Below is the list of changes that have just been committed into a local
5.0 repository of svoj. When svoj does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.1847 05/04/28 18:23:27 svoj@stripped +104 -0
WL#2286 Compile MySQL w/YASSL support
yaSSL-0.9.7 library bundled.
extra/yassl/yassl.dsw
1.1 05/04/28 18:23:22 svoj@stripped +137 -0
extra/yassl/yassl.dsp
1.1 05/04/28 18:23:22 svoj@stripped +192 -0
extra/yassl/taocrypt/taocrypt.dsw
1.1 05/04/28 18:23:22 svoj@stripped +44 -0
extra/yassl/yassl.dsw
1.0 05/04/28 18:23:22 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/yassl.dsw
extra/yassl/yassl.dsp
1.0 05/04/28 18:23:22 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/yassl.dsp
extra/yassl/taocrypt/taocrypt.dsw
1.0 05/04/28 18:23:22 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/taocrypt.dsw
extra/yassl/taocrypt/taocrypt.dsp
1.1 05/04/28 18:23:21 svoj@stripped +260 -0
extra/yassl/taocrypt/src/sha.cpp
1.1 05/04/28 18:23:21 svoj@stripped +144 -0
extra/yassl/taocrypt/src/rsa.cpp
1.1 05/04/28 18:23:21 svoj@stripped +215 -0
extra/yassl/taocrypt/src/ripemd.cpp
1.1 05/04/28 18:23:21 svoj@stripped +289 -0
extra/yassl/taocrypt/src/random.cpp
1.1 05/04/28 18:23:21 svoj@stripped +131 -0
extra/yassl/taocrypt/taocrypt.dsp
1.0 05/04/28 18:23:21 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/taocrypt.dsp
extra/yassl/taocrypt/src/sha.cpp
1.0 05/04/28 18:23:21 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/sha.cpp
extra/yassl/taocrypt/src/rsa.cpp
1.0 05/04/28 18:23:21 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/rsa.cpp
extra/yassl/taocrypt/src/ripemd.cpp
1.0 05/04/28 18:23:21 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/ripemd.cpp
extra/yassl/taocrypt/src/random.cpp
1.0 05/04/28 18:23:21 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/random.cpp
extra/yassl/taocrypt/src/misc.cpp
1.1 05/04/28 18:23:20 svoj@stripped +132 -0
extra/yassl/taocrypt/src/md5.cpp
1.1 05/04/28 18:23:20 svoj@stripped +169 -0
extra/yassl/taocrypt/src/md2.cpp
1.1 05/04/28 18:23:20 svoj@stripped +128 -0
extra/yassl/taocrypt/src/integer.cpp
1.1 05/04/28 18:23:20 svoj@stripped +4174 -0
extra/yassl/taocrypt/src/misc.cpp
1.0 05/04/28 18:23:20 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/misc.cpp
extra/yassl/taocrypt/src/md5.cpp
1.0 05/04/28 18:23:20 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/md5.cpp
extra/yassl/taocrypt/src/md2.cpp
1.0 05/04/28 18:23:20 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/md2.cpp
extra/yassl/taocrypt/src/integer.cpp
1.0 05/04/28 18:23:20 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/integer.cpp
extra/yassl/taocrypt/src/hash.cpp
1.1 05/04/28 18:23:19 svoj@stripped +88 -0
extra/yassl/taocrypt/src/file.cpp
1.1 05/04/28 18:23:19 svoj@stripped +118 -0
extra/yassl/taocrypt/src/dsa.cpp
1.1 05/04/28 18:23:19 svoj@stripped +277 -0
extra/yassl/taocrypt/src/dh.cpp
1.1 05/04/28 18:23:19 svoj@stripped +85 -0
extra/yassl/taocrypt/src/des.cpp
1.1 05/04/28 18:23:19 svoj@stripped +435 -0
extra/yassl/taocrypt/src/hash.cpp
1.0 05/04/28 18:23:19 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/hash.cpp
extra/yassl/taocrypt/src/file.cpp
1.0 05/04/28 18:23:19 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/file.cpp
extra/yassl/taocrypt/src/dsa.cpp
1.0 05/04/28 18:23:19 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/dsa.cpp
extra/yassl/taocrypt/src/dh.cpp
1.0 05/04/28 18:23:19 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/dh.cpp
extra/yassl/taocrypt/src/des.cpp
1.0 05/04/28 18:23:19 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/des.cpp
extra/yassl/taocrypt/src/coding.cpp
1.1 05/04/28 18:23:18 svoj@stripped +250 -0
extra/yassl/taocrypt/src/asn.cpp
1.1 05/04/28 18:23:18 svoj@stripped +1051 -0
extra/yassl/taocrypt/src/arc4.cpp
1.1 05/04/28 18:23:18 svoj@stripped +93 -0
extra/yassl/taocrypt/src/algebra.cpp
1.1 05/04/28 18:23:18 svoj@stripped +354 -0
extra/yassl/taocrypt/src/coding.cpp
1.0 05/04/28 18:23:18 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/coding.cpp
extra/yassl/taocrypt/src/asn.cpp
1.0 05/04/28 18:23:18 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/asn.cpp
extra/yassl/taocrypt/src/arc4.cpp
1.0 05/04/28 18:23:18 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/arc4.cpp
extra/yassl/taocrypt/src/algebra.cpp
1.0 05/04/28 18:23:18 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/algebra.cpp
extra/yassl/taocrypt/src/aestables.cpp
1.1 05/04/28 18:23:17 svoj@stripped +724 -0
extra/yassl/taocrypt/src/aes.cpp
1.1 05/04/28 18:23:17 svoj@stripped +401 -0
extra/yassl/taocrypt/src/Makefile.am
1.1 05/04/28 18:23:17 svoj@stripped +8 -0
extra/yassl/taocrypt/include/sha.hpp
1.1 05/04/28 18:23:17 svoj@stripped +65 -0
extra/yassl/taocrypt/include/runtime.hpp
1.1 05/04/28 18:23:17 svoj@stripped +91 -0
extra/yassl/taocrypt/src/aestables.cpp
1.0 05/04/28 18:23:17 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/aestables.cpp
extra/yassl/taocrypt/src/aes.cpp
1.0 05/04/28 18:23:17 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/aes.cpp
extra/yassl/taocrypt/src/Makefile.am
1.0 05/04/28 18:23:17 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/src/Makefile.am
extra/yassl/taocrypt/include/sha.hpp
1.0 05/04/28 18:23:17 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/sha.hpp
extra/yassl/taocrypt/include/runtime.hpp
1.0 05/04/28 18:23:17 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/runtime.hpp
extra/yassl/taocrypt/include/rsa.hpp
1.1 05/04/28 18:23:16 svoj@stripped +253 -0
extra/yassl/taocrypt/include/ripemd.hpp
1.1 05/04/28 18:23:16 svoj@stripped +63 -0
extra/yassl/taocrypt/include/random.hpp
1.1 05/04/28 18:23:16 svoj@stripped +87 -0
extra/yassl/taocrypt/include/modes.hpp
1.1 05/04/28 18:23:16 svoj@stripped +133 -0
extra/yassl/taocrypt/include/rsa.hpp
1.0 05/04/28 18:23:16 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/rsa.hpp
extra/yassl/taocrypt/include/ripemd.hpp
1.0 05/04/28 18:23:16 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/ripemd.hpp
extra/yassl/taocrypt/include/random.hpp
1.0 05/04/28 18:23:16 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/random.hpp
extra/yassl/taocrypt/include/modes.hpp
1.0 05/04/28 18:23:16 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/modes.hpp
extra/yassl/taocrypt/include/modarith.hpp
1.1 05/04/28 18:23:15 svoj@stripped +169 -0
extra/yassl/taocrypt/include/misc.hpp
1.1 05/04/28 18:23:15 svoj@stripped +776 -0
extra/yassl/taocrypt/include/md5.hpp
1.1 05/04/28 18:23:15 svoj@stripped +63 -0
extra/yassl/taocrypt/include/md2.hpp
1.1 05/04/28 18:23:15 svoj@stripped +67 -0
extra/yassl/taocrypt/include/integer.hpp
1.1 05/04/28 18:23:15 svoj@stripped +320 -0
extra/yassl/taocrypt/include/modarith.hpp
1.0 05/04/28 18:23:15 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/modarith.hpp
extra/yassl/taocrypt/include/misc.hpp
1.0 05/04/28 18:23:15 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/misc.hpp
extra/yassl/taocrypt/include/md5.hpp
1.0 05/04/28 18:23:15 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/md5.hpp
extra/yassl/taocrypt/include/md2.hpp
1.0 05/04/28 18:23:15 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/md2.hpp
extra/yassl/taocrypt/include/integer.hpp
1.0 05/04/28 18:23:15 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/integer.hpp
extra/yassl/taocrypt/include/hmac.hpp
1.1 05/04/28 18:23:14 svoj@stripped +128 -0
extra/yassl/taocrypt/include/hash.hpp
1.1 05/04/28 18:23:14 svoj@stripped +73 -0
extra/yassl/taocrypt/include/file.hpp
1.1 05/04/28 18:23:14 svoj@stripped +124 -0
extra/yassl/taocrypt/include/error.hpp
1.1 05/04/28 18:23:14 svoj@stripped +86 -0
extra/yassl/taocrypt/include/dsa.hpp
1.1 05/04/28 18:23:14 svoj@stripped +129 -0
extra/yassl/taocrypt/include/hmac.hpp
1.0 05/04/28 18:23:14 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/hmac.hpp
extra/yassl/taocrypt/include/hash.hpp
1.0 05/04/28 18:23:14 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/hash.hpp
extra/yassl/taocrypt/include/file.hpp
1.0 05/04/28 18:23:14 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/file.hpp
extra/yassl/taocrypt/include/error.hpp
1.0 05/04/28 18:23:14 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/error.hpp
extra/yassl/taocrypt/include/dsa.hpp
1.0 05/04/28 18:23:14 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/dsa.hpp
extra/yassl/taocrypt/include/dh.hpp
1.1 05/04/28 18:23:13 svoj@stripped +89 -0
extra/yassl/taocrypt/include/des.hpp
1.1 05/04/28 18:23:13 svoj@stripped +121 -0
extra/yassl/taocrypt/include/coding.hpp
1.1 05/04/28 18:23:13 svoj@stripped +94 -0
extra/yassl/taocrypt/include/block.hpp
1.1 05/04/28 18:23:13 svoj@stripped +211 -0
extra/yassl/taocrypt/include/dh.hpp
1.0 05/04/28 18:23:13 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/dh.hpp
extra/yassl/taocrypt/include/des.hpp
1.0 05/04/28 18:23:13 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/des.hpp
extra/yassl/taocrypt/include/coding.hpp
1.0 05/04/28 18:23:13 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/coding.hpp
extra/yassl/taocrypt/include/block.hpp
1.0 05/04/28 18:23:13 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/block.hpp
extra/yassl/taocrypt/include/asn.hpp
1.1 05/04/28 18:23:12 svoj@stripped +327 -0
extra/yassl/taocrypt/include/arc4.hpp
1.1 05/04/28 18:23:12 svoj@stripped +59 -0
extra/yassl/taocrypt/include/algebra.hpp
1.1 05/04/28 18:23:12 svoj@stripped +316 -0
extra/yassl/taocrypt/include/aes.hpp
1.1 05/04/28 18:23:12 svoj@stripped +89 -0
extra/yassl/taocrypt/Makefile.am
1.1 05/04/28 18:23:12 svoj@stripped +2 -0
extra/yassl/taocrypt/include/asn.hpp
1.0 05/04/28 18:23:12 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/asn.hpp
extra/yassl/taocrypt/include/arc4.hpp
1.0 05/04/28 18:23:12 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/arc4.hpp
extra/yassl/taocrypt/include/algebra.hpp
1.0 05/04/28 18:23:12 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/algebra.hpp
extra/yassl/taocrypt/include/aes.hpp
1.0 05/04/28 18:23:12 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/include/aes.hpp
extra/yassl/taocrypt/Makefile.am
1.0 05/04/28 18:23:12 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/taocrypt/Makefile.am
extra/yassl/src/yassl_int.cpp
1.1 05/04/28 18:23:11 svoj@stripped +1971 -0
extra/yassl/src/yassl_imp.cpp
1.1 05/04/28 18:23:11 svoj@stripped +2093 -0
extra/yassl/src/yassl_error.cpp
1.1 05/04/28 18:23:11 svoj@stripped +53 -0
extra/yassl/src/timer.cpp
1.1 05/04/28 18:23:11 svoj@stripped +82 -0
extra/yassl/src/yassl_int.cpp
1.0 05/04/28 18:23:11 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/yassl_int.cpp
extra/yassl/src/yassl_imp.cpp
1.0 05/04/28 18:23:11 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/yassl_imp.cpp
extra/yassl/src/yassl_error.cpp
1.0 05/04/28 18:23:11 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/yassl_error.cpp
extra/yassl/src/timer.cpp
1.0 05/04/28 18:23:11 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/timer.cpp
extra/yassl/src/ssl.cpp
1.1 05/04/28 18:23:10 svoj@stripped +1039 -0
extra/yassl/src/socket_wrapper.cpp
1.1 05/04/28 18:23:10 svoj@stripped +168 -0
extra/yassl/src/log.cpp
1.1 05/04/28 18:23:10 svoj@stripped +148 -0
extra/yassl/src/lock.cpp
1.1 05/04/28 18:23:10 svoj@stripped +90 -0
extra/yassl/src/handshake.cpp
1.1 05/04/28 18:23:10 svoj@stripped +1011 -0
extra/yassl/src/ssl.cpp
1.0 05/04/28 18:23:10 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/ssl.cpp
extra/yassl/src/socket_wrapper.cpp
1.0 05/04/28 18:23:10 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/socket_wrapper.cpp
extra/yassl/src/log.cpp
1.0 05/04/28 18:23:10 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/log.cpp
extra/yassl/src/lock.cpp
1.0 05/04/28 18:23:10 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/lock.cpp
extra/yassl/src/handshake.cpp
1.0 05/04/28 18:23:10 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/handshake.cpp
extra/yassl/src/crypto_wrapper.cpp
1.1 05/04/28 18:23:09 svoj@stripped +970 -0
extra/yassl/src/cert_wrapper.cpp
1.1 05/04/28 18:23:09 svoj@stripped +318 -0
extra/yassl/src/buffer.cpp
1.1 05/04/28 18:23:09 svoj@stripped +280 -0
extra/yassl/src/Makefile.am
1.1 05/04/28 18:23:09 svoj@stripped +8 -0
extra/yassl/src/crypto_wrapper.cpp
1.0 05/04/28 18:23:09 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/crypto_wrapper.cpp
extra/yassl/src/cert_wrapper.cpp
1.0 05/04/28 18:23:09 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/cert_wrapper.cpp
extra/yassl/src/buffer.cpp
1.0 05/04/28 18:23:09 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/buffer.cpp
extra/yassl/src/Makefile.am
1.0 05/04/28 18:23:09 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/src/Makefile.am
extra/yassl/mySTL/vector.hpp
1.1 05/04/28 18:23:08 svoj@stripped +154 -0
extra/yassl/mySTL/stdexcept.hpp
1.1 05/04/28 18:23:08 svoj@stripped +72 -0
extra/yassl/mySTL/pair.hpp
1.1 05/04/28 18:23:08 svoj@stripped +61 -0
extra/yassl/mySTL/memory.hpp
1.1 05/04/28 18:23:08 svoj@stripped +127 -0
extra/yassl/mySTL/list.hpp
1.1 05/04/28 18:23:08 svoj@stripped +374 -0
extra/yassl/mySTL/vector.hpp
1.0 05/04/28 18:23:08 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/vector.hpp
extra/yassl/mySTL/stdexcept.hpp
1.0 05/04/28 18:23:08 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/stdexcept.hpp
extra/yassl/mySTL/pair.hpp
1.0 05/04/28 18:23:08 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/pair.hpp
extra/yassl/mySTL/memory.hpp
1.0 05/04/28 18:23:08 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/memory.hpp
extra/yassl/mySTL/list.hpp
1.0 05/04/28 18:23:08 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/list.hpp
extra/yassl/mySTL/helpers.hpp
1.1 05/04/28 18:23:07 svoj@stripped +94 -0
extra/yassl/mySTL/algorithm.hpp
1.1 05/04/28 18:23:07 svoj@stripped +111 -0
extra/yassl/include/yassl_types.hpp
1.1 05/04/28 18:23:07 svoj@stripped +415 -0
extra/yassl/include/yassl_int.hpp
1.1 05/04/28 18:23:07 svoj@stripped +538 -0
extra/yassl/include/yassl_imp.hpp
1.1 05/04/28 18:23:07 svoj@stripped +742 -0
extra/yassl/mySTL/helpers.hpp
1.0 05/04/28 18:23:07 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/helpers.hpp
extra/yassl/mySTL/algorithm.hpp
1.0 05/04/28 18:23:07 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/mySTL/algorithm.hpp
extra/yassl/include/yassl_types.hpp
1.0 05/04/28 18:23:07 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/yassl_types.hpp
extra/yassl/include/yassl_int.hpp
1.0 05/04/28 18:23:07 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/yassl_int.hpp
extra/yassl/include/yassl_imp.hpp
1.0 05/04/28 18:23:07 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/yassl_imp.hpp
extra/yassl/include/yassl_error.hpp
1.1 05/04/28 18:23:06 svoj@stripped +78 -0
extra/yassl/include/timer.hpp
1.1 05/04/28 18:23:06 svoj@stripped +43 -0
extra/yassl/include/socket_wrapper.hpp
1.1 05/04/28 18:23:06 svoj@stripped +95 -0
extra/yassl/include/openssl/ssl.h
1.1 05/04/28 18:23:06 svoj@stripped +400 -0
extra/yassl/include/yassl_error.hpp
1.0 05/04/28 18:23:06 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/yassl_error.hpp
extra/yassl/include/timer.hpp
1.0 05/04/28 18:23:06 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/timer.hpp
extra/yassl/include/socket_wrapper.hpp
1.0 05/04/28 18:23:06 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/socket_wrapper.hpp
extra/yassl/include/openssl/ssl.h
1.0 05/04/28 18:23:06 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/ssl.h
extra/yassl/include/openssl/rsa.h
1.1 05/04/28 18:23:05 svoj@stripped +10 -0
extra/yassl/include/openssl/rand.h
1.1 05/04/28 18:23:05 svoj@stripped +2 -0
extra/yassl/include/openssl/opensslv.h
1.1 05/04/28 18:23:05 svoj@stripped +12 -0
extra/yassl/include/openssl/md5.h
1.1 05/04/28 18:23:05 svoj@stripped +1 -0
extra/yassl/include/openssl/lhash.h
1.1 05/04/28 18:23:05 svoj@stripped +2 -0
extra/yassl/include/openssl/rsa.h
1.0 05/04/28 18:23:05 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/rsa.h
extra/yassl/include/openssl/rand.h
1.0 05/04/28 18:23:05 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/rand.h
extra/yassl/include/openssl/opensslv.h
1.0 05/04/28 18:23:05 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/opensslv.h
extra/yassl/include/openssl/md5.h
1.0 05/04/28 18:23:05 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/md5.h
extra/yassl/include/openssl/lhash.h
1.0 05/04/28 18:23:05 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/lhash.h
extra/yassl/include/openssl/err.h
1.1 05/04/28 18:23:04 svoj@stripped +8 -0
extra/yassl/include/openssl/des.h
1.1 05/04/28 18:23:04 svoj@stripped +1 -0
extra/yassl/include/openssl/crypto.h
1.1 05/04/28 18:23:04 svoj@stripped +13 -0
extra/yassl/include/log.hpp
1.1 05/04/28 18:23:04 svoj@stripped +58 -0
extra/yassl/include/openssl/err.h
1.0 05/04/28 18:23:04 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/err.h
extra/yassl/include/openssl/des.h
1.0 05/04/28 18:23:04 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/des.h
extra/yassl/include/openssl/crypto.h
1.0 05/04/28 18:23:04 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/openssl/crypto.h
extra/yassl/include/log.hpp
1.0 05/04/28 18:23:04 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/log.hpp
extra/yassl/include/lock.hpp
1.1 05/04/28 18:23:03 svoj@stripped +90 -0
extra/yassl/include/handshake.hpp
1.1 05/04/28 18:23:03 svoj@stripped +72 -0
extra/yassl/include/factory.hpp
1.1 05/04/28 18:23:03 svoj@stripped +106 -0
extra/yassl/include/crypto_wrapper.hpp
1.1 05/04/28 18:23:03 svoj@stripped +418 -0
extra/yassl/include/cert_wrapper.hpp
1.1 05/04/28 18:23:03 svoj@stripped +124 -0
extra/yassl/include/lock.hpp
1.0 05/04/28 18:23:03 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/lock.hpp
extra/yassl/include/handshake.hpp
1.0 05/04/28 18:23:03 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/handshake.hpp
extra/yassl/include/factory.hpp
1.0 05/04/28 18:23:03 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/factory.hpp
extra/yassl/include/crypto_wrapper.hpp
1.0 05/04/28 18:23:03 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/crypto_wrapper.hpp
extra/yassl/include/cert_wrapper.hpp
1.0 05/04/28 18:23:03 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/cert_wrapper.hpp
extra/yassl/include/buffer.hpp
1.1 05/04/28 18:23:02 svoj@stripped +207 -0
extra/yassl/README
1.1 05/04/28 18:23:02 svoj@stripped +263 -0
extra/yassl/NEWS
1.1 05/04/28 18:23:02 svoj@stripped +0 -0
extra/yassl/Makefile.am
1.1 05/04/28 18:23:02 svoj@stripped +2 -0
extra/yassl/INSTALL
1.1 05/04/28 18:23:02 svoj@stripped +229 -0
extra/yassl/include/buffer.hpp
1.0 05/04/28 18:23:02 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/include/buffer.hpp
extra/yassl/README
1.0 05/04/28 18:23:02 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/README
extra/yassl/NEWS
1.0 05/04/28 18:23:02 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/NEWS
extra/yassl/Makefile.am
1.0 05/04/28 18:23:02 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/Makefile.am
extra/yassl/INSTALL
1.0 05/04/28 18:23:02 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/INSTALL
extra/yassl/ChangeLog
1.1 05/04/28 18:23:01 svoj@stripped +0 -0
extra/yassl/AUTHORS
1.1 05/04/28 18:23:01 svoj@stripped +0 -0
config/ac-macros/yassl.m4
1.1 05/04/28 18:23:01 svoj@stripped +33 -0
BUILD/compile-pentium-debug-yassl
1.1 05/04/28 18:23:01 svoj@stripped +13 -0
include/violite.h
1.42 05/04/28 18:23:01 svoj@stripped +1 -0
YASSL_MYSQL_COMPATIBLE macro must be defined to make yassl headers compatible.
extra/yassl/ChangeLog
1.0 05/04/28 18:23:01 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/ChangeLog
extra/yassl/AUTHORS
1.0 05/04/28 18:23:01 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/extra/yassl/AUTHORS
extra/Makefile.am
1.24 05/04/28 18:23:01 svoj@stripped +1 -0
yaSSL added to distribution.
config/ac-macros/yassl.m4
1.0 05/04/28 18:23:01 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/config/ac-macros/yassl.m4
BUILD/compile-pentium-debug-yassl
1.0 05/04/28 18:23:01 svoj@stripped +0 -0
BitKeeper file /home/svoj/devel/mysql/yassl-mysql-5.0/BUILD/compile-pentium-debug-yassl
configure.in
1.278 05/04/28 18:23:00 svoj@stripped +2 -0
yaSSL CHECK-function call.
Makefile.am
1.67 05/04/28 18:23:00 svoj@stripped +1 -1
Added yassl_dir to SUBDIRS. It contains path to yassl distribution if --with-yassl
specified. It is empty otherwise.
BUILD/Makefile.am
1.6 05/04/28 18:23:00 svoj@stripped +1 -0
compile-pentium-debug-yassl added to distribution.
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: svoj
# Host: svoj.pils.ru
# Root: /home/svoj/devel/mysql/yassl-mysql-5.0
--- 1.66/Makefile.am 2005-03-17 04:22:48 +04:00
+++ 1.67/Makefile.am 2005-04-28 18:23:00 +05:00
@@ -20,7 +20,7 @@
# These are built from source in the Docs directory
EXTRA_DIST = INSTALL-SOURCE README COPYING EXCEPTIONS-CLIENT
-SUBDIRS = . include @docs_dirs@ @zlib_dir@ \
+SUBDIRS = . include @docs_dirs@ @zlib_dir@ @yassl_dir@ \
@readline_topdir@ sql-common \
@thread_dirs@ pstack \
@sql_union_dirs@ scripts man tests \
--- 1.277/configure.in 2005-03-30 00:06:19 +05:00
+++ 1.278/configure.in 2005-04-28 18:23:00 +05:00
@@ -48,6 +48,7 @@
sinclude(config/ac-macros/misc.m4)
sinclude(config/ac-macros/openssl.m4)
sinclude(config/ac-macros/readline.m4)
+sinclude(config/ac-macros/yassl.m4)
sinclude(config/ac-macros/zlib.m4)
# Remember to add a directory sql/share/LANGUAGE
@@ -2226,6 +2227,7 @@
#MYSQL_CHECK_CPU
MYSQL_CHECK_VIO
MYSQL_CHECK_OPENSSL
+MYSQL_CHECK_YASSL
libmysqld_dirs=
if test "$with_embedded_server" = "yes"
--- 1.23/extra/Makefile.am 2005-03-17 04:22:48 +04:00
+++ 1.24/extra/Makefile.am 2005-04-28 18:23:01 +05:00
@@ -24,6 +24,7 @@
$(top_builddir)/include/mysqld_ername.h
pkginclude_HEADERS= $(BUILT_SOURCES)
CLEANFILES = $(BUILT_SOURCES)
+DIST_SUBDIRS= yassl
# This will build mysqld_error.h and sql_state.h
$(top_builddir)/include/mysqld_error.h: comp_err
--- 1.41/include/violite.h 2005-03-30 17:51:38 +05:00
+++ 1.42/include/violite.h 2005-04-28 18:23:01 +05:00
@@ -99,6 +99,7 @@
#endif
#define HEADER_DES_LOCL_H dummy_something
+#define YASSL_MYSQL_COMPATIBLE
#include <openssl/ssl.h>
#include <openssl/err.h>
--- 1.5/BUILD/Makefile.am 2004-07-24 11:02:55 +05:00
+++ 1.6/BUILD/Makefile.am 2005-04-28 18:23:00 +05:00
@@ -29,6 +29,7 @@
compile-pentium-debug-max \
compile-pentium-debug-no-bdb \
compile-pentium-debug-openssl \
+ compile-pentium-debug-yassl \
compile-pentium-gcov \
compile-pentium-gprof \
compile-pentium-max \
--- New file ---
+++ BUILD/compile-pentium-debug-yassl 05/04/28 18:23:01
#! /bin/sh
path=`dirname $0`
. "$path/SETUP.sh"
extra_flags="$pentium_cflags $debug_cflags"
c_warnings="$c_warnings $debug_extra_warnings"
cxx_warnings="$cxx_warnings $debug_extra_warnings"
extra_configs="$pentium_configs $debug_configs"
extra_configs="$extra_configs --with-debug=full --with-yassl"
. "$path/FINISH.sh"
--- New file ---
+++ config/ac-macros/yassl.m4 05/04/28 18:23:01
AC_CONFIG_FILES(extra/yassl/Makefile dnl
extra/yassl/taocrypt/Makefile dnl
extra/yassl/taocrypt/src/Makefile dnl
extra/yassl/src/Makefile)
AC_DEFUN([MYSQL_CHECK_YASSL], [
AC_MSG_CHECKING(for yaSSL)
AC_ARG_WITH([yassl],
[ --with-yassl Include the yaSSL support],
[yassl=yes],
[yassl=no])
if test "$yassl" = "yes"
then
if test "$openssl" != "no"
then
AC_MSG_ERROR([Cannot configure MySQL to use yaSSL and OpenSSL simultaneously.])
fi
AC_MSG_RESULT([using bundled yaSSL])
yassl_dir="extra/yassl"
openssl_libs="\
\$(top_builddir)/extra/yassl/src/libyassl.a\
\$(top_builddir)/extra/yassl/taocrypt/src/libtaocrypt.a"
openssl_includes="-I\$(top_srcdir)/extra/yassl/include"
AC_DEFINE([HAVE_OPENSSL], [1], [Defined by configure. Using yaSSL for OpenSSL emulation.])
else
yassl_dir=""
AC_MSG_RESULT(no)
fi
AC_SUBST(openssl_libs)
AC_SUBST(openssl_includes)
AC_SUBST(yassl_dir)
])
--- New file ---
+++ extra/yassl/AUTHORS 05/04/28 18:23:01
--- New file ---
+++ extra/yassl/ChangeLog 05/04/28 18:23:01
--- New file ---
+++ extra/yassl/INSTALL 05/04/28 18:23:02
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. (Caching is
disabled by default to prevent problems with accidental use of stale
cache files.)
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You only need
`configure.ac' if you want to change it or regenerate `configure' using
a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not support the `VPATH'
variable, you have to compile the package for one architecture at a
time in the source code directory. After you have installed the
package for one architecture, use `make distclean' before reconfiguring
for another architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the `--target=TYPE' option to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
will cause the specified gcc to be used as the C compiler (unless it is
overridden in the site shell script).
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
--- New file ---
+++ extra/yassl/Makefile.am 05/04/28 18:23:02
SUBDIRS = taocrypt src
EXTRA_DIST = yassl.dsp yassl.dsw mySTL/*.hpp
--- New file ---
+++ extra/yassl/NEWS 05/04/28 18:23:02
--- New file ---
+++ extra/yassl/README 05/04/28 18:23:02
yaSSL Release notes, version 0.9.6
This release of yaSSL contains minor bug fixes, removal of STL support, and
removal of exceptions and rtti so that the library can be linked without the
std c++ library.
--To build on Linux, Solaris, FreeBSD, Mac OS X, or Cygwin
./configure
make
run testsuite from yaSSL-Home/testsuite to test the build
--To build on Win32
Choose (Re)Build All from the project workspace
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
******************yaSSL Release notes, version 0.9.2
This release of yaSSL contains minor bug fixes, expanded certificate
verification and chaining, and improved documentation.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.9.0
This release of yaSSL contains minor bug fixes, client verification handling,
hex and base64 encoing/decoding, and an improved test suite.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.8.0
This release of yaSSL contains minor bug fixes, and initial porting effort to
64bit, BigEndian, and more UNIX systems.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.6.0
This release of yaSSL contains minor bug fixes, source cleanup, and binary beta
(1) of the yaSSL libraries.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.5.0
This release of yaSSL contains minor bug fixes, full session resumption
support, and initial testing suite support.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.4.0
This release of yaSSL contains minor bug fixes, an optional memory tracker,
an echo client and server with input/output redirection for load testing,
and initial session caching support.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.3.5
This release of yaSSL contains minor bug fixes and extensions to the crypto
library including a full test suite.
*******************yaSSL Release notes, version 0.3.0
This release of yaSSL contains minor bug fixes and extensions to the crypto
library including AES and an improved random number generator. GNU autoconf
and automake are now used to simplify the build process on Linux.
*** Linux Build process
./configure
make
*** Windows Build process
open the yassl workspace and build the project
*******************yaSSL Release notes, version 0.2.9
This release of yaSSL contains minor bug fixes and extensions to the crypto
library.
See the notes at the bottom of this page for build instructions.
*******************yaSSL Release notes, version 0.2.5
This release of yaSSL contains minor bug fixes and a beta binary of the yaSSL
libraries for win32 and linux.
See the notes at the bottom of this page for build instructions.
*******************yaSSL Release notes, version 0.2.0
This release of yaSSL contains minor bug fixes and initial alternate crypto
functionality.
*** Complete Build ***
See the notes in Readme.txt for build instructions.
*** Update Build ***
If you have already done a complete build of yaSSL as described in the release
0.0.1 - 0.1.0 notes and downloaded the update to 0.2.0, place the update file
yassl-update-0.2.0.tar.gz in the yaSSL home directory and issue the command:
gzip -cd yassl-update-0.2.0.tar.gz | tar xvf -
to update the previous release.
Then issue the make command on linux or rebuild the yaSSL project on Windows.
*******************yaSSL Release notes, version 0.1.0
This release of yaSSL contains minor bug fixes, full client and server TLSv1
support including full ephemeral Diffie-Hellman support, SSL type RSA and DSS
signing and verification, and initial stunnel 4.05 build support.
*********************yaSSL Release notes, version 0.0.3
The third release of yaSSL contains minor bug fixes, client certificate
enhancements, and initial ephemeral Diffie-Hellman integration:
*********************
yaSSL Release notes, version 0.0.2
The second release of yaSSL contains minor bug fixes, client certificate
enhancements, session resumption, and improved TLS support including:
- HMAC for MD5 and SHA-1
- PRF (pseudo random function)
- Master Secret and Key derivation routines
- Record Authentication codes
- Finish verify data check
Once ephemeral RSA and DH are added yaSSL will be fully complaint with TLS.
**********************
yassl Release notes, version 0.0.1
The first release of yassl supports normal RSA mode SSLv3 connections with
support for SHA-1 and MD5 digests. Ciphers include DES, 3DES, and RC4.
yassl uses the CryptoPP library for cryptography, the source is available at
www.cryptopp.com .
yassl uses CML (the Certificate Management Library) for x509 support. More
features will be in future versions. The CML source is available for download
from www.digitalnet.com/knowledge/cml_home.htm .
The next release of yassl will support the 3 lesser-used SSL connection modes;
HandShake resumption, Ephemeral RSA (or DH), and Client Authentication as well
as full support for TLS. Backwards support for SSLv2 is not planned at this
time.
**********************
Building yassl on linux:
use the ./buildall script to build everything.
buildall will configure and build CML, CryptoPP, and yassl. Testing was
preformed with gcc version 3.3.2 on kernel 2.4.22.
**********************
Building yassl on Windows:
Testing was preformed on Windows 2000 with Visual C++ 6 sp5.
1) decompress esnacc_r16.tgz in place, see buildall for syntax if unsure
2) decompress smp_r23.tgz in place
3) unzip cryptopp51/crypto51.zip in place
4) Build SNACC (part of CML) using snacc_builds.dsw in the SNACC directory
5) Build SMP (part of CMP) using smp.dsw in the smp directory
6) Build yassl using yassl.dsw
**********************
examples, server and client:
Please see the server and client examples in both versions to see how to link
to yassl and the support libraries. On linux do 'make server' and 'make
client' to build them. On Windows you will find the example projects in the
main workspace, yassl.dsw.
The example server and client are compatible with openssl.
**********************
Building yassl into mysql on linux:
Testing was done using mysql version 4.0.17.
alter openssl_libs in the configure file, line 21056. Change '-lssl -lcrypto'
to '-lyassl -lcryptopp -lcmapi -lcmlasn -lctil -lc++asn1'.
see build/config_command for the configure command used to configure mysql
please change /home/touska/ to the relevant directory of course.
add yassl/lib to the LD_LIBRARY_PATH because libmysql/conf_to_src does not
use the ssl lib directory though it does use the ssl libraries.
make
make install
*********************
License: yassl is currently under the GPL, please see license information
in the source and include files.
*********************
Contact: please send comments or questions to Todd A Ouska at todd@stripped
and/or Larry Stefonic at larry@stripped or 425-741-6858.
--- New file ---
+++ extra/yassl/include/buffer.hpp 05/04/28 18:23:02
/* buffer.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL buffer header defines input and output buffers to simulate streaming
* with SSL types and sockets
*/
#ifndef yaSSL_BUFFER_HPP
#define yaSSL_BUFFER_HPP
#include <cassert> // assert
#include "yassl_error.hpp" // Error
#include "memory.hpp" // mySTL::auto_ptr
#include "algorithm.hpp" // mySTL::swap
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
namespace yaSSL {
typedef unsigned char byte;
typedef unsigned int uint;
const uint AUTO = 0xFEEDBEEF;
// Checking Policy should implement a check function that tests whether the
// index is within the size limit of the array
struct Check {
void check(uint i, uint limit);
};
struct NoCheck {
void check(uint, uint);
};
/* input_buffer operates like a smart c style array with a checking option,
* meant to be read from through [] with AUTO index or read().
* Should only write to at/near construction with assign() or raw (e.g., recv)
* followed by add_size with the number of elements added by raw write.
*
* Not using vector because need checked []access, offset, and the ability to
* write to the buffer bulk wise and have the correct size
*/
class input_buffer : public Check {
uint size_; // number of elements in buffer
uint current_; // current offset position in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
public:
input_buffer();
explicit input_buffer(uint s);
// with assign
input_buffer(uint s, const byte* t, uint len);
~input_buffer();
// users can pass defualt zero length buffer and then allocate
void allocate(uint s);
// for passing to raw writing functions at beginning, then use add_size
byte* get_buffer() const;
// after a raw write user can set new size
// if you know the size before the write use assign()
void add_size(uint i);
uint get_capacity() const;
uint get_current() const;
uint get_size() const;
uint get_remaining() const;
void set_current(uint i);
// read only access through [], advance current
// user passes in AUTO index for ease of use
const byte& operator[](uint i);
// end of input test
bool eof();
// peek ahead
byte peek() const;
// write function, should use at/near construction
void assign(const byte* t, uint s);
// use read to query input, adjusts current
void read(byte* dst, uint length);
private:
input_buffer(const input_buffer&); // hide copy
input_buffer& operator=(const input_buffer&); // and assign
};
/* output_buffer operates like a smart c style array with a checking option.
* Meant to be written to through [] with AUTO index or write().
* Size (current) counter increases when written to. Can be constructed with
* zero length buffer but be sure to allocate before first use.
* Don't use add write for a couple bytes, use [] instead, way less overhead.
*
* Not using vector because need checked []access and the ability to
* write to the buffer bulk wise and retain correct size
*/
class output_buffer : public Check {
uint current_; // current offset and elements in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
public:
// default
output_buffer();
// with allocate
explicit output_buffer(uint s);
// with assign
output_buffer(uint s, const byte* t, uint len);
~output_buffer();
uint get_size() const;
uint get_capacity() const;
void set_current(uint c);
// users can pass defualt zero length buffer and then allocate
void allocate(uint s);
// for passing to reading functions when finished
const byte* get_buffer() const;
// allow write access through [], update current
// user passes in AUTO as index for ease of use
byte& operator[](uint i);
// end of output test
bool eof();
void write(const byte* t, uint s);
private:
output_buffer(const output_buffer&); // hide copy
output_buffer& operator=(const output_buffer&); // and assign
};
// turn delete an incomplete type into comipler error instead of warning
template <typename T>
inline void checked_delete(T* p)
{
typedef char complete_type[sizeof(T) ? 1 : -1];
(void)sizeof(complete_type);
delete p;
}
// checked delete functor increases effeciency, no indirection on function call
// sets pointer to zero so safe for std conatiners
struct del_ptr_zero
{
template <typename T>
void operator()(T*& p) const
{
T* tmp = 0;
mySTL::swap(tmp, p);
checked_delete(tmp);
}
};
} // naemspace
#endif // yaSSL_BUUFER_HPP
--- New file ---
+++ extra/yassl/include/cert_wrapper.hpp 05/04/28 18:23:03
/* cert_wrapper.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The certificate wrapper header defines certificate management functions
*
*/
#ifndef yaSSL_CERT_WRAPPER_HPP
#define yaSSL_CERT_WRAPPER_HPP
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
#include "yassl_types.hpp" // SignatureAlgorithm
#include "buffer.hpp" // input_buffer
#include "asn.hpp" // SignerList
#include "list.hpp" // mySTL::list
#include "algorithm.hpp" // mySTL::for_each
namespace yaSSL {
typedef unsigned char opaque;
class X509; // forward openSSL type
using TaoCrypt::SignerList;
// an x509 version 3 certificate
class x509 {
uint length_;
opaque* buffer_;
public:
explicit x509(uint sz);
~x509();
uint get_length() const;
const opaque* get_buffer() const;
opaque* use_buffer();
x509(const x509&);
x509& operator=(const x509&);
private:
void Swap(x509&);
};
// Certificate Manager keeps a list of the cert chain and public key
class CertManager {
typedef mySTL::list<x509*> CertList;
CertList list_; // self
input_buffer privateKey_;
CertList peerList_; // peer
input_buffer peerPublicKey_;
X509* peerX509_; // peer's openSSL X509
SignatureAlgorithm keyType_; // self key type
SignatureAlgorithm peerKeyType_; // peer's key type
SignerList signers_; // decoded CA keys and names
// plus verified chained certs
bool verifyPeer_;
bool failNoCert_;
bool sendVerify_;
public:
CertManager();
~CertManager();
void AddPeerCert(x509* x); // take ownership
void CopySelfCert(const x509* x);
int CopyCaCert(const x509* x);
int Validate();
int SetPrivateKey(const x509&);
const x509* get_cert() const;
const opaque* get_peerKey() const;
const opaque* get_privateKey() const;
X509* get_peerX509() const;
SignatureAlgorithm get_keyType() const;
SignatureAlgorithm get_peerKeyType() const;
uint get_peerKeyLength() const;
uint get_privateKeyLength() const;
bool verifyPeer() const;
bool failNoCert() const;
bool sendVerify() const;
void setVerifyPeer();
void setFailNoCert();
void setSendVerify();
private:
CertManager(const CertManager&); // hide copy
CertManager& operator=(const CertManager&); // and assign
};
} // naemspace
#endif // yaSSL_CERT_WRAPPER_HPP
--- New file ---
+++ extra/yassl/include/crypto_wrapper.hpp 05/04/28 18:23:03
/* crypto_wrapper.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The crypto wrapper header is used to define policies for the cipher
* components used by SSL. There are 3 policies to consider:
*
* 1) MAC, the Message Authentication Code used for each Message
* 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message
* 3) Atuhentication, the Digitial Signing/Verifiaction scheme used
*
* This header doesn't rely on a specific crypto libraries internals,
* only the implementation should.
*/
#ifndef yaSSL_CRYPTO_WRAPPER_HPP
#define yaSSL_CRYPTO_WRAPPER_HPP
#include "yassl_types.hpp"
namespace yaSSL {
// Digest policy should implement a get_digest, update, and get sizes for pad and
// digest
struct Digest {
virtual void get_digest(byte*) = 0;
virtual void get_digest(byte*, const byte*, unsigned int) = 0;
virtual void update(const byte*, unsigned int) = 0;
virtual uint get_digestSize() const = 0;
virtual uint get_padSize() const = 0;
virtual ~Digest() {}
};
// For use with NULL Digests
struct NO_MAC : public Digest {
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
};
// MD5 Digest
class MD5 : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
MD5();
~MD5();
MD5(const MD5&);
MD5& operator=(const MD5&);
private:
struct MD5Impl;
MD5Impl* pimpl_;
};
// SHA-1 Digest
class SHA : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
SHA();
~SHA();
SHA(const SHA&);
SHA& operator=(const SHA&);
private:
struct SHAImpl;
SHAImpl* pimpl_;
};
// RIPEMD-160 Digest
class RMD : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
RMD();
~RMD();
RMD(const RMD&);
RMD& operator=(const RMD&);
private:
struct RMDImpl;
RMDImpl* pimpl_;
};
// HMAC_MD5
class HMAC_MD5 : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_MD5(const byte*, unsigned int);
~HMAC_MD5();
private:
struct HMAC_MD5Impl;
HMAC_MD5Impl* pimpl_;
HMAC_MD5(const HMAC_MD5&);
HMAC_MD5& operator=(const HMAC_MD5&);
};
// HMAC_SHA-1
class HMAC_SHA : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_SHA(const byte*, unsigned int);
~HMAC_SHA();
private:
struct HMAC_SHAImpl;
HMAC_SHAImpl* pimpl_;
HMAC_SHA(const HMAC_SHA&);
HMAC_SHA& operator=(const HMAC_SHA&);
};
// HMAC_RMD
class HMAC_RMD : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_RMD(const byte*, unsigned int);
~HMAC_RMD();
private:
struct HMAC_RMDImpl;
HMAC_RMDImpl* pimpl_;
HMAC_RMD(const HMAC_RMD&);
HMAC_RMD& operator=(const HMAC_RMD&);
};
// BulkCipher policy should implement encrypt, decrypt, get block size,
// and set keys for encrypt and decrypt
struct BulkCipher {
virtual void encrypt(byte*, const byte*, unsigned int) = 0;
virtual void decrypt(byte*, const byte*, unsigned int) = 0;
virtual void set_encryptKey(const byte*, const byte* = 0) = 0;
virtual void set_decryptKey(const byte*, const byte* = 0) = 0;
virtual uint get_blockSize() const = 0;
virtual int get_keySize() const = 0;
virtual int get_ivSize() const = 0;
virtual ~BulkCipher() {}
};
// For use with NULL Ciphers
struct NO_Cipher : public BulkCipher {
void encrypt(byte*, const byte*, unsigned int) {}
void decrypt(byte*, const byte*, unsigned int) {}
void set_encryptKey(const byte*, const byte*) {}
void set_decryptKey(const byte*, const byte*) {}
uint get_blockSize() const { return 0; }
int get_keySize() const { return 0; }
int get_ivSize() const { return 0; }
};
// SSLv3 and TLSv1 always use DES in CBC mode so IV is required
class DES : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return DES_BLOCK; }
int get_keySize() const { return DES_KEY_SZ; }
int get_ivSize() const { return DES_IV_SZ; }
DES();
~DES();
private:
struct DESImpl;
DESImpl* pimpl_;
DES(const DES&); // hide copy
DES& operator=(const DES&); // & assign
};
// 3DES Encrypt-Decrypt-Encrypt in CBC mode
class DES_EDE : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return DES_BLOCK; }
int get_keySize() const { return DES_EDE_KEY_SZ; }
int get_ivSize() const { return DES_IV_SZ; }
DES_EDE();
~DES_EDE();
private:
struct DES_EDEImpl;
DES_EDEImpl* pimpl_;
DES_EDE(const DES_EDE&); // hide copy
DES_EDE& operator=(const DES_EDE&); // & assign
};
// Alledged RC4
class RC4 : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return 0; }
int get_keySize() const { return RC4_KEY_SZ; }
int get_ivSize() const { return 0; }
RC4();
~RC4();
private:
struct RC4Impl;
RC4Impl* pimpl_;
RC4(const RC4&); // hide copy
RC4& operator=(const RC4&); // & assign
};
// AES
class AES : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return AES_BLOCK_SZ; }
int get_keySize() const;
int get_ivSize() const { return AES_IV_SZ; }
explicit AES(unsigned int = AES_128_KEY_SZ);
~AES();
private:
struct AESImpl;
AESImpl* pimpl_;
AES(const AES&); // hide copy
AES& operator=(const AES&); // & assign
};
// Random number generator
class RandomPool {
public:
void Fill(opaque* dst, uint sz) const;
RandomPool();
~RandomPool();
int GetError() const;
friend class RSA;
friend class DSS;
friend class DiffieHellman;
private:
struct RandomImpl;
RandomImpl* pimpl_;
RandomPool(const RandomPool&); // hide copy
RandomPool& operator=(const RandomPool&); // & assign
};
// Authentication policy should implement sign, and verify
struct Auth {
virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0;
virtual bool verify(const byte*, unsigned int, const byte*,
unsigned int) = 0;
virtual uint get_signatureLength() const = 0;
virtual ~Auth() {}
};
// For use with NULL Authentication schemes
struct NO_Auth : public Auth {
void sign(byte*, const byte*, unsigned int, const RandomPool&) {}
bool verify(const byte*, unsigned int, const byte*, unsigned int)
{ return true; }
};
// Digitial Signature Standard scheme
class DSS : public Auth {
public:
void sign(byte*, const byte*, unsigned int, const RandomPool&);
bool verify(const byte*, unsigned int, const byte*, unsigned int);
uint get_signatureLength() const;
DSS(const byte*, unsigned int, bool publicKey = true);
~DSS();
private:
struct DSSImpl;
DSSImpl* pimpl_;
DSS(const DSS&);
DSS& operator=(const DSS&);
};
// RSA Authentication and exchange
class RSA : public Auth {
public:
void sign(byte*, const byte*, unsigned int, const RandomPool&);
bool verify(const byte*, unsigned int, const byte*, unsigned int);
void encrypt(byte*, const byte*, unsigned int, const RandomPool&);
void decrypt(byte*, const byte*, unsigned int, const RandomPool&);
uint get_signatureLength() const;
uint get_cipherLength() const;
RSA(const byte*, unsigned int, bool publicKey = true);
~RSA();
private:
struct RSAImpl;
RSAImpl* pimpl_;
RSA(const RSA&); // hide copy
RSA& operator=(const RSA&); // & assing
};
class Integer;
// Diffie-Hellman agreement
// hide for now TODO: figure out a way to give access to C clients p and g args
class DiffieHellman {
public:
DiffieHellman(const byte*, unsigned int, const byte*, unsigned int,
const byte*, unsigned int, const RandomPool& random);
//DiffieHellman(const char*, const RandomPool&);
DiffieHellman(const Integer&, const Integer&, const RandomPool&);
~DiffieHellman();
DiffieHellman(const DiffieHellman&);
DiffieHellman& operator=(const DiffieHellman&);
uint get_agreedKeyLength() const;
const byte* get_agreedKey() const;
const byte* get_publicKey() const;
void makeAgreement(const byte*);
void set_sizes(int&, int&, int&) const;
void get_parms(byte*, byte*, byte*) const;
private:
struct DHImpl;
DHImpl* pimpl_;
};
// Lagrge Integer
class Integer {
public:
Integer();
~Integer();
Integer(const Integer&);
Integer& operator=(const Integer&);
void assign(const byte*, unsigned int);
friend class DiffieHellman;
private:
struct IntegerImpl;
IntegerImpl* pimpl_;
};
class x509;
x509* PemToDer(const char*, CertType);
} // naemspace
#endif // yaSSL_CRYPTO_WRAPPER_HPP
--- New file ---
+++ extra/yassl/include/factory.hpp 05/04/28 18:23:03
/* factory.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The factory header defines an Object Factory, used by SSL message and
* handshake types.
*
* See Desgin Pattern in GoF and Alexandrescu's chapter in Modern C++ Design,
* page 208
*/
#ifndef yaSSL_FACTORY_HPP
#define yaSSL_FACTORY_HPP
#include "vector.hpp"
#include "pair.hpp"
#include "yassl_error.hpp"
// VC60 workaround: it doesn't allow typename in some places
#if defined(_MSC_VER) && (_MSC_VER < 1300)
#define CPP_TYPENAME
#else
#define CPP_TYPENAME typename
#endif
namespace yaSSL {
// Factory uses its callback map to create objects by id,
// returning an abstract base pointer
template<class AbstractProduct,
typename IdentifierType = int,
typename ProductCreator = AbstractProduct* (*)()
>
class Factory {
typedef mySTL::pair<IdentifierType, ProductCreator> CallBack;
typedef mySTL::vector<CallBack> CallBackVector;
CallBackVector callbacks_;
public:
// pass function pointer to register all callbacks upon creation
explicit Factory(void (*init)(Factory<AbstractProduct, IdentifierType,
ProductCreator>&))
{
init(*this);
}
// reservce place in vector before registering, used by init funcion
void Reserve(size_t sz)
{
callbacks_.reserve(sz);
}
// register callback
void Register(const IdentifierType& id, ProductCreator pc)
{
callbacks_.push_back(mySTL::make_pair(id, pc));
}
// THE Creator, returns a new object of the proper type or 0
AbstractProduct* CreateObject(const IdentifierType& id) const
{
const CallBack* first = callbacks_.begin();
const CallBack* last = callbacks_.end();
while (first != last) {
if (first->first == id)
break;
++first;
}
if (first == callbacks_.end())
return 0;
return (first->second)();
}
private:
Factory(const Factory&); // hide copy
Factory& operator=(const Factory&); // and assign
};
} // naemspace
#endif // yaSSL_FACTORY_HPP
--- New file ---
+++ extra/yassl/include/handshake.hpp 05/04/28 18:23:03
/* handshake.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The handshake header declares function prototypes for creating and reading
* the various handshake messages.
*/
#ifndef yaSSL_HANDSHAKE_HPP
#define yaSSL_HANDSHAKE_HPP
#include "yassl_types.hpp"
namespace yaSSL {
// forward decls
class SSL;
class Finished;
class Data;
class Alert;
struct Hashes;
enum BufferOutput { buffered, unbuffered };
void sendClientHello(SSL&);
void sendServerHello(SSL&, BufferOutput = buffered);
void sendServerHelloDone(SSL&, BufferOutput = buffered);
void sendClientKeyExchange(SSL&, BufferOutput = buffered);
void sendServerKeyExchange(SSL&, BufferOutput = buffered);
void sendChangeCipher(SSL&, BufferOutput = buffered);
void sendFinished(SSL&, ConnectionEnd, BufferOutput = buffered);
void sendCertificate(SSL&, BufferOutput = buffered);
void sendCertificateRequest(SSL&, BufferOutput = buffered);
void sendCertificateVerify(SSL&, BufferOutput = buffered);
int sendData(SSL&, const void*, int);
int sendAlert(SSL& ssl, const Alert& alert);
int receiveData(SSL&, Data&);
void processReply(SSL&);
void buildFinished(SSL&, Finished&, const opaque*);
void build_certHashes(SSL&, Hashes&);
void hmac(SSL&, byte*, const byte*, uint, ContentType, bool verify = false);
void TLS_hmac(SSL&, byte*, const byte*, uint, ContentType,
bool verify = false);
void PRF(byte* digest, uint digLen, const byte* secret, uint secLen,
const byte* label, uint labLen, const byte* seed, uint seedLen);
} // naemspace
#endif // yaSSL_HANDSHAKE_HPP
--- New file ---
+++ extra/yassl/include/lock.hpp 05/04/28 18:23:03
/* lock.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks
* automatically upon exit, no-ops provided for Single Threaded
*/
#ifndef yaSSL_LOCK_HPP
#define yaSSL_LOCK_HPP
namespace yaSSL {
#ifdef MULTI_THREADED
#ifdef WIN32
#include <windows.h>
class Mutex {
CRITICAL_SECTION cs_;
public:
Mutex();
~Mutex();
class Lock;
friend class Lock;
class Lock {
Mutex& mutex_;
public:
explicit Lock(Mutex& lm);
~Lock();
};
};
#else // WIN32
#include <pthread.h>
class Mutex {
pthread_mutex_t mutex_;
public:
Mutex();
~Mutex();
class Lock;
friend class Lock;
class Lock {
Mutex& mutex_;
public:
explicit Lock(Mutex& lm);
~Lock();
};
};
#endif // WIN32
#else // MULTI_THREADED (WE'RE SINGLE)
class Mutex {
public:
class Lock {
public:
explicit Lock(Mutex&) {}
};
};
#endif // MULTI_THREADED
} // namespace
#endif // yaSSL_LOCK_HPP
--- New file ---
+++ extra/yassl/include/log.hpp 05/04/28 18:23:04
/* log.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL log interface
*
*/
#ifndef yaSSL_LOG_HPP
#define yaSSL_LOG_HPP
#include "socket_wrapper.hpp"
#ifdef YASSL_LOG
#include <cstdio>
#endif
namespace yaSSL {
typedef unsigned int uint;
// Debug logger
class Log {
#ifdef YASSL_LOG
FILE* log_;
#endif
public:
explicit Log(const char* str = "yaSSL.log");
~Log();
void Trace(const char*);
void ShowTCP(socket_t, bool ended = false);
void ShowData(uint, bool sent = false);
};
} // naemspace
#endif // yaSSL_LOG_HPP
--- New file ---
+++ extra/yassl/include/openssl/crypto.h 05/04/28 18:23:04
/* crypto.h for openSSL */
#ifndef ysSSL_crypto_h__
#define yaSSL_crypto_h__
const char* SSLeay_version(int type);
#define SSLEAY_VERSION 0x0900L
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#endif /* yaSSL_crypto_h__ */
--- New file ---
+++ extra/yassl/include/openssl/des.h 05/04/28 18:23:04
/* des.h for openssl */
--- New file ---
+++ extra/yassl/include/openssl/err.h 05/04/28 18:23:04
/* err.h for openssl */
#ifndef ysSSL_err_h__
#define yaSSL_err_h__
#endif /* yaSSL_err_h__ */
--- New file ---
+++ extra/yassl/include/openssl/lhash.h 05/04/28 18:23:05
/* lhash.h for openSSL */
--- New file ---
+++ extra/yassl/include/openssl/md5.h 05/04/28 18:23:05
/* md5.h for openssl */
--- New file ---
+++ extra/yassl/include/openssl/opensslv.h 05/04/28 18:23:05
/* opensslv.h compatibility */
#ifndef yaSSL_opensslv_h__
#define yaSSL_opensslv_h__
/* api version compatibility */
#define OPENSSL_VERSION_NUMBER 0x0090700f
#endif /* yaSSLopensslv_h__ */
--- New file ---
+++ extra/yassl/include/openssl/rand.h 05/04/28 18:23:05
/* rand.h for openSSL */
--- New file ---
+++ extra/yassl/include/openssl/rsa.h 05/04/28 18:23:05
/* rsa.h for openSSL */
#ifndef ysSSL_rsa_h__
#define yaSSL_rsa_h__
enum { RSA_F4 = 1 };
#endif /* yaSSL_rsa_h__ */
--- New file ---
+++ extra/yassl/include/openssl/ssl.h 05/04/28 18:23:06
/* ssl.h
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* ssl.h defines openssl compatibility layer
*
*/
#ifndef ysSSL_openssl_h__
#define yaSSL_openssl_h__
#include <stdio.h> /* ERR_print fp */
#include "rsa.h"
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
namespace yaSSL {
extern "C" {
#endif
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
class SSL;
class SSL_SESSION;
class SSL_METHOD;
class SSL_CTX;
class SSL_CIPHER;
class RSA;
class X509;
class X509_NAME;
#else
typedef struct SSL SSL;
typedef struct SSL_SESION SSL_SESSION;
typedef struct SSL_METHOD SSL_METHOD;
typedef struct SSL_CTX SSL_CTX;
typedef struct SSL_CIPHER SSL_CIPHER;
typedef struct RSA RSA;
typedef struct X509 X509;
typedef struct X509_NAME X509_NAME;
#endif
/* Big Number stuff, different file? */
typedef struct BIGNUM BIGNUM;
BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*);
/* Diffie-Hellman stuff, different file? */
/* mySQL deferences to set group parameters */
typedef struct DH {
BIGNUM* p;
BIGNUM* g;
} DH;
DH* DH_new(void);
void DH_free(DH*);
/* RSA stuff */
void RSA_free(RSA*);
RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
/* X509 stuff, different file? */
typedef struct X509_STORE X509_STORE;
typedef struct X509_LOOKUP X509_LOOKUP;
typedef struct X509_OBJECT { char c; } X509_OBJECT;
typedef struct X509_CRL X509_CRL;
typedef struct X509_REVOKED X509_REVOKED;
typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
void X509_free(X509*);
/* bio stuff */
typedef struct BIO BIO;
/* ASN stuff */
typedef struct ASN1_TIME ASN1_TIME;
/* because mySQL dereferences to use error and current_cert, even after calling
* get functions for local references */
typedef struct X509_STORE_CTX {
int error;
int error_depth;
X509* current_cert;
} X509_STORE_CTX;
X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
int X509_STORE_CTX_get_error(X509_STORE_CTX*);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
char* X509_NAME_oneline(X509_NAME*, char*, int);
X509_NAME* X509_get_issuer_name(X509*);
X509_NAME* X509_get_subject_name(X509*);
const char* X509_verify_cert_error_string(long);
int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
X509_STORE* X509_STORE_new(void);
int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*,
X509_OBJECT*);
enum { /* X509 Constants */
X509_V_OK = 0,
X509_V_ERR_CERT_CHAIN_TOO_LONG = 1,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2,
X509_V_ERR_CERT_NOT_YET_VALID = 3,
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4,
X509_V_ERR_CERT_HAS_EXPIRED = 5,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6,
X509_FILETYPE_PEM = 7,
X509_LU_X509 = 8,
X509_LU_CRL = 9,
X509_V_ERR_CRL_SIGNATURE_FAILURE = 10,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11,
X509_V_ERR_CRL_HAS_EXPIRED = 12,
X509_V_ERR_CERT_REVOKED = 13,
};
/* Error stuff, could move to yassl_error */
unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
void ERR_print_errors_fp(FILE*);
char* ERR_error_string(unsigned long,char*);
void ERR_remove_state(unsigned long);
unsigned long ERR_get_error(void);
unsigned long ERR_peek_error(void);
int ERR_GET_REASON(int);
enum { /* ERR Constants */
ERR_TXT_STRING = 1,
EVP_R_BAD_DECRYPT = 2,
};
SSL_CTX* SSL_CTX_new(SSL_METHOD*);
SSL* SSL_new(SSL_CTX*);
int SSL_set_fd (SSL*, int);
int SSL_connect(SSL*);
int SSL_write(SSL*, const void*, int);
int SSL_read(SSL*, void*, int);
int SSL_accept(SSL*);
void SSL_CTX_free(SSL_CTX*);
void SSL_free(SSL*);
int SSL_clear(SSL*);
int SSL_shutdown(SSL*);
void SSL_set_connect_state(SSL*);
void SSL_set_accept_state(SSL*);
int SSL_do_handshake(SSL*);
const char* SSL_get_cipher(SSL*);
const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */
char* SSL_get_shared_ciphers(SSL*, char*, int);
const char* SSL_get_cipher_list(SSL*, int);
const char* SSL_get_version(SSL*);
const char* SSLeay_version(int);
int SSL_get_error(SSL*, int);
void SSL_load_error_strings(void);
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
long SSL_SESSION_set_timeout(SSL_SESSION*, long);
X509* SSL_get_peer_certificate(SSL*);
long SSL_get_verify_result(SSL*);
typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);
void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback);
int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
int SSL_CTX_set_default_verify_paths(SSL_CTX*);
int SSL_CTX_check_private_key(SSL_CTX*);
int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
unsigned int);
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
long SSL_CTX_set_options(SSL_CTX*, long);
long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
long SSL_CTX_set_timeout(SSL_CTX*, long);
int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*);
void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
void SSL_CTX_set_info_callback(SSL_CTX*, void (*)());
long SSL_CTX_sess_accept(SSL_CTX*);
long SSL_CTX_sess_connect(SSL_CTX*);
long SSL_CTX_sess_accept_good(SSL_CTX*);
long SSL_CTX_sess_connect_good(SSL_CTX*);
long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
long SSL_CTX_sess_hits(SSL_CTX*);
long SSL_CTX_sess_cb_hits(SSL_CTX*);
long SSL_CTX_sess_cache_full(SSL_CTX*);
long SSL_CTX_sess_misses(SSL_CTX*);
long SSL_CTX_sess_timeouts(SSL_CTX*);
long SSL_CTX_sess_number(SSL_CTX*);
long SSL_CTX_sess_get_cache_size(SSL_CTX*);
int SSL_CTX_get_verify_mode(SSL_CTX*);
int SSL_get_verify_mode(SSL*);
int SSL_CTX_get_verify_depth(SSL_CTX*);
int SSL_get_verify_depth(SSL*);
long SSL_get_default_timeout(SSL*);
long SSL_CTX_get_session_cache_mode(SSL_CTX*);
int SSL_session_reused(SSL*);
int SSL_set_rfd(SSL*, int);
int SSL_set_wfd(SSL*, int);
void SSL_set_shutdown(SSL*, int);
int SSL_want_read(SSL*);
int SSL_want_write(SSL*);
int SSL_pending(SSL*);
enum { /* ssl Constants */
SSL_BAD_FILETYPE = -5,
SSL_BAD_FILE = -4,
SSL_NOT_IMPLEMENTED = -3,
SSL_UNKNOWN = -2,
SSL_FATAL_ERROR = -1,
SSL_NORMAL_SHUTDOWN = 0,
SSL_ERROR_NONE = 0, // for most functions
SSL_FAILURE = 0, // for some functions
SSL_SUCCESS = 1,
SSL_FILETYPE_ASN1 = 10,
SSL_FILETYPE_PEM = 11,
SSL_FILETYPE_DEFAULT = 10, /* ASN1 */
SSL_VERIFY_NONE = 0,
SSL_VERIFY_PEER = 1,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
SSL_VERIFY_CLIENT_ONCE = 4,
SSL_SESS_CACHE_OFF = 30,
SSL_SESS_CACHE_CLIENT = 31,
SSL_SESS_CACHE_SERVER = 32,
SSL_SESS_CACHE_BOTH = 33,
SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
SSL_OP_MICROSOFT_SESS_ID_BUG = 50,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 51,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 55,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56,
SSL_OP_TLS_D5_BUG = 57,
SSL_OP_TLS_BLOCK_PADDING_BUG = 58,
SSL_OP_TLS_ROLLBACK_BUG = 59,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60,
SSL_OP_ALL = 61,
SSL_OP_SINGLE_DH_USE = 62,
SSL_OP_EPHEMERAL_RSA = 63,
SSL_OP_NO_SSLv2 = 64,
SSL_OP_NO_SSLv3 = 65,
SSL_OP_NO_TLSv1 = 66,
SSL_OP_PKCS1_CHECK_1 = 67,
SSL_OP_PKCS1_CHECK_2 = 68,
SSL_OP_NETSCAPE_CA_DN_BUG = 69,
SSL_OP_NON_EXPORT_FIRST = 70,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71,
SSL_ERROR_WANT_READ = 80,
SSL_ERROR_WANT_WRITE = 81,
SSL_ERROR_SYSCALL = 82,
SSL_ERROR_WANT_X509_LOOKUP = 83,
SSL_ERROR_ZERO_RETURN = 84,
SSL_ERROR_SSL = 85,
SSL_SENT_SHUTDOWN = 90,
SSL_RECEIVED_SHUTDOWN = 91,
SSL_CB_LOOP = 92,
SSL_ST_CONNECT = 93,
SSL_ST_ACCEPT = 94,
SSL_CB_ALERT = 95,
SSL_CB_READ = 96,
SSL_CB_HANDSHAKE_DONE = 97,
};
SSL_METHOD *SSLv3_method(void);
SSL_METHOD *SSLv3_server_method(void);
SSL_METHOD *SSLv3_client_method(void);
SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
SSL_METHOD *SSLv23_server_method(void);
int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
int SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
void OpenSSL_add_all_algorithms(void);
void SSLeay_add_ssl_algorithms(void);
SSL_CIPHER* SSL_get_current_cipher(SSL*);
char* SSL_CIPHER_description(SSL_CIPHER*, char*, int);
char* SSL_alert_type_string_long(int);
char* SSL_alert_desc_string_long(int);
char* SSL_state_string_long(SSL*);
/* EVP stuff, des and md5, different file? */
typedef struct Digest Digest;
typedef Digest EVP_MD;
typedef struct BulkCipher BulkCipher;
typedef BulkCipher EVP_CIPHER;
typedef struct EVP_PKEY EVP_PKEY;
typedef unsigned char DES_cblock[8];
typedef const DES_cblock const_DES_cblock;
typedef DES_cblock DES_key_schedule;
const EVP_MD* EVP_md5(void);
const EVP_CIPHER* EVP_des_ede3_cbc(void);
typedef unsigned char opaque;
int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*,
const opaque*, int, int, opaque*, opaque*);
void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*,
DES_key_schedule*, DES_key_schedule*, DES_cblock*, int);
/* RAND stuff */
void RAND_screen(void);
const char* RAND_file_name(char*, size_t);
int RAND_write_file(const char*);
int RAND_load_file(const char*, long);
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
} /* namespace */
} /* extern "C" */
#endif
#endif /* yaSSL_openssl_h__ */
--- New file ---
+++ extra/yassl/include/socket_wrapper.hpp 05/04/28 18:23:06
/* socket_wrapper.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The socket wrapper header defines a Socket class that hides the differences
* between Berkely style sockets and Windows sockets, allowing transparent TCP
* access.
*/
#ifndef yaSSL_SOCKET_WRAPPER_HPP
#define yaSSL_SOCKET_WRAPPER_HPP
#include <cassert>
#ifdef WIN32
#include <winsock2.h>
#else
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
namespace yaSSL {
typedef unsigned int uint;
#ifdef WIN32
typedef SOCKET socket_t;
#else
typedef int socket_t;
const socket_t INVALID_SOCKET = -1;
const int SD_RECEIVE = 0;
const int SD_SEND = 1;
const int SD_BOTH = 2;
const int SOCKET_ERROR = -1;
#endif
typedef unsigned char byte;
// Wraps Windows Sockets and BSD Sockets
class Socket {
socket_t socket_; // underlying socket descriptor
public:
explicit Socket(socket_t s = INVALID_SOCKET);
virtual ~Socket();
void set_fd(socket_t s);
uint get_ready() const;
socket_t get_fd() const;
uint send(const byte* buf, unsigned int len, int flags = 0) const;
uint receive(byte* buf, unsigned int len, int flags = 0) const;
void wait() const;
void closeSocket();
void shutDown(int how = SD_SEND);
static int get_lastError();
static void set_lastError(int error);
private:
Socket(const Socket&); // hide copy
Socket& operator= (const Socket&); // and assign
};
} // naemspace
#endif // yaSSL_SOCKET_WRAPPER_HPP
--- New file ---
+++ extra/yassl/include/timer.hpp 05/04/28 18:23:06
/* timer.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* timer.hpp provides a high res and low res timers
*
*/
#ifndef yaSSL_TIMER_HPP
#define yaSSL_TIMER_HPP
namespace yaSSL {
typedef double timer_d;
typedef unsigned int uint;
timer_d timer();
uint lowResTimer();
} // namespace
#endif // yaSSL_TIMER_HPP
--- New file ---
+++ extra/yassl/include/yassl_error.hpp 05/04/28 18:23:06
/* yassl_error.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL error header defines error codes and an exception class
*/
#ifndef yaSSL_ERROR_HPP
#define yaSSL_ERROR_HPP
#include "stdexcept.hpp"
namespace yaSSL {
enum YasslError {
no_error = 0,
// 10 - 47 from AlertDescription, 0 also close_notify
range_error = 101,
realloc_error = 102,
factory_error = 103,
unknown_cipher = 104,
prefix_error = 105,
record_layer = 106,
handshake_layer = 107,
out_of_order = 108,
bad_input = 109,
match_error = 110,
no_key_file = 111,
verify_error = 112,
send_error = 113,
receive_error = 114,
certificate_error = 115,
// 1000+ from TaoCrypt error.hpp
};
enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib };
// Base class for all yaSSL exceptions
class Error : public mySTL::runtime_error {
YasslError error_;
Library lib_;
public:
explicit Error(const char* s = "", YasslError e = no_error,
Library l = yaSSL_Lib);
YasslError get_number() const;
Library get_lib() const;
};
} // naemspace
#endif // yaSSL_ERROR_HPP
--- New file ---
+++ extra/yassl/include/yassl_imp.hpp 05/04/28 18:23:07
/* yassl_imp.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL implementation header defines all strucutres from the SSL.v3
* specification "draft-freier-ssl-version3-02.txt"
* all page citations refer to this document unless otherwise noted.
*/
#ifndef yaSSL_IMP_HPP
#define yaSSL_IMP_HPP
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
#include "yassl_types.hpp"
#include "factory.hpp"
#include "list.hpp" // mySTL::list
namespace yaSSL {
class SSL; // forward decls
class input_buffer;
class output_buffer;
struct ProtocolVersion {
uint8 major_;
uint8 minor_; // major and minor SSL/TLS version numbers
ProtocolVersion(uint8 maj = 3, uint8 min = 0);
};
// Record Layer Header for PlainText, Compressed, and CipherText
struct RecordLayerHeader {
ContentType type_;
ProtocolVersion version_;
uint16 length_; // should not exceed 2^14
};
// base for all messages
struct Message {
virtual input_buffer& set(input_buffer&) =0;
virtual output_buffer& get(output_buffer&) const =0;
virtual void Process(input_buffer&, SSL&) =0;
virtual ContentType get_type() const =0;
virtual uint16 get_length() const =0;
virtual ~Message() {}
};
class ChangeCipherSpec : public Message {
CipherChoice type_;
public:
ChangeCipherSpec();
friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&);
friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
ContentType get_type() const;
uint16 get_length() const;
void Process(input_buffer&, SSL&);
private:
ChangeCipherSpec(const ChangeCipherSpec&); // hide copy
ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign
};
class Alert : public Message {
AlertLevel level_;
AlertDescription description_;
public:
Alert() {}
Alert(AlertLevel al, AlertDescription ad);
ContentType get_type() const;
uint16 get_length() const;
void Process(input_buffer&, SSL&);
friend input_buffer& operator>>(input_buffer&, Alert&);
friend output_buffer& operator<<(output_buffer&, const Alert&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
private:
Alert(const Alert&); // hide copy
Alert& operator=(const Alert&); // and assign
};
class Data : public Message {
uint16 length_;
opaque* buffer_; // read buffer used by fillData input
const opaque* write_buffer_; // write buffer used by output operator
public:
Data();
Data(uint16 len, opaque* b);
Data(uint16 len, const opaque* w);
friend output_buffer& operator<<(output_buffer&, const Data&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
ContentType get_type() const;
uint16 get_length() const;
const opaque* get_buffer() const;
void set_length(uint16 l);
opaque* set_buffer();
void Process(input_buffer&, SSL&);
private:
Data(const Data&); // hide copy
Data& operator=(const Data&); // and assign
};
uint32 c24to32(const uint24); // forward form internal header
void c32to24(uint32, uint24&);
// HandShake header, same for each message type from page 20/21
class HandShakeHeader : public Message {
HandShakeType type_;
uint24 length_; // length of message
public:
HandShakeHeader() {}
ContentType get_type() const;
uint16 get_length() const;
HandShakeType get_handshakeType() const;
void Process(input_buffer&, SSL&);
void set_type(HandShakeType hst);
void set_length(uint32 u32);
friend input_buffer& operator>>(input_buffer&, HandShakeHeader&);
friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
private:
HandShakeHeader(const HandShakeHeader&); // hide copy
HandShakeHeader& operator=(const HandShakeHeader&); // and assign
};
// Base Class for all handshake messages
class HandShakeBase {
int length_;
public:
int get_length() const;
void set_length(int);
// for building buffer's type field
virtual HandShakeType get_type() const =0;
// handles dispactch of proper >>
virtual input_buffer& set(input_buffer& in) =0;
virtual output_buffer& get(output_buffer& out) const =0;
virtual void Process(input_buffer&, SSL&) =0;
virtual ~HandShakeBase() {}
};
struct HelloRequest : public HandShakeBase {
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
};
// The Client's Hello Message from page 23
class ClientHello : public HandShakeBase {
ProtocolVersion client_version_;
Random random_;
uint8 id_len_; // session id length
opaque session_id_[ID_LEN];
uint16 suite_len_; // cipher suite length
opaque cipher_suites_[MAX_SUITE_SZ];
uint8 comp_len_; // compression length
CompressionMethod compression_methods_;
public:
friend input_buffer& operator>>(input_buffer&, ClientHello&);
friend output_buffer& operator<<(output_buffer&, const ClientHello&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
friend void buildClientHello(SSL&, ClientHello&, CompressionMethod);
friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
ClientHello();
explicit ClientHello(ProtocolVersion pv);
private:
ClientHello(const ClientHello&); // hide copy
ClientHello& operator=(const ClientHello&); // and assign
};
// The Server's Hello Message from page 24
class ServerHello : public HandShakeBase {
ProtocolVersion server_version_;
Random random_;
uint8 id_len_; // session id length
opaque session_id_[ID_LEN];
opaque cipher_suite_[SUITE_LEN];
CompressionMethod compression_method_;
public:
explicit ServerHello(ProtocolVersion pv);
ServerHello();
friend input_buffer& operator>>(input_buffer&, ServerHello&);
friend output_buffer& operator<<(output_buffer&, const ServerHello&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
friend void buildServerHello(SSL&, ServerHello&);
private:
ServerHello(const ServerHello&); // hide copy
ServerHello& operator=(const ServerHello&); // and assign
};
class x509;
// Certificate could be a chain
class Certificate : public HandShakeBase {
const x509* cert_;
public:
Certificate();
explicit Certificate(const x509* cert);
friend output_buffer& operator<<(output_buffer&, const Certificate&);
const opaque* get_buffer() const;
// Process handles input, needs SSL
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
private:
Certificate(const Certificate&); // hide copy
Certificate& operator=(const Certificate&); // and assign
};
// RSA Public Key
struct ServerRSAParams {
opaque* rsa_modulus_;
opaque* rsa_exponent_;
};
// Ephemeral Diffie-Hellman Parameters
class ServerDHParams {
int pSz_;
int gSz_;
int pubSz_;
opaque* p_;
opaque* g_;
opaque* Ys_;
public:
ServerDHParams();
~ServerDHParams();
int get_pSize() const;
int get_gSize() const;
int get_pubSize() const;
const opaque* get_p() const;
const opaque* get_g() const;
const opaque* get_pub() const;
opaque* alloc_p(int sz);
opaque* alloc_g(int sz);
opaque* alloc_pub(int sz);
private:
ServerDHParams(const ServerDHParams&); // hide copy
ServerDHParams& operator=(const ServerDHParams&); // and assign
};
struct ServerKeyBase {
virtual ~ServerKeyBase() {}
virtual void build(SSL&) {}
virtual void read(SSL&, input_buffer&) {}
virtual int get_length() const;
virtual opaque* get_serverKey() const;
};
// Server random number for FORTEZZA KEA
struct Fortezza_Server : public ServerKeyBase {
opaque r_s_[FORTEZZA_MAX];
};
struct SignatureBase {
virtual ~SignatureBase() {}
};
struct anonymous_sa : public SignatureBase {};
struct Hashes {
uint8 md5_[MD5_LEN];
uint8 sha_[SHA_LEN];
};
struct rsa_sa : public SignatureBase {
Hashes hashes_;
};
struct dsa_sa : public SignatureBase {
uint8 sha_[SHA_LEN];
};
// Server's Diffie-Hellman exchange
class DH_Server : public ServerKeyBase {
ServerDHParams parms_;
opaque* signature_;
int length_; // total length of message
opaque* keyMessage_; // total exchange message
public:
DH_Server();
~DH_Server();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_serverKey() const;
private:
DH_Server(const DH_Server&); // hide copy
DH_Server& operator=(const DH_Server&); // and assign
};
// Server's RSA exchange
struct RSA_Server : public ServerKeyBase {
ServerRSAParams params_;
opaque* signature_; // signed rsa_sa hashes
};
class ServerKeyExchange : public HandShakeBase {
ServerKeyBase* server_key_;
public:
explicit ServerKeyExchange(SSL&);
ServerKeyExchange();
~ServerKeyExchange();
void createKey(SSL&);
void build(SSL& ssl);
const opaque* getKey() const;
int getKeyLength() const;
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
private:
ServerKeyExchange(const ServerKeyExchange&); // hide copy
ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign
};
class CertificateRequest : public HandShakeBase {
ClientCertificateType certificate_types_[CERT_TYPES];
int typeTotal_;
mySTL::list<DistinguishedName> certificate_authorities_;
public:
CertificateRequest();
~CertificateRequest();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend input_buffer& operator>>(input_buffer&, CertificateRequest&);
friend output_buffer& operator<<(output_buffer&,
const CertificateRequest&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
void Build();
private:
CertificateRequest(const CertificateRequest&); // hide copy
CertificateRequest& operator=(const CertificateRequest&); // and assign
};
struct ServerHelloDone : public HandShakeBase {
ServerHelloDone();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer& input, SSL& ssl);
HandShakeType get_type() const;
};
struct PreMasterSecret {
opaque random_[SECRET_LEN]; // first two bytes Protocol Version
};
struct ClientKeyBase {
virtual ~ClientKeyBase() {}
virtual void build(SSL&) {}
virtual void read(SSL&, input_buffer&) {}
virtual int get_length() const;
virtual opaque* get_clientKey() const;
};
class EncryptedPreMasterSecret : public ClientKeyBase {
opaque* secret_;
int length_;
public:
EncryptedPreMasterSecret();
~EncryptedPreMasterSecret();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_clientKey() const;
void alloc(int sz);
private:
// hide copy and assign
EncryptedPreMasterSecret(const EncryptedPreMasterSecret&);
EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&);
};
// Fortezza Key Parameters from page 29
// hard code lengths cause only used here
struct FortezzaKeys : public ClientKeyBase {
opaque y_c_ [128]; // client's Yc, public value
opaque r_c_ [128]; // client's Rc
opaque y_signature_ [40]; // DSS signed public key
opaque wrapped_client_write_key_ [12]; // wrapped by the TEK
opaque wrapped_server_write_key_ [12]; // wrapped by the TEK
opaque client_write_iv_ [24];
opaque server_write_iv_ [24];
opaque master_secret_iv_ [24]; // IV used to encrypt preMaster
opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK
};
// Diffie-Hellman public key from page 40/41
class ClientDiffieHellmanPublic : public ClientKeyBase {
PublicValueEncoding public_value_encoding_;
int length_; // includes two byte length for message
opaque* Yc_; // length + Yc_
// dh_Yc only if explicit, otherwise sent in certificate
enum { KEY_OFFSET = 2 };
public:
ClientDiffieHellmanPublic();
~ClientDiffieHellmanPublic();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_clientKey() const;
void alloc(int sz, bool offset = false);
private:
// hide copy and assign
ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&);
ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&);
};
class ClientKeyExchange : public HandShakeBase {
ClientKeyBase* client_key_;
public:
explicit ClientKeyExchange(SSL& ssl);
ClientKeyExchange();
~ClientKeyExchange();
void createKey(SSL&);
void build(SSL& ssl);
const opaque* getKey() const;
int getKeyLength() const;
friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
private:
ClientKeyExchange(const ClientKeyExchange&); // hide copy
ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign
};
class CertificateVerify : public HandShakeBase {
Hashes hashes_;
byte* signature_; // owns
public:
CertificateVerify();
~CertificateVerify();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend input_buffer& operator>>(input_buffer&, CertificateVerify&);
friend output_buffer& operator<<(output_buffer&, const CertificateVerify&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
void Build(SSL&);
private:
CertificateVerify(const CertificateVerify&); // hide copy
CertificateVerify& operator=(const CertificateVerify&); // and assign
};
class Finished : public HandShakeBase {
Hashes hashes_;
public:
Finished();
uint8* set_md5();
uint8* set_sha();
friend input_buffer& operator>>(input_buffer&, Finished&);
friend output_buffer& operator<<(output_buffer&, const Finished&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
private:
Finished(const Finished&); // hide copy
Finished& operator=(const Finished&); // and assign
};
class RandomPool; // forward for connection
// SSL Connection defined on page 11
struct Connection {
opaque *pre_master_secret_;
opaque master_secret_[SECRET_LEN];
opaque client_random_[RAN_LEN];
opaque server_random_[RAN_LEN];
opaque sessionID_[ID_LEN];
opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size
opaque server_write_MAC_secret_[SHA_LEN];
opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz
opaque server_write_key_[AES_256_KEY_SZ];
opaque client_write_IV_[AES_IV_SZ]; // aes is max size
opaque server_write_IV_[AES_IV_SZ];
uint32 sequence_number_;
uint32 peer_sequence_number_;
uint32 pre_secret_len_; // pre master length
bool send_server_key_; // server key exchange?
bool master_clean_; // master secret clean?
bool TLS_; // TLSv1 or greater
ProtocolVersion version_;
RandomPool& random_;
Connection(ProtocolVersion v, RandomPool& ran);
~Connection();
void AllocPreSecret(uint sz);
void CleanPreMaster();
void CleanMaster();
void TurnOffTLS();
private:
Connection(const Connection&); // hide copy
Connection& operator=(const Connection&); // and assign
};
struct Ciphers; // forward
// TLSv1 Security Spec, defined on page 56 of RFC 2246
struct Parameters {
ConnectionEnd entity_;
BulkCipherAlgorithm bulk_cipher_algorithm_;
CipherType cipher_type_;
uint8 key_size_;
uint8 iv_size_;
IsExportable is_exportable_;
MACAlgorithm mac_algorithm_;
uint8 hash_size_;
CompressionMethod compression_algorithm_;
KeyExchangeAlgorithm kea_; // yassl additions
SignatureAlgorithm sig_algo_; // signature auth type
SignatureAlgorithm verify_algo_; // cert verify auth type
bool pending_;
bool resumable_; // new conns by session
uint16 encrypt_size_; // current msg encrypt sz
Cipher suite_[SUITE_LEN]; // choosen suite
uint8 suites_size_;
Cipher suites_[MAX_SUITE_SZ];
char cipher_name_[MAX_SUITE_NAME];
char cipher_list_[MAX_CIPHER_LIST];
Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion);
void SetSuites(ProtocolVersion pv);
void SetCipherNames();
private:
Parameters(const Parameters&); // hide copy
Parameters& operator=(const Parameters&); // and assing
};
input_buffer& operator>>(input_buffer&, RecordLayerHeader&);
output_buffer& operator<<(output_buffer&, const RecordLayerHeader&);
input_buffer& operator>>(input_buffer&, Message&);
output_buffer& operator<<(output_buffer&, const Message&);
input_buffer& operator>>(input_buffer&, HandShakeBase&);
output_buffer& operator<<(output_buffer&, const HandShakeBase&);
// Message Factory definition
// uses the ContentType enumeration for unique id
typedef Factory<Message> MessageFactory;
void InitMessageFactory(MessageFactory&); // registers derived classes
// HandShake Factory definition
// uses the HandShakeType enumeration for unique id
typedef Factory<HandShakeBase> HandShakeFactory;
void InitHandShakeFactory(HandShakeFactory&); // registers derived classes
// ServerKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique id
typedef Factory<ServerKeyBase> ServerKeyFactory;
void InitServerKeyFactory(ServerKeyFactory&);
// ClientKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique id
typedef Factory<ClientKeyBase> ClientKeyFactory;
void InitClientKeyFactory(ClientKeyFactory&);
// Message Creators
Message* CreateHandShake();
Message* CreateCipherSpec();
Message* CreateAlert();
Message* CreateData();
// HandShake Creators
HandShakeBase* CreateCertificate();
HandShakeBase* CreateHelloRequest();
HandShakeBase* CreateClientHello();
HandShakeBase* CreateServerHello();
HandShakeBase* CreateServerKeyExchange();
HandShakeBase* CreateCertificateRequest();
HandShakeBase* CreateServerHelloDone();
HandShakeBase* CreateClientKeyExchange();
HandShakeBase* CreateCertificateVerify();
HandShakeBase* CreateFinished();
// ServerKey Exchange Creators
ServerKeyBase* CreateRSAServerKEA();
ServerKeyBase* CreateDHServerKEA();
ServerKeyBase* CreateFortezzaServerKEA();
// ClientKey Exchange Creators
ClientKeyBase* CreateRSAClient();
ClientKeyBase* CreateDHClient();
ClientKeyBase* CreateFortezzaClient();
} // naemspace
#endif // yaSSL_IMP_HPP
--- New file ---
+++ extra/yassl/include/yassl_int.hpp 05/04/28 18:23:07
/* yassl_int.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL internal header defines SSL supporting types not specified in the
* draft along with type conversion functions and openssl compatibility
*/
#ifndef yaSSL_INT_HPP
#define yaSSL_INT_HPP
#include "yassl_imp.hpp"
#include "crypto_wrapper.hpp"
#include "cert_wrapper.hpp"
#include "lock.hpp"
#include "log.hpp"
namespace yaSSL {
// State Machine for Record Layer Protocol
enum RecordLayerState {
recordNotReady = 0, // fatal error, no more processing
recordReady
};
// State Machine for HandShake Protocol
enum HandShakeState {
handShakeNotReady = 0, // fatal error, no more processing
preHandshake, // initial state
inHandshake, // handshake started
handShakeReady // handshake done
};
// client input HandShake state, use if HandShakeState == inHandShake
enum ClientState {
serverNull = 0,
serverHelloComplete,
serverCertComplete,
serverKeyExchangeComplete,
serverHelloDoneComplete,
serverFinishedComplete
};
// server input HandShake state, use if HandShakeState == inHandShake
enum ServerState {
clientNull = 0,
clientHelloComplete,
clientKeyExchangeComplete,
clientFinishedComplete
};
// combines all states
class States {
enum {MAX_ERROR_SZ = 80 };
RecordLayerState recordLayer_;
HandShakeState handshakeLayer_;
ClientState clientState_;
ServerState serverState_;
char errorString_[MAX_ERROR_SZ];
YasslError what_;
public:
States();
const RecordLayerState& getRecord() const;
const HandShakeState& getHandShake() const;
const ClientState& getClient() const;
const ServerState& getServer() const;
const char* getString() const;
YasslError What() const;
RecordLayerState& useRecord();
HandShakeState& useHandShake();
ClientState& useClient();
ServerState& useServer();
char* useString();
void SetError(YasslError);
private:
States(const States&); // hide copy
States& operator=(const States&); // and assign
};
// holds all factories
class sslFactory {
MessageFactory messageFactory_; // creates new messages by type
HandShakeFactory handShakeFactory_; // creates new handshake types
ServerKeyFactory serverKeyFactory_; // creates new server key types
ClientKeyFactory clientKeyFactory_; // creates new client key types
sslFactory(); // only GetSSL_Factory creates
public:
const MessageFactory& getMessage() const;
const HandShakeFactory& getHandShake() const;
const ServerKeyFactory& getServerKey() const;
const ClientKeyFactory& getClientKey() const;
friend sslFactory& GetSSL_Factory(); // singleton creator
private:
sslFactory(const sslFactory&); // hide copy
sslFactory& operator=(const sslFactory&); // and assign
};
// openSSL X509 names
class X509_NAME {
char* name_;
public:
X509_NAME(const char*, size_t sz);
~X509_NAME();
char* GetName();
private:
X509_NAME(const X509_NAME&); // hide copy
X509_NAME& operator=(const X509_NAME&); // and assign
};
// openSSL X509
class X509 {
X509_NAME issuer_;
X509_NAME subject_;
public:
X509(const char* i, size_t, const char* s, size_t);
~X509() {}
X509_NAME* GetIssuer();
X509_NAME* GetSubject();
private:
X509(const X509&); // hide copy
X509& operator=(const X509&); // and assign
};
// openSSL bignum
struct BIGNUM {
Integer int_;
void assign(const byte* b, uint s) { int_.assign(b,s); }
};
// openSSL session
class SSL_SESSION {
opaque sessionID_[ID_LEN];
opaque master_secret_[SECRET_LEN];
Cipher suite_[SUITE_LEN];
uint bornOn_; // create time in seconds
uint timeout_; // timeout in seconds
RandomPool& random_; // will clean master secret
public:
explicit SSL_SESSION(RandomPool&);
SSL_SESSION(const SSL&, RandomPool&);
~SSL_SESSION();
const opaque* GetID() const;
const opaque* GetSecret() const;
const Cipher* GetSuite() const;
uint GetBornOn() const;
uint GetTimeOut() const;
void SetTimeOut(uint);
SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption
private:
SSL_SESSION(const SSL_SESSION&); // hide copy
};
// holds all sessions
class Sessions {
mySTL::list<SSL_SESSION*> list_;
RandomPool random_; // for session cleaning
Mutex mutex_; // no-op for single threaded
Sessions() {} // only GetSessions can create
public:
SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0);
void add(const SSL&);
void remove(const opaque*);
~Sessions();
friend Sessions& GetSessions(); // singleton creator
private:
Sessions(const Sessions&); // hide copy
Sessions& operator=(const Sessions&); // and assign
};
Sessions& GetSessions(); // forward singletons
sslFactory& GetSSL_Factory();
// openSSL method and context types
class SSL_METHOD {
ProtocolVersion version_;
ConnectionEnd side_;
bool verifyPeer_;
bool failNoCert_;
public:
explicit SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv);
ProtocolVersion getVersion() const;
ConnectionEnd getSide() const;
void setVerifyPeer();
void setFailNoCert();
bool verifyPeer() const;
bool failNoCert() const;
private:
SSL_METHOD(const SSL_METHOD&); // hide copy
SSL_METHOD& operator=(const SSL_METHOD&); // and assign
};
struct Ciphers {
bool setSuites_; // user set suites from default
byte suites_[MAX_SUITE_SZ]; // new suites
int suiteSz_; // suite length in bytes
Ciphers() : setSuites_(false), suiteSz_(0) {}
};
struct DH; // forward
// save for SSL construction
struct DH_Parms {
Integer p_;
Integer g_;
bool set_; // if set by user
DH_Parms() : set_(false) {}
};
enum StatsField {
Accept, Connect, AcceptGood, ConnectGood, AcceptRenegotiate,
ConnectRenegotiate, Hits, CbHits, CacheFull, Misses, Timeouts, Number,
GetCacheSize, VerifyMode, VerifyDepth
};
// SSL stats
struct Stats {
long accept_;
long connect_;
long acceptGood_;
long connectGood_;
long acceptRenegotiate_;
long connectRenegotiate_;
long hits_;
long cbHits_;
long cacheFull_;
long misses_;
long timeouts_;
long number_;
long getCacheSize_;
int verifyMode_;
int verifyDepth_;
public:
Stats() : accept_(0), connect_(0), acceptGood_(0), connectGood_(0),
acceptRenegotiate_(0), connectRenegotiate_(0), hits_(0), cbHits_(0),
cacheFull_(0), misses_(0), timeouts_(0), number_(0), getCacheSize_(0),
verifyMode_(0), verifyDepth_(0)
{}
private:
Stats(const Stats&); // hide copy
Stats& operator=(const Stats&); // and assign
};
// the SSL context
class SSL_CTX {
public:
typedef mySTL::list<x509*> CertList;
private:
SSL_METHOD* method_;
x509* certificate_;
x509* privateKey_;
CertList caList_;
Ciphers ciphers_;
DH_Parms dhParms_;
Stats stats_;
Mutex mutex_; // for Stats
public:
explicit SSL_CTX(SSL_METHOD* meth);
~SSL_CTX();
const x509* getCert() const;
const x509* getKey() const;
const SSL_METHOD* getMethod() const;
const Ciphers& GetCiphers() const;
const DH_Parms& GetDH_Parms() const;
const Stats& GetStats() const;
void setVerifyPeer();
void setFailNoCert();
bool SetCipherList(const char*);
bool SetDH(const DH&);
void IncrementStats(StatsField);
void AddCA(x509* ca);
const CertList& GetCA_List() const;
friend int read_file(SSL_CTX*, const char*, int, CertType);
private:
SSL_CTX(const SSL_CTX&); // hide copy
SSL_CTX& operator=(const SSL_CTX&); // and assign
};
// holds all cryptographic types
class Crypto {
Digest* digest_; // agreed upon digest
BulkCipher* cipher_; // agreed upon cipher
DiffieHellman* dh_; // dh parms
RandomPool random_; // random number generator
CertManager cert_; // manages certificates
public:
explicit Crypto();
~Crypto();
const Digest& get_digest() const;
const BulkCipher& get_cipher() const;
const DiffieHellman& get_dh() const;
const RandomPool& get_random() const;
const CertManager& get_certManager() const;
Digest& use_digest();
BulkCipher& use_cipher();
DiffieHellman& use_dh();
RandomPool& use_random();
CertManager& use_certManager();
void SetDH(DiffieHellman*);
void SetDH(const DH_Parms&);
void setDigest(Digest*);
void setCipher(BulkCipher*);
bool DhSet();
private:
Crypto(const Crypto&); // hide copy
Crypto& operator=(const Crypto&); // and assign
};
// holds all handshake and verify hashes
class sslHashes {
MD5 md5HandShake_; // md5 handshake hash
SHA shaHandShake_; // sha handshake hash
Finished verify_; // peer's verify hash
Hashes certVerify_; // peer's cert verify hash
public:
sslHashes() {}
const MD5& get_MD5() const;
const SHA& get_SHA() const;
const Finished& get_verify() const;
const Hashes& get_certVerify() const;
MD5& use_MD5();
SHA& use_SHA();
Finished& use_verify();
Hashes& use_certVerify();
private:
sslHashes(const sslHashes&); // hide copy
sslHashes& operator=(const sslHashes&); // and assign
};
// holds input and output buffers
class Buffers {
typedef mySTL::list<input_buffer*> inputList;
typedef mySTL::list<output_buffer*> outputList;
inputList dataList_; // list of users app data / handshake
outputList handShakeList_; // buffered handshake msgs
public:
Buffers() {}
~Buffers();
const inputList& getData() const;
const outputList& getHandShake() const;
inputList& useData();
outputList& useHandShake();
private:
Buffers(const Buffers&); // hide copy
Buffers& operator=(const Buffers&); // and assign
};
// wraps security parameters
class Security {
Connection conn_; // connection information
Parameters parms_; // may be pending
SSL_SESSION resumeSession_; // if resuming
SSL_CTX* ctx_; // context used to init
bool resuming_; // trying to resume
public:
Security(ProtocolVersion, RandomPool&, ConnectionEnd, const Ciphers&,
SSL_CTX*);
const SSL_CTX* GetContext() const;
const Connection& get_connection() const;
const Parameters& get_parms() const;
const SSL_SESSION& get_resume() const;
bool get_resuming() const;
Connection& use_connection();
Parameters& use_parms();
SSL_SESSION& use_resume();
void set_resuming(bool b);
private:
Security(const Security&); // hide copy
Security& operator=(const Security&); // and assign
};
// THE SSL type
class SSL {
Crypto crypto_; // agreed crypto agents
Security secure_; // Connection and Session parms
States states_; // Record and HandShake states
sslHashes hashes_; // handshake, finished hashes
Socket socket_; // socket wrapper
Buffers buffers_; // buffered handshakes and data
Log log_; // logger
public:
SSL(SSL_CTX* ctx);
// gets and uses
const Crypto& getCrypto() const;
const Security& getSecurity() const;
const States& getStates() const;
const sslHashes& getHashes() const;
const sslFactory& getFactory() const;
const Socket& getSocket() const;
YasslError GetError() const;
Crypto& useCrypto();
Security& useSecurity();
States& useStates();
sslHashes& useHashes();
Socket& useSocket();
Log& useLog();
// sets
void set_pending(Cipher suite);
void set_random(const opaque*, ConnectionEnd);
void set_sessionID(const opaque*);
void set_session(SSL_SESSION*);
void set_preMaster(const opaque*, uint);
void set_masterSecret(const opaque*);
void SetError(YasslError);
// helpers
bool isTLS() const;
void order_error();
void makeMasterSecret();
void makeTLSMasterSecret();
void addData(input_buffer* data);
void fillData(Data&);
void addBuffer(output_buffer* b);
void flushBuffer();
void verifyState(const RecordLayerHeader&);
void verifyState(const HandShakeHeader&);
void verifyState(ClientState);
void verifyState(ServerState);
void verfiyHandShakeComplete();
void matchSuite(const opaque*, uint length);
void deriveKeys();
void deriveTLSKeys();
void Send(const byte*, uint);
uint bufferedData();
uint get_SEQIncrement(bool);
const byte* get_macSecret(bool);
private:
void storeKeys(const opaque*);
void setKeys();
void verifyClientState(HandShakeType);
void verifyServerState(HandShakeType);
SSL(const SSL&); // hide copy
const SSL& operator=(const SSL&); // and assign
};
// conversion functions
void c32to24(uint32, uint24&);
void c24to32(const uint24, uint32&);
uint32 c24to32(const uint24);
void ato16(const opaque*, uint16&);
void ato24(const opaque*, uint24&);
void c16toa(uint16, opaque*);
void c24toa(const uint24, opaque*);
void c32toa(uint32 u32, opaque*);
} // naemspace
#endif // yaSSL_INT_HPP
--- New file ---
+++ extra/yassl/include/yassl_types.hpp 05/04/28 18:23:07
/* yassl_types.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL types header defines all constants, enums, and typedefs
* from the SSL.v3 specification "draft-freier-ssl-version3-02.txt"
*/
#ifndef yaSSL_TYPES_HPP
#define yaSSL_TYPES_HPP
#include<cstddef>
namespace yaSSL {
// library allocation
struct new_t {}; // yaSSL New type
extern new_t ys; // pass in parameter
} // namespace yaSSL
void* operator new (size_t, yaSSL::new_t);
void* operator new[](size_t, yaSSL::new_t);
namespace yaSSL {
typedef unsigned char uint8;
typedef unsigned short uint16;
typedef unsigned int uint32;
typedef uint8 uint24[3];
typedef uint32 uint64[2];
typedef uint8 opaque;
typedef opaque byte;
typedef unsigned int uint;
// all length constants in bytes
const int ID_LEN = 32; // session id length
const int SUITE_LEN = 2; // cipher suite length
const int SECRET_LEN = 48; // pre RSA and all master secret length
const int MASTER_ROUNDS = 3; // master secret derivation rounds
const int RAN_LEN = 32; // client and server random length
const int MAC_BLOCK_SZ = 64; // MAC block size, & padding
const int MD5_LEN = 16; // MD5 digest length
const int SHA_LEN = 20; // SHA digest length
const int RMD_LEN = 20; // RIPEMD-160 digest length
const int PREFIX = 3; // up to 3 prefix letters for secret rounds
const int KEY_PREFIX = 7; // up to 7 prefix letters for key rounds
const int FORTEZZA_MAX = 128; // Maximum Fortezza Key length
const int MAX_SUITE_SZ = 64; // 32 max suites * sizeof(suite)
const int MAX_SUITE_NAME = 48; // max length of suite name
const int MAX_CIPHER_LIST = 512; // max length of cipher list names
const int SIZEOF_ENUM = 1; // SSL considers an enum 1 byte, not 4
const int SIZEOF_SENDER = 4; // Sender constant, for finished generation
const int PAD_MD5 = 48; // pad length 1 and 2 for md5 finished
const int PAD_SHA = 40; // should be 44, specd wrong by netscape
const int PAD_RMD = 44; // pad length for RIPEMD-160, some use 40??
const int CERT_HEADER = 3; // always use 3 bytes for certificate
const int CERT_TYPES = 7; // certificate request types
const int REQUEST_HEADER = 2; // request uses 2 bytes
const int VERIFY_HEADER = 2; // verify length field
const int MIN_CERT_TYPES = 1; // minimum certificate request types
const int MIN_DIS_NAMES = 3; // minimum distinguished names
const int MIN_DIS_SIZE = 1; // minimum distinguished name size
const int RECORD_HEADER = 5; // type + version + length(2)
const int HANDSHAKE_HEADER = 4; // type + length(3)
const int FINISHED_SZ = MD5_LEN + SHA_LEN; // sizeof finished data
const int TLS_FINISHED_SZ = 12; // TLS verify data size
const int SEQ_SZ = 8; // 64 bit sequence number
const int LENGTH_SZ = 2; // length field for HMAC, data only
const int VERSION_SZ = SIZEOF_ENUM * 2; // SSL/TLS length of version
const int DES_KEY_SZ = 8; // DES Key length
const int DES_EDE_KEY_SZ = 24; // DES EDE Key length
const int DES_BLOCK = 8; // DES is always fixed block size 8
const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES
const int RC4_KEY_SZ = 16; // RC4 Key length
const int AES_128_KEY_SZ = 16; // AES 128bit Key length
const int AES_256_KEY_SZ = 32; // AES 256bit Key length
const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268
const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length
const int DSS_SIG_SZ = 40; // two 20 byte high byte first Integers
const int DSS_ENCODED_EXTRA = 6; // seqID + len(1) + (intID + len(1)) * 2
const int EVP_SALT_SZ = 8;
const int MASTER_LABEL_SZ = 13; // TLS master secret label size
const int KEY_LABEL_SZ = 13; // TLS key block expansion size
const int FINISHED_LABEL_SZ = 15; // TLS finished lable length
const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random
const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds
const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard
typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS
typedef opaque Random[RAN_LEN];
typedef opaque* DistinguishedName;
typedef bool IsExportable;
enum CompressionMethod { no_compression = 0 };
enum CipherType { stream, block };
enum CipherChoice { change_cipher_spec_choice = 1 };
enum PublicValueEncoding { implicit_encoding, explicit_encoding };
enum ConnectionEnd { server_end, client_end };
enum AlertLevel { warning = 1, fatal = 2, };
// Record Layer Header identifier from page 12
enum ContentType {
no_type = 0,
change_cipher_spec = 20,
alert = 21,
handshake = 22,
application_data = 23
};
// HandShake Layer Header identifier from page 20
enum HandShakeType {
no_shake = -1,
hello_request = 0,
client_hello = 1,
server_hello = 2,
certificate = 11,
server_key_exchange = 12,
certificate_request = 13,
server_hello_done = 14,
certificate_verify = 15,
client_key_exchange = 16,
finished = 20
};
// Valid Alert types from page 16/17
enum AlertDescription {
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
decompression_failure = 30,
handshake_failure = 40,
no_certificate = 41,
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
certificate_expired = 45,
certificate_unknown = 46,
illegal_parameter = 47
};
// Supported Key Exchange Protocols
enum KeyExchangeAlgorithm {
no_kea = 0,
rsa_kea,
diffie_hellman_kea,
fortezza_kea
};
// Supported Authentication Schemes
enum SignatureAlgorithm {
anonymous_sa_algo = 0,
rsa_sa_algo,
dsa_sa_algo
};
// Valid client certificate request types from page 27
enum ClientCertificateType {
rsa_sign = 1,
dss_sign = 2,
rsa_fixed_dh = 3,
dss_fixed_dh = 4,
rsa_ephemeral_dh = 5,
dss_ephemeral_dh = 6,
fortezza_kea_cert = 20
};
// Supported Ciphers from page 43
enum BulkCipherAlgorithm {
cipher_null,
rc4,
rc2,
des,
triple_des, // leading 3 (3des) not valid identifier
des40,
idea,
aes
};
// Supported Message Authentication Codes from page 43
enum MACAlgorithm {
no_mac,
md5,
sha,
rmd
};
// Certificate file Type
enum CertType { Cert = 0, PrivateKey, CA };
// all Cipher Suites from pages 41/42
const Cipher SSL_NULL_WITH_NULL_NULL = 0; // { 0x00, 0x00 }
const Cipher SSL_RSA_WITH_NULL_MD5 = 1; // { 0x00, 0x01 }
const Cipher SSL_RSA_WITH_NULL_SHA = 2; // { 0x00, 0x02 }
const Cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3; // { 0x00, 0x03 }
const Cipher SSL_RSA_WITH_RC4_128_MD5 = 4; // { 0x00, 0x04 }
const Cipher SSL_RSA_WITH_RC4_128_SHA = 5; // { 0x00, 0x05 }
const Cipher SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6; // { 0x00, 0x06 }
const Cipher SSL_RSA_WITH_IDEA_CBC_SHA = 7; // { 0x00, 0x07 }
const Cipher SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8; // { 0x00, 0x08 }
const Cipher SSL_RSA_WITH_DES_CBC_SHA = 9; // { 0x00, 0x09 }
const Cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10; // { 0x00, 0x0A }
const Cipher SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11; // { 0x00, 0x0B }
const Cipher SSL_DH_DSS_WITH_DES_CBC_SHA = 12; // { 0x00, 0x0C }
const Cipher SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13; // { 0x00, 0x0D }
const Cipher SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14; // { 0x00, 0x0E }
const Cipher SSL_DH_RSA_WITH_DES_CBC_SHA = 15; // { 0x00, 0x0F }
const Cipher SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16; // { 0x00, 0x10 }
const Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17; // { 0x00, 0x11 }
const Cipher SSL_DHE_DSS_WITH_DES_CBC_SHA = 18; // { 0x00, 0x12 }
const Cipher SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19; // { 0x00, 0x13 }
const Cipher SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20; // { 0x00, 0x14 }
const Cipher SSL_DHE_RSA_WITH_DES_CBC_SHA = 21; // { 0x00, 0x15 }
const Cipher SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22; // { 0x00, 0x16 }
const Cipher SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23; // { 0x00, 0x17 }
const Cipher SSL_DH_anon_WITH_RC4_128_MD5 = 24; // { 0x00, 0x18 }
const Cipher SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25; // { 0x00, 0x19 }
const Cipher SSL_DH_anon_WITH_DES_CBC_SHA = 26; // { 0x00, 0x1A }
const Cipher SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27; // { 0x00, 0x1B }
const Cipher SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28; // { 0x00, 0x1C }
const Cipher SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29; // { 0x00, 0x1D }
const Cipher SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30; // { 0x00, 0x1E }
// .. to 0x2B uses Kerberos Authentication
// TLS AES extensions
const Cipher TLS_RSA_WITH_AES_128_CBC_SHA = 47; // { 0x00, 0x2F }
const Cipher TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48; // { 0x00, 0x30 }
const Cipher TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49; // { 0x00, 0x31 }
const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50; // { 0x00, 0x32 }
const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51; // { 0x00, 0x33 }
const Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA = 52; // { 0x00, 0x34 }
const Cipher TLS_RSA_WITH_AES_256_CBC_SHA = 53; // { 0x00, 0x35 }
const Cipher TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54; // { 0x00, 0x36 }
const Cipher TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55; // { 0x00, 0x37 }
const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56; // { 0x00, 0x38 }
const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57; // { 0x00, 0x39 }
const Cipher TLS_DH_anon_WITH_AES_256_CBC_SHA = 58; // { 0x00, 0x3A }
// OpenPGP extensions
const Cipher TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114; // { 0x00, 0x72 };
const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115; // { 0x00, 0x73 };
const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116; // { 0x00, 0x74 };
const Cipher TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119; // { 0x00, 0x77 };
const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120; // { 0x00, 0x78 };
const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121; // { 0x00, 0x79 };
const Cipher TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124; // { 0x00, 0x7C };
const Cipher TLS_RSA_WITH_AES_128_CBC_RMD160 = 125; // { 0x00, 0x7D };
const Cipher TLS_RSA_WITH_AES_256_CBC_RMD160 = 126; // { 0x00, 0x7E };
const char* const null_str = "";
const char* const cipher_names[128] =
{
null_str, // SSL_NULL_WITH_NULL_NULL = 0
null_str, // SSL_RSA_WITH_NULL_MD5 = 1
null_str, // SSL_RSA_WITH_NULL_SHA = 2
null_str, // SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3
"RC4-MD5", // SSL_RSA_WITH_RC4_128_MD5 = 4
"RC4-SHA", // SSL_RSA_WITH_RC4_128_SHA = 5
null_str, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
null_str, // SSL_RSA_WITH_IDEA_CBC_SHA = 7
null_str, // SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
"DES-CBC-SHA", // SSL_RSA_WITH_DES_CBC_SHA = 9
"DES-CBC3-SHA", // SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10
null_str, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
null_str, // SSL_DH_DSS_WITH_DES_CBC_SHA = 12
null_str, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
null_str, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
null_str, // SSL_DH_RSA_WITH_DES_CBC_SHA = 15
null_str, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
null_str, // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
"EDH-DSS-DES-CBC-SHA", // SSL_DHE_DSS_WITH_DES_CBC_SHA = 18
"EDH-DSS-DES-CBC3-SHA", // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
null_str, // SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
"EDH-RSA-DES-CBC-SHA", // SSL_DHE_RSA_WITH_DES_CBC_SHA = 21
"EDH-RSA-DES-CBC3-SHA", // SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
null_str, // SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23
null_str, // SSL_DH_anon_WITH_RC4_128_MD5 = 24
null_str, // SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25
null_str, // SSL_DH_anon_WITH_DES_CBC_SHA = 26
null_str, // SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27
null_str, // SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28
null_str, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29
null_str, // SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30
null_str, null_str, null_str, null_str, null_str, // 31 - 35
null_str, null_str, null_str, null_str, null_str, // 36 - 40
null_str, null_str, null_str, null_str, null_str, // 41 - 45
null_str, // 46
// TLS AES extensions
"AES128-SHA", // TLS_RSA_WITH_AES_128_CBC_SHA = 47
null_str, // TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
null_str, // TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49
"DHE-DSS-AES128-SHA", // TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
"DHE-RSA-AES128-SHA", // TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
null_str, // TLS_DH_anon_WITH_AES_128_CBC_SHA = 52
"AES256-SHA", // TLS_RSA_WITH_AES_256_CBC_SHA = 53
null_str, // TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
null_str, // TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55
"DHE-DSS-AES256-SHA", // TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
"DHE-RSA-AES256-SHA", // TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
null_str, // TLS_DH_anon_WITH_AES_256_CBC_SHA = 58
null_str, // 59
null_str, // 60
null_str, null_str, null_str, null_str, null_str, // 61 - 65
null_str, null_str, null_str, null_str, null_str, // 66 - 70
null_str, null_str, null_str, null_str, null_str, // 71 - 75
null_str, null_str, null_str, null_str, null_str, // 76 - 80
null_str, null_str, null_str, null_str, null_str, // 81 - 85
null_str, null_str, null_str, null_str, null_str, // 86 - 90
null_str, null_str, null_str, null_str, null_str, // 91 - 95
null_str, null_str, null_str, null_str, null_str, // 96 - 100
null_str, null_str, null_str, null_str, null_str, // 101 - 105
null_str, null_str, null_str, null_str, null_str, // 106 - 110
null_str, null_str, null_str, // 111 - 113
"DHE-DSS-DES-CBC3-RMD", // TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114
"DHE-DSS-AES128-RMD", // TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115
"DHE-DSS-AES256-RMD", // TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116
null_str, // 117
null_str, // 118
"DHE-RSA-DES-CBC3-RMD", // TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119
"DHE-RSA-AES128-RMD", // TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120
"DHE-RSA-AES256-RMD", // TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121
null_str, // 122
null_str, // 123
"DES-CBC3-RMD", // TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124
"AES128-RMD", // TLS_RSA_WITH_AES_128_CBC_RMD160 = 125
"AES256-RMD", // TLS_RSA_WITH_AES_256_CBC_RMD160 = 126
null_str, // 127
};
// fill with MD5 pad size since biggest required
const opaque PAD1[PAD_MD5] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
};
const opaque PAD2[PAD_MD5] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
};
const opaque client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
const opaque server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
const opaque tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
const opaque tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
const opaque master_label[MASTER_LABEL_SZ + 1] = "master secret";
const opaque key_label [KEY_LABEL_SZ + 1] = "key expansion";
} // naemspace
#endif // yaSSL_TYPES_HPP
--- New file ---
+++ extra/yassl/mySTL/algorithm.hpp 05/04/28 18:23:07
/* mySTL algorithm.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL algorithm implements max, min, for_each, swap, find_if, copy,
* copy_backward, fill
*/
#ifndef mySTL_ALGORITHM_HPP
#define mySTL_ALGORITHM_HPP
namespace mySTL {
template<typename T>
inline const T& max(const T& a, const T&b)
{
return a < b ? b : a;
}
template<typename T>
inline const T& min(const T& a, const T&b)
{
return b < a ? b : a;
}
template<typename InIter, typename Func>
Func for_each(InIter first, InIter last, Func op)
{
while (first != last) {
op(*first);
++first;
}
return op;
}
template<typename T>
inline void swap(T& a, T& b)
{
T tmp = a;
a = b;
b = tmp;
}
template<typename InIter, typename Pred>
InIter find_if(InIter first, InIter last, Pred pred)
{
while (first != last && !pred(*first))
++first;
return first;
}
template<typename InputIter, typename OutputIter>
inline OutputIter copy(InputIter first, InputIter last, OutputIter place)
{
while (first != last) {
*place = *first;
++first;
++place;
}
return place;
}
template<typename InputIter, typename OutputIter>
inline OutputIter
copy_backward(InputIter first, InputIter last, OutputIter place)
{
while (first != last)
*--place = *--last;
return place;
}
template<typename InputIter, typename T>
void fill(InputIter first, InputIter last, const T& v)
{
while (first != last) {
*first = v;
++first;
}
}
} // namespace mySTL
#endif // mySTL_ALGORITHM_HPP
--- New file ---
+++ extra/yassl/mySTL/helpers.hpp 05/04/28 18:23:07
/* mySTL helpers.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL helpers implements misc constructs for vector and list
*
*/
#ifndef mySTL_HELPERS_HPP
#define mySTL_HELPERS_HPP
#include <cstdlib>
namespace mySTL {
template <typename T, typename T2>
inline void construct(T* p, const T2& value)
{
new (static_cast<void*>(p)) T(value);
}
template <typename T>
inline void construct(T* p)
{
new (static_cast<void*>(p)) T();
}
template <typename T>
inline void destroy(T* p)
{
p->~T();
}
template <typename Iter>
void destroy(Iter first, Iter last)
{
while (first != last) {
destroy(&*first);
++first;
}
}
template <typename Iter, typename PlaceIter>
PlaceIter uninit_copy(Iter first, Iter last, PlaceIter place)
{
while (first != last) {
construct(&*place, *first);
++first;
++place;
}
return place;
}
template <typename PlaceIter, typename Size, typename T>
PlaceIter uninit_fill_n(PlaceIter place, Size n, const T& value)
{
while (n) {
construct(&*place, value);
--n;
++place;
}
return place;
}
} // namespace mySTL
#endif // mySTL_HELPERS_HPP
--- New file ---
+++ extra/yassl/mySTL/list.hpp 05/04/28 18:23:08
/* mySTL list.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL list implements a simple list
*
*/
#ifndef mySTL_LIST_HPP
#define mySTL_LIST_HPP
#include "helpers.hpp"
#include <new> // ::operator new and delete, placement too
namespace mySTL {
template<typename T>
class list {
struct node {
node(T t) : prev_(0), next_(0), value_(t) {}
node* prev_;
node* next_;
T value_;
};
public:
list() : head_(0), tail_(0), sz_(0) {}
~list();
void push_front(T);
void pop_front();
T front() const;
void push_back(T);
void pop_back();
T back() const;
bool remove(T);
size_t size() const { return sz_; }
bool empty() const { return sz_ == 0; }
class iterator {
node* current_;
public:
iterator() : current_(0) {}
explicit iterator(node* p) : current_(p) {}
T& operator*() const
{
return current_->value_;
}
T* operator->() const
{
return &(operator*());
}
iterator& operator++()
{
current_ = current_->next_;
return *this;
}
iterator& operator--()
{
current_ = current_->prev_;
return *this;
}
iterator& operator++(int)
{
iterator tmp = *this;
current_ = current_->next_;
return tmp;
}
iterator& operator--(int)
{
iterator tmp = *this;
current_ = current_->prev_;
return tmp;
}
bool operator==(const iterator& other) const
{
return current_ == other.current_;
}
bool operator!=(const iterator& other) const
{
return current_ != other.current_;
}
friend class list<T>;
};
bool erase(iterator);
iterator begin() const { return iterator(head_); }
iterator rbegin() const { return iterator(tail_); }
iterator end() const { return iterator(); }
typedef iterator const_iterator; // for now
class underflow {};
class overflow {};
private:
node* head_;
node* tail_;
size_t sz_;
node* look_up(T);
list(const list&); // hide copy
list& operator=(const list&); // and assign
};
template<typename T>
list<T>::~list()
{
node* start = head_;
node* next_;
for (; start; start = next_) {
next_ = start->next_;
destroy(start);
::operator delete(start);
}
}
template<typename T>
void list<T>::push_front(T t)
{
void* mem = ::operator new(sizeof(node));
if (!mem) abort();
node* add = new (mem) node(t);
if (head_) {
add->next_ = head_;
head_->prev_ = add;
}
else
tail_ = add;
head_ = add;
++sz_;
}
template<typename T>
void list<T>::pop_front()
{
node* front = head_;
if (head_ == 0)
return;
else if (head_ == tail_)
head_ = tail_ = 0;
else {
head_ = head_->next_;
head_->prev_ = 0;
}
destroy(front);
::operator delete(front);
--sz_;
}
template<typename T>
T list<T>::front() const
{
if (head_ == 0) return 0;
return head_->value_;
}
template<typename T>
void list<T>::push_back(T t)
{
void* mem = ::operator new(sizeof(node));
if (!mem) abort();
node* add = new (mem) node(t);
if (tail_) {
tail_->next_ = add;
add->prev_ = tail_;
}
else
head_ = add;
tail_ = add;
++sz_;
}
template<typename T>
void list<T>::pop_back()
{
node* rear = tail_;
if (tail_ == 0)
return;
else if (tail_ == head_)
tail_ = head_ = 0;
else {
tail_ = tail_->prev_;
tail_->next_ = 0;
}
destroy(rear);
::operator delete(rear);
--sz_;
}
template<typename T>
T list<T>::back() const
{
if (back == 0) return 0;
return back->value_;
}
template<typename T>
typename list<T>::node* list<T>::look_up(T t)
{
node* list = head_;
if (list == 0) return 0;
for (; list; list = list->next_)
if (list->value_ == t)
return list;
return 0;
}
template<typename T>
bool list<T>::remove(T t)
{
node* del = look_up(t);
if (del == 0)
return false;
else if (del == head_)
pop_front();
else if (del == tail_)
pop_back();
else {
del->prev_->next_ = del->next_;
del->next_->prev_ = del->prev_;
destroy(del);
::operator delete(del);
--sz_;
}
return true;
}
template<typename T>
bool list<T>::erase(iterator iter)
{
node* del = iter.current_;
if (del == 0)
return false;
else if (del == head_)
pop_front();
else if (del == tail_)
pop_back();
else {
del->prev_->next_ = del->next_;
del->next_->prev_ = del->prev_;
destroy(del);
::operator delete(del);
--sz_;
}
return true;
}
/* MSVC can't handle ??
template<typename T>
T& list<T>::iterator::operator*() const
{
return current_->value_;
}
template<typename T>
T* list<T>::iterator::operator->() const
{
return &(operator*());
}
template<typename T>
typename list<T>::iterator& list<T>::iterator::operator++()
{
current_ = current_->next_;
return *this;
}
template<typename T>
typename list<T>::iterator& list<T>::iterator::operator--()
{
current_ = current_->prev_;
return *this;
}
template<typename T>
typename list<T>::iterator& list<T>::iterator::operator++(int)
{
iterator tmp = *this;
current_ = current_->next_;
return tmp;
}
template<typename T>
typename list<T>::iterator& list<T>::iterator::operator--(int)
{
iterator tmp = *this;
current_ = current_->prev_;
return tmp;
}
template<typename T>
bool list<T>::iterator::operator==(const iterator& other) const
{
return current_ == other.current_;
}
template<typename T>
bool list<T>::iterator::operator!=(const iterator& other) const
{
return current_ != other.current_;
}
*/ // end MSVC 6 can't handle
} // namespace mySTL
#endif // mySTL_LIST_HPP
--- New file ---
+++ extra/yassl/mySTL/memory.hpp 05/04/28 18:23:08
/* mySTL memory.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL memory implements auto_ptr
*
*/
#ifndef mySTL_MEMORY_HPP
#define mySTL_MEMORY_HPP
#ifdef _MSC_VER
// disable operator-> warning for builtins
#pragma warning(disable:4284)
#endif
namespace mySTL {
template<typename T>
struct auto_ptr_ref {
T* ptr_;
explicit auto_ptr_ref(T* p) : ptr_(p) {}
};
template<typename T>
class auto_ptr {
T* ptr_;
public:
explicit auto_ptr(T* p = 0) : ptr_(p) {}
~auto_ptr()
{
delete ptr_;
}
auto_ptr(auto_ptr& other) : ptr_(other.release()) {}
auto_ptr& operator=(auto_ptr& that)
{
if (this != &that) {
delete ptr_;
ptr_ = that.release();
}
return *this;
}
T* operator->() const
{
return ptr_;
}
T& operator*() const
{
return *ptr_;
}
T* get() const
{
return ptr_;
}
T* release()
{
T* tmp = ptr_;
ptr_ = 0;
return tmp;
}
void reset(T* p = 0)
{
if (ptr_ != p) {
delete ptr_;
ptr_ = p;
}
}
// auto_ptr_ref conversions
auto_ptr(auto_ptr_ref<T> ref) : ptr_(ref.ptr_) {}
auto_ptr& operator=(auto_ptr_ref<T> ref)
{
if (this->ptr_ != ref.ptr_) {
delete ptr_;
ptr_ = ref.ptr_;
}
return *this;
}
template<typename T2>
operator auto_ptr<T2>()
{
return auto_ptr<T2>(this->release());
}
template<typename T2>
operator auto_ptr_ref<T2>()
{
return auto_ptr_ref<T2>(this->release());
}
};
} // namespace mySTL
#endif // mySTL_MEMORY_HPP
--- New file ---
+++ extra/yassl/mySTL/pair.hpp 05/04/28 18:23:08
/* mySTL pair.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL pair implements pair
*
*/
#ifndef mySTL_PAIR_HPP
#define mySTL_PAIR_HPP
namespace mySTL {
template<typename T1, typename T2>
struct pair {
typedef T1 first_type;
typedef T2 second_type;
first_type first;
second_type second;
pair() {}
pair(const T1& t1, const T2& t2) : first(t1), second(t2) {}
template<typename U1, typename U2>
pair(const pair<U1, U2>& p) : first(p.first), second(p.second) {}
};
template<typename T1, typename T2>
inline pair<T1, T2> make_pair(const T1& a, const T2& b)
{
return pair<T1, T2>(a, b);
}
} // namespace mySTL
#endif // mySTL_PAIR_HPP
--- New file ---
+++ extra/yassl/mySTL/stdexcept.hpp 05/04/28 18:23:08
/* mySTL stdexcept.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL memory implements exception, runtime_error
*
*/
#ifndef mySTL_STDEXCEPT_HPP
#define mySTL_STDEXCEPT_HPP
#include <cstring> // strncpy
namespace mySTL {
class exception {
public:
exception() {}
virtual ~exception() {}
virtual const char* what() const { return ""; }
};
class named_exception : public exception {
public:
enum { NAME_SIZE = 80 };
explicit named_exception(const char* str)
{
strncpy(name_, str, NAME_SIZE);
name_[NAME_SIZE - 1] = 0;
}
virtual const char* what() const { return name_; }
private:
char name_[NAME_SIZE];
};
class runtime_error : public named_exception {
public:
explicit runtime_error(const char* str) : named_exception(str) {}
};
} // namespace mySTL
#endif // mySTL_STDEXCEPT_HPP
--- New file ---
+++ extra/yassl/mySTL/vector.hpp 05/04/28 18:23:08
/* mySTL vector.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* mySTL vector implements simple vector, w/ swap
*
*/
#ifndef mySTL_VECTOR_HPP
#define mySTL_VECTOR_HPP
#include "helpers.hpp" // construct, destory, fill, etc.
#include "algorithm.hpp" // swap
#include <new> // ::operator new and delete, placement too
#include <cassert> // assert
namespace mySTL {
template <typename T>
struct vector_base {
T* start_;
T* finish_;
T* end_of_storage_;
vector_base() : start_(0), finish_(0), end_of_storage_(0) {}
vector_base(size_t n)
{
start_ = static_cast<T*>(::operator new(n * sizeof(T)));
if (!start_) abort();
finish_ = start_;
end_of_storage_ = start_ + n;
}
~vector_base() { ::operator delete(start_); }
void Swap(vector_base& that)
{
swap(start_, that.start_);
swap(finish_, that.finish_);
swap(end_of_storage_, that.end_of_storage_);
}
};
template <typename T>
class vector {
public:
vector() {}
explicit vector(size_t n) : vec_(n)
{
vec_.finish_ = uninit_fill_n(vec_.start_, n, T());
}
~vector() { destroy(vec_.start_, vec_.finish_); }
vector(const vector& other) : vec_(other.size())
{
vec_.finish_ = uninit_copy(other.vec_.start_, other.vec_.finish_,
vec_.start_);
}
size_t capacity() const { return vec_.end_of_storage_ - vec_.start_; }
size_t size() const { return vec_.finish_ - vec_.start_; }
T& operator[](size_t idx) { return *(vec_.start_ + idx); }
const T& operator[](size_t idx) const { return *(vec_.start_ + idx); }
const T* begin() const { return vec_.start_; }
const T* end() const { return vec_.finish_; }
void push_back(const T& v)
{
if (vec_.finish_ != vec_.end_of_storage_) {
construct(vec_.finish_, v);
++vec_.finish_;
}
else {
vector tmp(size() * 2 + 1, *this);
construct(tmp.vec_.finish_, v);
++tmp.vec_.finish_;
Swap(tmp);
}
}
void resize(size_t n, const T& v)
{
if (n == size()) return;
if (n < size()) {
T* first = vec_.start_ + n;
destroy(first, vec_.finish_);
vec_.finish_ -= vec_.finish_ - first;
}
else {
vector tmp(n, *this);
tmp.vec_.finish_ = uninit_fill_n(tmp.vec_.finish_, n - size(), v);
Swap(tmp);
}
}
void reserve(size_t n)
{
if (capacity() < n) {
vector tmp(n, *this);
Swap(tmp);
}
}
void Swap(vector& that)
{
vec_.Swap(that.vec_);
}
private:
vector_base<T> vec_;
vector& operator=(const vector&); // hide assign
// for growing, n must be bigger than other size
vector(size_t n, const vector& other) : vec_(n)
{
assert(n > other.size());
vec_.finish_ = uninit_copy(other.vec_.start_, other.vec_.finish_,
vec_.start_);
}
};
} // namespace mySTL
#endif // mySTL_VECTOR_HPP
--- New file ---
+++ extra/yassl/src/Makefile.am 05/04/28 18:23:09
INCLUDES = -I../include -I../taocrypt/include -I../mySTL
noinst_LIBRARIES = libyassl.a
libyassl_a_SOURCES = buffer.cpp cert_wrapper.cpp crypto_wrapper.cpp \
handshake.cpp lock.cpp log.cpp socket_wrapper.cpp ssl.cpp \
timer.cpp yassl_imp.cpp yassl_error.cpp yassl_int.cpp
EXTRA_DIST = ../include/*.hpp ../include/openssl/*.h
CXXFLAGS=`echo "@CXXFLAGS@" | sed 's/-fno-implicit-templates//'`
--- New file ---
+++ extra/yassl/src/buffer.cpp 05/04/28 18:23:09
/* buffer.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL buffer header implements input/output buffers to simulate streaming
* with SSL types and sockets
*/
#include "runtime.hpp"
#include "buffer.hpp"
#include "yassl_types.hpp"
namespace yaSSL {
// Checking Policy should implement a check function that tests whether the
// index is within the size limit of the array
void Check::check(uint i, uint limit)
{
assert(i < limit);
}
void NoCheck::check(uint, uint)
{
}
/* input_buffer operates like a smart c style array with a checking option,
* meant to be read from through [] with AUTO index or read().
* Should only write to at/near construction with assign() or raw (e.g., recv)
* followed by add_size with the number of elements added by raw write.
*
* Not using vector because need checked []access, offset, and the ability to
* write to the buffer bulk wise and have the correct size
*/
input_buffer::input_buffer()
: size_(0), current_(0), buffer_(0), end_(0)
{}
input_buffer::input_buffer(uint s)
: size_(0), current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s)
{}
// with assign
input_buffer::input_buffer(uint s, const byte* t, uint len)
: size_(0), current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s)
{
assign(t, len);
}
input_buffer::~input_buffer()
{
delete [] buffer_;
}
// users can pass defualt zero length buffer and then allocate
void input_buffer::allocate(uint s)
{
assert(!buffer_); // find realloc error
buffer_ = new (ys) byte[s];
end_ = buffer_ + s;
}
// for passing to raw writing functions at beginning, then use add_size
byte* input_buffer::get_buffer() const
{
return buffer_;
}
// after a raw write user can set new size
// if you know the size before the write use assign()
void input_buffer::add_size(uint i)
{
check(size_ + i-1, get_capacity());
size_ += i;
}
uint input_buffer::get_capacity() const
{
return end_ - buffer_;
}
uint input_buffer::get_current() const
{
return current_;
}
uint input_buffer::get_size() const
{
return size_;
}
uint input_buffer::get_remaining() const
{
return size_ - current_;
}
void input_buffer::set_current(uint i)
{
if (i)
check(i - 1, size_);
current_ = i;
}
// read only access through [], advance current
// user passes in AUTO index for ease of use
const byte& input_buffer::operator[](uint i)
{
assert (i == AUTO);
check(current_, size_);
return buffer_[current_++];
}
// end of input test
bool input_buffer::eof()
{
return current_ >= size_;
}
// peek ahead
byte input_buffer::peek() const
{
return buffer_[current_];
}
// write function, should use at/near construction
void input_buffer::assign(const byte* t, uint s)
{
check(current_, get_capacity());
add_size(s);
memcpy(&buffer_[current_], t, s);
}
// use read to query input, adjusts current
void input_buffer::read(byte* dst, uint length)
{
check(current_ + length - 1, size_);
memcpy(dst, &buffer_[current_], length);
current_ += length;
}
/* output_buffer operates like a smart c style array with a checking option.
* Meant to be written to through [] with AUTO index or write().
* Size (current) counter increases when written to. Can be constructed with
* zero length buffer but be sure to allocate before first use.
* Don't use add write for a couple bytes, use [] instead, way less overhead.
*
* Not using vector because need checked []access and the ability to
* write to the buffer bulk wise and retain correct size
*/
output_buffer::output_buffer()
: current_(0), buffer_(0), end_(0)
{}
// with allocate
output_buffer::output_buffer(uint s)
: current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s)
{}
// with assign
output_buffer::output_buffer(uint s, const byte* t, uint len)
: current_(0), buffer_(new (ys) byte[s]), end_(buffer_+ s)
{
write(t, len);
}
output_buffer::~output_buffer()
{
delete [] buffer_;
}
uint output_buffer::get_size() const
{
return current_;
}
uint output_buffer::get_capacity() const
{
return end_ - buffer_;
}
void output_buffer::set_current(uint c)
{
check(c, get_capacity());
current_ = c;
}
// users can pass defualt zero length buffer and then allocate
void output_buffer::allocate(uint s)
{
assert(!buffer_); // find realloc error
buffer_ = new (ys) byte[s]; end_ = buffer_ + s;
}
// for passing to reading functions when finished
const byte* output_buffer::get_buffer() const
{
return buffer_;
}
// allow write access through [], update current
// user passes in AUTO as index for ease of use
byte& output_buffer::operator[](uint i)
{
assert(i == AUTO);
check(current_, get_capacity());
return buffer_[current_++];
}
// end of output test
bool output_buffer::eof()
{
return current_ >= get_capacity();
}
void output_buffer::write(const byte* t, uint s)
{
check(current_ + s - 1, get_capacity());
memcpy(&buffer_[current_], t, s);
current_ += s;
}
} // naemspace
--- New file ---
+++ extra/yassl/src/cert_wrapper.cpp 05/04/28 18:23:09
/* cert_wrapper.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The certificate wrapper source implements certificate management functions
*
*/
#include "runtime.hpp"
#include "cert_wrapper.hpp"
#include "yassl_int.hpp"
#if defined(USE_CML_LIB)
#include "cmapi_cpp.h"
#else
#include "asn.hpp"
#include "file.hpp"
#endif // USE_CML_LIB
namespace yaSSL {
x509::x509(uint sz) : length_(sz), buffer_(new (ys) opaque[sz])
{
}
x509::~x509()
{
delete [] buffer_;
}
x509::x509(const x509& that) : length_(that.length_),
buffer_(new (ys) opaque[length_])
{
memcpy(buffer_, that.buffer_, length_);
}
void x509::Swap(x509& that)
{
mySTL::swap(length_, that.length_);
mySTL::swap(buffer_, that.buffer_);
}
x509& x509::operator=(const x509& that)
{
x509 temp(that);
Swap(temp);
return *this;
}
uint x509::get_length() const
{
return length_;
}
const opaque* x509::get_buffer() const
{
return buffer_;
}
opaque* x509::use_buffer()
{
return buffer_;
}
//CertManager
CertManager::CertManager()
: peerX509_(0), verifyPeer_(false), failNoCert_(false), sendVerify_(false)
{}
CertManager::~CertManager()
{
delete peerX509_;
mySTL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
mySTL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
mySTL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
}
bool CertManager::verifyPeer() const
{
return verifyPeer_;
}
bool CertManager::failNoCert() const
{
return failNoCert_;
}
bool CertManager::sendVerify() const
{
return sendVerify_;
}
void CertManager::setVerifyPeer()
{
verifyPeer_ = true;
}
void CertManager::setFailNoCert()
{
failNoCert_ = true;
}
void CertManager::setSendVerify()
{
sendVerify_ = true;
}
void CertManager::AddPeerCert(x509* x)
{
peerList_.push_back(x); // take ownership
}
void CertManager::CopySelfCert(const x509* x)
{
if (x)
list_.push_back(new (ys) x509(*x));
}
// add to signers
int CertManager::CopyCaCert(const x509* x)
{
TaoCrypt::Source source(x->get_buffer(), x->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_);
if (!cert.GetError().What()) {
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
signers_.push_back(new (ys) TaoCrypt::Signer(key.GetKey(), key.size(),
cert.GetCommonName(), cert.GetHash()));
}
return cert.GetError().What();
}
const x509* CertManager::get_cert() const
{
return list_.front();
}
const opaque* CertManager::get_peerKey() const
{
return peerPublicKey_.get_buffer();
}
X509* CertManager::get_peerX509() const
{
return peerX509_;
}
SignatureAlgorithm CertManager::get_peerKeyType() const
{
return peerKeyType_;
}
SignatureAlgorithm CertManager::get_keyType() const
{
return keyType_;
}
uint CertManager::get_peerKeyLength() const
{
return peerPublicKey_.get_size();
}
const opaque* CertManager::get_privateKey() const
{
return privateKey_.get_buffer();
}
uint CertManager::get_privateKeyLength() const
{
return privateKey_.get_size();
}
// Validate the peer's certificate list, from root to peer (last to first)
int CertManager::Validate()
{
CertList::iterator last = peerList_.rbegin(); // fix this
int count = peerList_.size();
while ( count > 1 ) {
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_);
if (int err = cert.GetError().What())
return err;
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
signers_.push_back(new (ys) TaoCrypt::Signer(key.GetKey(), key.size(),
cert.GetCommonName(), cert.GetHash()));
--last;
--count;
}
if (count) {
// peer's is at the front
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_);
if (int err = cert.GetError().What())
return err;
uint sz = cert.GetPublicKey().size();
peerPublicKey_.allocate(sz);
peerPublicKey_.assign(cert.GetPublicKey().GetKey(), sz);
if (cert.GetKeyType() == TaoCrypt::RSAk)
peerKeyType_ = rsa_sa_algo;
else
peerKeyType_ = dsa_sa_algo;
int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0;
int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0;
peerX509_ = new (ys) X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
sSz);
}
return 0;
}
// Set the private key
int CertManager::SetPrivateKey(const x509& key)
{
privateKey_.allocate(key.get_length());
privateKey_.assign(key.get_buffer(), key.get_length());
// set key type
if (x509* cert = list_.front()) {
TaoCrypt::Source source(cert->get_buffer(), cert->get_length());
TaoCrypt::CertDecoder cert(source, false);
cert.DecodeToKey();
if (int err = cert.GetError().What())
return err;
if (cert.GetKeyType() == TaoCrypt::RSAk)
keyType_ = rsa_sa_algo;
else
keyType_ = dsa_sa_algo;
}
return 0;
}
#if defined(USE_CML_LIB)
// Get the peer's certificate, extract and save public key
void CertManager::SetPeerKey()
{
// first cert is the peer's
x509* main = peerList_.front();
Bytes_struct cert;
cert.num = main->get_length();
cert.data = main->set_buffer();
CML::Certificate cm(cert);
const CML::ASN::Cert& raw = cm.base();
CTIL::CSM_Buffer key = raw.pubKeyInfo.key;
uint sz;
opaque* key_buffer = reinterpret_cast<opaque*>(key.Get(sz));
peerPublicKey_.allocate(sz);
peerPublicKey_.assign(key_buffer, sz);
}
#endif // USE_CML_LIB
} // namespace
--- New file ---
+++ extra/yassl/src/crypto_wrapper.cpp 05/04/28 18:23:09
/* crypto_wrapper.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The crypto wrapper source implements the policies for the cipher
* components used by SSL.
*
* The implementation relies on a specfic library, taoCrypt.
*/
#if !defined(USE_CRYPTOPP_LIB)
#include "runtime.hpp"
#include "crypto_wrapper.hpp"
#include "cert_wrapper.hpp"
#include "md5.hpp"
#include "sha.hpp"
#include "ripemd.hpp"
#include "hmac.hpp"
#include "modes.hpp"
#include "des.hpp"
#include "arc4.hpp"
#include "aes.hpp"
#include "rsa.hpp"
#include "dsa.hpp"
#include "dh.hpp"
#include "random.hpp"
#include "file.hpp"
#include "coding.hpp"
namespace yaSSL {
// MD5 Implementation
struct MD5::MD5Impl {
TaoCrypt::MD5 md5_;
MD5Impl() {}
explicit MD5Impl(const TaoCrypt::MD5& md5) : md5_(md5) {}
};
MD5::MD5() : pimpl_(new (ys) MD5Impl) {}
MD5::~MD5() { delete pimpl_; }
MD5::MD5(const MD5& that) : Digest(), pimpl_(new (ys)
MD5Impl(that.pimpl_->md5_)) {}
MD5& MD5::operator=(const MD5& that)
{
pimpl_->md5_ = that.pimpl_->md5_;
return *this;
}
uint MD5::get_digestSize() const
{
return MD5_LEN;
}
uint MD5::get_padSize() const
{
return PAD_MD5;
}
// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
void MD5::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->md5_.Update(in, sz);
pimpl_->md5_.Final(out);
}
// Fill out with MD5 digest from previous updates
void MD5::get_digest(byte* out)
{
pimpl_->md5_.Final(out);
}
// Update the current digest
void MD5::update(const byte* in, unsigned int sz)
{
pimpl_->md5_.Update(in, sz);
}
// SHA Implementation
struct SHA::SHAImpl {
TaoCrypt::SHA sha_;
SHAImpl() {}
explicit SHAImpl(const TaoCrypt::SHA& sha) : sha_(sha) {}
};
SHA::SHA() : pimpl_(new (ys) SHAImpl) {}
SHA::~SHA() { delete pimpl_; }
SHA::SHA(const SHA& that) : Digest(), pimpl_(new (ys)
SHAImpl(that.pimpl_->sha_)) {}
SHA& SHA::operator=(const SHA& that)
{
pimpl_->sha_ = that.pimpl_->sha_;
return *this;
}
uint SHA::get_digestSize() const
{
return SHA_LEN;
}
uint SHA::get_padSize() const
{
return PAD_SHA;
}
// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
void SHA::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->sha_.Update(in, sz);
pimpl_->sha_.Final(out);
}
// Fill out with SHA digest from previous updates
void SHA::get_digest(byte* out)
{
pimpl_->sha_.Final(out);
}
// Update the current digest
void SHA::update(const byte* in, unsigned int sz)
{
pimpl_->sha_.Update(in, sz);
}
// RMD-160 Implementation
struct RMD::RMDImpl {
TaoCrypt::RIPEMD160 rmd_;
RMDImpl() {}
explicit RMDImpl(const TaoCrypt::RIPEMD160& rmd) : rmd_(rmd) {}
};
RMD::RMD() : pimpl_(new (ys) RMDImpl) {}
RMD::~RMD() { delete pimpl_; }
RMD::RMD(const RMD& that) : Digest(), pimpl_(new (ys)
RMDImpl(that.pimpl_->rmd_)) {}
RMD& RMD::operator=(const RMD& that)
{
pimpl_->rmd_ = that.pimpl_->rmd_;
return *this;
}
uint RMD::get_digestSize() const
{
return RMD_LEN;
}
uint RMD::get_padSize() const
{
return PAD_RMD;
}
// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
void RMD::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->rmd_.Update(in, sz);
pimpl_->rmd_.Final(out);
}
// Fill out with RMD digest from previous updates
void RMD::get_digest(byte* out)
{
pimpl_->rmd_.Final(out);
}
// Update the current digest
void RMD::update(const byte* in, unsigned int sz)
{
pimpl_->rmd_.Update(in, sz);
}
// HMAC_MD5 Implementation
struct HMAC_MD5::HMAC_MD5Impl {
TaoCrypt::HMAC<TaoCrypt::MD5> mac_;
HMAC_MD5Impl() {}
};
HMAC_MD5::HMAC_MD5(const byte* secret, unsigned int len)
: pimpl_(new (ys) HMAC_MD5Impl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_MD5::~HMAC_MD5() { delete pimpl_; }
uint HMAC_MD5::get_digestSize() const
{
return MD5_LEN;
}
uint HMAC_MD5::get_padSize() const
{
return PAD_MD5;
}
// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
void HMAC_MD5::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with MD5 digest from previous updates
void HMAC_MD5::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_MD5::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
// HMAC_SHA Implementation
struct HMAC_SHA::HMAC_SHAImpl {
TaoCrypt::HMAC<TaoCrypt::SHA> mac_;
HMAC_SHAImpl() {}
};
HMAC_SHA::HMAC_SHA(const byte* secret, unsigned int len)
: pimpl_(new (ys) HMAC_SHAImpl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_SHA::~HMAC_SHA() { delete pimpl_; }
uint HMAC_SHA::get_digestSize() const
{
return SHA_LEN;
}
uint HMAC_SHA::get_padSize() const
{
return PAD_SHA;
}
// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
void HMAC_SHA::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with SHA digest from previous updates
void HMAC_SHA::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_SHA::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
// HMAC_RMD Implementation
struct HMAC_RMD::HMAC_RMDImpl {
TaoCrypt::HMAC<TaoCrypt::RIPEMD160> mac_;
HMAC_RMDImpl() {}
};
HMAC_RMD::HMAC_RMD(const byte* secret, unsigned int len)
: pimpl_(new (ys) HMAC_RMDImpl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_RMD::~HMAC_RMD() { delete pimpl_; }
uint HMAC_RMD::get_digestSize() const
{
return RMD_LEN;
}
uint HMAC_RMD::get_padSize() const
{
return PAD_RMD;
}
// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
void HMAC_RMD::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with RMD digest from previous updates
void HMAC_RMD::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_RMD::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
struct DES::DESImpl {
TaoCrypt::DES_CBC_Encryption encryption;
TaoCrypt::DES_CBC_Decryption decryption;
};
DES::DES() : pimpl_(new (ys) DESImpl) {}
DES::~DES() { delete pimpl_; }
void DES::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, DES_KEY_SZ, iv);
}
void DES::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, DES_KEY_SZ, iv);
}
// DES encrypt plain of length sz into cipher
void DES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// DES decrypt cipher of length sz into plain
void DES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
struct DES_EDE::DES_EDEImpl {
TaoCrypt::DES_EDE3_CBC_Encryption encryption;
TaoCrypt::DES_EDE3_CBC_Decryption decryption;
};
DES_EDE::DES_EDE() : pimpl_(new (ys) DES_EDEImpl) {}
DES_EDE::~DES_EDE() { delete pimpl_; }
void DES_EDE::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, DES_EDE_KEY_SZ, iv);
}
void DES_EDE::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, DES_EDE_KEY_SZ, iv);
}
// 3DES encrypt plain of length sz into cipher
void DES_EDE::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// 3DES decrypt cipher of length sz into plain
void DES_EDE::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
// Implementation of alledged RC4
struct RC4::RC4Impl {
TaoCrypt::ARC4::Encryption encryption;
TaoCrypt::ARC4::Decryption decryption;
};
RC4::RC4() : pimpl_(new (ys) RC4Impl) {}
RC4::~RC4() { delete pimpl_; }
void RC4::set_encryptKey(const byte* k, const byte*)
{
pimpl_->encryption.SetKey(k, RC4_KEY_SZ);
}
void RC4::set_decryptKey(const byte* k, const byte*)
{
pimpl_->decryption.SetKey(k, RC4_KEY_SZ);
}
// RC4 encrypt plain of length sz into cipher
void RC4::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// RC4 decrypt cipher of length sz into plain
void RC4::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
// Implementation of AES
struct AES::AESImpl {
TaoCrypt::AES_CBC_Encryption encryption;
TaoCrypt::AES_CBC_Decryption decryption;
unsigned int keySz_;
AESImpl(unsigned int ks) : keySz_(ks) {}
};
AES::AES(unsigned int ks) : pimpl_(new (ys) AESImpl(ks)) {}
AES::~AES() { delete pimpl_; }
int AES::get_keySize() const
{
return pimpl_->keySz_;
}
void AES::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, pimpl_->keySz_, iv);
}
void AES::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, pimpl_->keySz_, iv);
}
// AES encrypt plain of length sz into cipher
void AES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// AES decrypt cipher of length sz into plain
void AES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
struct RandomPool::RandomImpl {
TaoCrypt::RandomNumberGenerator RNG_;
};
RandomPool::RandomPool() : pimpl_(new (ys) RandomImpl) {}
RandomPool::~RandomPool() { delete pimpl_; }
int RandomPool::GetError() const
{
return pimpl_->RNG_.GetError();
}
void RandomPool::Fill(opaque* dst, uint sz) const
{
pimpl_->RNG_.GenerateBlock(dst, sz);
}
// Implementation of DSS Authentication
struct DSS::DSSImpl {
void SetPublic (const byte*, unsigned int);
void SetPrivate(const byte*, unsigned int);
TaoCrypt::DSA_PublicKey publicKey_;
TaoCrypt::DSA_PrivateKey privateKey_;
};
// Decode and store the public key
void DSS::DSSImpl::SetPublic(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
publicKey_.Initialize(source);
}
// Decode and store the public key
void DSS::DSSImpl::SetPrivate(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
privateKey_.Initialize(source);
publicKey_ = TaoCrypt::DSA_PublicKey(privateKey_);
}
// Set public or private key
DSS::DSS(const byte* key, unsigned int sz, bool publicKey)
: pimpl_(new (ys) DSSImpl)
{
if (publicKey)
pimpl_->SetPublic(key, sz);
else
pimpl_->SetPrivate(key, sz);
}
DSS::~DSS()
{
delete pimpl_;
}
uint DSS::get_signatureLength() const
{
return pimpl_->publicKey_.SignatureLength();
}
// DSS Sign message of length sz into sig
void DSS::sign(byte* sig, const byte* sha_digest, unsigned int /* shaSz */,
const RandomPool& random)
{
using namespace TaoCrypt;
DSA_Signer signer(pimpl_->privateKey_);
signer.Sign(sha_digest, sig, random.pimpl_->RNG_);
}
// DSS Verify message of length sz against sig, is it correct?
bool DSS::verify(const byte* sha_digest, unsigned int /* shaSz */,
const byte* sig, unsigned int /* sigSz */)
{
using namespace TaoCrypt;
DSA_Verifier ver(pimpl_->publicKey_);
return ver.Verify(sha_digest, sig);
}
// Implementation of RSA key interface
struct RSA::RSAImpl {
void SetPublic (const byte*, unsigned int);
void SetPrivate(const byte*, unsigned int);
TaoCrypt::RSA_PublicKey publicKey_;
TaoCrypt::RSA_PrivateKey privateKey_;
};
// Decode and store the public key
void RSA::RSAImpl::SetPublic(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
publicKey_.Initialize(source);
}
// Decode and store the private key
void RSA::RSAImpl::SetPrivate(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
privateKey_.Initialize(source);
publicKey_ = TaoCrypt::RSA_PublicKey(privateKey_);
}
// Set public or private key
RSA::RSA(const byte* key, unsigned int sz, bool publicKey)
: pimpl_(new (ys) RSAImpl)
{
if (publicKey)
pimpl_->SetPublic(key, sz);
else
pimpl_->SetPrivate(key, sz);
}
RSA::~RSA()
{
delete pimpl_;
}
// get cipher text length, varies on key size
unsigned int RSA::get_cipherLength() const
{
return pimpl_->publicKey_.FixedCiphertextLength();
}
// get signautre length, varies on key size
unsigned int RSA::get_signatureLength() const
{
return get_cipherLength();
}
// RSA Sign message of length sz into sig
void RSA::sign(byte* sig, const byte* message, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
dec.SSL_Sign(message, sz, sig, random.pimpl_->RNG_);
}
// RSA Verify message of length sz against sig
bool RSA::verify(const byte* message, unsigned int sz, const byte* sig,
unsigned int)
{
TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
return enc.SSL_Verify(message, sz, sig);
}
// RSA public encrypt plain of length sz into cipher
void RSA::encrypt(byte* cipher, const byte* plain, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
enc.Encrypt(plain, sz, cipher, random.pimpl_->RNG_);
}
// RSA private decrypt cipher of length sz into plain
void RSA::decrypt(byte* plain, const byte* cipher, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
dec.Decrypt(cipher, sz, plain, random.pimpl_->RNG_);
}
struct Integer::IntegerImpl {
TaoCrypt::Integer int_;
IntegerImpl() {}
explicit IntegerImpl(const TaoCrypt::Integer& i) : int_(i) {}
};
Integer::Integer() : pimpl_(new (ys) IntegerImpl) {}
Integer::~Integer() { delete pimpl_; }
Integer::Integer(const Integer& other) : pimpl_(new (ys)
IntegerImpl(other.pimpl_->int_))
{}
Integer& Integer::operator=(const Integer& that)
{
pimpl_->int_ = that.pimpl_->int_;
return *this;
}
void Integer::assign(const byte* num, unsigned int sz)
{
pimpl_->int_ = TaoCrypt::Integer(num, sz);
}
struct DiffieHellman::DHImpl {
TaoCrypt::DH dh_;
TaoCrypt::RandomNumberGenerator& ranPool_;
byte* publicKey_;
byte* privateKey_;
byte* agreedKey_;
DHImpl(TaoCrypt::RandomNumberGenerator& r) : ranPool_(r), publicKey_(0),
privateKey_(0), agreedKey_(0) {}
~DHImpl() {delete[] agreedKey_; delete[] privateKey_; delete[] publicKey_;}
DHImpl(const DHImpl& that) : dh_(that.dh_), ranPool_(that.ranPool_),
publicKey_(0), privateKey_(0), agreedKey_(0)
{
uint length = dh_.GetByteLength();
AllocKeys(length, length, length);
}
void AllocKeys(unsigned int pubSz, unsigned int privSz, unsigned int agrSz)
{
publicKey_ = new (ys) byte[pubSz];
privateKey_ = new (ys) byte[privSz];
agreedKey_ = new (ys) byte[agrSz];
}
};
/*
// server Side DH, server's view
DiffieHellman::DiffieHellman(const char* file, const RandomPool& random)
: pimpl_(new (ys) DHImpl(random.pimpl_->RNG_))
{
using namespace TaoCrypt;
Source source;
FileSource(file, source);
if (source.size() == 0)
return; // TODO add error state, and force check
HexDecoder hd(source);
pimpl_->dh_.Initialize(source);
uint length = pimpl_->dh_.GetByteLength();
pimpl_->AllocKeys(length, length, length);
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
*/
// server Side DH, client's view
DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g,
unsigned int gSz, const byte* pub,
unsigned int pubSz, const RandomPool& random)
: pimpl_(new (ys) DHImpl(random.pimpl_->RNG_))
{
using TaoCrypt::Integer;
pimpl_->dh_.Initialize(Integer(p, pSz).Ref(), Integer(g, gSz).Ref());
pimpl_->publicKey_ = new (ys) opaque[pubSz];
memcpy(pimpl_->publicKey_, pub, pubSz);
}
// Server Side DH, server's view
DiffieHellman::DiffieHellman(const Integer& p, const Integer& g,
const RandomPool& random)
: pimpl_(new (ys) DHImpl(random.pimpl_->RNG_))
{
using TaoCrypt::Integer;
pimpl_->dh_.Initialize(p.pimpl_->int_, g.pimpl_->int_);
uint length = pimpl_->dh_.GetByteLength();
pimpl_->AllocKeys(length, length, length);
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
DiffieHellman::~DiffieHellman() { delete pimpl_; }
// Client side and view, use server that for p and g
DiffieHellman::DiffieHellman(const DiffieHellman& that)
: pimpl_(new (ys) DHImpl(*that.pimpl_))
{
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
DiffieHellman& DiffieHellman::operator=(const DiffieHellman& that)
{
pimpl_->dh_ = that.pimpl_->dh_;
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
return *this;
}
void DiffieHellman::makeAgreement(const byte* other)
{
pimpl_->dh_.Agree(pimpl_->agreedKey_, pimpl_->privateKey_, other);
}
uint DiffieHellman::get_agreedKeyLength() const
{
return pimpl_->dh_.GetByteLength();
}
const byte* DiffieHellman::get_agreedKey() const
{
return pimpl_->agreedKey_;
}
const byte* DiffieHellman::get_publicKey() const
{
return pimpl_->publicKey_;
}
void DiffieHellman::set_sizes(int& pSz, int& gSz, int& pubSz) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
pSz = p.ByteCount();
gSz = g.ByteCount();
pubSz = pimpl_->dh_.GetByteLength();
}
void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
p.Encode(bp, p.ByteCount());
g.Encode(bg, g.ByteCount());
memcpy(bpub, pimpl_->publicKey_, pimpl_->dh_.GetByteLength());
}
// convert PEM file to DER x509 type
x509* PemToDer(const char* fname, CertType type)
{
using namespace TaoCrypt;
char header[80];
char footer[80];
if (type == Cert) {
strncpy(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
strncpy(footer, "-----END CERTIFICATE-----", sizeof(footer));
} else {
strncpy(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
strncpy(footer, "-----END RSA PRIVATE KEY-----", sizeof(header));
}
FILE* file = fopen(fname, "rb");
if (!file)
return 0;
long begin = -1;
long end = 0;
bool foundEnd = false;
char line[80];
while(fgets(line, sizeof(line), file))
if (strncmp(header, line, strlen(header)) == 0) {
begin = ftell(file);
break;
}
while(fgets(line, sizeof(line), file))
if (strncmp(footer, line, strlen(footer)) == 0) {
foundEnd = true;
break;
}
else
end = ftell(file);
if (begin == -1 || !foundEnd) {
fclose(file);
return 0;
}
input_buffer tmp(end - begin);
fseek(file, begin, SEEK_SET);
size_t bytes = fread(tmp.get_buffer(), end - begin, 1, file);
if (bytes != 1) {
fclose(file);
return 0;
}
Source der(tmp.get_buffer(), end - begin);
Base64Decoder b64Dec(der);
uint sz = der.size();
mySTL::auto_ptr<x509> x(new (ys) x509(sz));
memcpy(x->use_buffer(), der.get_buffer(), sz);
fclose(file);
return x.release();
}
} // namespace
#endif // !USE_CRYPTOPP_LIB
--- New file ---
+++ extra/yassl/src/handshake.cpp 05/04/28 18:23:10
/* handshake.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The handshake source implements functions for creating and reading
* the various handshake messages.
*/
#include "runtime.hpp"
#include "handshake.hpp"
#include "yassl_int.hpp"
namespace yaSSL {
using mySTL::min;
// Build a client hello message from cipher suites and compression method
void buildClientHello(SSL& ssl, ClientHello& hello,
CompressionMethod compression = no_compression)
{
ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
if (ssl.getSecurity().get_resuming()) {
hello.id_len_ = ID_LEN;
memcpy(hello.session_id_, ssl.getSecurity().get_resume().GetID(),
ID_LEN);
}
else
hello.id_len_ = 0;
hello.suite_len_ = ssl.getSecurity().get_parms().suites_size_;
memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
hello.suite_len_);
hello.comp_len_ = 1;
hello.compression_methods_ = compression;
hello.set_length(sizeof(ProtocolVersion) +
RAN_LEN +
hello.id_len_ + sizeof(hello.id_len_) +
hello.suite_len_ + sizeof(hello.suite_len_) +
hello.comp_len_ + sizeof(hello.comp_len_));
}
// Build a server hello message
void buildServerHello(SSL& ssl, ServerHello& hello)
{
if (ssl.getSecurity().get_resuming()) {
memcpy(hello.random_,ssl.getSecurity().get_connection().server_random_,
RAN_LEN);
memcpy(hello.session_id_, ssl.getSecurity().get_resume().GetID(),
ID_LEN);
}
else {
ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
ssl.getCrypto().get_random().Fill(hello.session_id_, ID_LEN);
}
hello.id_len_ = ID_LEN;
ssl.set_sessionID(hello.session_id_);
hello.cipher_suite_[0] = ssl.getSecurity().get_parms().suite_[0];
hello.cipher_suite_[1] = ssl.getSecurity().get_parms().suite_[1];
hello.compression_method_ = no_compression;
hello.set_length(sizeof(ProtocolVersion) + RAN_LEN + ID_LEN +
sizeof(hello.id_len_) + SUITE_LEN + SIZEOF_ENUM);
}
// add handshake from buffer into md5 and sha hashes, use handshake header
void hashHandShake(SSL& ssl, const input_buffer& input, uint sz)
{
const opaque* buffer = input.get_buffer() + input.get_current() -
HANDSHAKE_HEADER;
sz += HANDSHAKE_HEADER;
ssl.useHashes().use_MD5().update(buffer, sz);
ssl.useHashes().use_SHA().update(buffer, sz);
}
// locals
namespace {
// Write a plaintext record to buffer
void buildOutput(output_buffer& buffer, const RecordLayerHeader& rlHdr,
const Message& msg)
{
buffer.allocate(RECORD_HEADER + rlHdr.length_);
buffer << rlHdr << msg;
}
// Write a plaintext record to buffer
void buildOutput(output_buffer& buffer, const RecordLayerHeader& rlHdr,
const HandShakeHeader& hsHdr, const HandShakeBase& shake)
{
buffer.allocate(RECORD_HEADER + rlHdr.length_);
buffer << rlHdr << hsHdr << shake;
}
// Build Record Layer header for Message without handshake header
void buildHeader(SSL& ssl, RecordLayerHeader& rlHeader, const Message& msg)
{
ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
rlHeader.type_ = msg.get_type();
rlHeader.version_.major_ = pv.major_;
rlHeader.version_.minor_ = pv.minor_;
rlHeader.length_ = msg.get_length();
}
// Build HandShake and RecordLayer Headers for handshake output
void buildHeaders(SSL& ssl, HandShakeHeader& hsHeader,
RecordLayerHeader& rlHeader, const HandShakeBase& shake)
{
int sz = shake.get_length();
hsHeader.set_type(shake.get_type());
hsHeader.set_length(sz);
ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
rlHeader.type_ = handshake;
rlHeader.version_.major_ = pv.major_;
rlHeader.version_.minor_ = pv.minor_;
rlHeader.length_ = sz + HANDSHAKE_HEADER;
}
// add handshake from buffer into md5 and sha hashes, exclude record header
void hashHandShake(SSL& ssl, const output_buffer& output)
{
uint sz = output.get_size() - RECORD_HEADER;
const opaque* buffer = output.get_buffer() + RECORD_HEADER;
ssl.useHashes().use_MD5().update(buffer, sz);
ssl.useHashes().use_SHA().update(buffer, sz);
}
// calculate MD5 hash for finished
void buildMD5(SSL& ssl, Finished& fin, const opaque* sender)
{
opaque md5_result[MD5_LEN];
opaque md5_inner[SIZEOF_SENDER + SECRET_LEN + PAD_MD5];
opaque md5_outer[SECRET_LEN + PAD_MD5 + MD5_LEN];
const opaque* master_secret =
ssl.getSecurity().get_connection().master_secret_;
// make md5 inner
memcpy(md5_inner, sender, SIZEOF_SENDER);
memcpy(&md5_inner[SIZEOF_SENDER], master_secret, SECRET_LEN);
memcpy(&md5_inner[SIZEOF_SENDER + SECRET_LEN], PAD1, PAD_MD5);
ssl.useHashes().use_MD5().get_digest(md5_result, md5_inner,
sizeof(md5_inner));
// make md5 outer
memcpy(md5_outer, master_secret, SECRET_LEN);
memcpy(&md5_outer[SECRET_LEN], PAD2, PAD_MD5);
memcpy(&md5_outer[SECRET_LEN + PAD_MD5], md5_result, MD5_LEN);
ssl.useHashes().use_MD5().get_digest(fin.set_md5(), md5_outer,
sizeof(md5_outer));
}
// calculate SHA hash for finished
void buildSHA(SSL& ssl, Finished& fin, const opaque* sender)
{
opaque sha_result[SHA_LEN];
opaque sha_inner[SIZEOF_SENDER + SECRET_LEN + PAD_SHA];
opaque sha_outer[SECRET_LEN + PAD_SHA + SHA_LEN];
const opaque* master_secret =
ssl.getSecurity().get_connection().master_secret_;
// make sha inner
memcpy(sha_inner, sender, SIZEOF_SENDER);
memcpy(&sha_inner[SIZEOF_SENDER], master_secret, SECRET_LEN);
memcpy(&sha_inner[SIZEOF_SENDER + SECRET_LEN], PAD1, PAD_SHA);
ssl.useHashes().use_SHA().get_digest(sha_result, sha_inner,
sizeof(sha_inner));
// make sha outer
memcpy(sha_outer, master_secret, SECRET_LEN);
memcpy(&sha_outer[SECRET_LEN], PAD2, PAD_SHA);
memcpy(&sha_outer[SECRET_LEN + PAD_SHA], sha_result, SHA_LEN);
ssl.useHashes().use_SHA().get_digest(fin.set_sha(), sha_outer,
sizeof(sha_outer));
}
// decrypt input message in place, store size in case needed later
void decrypt_message(SSL& ssl, input_buffer& input, uint sz)
{
input_buffer plain(sz);
opaque* cipher = input.get_buffer() + input.get_current();
ssl.useCrypto().use_cipher().decrypt(plain.get_buffer(), cipher, sz);
memcpy(cipher, plain.get_buffer(), sz);
ssl.useSecurity().use_parms().encrypt_size_ = sz;
}
// write headers, handshake hash, mac, pad, and encrypt
void cipherFinished(SSL& ssl, Finished& fin, output_buffer& output)
{
uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
uint sz = RECORD_HEADER + HANDSHAKE_HEADER + finishedSz + digestSz;
uint pad = 0;
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
sz += 1; // pad byte
uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
}
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
buildHeaders(ssl, hsHeader, rlHeader, fin);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
output.allocate(sz);
output << rlHeader << hsHeader << fin;
hashHandShake(ssl, output);
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, handshake);
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, handshake);
output.write(digest, digestSz);
if (ssl.getSecurity().get_parms().cipher_type_ == block)
for (uint i = 0; i <= pad; i++) output[AUTO] = pad; // pad byte gets
// pad value too
input_buffer cipher(rlHeader.length_);
ssl.useCrypto().use_cipher().encrypt(cipher.get_buffer(),
output.get_buffer() + RECORD_HEADER, output.get_size() - RECORD_HEADER);
output.set_current(RECORD_HEADER);
output.write(cipher.get_buffer(), cipher.get_capacity());
}
// build an encrypted data or alert message for output
void buildMessage(SSL& ssl, output_buffer& output, const Message& msg)
{
uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
uint sz = RECORD_HEADER + msg.get_length() + digestSz;
uint pad = 0;
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
sz += 1; // pad byte
uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
}
RecordLayerHeader rlHeader;
buildHeader(ssl, rlHeader, msg);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
output.allocate(sz);
output << rlHeader << msg;
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, msg.get_type());
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, msg.get_type());
output.write(digest, digestSz);
if (ssl.getSecurity().get_parms().cipher_type_ == block)
for (uint i = 0; i <= pad; i++) output[AUTO] = pad; // pad byte gets
// pad value too
input_buffer cipher(rlHeader.length_);
ssl.useCrypto().use_cipher().encrypt(cipher.get_buffer(),
output.get_buffer() + RECORD_HEADER, output.get_size() - RECORD_HEADER);
output.set_current(RECORD_HEADER);
output.write(cipher.get_buffer(), cipher.get_capacity());
}
// build alert message
void buildAlert(SSL& ssl, output_buffer& output, const Alert& alert)
{
if (ssl.getSecurity().get_parms().pending_ == false) // encrypted
buildMessage(ssl, output, alert);
else {
RecordLayerHeader rlHeader;
buildHeader(ssl, rlHeader, alert);
buildOutput(output, rlHeader, alert);
}
}
// build TLS finished message
void buildFinishedTLS(SSL& ssl, Finished& fin, const opaque* sender)
{
opaque handshake_hash[FINISHED_SZ];
ssl.useHashes().use_MD5().get_digest(handshake_hash);
ssl.useHashes().use_SHA().get_digest(&handshake_hash[MD5_LEN]);
const opaque* side;
if ( strncmp((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
side = tls_client;
else
side = tls_server;
PRF(fin.set_md5(), TLS_FINISHED_SZ,
ssl.getSecurity().get_connection().master_secret_, SECRET_LEN,
side, FINISHED_LABEL_SZ,
handshake_hash, FINISHED_SZ);
fin.set_length(TLS_FINISHED_SZ); // shorter length for TLS
}
// compute p_hash for MD5 or SHA-1 for TLSv1 PRF
void p_hash(output_buffer& result, const output_buffer& secret,
const output_buffer& seed, MACAlgorithm hash)
{
uint len = hash == md5 ? MD5_LEN : SHA_LEN;
uint times = result.get_capacity() / len;
uint lastLen = result.get_capacity() % len;
opaque previous[SHA_LEN]; // max size
opaque current[SHA_LEN]; // max size
mySTL::auto_ptr<Digest> hmac;
if (lastLen) times += 1;
if (hash == md5)
hmac.reset(new (ys) HMAC_MD5(secret.get_buffer(), secret.get_size()));
else
hmac.reset(new (ys) HMAC_SHA(secret.get_buffer(), secret.get_size()));
// A0 = seed
hmac->get_digest(previous, seed.get_buffer(), seed.get_size());// A1
uint lastTime = times - 1;
for (uint i = 0; i < times; i++) {
hmac->update(previous, len);
hmac->get_digest(current, seed.get_buffer(), seed.get_size());
if (lastLen && (i == lastTime))
result.write(current, lastLen);
else {
result.write(current, len);
//memcpy(previous, current, len);
hmac->get_digest(previous, previous, len);
}
}
}
// calculate XOR for TLSv1 PRF
void get_xor(byte *digest, uint digLen, output_buffer& md5,
output_buffer& sha)
{
for (uint i = 0; i < digLen; i++)
digest[i] = md5[AUTO] ^ sha[AUTO];
}
// build MD5 part of certificate verify
void buildMD5_CertVerify(SSL& ssl, byte* digest)
{
opaque md5_result[MD5_LEN];
opaque md5_inner[SECRET_LEN + PAD_MD5];
opaque md5_outer[SECRET_LEN + PAD_MD5 + MD5_LEN];
const opaque* master_secret =
ssl.getSecurity().get_connection().master_secret_;
// make md5 inner
memcpy(md5_inner, master_secret, SECRET_LEN);
memcpy(&md5_inner[SECRET_LEN], PAD1, PAD_MD5);
ssl.useHashes().use_MD5().get_digest(md5_result, md5_inner,
sizeof(md5_inner));
// make md5 outer
memcpy(md5_outer, master_secret, SECRET_LEN);
memcpy(&md5_outer[SECRET_LEN], PAD2, PAD_MD5);
memcpy(&md5_outer[SECRET_LEN + PAD_MD5], md5_result, MD5_LEN);
ssl.useHashes().use_MD5().get_digest(digest, md5_outer, sizeof(md5_outer));
}
// build SHA part of certificate verify
void buildSHA_CertVerify(SSL& ssl, byte* digest)
{
opaque sha_result[SHA_LEN];
opaque sha_inner[SECRET_LEN + PAD_SHA];
opaque sha_outer[SECRET_LEN + PAD_SHA + SHA_LEN];
const opaque* master_secret =
ssl.getSecurity().get_connection().master_secret_;
// make sha inner
memcpy(sha_inner, master_secret, SECRET_LEN);
memcpy(&sha_inner[SECRET_LEN], PAD1, PAD_SHA);
ssl.useHashes().use_SHA().get_digest(sha_result, sha_inner,
sizeof(sha_inner));
// make sha outer
memcpy(sha_outer, master_secret, SECRET_LEN);
memcpy(&sha_outer[SECRET_LEN], PAD2, PAD_SHA);
memcpy(&sha_outer[SECRET_LEN + PAD_SHA], sha_result, SHA_LEN);
ssl.useHashes().use_SHA().get_digest(digest, sha_outer, sizeof(sha_outer));
}
} // namespace for locals
// some clients still send sslv2 client hello
void ProcessOldClientHello(input_buffer& input, SSL& ssl)
{
byte b0 = input[AUTO];
byte b1 = input[AUTO];
uint16 sz = ((b0 & 0x7f) << 8) | b1;
// hashHandShake manually
const opaque* buffer = input.get_buffer() + input.get_current();
ssl.useHashes().use_MD5().update(buffer, sz);
ssl.useHashes().use_SHA().update(buffer, sz);
b1 = input[AUTO]; // does this value mean client_hello?
ClientHello ch;
ch.client_version_.major_ = input[AUTO];
ch.client_version_.minor_ = input[AUTO];
byte len[2];
input.read(len, sizeof(len));
ato16(len, ch.suite_len_);
input.read(len, sizeof(len));
uint16 sessionLen;
ato16(len, sessionLen);
ch.id_len_ = sessionLen;
input.read(len, sizeof(len));
uint16 randomLen;
ato16(len, randomLen);
int j = 0;
for (uint16 i = 0; i < ch.suite_len_; i += 3) {
byte first = input[AUTO];
if (first) // sslv2 type
input.read(len, SUITE_LEN); // skip
else {
input.read(&ch.cipher_suites_[j], SUITE_LEN);
j += SUITE_LEN;
}
}
ch.suite_len_ = j;
if (ch.id_len_)
input.read(ch.session_id_, ch.id_len_);
if (randomLen < RAN_LEN)
memset(ch.random_, 0, RAN_LEN - randomLen);
input.read(&ch.random_[RAN_LEN - randomLen], randomLen);
ch.Process(input, ssl);
}
// Build a finished message, see 7.6.9
void buildFinished(SSL& ssl, Finished& fin, const opaque* sender)
{
// store current states, building requires get_digest which resets state
MD5 md5(ssl.getHashes().get_MD5());
SHA sha(ssl.getHashes().get_SHA());
if (ssl.isTLS())
buildFinishedTLS(ssl, fin, sender);
else {
buildMD5(ssl, fin, sender);
buildSHA(ssl, fin, sender);
}
// restore
ssl.useHashes().use_MD5() = md5;
ssl.useHashes().use_SHA() = sha;
}
/* compute SSLv3 HMAC into digest see
* buffer is of sz size and includes HandShake Header but not a Record Header
* verify means to check peers hmac
*/
void hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz,
ContentType content, bool verify)
{
Digest& mac = ssl.useCrypto().use_digest();
opaque inner[SHA_LEN + PAD_MD5 + SEQ_SZ + SIZEOF_ENUM + LENGTH_SZ];
opaque outer[SHA_LEN + PAD_MD5 + SHA_LEN];
opaque result[SHA_LEN]; // max possible sizes
uint digestSz = mac.get_digestSize(); // actual sizes
uint padSz = mac.get_padSize();
uint innerSz = digestSz + padSz + SEQ_SZ + SIZEOF_ENUM + LENGTH_SZ;
uint outerSz = digestSz + padSz + digestSz;
// data
const opaque* mac_secret = ssl.get_macSecret(verify);
opaque seq[SEQ_SZ] = { 0x00, 0x00, 0x00, 0x00 };
opaque length[LENGTH_SZ];
c16toa(sz, length);
c32toa(ssl.get_SEQIncrement(verify), &seq[sizeof(uint32)]);
// make inner
memcpy(inner, mac_secret, digestSz);
memcpy(&inner[digestSz], PAD1, padSz);
memcpy(&inner[digestSz + padSz], seq, SEQ_SZ);
inner[digestSz + padSz + SEQ_SZ] = content;
memcpy(&inner[digestSz + padSz + SEQ_SZ + SIZEOF_ENUM], length, LENGTH_SZ);
mac.update(inner, innerSz);
mac.get_digest(result, buffer, sz); // append content buffer
// make outer
memcpy(outer, mac_secret, digestSz);
memcpy(&outer[digestSz], PAD2, padSz);
memcpy(&outer[digestSz + padSz], result, digestSz);
mac.get_digest(digest, outer, outerSz);
}
// TLS type HAMC
void TLS_hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz,
ContentType content, bool verify)
{
mySTL::auto_ptr<Digest> hmac;
opaque seq[SEQ_SZ] = { 0x00, 0x00, 0x00, 0x00 };
opaque length[LENGTH_SZ];
opaque inner[SIZEOF_ENUM + VERSION_SZ + LENGTH_SZ]; // type + version + len
c16toa(sz, length);
c32toa(ssl.get_SEQIncrement(verify), &seq[sizeof(uint32)]);
MACAlgorithm algo = ssl.getSecurity().get_parms().mac_algorithm_;
if (algo == sha)
hmac.reset(new (ys) HMAC_SHA(ssl.get_macSecret(verify), SHA_LEN));
else if (algo == rmd)
hmac.reset(new (ys) HMAC_RMD(ssl.get_macSecret(verify), RMD_LEN));
else
hmac.reset(new (ys) HMAC_MD5(ssl.get_macSecret(verify), MD5_LEN));
hmac->update(seq, SEQ_SZ); // seq_num
inner[0] = content; // type
inner[SIZEOF_ENUM] = ssl.getSecurity().get_connection().version_.major_;
inner[SIZEOF_ENUM + SIZEOF_ENUM] =
ssl.getSecurity().get_connection().version_.minor_; // version
memcpy(&inner[SIZEOF_ENUM + VERSION_SZ], length, LENGTH_SZ); // length
hmac->update(inner, sizeof(inner));
hmac->get_digest(digest, buffer, sz); // content
}
// compute TLSv1 PRF (pseudo random function using HMAC)
void PRF(byte* digest, uint digLen, const byte* secret, uint secLen,
const byte* label, uint labLen, const byte* seed, uint seedLen)
{
uint half = secLen / 2 + secLen % 2;
output_buffer md5_half(half);
output_buffer sha_half(half);
output_buffer labelSeed(labLen + seedLen);
md5_half.write(secret, half);
sha_half.write(secret + half - secLen % 2, half);
labelSeed.write(label, labLen);
labelSeed.write(seed, seedLen);
output_buffer md5_result(digLen);
output_buffer sha_result(digLen);
p_hash(md5_result, md5_half, labelSeed, md5);
p_hash(sha_result, sha_half, labelSeed, sha);
md5_result.set_current(0);
sha_result.set_current(0);
get_xor(digest, digLen, md5_result, sha_result);
}
// build certificate hashes
void build_certHashes(SSL& ssl, Hashes& hashes)
{
// store current states, building requires get_digest which resets state
MD5 md5(ssl.getHashes().get_MD5());
SHA sha(ssl.getHashes().get_SHA());
if (ssl.isTLS()) {
ssl.useHashes().use_MD5().get_digest(hashes.md5_);
ssl.useHashes().use_SHA().get_digest(hashes.sha_);
}
else {
buildMD5_CertVerify(ssl, hashes.md5_);
buildSHA_CertVerify(ssl, hashes.sha_);
}
// restore
ssl.useHashes().use_MD5() = md5;
ssl.useHashes().use_SHA() = sha;
}
mySTL::auto_ptr<input_buffer> null_buffer;
// do process input requests
mySTL::auto_ptr<input_buffer>
DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
{
ssl.getSocket().wait(); // wait for input if blocking
uint ready = ssl.getSocket().get_ready();
if (!ready) return buffered;
// add buffered data if its there
uint buffSz = buffered.get() ? buffered.get()->get_size() : 0;
input_buffer buffer(buffSz + ready);
if (buffSz) {
buffer.assign(buffered.get()->get_buffer(), buffSz);
buffered = null_buffer;
}
// add new data
uint read = ssl.getSocket().receive(buffer.get_buffer() + buffSz, ready);
buffer.add_size(read);
uint offset = 0;
const MessageFactory& mf = ssl.getFactory().getMessage();
// old style sslv2 client hello?
if (ssl.getSecurity().get_parms().entity_ == server_end &&
ssl.getStates().getServer() == clientNull)
if (buffer.peek() != handshake)
ProcessOldClientHello(buffer, ssl);
while(!buffer.eof()) {
// each record
RecordLayerHeader hdr;
buffer >> hdr;
ssl.verifyState(hdr);
// make sure we have enough input in buffer to process this record
if (hdr.length_ > buffer.get_remaining()) {
uint sz = buffer.get_remaining() + RECORD_HEADER;
buffered.reset(new (ys) input_buffer(sz, buffer.get_buffer() +
buffer.get_current() - RECORD_HEADER, sz));
break;
}
while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
// each message in record
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
decrypt_message(ssl, buffer, hdr.length_);
mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
if (!msg.get()) {
ssl.SetError(factory_error);
return buffered = null_buffer;
}
buffer >> *msg;
msg->Process(buffer, ssl);
if (ssl.GetError()) return buffered = null_buffer;
}
offset += hdr.length_ + RECORD_HEADER;
}
return buffered; // done, don't call again
}
// process input requests
void processReply(SSL& ssl)
{
if (ssl.GetError()) return;
mySTL::auto_ptr<input_buffer> buffered;
for (;;) {
mySTL::auto_ptr<input_buffer> tmp = DoProcessReply(ssl, buffered);
if (tmp.get()) // had only part of a record's data, call again
buffered = tmp;
else
break;
}
}
// send client_hello, no buffering
void sendClientHello(SSL& ssl)
{
ssl.verifyState(serverNull);
if (ssl.GetError()) return;
ClientHello ch(ssl.getSecurity().get_connection().version_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
output_buffer out;
buildClientHello(ssl, ch);
ssl.set_random(ch.get_random(), client_end);
buildHeaders(ssl, hsHeader, rlHeader, ch);
buildOutput(out, rlHeader, hsHeader, ch);
hashHandShake(ssl, out);
ssl.Send(out.get_buffer(), out.get_size());
}
// send client key exchange
void sendClientKeyExchange(SSL& ssl, BufferOutput buffer)
{
ssl.verifyState(serverHelloDoneComplete);
if (ssl.GetError()) return;
ClientKeyExchange ck(ssl);
ck.build(ssl);
ssl.makeMasterSecret();
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, ck);
buildOutput(*out.get(), rlHeader, hsHeader, ck);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send server key exchange
void sendServerKeyExchange(SSL& ssl, BufferOutput buffer)
{
if (ssl.GetError()) return;
ServerKeyExchange sk(ssl);
sk.build(ssl);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, sk);
buildOutput(*out.get(), rlHeader, hsHeader, sk);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send change cipher
void sendChangeCipher(SSL& ssl, BufferOutput buffer)
{
if (ssl.getSecurity().get_parms().entity_ == server_end)
if (ssl.getSecurity().get_resuming())
ssl.verifyState(clientKeyExchangeComplete);
else
ssl.verifyState(clientFinishedComplete);
if (ssl.GetError()) return;
ChangeCipherSpec ccs;
RecordLayerHeader rlHeader;
buildHeader(ssl, rlHeader, ccs);
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildOutput(*out.get(), rlHeader, ccs);
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send finished
void sendFinished(SSL& ssl, ConnectionEnd side, BufferOutput buffer)
{
if (ssl.GetError()) return;
Finished fin;
buildFinished(ssl, fin, side == client_end ? client : server);
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
cipherFinished(ssl, fin, *out.get()); // hashes handshake
if (ssl.getSecurity().get_resuming()) {
if (side == server_end)
buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
}
else {
GetSessions().add(ssl); // store session
if (side == client_end)
buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
}
ssl.useSecurity().use_connection().CleanMaster();
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send data
int sendData(SSL& ssl, const void* buffer, int sz)
{
ssl.verfiyHandShakeComplete();
if (ssl.GetError()) return 0;
int sent = 0;
for (;;) {
int len = min(sz - sent, MAX_RECORD_SIZE);
output_buffer out;
const Data data(len, static_cast<const opaque*>(buffer) + sent);
buildMessage(ssl, out, data);
ssl.Send(out.get_buffer(), out.get_size());
if (ssl.GetError()) return 0;
sent += len;
if (sent == sz) break;
}
ssl.useLog().ShowData(sent, true);
return sent;
}
// send alert
int sendAlert(SSL& ssl, const Alert& alert)
{
output_buffer out;
buildAlert(ssl, out, alert);
ssl.Send(out.get_buffer(), out.get_size());
return alert.get_length();
}
// process input data
int receiveData(SSL& ssl, Data& data)
{
ssl.verfiyHandShakeComplete();
if (ssl.GetError()) return 0;
if (!ssl.bufferedData())
processReply(ssl);
ssl.fillData(data);
ssl.useLog().ShowData(data.get_length());
if (ssl.GetError()) return 0;
return data.get_length();
}
// send server hello
void sendServerHello(SSL& ssl, BufferOutput buffer)
{
if (ssl.getSecurity().get_resuming())
ssl.verifyState(clientKeyExchangeComplete);
else
ssl.verifyState(clientHelloComplete);
if (ssl.GetError()) return;
ServerHello sh(ssl.getSecurity().get_connection().version_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildServerHello(ssl, sh);
ssl.set_random(sh.get_random(), server_end);
buildHeaders(ssl, hsHeader, rlHeader, sh);
buildOutput(*out.get(), rlHeader, hsHeader, sh);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send server hello done
void sendServerHelloDone(SSL& ssl, BufferOutput buffer)
{
if (ssl.GetError()) return;
ServerHelloDone shd;
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, shd);
buildOutput(*out.get(), rlHeader, hsHeader, shd);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send certificate
void sendCertificate(SSL& ssl, BufferOutput buffer)
{
if (ssl.GetError()) return;
Certificate cert(ssl.getCrypto().get_certManager().get_cert());
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, cert);
buildOutput(*out.get(), rlHeader, hsHeader, cert);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send certificate request
void sendCertificateRequest(SSL& ssl, BufferOutput buffer)
{
if (ssl.GetError()) return;
CertificateRequest request;
request.Build();
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, request);
buildOutput(*out.get(), rlHeader, hsHeader, request);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
// send certificate verify
void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
{
if (ssl.GetError()) return;
CertificateVerify verify;
verify.Build(ssl);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, verify);
buildOutput(*out.get(), rlHeader, hsHeader, verify);
hashHandShake(ssl, *out.get());
if (buffer == buffered)
ssl.addBuffer(out.release());
else
ssl.Send(out->get_buffer(), out->get_size());
}
} // namespace
--- New file ---
+++ extra/yassl/src/lock.cpp 05/04/28 18:23:10
/* lock.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Locking functions
*/
#include "runtime.hpp"
#include "lock.hpp"
namespace yaSSL {
#ifdef MULTI_THREADED
#ifdef WIN32
Mutex::Mutex()
{
InitializeCriticalSection(&cs_);
}
Mutex::~Mutex()
{
DeleteCriticalSection(&cs_);
}
Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
{
EnterCriticalSection(&mutex_.cs_);
}
Mutex::Lock::~Lock()
{
LeaveCriticalSection(&mutex_.cs_);
}
#else // WIN32
Mutex::Mutex()
{
pthread_mutex_init(&mutex_, 0);
}
Mutex::~Mutex()
{
pthread_mutex_destroy(&mutex_);
}
Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
{
pthread_mutex_lock(&mutex_.mutex_);
}
Mutex::Lock::~Lock()
{
pthread_mutex_unlock(&mutex_.mutex_);
}
#endif // WIN32
#endif // MULTI_THREADED
} // namespace yaSSL
--- New file ---
+++ extra/yassl/src/log.cpp 05/04/28 18:23:10
/* log.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Debug logging functions
*/
#include "runtime.hpp"
#include "log.hpp"
#ifdef YASSL_LOG
#include <ctime>
#include <cstdio>
#include <cstring>
#endif
namespace yaSSL {
#ifdef YASSL_LOG
enum { MAX_MSG = 81 };
Log::Log(const char* str)
{
log_ = fopen(str, "w");
Trace("********** Logger Attached **********");
}
Log::~Log()
{
Trace("********** Logger Detached **********");
fclose(log_);
}
// Trace a message
void Log::Trace(const char* str)
{
if (!log_) return;
time_t clicks = time(0);
char timeStr[32];
// get rid of newline
strncpy(timeStr, ctime(&clicks), sizeof(timeStr));
unsigned int len = strlen(timeStr);
timeStr[len - 1] = 0;
char msg[MAX_MSG];
strncpy(msg, timeStr, sizeof(timeStr));
strncat(msg, ":", 1);
strncat(msg, str, MAX_MSG - sizeof(timeStr) - 2);
strncat(msg, "\n", 1);
msg[MAX_MSG - 1] = 0;
fputs(msg, log_);
}
#if defined(WIN32) || defined(__MACH__) || defined(__hpux__)
typedef int socklen_t;
#endif
// write tcp address
void Log::ShowTCP(socket_t fd, bool ended)
{
sockaddr_in peeraddr;
socklen_t len = sizeof(peeraddr);
if (getpeername(fd, (sockaddr*)&peeraddr, &len) != 0)
return;
const char* p = reinterpret_cast<const char*>(&peeraddr.sin_addr);
char msg[MAX_MSG];
char number[16];
if (ended)
strncpy(msg, "yaSSL conn DONE w/ peer ", 26);
else
strncpy(msg, "yaSSL conn BEGUN w/ peer ", 26);
for (int i = 0; i < 4; ++i) {
sprintf(number, "%u", static_cast<unsigned short>(p[i]));
strncat(msg, number, 8);
if (i < 3)
strncat(msg, ".", 1);
}
strncat(msg, " port ", 8);
sprintf(number, "%d", htons(peeraddr.sin_port));
strncat(msg, number, 8);
msg[MAX_MSG - 1] = 0;
Trace(msg);
}
// log processed data
void Log::ShowData(uint bytes, bool sent)
{
char msg[MAX_MSG];
char number[16];
if (sent)
strncpy(msg, "Sent ", 10);
else
strncpy(msg, "Received ", 10);
sprintf(number, "%u", bytes);
strncat(msg, number, 8);
strncat(msg, " bytes of application data", 27);
msg[MAX_MSG - 1] = 0;
Trace(msg);
}
#else // no YASSL_LOG
Log::Log(const char*) {}
Log::~Log() {}
void Log::Trace(const char*) {}
void Log::ShowTCP(socket_t, bool) {}
void Log::ShowData(uint, bool) {}
#endif // YASSL_LOG
} // namespace
--- New file ---
+++ extra/yassl/src/socket_wrapper.cpp 05/04/28 18:23:10
/* socket_wrapper.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The socket wrapper source implements a Socket class that hides the
* differences between Berkely style sockets and Windows sockets, allowing
* transparent TCP access.
*/
#include "runtime.hpp"
#include "socket_wrapper.hpp"
#include "yassl_error.hpp"
#ifndef WIN32
#include <errno.h>
#include <netdb.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <string.h>
#endif // WIN32
#ifdef __sun
#include <sys/filio.h>
#endif
#ifdef WIN32
const int SOCKET_EINVAL = WSAEINVAL;
const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK;
#else
const int SOCKET_EINVAL = EINVAL;
const int SOCKET_EWOULDBLOCK = EWOULDBLOCK;
#endif // WIN32
namespace yaSSL {
Socket::Socket(socket_t s)
: socket_(s)
{}
void Socket::set_fd(socket_t s)
{
socket_ = s;
}
socket_t Socket::get_fd() const
{
return socket_;
}
Socket::~Socket()
{
closeSocket();
}
void Socket::closeSocket()
{
if (socket_ != INVALID_SOCKET) {
#ifdef WIN32
closesocket(socket_);
#else
close(socket_);
#endif
socket_ = INVALID_SOCKET;
}
}
uint Socket::get_ready() const
{
unsigned long ready = 0;
#ifdef WIN32
ioctlsocket(socket_, FIONREAD, &ready);
#else
ioctl(socket_, FIONREAD, &ready);
#endif
return ready;
}
uint Socket::send(const byte* buf, unsigned int sz, int flags) const
{
assert(socket_ != INVALID_SOCKET);
int sent = ::send(socket_, reinterpret_cast<const char *>(buf), sz, flags);
if (sent == -1)
return 0;
return sent;
}
uint Socket::receive(byte* buf, unsigned int sz, int flags) const
{
assert(socket_ != INVALID_SOCKET);
int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags);
if (recvd == -1)
return 0;
return recvd;
}
// wait if blocking for input, or error
void Socket::wait() const
{
byte b;
receive(&b, 1, MSG_PEEK);
}
void Socket::shutDown(int how)
{
assert(socket_ != INVALID_SOCKET);
shutdown(socket_, how);
}
int Socket::get_lastError()
{
#ifdef WIN32
return WSAGetLastError();
#else
return errno;
#endif
}
void Socket::set_lastError(int errorCode)
{
#ifdef WIN32
WSASetLastError(errorCode);
#else
errno = errorCode;
#endif
}
} // namespace
--- New file ---
+++ extra/yassl/src/ssl.cpp 05/04/28 18:23:10
/* ssl.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* SSL source implements all openssl compatibility API functions
*
* TODO: notes are mostly api additions to allow compilation with mysql
* they don't affect normal modes but should be provided for completeness
* stunnel functions at end of file
*/
/* see man pages for function descriptions */
#include "runtime.hpp"
#include "openssl/ssl.h"
#include "handshake.hpp"
#include "yassl_int.hpp"
#include <cstdio>
namespace yaSSL {
using mySTL::min;
SSL_METHOD* SSLv3_method()
{
return SSLv3_client_method();
}
SSL_METHOD* SSLv3_server_method()
{
return new SSL_METHOD(server_end, ProtocolVersion(3,0));
}
SSL_METHOD* SSLv3_client_method()
{
return new SSL_METHOD(client_end, ProtocolVersion(3,0));
}
SSL_METHOD* TLSv1_server_method()
{
return new SSL_METHOD(server_end, ProtocolVersion(3,1));
}
SSL_METHOD* TLSv1_client_method()
{
return new SSL_METHOD(client_end, ProtocolVersion(3,1));
}
SSL_METHOD* SSLv23_server_method()
{
// compatibility only, no version 2 support
return SSLv3_server_method();
}
SSL_CTX* SSL_CTX_new(SSL_METHOD* method)
{
return new SSL_CTX(method);
}
void SSL_CTX_free(SSL_CTX* ctx)
{
delete ctx;
}
SSL* SSL_new(SSL_CTX* ctx)
{
return new SSL(ctx);
}
void SSL_free(SSL* ssl)
{
delete ssl;
}
int SSL_set_fd(SSL* ssl, int fd)
{
ssl->useSocket().set_fd(fd);
return SSL_SUCCESS;
}
int SSL_connect(SSL* ssl)
{
sendClientHello(*ssl);
processReply(*ssl);
if(ssl->getCrypto().get_certManager().sendVerify())
sendCertificate(*ssl);
if (!ssl->getSecurity().get_resuming())
sendClientKeyExchange(*ssl);
if(ssl->getCrypto().get_certManager().sendVerify())
sendCertificateVerify(*ssl);
sendChangeCipher(*ssl);
sendFinished(*ssl, client_end);
ssl->flushBuffer();
if (!ssl->getSecurity().get_resuming())
processReply(*ssl);
ssl->verifyState(serverFinishedComplete);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError())
return SSL_FATAL_ERROR;
return SSL_SUCCESS;
}
int SSL_write(SSL* ssl, const void* buffer, int sz)
{
return sendData(*ssl, buffer, sz);
}
int SSL_read(SSL* ssl, void* buffer, int sz)
{
Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
return receiveData(*ssl, data);
}
int SSL_accept(SSL* ssl)
{
processReply(*ssl);
sendServerHello(*ssl);
if (!ssl->getSecurity().get_resuming()) {
sendCertificate(*ssl);
if (ssl->getSecurity().get_connection().send_server_key_)
sendServerKeyExchange(*ssl);
if(ssl->getCrypto().get_certManager().verifyPeer())
sendCertificateRequest(*ssl);
sendServerHelloDone(*ssl);
ssl->flushBuffer();
processReply(*ssl);
}
sendChangeCipher(*ssl);
sendFinished(*ssl, server_end);
ssl->flushBuffer();
if (ssl->getSecurity().get_resuming())
processReply(*ssl);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError())
return SSL_FATAL_ERROR;
return SSL_SUCCESS;
}
int SSL_do_handshake(SSL* ssl)
{
if (ssl->getSecurity().get_parms().entity_ == client_end)
return SSL_connect(ssl);
else
return SSL_accept(ssl);
}
int SSL_clear(SSL* ssl)
{
ssl->useSocket().closeSocket();
return SSL_SUCCESS;
}
int SSL_shutdown(SSL* ssl)
{
Alert alert(warning, close_notify);
sendAlert(*ssl, alert);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
ssl->useSocket().closeSocket();
return SSL_SUCCESS;
}
SSL_SESSION* SSL_get_session(SSL* ssl)
{
return GetSessions().lookup(
ssl->getSecurity().get_connection().sessionID_);
}
int SSL_set_session(SSL* ssl, SSL_SESSION* session)
{
ssl->set_session(session);
return SSL_SUCCESS;
}
int SSL_session_reused(SSL* ssl)
{
return ssl->getSecurity().get_resuming();
}
long SSL_SESSION_set_timeout(SSL_SESSION* sess, long t)
{
if (!sess)
return SSL_ERROR_NONE;
sess->SetTimeOut(t);
return SSL_SUCCESS;
}
long SSL_get_default_timeout(SSL* /*ssl*/)
{
return DEFAULT_TIMEOUT;
}
const char* SSL_get_cipher_name(SSL* ssl)
{
return SSL_get_cipher(ssl);
}
const char* SSL_get_cipher(SSL* ssl)
{
return ssl->getSecurity().get_parms().cipher_name_;
}
// SSLv2 only, not implemented
char* SSL_get_shared_ciphers(SSL* /*ssl*/, char* buf, int len)
{
return strncpy(buf, "Not Implemented, SSLv2 only", len);
}
const char* SSL_get_cipher_list(SSL* ssl, int /*priority */)
{
return ssl->getSecurity().get_parms().cipher_list_;
}
int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list)
{
if (ctx->SetCipherList(list))
return SSL_SUCCESS;
else
return SSL_FAILURE;
}
const char* SSL_get_version(SSL* ssl)
{
static const char* version3 = "SSLv3";
static const char* version31 = "TLSv1";
return ssl->isTLS() ? version31 : version3;
}
const char* SSLeay_version(int)
{
static const char* version = "SSLeay yaSSL compatibility";
return version;
}
int SSL_get_error(SSL* ssl, int /*previous*/)
{
return ssl->getStates().What();
}
X509* SSL_get_peer_certificate(SSL* ssl)
{
return ssl->getCrypto().get_certManager().get_peerX509();
}
void X509_free(X509* /*x*/)
{
// peer cert set for deletion during destruction
// no need to delete now
}
X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX* ctx)
{
return ctx->current_cert;
}
int X509_STORE_CTX_get_error(X509_STORE_CTX* ctx)
{
return ctx->error;
}
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX* ctx)
{
return ctx->error_depth;
}
// copy name into buffer, at most sz bytes, if buffer is null
// will malloc buffer, caller responsible for freeing
char* X509_NAME_oneline(X509_NAME* name, char* buffer, int sz)
{
if (!name->GetName()) return buffer;
int len = strlen(name->GetName()) + 1;
int copySz = min(len, sz);
if (!buffer) {
buffer = (char*)malloc(len);
if (!buffer) return buffer;
copySz = len;
}
if (copySz == 0)
return buffer;
memcpy(buffer, name->GetName(), copySz - 1);
buffer[copySz - 1] = 0;
return buffer;
}
X509_NAME* X509_get_issuer_name(X509* x)
{
return x->GetIssuer();
}
X509_NAME* X509_get_subject_name(X509* x)
{
return x->GetSubject();
}
void SSL_load_error_strings() // compatibility only
{}
void SSL_set_connect_state(SSL*)
{
// already a client by default
}
void SSL_set_accept_state(SSL* ssl)
{
ssl->useSecurity().use_parms().entity_ = server_end;
}
long SSL_get_verify_result(SSL*)
{
// won't get here if not OK
return X509_V_OK;
}
long SSL_CTX_sess_set_cache_size(SSL_CTX* /*ctx*/, long /*sz*/)
{
// unlimited size, can't set for now
return 0;
}
long SSL_CTX_get_session_cache_mode(SSL_CTX*)
{
// always 0, unlimited size for now
return 0;
}
long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)
{
if (ctx->SetDH(*dh))
return SSL_SUCCESS;
else
return SSL_FAILURE;
}
int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
{
if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
return SSL_BAD_FILETYPE;
FILE* input = fopen(file, "rb");
if (!input)
return SSL_BAD_FILE;
if (type == CA) {
x509* ptr = PemToDer(file, Cert);
if (!ptr) {
fclose(input);
return SSL_BAD_FILE;
}
ctx->AddCA(ptr); // takes ownership
}
else {
x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
if (format == SSL_FILETYPE_ASN1) {
fseek(input, 0, SEEK_END);
long sz = ftell(input);
rewind(input);
x = new (ys) x509(sz); // takes ownership
size_t bytes = fread(x->use_buffer(), sz, 1, input);
if (bytes != 1) {
fclose(input);
return SSL_BAD_FILE;
}
}
else {
x = PemToDer(file, type);
if (!x) {
fclose(input);
return SSL_BAD_FILE;
}
}
}
fclose(input);
return SSL_SUCCESS;
}
int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
{
return read_file(ctx, file, format, Cert);
}
int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format)
{
return read_file(ctx, file, format, PrivateKey);
}
void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback /*vc*/)
{
if (mode & SSL_VERIFY_PEER)
ctx->setVerifyPeer();
if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ctx->setFailNoCert();
}
int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
const char* /*path*/)
{
// just files for now
return read_file(ctx, file, SSL_FILETYPE_PEM, CA);
}
int SSL_CTX_set_default_verify_paths(SSL_CTX* /*ctx*/)
{
// TODO: figure out way to set/store default path, then call load_verify
return SSL_NOT_IMPLEMENTED;
}
int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
unsigned int)
{
// No application specific context needed for yaSSL
return SSL_SUCCESS;
}
int SSL_CTX_check_private_key(SSL_CTX* /*ctx*/)
{
// TODO: check private against public for RSA match
return SSL_NOT_IMPLEMENTED;
}
// TODO: all session stats
long SSL_CTX_sess_accept(SSL_CTX* ctx)
{
return ctx->GetStats().accept_;
}
long SSL_CTX_sess_connect(SSL_CTX* ctx)
{
return ctx->GetStats().connect_;
}
long SSL_CTX_sess_accept_good(SSL_CTX* ctx)
{
return ctx->GetStats().acceptGood_;
}
long SSL_CTX_sess_connect_good(SSL_CTX* ctx)
{
return ctx->GetStats().connectGood_;
}
long SSL_CTX_sess_accept_renegotiate(SSL_CTX* ctx)
{
return ctx->GetStats().acceptRenegotiate_;
}
long SSL_CTX_sess_connect_renegotiate(SSL_CTX* ctx)
{
return ctx->GetStats().connectRenegotiate_;
}
long SSL_CTX_sess_hits(SSL_CTX* ctx)
{
return ctx->GetStats().hits_;
}
long SSL_CTX_sess_cb_hits(SSL_CTX* ctx)
{
return ctx->GetStats().cbHits_;
}
long SSL_CTX_sess_cache_full(SSL_CTX* ctx)
{
return ctx->GetStats().cacheFull_;
}
long SSL_CTX_sess_misses(SSL_CTX* ctx)
{
return ctx->GetStats().misses_;
}
long SSL_CTX_sess_timeouts(SSL_CTX* ctx)
{
return ctx->GetStats().timeouts_;
}
long SSL_CTX_sess_number(SSL_CTX* ctx)
{
return ctx->GetStats().number_;
}
long SSL_CTX_sess_get_cache_size(SSL_CTX* ctx)
{
return ctx->GetStats().getCacheSize_;
}
// end session stats TODO:
int SSL_CTX_get_verify_mode(SSL_CTX* ctx)
{
return ctx->GetStats().verifyMode_;
}
int SSL_get_verify_mode(SSL* ssl)
{
return ssl->getSecurity().GetContext()->GetStats().verifyMode_;
}
int SSL_CTX_get_verify_depth(SSL_CTX* ctx)
{
return ctx->GetStats().verifyDepth_;
}
int SSL_get_verify_depth(SSL* ssl)
{
return ssl->getSecurity().GetContext()->GetStats().verifyDepth_;
}
long SSL_CTX_set_options(SSL_CTX*, long)
{
// TDOD:
return SSL_SUCCESS;
}
void SSL_CTX_set_info_callback(SSL_CTX*, void (*)())
{
// TDOD:
}
void OpenSSL_add_all_algorithms() // compatibility only
{}
DH* DH_new(void)
{
DH* dh = new DH;
if (dh)
dh->p = dh->g = 0;
return dh;
}
void DH_free(DH* dh)
{
delete dh->g;
delete dh->p;
delete dh;
}
// convert positive big-endian num of length sz into retVal, which may need to
// be created
BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal)
{
using mySTL::auto_ptr;
bool created = false;
auto_ptr<BIGNUM> bn;
if (!retVal) {
created = true;
bn.reset(new (ys) BIGNUM);
retVal = bn.get();
}
retVal->assign(num, sz);
if (created)
return bn.release();
else
return retVal;
}
unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *)
{
//return SSL_NOT_IMPLEMENTED;
return 0;
}
void ERR_print_errors_fp(FILE* /*fp*/)
{
// need ssl access to implement TODO:
//fprintf(fp, "%s", ssl.get_states().errorString_.c_str());
}
char* ERR_error_string(unsigned long /*err*/, char* buffer)
{
// TODO:
static char* msg = "Not Implemented";
if (buffer)
return strncpy(buffer, msg, strlen(msg));
return msg;
}
const char* X509_verify_cert_error_string(long /* error */)
{
// TODO:
static const char* msg = "Not Implemented";
return msg;
}
const EVP_MD* EVP_md5(void)
{
// TODO: FIX add to some list for destruction
return new MD5;
}
const EVP_CIPHER* EVP_des_ede3_cbc(void)
{
// TODO: FIX add to some list for destruction
return new DES_EDE;
}
int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
const byte* data, int sz, int count, byte* key, byte* iv)
{
EVP_MD* myMD = const_cast<EVP_MD*>(md);
uint digestSz = myMD->get_digestSize();
byte digest[SHA_LEN]; // max size
int keyLen = type->get_keySize();
int ivLen = type->get_ivSize();
int keyLeft = keyLen;
int ivLeft = ivLen;
int keyOutput = 0;
while (keyOutput < (keyLen + ivLen)) {
int digestLeft = digestSz;
// D_(i - 1)
if (keyOutput) // first time D_0 is empty
myMD->update(digest, digestSz);
// data
myMD->update(data, sz);
// salt
if (salt)
myMD->update(salt, EVP_SALT_SZ);
myMD->get_digest(digest);
// count
for (int j = 1; j < count; j++) {
myMD->update(digest, digestSz);
myMD->get_digest(digest);
}
if (keyLeft) {
int store = min(keyLeft, static_cast<int>(digestSz));
memcpy(&key[keyLen - keyLeft], digest, store);
keyOutput += store;
keyLeft -= store;
digestLeft -= store;
}
if (ivLeft && digestLeft) {
int store = min(ivLeft, digestLeft);
memcpy(&iv[ivLen - ivLeft], digest, store);
keyOutput += store;
ivLeft -= store;
}
}
assert(keyOutput == (keyLen + ivLen));
return keyOutput;
}
void DES_set_key_unchecked(const_DES_cblock* key, DES_key_schedule* schedule)
{
memcpy(schedule, key, sizeof(const_DES_cblock));
}
void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
DES_key_schedule* ks1, DES_key_schedule* ks2,
DES_key_schedule* ks3, DES_cblock* ivec, int enc)
{
DES_EDE des;
byte key[DES_EDE_KEY_SZ];
memcpy(key, *ks1, DES_BLOCK);
memcpy(&key[DES_BLOCK], *ks2, DES_BLOCK);
memcpy(&key[DES_BLOCK * 2], *ks3, DES_BLOCK);
if (enc) {
des.set_encryptKey(key, *ivec);
des.encrypt(output, input, sz);
}
else {
des.set_decryptKey(key, *ivec);
des.decrypt(output, input, sz);
}
}
// functions for stunnel
void RAND_screen()
{
// TODO:
}
const char* RAND_file_name(char*, size_t)
{
// TODO:
return 0;
}
int RAND_write_file(const char*)
{
// TODO:
return 0;
}
int RAND_load_file(const char*, long)
{
// TODO:
return 0;
}
void RSA_free(RSA*)
{
// TODO:
}
RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*)
{
// TODO:
return 0;
}
int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long)
{
// TODO:
return SSL_SUCCESS;
}
int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long)
{
// TODO:
return SSL_SUCCESS;
}
X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void)
{
// TODO:
return 0;
}
X509_LOOKUP_METHOD* X509_LOOKUP_file(void)
{
// TODO:
return 0;
}
X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*)
{
// TODO:
return 0;
}
int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, X509_OBJECT*)
{
// TODO:
return SSL_SUCCESS;
}
X509_STORE* X509_STORE_new(void)
{
// TODO:
return 0;
}
char* SSL_alert_type_string_long(int)
{
// TODO:
return 0;
}
char* SSL_alert_desc_string_long(int)
{
// TODO:
return 0;
}
char* SSL_state_string_long(SSL*)
{
// TODO:
return 0;
}
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int))
{
// TDOD:
}
long SSL_CTX_set_session_cache_mode(SSL_CTX*, long)
{
// TDOD:
return SSL_SUCCESS;
}
long SSL_CTX_set_timeout(SSL_CTX*, long)
{
// TDOD:
return SSL_SUCCESS;
}
int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
{
// TDOD:
return SSL_SUCCESS;
}
void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb)
{
// TDOD:
}
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
{
// TDOD:
return SSL_SUCCESS;
}
int SSL_set_rfd(SSL*, int)
{
return SSL_SUCCESS; // TODO:
}
int SSL_set_wfd(SSL*, int)
{
return SSL_SUCCESS; // TODO:
}
int SSL_pending(SSL*)
{
return SSL_SUCCESS; // TODO:
}
int SSL_want_read(SSL*)
{
return 0; // TODO:
}
int SSL_want_write(SSL*)
{
return 0; // TODO:
}
void SSL_set_shutdown(SSL*, int)
{
// TODO:
}
SSL_CIPHER* SSL_get_current_cipher(SSL*)
{
// TODO:
return 0;
}
char* SSL_CIPHER_description(SSL_CIPHER*, char*, int)
{
// TODO:
return 0;
}
void SSLeay_add_ssl_algorithms() // compatibility only
{}
void ERR_remove_state(unsigned long)
{
// TODO:
}
int ERR_GET_REASON(int l)
{
return l & 0xfff;
}
unsigned long ERR_peek_error()
{
return 0; // TODO:
}
unsigned long ERR_get_error()
{
return ERR_peek_error();
}
// end stunnel needs
} // namespace
--- New file ---
+++ extra/yassl/src/timer.cpp 05/04/28 18:23:11
/* timer.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* timer.cpp implements a high res and low res timer
*
*/
#include "runtime.hpp"
#include "timer.hpp"
namespace yaSSL {
#ifdef WIN32
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
timer_d timer()
{
static bool init(false);
static LARGE_INTEGER freq;
if (!init) {
QueryPerformanceFrequency(&freq);
init = true;
}
LARGE_INTEGER count;
QueryPerformanceCounter(&count);
return static_cast<double>(count.QuadPart) / freq.QuadPart;
}
uint lowResTimer()
{
return static_cast<uint>(timer());
}
#else // WIN32
| Thread |
|---|
| • bk commit into 5.0 tree (svoj:1.1847) | svoj | 28 Apr |
