summaryrefslogtreecommitdiff
path: root/extra/yassl/src
diff options
context:
space:
mode:
Diffstat (limited to 'extra/yassl/src')
-rw-r--r--extra/yassl/src/cert_wrapper.cpp9
-rw-r--r--extra/yassl/src/make.bat2
-rw-r--r--extra/yassl/src/ssl.cpp382
-rw-r--r--extra/yassl/src/template_instnt.cpp6
-rw-r--r--extra/yassl/src/yassl_imp.cpp4
-rw-r--r--extra/yassl/src/yassl_int.cpp105
6 files changed, 443 insertions, 65 deletions
diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp
index b98c7faf1d0..ae609b510ba 100644
--- a/extra/yassl/src/cert_wrapper.cpp
+++ b/extra/yassl/src/cert_wrapper.cpp
@@ -271,10 +271,13 @@ int CertManager::Validate()
else
peerKeyType_ = dsa_sa_algo;
- int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0;
- int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0;
+ int iSz = strlen(cert.GetIssuer()) + 1;
+ int sSz = strlen(cert.GetCommonName()) + 1;
+ int bSz = strlen(cert.GetBeforeDate()) + 1;
+ int aSz = strlen(cert.GetAfterDate()) + 1;
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
- sSz);
+ sSz, cert.GetBeforeDate(), bSz,
+ cert.GetAfterDate(), aSz);
}
return 0;
}
diff --git a/extra/yassl/src/make.bat b/extra/yassl/src/make.bat
index 4c79a9c6406..148427a6f41 100644
--- a/extra/yassl/src/make.bat
+++ b/extra/yassl/src/make.bat
@@ -1,4 +1,4 @@
-# quick and dirty build file for testing different MSDEVs
+REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../mySTL /I../taocrypt/include /W3 /c /ZI
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 1aab14009d3..66196514a87 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -1,4 +1,4 @@
-/* ssl.cpp
+ /* ssl.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
@@ -36,6 +36,7 @@
#include "openssl/ssl.h"
#include "handshake.hpp"
#include "yassl_int.hpp"
+#include "md5.hpp" // for TaoCrypt MD5 size assert
#include <stdio.h>
#ifdef _WIN32
@@ -52,6 +53,53 @@ namespace yaSSL {
using mySTL::min;
+int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
+{
+ if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
+ return SSL_BAD_FILETYPE;
+
+ FILE* input = fopen(file, "rb");
+ if (!input)
+ return SSL_BAD_FILE;
+
+ if (type == CA) {
+ x509* ptr = PemToDer(file, Cert);
+ if (!ptr) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ ctx->AddCA(ptr); // takes ownership
+ }
+ else {
+ x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
+
+ if (format == SSL_FILETYPE_ASN1) {
+ fseek(input, 0, SEEK_END);
+ long sz = ftell(input);
+ rewind(input);
+ x = NEW_YS x509(sz); // takes ownership
+ size_t bytes = fread(x->use_buffer(), sz, 1, input);
+ if (bytes != 1) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ }
+ else {
+ x = PemToDer(file, type);
+ if (!x) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ }
+ }
+ fclose(input);
+ return SSL_SUCCESS;
+}
+
+
+extern "C" {
+
+
SSL_METHOD* SSLv3_method()
{
return SSLv3_client_method();
@@ -448,50 +496,6 @@ long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)
}
-int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
-{
- if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
- return SSL_BAD_FILETYPE;
-
- FILE* input = fopen(file, "rb");
- if (!input)
- return SSL_BAD_FILE;
-
- if (type == CA) {
- x509* ptr = PemToDer(file, Cert);
- if (!ptr) {
- fclose(input);
- return SSL_BAD_FILE;
- }
- ctx->AddCA(ptr); // takes ownership
- }
- else {
- x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
-
- if (format == SSL_FILETYPE_ASN1) {
- fseek(input, 0, SEEK_END);
- long sz = ftell(input);
- rewind(input);
- x = NEW_YS x509(sz); // takes ownership
- size_t bytes = fread(x->use_buffer(), sz, 1, input);
- if (bytes != 1) {
- fclose(input);
- return SSL_BAD_FILE;
- }
- }
- else {
- x = PemToDer(file, type);
- if (!x) {
- fclose(input);
- return SSL_BAD_FILE;
- }
- }
- }
- fclose(input);
- return SSL_SUCCESS;
-}
-
-
int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
{
return read_file(ctx, file, format, Cert);
@@ -723,8 +727,10 @@ void OpenSSL_add_all_algorithms() // compatibility only
{}
-void SSL_library_init() // compatiblity only
-{}
+int SSL_library_init() // compatiblity only
+{
+ return 1;
+}
DH* DH_new(void)
@@ -804,15 +810,13 @@ const char* X509_verify_cert_error_string(long /* error */)
const EVP_MD* EVP_md5(void)
{
- // TODO: FIX add to some list for destruction
- return NEW_YS MD5;
+ return GetCryptProvider().NewMd5();
}
const EVP_CIPHER* EVP_des_ede3_cbc(void)
{
- // TODO: FIX add to some list for destruction
- return NEW_YS DES_EDE;
+ return GetCryptProvider().NewDesEde();
}
@@ -897,6 +901,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
}
+// functions for libcurl
+int RAND_status()
+{
+ return 1; /* TaoCrypt provides enough seed */
+}
+
+
+int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
+{
+ memcpy(schedule, key, sizeof(const_DES_cblock));
+ return 1;
+}
+
+
+void DES_set_odd_parity(DES_cblock* key)
+{
+ // not needed now for TaoCrypt
+}
+
+
+void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
+ DES_key_schedule* key, int enc)
+{
+ DES des;
+
+ if (enc) {
+ des.set_encryptKey(*key, 0);
+ des.encrypt(*output, *input, DES_BLOCK);
+ }
+ else {
+ des.set_decryptKey(*key, 0);
+ des.decrypt(*output, *input, DES_BLOCK);
+ }
+}
+
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
+{
+ // yaSSL doesn't support yet, unencrypt your PEM file with userdata
+ // before handing off to yaSSL
+}
+
+
+X509* SSL_get_certificate(SSL* ssl)
+{
+ // only used to pass to get_privatekey which isn't used
+ return 0;
+}
+
+
+EVP_PKEY* SSL_get_privatekey(SSL* ssl)
+{
+ // only called, not used
+ return 0;
+}
+
+
+void SSL_SESSION_free(SSL_SESSION* session)
+{
+ // managed by singleton
+}
+
+
+
+EVP_PKEY* X509_get_pubkey(X509* x)
+{
+ // called, not used though
+ return 0;
+}
+
+
+int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
+{
+ // called, not used though
+ return 0;
+}
+
+
+void EVP_PKEY_free(EVP_PKEY* pkey)
+{
+ // never allocated from above
+}
+
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+ if (len) ERR_error_string(e, buf);
+}
+
+
+void ERR_free_strings(void)
+{
+ // handled internally
+}
+
+
+void EVP_cleanup(void)
+{
+ // nothing to do yet
+}
+
+
+ASN1_TIME* X509_get_notBefore(X509* x)
+{
+ if (x) return x->GetBefore();
+ return 0;
+}
+
+
+ASN1_TIME* X509_get_notAfter(X509* x)
+{
+ if (x) return x->GetAfter();
+ return 0;
+}
+
+
+SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */
+{
+ return SSLv3_client_method();
+}
+
+
+SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */
+{
+ return 0;
+}
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */
+{
+ return SSL_get_session(ssl);
+}
+
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
+{
+ // no extension names supported yet
+}
+
+
+int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
+{
+ // no extension names supported yet
+ return 0;
+}
+
+
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
+{
+ // no extension names supported yet
+ return 0;
+}
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x)
+{
+ if (x) return x->data;
+ return 0;
+}
+
+
+int ASN1_STRING_length(ASN1_STRING* x)
+{
+ if (x) return x->length;
+ return 0;
+}
+
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+ if (x) return x->type;
+ return 0;
+}
+
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
+{
+ int idx = -1; // not found
+ const char* start = &name->GetName()[lastpos + 1];
+
+ switch (nid) {
+ case NID_commonName:
+ const char* found = strstr(start, "/CN=");
+ if (found) {
+ found += 4; // advance to str
+ idx = found - start + lastpos + 1;
+ }
+ break;
+ }
+
+ return idx;
+}
+
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
+{
+ // the same in yaSSL
+ return ne;
+}
+
+
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
+{
+ return name->GetEntry(loc);
+}
+
+
+// already formatted, caller responsible for freeing *out
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
+{
+ if (!in) return 0;
+
+ *out = (unsigned char*)malloc(in->length + 1);
+ if (*out) {
+ memcpy(*out, in->data, in->length);
+ (*out)[in->length] = 0;
+ }
+ return in->length;
+}
+
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
+{
+ // no extensions supported yet
+ return 0;
+}
+
+
+void MD4_Init(MD4_CTX* md4)
+{
+ assert(0); // not yet supported, build compat. only
+}
+
+
+void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
+{
+}
+
+
+void MD4_Final(unsigned char* hash, MD4_CTX* md4)
+{
+}
+
+
+void MD5_Init(MD5_CTX* md5)
+{
+ // make sure we have a big enough buffer
+ typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
+ (void) sizeof(ok);
+
+ // using TaoCrypt since no dynamic memory allocated
+ // and no destructor will be called
+ new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
+}
+
+
+void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
+{
+ reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
+ static_cast<const byte*>(data), static_cast<unsigned int>(sz));
+}
+
+
+void MD5_Final(unsigned char* hash, MD5_CTX* md5)
+{
+ reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
+}
+
+
// functions for stunnel
void RAND_screen()
@@ -1098,8 +1371,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
}
- void SSLeay_add_ssl_algorithms() // compatibility only
- {}
+ int SSLeay_add_ssl_algorithms() // compatibility only
+ {
+ return 1;
+ }
void ERR_remove_state(unsigned long)
@@ -1129,4 +1404,5 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
// end stunnel needs
+} // extern "C"
} // namespace
diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp
index 5782df213ea..43b80d59a4d 100644
--- a/extra/yassl/src/template_instnt.cpp
+++ b/extra/yassl/src/template_instnt.cpp
@@ -31,7 +31,6 @@
#include "hmac.hpp"
#include "md5.hpp"
#include "sha.hpp"
-#include "ripemd.hpp"
#include "openssl/ssl.h"
#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
@@ -51,12 +50,16 @@ template class list<yaSSL::SSL_SESSION*>;
template class list<yaSSL::input_buffer*>;
template class list<yaSSL::output_buffer*>;
template class list<yaSSL::x509*>;
+template class list<yaSSL::Digest*>;
+template class list<yaSSL::BulkCipher*>;
template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
}
namespace yaSSL {
@@ -82,6 +85,7 @@ template void ysDelete<X509>(X509*);
template void ysDelete<Message>(Message*);
template void ysDelete<sslFactory>(sslFactory*);
template void ysDelete<Sessions>(Sessions*);
+template void ysDelete<CryptProvider>(CryptProvider*);
template void ysArrayDelete<unsigned char>(unsigned char*);
template void ysArrayDelete<char>(char*);
}
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index 1d2d5396ea0..4d6d1fc7aff 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -1975,7 +1975,9 @@ Connection::Connection(ProtocolVersion v, RandomPool& ran)
: pre_master_secret_(0), sequence_number_(0), peer_sequence_number_(0),
pre_secret_len_(0), send_server_key_(false), master_clean_(false),
TLS_(v.major_ >= 3 && v.minor_ >= 1), version_(v), random_(ran)
-{}
+{
+ memset(sessionID_, 0, sizeof(sessionID_));
+}
Connection::~Connection()
diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp
index 396461a6ed5..f7fb1abfa3f 100644
--- a/extra/yassl/src/yassl_int.cpp
+++ b/extra/yassl/src/yassl_int.cpp
@@ -28,7 +28,6 @@
#include "yassl_int.hpp"
#include "handshake.hpp"
#include "timer.hpp"
-#include "openssl/ssl.h" // for DH
#ifdef YASSL_PURE_C
@@ -1375,16 +1374,51 @@ Sessions& GetSessions()
static sslFactory* sslFactoryInstance = 0;
-sslFactory& GetSSL_Factory(){
+sslFactory& GetSSL_Factory()
+{
if (!sslFactoryInstance)
sslFactoryInstance = NEW_YS sslFactory;
return *sslFactoryInstance;
}
-void CleanUp()
+static CryptProvider* cryptProviderInstance = 0;
+
+CryptProvider& GetCryptProvider()
+{
+ if (!cryptProviderInstance)
+ cryptProviderInstance = NEW_YS CryptProvider;
+ return *cryptProviderInstance;
+}
+
+
+CryptProvider::~CryptProvider()
+{
+ mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
+ mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
+}
+
+
+Digest* CryptProvider::NewMd5()
+{
+ Digest* ptr = NEW_YS MD5();
+ digestList_.push_back(ptr);
+ return ptr;
+}
+
+
+BulkCipher* CryptProvider::NewDesEde()
+{
+ BulkCipher* ptr = NEW_YS DES_EDE();
+ cipherList_.push_back(ptr);
+ return ptr;
+}
+
+
+extern "C" void yaSSL_CleanUp()
{
TaoCrypt::CleanUp();
+ ysDelete(cryptProviderInstance);
ysDelete(sslFactoryInstance);
ysDelete(sessionsInstance);
}
@@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b)
X509_NAME::X509_NAME(const char* n, size_t sz)
- : name_(0)
+ : name_(0), sz_(sz)
{
if (sz) {
name_ = NEW_YS char[sz];
memcpy(name_, n, sz);
}
+ entry_.data = 0;
}
X509_NAME::~X509_NAME()
{
ysArrayDelete(name_);
+ ysArrayDelete(entry_.data);
}
@@ -1999,8 +2035,10 @@ char* X509_NAME::GetName()
}
-X509::X509(const char* i, size_t iSz, const char* s, size_t sSz)
- : issuer_(i, iSz), subject_(s, sSz)
+X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
+ const char* b, int bSz, const char* a, int aSz)
+ : issuer_(i, iSz), subject_(s, sSz),
+ beforeDate_(b, bSz), afterDate_(a, aSz)
{}
@@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject()
}
+ASN1_STRING* X509::GetBefore()
+{
+ return beforeDate_.GetString();
+}
+
+
+ASN1_STRING* X509::GetAfter()
+{
+ return afterDate_.GetString();
+}
+
+
+ASN1_STRING* X509_NAME::GetEntry(int i)
+{
+ if (i < 0 || i >= int(sz_))
+ return 0;
+
+ if (entry_.data)
+ ysArrayDelete(entry_.data);
+ entry_.data = NEW_YS byte[sz_]; // max size;
+
+ memcpy(entry_.data, &name_[i], sz_ - i);
+ if (entry_.data[sz_ -i - 1]) {
+ entry_.data[sz_ - i] = 0;
+ entry_.length = sz_ - i;
+ }
+ else
+ entry_.length = sz_ - i - 1;
+ entry_.type = 0;
+
+ return &entry_;
+}
+
+
+StringHolder::StringHolder(const char* str, int sz)
+{
+ asnString_.length = sz;
+ asnString_.data = NEW_YS byte[sz + 1];
+ memcpy(asnString_.data, str, sz);
+ asnString_.type = 0; // not used for now
+}
+
+
+StringHolder::~StringHolder()
+{
+ ysArrayDelete(asnString_.data);
+}
+
+
+ASN1_STRING* StringHolder::GetString()
+{
+ return &asnString_;
+}
+
+
} // namespace
View Lorry Controller Status