diff options
| author | unknown <msvensson@shellback.(none)> | 2006-05-03 13:08:24 +0200 |
|---|---|---|
| committer | unknown <msvensson@shellback.(none)> | 2006-05-03 13:08:24 +0200 |
| commit | f0b1a331da9c3e170b5c08ca68122e92da2a8b7b (patch) | |
| tree | a532ecc3e94ad79d9f70543d83f7b7f1c266196c | |
| parent | 4204f5e192b7d1dc68a95c13643c131afb65b8ce (diff) | |
| download | mariadb-git-f0b1a331da9c3e170b5c08ca68122e92da2a8b7b.tar.gz | |
Update yaSSL to version 1.3.0
extra/yassl/README:
Import patch yassl.diff
extra/yassl/examples/client/client.cpp:
Import patch yassl.diff
extra/yassl/include/openssl/err.h:
Import patch yassl.diff
extra/yassl/include/openssl/md5.h:
Import patch yassl.diff
extra/yassl/include/openssl/ssl.h:
Import patch yassl.diff
extra/yassl/include/yassl_int.hpp:
Import patch yassl.diff
extra/yassl/mySTL/helpers.hpp:
Import patch yassl.diff
extra/yassl/src/cert_wrapper.cpp:
Import patch yassl.diff
extra/yassl/src/ssl.cpp:
Import patch yassl.diff
extra/yassl/src/template_instnt.cpp:
Import patch yassl.diff
extra/yassl/src/yassl_int.cpp:
Import patch yassl.diff
extra/yassl/taocrypt/include/asn.hpp:
Import patch yassl.diff
extra/yassl/taocrypt/src/asn.cpp:
Import patch yassl.diff
extra/yassl/taocrypt/src/integer.cpp:
Import patch yassl.diff
extra/yassl/taocrypt/src/make.bat:
Import patch yassl.diff
extra/yassl/taocrypt/src/misc.cpp:
Import patch yassl.diff
extra/yassl/taocrypt/taocrypt.dsp:
Import patch yassl.diff
extra/yassl/testsuite/test.hpp:
Import patch yassl.diff
extra/yassl/testsuite/testsuite.cpp:
Import patch yassl.diff
extra/yassl/testsuite/testsuite.dsp:
Import patch yassl.diff
extra/yassl/include/openssl/md4.h:
Import patch yassl.diff
extra/yassl/include/openssl/pem.h:
Import patch yassl.diff
extra/yassl/include/openssl/x509.h:
Import patch yassl.diff
extra/yassl/include/openssl/x509v3.h:
Import patch yassl.diff
extra/yassl/lib/dummy:
Import patch yassl.diff
extra/yassl/certs/ca-cert.pem:
New BitKeeper file ``extra/yassl/certs/ca-cert.pem''
extra/yassl/certs/client-cert.pem:
New BitKeeper file ``extra/yassl/certs/client-cert.pem''
extra/yassl/certs/client-key.pem:
New BitKeeper file ``extra/yassl/certs/client-key.pem''
extra/yassl/certs/dsa-cert.pem:
New BitKeeper file ``extra/yassl/certs/dsa-cert.pem''
extra/yassl/certs/dsa512.pem:
New BitKeeper file ``extra/yassl/certs/dsa512.pem''
extra/yassl/certs/server-cert.pem:
New BitKeeper file ``extra/yassl/certs/server-cert.pem''
extra/yassl/certs/server-key.pem:
New BitKeeper file ``extra/yassl/certs/server-key.pem''
extra/yassl/certs/taoCert.txt:
New BitKeeper file ``extra/yassl/certs/taoCert.txt''
33 files changed, 979 insertions, 57 deletions
diff --git a/extra/yassl/README b/extra/yassl/README index ad59fe3965e..62209723f66 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -1,4 +1,37 @@ -yaSSL Release notes, version 1.2.2 (03/27/06) +yaSSL Release notes, version 1.3.0 (04/26/06) + + + This release of yaSSL contains minor bug fixes, portability enhancements, + and libcurl support. + +See normal build instructions below under 1.0.6. + + +--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + To build for libcurl the library needs to be built without C++ globals since + the linker will be called in a C context, also libcurl configure will expect + OpenSSL library names so some symbolic links are created. + + ./configure --enable-pure-c + make + make openssl-links + + (then go to your libcurl home and tell libcurl about yaSSL) + ./configure --with-ssl=/yaSSL-HomeDir + make + + +--To build for libcurl on Win32: + + Simply add the yaSSL project as a dependency to libcurl, add + yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and + define USE_SSLEAY and USE_OPENSSL + + please email todd@yassl.com if you have any questions. + + +*******************yaSSL Release notes, version 1.2.2 (03/27/06) This release of yaSSL contains minor bug fixes and portability enhancements. diff --git a/extra/yassl/certs/ca-cert.pem b/extra/yassl/certs/ca-cert.pem new file mode 100644 index 00000000000..981dd004fc6 --- /dev/null +++ b/extra/yassl/certs/ca-cert.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 20:12:32 2005 GMT + Not After : Oct 15 20:12:32 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6: + 90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26: + c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7: + 6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34: + 7d:79:97:5e:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + X509v3 Authority Key Identifier: + keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84 + DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + 27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d: + 28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29: + a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47: + 03:ea:0b:4c:67:45:4b:ab:f3:39 +-----BEGIN CERTIFICATE----- +MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx +DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh +d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb +BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3 +MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP +BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3 +LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh +c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy +W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h +AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV +HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG +EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE +ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv +bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21 +86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk= +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-cert.pem b/extra/yassl/certs/client-cert.pem new file mode 100644 index 00000000000..81110f17252 --- /dev/null +++ b/extra/yassl/certs/client-cert.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 19:33:15 2005 GMT + Not After : Oct 15 19:33:15 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86: + 36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2: + 26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28: + 65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd: + 46:2a:a0:45:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD + X509v3 Authority Key Identifier: + keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD + DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: md5WithRSAEncryption + c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90: + 3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79: + 7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71: + a6:3c:15:91:85:12:35:6e:78:87 +-----BEGIN CERTIFICATE----- +MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP +MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT +U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A +eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG +A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM +BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN +AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH ++LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA +ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC +wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4 +MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu +ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq +hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6 +hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-key.pem b/extra/yassl/certs/client-key.pem new file mode 100644 index 00000000000..6898b2796fa --- /dev/null +++ b/extra/yassl/certs/client-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz +Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l +n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg +QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT +8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP +YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA +uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L +-----END RSA PRIVATE KEY----- diff --git a/extra/yassl/certs/dsa-cert.pem b/extra/yassl/certs/dsa-cert.pem new file mode 100644 index 00000000000..ecca18dae82 --- /dev/null +++ b/extra/yassl/certs/dsa-cert.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: dsaWithSHA1 + Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com + Validity + Not Before: Jan 23 22:54:51 2005 GMT + Not After : Oct 20 22:54:51 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80: + ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53: + 47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed: + f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73: + ef:bb:b9:82 + P: + 00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb: + 95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e: + df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a: + cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18: + b9:42:fd:1b:11 + Q: + 00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f: + a6:b7:dd:4d:03:09 + G: + 12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c: + b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0: + 71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a: + 04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a: + 10:46:19:31 + X509v3 extensions: + X509v3 Subject Key Identifier: + BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2 + X509v3 Authority Key Identifier: + keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2 + DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: dsaWithSHA1 + 30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62: + f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69: + 72:59:b8:ec:e9:57:f4:bf:37 +-----BEGIN CERTIFICATE----- +MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD +VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE +U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz +bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG +EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE +ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW +DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+ +Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5 +Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l +jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA +AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z +JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK +IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow +eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh +bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ +KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG +SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs +6Vf0vzc= +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/dsa512.pem b/extra/yassl/certs/dsa512.pem new file mode 100644 index 00000000000..04a3dd94a77 --- /dev/null +++ b/extra/yassl/certs/dsa512.pem @@ -0,0 +1,8 @@ +-----BEGIN DSA PRIVATE KEY----- +MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol +m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ +AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE +1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+ +VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc +E2V27tjDFY02uA== +-----END DSA PRIVATE KEY----- diff --git a/extra/yassl/certs/server-cert.pem b/extra/yassl/certs/server-cert.pem new file mode 100644 index 00000000000..403dabdf5fa --- /dev/null +++ b/extra/yassl/certs/server-cert.pem @@ -0,0 +1,38 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com + Validity + Not Before: Jan 18 20:50:59 2005 GMT + Not After : Oct 15 20:50:59 2007 GMT + Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9: + 95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0: + a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be: + 6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd: + f2:25:93:22:e7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2: + 20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53: + c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f: + a2:13:17:a9:b7:83:60:cc:cb:eb +-----BEGIN CERTIFICATE----- +MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD +VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290 +aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI +hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy +MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH +EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh +b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg +0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI +hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA +IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/server-key.pem b/extra/yassl/certs/server-key.pem new file mode 100644 index 00000000000..d6055c4cfd8 --- /dev/null +++ b/extra/yassl/certs/server-key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU +ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC +1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI +2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE +B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw +7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL +WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI= +-----END RSA PRIVATE KEY----- diff --git a/extra/yassl/certs/taoCert.txt b/extra/yassl/certs/taoCert.txt new file mode 100644 index 00000000000..585293e4f2b --- /dev/null +++ b/extra/yassl/certs/taoCert.txt @@ -0,0 +1,50 @@ + +***** Create a self signed cert ************ + +1) openssl genrsa 512 > client-key.pem + +2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem + +-- adding metadata to beginning + +3) openssl x509 -in client-cert.pem -text > tmp.pem + +4) mv tmp.pem client-cert.pem + + +***** Create a CA, signing authority ********** + +same as self signed, use ca prefix instead of client + + +***** Create a cert signed by CA ************** + +1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem + +2) copy ca-key.pem ca-cert.srl (why ????) + +3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem + + + +***** To create a dsa cert ******************** + +1) openssl dsaparam 512 > dsa512.param # creates group params + +2) openssl gendsa dsa512.param > dsa512.pem # creates private key + +3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem + + + + +***** To convert from PEM to DER ************** + +a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER + +to convert rsa private PEM to DER : + +b) openssl rsa -in key.pem -outform DER -out key.der + + + diff --git a/extra/yassl/examples/client/client.cpp b/extra/yassl/examples/client/client.cpp index 704a8e76637..3acd091baad 100644 --- a/extra/yassl/examples/client/client.cpp +++ b/extra/yassl/examples/client/client.cpp @@ -33,10 +33,10 @@ void client_test(void* args) const char* cipher = 0; int index = 0; char list[1024]; - strcpy(list, "cipherlist"); + strncpy(list, "cipherlist", 11); while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) { - strcat(list, ":"); - strcat(list, cipher); + strncat(list, ":", 2); + strncat(list, cipher, strlen(cipher) + 1); } printf("%s\n", list); printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl)); diff --git a/extra/yassl/include/openssl/err.h b/extra/yassl/include/openssl/err.h index 054d0940509..45ac1ca2469 100644 --- a/extra/yassl/include/openssl/err.h +++ b/extra/yassl/include/openssl/err.h @@ -1,6 +1,6 @@ /* err.h for openssl */ -#ifndef ysSSL_err_h__ +#ifndef yaSSL_err_h__ #define yaSSL_err_h__ diff --git a/extra/yassl/include/openssl/md4.h b/extra/yassl/include/openssl/md4.h new file mode 100644 index 00000000000..2e99f977fca --- /dev/null +++ b/extra/yassl/include/openssl/md4.h @@ -0,0 +1 @@ +/* md4.h for libcurl */ diff --git a/extra/yassl/include/openssl/md5.h b/extra/yassl/include/openssl/md5.h index a1025b92782..dfaf9799c44 100644 --- a/extra/yassl/include/openssl/md5.h +++ b/extra/yassl/include/openssl/md5.h @@ -1 +1,4 @@ /* md5.h for openssl */ + +#include "ssl.h" /* in there for now */ + diff --git a/extra/yassl/include/openssl/pem.h b/extra/yassl/include/openssl/pem.h new file mode 100644 index 00000000000..b4c63d56a4d --- /dev/null +++ b/extra/yassl/include/openssl/pem.h @@ -0,0 +1 @@ +/* pem.h for libcurl */ diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index b6840d006df..03a0cfad15b 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -29,6 +29,7 @@ #define yaSSL_openssl_h__ #include <stdio.h> /* ERR_print fp */ +#include "opensslv.h" /* for version number */ #include "rsa.h" #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) @@ -102,7 +103,6 @@ void X509_free(X509*); typedef struct BIO BIO; /* ASN stuff */ -typedef struct ASN1_TIME ASN1_TIME; @@ -345,8 +345,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); void OpenSSL_add_all_algorithms(void); -void SSL_library_init(); -void SSLeay_add_ssl_algorithms(void); +int SSL_library_init(); +int SSLeay_add_ssl_algorithms(void); SSL_CIPHER* SSL_get_current_cipher(SSL*); @@ -371,6 +371,10 @@ typedef unsigned char DES_cblock[8]; typedef const DES_cblock const_DES_cblock; typedef DES_cblock DES_key_schedule; +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; const EVP_MD* EVP_md5(void); const EVP_CIPHER* EVP_des_ede3_cbc(void); @@ -392,6 +396,108 @@ int RAND_write_file(const char*); int RAND_load_file(const char*, long); +/* for libcurl */ +int RAND_status(void); + +int DES_set_key(const_DES_cblock*, DES_key_schedule*); +void DES_set_odd_parity(DES_cblock*); +void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); +void SSL_SESSION_free(SSL_SESSION* session); + +X509* SSL_get_certificate(SSL* ssl); +EVP_PKEY* SSL_get_privatekey(SSL* ssl); +EVP_PKEY* X509_get_pubkey(X509* x); + +int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from); +void EVP_PKEY_free(EVP_PKEY* pkey); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +void ERR_free_strings(void); +void EVP_cleanup(void); + +void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx); + +#define GEN_IPADD 7 +#define NID_subject_alt_name 85 +#define STACK_OF(x) x + + +/* defined here because libcurl dereferences */ +typedef struct ASN1_STRING { + int type; + int length; + unsigned char* data; +} ASN1_STRING; + + +typedef struct GENERAL_NAME { + int type; + union { + ASN1_STRING* ia5; + } d; +} GENERAL_NAME; + +void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x); + +int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x); +GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i); + + +unsigned char* ASN1_STRING_data(ASN1_STRING* x); +int ASN1_STRING_length(ASN1_STRING* x); +int ASN1_STRING_type(ASN1_STRING *x); + +typedef ASN1_STRING X509_NAME_ENTRY; + +int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos); + +ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne); +X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc); + +#define OPENSSL_malloc(x) malloc(x) +#define OPENSSL_free(x) free(x) + +int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in); + +SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */ +SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */ + + +SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ + + +#define CRYPTO_free(x) free(x) +#define ASN1_TIME ASN1_STRING + +ASN1_TIME* X509_get_notBefore(X509* x); +ASN1_TIME* X509_get_notAfter(X509* x); + + +#define ASN1_UTCTIME ASN1_STRING +#define NID_commonName 13 +#define V_ASN1_UTF8STRING 12 +#define GEN_DNS 2 + + +typedef struct MD4_CTX { + void* ptr; +} MD4_CTX; + +void MD4_Init(MD4_CTX*); +void MD4_Update(MD4_CTX*, const void*, unsigned long); +void MD4_Final(unsigned char*, MD4_CTX*); + + +typedef struct MD5_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD5_CTX; + +void MD5_Init(MD5_CTX*); +void MD5_Update(MD5_CTX*, const void*, unsigned long); +void MD5_Final(unsigned char*, MD5_CTX*); + + #define SSL_DEFAULT_CIPHER_LIST "" /* default all */ diff --git a/extra/yassl/include/openssl/x509.h b/extra/yassl/include/openssl/x509.h new file mode 100644 index 00000000000..dcd847c0337 --- /dev/null +++ b/extra/yassl/include/openssl/x509.h @@ -0,0 +1 @@ +/* x509.h for libcurl */ diff --git a/extra/yassl/include/openssl/x509v3.h b/extra/yassl/include/openssl/x509v3.h new file mode 100644 index 00000000000..adf94af8f48 --- /dev/null +++ b/extra/yassl/include/openssl/x509v3.h @@ -0,0 +1 @@ +/* x509v3.h for libcurl */ diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp index 935bae582ea..97ae468d2f9 100644 --- a/extra/yassl/include/yassl_int.hpp +++ b/extra/yassl/include/yassl_int.hpp @@ -34,6 +34,7 @@ #include "cert_wrapper.hpp" #include "log.hpp" #include "lock.hpp" +#include "openssl/ssl.h" // ASN1_STRING and DH namespace yaSSL { @@ -126,32 +127,70 @@ private: }; +// hold add crypt references provided to callers +class CryptProvider { + mySTL::list<Digest*> digestList_; + mySTL::list<BulkCipher*> cipherList_; + CryptProvider() {} // only GetCryptProvider creates +public: + ~CryptProvider(); + + Digest* NewMd5(); + BulkCipher* NewDesEde(); + + friend CryptProvider& GetCryptProvider(); +private: + CryptProvider(const CryptProvider&); // hide copy + CryptProvider& operator=(const CryptProvider&); // and assign +}; + +CryptProvider& GetCryptProvider(); + #undef X509_NAME // wincrypt.h clash // openSSL X509 names class X509_NAME { char* name_; + size_t sz_; + ASN1_STRING entry_; public: X509_NAME(const char*, size_t sz); ~X509_NAME(); char* GetName(); + ASN1_STRING* GetEntry(int i); private: X509_NAME(const X509_NAME&); // hide copy X509_NAME& operator=(const X509_NAME&); // and assign }; +class StringHolder { + ASN1_STRING asnString_; +public: + StringHolder(const char* str, int sz); + ~StringHolder(); + + ASN1_STRING* GetString(); +}; + + // openSSL X509 class X509 { X509_NAME issuer_; X509_NAME subject_; + StringHolder beforeDate_; // not valid before + StringHolder afterDate_; // not valid after public: - X509(const char* i, size_t, const char* s, size_t); + X509(const char* i, size_t, const char* s, size_t, + const char* b, int, const char* a, int); ~X509() {} X509_NAME* GetIssuer(); X509_NAME* GetSubject(); + + ASN1_STRING* GetBefore(); + ASN1_STRING* GetAfter(); private: X509(const X509&); // hide copy X509& operator=(const X509&); // and assign diff --git a/extra/yassl/lib/dummy b/extra/yassl/lib/dummy new file mode 100644 index 00000000000..85c1efd587f --- /dev/null +++ b/extra/yassl/lib/dummy @@ -0,0 +1 @@ +// this is a dummy file diff --git a/extra/yassl/mySTL/helpers.hpp b/extra/yassl/mySTL/helpers.hpp index 5aa14d838b1..df79025197a 100644 --- a/extra/yassl/mySTL/helpers.hpp +++ b/extra/yassl/mySTL/helpers.hpp @@ -44,6 +44,11 @@ return static_cast<void*>(d); } + // for compilers that want matching delete + inline void operator delete(void* ptr, Dummy* d) + { + } + typedef Dummy* yassl_pointer; namespace mySTL { diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index b98c7faf1d0..ae609b510ba 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -271,10 +271,13 @@ int CertManager::Validate() else peerKeyType_ = dsa_sa_algo; - int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0; - int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0; + int iSz = strlen(cert.GetIssuer()) + 1; + int sSz = strlen(cert.GetCommonName()) + 1; + int bSz = strlen(cert.GetBeforeDate()) + 1; + int aSz = strlen(cert.GetAfterDate()) + 1; peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), - sSz); + sSz, cert.GetBeforeDate(), bSz, + cert.GetAfterDate(), aSz); } return 0; } diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 1aab14009d3..97e0e9a1717 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1,4 +1,4 @@ -/* ssl.cpp + /* ssl.cpp * * Copyright (C) 2003 Sawtooth Consulting Ltd. * @@ -36,6 +36,7 @@ #include "openssl/ssl.h" #include "handshake.hpp" #include "yassl_int.hpp" +#include "md5.hpp" // for TaoCrypt MD5 size assert #include <stdio.h> #ifdef _WIN32 @@ -723,8 +724,10 @@ void OpenSSL_add_all_algorithms() // compatibility only {} -void SSL_library_init() // compatiblity only -{} +int SSL_library_init() // compatiblity only +{ + return 1; +} DH* DH_new(void) @@ -804,15 +807,13 @@ const char* X509_verify_cert_error_string(long /* error */) const EVP_MD* EVP_md5(void) { - // TODO: FIX add to some list for destruction - return NEW_YS MD5; + return GetCryptProvider().NewMd5(); } const EVP_CIPHER* EVP_des_ede3_cbc(void) { - // TODO: FIX add to some list for destruction - return NEW_YS DES_EDE; + return GetCryptProvider().NewDesEde(); } @@ -897,6 +898,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, } +// functions for libcurl +int RAND_status() +{ + return 1; /* TaoCrypt provides enough seed */ +} + + +int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule) +{ + memcpy(schedule, key, sizeof(const_DES_cblock)); + return 1; +} + + +void DES_set_odd_parity(DES_cblock* key) +{ + // not needed now for TaoCrypt +} + + +void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output, + DES_key_schedule* key, int enc) +{ + DES des; + + if (enc) { + des.set_encryptKey(*key, 0); + des.encrypt(*output, *input, DES_BLOCK); + } + else { + des.set_decryptKey(*key, 0); + des.decrypt(*output, *input, DES_BLOCK); + } +} + + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata) +{ + // yaSSL doesn't support yet, unencrypt your PEM file with userdata + // before handing off to yaSSL +} + + +X509* SSL_get_certificate(SSL* ssl) +{ + // only used to pass to get_privatekey which isn't used + return 0; +} + + +EVP_PKEY* SSL_get_privatekey(SSL* ssl) +{ + // only called, not used + return 0; +} + + +void SSL_SESSION_free(SSL_SESSION* session) +{ + // managed by singleton +} + + + +EVP_PKEY* X509_get_pubkey(X509* x) +{ + // called, not used though + return 0; +} + + +int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from) +{ + // called, not used though + return 0; +} + + +void EVP_PKEY_free(EVP_PKEY* pkey) +{ + // never allocated from above +} + + +void ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + if (len) ERR_error_string(e, buf); +} + + +void ERR_free_strings(void) +{ + // handled internally +} + + +void EVP_cleanup(void) +{ + // nothing to do yet +} + + +ASN1_TIME* X509_get_notBefore(X509* x) +{ + if (x) return x->GetBefore(); + return 0; +} + + +ASN1_TIME* X509_get_notAfter(X509* x) +{ + if (x) return x->GetAfter(); + return 0; +} + + +SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */ +{ + return SSLv3_client_method(); +} + + +SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */ +{ + return 0; +} + + +SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */ +{ + return SSL_get_session(ssl); +} + + +void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x) +{ + // no extension names supported yet +} + + +int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x) +{ + // no extension names supported yet + return 0; +} + + +GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i) +{ + // no extension names supported yet + return 0; +} + + +unsigned char* ASN1_STRING_data(ASN1_STRING* x) +{ + if (x) return x->data; + return 0; +} + + +int ASN1_STRING_length(ASN1_STRING* x) +{ + if (x) return x->length; + return 0; +} + + +int ASN1_STRING_type(ASN1_STRING *x) +{ + if (x) return x->type; + return 0; +} + + +int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) +{ + int idx = -1; // not found + const char* start = &name->GetName()[lastpos + 1]; + + switch (nid) { + case NID_commonName: + char* found = strstr(start, "/CN="); + if (found) { + found += 4; // advance to str + idx = found - start + lastpos + 1; + } + break; + } + + return idx; +} + + +ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne) +{ + // the same in yaSSL + return ne; +} + + +X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc) +{ + return name->GetEntry(loc); +} + + +// already formatted, caller responsible for freeing *out +int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in) +{ + if (!in) return 0; + + *out = (unsigned char*)malloc(in->length + 1); + if (*out) { + memcpy(*out, in->data, in->length); + (*out)[in->length] = 0; + } + return in->length; +} + + +void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx) +{ + // no extensions supported yet + return 0; +} + + +void MD4_Init(MD4_CTX* md4) +{ + assert(0); // not yet supported, build compat. only +} + + +void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz) +{ +} + + +void MD4_Final(unsigned char* hash, MD4_CTX* md4) +{ +} + + +void MD5_Init(MD5_CTX* md5) +{ + // make sure we have a big enough buffer + typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1]; + (void) sizeof(ok); + + // using TaoCrypt since no dynamic memory allocated + // and no destructor will be called + new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5(); +} + + +void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz) +{ + reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update( + static_cast<const byte*>(data), static_cast<unsigned int>(sz)); +} + + +void MD5_Final(unsigned char* hash, MD5_CTX* md5) +{ + reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash); +} + + // functions for stunnel void RAND_screen() @@ -1098,8 +1368,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, } - void SSLeay_add_ssl_algorithms() // compatibility only - {} + int SSLeay_add_ssl_algorithms() // compatibility only + { + return 1; + } void ERR_remove_state(unsigned long) diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index 5782df213ea..134deb00c75 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -51,12 +51,16 @@ template class list<yaSSL::SSL_SESSION*>; template class list<yaSSL::input_buffer*>; template class list<yaSSL::output_buffer*>; template class list<yaSSL::x509*>; +template class list<yaSSL::Digest*>; +template class list<yaSSL::BulkCipher*>; template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*); template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero); +template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero); +template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero); } namespace yaSSL { @@ -82,6 +86,7 @@ template void ysDelete<X509>(X509*); template void ysDelete<Message>(Message*); template void ysDelete<sslFactory>(sslFactory*); template void ysDelete<Sessions>(Sessions*); +template void ysDelete<CryptProvider>(CryptProvider*); template void ysArrayDelete<unsigned char>(unsigned char*); template void ysArrayDelete<char>(char*); } diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 396461a6ed5..2847217b417 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -28,7 +28,6 @@ #include "yassl_int.hpp" #include "handshake.hpp" #include "timer.hpp" -#include "openssl/ssl.h" // for DH #ifdef YASSL_PURE_C @@ -1375,16 +1374,51 @@ Sessions& GetSessions() static sslFactory* sslFactoryInstance = 0; -sslFactory& GetSSL_Factory(){ +sslFactory& GetSSL_Factory() +{ if (!sslFactoryInstance) sslFactoryInstance = NEW_YS sslFactory; return *sslFactoryInstance; } +static CryptProvider* cryptProviderInstance = 0; + +CryptProvider& GetCryptProvider() +{ + if (!cryptProviderInstance) + cryptProviderInstance = NEW_YS CryptProvider; + return *cryptProviderInstance; +} + + +CryptProvider::~CryptProvider() +{ + mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero()); + mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero()); +} + + +Digest* CryptProvider::NewMd5() +{ + Digest* ptr = NEW_YS MD5(); + digestList_.push_back(ptr); + return ptr; +} + + +BulkCipher* CryptProvider::NewDesEde() +{ + BulkCipher* ptr = NEW_YS DES_EDE(); + cipherList_.push_back(ptr); + return ptr; +} + + void CleanUp() { TaoCrypt::CleanUp(); + ysDelete(cryptProviderInstance); ysDelete(sslFactoryInstance); ysDelete(sessionsInstance); } @@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b) X509_NAME::X509_NAME(const char* n, size_t sz) - : name_(0) + : name_(0), sz_(sz) { if (sz) { name_ = NEW_YS char[sz]; memcpy(name_, n, sz); } + entry_.data = 0; } X509_NAME::~X509_NAME() { ysArrayDelete(name_); + ysArrayDelete(entry_.data); } @@ -1999,8 +2035,10 @@ char* X509_NAME::GetName() } -X509::X509(const char* i, size_t iSz, const char* s, size_t sSz) - : issuer_(i, iSz), subject_(s, sSz) +X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, + const char* b, int bSz, const char* a, int aSz) + : issuer_(i, iSz), subject_(s, sSz), + beforeDate_(b, bSz), afterDate_(a, aSz) {} @@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject() } +ASN1_STRING* X509::GetBefore() +{ + return beforeDate_.GetString(); +} + + +ASN1_STRING* X509::GetAfter() +{ + return afterDate_.GetString(); +} + + +ASN1_STRING* X509_NAME::GetEntry(int i) +{ + if (i < 0 || i >= int(sz_)) + return 0; + + if (entry_.data) + ysArrayDelete(entry_.data); + entry_.data = NEW_YS byte[sz_]; // max size; + + memcpy(entry_.data, &name_[i], sz_ - i); + if (entry_.data[sz_ -i - 1]) { + entry_.data[sz_ - i] = 0; + entry_.length = sz_ - i; + } + else + entry_.length = sz_ - i - 1; + entry_.type = 0; + + return &entry_; +} + + +StringHolder::StringHolder(const char* str, int sz) +{ + asnString_.length = sz; + asnString_.data = NEW_YS byte[sz + 1]; + memcpy(asnString_.data, str, sz); + asnString_.type = 0; // not used for now +} + + +StringHolder::~StringHolder() +{ + ysArrayDelete(asnString_.data); +} + + +ASN1_STRING* StringHolder::GetString() +{ + return &asnString_; +} + + } // namespace diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index 6a1163fbb1c..da4c0ce1349 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -79,20 +79,27 @@ enum ASNIdFlag enum DNTags { - COMMON_NAME = 0x03 + COMMON_NAME = 0x03, // CN + SUR_NAME = 0x04, // SN + COUNTRY_NAME = 0x06, // C + LOCALITY_NAME = 0x07, // L + STATE_NAME = 0x08, // ST + ORG_NAME = 0x0a, // O + ORGUNIT_NAME = 0x0b // OU }; enum Constants { MIN_DATE_SZ = 13, - MAX_DATE_SZ = 15, + MAX_DATE_SZ = 16, MAX_ALGO_SZ = 16, MAX_LENGTH_SZ = 5, MAX_SEQ_SZ = 5, // enum(seq|con) + length(4) MAX_ALGO_SIZE = 9, MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4) - DSA_SIG_SZ = 40 + DSA_SIG_SZ = 40, + NAME_MAX = 512 // max total of all included names }; @@ -205,14 +212,14 @@ enum { SHA_SIZE = 20 }; // A Signing Authority class Signer { PublicKey key_; - char* name_; + char name_[NAME_MAX]; byte hash_[SHA_SIZE]; public: Signer(const byte* k, word32 kSz, const char* n, const byte* h); ~Signer(); const PublicKey& GetPublicKey() const { return key_; } - const char* GetCommonName() const { return name_; } + const char* GetName() const { return name_; } const byte* GetHash() const { return hash_; } private: @@ -245,6 +252,8 @@ public: const char* GetIssuer() const { return issuer_; } const char* GetCommonName() const { return subject_; } const byte* GetHash() const { return subjectHash_; } + const char* GetBeforeDate() const { return beforeDate_; } + const char* GetAfterDate() const { return afterDate_; } void DecodeToKey(); private: @@ -257,8 +266,10 @@ private: byte subjectHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names byte* signature_; - char* issuer_; // CommonName - char* subject_; // CommonName + char issuer_[NAME_MAX]; // Names + char subject_[NAME_MAX]; // Names + char beforeDate_[MAX_DATE_SZ]; // valid before date + char afterDate_[MAX_DATE_SZ]; // valid after date bool verify_; // Default to yes, but could be off void ReadHeader(); diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index 3efc26ab168..383fe65dea6 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -213,21 +213,17 @@ void PublicKey::AddToEnd(const byte* data, word32 len) Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h) - : key_(k, kSz), name_(0) + : key_(k, kSz) { - if (n) { int sz = strlen(n); - name_ = NEW_TC char[sz + 1]; memcpy(name_, n, sz); name_[sz] = 0; - } memcpy(hash_, h, SHA::DIGEST_SIZE); } Signer::~Signer() { - tcArrayDelete(name_); } @@ -424,17 +420,19 @@ void DH_Decoder::Decode(DH& key) CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers, bool noVerify, CertType ct) : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), - signature_(0), issuer_(0), subject_(0), verify_(!noVerify) + signature_(0), verify_(!noVerify) { + issuer_[0] = 0; + subject_[0] = 0; + if (decode) Decode(signers, ct); + } CertDecoder::~CertDecoder() { - tcArrayDelete(subject_); - tcArrayDelete(issuer_); tcArrayDelete(signature_); } @@ -672,8 +670,12 @@ void CertDecoder::GetName(NameType nt) SHA sha; word32 length = GetSequence(); // length of all distinguished names + assert (length < NAME_MAX); length += source_.get_index(); + char* ptr = (nt == ISSUER) ? issuer_ : subject_; + word32 idx = 0; + while (source_.get_index() < length) { GetSet(); GetSequence(); @@ -694,13 +696,49 @@ void CertDecoder::GetName(NameType nt) byte id = source_.next(); b = source_.next(); // strType word32 strLen = GetLength(source_); + bool copy = false; if (id == COMMON_NAME) { - char*& ptr = (nt == ISSUER) ? issuer_ : subject_; - ptr = NEW_TC char[strLen + 1]; - memcpy(ptr, source_.get_current(), strLen); - ptr[strLen] = 0; + memcpy(&ptr[idx], "/CN=", 4); + idx += 4; + copy = true; + } + else if (id == SUR_NAME) { + memcpy(&ptr[idx], "/SN=", 4); + idx += 4; + copy = true; + } + else if (id == COUNTRY_NAME) { + memcpy(&ptr[idx], "/C=", 3); + idx += 3; + copy = true; + } + else if (id == LOCALITY_NAME) { + memcpy(&ptr[idx], "/L=", 3); + idx += 3; + copy = true; + } + else if (id == STATE_NAME) { + memcpy(&ptr[idx], "/ST=", 4); + idx += 4; + copy = true; } + else if (id == ORG_NAME) { + memcpy(&ptr[idx], "/O=", 3); + idx += 3; + copy = true; + } + else if (id == ORGUNIT_NAME) { + memcpy(&ptr[idx], "/OU=", 4); + idx += 4; + copy = true; + } + + if (copy) { + memcpy(&ptr[idx], source_.get_current(), strLen); + idx += strLen; + } + sha.Update(source_.get_current(), strLen); source_.advance(strLen); } @@ -711,6 +749,8 @@ void CertDecoder::GetName(NameType nt) source_.advance(length); } } + ptr[idx++] = 0; + if (nt == ISSUER) sha.Final(issuerHash_); else @@ -744,6 +784,16 @@ void CertDecoder::GetDate(DateType dt) source_.SetError(BEFORE_DATE_E); else source_.SetError(AFTER_DATE_E); + + // save for later use + if (dt == BEFORE) { + memcpy(beforeDate_, date, length); + beforeDate_[length] = 0; + } + else { // after + memcpy(afterDate_, date, length); + afterDate_[length] = 0; + } } diff --git a/extra/yassl/taocrypt/src/integer.cpp b/extra/yassl/taocrypt/src/integer.cpp index 82a248ff7da..885ddfbf630 100644 --- a/extra/yassl/taocrypt/src/integer.cpp +++ b/extra/yassl/taocrypt/src/integer.cpp @@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b) product.reg_.CleanNew(RoundupSize(aSize + bSize)); product.sign_ = Integer::POSITIVE; - WordBlock workspace(aSize + bSize); + AlignedWordBlock workspace(aSize + bSize); AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize); } @@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient, quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2)); quotient.sign_ = Integer::POSITIVE; - WordBlock T(aSize+2*bSize+4); + AlignedWordBlock T(aSize+2*bSize+4); Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(), T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize); @@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const return !u ? Zero() : (m*(*this-u)+1)/(*this); } - WordBlock T(m.reg_.size() * 4); + AlignedWordBlock T(m.reg_.size() * 4); Integer r((word)0, m.reg_.size()); unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(), reg_.get_buffer(), reg_.size(), diff --git a/extra/yassl/taocrypt/src/make.bat b/extra/yassl/taocrypt/src/make.bat index 5a2ae580b76..3acd50fc875 100644 --- a/extra/yassl/taocrypt/src/make.bat +++ b/extra/yassl/taocrypt/src/make.bat @@ -1,4 +1,4 @@ -# quick and dirty build file for testing different MSDEVs +REM quick and dirty build file for testing different MSDEVs setlocal set myFLAGS= /I../include /I../../mySTL /c /W3 /G6 /O2 diff --git a/extra/yassl/taocrypt/src/misc.cpp b/extra/yassl/taocrypt/src/misc.cpp index 3d0539187a7..4ef163a7f5d 100644 --- a/extra/yassl/taocrypt/src/misc.cpp +++ b/extra/yassl/taocrypt/src/misc.cpp @@ -25,6 +25,15 @@ #include "runtime.hpp" #include "misc.hpp" + +extern "C" { + + // for libcurl configure test, these are the signatures they use + // locking handled internally by library + char CRYPTO_lock() { return 0;} + char CRYPTO_add_lock() { return 0;} +} // extern "C" + #ifdef YASSL_PURE_C void* operator new(size_t sz, TaoCrypt::new_t) diff --git a/extra/yassl/taocrypt/taocrypt.dsp b/extra/yassl/taocrypt/taocrypt.dsp index 13b9a07419b..b741cef0096 100644 --- a/extra/yassl/taocrypt/taocrypt.dsp +++ b/extra/yassl/taocrypt/taocrypt.dsp @@ -64,7 +64,8 @@ LIB32=link.exe -lib # PROP Intermediate_Dir "Debug" # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# SUBTRACT CPP /Fr # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 79d02b63558..7fe8656f6d2 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -305,8 +305,8 @@ inline void showPeer(SSL* ssl) char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); printf("peer's cert info:\n"); - printf("issuer is: %s\n", issuer); - printf("subject is: %s\n", subject); + printf("issuer : %s\n", issuer); + printf("subject: %s\n", subject); free(subject); free(issuer); diff --git a/extra/yassl/testsuite/testsuite.cpp b/extra/yassl/testsuite/testsuite.cpp index af988432a86..f8bbf698c70 100644 --- a/extra/yassl/testsuite/testsuite.cpp +++ b/extra/yassl/testsuite/testsuite.cpp @@ -146,10 +146,10 @@ int test_openSSL_des() (byte*)key, iv); byte cipher[16]; - DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8], - &key[16], &iv, true); + DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1], + &key[2], &iv, true); byte plain[16]; - DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16], + DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2], &iv, false); return 0; } diff --git a/extra/yassl/testsuite/testsuite.dsp b/extra/yassl/testsuite/testsuite.dsp index f896aa7f020..24c325fa878 100644 --- a/extra/yassl/testsuite/testsuite.dsp +++ b/extra/yassl/testsuite/testsuite.dsp @@ -42,7 +42,7 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c +# ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe @@ -67,7 +67,7 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c +# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe |