diff options
| author | unknown <msvensson@shellback.(none)> | 2006-04-27 17:35:29 +0200 |
|---|---|---|
| committer | unknown <msvensson@shellback.(none)> | 2006-04-27 17:35:29 +0200 |
| commit | 8d1230c6ad5e95771d5e141e03ee8d9b8ff1d39f (patch) | |
| tree | 351430ff19617a6fb1bf20f82fc7bbb668d4c6ba /extra/yassl/src | |
| parent | 66b56724ffb0a8265445b91f50724076cfdeebf2 (diff) | |
| parent | 1bdc15e10023f4d46c45517c61138fa721ee9ded (diff) | |
| download | mariadb-git-8d1230c6ad5e95771d5e141e03ee8d9b8ff1d39f.tar.gz | |
Merge shellback.(none):/home/msvensson/mysql/mysql-5.0
into shellback.(none):/home/msvensson/mysql/mysql-5.0-maint
client/mysql.cc:
Auto merged
configure.in:
Auto merged
extra/yassl/include/openssl/rsa.h:
Auto merged
extra/yassl/include/yassl_int.hpp:
Auto merged
extra/yassl/include/yassl_types.hpp:
Auto merged
extra/yassl/src/template_instnt.cpp:
Auto merged
extra/yassl/taocrypt/include/integer.hpp:
Auto merged
extra/yassl/taocrypt/include/misc.hpp:
Auto merged
extra/yassl/taocrypt/src/algebra.cpp:
Auto merged
extra/yassl/taocrypt/src/template_instnt.cpp:
Auto merged
mysql-test/t/disabled.def:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_base.cc:
Auto merged
sql/sql_parse.cc:
Auto merged
extra/yassl/include/openssl/ssl.h:
Manual merge
extra/yassl/src/handshake.cpp:
Manual merge
extra/yassl/src/yassl_int.cpp:
Manual merge
extra/yassl/taocrypt/include/runtime.hpp:
Manual merge
extra/yassl/taocrypt/src/integer.cpp:
Manual merge
mysql-test/mysql-test-run.pl:
Manual merge
mysql-test/r/trigger.result:
Manual merge
mysql-test/t/trigger.test:
Manual merge
Diffstat (limited to 'extra/yassl/src')
| -rw-r--r-- | extra/yassl/src/buffer.cpp | 15 | ||||
| -rw-r--r-- | extra/yassl/src/cert_wrapper.cpp | 34 | ||||
| -rw-r--r-- | extra/yassl/src/crypto_wrapper.cpp | 58 | ||||
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 48 | ||||
| -rw-r--r-- | extra/yassl/src/make.bat | 27 | ||||
| -rw-r--r-- | extra/yassl/src/socket_wrapper.cpp | 22 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 135 | ||||
| -rw-r--r-- | extra/yassl/src/template_instnt.cpp | 7 | ||||
| -rw-r--r-- | extra/yassl/src/timer.cpp | 12 | ||||
| -rw-r--r-- | extra/yassl/src/yassl.cpp | 244 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_error.cpp | 179 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 113 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 168 |
13 files changed, 819 insertions, 243 deletions
diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp index 56d355bea80..3bc6dced887 100644 --- a/extra/yassl/src/buffer.cpp +++ b/extra/yassl/src/buffer.cpp @@ -24,6 +24,7 @@ * with SSL types and sockets */ + #include <string.h> // memcpy #include "runtime.hpp" #include "buffer.hpp" @@ -63,13 +64,13 @@ input_buffer::input_buffer() input_buffer::input_buffer(uint s) - : size_(0), current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) {} // with assign input_buffer::input_buffer(uint s, const byte* t, uint len) - : size_(0), current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) { assign(t, len); } @@ -85,7 +86,7 @@ input_buffer::~input_buffer() void input_buffer::allocate(uint s) { assert(!buffer_); // find realloc error - buffer_ = new (ys) byte[s]; + buffer_ = NEW_YS byte[s]; end_ = buffer_ + s; } @@ -97,7 +98,7 @@ byte* input_buffer::get_buffer() const } -// after a raw write user can set new (ys) size +// after a raw write user can set NEW_YS size // if you know the size before the write use assign() void input_buffer::add_size(uint i) { @@ -199,13 +200,13 @@ output_buffer::output_buffer() // with allocate output_buffer::output_buffer(uint s) - : current_(0), buffer_(new (ys) byte[s]), end_(buffer_ + s) + : current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) {} // with assign output_buffer::output_buffer(uint s, const byte* t, uint len) - : current_(0), buffer_(new (ys) byte[s]), end_(buffer_+ s) + : current_(0), buffer_(NEW_YS byte[s]), end_(buffer_+ s) { write(t, len); } @@ -240,7 +241,7 @@ void output_buffer::set_current(uint c) void output_buffer::allocate(uint s) { assert(!buffer_); // find realloc error - buffer_ = new (ys) byte[s]; end_ = buffer_ + s; + buffer_ = NEW_YS byte[s]; end_ = buffer_ + s; } diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index a775c366a92..b98c7faf1d0 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -39,7 +39,7 @@ namespace yaSSL { -x509::x509(uint sz) : length_(sz), buffer_(new (ys) opaque[sz]) +x509::x509(uint sz) : length_(sz), buffer_(NEW_YS opaque[sz]) { } @@ -51,7 +51,7 @@ x509::~x509() x509::x509(const x509& that) : length_(that.length_), - buffer_(new (ys) opaque[length_]) + buffer_(NEW_YS opaque[length_]) { memcpy(buffer_, that.buffer_, length_); } @@ -92,7 +92,8 @@ opaque* x509::use_buffer() //CertManager CertManager::CertManager() - : peerX509_(0), verifyPeer_(false), failNoCert_(false), sendVerify_(false) + : peerX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false), + sendVerify_(false) {} @@ -114,6 +115,12 @@ bool CertManager::verifyPeer() const } +bool CertManager::verifyNone() const +{ + return verifyNone_; +} + + bool CertManager::failNoCert() const { return failNoCert_; @@ -132,6 +139,12 @@ void CertManager::setVerifyPeer() } +void CertManager::setVerifyNone() +{ + verifyNone_ = true; +} + + void CertManager::setFailNoCert() { failNoCert_ = true; @@ -153,7 +166,7 @@ void CertManager::AddPeerCert(x509* x) void CertManager::CopySelfCert(const x509* x) { if (x) - list_.push_back(new (ys) x509(*x)); + list_.push_back(NEW_YS x509(*x)); } @@ -161,11 +174,12 @@ void CertManager::CopySelfCert(const x509* x) int CertManager::CopyCaCert(const x509* x) { TaoCrypt::Source source(x->get_buffer(), x->get_length()); - TaoCrypt::CertDecoder cert(source, true, &signers_); + TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_, + TaoCrypt::CertDecoder::CA); if (!cert.GetError().What()) { const TaoCrypt::PublicKey& key = cert.GetPublicKey(); - signers_.push_back(new (ys) TaoCrypt::Signer(key.GetKey(), key.size(), + signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(), cert.GetCommonName(), cert.GetHash())); } return cert.GetError().What(); @@ -228,13 +242,13 @@ int CertManager::Validate() while ( count > 1 ) { TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length()); - TaoCrypt::CertDecoder cert(source, true, &signers_); + TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_); if (int err = cert.GetError().What()) return err; const TaoCrypt::PublicKey& key = cert.GetPublicKey(); - signers_.push_back(new (ys) TaoCrypt::Signer(key.GetKey(), key.size(), + signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(), cert.GetCommonName(), cert.GetHash())); --last; --count; @@ -243,7 +257,7 @@ int CertManager::Validate() if (count) { // peer's is at the front TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length()); - TaoCrypt::CertDecoder cert(source, true, &signers_); + TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_); if (int err = cert.GetError().What()) return err; @@ -259,7 +273,7 @@ int CertManager::Validate() int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0; int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0; - peerX509_ = new (ys) X509(cert.GetIssuer(), iSz, cert.GetCommonName(), + peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), sSz); } return 0; diff --git a/extra/yassl/src/crypto_wrapper.cpp b/extra/yassl/src/crypto_wrapper.cpp index 80cadd3d722..8859fbdd70f 100644 --- a/extra/yassl/src/crypto_wrapper.cpp +++ b/extra/yassl/src/crypto_wrapper.cpp @@ -58,13 +58,13 @@ struct MD5::MD5Impl { }; -MD5::MD5() : pimpl_(new (ys) MD5Impl) {} +MD5::MD5() : pimpl_(NEW_YS MD5Impl) {} MD5::~MD5() { ysDelete(pimpl_); } -MD5::MD5(const MD5& that) : Digest(), pimpl_(new (ys) +MD5::MD5(const MD5& that) : Digest(), pimpl_(NEW_YS MD5Impl(that.pimpl_->md5_)) {} @@ -116,13 +116,13 @@ struct SHA::SHAImpl { }; -SHA::SHA() : pimpl_(new (ys) SHAImpl) {} +SHA::SHA() : pimpl_(NEW_YS SHAImpl) {} SHA::~SHA() { ysDelete(pimpl_); } -SHA::SHA(const SHA& that) : Digest(), pimpl_(new (ys) SHAImpl(that.pimpl_->sha_)) {} +SHA::SHA(const SHA& that) : Digest(), pimpl_(NEW_YS SHAImpl(that.pimpl_->sha_)) {} SHA& SHA::operator=(const SHA& that) { @@ -173,13 +173,13 @@ struct RMD::RMDImpl { }; -RMD::RMD() : pimpl_(new (ys) RMDImpl) {} +RMD::RMD() : pimpl_(NEW_YS RMDImpl) {} RMD::~RMD() { ysDelete(pimpl_); } -RMD::RMD(const RMD& that) : Digest(), pimpl_(new (ys) RMDImpl(that.pimpl_->rmd_)) {} +RMD::RMD(const RMD& that) : Digest(), pimpl_(NEW_YS RMDImpl(that.pimpl_->rmd_)) {} RMD& RMD::operator=(const RMD& that) { @@ -230,7 +230,7 @@ struct HMAC_MD5::HMAC_MD5Impl { HMAC_MD5::HMAC_MD5(const byte* secret, unsigned int len) - : pimpl_(new (ys) HMAC_MD5Impl) + : pimpl_(NEW_YS HMAC_MD5Impl) { pimpl_->mac_.SetKey(secret, len); } @@ -280,7 +280,7 @@ struct HMAC_SHA::HMAC_SHAImpl { HMAC_SHA::HMAC_SHA(const byte* secret, unsigned int len) - : pimpl_(new (ys) HMAC_SHAImpl) + : pimpl_(NEW_YS HMAC_SHAImpl) { pimpl_->mac_.SetKey(secret, len); } @@ -331,7 +331,7 @@ struct HMAC_RMD::HMAC_RMDImpl { HMAC_RMD::HMAC_RMD(const byte* secret, unsigned int len) - : pimpl_(new (ys) HMAC_RMDImpl) + : pimpl_(NEW_YS HMAC_RMDImpl) { pimpl_->mac_.SetKey(secret, len); } @@ -379,7 +379,7 @@ struct DES::DESImpl { }; -DES::DES() : pimpl_(new (ys) DESImpl) {} +DES::DES() : pimpl_(NEW_YS DESImpl) {} DES::~DES() { ysDelete(pimpl_); } @@ -415,7 +415,7 @@ struct DES_EDE::DES_EDEImpl { }; -DES_EDE::DES_EDE() : pimpl_(new (ys) DES_EDEImpl) {} +DES_EDE::DES_EDE() : pimpl_(NEW_YS DES_EDEImpl) {} DES_EDE::~DES_EDE() { ysDelete(pimpl_); } @@ -453,7 +453,7 @@ struct RC4::RC4Impl { }; -RC4::RC4() : pimpl_(new (ys) RC4Impl) {} +RC4::RC4() : pimpl_(NEW_YS RC4Impl) {} RC4::~RC4() { ysDelete(pimpl_); } @@ -495,7 +495,7 @@ struct AES::AESImpl { }; -AES::AES(unsigned int ks) : pimpl_(new (ys) AESImpl(ks)) {} +AES::AES(unsigned int ks) : pimpl_(NEW_YS AESImpl(ks)) {} AES::~AES() { ysDelete(pimpl_); } @@ -536,7 +536,7 @@ struct RandomPool::RandomImpl { TaoCrypt::RandomNumberGenerator RNG_; }; -RandomPool::RandomPool() : pimpl_(new (ys) RandomImpl) {} +RandomPool::RandomPool() : pimpl_(NEW_YS RandomImpl) {} RandomPool::~RandomPool() { ysDelete(pimpl_); } @@ -580,7 +580,7 @@ void DSS::DSSImpl::SetPrivate(const byte* key, unsigned int sz) // Set public or private key DSS::DSS(const byte* key, unsigned int sz, bool publicKey) - : pimpl_(new (ys) DSSImpl) + : pimpl_(NEW_YS DSSImpl) { if (publicKey) pimpl_->SetPublic(key, sz); @@ -651,7 +651,7 @@ void RSA::RSAImpl::SetPrivate(const byte* key, unsigned int sz) // Set public or private key RSA::RSA(const byte* key, unsigned int sz, bool publicKey) - : pimpl_(new (ys) RSAImpl) + : pimpl_(NEW_YS RSAImpl) { if (publicKey) pimpl_->SetPublic(key, sz); @@ -723,13 +723,13 @@ struct Integer::IntegerImpl { explicit IntegerImpl(const TaoCrypt::Integer& i) : int_(i) {} }; -Integer::Integer() : pimpl_(new (ys) IntegerImpl) {} +Integer::Integer() : pimpl_(NEW_YS IntegerImpl) {} Integer::~Integer() { ysDelete(pimpl_); } -Integer::Integer(const Integer& other) : pimpl_(new (ys) +Integer::Integer(const Integer& other) : pimpl_(NEW_YS IntegerImpl(other.pimpl_->int_)) {} @@ -773,9 +773,9 @@ struct DiffieHellman::DHImpl { void AllocKeys(unsigned int pubSz, unsigned int privSz, unsigned int agrSz) { - publicKey_ = new (ys) byte[pubSz]; - privateKey_ = new (ys) byte[privSz]; - agreedKey_ = new (ys) byte[agrSz]; + publicKey_ = NEW_YS byte[pubSz]; + privateKey_ = NEW_YS byte[privSz]; + agreedKey_ = NEW_YS byte[agrSz]; } }; @@ -784,7 +784,7 @@ struct DiffieHellman::DHImpl { /* // server Side DH, server's view DiffieHellman::DiffieHellman(const char* file, const RandomPool& random) - : pimpl_(new (ys) DHImpl(random.pimpl_->RNG_)) + : pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_)) { using namespace TaoCrypt; Source source; @@ -808,12 +808,12 @@ DiffieHellman::DiffieHellman(const char* file, const RandomPool& random) DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g, unsigned int gSz, const byte* pub, unsigned int pubSz, const RandomPool& random) - : pimpl_(new (ys) DHImpl(random.pimpl_->RNG_)) + : pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_)) { using TaoCrypt::Integer; pimpl_->dh_.Initialize(Integer(p, pSz).Ref(), Integer(g, gSz).Ref()); - pimpl_->publicKey_ = new (ys) opaque[pubSz]; + pimpl_->publicKey_ = NEW_YS opaque[pubSz]; memcpy(pimpl_->publicKey_, pub, pubSz); } @@ -821,7 +821,7 @@ DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g, // Server Side DH, server's view DiffieHellman::DiffieHellman(const Integer& p, const Integer& g, const RandomPool& random) -: pimpl_(new (ys) DHImpl(random.pimpl_->RNG_)) +: pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_)) { using TaoCrypt::Integer; @@ -839,7 +839,7 @@ DiffieHellman::~DiffieHellman() { ysDelete(pimpl_); } // Client side and view, use server that for p and g DiffieHellman::DiffieHellman(const DiffieHellman& that) - : pimpl_(new (ys) DHImpl(*that.pimpl_)) + : pimpl_(NEW_YS DHImpl(*that.pimpl_)) { pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_, pimpl_->publicKey_); @@ -855,9 +855,9 @@ DiffieHellman& DiffieHellman::operator=(const DiffieHellman& that) } -void DiffieHellman::makeAgreement(const byte* other) +void DiffieHellman::makeAgreement(const byte* other, unsigned int otherSz) { - pimpl_->dh_.Agree(pimpl_->agreedKey_, pimpl_->privateKey_, other); + pimpl_->dh_.Agree(pimpl_->agreedKey_, pimpl_->privateKey_, other, otherSz); } @@ -960,7 +960,7 @@ x509* PemToDer(const char* fname, CertType type) Base64Decoder b64Dec(der); uint sz = der.size(); - mySTL::auto_ptr<x509> x(new (ys) x509(sz), ysDelete); + mySTL::auto_ptr<x509> x(NEW_YS x509(sz), ysDelete); memcpy(x->use_buffer(), der.get_buffer(), sz); fclose(file); diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index 16c9bde2003..2603365e41a 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -24,6 +24,8 @@ * the various handshake messages. */ + + #include "runtime.hpp" #include "handshake.hpp" #include "yassl_int.hpp" @@ -362,9 +364,9 @@ void p_hash(output_buffer& result, const output_buffer& secret, if (lastLen) times += 1; if (hash == md5) - hmac.reset(new (ys) HMAC_MD5(secret.get_buffer(), secret.get_size())); + hmac.reset(NEW_YS HMAC_MD5(secret.get_buffer(), secret.get_size())); else - hmac.reset(new (ys) HMAC_SHA(secret.get_buffer(), secret.get_size())); + hmac.reset(NEW_YS HMAC_SHA(secret.get_buffer(), secret.get_size())); // A0 = seed hmac->get_digest(previous, seed.get_buffer(), seed.get_size());// A1 uint lastTime = times - 1; @@ -582,11 +584,11 @@ void TLS_hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz, MACAlgorithm algo = ssl.getSecurity().get_parms().mac_algorithm_; if (algo == sha) - hmac.reset(new (ys) HMAC_SHA(ssl.get_macSecret(verify), SHA_LEN)); + hmac.reset(NEW_YS HMAC_SHA(ssl.get_macSecret(verify), SHA_LEN)); else if (algo == rmd) - hmac.reset(new (ys) HMAC_RMD(ssl.get_macSecret(verify), RMD_LEN)); + hmac.reset(NEW_YS HMAC_RMD(ssl.get_macSecret(verify), RMD_LEN)); else - hmac.reset(new (ys) HMAC_MD5(ssl.get_macSecret(verify), MD5_LEN)); + hmac.reset(NEW_YS HMAC_MD5(ssl.get_macSecret(verify), MD5_LEN)); hmac->update(seq, SEQ_SZ); // seq_num inner[0] = content; // type @@ -603,7 +605,7 @@ void TLS_hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz, void PRF(byte* digest, uint digLen, const byte* secret, uint secLen, const byte* label, uint labLen, const byte* seed, uint seedLen) { - uint half = secLen / 2 + secLen % 2; + uint half = (secLen + 1) / 2; output_buffer md5_half(half); output_buffer sha_half(half); @@ -648,18 +650,19 @@ void build_certHashes(SSL& ssl, Hashes& hashes) } + // do process input requests mySTL::auto_ptr<input_buffer> DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered) { - ssl.getSocket().wait(); // wait for input if blocking - uint ready = ssl.getSocket().get_ready(); - if (!ready) { - // Nothing to receive after blocking wait => error + // wait for input if blocking + if (!ssl.getSocket().wait()) { ssl.SetError(receive_error); - buffered.reset(0); - return buffered; + buffered.reset(0); + return buffered; } + uint ready = ssl.getSocket().get_ready(); + if (!ready) return buffered; // add buffered data if its there uint buffSz = buffered.get() ? buffered.get()->get_size() : 0; @@ -690,7 +693,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered) // make sure we have enough input in buffer to process this record if (hdr.length_ > buffer.get_remaining()) { uint sz = buffer.get_remaining() + RECORD_HEADER; - buffered.reset(new (ys) input_buffer(sz, buffer.get_buffer() + + buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() + buffer.get_current() - RECORD_HEADER, sz)); break; } @@ -730,6 +733,7 @@ void processReply(SSL& ssl) buffered = tmp; else break; + if (ssl.GetError()) return; } } @@ -767,7 +771,7 @@ void sendClientKeyExchange(SSL& ssl, BufferOutput buffer) RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, ck); buildOutput(*out.get(), rlHeader, hsHeader, ck); hashHandShake(ssl, *out.get()); @@ -788,7 +792,7 @@ void sendServerKeyExchange(SSL& ssl, BufferOutput buffer) RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, sk); buildOutput(*out.get(), rlHeader, hsHeader, sk); hashHandShake(ssl, *out.get()); @@ -813,7 +817,7 @@ void sendChangeCipher(SSL& ssl, BufferOutput buffer) ChangeCipherSpec ccs; RecordLayerHeader rlHeader; buildHeader(ssl, rlHeader, ccs); - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildOutput(*out.get(), rlHeader, ccs); if (buffer == buffered) @@ -830,7 +834,7 @@ void sendFinished(SSL& ssl, ConnectionEnd side, BufferOutput buffer) Finished fin; buildFinished(ssl, fin, side == client_end ? client : server); - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); cipherFinished(ssl, fin, *out.get()); // hashes handshake if (ssl.getSecurity().get_resuming()) { @@ -914,7 +918,7 @@ void sendServerHello(SSL& ssl, BufferOutput buffer) ServerHello sh(ssl.getSecurity().get_connection().version_); RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildServerHello(ssl, sh); ssl.set_random(sh.get_random(), server_end); @@ -937,7 +941,7 @@ void sendServerHelloDone(SSL& ssl, BufferOutput buffer) ServerHelloDone shd; RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, shd); buildOutput(*out.get(), rlHeader, hsHeader, shd); @@ -958,7 +962,7 @@ void sendCertificate(SSL& ssl, BufferOutput buffer) Certificate cert(ssl.getCrypto().get_certManager().get_cert()); RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, cert); buildOutput(*out.get(), rlHeader, hsHeader, cert); @@ -980,7 +984,7 @@ void sendCertificateRequest(SSL& ssl, BufferOutput buffer) request.Build(); RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, request); buildOutput(*out.get(), rlHeader, hsHeader, request); @@ -1002,7 +1006,7 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer) verify.Build(ssl); RecordLayerHeader rlHeader; HandShakeHeader hsHeader; - mySTL::auto_ptr<output_buffer> out(new (ys) output_buffer, ysDelete); + mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete); buildHeaders(ssl, hsHeader, rlHeader, verify); buildOutput(*out.get(), rlHeader, hsHeader, verify); diff --git a/extra/yassl/src/make.bat b/extra/yassl/src/make.bat new file mode 100644 index 00000000000..4c79a9c6406 --- /dev/null +++ b/extra/yassl/src/make.bat @@ -0,0 +1,27 @@ +# quick and dirty build file for testing different MSDEVs +setlocal + +set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI + +cl %myFLAGS% buffer.cpp +cl %myFLAGS% cert_wrapper.cpp +cl %myFLAGS% crypto_wrapper.cpp +cl %myFLAGS% handshake.cpp + +cl %myFLAGS% lock.cpp +cl %myFLAGS% log.cpp +cl %myFLAGS% socket_wrapper.cpp +cl %myFLAGS% ssl.cpp + +cl %myFLAGS% template_instnt.cpp +cl %myFLAGS% timer.cpp +cl %myFLAGS% yassl.cpp +cl %myFLAGS% yassl_error.cpp + +cl %myFLAGS% yassl_imp.cpp +cl %myFLAGS% yassl_int.cpp + +link.exe -lib /out:yassl.lib buffer.obj cert_wrapper.obj crypto_wrapper.obj handshake.obj lock.obj log.obj socket_wrapper.obj ssl.obj template_instnt.obj timer.obj yassl.obj yassl_error.obj yassl_imp.obj yassl_int.obj + + + diff --git a/extra/yassl/src/socket_wrapper.cpp b/extra/yassl/src/socket_wrapper.cpp index 285e0dee2e5..c6611803421 100644 --- a/extra/yassl/src/socket_wrapper.cpp +++ b/extra/yassl/src/socket_wrapper.cpp @@ -46,9 +46,11 @@ #ifdef _WIN32 const int SOCKET_EINVAL = WSAEINVAL; const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK; + const int SOCKET_EAGAIN = WSAEWOULDBLOCK; #else const int SOCKET_EINVAL = EINVAL; const int SOCKET_EWOULDBLOCK = EWOULDBLOCK; + const int SOCKET_EAGAIN = EAGAIN; #endif // _WIN32 @@ -98,10 +100,10 @@ uint Socket::get_ready() const ioctlsocket(socket_, FIONREAD, &ready); #else /* - 64-bit Solaris requires the variable passed to - FIONREAD be a 32-bit value. + 64-bit Solaris requires the variable passed to + FIONREAD be a 32-bit value. */ - int ready = 0; + unsigned int ready = 0; ioctl(socket_, FIONREAD, &ready); #endif @@ -126,18 +128,24 @@ uint Socket::receive(byte* buf, unsigned int sz, int flags) const assert(socket_ != INVALID_SOCKET); int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags); - if (recvd == -1) + // idea to seperate error from would block by arnetheduck@gmail.com + if (recvd == -1) { + if (get_lastError() == SOCKET_EWOULDBLOCK || + get_lastError() == SOCKET_EAGAIN) return 0; + } + else if (recvd == 0) + return static_cast<uint>(-1); return recvd; } -// wait if blocking for input, or error -void Socket::wait() const +// wait if blocking for input, return false for error +bool Socket::wait() const { byte b; - receive(&b, 1, MSG_PEEK); + return receive(&b, 1, MSG_PEEK) != static_cast<uint>(-1); } diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 94e783167b3..1aab14009d3 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -38,6 +38,14 @@ #include "yassl_int.hpp" #include <stdio.h> +#ifdef _WIN32 + #include <windows.h> // FindFirstFile etc.. +#else + #include <sys/types.h> // file helper + #include <sys/stat.h> // stat + #include <dirent.h> // opendir +#endif + namespace yaSSL { @@ -52,25 +60,25 @@ SSL_METHOD* SSLv3_method() SSL_METHOD* SSLv3_server_method() { - return new (ys) SSL_METHOD(server_end, ProtocolVersion(3,0)); + return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,0)); } SSL_METHOD* SSLv3_client_method() { - return new (ys) SSL_METHOD(client_end, ProtocolVersion(3,0)); + return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,0)); } SSL_METHOD* TLSv1_server_method() { - return new (ys) SSL_METHOD(server_end, ProtocolVersion(3,1)); + return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1)); } SSL_METHOD* TLSv1_client_method() { - return new (ys) SSL_METHOD(client_end, ProtocolVersion(3,1)); + return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1)); } @@ -83,7 +91,7 @@ SSL_METHOD* SSLv23_server_method() SSL_CTX* SSL_CTX_new(SSL_METHOD* method) { - return new (ys) SSL_CTX(method); + return NEW_YS SSL_CTX(method); } @@ -95,7 +103,7 @@ void SSL_CTX_free(SSL_CTX* ctx) SSL* SSL_new(SSL_CTX* ctx) { - return new (ys) SSL(ctx); + return NEW_YS SSL(ctx); } @@ -115,7 +123,12 @@ int SSL_set_fd(SSL* ssl, int fd) int SSL_connect(SSL* ssl) { sendClientHello(*ssl); + ClientState neededState = ssl->getSecurity().get_resuming() ? + serverFinishedComplete : serverHelloDoneComplete; + while (ssl->getStates().getClient() < neededState) { + if (ssl->GetError()) break; processReply(*ssl); + } if(ssl->getCrypto().get_certManager().sendVerify()) sendCertificate(*ssl); @@ -130,7 +143,10 @@ int SSL_connect(SSL* ssl) sendFinished(*ssl, client_end); ssl->flushBuffer(); if (!ssl->getSecurity().get_resuming()) + while (ssl->getStates().getClient() < serverFinishedComplete) { + if (ssl->GetError()) break; processReply(*ssl); + } ssl->verifyState(serverFinishedComplete); ssl->useLog().ShowTCP(ssl->getSocket().get_fd()); @@ -171,9 +187,7 @@ int SSL_accept(SSL* ssl) sendServerHelloDone(*ssl); ssl->flushBuffer(); - // Java Client sends fragmented response - while (ssl->getStates().getServer() < - clientFinishedComplete) { + while (ssl->getStates().getServer() < clientFinishedComplete) { if (ssl->GetError()) break; processReply(*ssl); } @@ -182,10 +196,7 @@ int SSL_accept(SSL* ssl) sendFinished(*ssl, server_end); ssl->flushBuffer(); if (ssl->getSecurity().get_resuming()) { - - // Java Client sends fragmented response - while (ssl->getStates().getServer() < - clientFinishedComplete) { + while (ssl->getStates().getServer() < clientFinishedComplete) { if (ssl->GetError()) break; processReply(*ssl); } @@ -281,9 +292,15 @@ char* SSL_get_shared_ciphers(SSL* /*ssl*/, char* buf, int len) } -const char* SSL_get_cipher_list(SSL* ssl, int /*priority */) +const char* SSL_get_cipher_list(SSL* ssl, int priority) { - return ssl->getSecurity().get_parms().cipher_list_; + if (priority < 0 || priority >= MAX_CIPHERS) + return 0; + + if (ssl->getSecurity().get_parms().cipher_list_[priority][0]) + return ssl->getSecurity().get_parms().cipher_list_[priority]; + + return 0; } @@ -455,7 +472,7 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) fseek(input, 0, SEEK_END); long sz = ftell(input); rewind(input); - x = new (ys) x509(sz); // takes ownership + x = NEW_YS x509(sz); // takes ownership size_t bytes = fread(x->use_buffer(), sz, 1, input); if (bytes != 1) { fclose(input); @@ -492,16 +509,74 @@ void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback /*vc*/) if (mode & SSL_VERIFY_PEER) ctx->setVerifyPeer(); + if (mode == SSL_VERIFY_NONE) + ctx->setVerifyNone(); + if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) ctx->setFailNoCert(); } int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, - const char* /*path*/) + const char* path) { - // just files for now - return read_file(ctx, file, SSL_FILETYPE_PEM, CA); + int ret = SSL_SUCCESS; + const int HALF_PATH = 128; + + if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA); + + if (ret == SSL_SUCCESS && path) { + // call read_file for each reqular file in path +#ifdef _WIN32 + + WIN32_FIND_DATA FindFileData; + HANDLE hFind; + + char name[MAX_PATH + 1]; // directory specification + strncpy(name, path, MAX_PATH - 3); + strncat(name, "\\*", 3); + + hFind = FindFirstFile(name, &FindFileData); + if (hFind == INVALID_HANDLE_VALUE) return SSL_BAD_PATH; + + do { + if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) { + strncpy(name, path, MAX_PATH - 2 - HALF_PATH); + strncat(name, "\\", 2); + strncat(name, FindFileData.cFileName, HALF_PATH); + ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA); + } + } while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData)); + + FindClose(hFind); + +#else // _WIN32 + + const int MAX_PATH = 260; + + DIR* dir = opendir(path); + if (!dir) return SSL_BAD_PATH; + + struct dirent* entry; + struct stat buf; + char name[MAX_PATH + 1]; + + while (ret == SSL_SUCCESS && (entry = readdir(dir))) { + strncpy(name, path, MAX_PATH - 1 - HALF_PATH); + strncat(name, "/", 1); + strncat(name, entry->d_name, HALF_PATH); + if (stat(name, &buf) < 0) return SSL_BAD_STAT; + + if (S_ISREG(buf.st_mode)) + ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA); + } + + closedir(dir); + +#endif + } + + return ret; } @@ -648,13 +723,13 @@ void OpenSSL_add_all_algorithms() // compatibility only {} -void SSL_library_init() // compatibility only +void SSL_library_init() // compatiblity only {} DH* DH_new(void) { - DH* dh = new (ys) DH; + DH* dh = NEW_YS DH; if (dh) dh->p = dh->g = 0; return dh; @@ -679,7 +754,7 @@ BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal) if (!retVal) { created = true; - bn.reset(new (ys) BIGNUM); + bn.reset(NEW_YS BIGNUM); retVal = bn.get(); } @@ -706,12 +781,14 @@ void ERR_print_errors_fp(FILE* /*fp*/) } -char* ERR_error_string(unsigned long /*err*/, char* buffer) +char* ERR_error_string(unsigned long errNumber, char* buffer) { - // TODO: - static char* msg = "Not Implemented"; - if (buffer) - return strncpy(buffer, msg, strlen(msg)); + static char* msg = "Please supply a buffer for error string"; + + if (buffer) { + SetErrorString(YasslError(errNumber), buffer); + return buffer; + } return msg; } @@ -728,14 +805,14 @@ const char* X509_verify_cert_error_string(long /* error */) const EVP_MD* EVP_md5(void) { // TODO: FIX add to some list for destruction - return new (ys) MD5; + return NEW_YS MD5; } const EVP_CIPHER* EVP_des_ede3_cbc(void) { // TODO: FIX add to some list for destruction - return new (ys) DES_EDE; + return NEW_YS DES_EDE; } diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index c55ca39bec2..5782df213ea 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -35,13 +35,6 @@ #include "openssl/ssl.h" #ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION -#if !defined(USE_CRYPTOPP_LIB) -namespace TaoCrypt { -template class HMAC<MD5>; -template class HMAC<SHA>; -template class HMAC<RIPEMD160>; -} -#endif // USE_CRYPTOPP_LIB namespace mySTL { template class list<unsigned char*>; diff --git a/extra/yassl/src/timer.cpp b/extra/yassl/src/timer.cpp index 8b7d2d17a84..4fe0d3aa4f9 100644 --- a/extra/yassl/src/timer.cpp +++ b/extra/yassl/src/timer.cpp @@ -26,17 +26,13 @@ #include "runtime.hpp" #include "timer.hpp" -#ifdef _WIN32 -#define WIN32_LEAN_AND_MEAN -#include <windows.h> -#else -#include <sys/time.h> -#endif - namespace yaSSL { #ifdef _WIN32 + #define WIN32_LEAN_AND_MEAN + #include <windows.h> + timer_d timer() { static bool init(false); @@ -61,6 +57,8 @@ namespace yaSSL { #else // _WIN32 + #include <sys/time.h> + timer_d timer() { struct timeval tv; diff --git a/extra/yassl/src/yassl.cpp b/extra/yassl/src/yassl.cpp new file mode 100644 index 00000000000..86af12fd448 --- /dev/null +++ b/extra/yassl/src/yassl.cpp @@ -0,0 +1,244 @@ +/* yassl.cpp + * + * Copyright (C) 2003 Sawtooth Consulting Ltd. + * + * This file is part of yaSSL. + * + * yaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * yaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* yaSSL implements external API + */ + +#include "runtime.hpp" +#include "yassl.hpp" +#include "yassl_int.hpp" +#include "handshake.hpp" +#include <stdio.h> + +#include "openssl/ssl.h" // get rid of this + + +// yaSSL overloads hide these +void* operator new[](size_t sz) +{ + return ::operator new(sz); +} + +void operator delete[](void* ptr) +{ + ::operator delete(ptr); +} + + +namespace yaSSL { + +using mySTL::min; + + +struct Base { + SSL_METHOD* method_; + SSL_CTX* ctx_; + SSL* ssl_; + + char* ca_; + char* cert_; + char* key_; + + DH* dh_; + + Base() : method_(0), ctx_(0), ssl_(0), ca_(0), cert_(0), key_(0), dh_(0) + {} + + ~Base() + { + if (dh_) DH_free(dh_); + delete[] key_; + delete[] cert_; + delete[] ca_; + SSL_CTX_free(ctx_); // frees method_ too + SSL_free(ssl_); + } +}; + + +void SetDH(Base&); + +void SetUpBase(Base& base, ConnectionEnd end, SOCKET_T s) +{ + base.method_ = new SSL_METHOD(end, ProtocolVersion(3,1)); + base.ctx_ = new SSL_CTX(base.method_); + + if (base.ca_) + if (SSL_CTX_load_verify_locations(base.ctx_, + base.ca_, 0) != SSL_SUCCESS) assert(0); + if (base.cert_) + if (SSL_CTX_use_certificate_file(base.ctx_, + base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0); + if (base.key_) + if (SSL_CTX_use_PrivateKey_file(base.ctx_, base.key_, + SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0); + + if (end == server_end) SetDH(base); + + base.ssl_ = new SSL(base.ctx_); + base.ssl_->useSocket().set_fd(s); +} + + +void SetDH(Base& base) +{ + static unsigned char dh512_p[] = + { + 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, + 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, + 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, + 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, + 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, + 0x47,0x74,0xE8,0x33, + }; + + static unsigned char dh512_g[] = + { + 0x02, + }; + + if ( (base.dh_ = DH_new()) ) { + base.dh_->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0); + base.dh_->g = BN_bin2bn(dh512_g, sizeof(dh512_g), 0); + } + if (!base.dh_->p || !base.dh_->g) { + DH_free(base.dh_); + base.dh_ = 0; + } + SSL_CTX_set_tmp_dh(base.ctx_, base.dh_); +} + + +void NewCopy(char*& dst, const char* src) +{ + size_t len = strlen(src) + 1; + dst = new char[len]; + + strncpy(dst, src, len); +} + + +// Client Implementation +struct Client::ClientImpl { + Base base_; +}; + + +Client::Client() : pimpl_(new ClientImpl) +{} + + +Client::~Client() { delete pimpl_; } + + +int Client::Connect(SOCKET_T s) +{ + SetUpBase(pimpl_->base_, client_end, s); + return SSL_connect(pimpl_->base_.ssl_); +} + + +int Client::Write(const void* buffer, int sz) +{ + return sendData(*pimpl_->base_.ssl_, buffer, sz); +} + + +int Client::Read(void* buffer, int sz) +{ + Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer)); + return receiveData(*pimpl_->base_.ssl_, data); +} + + +void Client::SetCA(const char* name) +{ + NewCopy(pimpl_->base_.ca_, name); +} + + +void Client::SetCert(const char* name) +{ + NewCopy(pimpl_->base_.cert_, name); +} + + +void Client::SetKey(const char* name) +{ + NewCopy(pimpl_->base_.key_, name); +} + + + +// Server Implementation +struct Server::ServerImpl { + Base base_; +}; + + +Server::Server() : pimpl_(new ServerImpl) +{} + + +Server::~Server() { delete pimpl_; } + + +int Server::Accept(SOCKET_T s) +{ + SetUpBase(pimpl_->base_, server_end, s); + return SSL_accept(pimpl_->base_.ssl_); +} + + +int Server::Write(const void* buffer, int sz) +{ + return sendData(*pimpl_->base_.ssl_, buffer, sz); +} + + +int Server::Read(void* buffer, int sz) +{ + Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer)); + return receiveData(*pimpl_->base_.ssl_, data); +} + + +void Server::SetCA(const char* name) +{ + NewCopy(pimpl_->base_.ca_, name); +} + + +void Server::SetCert(const char* name) +{ + NewCopy(pimpl_->base_.cert_, name); +} + + +void Server::SetKey(const char* name) +{ + NewCopy(pimpl_->base_.key_, name); +} + + + +} // namespace yaSSL diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp index c53aef2068d..59113d7438c 100644 --- a/extra/yassl/src/yassl_error.cpp +++ b/extra/yassl/src/yassl_error.cpp @@ -25,6 +25,7 @@ #include "runtime.hpp" #include "yassl_error.hpp" +#include "error.hpp" // TaoCrypt error numbers namespace yaSSL { @@ -48,6 +49,184 @@ Library Error::get_lib() const } +void SetErrorString(YasslError error, char* buffer) +{ + using namespace TaoCrypt; + const int max = MAX_ERROR_SZ; // shorthand + + switch (error) { + + // yaSSL proper errors + case range_error : + strncpy(buffer, "buffer index error, out of range", max); + break; + + case realloc_error : + strncpy(buffer, "trying to realloc a fixed buffer", max); + break; + + case factory_error : + strncpy(buffer, "unknown factory create request", max); + break; + + case unknown_cipher : + strncpy(buffer, "trying to use an unknown cipher", max); + break; + + case prefix_error : + strncpy(buffer, "bad master secret derivation, prefix too big", max); + break; + + case record_layer : + strncpy(buffer, "record layer not ready yet", max); + break; + + case handshake_layer : + strncpy(buffer, "handshake layer not ready yet", max); + break; + + case out_of_order : + strncpy(buffer, "handshake message received in wrong order", max); + break; + + case bad_input : + strncpy(buffer, "bad cipher suite input", max); + break; + + case match_error : + strncpy(buffer, "unable to match a supported cipher suite", max); + break; + + case no_key_file : + strncpy(buffer, "the server needs a private key file", max); + break; + + case verify_error : + strncpy(buffer, "unable to verify peer checksum", max); + break; + + case send_error : + strncpy(buffer, "socket layer send error", max); + break; + + case receive_error : + strncpy(buffer, "socket layer receive error", max); + break; + + case certificate_error : + strncpy(buffer, "unable to proccess cerificate", max); + break; + + // TaoCrypt errors + case NO_ERROR : + strncpy(buffer, "not in error state", max); + break; + + case WINCRYPT_E : + strncpy(buffer, "bad wincrypt acquire", max); + break; + + case CRYPTGEN_E : + strncpy(buffer, "CryptGenRandom error", max); + break; + + case OPEN_RAN_E : + strncpy(buffer, "unable to use random device", max); + break; + + case READ_RAN_E : + strncpy(buffer, "unable to use random device", max); + break; + + case INTEGER_E : + strncpy(buffer, "ASN: bad DER Integer Header", max); + break; + + case SEQUENCE_E : + strncpy(buffer, "ASN: bad Sequence Header", max); + break; + + case SET_E : + strncpy(buffer, "ASN: bad Set Header", max); + break; + + case VERSION_E : + strncpy(buffer, "ASN: version length not 1", max); + break; + + case SIG_OID_E : + strncpy(buffer, "ASN: signature OID mismatch", max); + break; + + case BIT_STR_E : + strncpy(buffer, "ASN: bad BitString Header", max); + break; + + case UNKNOWN_OID_E : + strncpy(buffer, "ASN: unknown key OID type", max); + break; + + case OBJECT_ID_E : + strncpy(buffer, "ASN: bad Ojbect ID Header", max); + break; + + case TAG_NULL_E : + strncpy(buffer, "ASN: expected TAG NULL", max); + break; + + case EXPECT_0_E : + strncpy(buffer, "ASN: expected 0", max); + break; + + case OCTET_STR_E : + strncpy(buffer, "ASN: bad Octet String Header", max); + break; + + case TIME_E : + strncpy(buffer, "ASN: bad TIME", max); + break; + + case DATE_SZ_E : + strncpy(buffer, "ASN: bad Date Size", max); + break; + + case SIG_LEN_E : + strncpy(buffer, "ASN: bad Signature Length", max); + break; + + case UNKOWN_SIG_E : + strncpy(buffer, "ASN: unknown signature OID", max); + break; + + case UNKOWN_HASH_E : + strncpy(buffer, "ASN: unknown hash OID", max); + break; + + case DSA_SZ_E : + strncpy(buffer, "ASN: bad DSA r or s size", max); + break; + + case BEFORE_DATE_E : + strncpy(buffer, "ASN: before date in the future", max); + break; + + case AFTER_DATE_E : + strncpy(buffer, "ASN: after date in the past", max); + break; + + case SIG_CONFIRM_E : + strncpy(buffer, "ASN: bad self signature confirmation", max); + break; + + case SIG_OTHER_E : + strncpy(buffer, "ASN: bad other signature confirmation", max); + break; + + default : + strncpy(buffer, "unknown error number", max); + } +} + } // namespace yaSSL diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 1d9db46816b..1d2d5396ea0 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -29,6 +29,7 @@ #include "asn.hpp" // provide crypto wrapper?? + namespace yaSSL { @@ -111,10 +112,14 @@ void ClientDiffieHellmanPublic::build(SSL& ssl) uint keyLength = dhClient.get_agreedKeyLength(); // pub and agree same alloc(keyLength, true); - dhClient.makeAgreement(dhServer.get_publicKey()); + dhClient.makeAgreement(dhServer.get_publicKey(), keyLength); c16toa(keyLength, Yc_); memcpy(Yc_ + KEY_OFFSET, dhClient.get_publicKey(), keyLength); + // because of encoding first byte might be zero, don't use it for preMaster + if (*dhClient.get_agreedKey() == 0) + ssl.set_preMaster(dhClient.get_agreedKey() + 1, keyLength - 1); + else ssl.set_preMaster(dhClient.get_agreedKey(), keyLength); } @@ -134,10 +139,10 @@ void DH_Server::build(SSL& ssl) const CertManager& cert = ssl.getCrypto().get_certManager(); if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) - auth.reset(new (ys) RSA(cert.get_privateKey(), + auth.reset(NEW_YS RSA(cert.get_privateKey(), cert.get_privateKeyLength(), false)); else { - auth.reset(new (ys) DSS(cert.get_privateKey(), + auth.reset(NEW_YS DSS(cert.get_privateKey(), cert.get_privateKeyLength(), false)); sigSz += DSS_ENCODED_EXTRA; } @@ -168,7 +173,7 @@ void DH_Server::build(SSL& ssl) byte hash[FINISHED_SZ]; MD5 md5; SHA sha; - signature_ = new (ys) byte[sigSz]; + signature_ = NEW_YS byte[sigSz]; const Connection& conn = ssl.getSecurity().get_connection(); // md5 @@ -199,7 +204,7 @@ void DH_Server::build(SSL& ssl) tmp.write(signature_, sigSz); // key message - keyMessage_ = new (ys) opaque[length_]; + keyMessage_ = NEW_YS opaque[length_]; memcpy(keyMessage_, tmp.get_buffer(), tmp.get_size()); } @@ -253,7 +258,7 @@ opaque* EncryptedPreMasterSecret::get_clientKey() const void EncryptedPreMasterSecret::alloc(int sz) { length_ = sz; - secret_ = new (ys) opaque[sz]; + secret_ = NEW_YS opaque[sz]; } @@ -269,10 +274,14 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input) ato16(tmp, keyLength); alloc(keyLength); - input.read(Yc_, length_); - dh.makeAgreement(Yc_); + input.read(Yc_, keyLength); + dh.makeAgreement(Yc_, keyLength); - ssl.set_preMaster(dh.get_agreedKey(), keyLength); + // because of encoding, first byte might be 0, don't use for preMaster + if (*dh.get_agreedKey() == 0) + ssl.set_preMaster(dh.get_agreedKey() + 1, dh.get_agreedKeyLength() - 1); + else + ssl.set_preMaster(dh.get_agreedKey(), dh.get_agreedKeyLength()); ssl.makeMasterSecret(); } @@ -303,7 +312,7 @@ opaque* ClientDiffieHellmanPublic::get_clientKey() const void ClientDiffieHellmanPublic::alloc(int sz, bool offset) { length_ = sz + (offset ? KEY_OFFSET : 0); - Yc_ = new (ys) opaque[length_]; + Yc_ = NEW_YS opaque[length_]; } @@ -348,7 +357,7 @@ void DH_Server::read(SSL& ssl, input_buffer& input) tmp[1] = input[AUTO]; ato16(tmp, length); - signature_ = new (ys) byte[length]; + signature_ = NEW_YS byte[length]; input.read(signature_, length); // verify signature @@ -386,7 +395,7 @@ void DH_Server::read(SSL& ssl, input_buffer& input) } // save input - ssl.useCrypto().SetDH(new (ys) DiffieHellman(parms_.get_p(), + ssl.useCrypto().SetDH(NEW_YS DiffieHellman(parms_.get_p(), parms_.get_pSize(), parms_.get_g(), parms_.get_gSize(), parms_.get_pub(), parms_.get_pubSize(), ssl.getCrypto().get_random())); @@ -438,7 +447,7 @@ void Parameters::SetSuites(ProtocolVersion pv) int i = 0; // available suites, best first // when adding more, make sure cipher_names is updated and - // MAX_CIPHER_LIST is big enough + // MAX_CIPHERS is big enough if (isTLS(pv)) { suites_[i++] = 0x00; @@ -510,13 +519,10 @@ void Parameters::SetCipherNames() for (int j = 0; j < suites; j++) { int index = suites_[j*2 + 1]; // every other suite is suite id - int len = strlen(cipher_names[index]); - memcpy(&cipher_list_[pos], cipher_names[index], len); - pos += len; - cipher_list_[pos++] = ':'; + int len = strlen(cipher_names[index]) + 1; + strncpy(cipher_list_[pos++], cipher_names[index], len); } - if (suites) - cipher_list_[--pos] = 0; + cipher_list_[pos][0] = 0; } @@ -928,7 +934,7 @@ void Data::Process(input_buffer& input, SSL& ssl) // read data if (dataSz) { input_buffer* data; - ssl.addData(data = new (ys) input_buffer(dataSz)); + ssl.addData(data = NEW_YS input_buffer(dataSz)); input.read(data->get_buffer(), dataSz); data->add_size(dataSz); @@ -1025,7 +1031,7 @@ void Certificate::Process(input_buffer& input, SSL& ssl) c24to32(tmp, cert_sz); x509* myCert; - cm.AddPeerCert(myCert = new (ys) x509(cert_sz)); + cm.AddPeerCert(myCert = NEW_YS x509(cert_sz)); input.read(myCert->use_buffer(), myCert->get_length()); list_sz -= cert_sz + CERT_HEADER; @@ -1111,21 +1117,21 @@ const opaque* ServerDHParams::get_pub() const opaque* ServerDHParams::alloc_p(int sz) { - p_ = new (ys) opaque[pSz_ = sz]; + p_ = NEW_YS opaque[pSz_ = sz]; return p_; } opaque* ServerDHParams::alloc_g(int sz) { - g_ = new (ys) opaque[gSz_ = sz]; + g_ = NEW_YS opaque[gSz_ = sz]; return g_; } opaque* ServerDHParams::alloc_pub(int sz) { - Ys_ = new (ys) opaque[pubSz_ = sz]; + Ys_ = NEW_YS opaque[pubSz_ = sz]; return Ys_; } @@ -1323,6 +1329,7 @@ input_buffer& operator>>(input_buffer& input, ClientHello& hello) // Compression hello.comp_len_ = input[AUTO]; + while (hello.comp_len_--) // ignore for now hello.compression_methods_ = CompressionMethod(input[AUTO]); return input; @@ -1537,7 +1544,7 @@ void CertificateRequest::Build() for (int j = 0; j < authCount; j++) { int sz = REQUEST_HEADER + MIN_DIS_SIZE; DistinguishedName dn; - certificate_authorities_.push_back(dn = new (ys) byte[sz]); + certificate_authorities_.push_back(dn = NEW_YS byte[sz]); opaque tmp[REQUEST_HEADER]; c16toa(MIN_DIS_SIZE, tmp); @@ -1584,7 +1591,7 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request) ato16(tmp, dnSz); DistinguishedName dn; - request.certificate_authorities_.push_back(dn = new (ys) + request.certificate_authorities_.push_back(dn = NEW_YS byte[REQUEST_HEADER + dnSz]); memcpy(dn, tmp, REQUEST_HEADER); input.read(&dn[REQUEST_HEADER], dnSz); @@ -1630,7 +1637,11 @@ output_buffer& operator<<(output_buffer& output, // CertificateRequest processing handler void CertificateRequest::Process(input_buffer&, SSL& ssl) { - ssl.useCrypto().use_certManager().setSendVerify(); + CertManager& cm = ssl.useCrypto().use_certManager(); + + // make sure user provided cert and key before sending and using + if (cm.get_cert() && cm.get_privateKey()) + cm.setSendVerify(); } @@ -1665,7 +1676,7 @@ void CertificateVerify::Build(SSL& ssl) RSA rsa(cert.get_privateKey(), cert.get_privateKeyLength(), false); sz = rsa.get_cipherLength() + VERIFY_HEADER; - sig.reset(new (ys) byte[sz]); + sig.reset(NEW_YS byte[sz]); c16toa(sz - VERIFY_HEADER, len); memcpy(sig.get(), len, VERIFY_HEADER); @@ -1676,7 +1687,7 @@ void CertificateVerify::Build(SSL& ssl) DSS dss(cert.get_privateKey(), cert.get_privateKeyLength(), false); sz = DSS_SIG_SZ + DSS_ENCODED_EXTRA + VERIFY_HEADER; - sig.reset(new (ys) byte[sz]); + sig.reset(NEW_YS byte[sz]); c16toa(sz - VERIFY_HEADER, len); memcpy(sig.get(), len, VERIFY_HEADER); @@ -1714,7 +1725,7 @@ input_buffer& operator>>(input_buffer& input, CertificateVerify& request) ato16(tmp, sz); request.set_length(sz); - request.signature_ = new (ys) byte[sz]; + request.signature_ = NEW_YS byte[sz]; input.read(request.signature_, sz); return input; @@ -1975,7 +1986,7 @@ Connection::~Connection() void Connection::AllocPreSecret(uint sz) { - pre_master_secret_ = new (ys) opaque[pre_secret_len_ = sz]; + pre_master_secret_ = NEW_YS opaque[pre_secret_len_ = sz]; } @@ -2011,35 +2022,35 @@ void Connection::CleanPreMaster() // Create functions for message factory -Message* CreateCipherSpec() { return new (ys) ChangeCipherSpec; } -Message* CreateAlert() { return new (ys) Alert; } -Message* CreateHandShake() { return new (ys) HandShakeHeader; } -Message* CreateData() { return new (ys) Data; } +Message* CreateCipherSpec() { return NEW_YS ChangeCipherSpec; } +Message* CreateAlert() { return NEW_YS Alert; } +Message* CreateHandShake() { return NEW_YS HandShakeHeader; } +Message* CreateData() { return NEW_YS Data; } // Create functions for handshake factory -HandShakeBase* CreateHelloRequest() { return new (ys) HelloRequest; } -HandShakeBase* CreateClientHello() { return new (ys) ClientHello; } -HandShakeBase* CreateServerHello() { return new (ys) ServerHello; } -HandShakeBase* CreateCertificate() { return new (ys) Certificate; } -HandShakeBase* CreateServerKeyExchange() { return new (ys) ServerKeyExchange;} -HandShakeBase* CreateCertificateRequest() { return new (ys) +HandShakeBase* CreateHelloRequest() { return NEW_YS HelloRequest; } +HandShakeBase* CreateClientHello() { return NEW_YS ClientHello; } +HandShakeBase* CreateServerHello() { return NEW_YS ServerHello; } +HandShakeBase* CreateCertificate() { return NEW_YS Certificate; } +HandShakeBase* CreateServerKeyExchange() { return NEW_YS ServerKeyExchange;} +HandShakeBase* CreateCertificateRequest() { return NEW_YS CertificateRequest; } -HandShakeBase* CreateServerHelloDone() { return new (ys) ServerHelloDone; } -HandShakeBase* CreateCertificateVerify() { return new (ys) CertificateVerify;} -HandShakeBase* CreateClientKeyExchange() { return new (ys) ClientKeyExchange;} -HandShakeBase* CreateFinished() { return new (ys) Finished; } +HandShakeBase* CreateServerHelloDone() { return NEW_YS ServerHelloDone; } +HandShakeBase* CreateCertificateVerify() { return NEW_YS CertificateVerify;} +HandShakeBase* CreateClientKeyExchange() { return NEW_YS ClientKeyExchange;} +HandShakeBase* CreateFinished() { return NEW_YS Finished; } // Create functions for server key exchange factory -ServerKeyBase* CreateRSAServerKEA() { return new (ys) RSA_Server; } -ServerKeyBase* CreateDHServerKEA() { return new (ys) DH_Server; } -ServerKeyBase* CreateFortezzaServerKEA() { return new (ys) Fortezza_Server; } +ServerKeyBase* CreateRSAServerKEA() { return NEW_YS RSA_Server; } +ServerKeyBase* CreateDHServerKEA() { return NEW_YS DH_Server; } +ServerKeyBase* CreateFortezzaServerKEA() { return NEW_YS Fortezza_Server; } // Create functions for client key exchange factory -ClientKeyBase* CreateRSAClient() { return new (ys) +ClientKeyBase* CreateRSAClient() { return NEW_YS EncryptedPreMasterSecret; } -ClientKeyBase* CreateDHClient() { return new (ys) +ClientKeyBase* CreateDHClient() { return NEW_YS ClientDiffieHellmanPublic; } -ClientKeyBase* CreateFortezzaClient() { return new (ys) FortezzaKeys; } +ClientKeyBase* CreateFortezzaClient() { return NEW_YS FortezzaKeys; } // Constructor calls this to Register compile time callbacks diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 87d990b3506..d998dbf905e 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -31,40 +31,41 @@ #include "openssl/ssl.h" // for DH -void* operator new(size_t sz, yaSSL::new_t) -{ #ifdef YASSL_PURE_C + + void* operator new(size_t sz, yaSSL::new_t) + { void* ptr = malloc(sz ? sz : 1); if (!ptr) abort(); return ptr; -#else - return ::operator new(sz); -#endif -} + } -void operator delete(void* ptr, yaSSL::new_t) -{ -#ifdef YASSL_PURE_C + void operator delete(void* ptr, yaSSL::new_t) + { if (ptr) free(ptr); -#else - ::operator delete(ptr); -#endif -} + } -void* operator new[](size_t sz, yaSSL::new_t nt) -{ + void* operator new[](size_t sz, yaSSL::new_t nt) + { return ::operator new(sz, nt); -} + } -void operator delete[](void* ptr, yaSSL::new_t nt) -{ + void operator delete[](void* ptr, yaSSL::new_t nt) + { ::operator delete(ptr, nt); -} + } + + namespace yaSSL { + + new_t ys; // for yaSSL library new + + } +#endif // YASSL_PURE_C namespace yaSSL { @@ -72,7 +73,6 @@ namespace yaSSL { using mySTL::min; -new_t ys; // for yaSSL library new @@ -286,6 +286,8 @@ SSL::SSL(SSL_CTX* ctx) if (ctx->getMethod()->verifyPeer()) cm.setVerifyPeer(); + if (ctx->getMethod()->verifyNone()) + cm.setVerifyNone(); if (ctx->getMethod()->failNoCert()) cm.setFailNoCert(); @@ -321,8 +323,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = AES_256_KEY_SZ; parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_256_CBC_SHA], MAX_SUITE_NAME); break; @@ -335,8 +337,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = AES_128_KEY_SZ; parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_128_CBC_SHA], MAX_SUITE_NAME); break; @@ -349,8 +351,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = DES_EDE_KEY_SZ; parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_3DES_EDE_CBC_SHA] , MAX_SUITE_NAME); break; @@ -363,8 +365,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = DES_KEY_SZ; parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES); strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_DES_CBC_SHA], MAX_SUITE_NAME); break; @@ -377,8 +379,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = RC4_KEY_SZ; parms.iv_size_ = 0; parms.cipher_type_ = stream; - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) RC4); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS RC4); strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_RC4_128_SHA], MAX_SUITE_NAME); break; @@ -391,8 +393,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = RC4_KEY_SZ; parms.iv_size_ = 0; parms.cipher_type_ = stream; - crypto_.setDigest(new (ys) MD5); - crypto_.setCipher(new (ys) RC4); + crypto_.setDigest(NEW_YS MD5); + crypto_.setCipher(NEW_YS RC4); strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_RC4_128_MD5], MAX_SUITE_NAME); break; @@ -407,8 +409,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES); strncpy(parms.cipher_name_, cipher_names[SSL_DHE_RSA_WITH_DES_CBC_SHA], MAX_SUITE_NAME); break; @@ -423,8 +425,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA], MAX_SUITE_NAME); break; @@ -439,8 +441,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_RSA_WITH_AES_256_CBC_SHA], MAX_SUITE_NAME); break; @@ -455,8 +457,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_RSA_WITH_AES_128_CBC_SHA], MAX_SUITE_NAME); break; @@ -471,8 +473,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES); strncpy(parms.cipher_name_, cipher_names[SSL_DHE_DSS_WITH_DES_CBC_SHA], MAX_SUITE_NAME); break; @@ -487,8 +489,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA], MAX_SUITE_NAME); break; @@ -503,8 +505,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_DSS_WITH_AES_256_CBC_SHA], MAX_SUITE_NAME); break; @@ -519,8 +521,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) SHA); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS SHA); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_DSS_WITH_AES_128_CBC_SHA], MAX_SUITE_NAME); break; @@ -533,8 +535,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = AES_256_KEY_SZ; parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_256_CBC_RMD160], MAX_SUITE_NAME); break; @@ -547,8 +549,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = AES_128_KEY_SZ; parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_128_CBC_RMD160], MAX_SUITE_NAME); break; @@ -561,8 +563,8 @@ void SSL::set_pending(Cipher suite) parms.key_size_ = DES_EDE_KEY_SZ; parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_3DES_EDE_CBC_RMD160], MAX_SUITE_NAME); break; @@ -577,8 +579,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160], MAX_SUITE_NAME); @@ -594,8 +596,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_RSA_WITH_AES_256_CBC_RMD160], MAX_SUITE_NAME); @@ -611,8 +613,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_RSA_WITH_AES_128_CBC_RMD160], MAX_SUITE_NAME); @@ -628,8 +630,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = DES_IV_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) DES_EDE); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS DES_EDE); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160], MAX_SUITE_NAME); @@ -645,8 +647,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES(AES_256_KEY_SZ)); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ)); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_DSS_WITH_AES_256_CBC_RMD160], MAX_SUITE_NAME); @@ -662,8 +664,8 @@ void SSL::set_pending(Cipher suite) parms.iv_size_ = AES_BLOCK_SZ; parms.cipher_type_ = block; secure_.use_connection().send_server_key_ = true; // eph - crypto_.setDigest(new (ys) RMD); - crypto_.setCipher(new (ys) AES); + crypto_.setDigest(NEW_YS RMD); + crypto_.setCipher(NEW_YS AES); strncpy(parms.cipher_name_, cipher_names[TLS_DHE_DSS_WITH_AES_128_CBC_RMD160], MAX_SUITE_NAME); @@ -830,7 +832,7 @@ void SSL::deriveKeys() int length = 2 * secure_.get_parms().hash_size_ + 2 * secure_.get_parms().key_size_ + 2 * secure_.get_parms().iv_size_; - int rounds = length / MD5_LEN + ((length % MD5_LEN) ? 1 : 0); + int rounds = (length + MD5_LEN - 1 ) / MD5_LEN; input_buffer key_data(rounds * MD5_LEN); opaque sha_output[SHA_LEN]; @@ -1366,7 +1368,7 @@ static Sessions* sessionsInstance = 0; Sessions& GetSessions() { if (!sessionsInstance) - sessionsInstance = new (ys) Sessions; + sessionsInstance = NEW_YS Sessions; return *sessionsInstance; } @@ -1374,9 +1376,8 @@ Sessions& GetSessions() static sslFactory* sslFactoryInstance = 0; sslFactory& GetSSL_Factory() -{ if (!sslFactoryInstance) - sslFactoryInstance = new (ys) sslFactory; + sslFactoryInstance = NEW_YS sslFactory; return *sslFactoryInstance; } @@ -1395,7 +1396,7 @@ typedef Mutex::Lock Lock; void Sessions::add(const SSL& ssl) { Lock guard(mutex_); - list_.push_back(new (ys) SSL_SESSION(ssl, random_)); + list_.push_back(NEW_YS SSL_SESSION(ssl, random_)); } @@ -1462,7 +1463,8 @@ void Sessions::remove(const opaque* id) SSL_METHOD::SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv) - : version_(pv), side_(ce), verifyPeer_(false), failNoCert_(false) + : version_(pv), side_(ce), verifyPeer_(false), verifyNone_(false), + failNoCert_(false) {} @@ -1484,6 +1486,12 @@ void SSL_METHOD::setVerifyPeer() } +void SSL_METHOD::setVerifyNone() +{ + verifyNone_ = true; +} + + void SSL_METHOD::setFailNoCert() { failNoCert_ = true; @@ -1496,6 +1504,12 @@ bool SSL_METHOD::verifyPeer() const } +bool SSL_METHOD::verifyNone() const +{ + return verifyNone_; +} + + bool SSL_METHOD::failNoCert() const { return failNoCert_; @@ -1572,6 +1586,12 @@ void SSL_CTX::setVerifyPeer() } +void SSL_CTX::setVerifyNone() +{ + method_->setVerifyNone(); +} + + void SSL_CTX::setFailNoCert() { method_->setFailNoCert(); @@ -1794,7 +1814,7 @@ void Crypto::SetDH(DiffieHellman* dh) void Crypto::SetDH(const DH_Parms& dh) { if (dh.set_) - dh_ = new (ys) DiffieHellman(dh.p_, dh.g_, random_); + dh_ = NEW_YS DiffieHellman(dh.p_, dh.g_, random_); } @@ -1961,7 +1981,7 @@ X509_NAME::X509_NAME(const char* n, size_t sz) : name_(0) { if (sz) { - name_ = new (ys) char[sz]; + name_ = NEW_YS char[sz]; memcpy(name_, n, sz); } } |