diff options
Diffstat (limited to 'extra/yassl/src')
| -rw-r--r-- | extra/yassl/src/buffer.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/cert_wrapper.cpp | 7 | ||||
| -rw-r--r-- | extra/yassl/src/crypto_wrapper.cpp | 19 | ||||
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 20 | ||||
| -rw-r--r-- | extra/yassl/src/lock.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/log.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/socket_wrapper.cpp | 17 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 50 | ||||
| -rw-r--r-- | extra/yassl/src/template_instnt.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/timer.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/yassl.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_error.cpp | 4 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 22 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 43 |
14 files changed, 166 insertions, 40 deletions
diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp index 3bc6dced887..4d396a8d29f 100644 --- a/extra/yassl/src/buffer.cpp +++ b/extra/yassl/src/buffer.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index ae609b510ba..6ad0aa568ed 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -182,7 +186,8 @@ int CertManager::CopyCaCert(const x509* x) signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(), cert.GetCommonName(), cert.GetHash())); } - return cert.GetError().What(); + // just don't add, not an error return cert.GetError().What(); + return 0; } diff --git a/extra/yassl/src/crypto_wrapper.cpp b/extra/yassl/src/crypto_wrapper.cpp index 8859fbdd70f..799106ec7c0 100644 --- a/extra/yassl/src/crypto_wrapper.cpp +++ b/extra/yassl/src/crypto_wrapper.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -904,7 +908,7 @@ void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const // convert PEM file to DER x509 type -x509* PemToDer(const char* fname, CertType type) +x509* PemToDer(FILE* file, CertType type) { using namespace TaoCrypt; @@ -919,10 +923,6 @@ x509* PemToDer(const char* fname, CertType type) strncpy(footer, "-----END RSA PRIVATE KEY-----", sizeof(header)); } - FILE* file = fopen(fname, "rb"); - if (!file) - return 0; - long begin = -1; long end = 0; bool foundEnd = false; @@ -943,18 +943,14 @@ x509* PemToDer(const char* fname, CertType type) else end = ftell(file); - if (begin == -1 || !foundEnd) { - fclose(file); + if (begin == -1 || !foundEnd) return 0; - } input_buffer tmp(end - begin); fseek(file, begin, SEEK_SET); size_t bytes = fread(tmp.get_buffer(), end - begin, 1, file); - if (bytes != 1) { - fclose(file); + if (bytes != 1) return 0; - } Source der(tmp.get_buffer(), end - begin); Base64Decoder b64Dec(der); @@ -963,7 +959,6 @@ x509* PemToDer(const char* fname, CertType type) mySTL::auto_ptr<x509> x(NEW_YS x509(sz), ysDelete); memcpy(x->use_buffer(), der.get_buffer(), sz); - fclose(file); return x.release(); } diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index 12b62f26e14..e93f5385b3d 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -880,7 +884,7 @@ int sendData(SSL& ssl, const void* buffer, int sz) ssl.SetError(no_error); ssl.verfiyHandShakeComplete(); - if (ssl.GetError()) return 0; + if (ssl.GetError()) return -1; int sent = 0; for (;;) { @@ -891,7 +895,7 @@ int sendData(SSL& ssl, const void* buffer, int sz) buildMessage(ssl, out, data); ssl.Send(out.get_buffer(), out.get_size()); - if (ssl.GetError()) return 0; + if (ssl.GetError()) return -1; sent += len; if (sent == sz) break; } @@ -912,20 +916,24 @@ int sendAlert(SSL& ssl, const Alert& alert) // process input data -int receiveData(SSL& ssl, Data& data) +int receiveData(SSL& ssl, Data& data, bool peek) { if (ssl.GetError() == YasslError(SSL_ERROR_WANT_READ)) ssl.SetError(no_error); ssl.verfiyHandShakeComplete(); - if (ssl.GetError()) return 0; + if (ssl.GetError()) return -1; if (!ssl.bufferedData()) processReply(ssl); + + if (peek) + ssl.PeekData(data); + else ssl.fillData(data); - ssl.useLog().ShowData(data.get_length()); - if (ssl.GetError()) return 0; + ssl.useLog().ShowData(data.get_length()); + if (ssl.GetError()) return -1; if (data.get_length() == 0 && ssl.getSocket().WouldBlock()) { ssl.SetError(YasslError(SSL_ERROR_WANT_READ)); diff --git a/extra/yassl/src/lock.cpp b/extra/yassl/src/lock.cpp index 4827d396e81..0f4c80b1616 100644 --- a/extra/yassl/src/lock.cpp +++ b/extra/yassl/src/lock.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/log.cpp b/extra/yassl/src/log.cpp index 8ab351ee2b1..c8030787f3d 100644 --- a/extra/yassl/src/log.cpp +++ b/extra/yassl/src/log.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/socket_wrapper.cpp b/extra/yassl/src/socket_wrapper.cpp index 803f4b01249..7790001fc2d 100644 --- a/extra/yassl/src/socket_wrapper.cpp +++ b/extra/yassl/src/socket_wrapper.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -113,13 +117,22 @@ uint Socket::get_ready() const uint Socket::send(const byte* buf, unsigned int sz, int flags) const { + const byte* pos = buf; + const byte* end = pos + sz; + assert(socket_ != INVALID_SOCKET); - int sent = ::send(socket_, reinterpret_cast<const char *>(buf), sz, flags); + + while (pos != end) { + int sent = ::send(socket_, reinterpret_cast<const char *>(pos), + static_cast<int>(end - pos), flags); if (sent == -1) return 0; - return sent; + pos += sent; + } + + return sz; } diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 07f5e9859b2..81e585ff735 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -64,12 +68,15 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) return SSL_BAD_FILE; if (type == CA) { - x509* ptr = PemToDer(file, Cert); - if (!ptr) { + // may have a bunch of CAs + x509* ptr; + while ( (ptr = PemToDer(input, Cert)) ) + ctx->AddCA(ptr); + + if (!feof(input)) { fclose(input); return SSL_BAD_FILE; } - ctx->AddCA(ptr); // takes ownership } else { x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_; @@ -86,7 +93,7 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type) } } else { - x = PemToDer(file, type); + x = PemToDer(input, type); if (!x) { fclose(input); return SSL_BAD_FILE; @@ -1189,6 +1196,35 @@ void MD5_Final(unsigned char* hash, MD5_CTX* md5) } +int RAND_bytes(unsigned char* buf, int num) +{ + RandomPool ran; + + if (ran.GetError()) return 0; + + ran.Fill(buf, num); + return 1; +} + + +int SSL_peek(SSL* ssl, void* buffer, int sz) +{ + Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer)); + return receiveData(*ssl, data, true); +} + + +int SSL_pending(SSL* ssl) +{ + // Just in case there's pending data that hasn't been processed yet... + char c; + SSL_peek(ssl, &c, 1); + + return ssl->bufferedData(); +} + + + // functions for stunnel void RAND_screen() @@ -1352,12 +1388,6 @@ void MD5_Final(unsigned char* hash, MD5_CTX* md5) } - int SSL_pending(SSL*) - { - return SSL_SUCCESS; // TODO: - } - - int SSL_want_read(SSL*) { return 0; // TODO: diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index ce8972c72fe..c5fc23dabdb 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/timer.cpp b/extra/yassl/src/timer.cpp index 8b7d2d17a84..8500d09120b 100644 --- a/extra/yassl/src/timer.cpp +++ b/extra/yassl/src/timer.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/yassl.cpp b/extra/yassl/src/yassl.cpp index 86af12fd448..5bc8bad8bbc 100644 --- a/extra/yassl/src/yassl.cpp +++ b/extra/yassl/src/yassl.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp index 72b8e459241..4f75de34a98 100644 --- a/extra/yassl/src/yassl_error.cpp +++ b/extra/yassl/src/yassl_error.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 4d6d1fc7aff..310e8819c54 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -428,7 +432,7 @@ opaque* DH_Server::get_serverKey() const // set available suites Parameters::Parameters(ConnectionEnd ce, const Ciphers& ciphers, - ProtocolVersion pv) : entity_(ce) + ProtocolVersion pv, bool haveDH) : entity_(ce) { pending_ = true; // suite not set yet @@ -438,11 +442,11 @@ Parameters::Parameters(ConnectionEnd ce, const Ciphers& ciphers, SetCipherNames(); } else - SetSuites(pv); // defaults + SetSuites(pv, ce == server_end && !haveDH); // defaults } -void Parameters::SetSuites(ProtocolVersion pv) +void Parameters::SetSuites(ProtocolVersion pv, bool removeDH) { int i = 0; // available suites, best first @@ -450,19 +454,23 @@ void Parameters::SetSuites(ProtocolVersion pv) // MAX_CIPHERS is big enough if (isTLS(pv)) { + if (!removeDH) { suites_[i++] = 0x00; suites_[i++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; suites_[i++] = 0x00; suites_[i++] = TLS_DHE_DSS_WITH_AES_256_CBC_SHA; + } suites_[i++] = 0x00; suites_[i++] = TLS_RSA_WITH_AES_256_CBC_SHA; - suites_[i++] = 0x00; - suites_[i++] = TLS_RSA_WITH_AES_128_CBC_SHA; + if (!removeDH) { suites_[i++] = 0x00; suites_[i++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; suites_[i++] = 0x00; suites_[i++] = TLS_DHE_DSS_WITH_AES_128_CBC_SHA; + } + suites_[i++] = 0x00; + suites_[i++] = TLS_RSA_WITH_AES_128_CBC_SHA; suites_[i++] = 0x00; suites_[i++] = TLS_RSA_WITH_AES_256_CBC_RMD160; @@ -471,6 +479,7 @@ void Parameters::SetSuites(ProtocolVersion pv) suites_[i++] = 0x00; suites_[i++] = TLS_RSA_WITH_3DES_EDE_CBC_RMD160; + if (!removeDH) { suites_[i++] = 0x00; suites_[i++] = TLS_DHE_RSA_WITH_AES_256_CBC_RMD160; suites_[i++] = 0x00; @@ -485,6 +494,7 @@ void Parameters::SetSuites(ProtocolVersion pv) suites_[i++] = 0x00; suites_[i++] = TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160; } + } suites_[i++] = 0x00; suites_[i++] = SSL_RSA_WITH_RC4_128_SHA; @@ -496,6 +506,7 @@ void Parameters::SetSuites(ProtocolVersion pv) suites_[i++] = 0x00; suites_[i++] = SSL_RSA_WITH_DES_CBC_SHA; + if (!removeDH) { suites_[i++] = 0x00; suites_[i++] = SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA; suites_[i++] = 0x00; @@ -505,6 +516,7 @@ void Parameters::SetSuites(ProtocolVersion pv) suites_[i++] = SSL_DHE_RSA_WITH_DES_CBC_SHA; suites_[i++] = 0x00; suites_[i++] = SSL_DHE_DSS_WITH_DES_CBC_SHA; + } suites_size_ = i; diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 1ff46903bfd..831942aaf69 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -9,6 +9,10 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * + * There are special exceptions to the terms and conditions of the GPL as it + * is applied to yaSSL. View the full text of the exception in the file + * FLOSS-EXCEPTIONS in the directory of this software distribution. + * * yaSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -260,7 +264,8 @@ const ClientKeyFactory& sslFactory::getClientKey() const // extract context parameters and store SSL::SSL(SSL_CTX* ctx) : secure_(ctx->getMethod()->getVersion(), crypto_.use_random(), - ctx->getMethod()->getSide(), ctx->GetCiphers(), ctx) + ctx->getMethod()->getSide(), ctx->GetCiphers(), ctx, + ctx->GetDH_Parms().set_) { if (int err = crypto_.get_random().GetError()) { SetError(YasslError(err)); @@ -986,6 +991,36 @@ void SSL::fillData(Data& data) } +// like Fill but keep data in buffer +void SSL::PeekData(Data& data) +{ + if (GetError()) return; + uint dataSz = data.get_length(); // input, data size to fill + uint elements = buffers_.getData().size(); + + data.set_length(0); // output, actual data filled + dataSz = min(dataSz, bufferedData()); + + Buffers::inputList::iterator front = buffers_.getData().begin(); + + while (elements) { + uint frontSz = (*front)->get_remaining(); + uint readSz = min(dataSz - data.get_length(), frontSz); + uint before = (*front)->get_current(); + + (*front)->read(data.set_buffer() + data.get_length(), readSz); + data.set_length(data.get_length() + readSz); + (*front)->set_current(before); + + if (data.get_length() == dataSz) + break; + + elements--; + front++; + } +} + + // flush output buffer void SSL::flushBuffer() { @@ -1910,9 +1945,9 @@ Buffers::outputList& Buffers::useHandShake() Security::Security(ProtocolVersion pv, RandomPool& ran, ConnectionEnd ce, - const Ciphers& ciphers, SSL_CTX* ctx) - : conn_(pv, ran), parms_(ce, ciphers, pv), resumeSession_(ran), ctx_(ctx), - resuming_(false) + const Ciphers& ciphers, SSL_CTX* ctx, bool haveDH) + : conn_(pv, ran), parms_(ce, ciphers, pv, haveDH), resumeSession_(ran), + ctx_(ctx), resuming_(false) {} |