSz;
for (int i = 0; i < padSz; i++)
fill = input[AUTO];
@@ -2018,7 +2098,9 @@
Connection::Connection(ProtocolVersion v, RandomPool& ran)
: pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0),
pre_secret_len_(0), send_server_key_(false), master_clean_(false),
- TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran)
+ TLS_(v.major_ >= 3 && v.minor_ >= 1),
+ TLSv1_1_(v.major_ >= 3 && v.minor_ >= 2), compression_(false),
+ version_(v), random_(ran)
{
memset(sessionID_, 0, sizeof(sessionID_));
}
@@ -2040,6 +2122,13 @@
{
TLS_ = false;
version_.minor_ = 0;
+}
+
+
+void Connection::TurnOffTLS1_1()
+{
+ TLSv1_1_ = false;
+ version_.minor_ = 1;
}
--- 1.23/extra/yassl/src/yassl_int.cpp 2006-11-29 09:27:51 +01:00
+++ 1.24/extra/yassl/src/yassl_int.cpp 2006-11-29 09:27:51 +01:00
@@ -38,6 +38,11 @@
#endif
+#ifdef HAVE_LIBZ
+ #include "zlib.h"
+#endif
+
+
#ifdef YASSL_PURE_C
void* operator new(size_t sz, yaSSL::new_t)
@@ -727,6 +732,32 @@
}
+// set yaSSL zlib type compression
+int SSL::SetCompression()
+{
+#ifdef HAVE_LIBZ
+ secure_.use_connection().compression_ = true;
+ return 0;
+#else
+ return -1; // not built in
+#endif
+}
+
+
+// unset yaSSL zlib type compression
+void SSL::UnSetCompression()
+{
+ secure_.use_connection().compression_ = false;
+}
+
+
+// is yaSSL zlib compression on
+bool SSL::CompressionOn() const
+{
+ return secure_.get_connection().compression_;
+}
+
+
// store master secret
void SSL::set_masterSecret(const opaque* sec)
{
@@ -1109,6 +1140,11 @@
{
if (GetError()) return;
+ if (rlHeader.version_.major_ != 3 || rlHeader.version_.minor_ > 2) {
+ SetError(badVersion_error);
+ return;
+ }
+
if (states_.getRecord() == recordNotReady ||
(rlHeader.type_ == application_data && // data and handshake
states_.getHandShake() != handShakeReady) ) // isn't complete yet
@@ -1247,6 +1283,9 @@
void SSL::set_session(SSL_SESSION* s)
{
+ if (getSecurity().GetContext()->GetSessionCacheOff())
+ return;
+
if (s && GetSessions().lookup(s->GetID(), &secure_.use_resume())) {
secure_.set_resuming(true);
crypto_.use_certManager().setPeerX509(s->GetPeerX509());
@@ -1344,6 +1383,12 @@
}
+bool SSL::isTLSv1_1() const
+{
+ return secure_.get_connection().TLSv1_1_;
+}
+
+
void SSL::addData(input_buffer* data)
{
buffers_.useData().push_back(data);
@@ -1703,7 +1748,7 @@
SSL_CTX::SSL_CTX(SSL_METHOD* meth)
: method_(meth), certificate_(0), privateKey_(0), passwordCb_(0),
- userData_(0)
+ userData_(0), sessionCacheOff_(false)
{}
@@ -1784,12 +1829,24 @@
}
+bool SSL_CTX::GetSessionCacheOff() const
+{
+ return sessionCacheOff_;
+}
+
+
void SSL_CTX::SetUserData(void* data)
{
userData_ = data;
}
+void SSL_CTX::SetSessionCacheOff()
+{
+ sessionCacheOff_ = true;
+}
+
+
void SSL_CTX::setVerifyPeer()
{
method_->setVerifyPeer();
@@ -2312,7 +2369,108 @@
}
+#ifdef HAVE_LIBZ
+
+ void* myAlloc(void* /* opaque */, unsigned int item, unsigned int size)
+ {
+ return NEW_YS unsigned char[item * size];
+ }
+
+
+ void myFree(void* /* opaque */, void* memory)
+ {
+ unsigned char* ptr = static_cast<unsigned char*>(memory);
+ yaSSL::ysArrayDelete(ptr);
+ }
+
+
+ // put size in front of compressed data
+ int Compress(const byte* in, int sz, input_buffer& buffer)
+ {
+ byte tmp[LENGTH_SZ];
+ z_stream c_stream; /* compression stream */
+
+ buffer.allocate(sz + sizeof(uint16) + COMPRESS_EXTRA);
+
+ c_stream.zalloc = myAlloc;
+ c_stream.zfree = myFree;
+ c_stream.opaque = (voidpf)0;
+
+ c_stream.next_in = const_cast<byte*>(in);
+ c_stream.avail_in = sz;
+ c_stream.next_out = buffer.get_buffer() + sizeof(tmp);
+ c_stream.avail_out = buffer.get_capacity() - sizeof(tmp);
+
+ if (deflateInit(&c_stream, 8) != Z_OK) return -1;
+ int err = deflate(&c_stream, Z_FINISH);
+ deflateEnd(&c_stream);
+ if (err != Z_OK && err != Z_STREAM_END) return -1;
+
+ c16toa(sz, tmp);
+ memcpy(buffer.get_buffer(), tmp, sizeof(tmp));
+ buffer.add_size(c_stream.total_out + sizeof(tmp));
+
+ return 0;
+ }
+
+
+ // get uncompressed size in front
+ int DeCompress(input_buffer& in, int sz, input_buffer& out)
+ {
+ byte tmp[LENGTH_SZ];
+
+ in.read(tmp, sizeof(tmp));
+
+ uint16 len;
+ ato16(tmp, len);
+
+ out.allocate(len);
+
+ z_stream d_stream; /* decompression stream */
+
+ d_stream.zalloc = myAlloc;
+ d_stream.zfree = myFree;
+ d_stream.opaque = (voidpf)0;
+
+ d_stream.next_in = in.get_buffer() + in.get_current();
+ d_stream.avail_in = sz - sizeof(tmp);
+ d_stream.next_out = out.get_buffer();
+ d_stream.avail_out = out.get_capacity();
+
+ if (inflateInit(&d_stream) != Z_OK) return -1;
+ int err = inflate(&d_stream, Z_FINISH);
+ inflateEnd(&d_stream);
+ if (err != Z_OK && err != Z_STREAM_END) return -1;
+
+ out.add_size(d_stream.total_out);
+ in.set_current(in.get_current() + sz - sizeof(tmp));
+
+ return 0;
+ }
+
+
+#else // LIBZ
+
+ // these versions should never get called
+ int Compress(const byte* in, int sz, input_buffer& buffer)
+ {
+ assert(0);
+ return -1;
+ }
+
+
+ int DeCompress(input_buffer& in, int sz, input_buffer& out)
+ {
+ assert(0);
+ return -1;
+ }
+
+
+#endif // LIBZ
+
+
} // namespace
+
extern "C" void yaSSL_CleanUp()
| Thread |
|---|
| • bk commit into 5.1 tree (msvensson:1.2387) | msvensson | 29 Nov |
