Menu
▾
▴
[Dcplusplus-commit] SF.net SVN: dcplusplus: [688] dcplusplus/trunk
|
From: <arn...@us...> - 2006-12-13 20:39:46
|
Revision: 688
http://svn.sourceforge.net/dcplusplus/?rev=688&view=rev
Author: arnetheduck
Date: 2006-12-13 12:39:44 -0800 (Wed, 13 Dec 2006)
Log Message:
-----------
yassl update
Modified Paths:
--------------
dcplusplus/trunk/changelog.txt
dcplusplus/trunk/client/stdinc.h
dcplusplus/trunk/yassl/README
dcplusplus/trunk/yassl/certs/taoCert.txt
dcplusplus/trunk/yassl/include/buffer.hpp
dcplusplus/trunk/yassl/include/cert_wrapper.hpp
dcplusplus/trunk/yassl/include/crypto_wrapper.hpp
dcplusplus/trunk/yassl/include/factory.hpp
dcplusplus/trunk/yassl/include/openssl/ssl.h
dcplusplus/trunk/yassl/include/socket_wrapper.hpp
dcplusplus/trunk/yassl/include/yassl_error.hpp
dcplusplus/trunk/yassl/include/yassl_imp.hpp
dcplusplus/trunk/yassl/include/yassl_int.hpp
dcplusplus/trunk/yassl/include/yassl_types.hpp
dcplusplus/trunk/yassl/src/cert_wrapper.cpp
dcplusplus/trunk/yassl/src/crypto_wrapper.cpp
dcplusplus/trunk/yassl/src/handshake.cpp
dcplusplus/trunk/yassl/src/socket_wrapper.cpp
dcplusplus/trunk/yassl/src/ssl.cpp
dcplusplus/trunk/yassl/src/template_instnt.cpp
dcplusplus/trunk/yassl/src/yassl.cpp
dcplusplus/trunk/yassl/src/yassl_error.cpp
dcplusplus/trunk/yassl/src/yassl_imp.cpp
dcplusplus/trunk/yassl/src/yassl_int.cpp
dcplusplus/trunk/yassl/taocrypt/include/aes.hpp
dcplusplus/trunk/yassl/taocrypt/include/arc4.hpp
dcplusplus/trunk/yassl/taocrypt/include/asn.hpp
dcplusplus/trunk/yassl/taocrypt/include/block.hpp
dcplusplus/trunk/yassl/taocrypt/include/blowfish.hpp
dcplusplus/trunk/yassl/taocrypt/include/config.h.in
dcplusplus/trunk/yassl/taocrypt/include/des.hpp
dcplusplus/trunk/yassl/taocrypt/include/error.hpp
dcplusplus/trunk/yassl/taocrypt/include/file.hpp
dcplusplus/trunk/yassl/taocrypt/include/hmac.hpp
dcplusplus/trunk/yassl/taocrypt/include/integer.hpp
dcplusplus/trunk/yassl/taocrypt/include/md5.hpp
dcplusplus/trunk/yassl/taocrypt/include/misc.hpp
dcplusplus/trunk/yassl/taocrypt/include/modes.hpp
dcplusplus/trunk/yassl/taocrypt/include/pwdbased.hpp
dcplusplus/trunk/yassl/taocrypt/include/ripemd.hpp
dcplusplus/trunk/yassl/taocrypt/include/rsa.hpp
dcplusplus/trunk/yassl/taocrypt/include/sha.hpp
dcplusplus/trunk/yassl/taocrypt/include/twofish.hpp
dcplusplus/trunk/yassl/taocrypt/src/aes.cpp
dcplusplus/trunk/yassl/taocrypt/src/algebra.cpp
dcplusplus/trunk/yassl/taocrypt/src/arc4.cpp
dcplusplus/trunk/yassl/taocrypt/src/asn.cpp
dcplusplus/trunk/yassl/taocrypt/src/blowfish.cpp
dcplusplus/trunk/yassl/taocrypt/src/des.cpp
dcplusplus/trunk/yassl/taocrypt/src/dh.cpp
dcplusplus/trunk/yassl/taocrypt/src/integer.cpp
dcplusplus/trunk/yassl/taocrypt/src/md4.cpp
dcplusplus/trunk/yassl/taocrypt/src/md5.cpp
dcplusplus/trunk/yassl/taocrypt/src/misc.cpp
dcplusplus/trunk/yassl/taocrypt/src/random.cpp
dcplusplus/trunk/yassl/taocrypt/src/ripemd.cpp
dcplusplus/trunk/yassl/taocrypt/src/sha.cpp
dcplusplus/trunk/yassl/taocrypt/src/template_instnt.cpp
dcplusplus/trunk/yassl/taocrypt/src/twofish.cpp
dcplusplus/trunk/yassl/taocrypt/taocrypt.vcproj
dcplusplus/trunk/yassl/yassl.vcproj
Added Paths:
-----------
dcplusplus/trunk/help/settings_tabs.html
dcplusplus/trunk/yassl/mySTL/memory_array.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/
dcplusplus/trunk/yassl/taocrypt/mySTL/algorithm.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/helpers.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/list.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/memory.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/memory_array.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/pair.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/stdexcept.hpp
dcplusplus/trunk/yassl/taocrypt/mySTL/vector.hpp
dcplusplus/trunk/yassl/taocrypt/src/crypto.cpp
Modified: dcplusplus/trunk/changelog.txt
===================================================================
--- dcplusplus/trunk/changelog.txt 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/changelog.txt 2006-12-13 20:39:44 UTC (rev 688)
@@ -20,7 +20,8 @@
* [bug 1110] Added new adc hub list (thanks mafa_45)
* [bug 1091] Added new nmdc hub lists (thanks poy)
* [bug 1112] Port sign cleanup (thanks steven sheehy)
-* Fixed ADC client-to-client connection sequence
+* [ADC] Fixed client-to-client connection sequence
+* [bug 1064] Updated to YaSSL 1.5.0, should fix crash
-- 0.698 2006-10-10 --
* [bug 1065] Code cleanup (thanks steven sheehy)
Modified: dcplusplus/trunk/client/stdinc.h
===================================================================
--- dcplusplus/trunk/client/stdinc.h 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/client/stdinc.h 2006-12-13 20:39:44 UTC (rev 688)
@@ -33,6 +33,10 @@
#define BZ_NO_STDIO 1
#endif
+#ifndef USE_SYS_STL
+#define USE_SYS_STL 1
+#endif
+
#ifdef HAVE_STLPORT
# define _STLP_DONT_USE_SHORT_STRING_OPTIM 1 // Lots of memory issues with this undefined...wonder what's up with that..
# define _STLP_USE_PTR_SPECIALIZATIONS 1
Added: dcplusplus/trunk/help/settings_tabs.html
===================================================================
--- dcplusplus/trunk/help/settings_tabs.html (rev 0)
+++ dcplusplus/trunk/help/settings_tabs.html 2006-12-13 20:39:44 UTC (rev 688)
@@ -0,0 +1,44 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+ <title>Tabs</title>
+ <meta content="text/html; charset=us-ascii" http-equiv="content-type">
+ <link href="office11.css" rel="stylesheet" type="text/css">
+</head>
+<body>
+<h1>Tab bolding on contents change</h1>
+<dl style="margin-left: 40px;">
+ <dt>Finished Downloads</dt>
+ <dd>When a download completes, the Finished
+Downloads tab will turn bold if this option is selected.</dd>
+ <dt>Finished Uploads</dt>
+ <dd>When a upload completes, the Finished
+Uploads tab will turn bold if this option is selected.</dd>
+ <dt>Download Queue</dt>
+ <dd>This option controls whether or not the Download Queue's tab will
+highlight itself when a queue item changes state or finishes.</dd>
+ <dt>Hub</dt>
+ <dd>When a chat message appears in a hub that's
+not focused the tab will become bold if you have this option selected.</dd>
+<dt>Private message</dt>
+ <dd>When a private message appears that's
+not focused the tab will become bold if you have this option selected.</dd>
+<dt>Search</dt>
+ <dd>If more search result appear in an open search window that's
+not focused the tab will become bold if you have this option selected.</dd>
+<dt>Waiting users</dt>
+ <dd>If a user or an item is added or removed while the tab is not
+focused, the tab will become bold if you have this option selected.</dd>
+<dt>System log</dt>
+ <dd>If an system log entry is added while the tab is not focused, the tab will become bold if you have this option selected.</dd>
+</dl>
+<h2>Options</h2>
+<dl style="margin-left: 40px;">
+ <dt>Max Tab Rows</dt>
+ <dd>The maximum number of rows of tabs that DC++ will make. Any
+tabs that do not fit will be accessible through the chevron at the
+right of the tab control. (default: 2)</dd>
+</body>
+</html>
+
+
Modified: dcplusplus/trunk/yassl/README
===================================================================
--- dcplusplus/trunk/yassl/README 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/README 2006-12-13 20:39:44 UTC (rev 688)
@@ -1,7 +1,59 @@
-yaSSL Release notes, version 1.4.0 (08/13/06)
+yaSSL Release notes, version 1.5.0 (11/09/06)
+ This release of yaSSL contains bug fixes, portability enhancements,
+ and full TLS 1.1 support. Use the functions:
+ SSL_METHOD *TLSv1_1_server_method(void);
+ SSL_METHOD *TLSv1_1_client_method(void);
+
+ or the SSLv23 versions (even though yaSSL doesn't support SSL 2.0 the v23
+ means to pick the highest of SSL 3.0, TLS 1.0, or TLS 1.1.
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+
+****************yaSSL Release notes, version 1.4.5 (10/15/06)
+
+
This release of yaSSL contains bug fixes, portability enhancements,
+ zlib compression support, removal of assembly instructions at runtime if
+ not supported, and initial TLS 1.1 support.
+
+
+ Compression Notes: yaSSL uses zlib for compression and the compression
+ should only be used if yaSSL is at both ends because the implementation
+ details aren't yet standard. If you'd like to turn compression on use
+ the SSL_set_compression() function on the client before calling
+ SSL_connect(). If both the client and server were built with zlib support
+ then the connection will use compression. If the client isn't built with
+ support then SSL_set_compression() will return an error (-1).
+
+ To build yaSSL with zlib support on Unix simply have zlib support on your
+ system and configure will find it if it's in the standard locations. If
+ it's somewhere else use the option ./configure --with-zlib=DIR. If you'd
+ like to disable compression support in yaSSL use ./configure --without-zlib.
+
+ To build yaSSL with zlib support on Windows:
+
+ 1) download zlib from http://www.zlib.net/
+ 2) follow the instructions in zlib from projects/visualc6/README.txt
+ for how to add the zlib project into the yaSSL workspace noting that
+ you'll need to add configuration support for "Win32 Debug" and
+ "Win32 Release" in note 3 under "To use:".
+ 3) define HAVE_LIBZ when building yaSSL
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.4.0 (08/13/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
nonblocking connect and accept, better OpenSSL error mapping, and
certificate caching for session resumption.
@@ -122,19 +174,7 @@
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
---To enable ia32 assembly for TaoCrypt ciphers and message digests
- On MSVC this is always on
-
- On GCC **, use ./configure --enable-ia32-asm
-
- ** This isn't on by default because of the use of intel syntax and the
- problem that olders versions of gas have with some addressing statements.
- If you enable this and get assemler errors during compilation or can't
- pass the TaoCrypt tests, please send to...@ya... a message and disable
- this option in the meantime.
-
-
***************** yaSSL Release notes, version 1.0.5
This release of yaSSL contains minor bug fixes, portability enhancements,
Modified: dcplusplus/trunk/yassl/certs/taoCert.txt
===================================================================
--- dcplusplus/trunk/yassl/certs/taoCert.txt 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/certs/taoCert.txt 2006-12-13 20:39:44 UTC (rev 688)
@@ -47,4 +47,11 @@
b) openssl rsa -in key.pem -outform DER -out key.der
+**** To encrypt rsa key already in pem **********
+a) openssl rsa <server-key.pem.bak -des >server-keyEnc.pem
+
+note location of des
+
+
+
Modified: dcplusplus/trunk/yassl/include/buffer.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/buffer.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/buffer.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -34,9 +34,12 @@
#include <assert.h> // assert
#include "yassl_types.hpp" // ysDelete
#include "memory.hpp" // mySTL::auto_ptr
-#include "algorithm.hpp" // mySTL::swap
+#include STL_ALGORITHM_FILE
+namespace STL = STL_NAMESPACE;
+
+
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
@@ -199,7 +202,7 @@
void operator()(T*& p) const
{
T* tmp = 0;
- mySTL::swap(tmp, p);
+ STL::swap(tmp, p);
checked_delete(tmp);
}
};
Modified: dcplusplus/trunk/yassl/include/cert_wrapper.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/cert_wrapper.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/cert_wrapper.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -41,9 +41,13 @@
#include "yassl_types.hpp" // SignatureAlgorithm
#include "buffer.hpp" // input_buffer
#include "asn.hpp" // SignerList
-#include "list.hpp" // mySTL::list
-#include "algorithm.hpp" // mySTL::for_each
+#include STL_LIST_FILE
+#include STL_ALGORITHM_FILE
+
+namespace STL = STL_NAMESPACE;
+
+
namespace yaSSL {
typedef unsigned char opaque;
@@ -72,7 +76,7 @@
// Certificate Manager keeps a list of the cert chain and public key
class CertManager {
- typedef mySTL::list<x509*> CertList;
+ typedef STL::list<x509*> CertList;
CertList list_; // self
input_buffer privateKey_;
Modified: dcplusplus/trunk/yassl/include/crypto_wrapper.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/crypto_wrapper.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/crypto_wrapper.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -416,9 +416,19 @@
class x509;
-x509* PemToDer(FILE*, CertType);
+struct EncryptedInfo {
+ enum { IV_SZ = 32, NAME_SZ = 80 };
+ char name[NAME_SZ]; // max one line
+ byte iv[IV_SZ]; // in base16 rep
+ uint ivSz;
+ bool set;
+ EncryptedInfo() : ivSz(0), set(false) {}
+};
+x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0);
+
+
} // naemspace
#endif // yaSSL_CRYPTO_WRAPPER_HPP
Modified: dcplusplus/trunk/yassl/include/factory.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/factory.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/factory.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -35,19 +35,16 @@
#ifndef yaSSL_FACTORY_HPP
#define yaSSL_FACTORY_HPP
-#include "vector.hpp"
-#include "pair.hpp"
+#include STL_VECTOR_FILE
+#include STL_PAIR_FILE
+namespace STL = STL_NAMESPACE;
-// VC60 workaround: it doesn't allow typename in some places
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
- #define CPP_TYPENAME
-#else
- #define CPP_TYPENAME typename
-#endif
+
+
namespace yaSSL {
@@ -58,8 +55,8 @@
typename ProductCreator = AbstractProduct* (*)()
>
class Factory {
- typedef mySTL::pair<IdentifierType, ProductCreator> CallBack;
- typedef mySTL::vector<CallBack> CallBackVector;
+ typedef STL::pair<IdentifierType, ProductCreator> CallBack;
+ typedef STL::vector<CallBack> CallBackVector;
CallBackVector callbacks_;
public:
@@ -79,14 +76,16 @@
// register callback
void Register(const IdentifierType& id, ProductCreator pc)
{
- callbacks_.push_back(mySTL::make_pair(id, pc));
+ callbacks_.push_back(STL::make_pair(id, pc));
}
// THE Creator, returns a new object of the proper type or 0
AbstractProduct* CreateObject(const IdentifierType& id) const
{
- const CallBack* first = callbacks_.begin();
- const CallBack* last = callbacks_.end();
+ typedef typename STL::vector<CallBack>::const_iterator cIter;
+
+ cIter first = callbacks_.begin();
+ cIter last = callbacks_.end();
while (first != last) {
if (first->first == id)
Modified: dcplusplus/trunk/yassl/include/openssl/ssl.h
===================================================================
--- dcplusplus/trunk/yassl/include/openssl/ssl.h 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/openssl/ssl.h 2006-12-13 20:39:44 UTC (rev 688)
@@ -41,7 +41,7 @@
#include "rsa.h"
-#define YASSL_VERSION "1.4.0"
+#define YASSL_VERSION "1.5.0"
#if defined(__cplusplus)
@@ -228,6 +228,7 @@
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
long SSL_SESSION_set_timeout(SSL_SESSION*, long);
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode);
X509* SSL_get_peer_certificate(SSL*);
long SSL_get_verify_result(SSL*);
@@ -359,8 +360,10 @@
SSL_METHOD *SSLv3_method(void);
SSL_METHOD *SSLv3_server_method(void);
SSL_METHOD *SSLv3_client_method(void);
-SSL_METHOD *TLSv1_server_method(void);
+SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
+SSL_METHOD *TLSv1_1_server_method(void);
+SSL_METHOD *TLSv1_1_client_method(void);
SSL_METHOD *SSLv23_server_method(void);
int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
@@ -531,8 +534,12 @@
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
+/* yaSSL adds */
+int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */
+
+
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
} /* namespace */
} /* extern "C" */
Modified: dcplusplus/trunk/yassl/include/socket_wrapper.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/socket_wrapper.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/socket_wrapper.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -70,8 +70,8 @@
// Wraps Windows Sockets and BSD Sockets
class Socket {
socket_t socket_; // underlying socket descriptor
- bool wouldBlock_; // for non-blocking data
- bool blocking_; // is option set
+ bool wouldBlock_; // if non-blocking data, for last read
+ bool nonBlocking_; // is option set
public:
explicit Socket(socket_t s = INVALID_SOCKET);
~Socket();
@@ -85,7 +85,7 @@
bool wait();
bool WouldBlock() const;
- bool IsBlocking() const;
+ bool IsNonBlocking() const;
void closeSocket();
void shutDown(int how = SD_SEND);
Modified: dcplusplus/trunk/yassl/include/yassl_error.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/yassl_error.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/yassl_error.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -54,8 +54,15 @@
verify_error = 112,
send_error = 113,
receive_error = 114,
- certificate_error = 115
+ certificate_error = 115,
+ privateKey_error = 116,
+ badVersion_error = 117,
+ compress_error = 118,
+ decompress_error = 119,
+ pms_version_error = 120
+ // !!!! add error message to .cpp !!!!
+
// 1000+ from TaoCrypt error.hpp
};
Modified: dcplusplus/trunk/yassl/include/yassl_imp.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/yassl_imp.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/yassl_imp.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -39,9 +39,12 @@
#include "yassl_types.hpp"
#include "factory.hpp"
-#include "list.hpp" // mySTL::list
+#include STL_LIST_FILE
+namespace STL = STL_NAMESPACE;
+
+
namespace yaSSL {
@@ -129,7 +132,6 @@
public:
Data();
Data(uint16 len, opaque* b);
- Data(uint16 len, const opaque* w);
friend output_buffer& operator<<(output_buffer&, const Data&);
@@ -138,9 +140,9 @@
ContentType get_type() const;
uint16 get_length() const;
- const opaque* get_buffer() const;
void set_length(uint16 l);
opaque* set_buffer();
+ void SetData(uint16, const opaque*);
void Process(input_buffer&, SSL&);
private:
Data(const Data&); // hide copy
@@ -229,11 +231,11 @@
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
- friend void buildClientHello(SSL&, ClientHello&, CompressionMethod);
+ friend void buildClientHello(SSL&, ClientHello&);
friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
ClientHello();
- explicit ClientHello(ProtocolVersion pv);
+ ClientHello(ProtocolVersion pv, bool useCompression);
private:
ClientHello(const ClientHello&); // hide copy
ClientHello& operator=(const ClientHello&); // and assign
@@ -250,7 +252,7 @@
opaque cipher_suite_[SUITE_LEN];
CompressionMethod compression_method_;
public:
- explicit ServerHello(ProtocolVersion pv);
+ ServerHello(ProtocolVersion pv, bool useCompression);
ServerHello();
friend input_buffer& operator>>(input_buffer&, ServerHello&);
@@ -427,7 +429,7 @@
class CertificateRequest : public HandShakeBase {
ClientCertificateType certificate_types_[CERT_TYPES];
int typeTotal_;
- mySTL::list<DistinguishedName> certificate_authorities_;
+ STL::list<DistinguishedName> certificate_authorities_;
public:
CertificateRequest();
~CertificateRequest();
@@ -626,8 +628,11 @@
bool send_server_key_; // server key exchange?
bool master_clean_; // master secret clean?
bool TLS_; // TLSv1 or greater
+ bool TLSv1_1_; // TLSv1.1 or greater
bool sessionID_Set_; // do we have a session
- ProtocolVersion version_;
+ bool compression_; // zlib compression?
+ ProtocolVersion version_; // negotiated version
+ ProtocolVersion chVersion_; // client hello version
RandomPool& random_;
Connection(ProtocolVersion v, RandomPool& ran);
@@ -637,6 +642,7 @@
void CleanPreMaster();
void CleanMaster();
void TurnOffTLS();
+ void TurnOffTLS1_1();
private:
Connection(const Connection&); // hide copy
Connection& operator=(const Connection&); // and assign
Modified: dcplusplus/trunk/yassl/include/yassl_int.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/yassl_int.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/yassl_int.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -40,11 +40,21 @@
#include "lock.hpp"
#include "openssl/ssl.h" // ASN1_STRING and DH
+// Check if _POSIX_THREADS should be forced
+#if !defined(_POSIX_THREADS) && (defined(__NETWARE__) || defined(__hpux))
+// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented
+// Netware supports pthreads but does not announce it
+#define _POSIX_THREADS
+#endif
+
#ifdef _POSIX_THREADS
#include <pthread.h>
#endif
+namespace STL = STL_NAMESPACE;
+
+
namespace yaSSL {
@@ -262,7 +272,7 @@
// holds all sessions
class Sessions {
- mySTL::list<SSL_SESSION*> list_;
+ STL::list<SSL_SESSION*> list_;
RandomPool random_; // for session cleaning
Mutex mutex_; // no-op for single threaded
@@ -296,8 +306,8 @@
// holds all errors
class Errors {
- mySTL::list<ThreadError> list_;
- Mutex mutex_;
+ STL::list<ThreadError> list_;
+ Mutex mutex_;
Errors() {} // only GetErrors can create
public:
@@ -326,8 +336,10 @@
bool verifyPeer_; // request or send certificate
bool verifyNone_; // whether to verify certificate
bool failNoCert_;
+ bool multipleProtocol_; // for SSLv23 compatibility
public:
- explicit SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv);
+ SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv,
+ bool multipleProtocol = false);
ProtocolVersion getVersion() const;
ConnectionEnd getSide() const;
@@ -339,6 +351,7 @@
bool verifyPeer() const;
bool verifyNone() const;
bool failNoCert() const;
+ bool multipleProtocol() const;
private:
SSL_METHOD(const SSL_METHOD&); // hide copy
SSL_METHOD& operator=(const SSL_METHOD&); // and assign
@@ -408,32 +421,41 @@
// the SSL context
class SSL_CTX {
public:
- typedef mySTL::list<x509*> CertList;
+ typedef STL::list<x509*> CertList;
private:
- SSL_METHOD* method_;
- x509* certificate_;
- x509* privateKey_;
- CertList caList_;
- Ciphers ciphers_;
- DH_Parms dhParms_;
- Stats stats_;
- Mutex mutex_; // for Stats
+ SSL_METHOD* method_;
+ x509* certificate_;
+ x509* privateKey_;
+ CertList caList_;
+ Ciphers ciphers_;
+ DH_Parms dhParms_;
+ pem_password_cb passwordCb_;
+ void* userData_;
+ bool sessionCacheOff_;
+ Stats stats_;
+ Mutex mutex_; // for Stats
public:
explicit SSL_CTX(SSL_METHOD* meth);
~SSL_CTX();
- const x509* getCert() const;
- const x509* getKey() const;
- const SSL_METHOD* getMethod() const;
- const Ciphers& GetCiphers() const;
- const DH_Parms& GetDH_Parms() const;
- const Stats& GetStats() const;
+ const x509* getCert() const;
+ const x509* getKey() const;
+ const SSL_METHOD* getMethod() const;
+ const Ciphers& GetCiphers() const;
+ const DH_Parms& GetDH_Parms() const;
+ const Stats& GetStats() const;
+ pem_password_cb GetPasswordCb() const;
+ void* GetUserData() const;
+ bool GetSessionCacheOff() const;
void setVerifyPeer();
void setVerifyNone();
void setFailNoCert();
bool SetCipherList(const char*);
bool SetDH(const DH&);
+ void SetPasswordCb(pem_password_cb cb);
+ void SetUserData(void*);
+ void SetSessionCacheOff();
void IncrementStats(StatsField);
void AddCA(x509* ca);
@@ -508,8 +530,8 @@
// holds input and output buffers
class Buffers {
public:
- typedef mySTL::list<input_buffer*> inputList;
- typedef mySTL::list<output_buffer*> outputList;
+ typedef STL::list<input_buffer*> inputList;
+ typedef STL::list<output_buffer*> outputList;
private:
inputList dataList_; // list of users app data / handshake
outputList handShakeList_; // buffered handshake msgs
@@ -580,6 +602,8 @@
const sslFactory& getFactory() const;
const Socket& getSocket() const;
YasslError GetError() const;
+ bool GetMultiProtocol() const;
+ bool CompressionOn() const;
Crypto& useCrypto();
Security& useSecurity();
@@ -597,9 +621,12 @@
void set_preMaster(const opaque*, uint);
void set_masterSecret(const opaque*);
void SetError(YasslError);
+ int SetCompression();
+ void UnSetCompression();
// helpers
bool isTLS() const;
+ bool isTLSv1_1() const;
void order_error();
void makeMasterSecret();
void makeTLSMasterSecret();
@@ -633,7 +660,11 @@
};
+// compression
+int Compress(const byte*, int, input_buffer&);
+int DeCompress(input_buffer&, int, input_buffer&);
+
// conversion functions
void c32to24(uint32, uint24&);
void c24to32(const uint24, uint32&);
Modified: dcplusplus/trunk/yassl/include/yassl_types.hpp
===================================================================
--- dcplusplus/trunk/yassl/include/yassl_types.hpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/include/yassl_types.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -38,7 +38,9 @@
namespace yaSSL {
+#define YASSL_LIB
+
#ifdef YASSL_PURE_C
// library allocation
@@ -76,7 +78,7 @@
::operator delete[](ptr, yaSSL::ys);
}
- #define NEW_YS new (ys)
+ #define NEW_YS new (yaSSL::ys)
// to resolve compiler generated operator delete on base classes with
// virtual destructors (when on stack), make sure doesn't get called
@@ -88,7 +90,6 @@
#else // YASSL_PURE_C
-
template<typename T>
void ysDelete(T* ptr)
{
@@ -121,6 +122,39 @@
typedef unsigned int uint;
+
+#ifdef USE_SYS_STL
+ // use system STL
+ #define STL_VECTOR_FILE <vector>
+ #define STL_LIST_FILE <list>
+ #define STL_ALGORITHM_FILE <algorithm>
+ #define STL_MEMORY_FILE <memory>
+ #define STL_PAIR_FILE <utility>
+
+ #define STL_NAMESPACE std
+#else
+ // use mySTL
+ #define STL_VECTOR_FILE "vector.hpp"
+ #define STL_LIST_FILE "list.hpp"
+ #define STL_ALGORITHM_FILE "algorithm.hpp"
+ #define STL_MEMORY_FILE "memory.hpp"
+ #define STL_PAIR_FILE "pair.hpp"
+
+ #define STL_NAMESPACE mySTL
+#endif
+
+
+#ifdef min
+ #undef min
+#endif
+
+template <typename T>
+T min(T a, T b)
+{
+ return a < b ? a : b;
+}
+
+
// all length constants in bytes
const int ID_LEN = 32; // session id length
@@ -163,6 +197,7 @@
const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES
const int RC4_KEY_SZ = 16; // RC4 Key length
const int AES_128_KEY_SZ = 16; // AES 128bit Key length
+const int AES_192_KEY_SZ = 24; // AES 192bit Key length
const int AES_256_KEY_SZ = 32; // AES 256bit Key length
const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268
const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length
@@ -175,6 +210,7 @@
const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random
const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds
const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard
+const int COMPRESS_EXTRA = 1024; // extra compression possible addition
typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS
@@ -186,7 +222,7 @@
typedef bool IsExportable;
-enum CompressionMethod { no_compression = 0 };
+enum CompressionMethod { no_compression = 0, zlib = 221 };
enum CipherType { stream, block };
Added: dcplusplus/trunk/yassl/mySTL/memory_array.hpp
===================================================================
--- dcplusplus/trunk/yassl/mySTL/memory_array.hpp (rev 0)
+++ dcplusplus/trunk/yassl/mySTL/memory_array.hpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -0,0 +1,142 @@
+/* mySTL memory_array.hpp
+ *
+ * Copyright (C) 2003 Sawtooth Consulting Ltd.
+ *
+ * This file is part of yaSSL.
+ *
+ * yaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * There are special exceptions to the terms and conditions of the GPL as it
+ * is applied to yaSSL. View the full text of the exception in the file
+ * FLOSS-EXCEPTIONS in the directory of this software distribution.
+ *
+ * yaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+/* mySTL memory_arry implements auto_array
+ *
+ */
+
+#ifndef mySTL_MEMORY_ARRAY_HPP
+#define mySTL_MEMORY_ARRAY_HPP
+
+
+#ifdef _MSC_VER
+ // disable operator-> warning for builtins
+ #pragma warning(disable:4284)
+#endif
+
+
+namespace mySTL {
+
+
+template<typename T>
+struct auto_array_ref {
+ T* ptr_;
+ explicit auto_array_ref(T* p) : ptr_(p) {}
+};
+
+
+template<typename T>
+class auto_array {
+ T* ptr_;
+
+ void Destroy()
+ {
+ #ifdef YASSL_LIB
+ yaSSL::ysArrayDelete(ptr_);
+ #else
+ TaoCrypt::tcArrayDelete(ptr_);
+ #endif
+ }
+public:
+ explicit auto_array(T* p = 0) : ptr_(p) {}
+
+ ~auto_array()
+ {
+ Destroy();
+ }
+
+
+ auto_array(auto_array& other) : ptr_(other.release()) {}
+
+ auto_array& operator=(auto_array& that)
+ {
+ if (this != &that) {
+ Destroy();
+ ptr_ = that.release();
+ }
+ return *this;
+ }
+
+
+ T* operator->() const
+ {
+ return ptr_;
+ }
+
+ T& operator*() const
+ {
+ return *ptr_;
+ }
+
+ T* get() const
+ {
+ return ptr_;
+ }
+
+ T* release()
+ {
+ T* tmp = ptr_;
+ ptr_ = 0;
+ return tmp;
+ }
+
+ void reset(T* p = 0)
+ {
+ if (ptr_ != p) {
+ Destroy();
+ ptr_ = p;
+ }
+ }
+
+ // auto_array_ref conversions
+ auto_array(auto_array_ref<T> ref) : ptr_(ref.ptr_) {}
+
+ auto_array& operator=(auto_array_ref<T> ref)
+ {
+ if (this->ptr_ != ref.ptr_) {
+ Destroy();
+ ptr_ = ref.ptr_;
+ }
+ return *this;
+ }
+
+ template<typename T2>
+ operator auto_array<T2>()
+ {
+ return auto_array<T2>(this->release());
+ }
+
+ template<typename T2>
+ operator auto_array_ref<T2>()
+ {
+ return auto_array_ref<T2>(this->release());
+ }
+};
+
+
+} // namespace mySTL
+
+#endif // mySTL_MEMORY_ARRAY_HPP
Modified: dcplusplus/trunk/yassl/src/cert_wrapper.cpp
===================================================================
--- dcplusplus/trunk/yassl/src/cert_wrapper.cpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/src/cert_wrapper.cpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -63,8 +63,8 @@
void x509::Swap(x509& that)
{
- mySTL::swap(length_, that.length_);
- mySTL::swap(buffer_, that.buffer_);
+ STL::swap(length_, that.length_);
+ STL::swap(buffer_, that.buffer_);
}
@@ -105,11 +105,11 @@
{
ysDelete(peerX509_);
- mySTL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
+ STL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
- mySTL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
+ STL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
- mySTL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
+ STL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
}
@@ -242,7 +242,7 @@
// Validate the peer's certificate list, from root to peer (last to first)
int CertManager::Validate()
{
- CertList::iterator last = peerList_.rbegin(); // fix this
+ CertList::reverse_iterator last = peerList_.rbegin();
int count = peerList_.size();
while ( count > 1 ) {
@@ -255,7 +255,7 @@
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
cert.GetCommonName(), cert.GetHash()));
- --last;
+ ++last;
--count;
}
Modified: dcplusplus/trunk/yassl/src/crypto_wrapper.cpp
===================================================================
--- dcplusplus/trunk/yassl/src/crypto_wrapper.cpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/src/crypto_wrapper.cpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -908,7 +908,7 @@
// convert PEM file to DER x509 type
-x509* PemToDer(FILE* file, CertType type)
+x509* PemToDer(FILE* file, CertType type, EncryptedInfo* info)
{
using namespace TaoCrypt;
@@ -935,6 +935,37 @@
break;
}
+ // remove encrypted header if there
+ if (fgets(line, sizeof(line), file)) {
+ char encHeader[] = "Proc-Type";
+ if (strncmp(encHeader, line, strlen(encHeader)) == 0 &&
+ fgets(line,sizeof(line), file)) {
+
+ char* start = strstr(line, "DES");
+ char* finish = strstr(line, ",");
+ if (!start)
+ start = strstr(line, "AES");
+
+ if (!info) return 0;
+
+ if ( start && finish && (start < finish)) {
+ memcpy(info->name, start, finish - start);
+ info->name[finish - start] = 0;
+ memcpy(info->iv, finish + 1, sizeof(info->iv));
+
+ char* newline = strstr(line, "\r");
+ if (!newline) newline = strstr(line, "\n");
+ if (newline && (newline > finish)) {
+ info->ivSz = newline - (finish + 1);
+ info->set = true;
+ }
+ }
+ fgets(line,sizeof(line), file); // get blank line
+ begin = ftell(file);
+ }
+
+ }
+
while(fgets(line, sizeof(line), file))
if (strncmp(footer, line, strlen(footer)) == 0) {
foundEnd = true;
@@ -956,7 +987,7 @@
Base64Decoder b64Dec(der);
uint sz = der.size();
- mySTL::auto_ptr<x509> x(NEW_YS x509(sz), ysDelete);
+ STL_NAMESPACE::auto_ptr<x509> x(NEW_YS x509(sz));
memcpy(x->use_buffer(), der.get_buffer(), sz);
return x.release();
Modified: dcplusplus/trunk/yassl/src/handshake.cpp
===================================================================
--- dcplusplus/trunk/yassl/src/handshake.cpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/src/handshake.cpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -37,13 +37,14 @@
namespace yaSSL {
-using mySTL::min;
// Build a client hello message from cipher suites and compression method
-void buildClientHello(SSL& ssl, ClientHello& hello,
- CompressionMethod compression = no_compression)
+void buildClientHello(SSL& ssl, ClientHello& hello)
{
+ // store for pre master secret
+ ssl.useSecurity().use_connection().chVersion_ = hello.client_version_;
+
ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
if (ssl.getSecurity().get_resuming()) {
hello.id_len_ = ID_LEN;
@@ -55,8 +56,7 @@
hello.suite_len_ = ssl.getSecurity().get_parms().suites_size_;
memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
hello.suite_len_);
- hello.comp_len_ = 1;
- hello.compression_methods_ = compression;
+ hello.comp_len_ = 1;
hello.set_length(sizeof(ProtocolVersion) +
RAN_LEN +
@@ -84,7 +84,7 @@
hello.cipher_suite_[0] = ssl.getSecurity().get_parms().suite_[0];
hello.cipher_suite_[1] = ssl.getSecurity().get_parms().suite_[1];
- hello.compression_method_ = no_compression;
+ hello.compression_method_ = hello.compression_method_;
hello.set_length(sizeof(ProtocolVersion) + RAN_LEN + ID_LEN +
sizeof(hello.id_len_) + SUITE_LEN + SIZEOF_ENUM);
@@ -152,12 +152,18 @@
// add handshake from buffer into md5 and sha hashes, exclude record header
-void hashHandShake(SSL& ssl, const output_buffer& output)
+void hashHandShake(SSL& ssl, const output_buffer& output, bool removeIV = false)
{
uint sz = output.get_size() - RECORD_HEADER;
const opaque* buffer = output.get_buffer() + RECORD_HEADER;
+ if (removeIV) { // TLSv1_1 IV
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+ sz -= blockSz;
+ buffer += blockSz;
+ }
+
ssl.useHashes().use_MD5().update(buffer, sz);
ssl.useHashes().use_SHA().update(buffer, sz);
}
@@ -230,9 +236,21 @@
ssl.useCrypto().use_cipher().decrypt(plain.get_buffer(), cipher, sz);
memcpy(cipher, plain.get_buffer(), sz);
ssl.useSecurity().use_parms().encrypt_size_ = sz;
+
+ if (ssl.isTLSv1_1()) // IV
+ input.set_current(input.get_current() +
+ ssl.getCrypto().get_cipher().get_blockSize());
}
+// output operator for input_buffer
+output_buffer& operator<<(output_buffer& output, const input_buffer& input)
+{
+ output.write(input.get_buffer(), input.get_size());
+ return output;
+}
+
+
// write headers, handshake hash, mac, pad, and encrypt
void cipherFinished(SSL& ssl, Finished& fin, output_buffer& output)
{
@@ -240,9 +258,12 @@
uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
uint sz = RECORD_HEADER + HANDSHAKE_HEADER + finishedSz + digestSz;
uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1())
+ sz += blockSz; // IV
sz += 1; // pad byte
- uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
@@ -253,14 +274,21 @@
buildHeaders(ssl, hsHeader, rlHeader, fin);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+ uint ivSz = iv.get_size();
output.allocate(sz);
- output << rlHeader << hsHeader << fin;
+ output << rlHeader << iv << hsHeader << fin;
- hashHandShake(ssl, output);
+ hashHandShake(ssl, output, ssl.isTLSv1_1() ? true : false);
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
- TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
- output.get_size() - RECORD_HEADER, handshake);
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, handshake);
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, handshake);
@@ -283,9 +311,12 @@
uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
uint sz = RECORD_HEADER + msg.get_length() + digestSz;
uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1()) // IV
+ sz += blockSz;
sz += 1; // pad byte
- uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
pad = (sz - RECORD_HEADER) % blockSz;
pad = blockSz - pad;
sz += pad;
@@ -295,13 +326,21 @@
buildHeader(ssl, rlHeader, msg);
rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
// and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+
+ uint ivSz = iv.get_size();
output.allocate(sz);
- output << rlHeader << msg;
+ output << rlHeader << iv << msg;
opaque digest[SHA_LEN]; // max size
if (ssl.isTLS())
- TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
- output.get_size() - RECORD_HEADER, msg.get_type());
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, msg.get_type());
else
hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
output.get_size() - RECORD_HEADER, msg.get_type());
@@ -363,7 +402,7 @@
uint lastLen = result.get_capacity() % len;
opaque previous[SHA_LEN]; // max size
opaque current[SHA_LEN]; // max size
- mySTL::auto_ptr<Digest> hmac(ysDelete);
+ STL_NAMESPACE::auto_ptr<Digest> hmac;
if (lastLen) times += 1;
@@ -457,6 +496,10 @@
// some clients still send sslv2 client hello
void ProcessOldClientHello(input_buffer& input, SSL& ssl)
{
+ if (input.get_remaining() < 2) {
+ ssl.SetError(bad_input);
+ return;
+ }
byte b0 = input[AUTO];
byte b1 = input[AUTO];
@@ -582,7 +625,7 @@
void TLS_hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz,
ContentType content, bool verify)
{
- mySTL::auto_ptr<Digest> hmac(ysDelete);
+ STL_NAMESPACE::auto_ptr<Digest> hmac;
opaque seq[SEQ_SZ] = { 0x00, 0x00, 0x00, 0x00 };
opaque length[LENGTH_SZ];
opaque inner[SIZEOF_ENUM + VERSION_SZ + LENGTH_SZ]; // type + version + len
@@ -722,7 +765,8 @@
// each message in record, can be more than 1 if not encrypted
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
decrypt_message(ssl, buffer, hdr.length_);
- mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete);
+
+ STL_NAMESPACE::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
if (!msg.get()) {
ssl.SetError(factory_error);
return 0;
@@ -745,13 +789,13 @@
if (DoProcessReply(ssl))
// didn't complete process
- if (!ssl.getSocket().IsBlocking()) {
- // keep trying now
+ if (!ssl.getSocket().IsNonBlocking()) {
+ // keep trying now, blocking ok
while (!ssl.GetError())
if (DoProcessReply(ssl) == 0) break;
}
else
- // user will have try again later
+ // user will have try again later, non blocking
ssl.SetError(YasslError(SSL_ERROR_WANT_READ));
}
@@ -762,7 +806,8 @@
ssl.verifyState(serverNull);
if (ssl.GetError()) return;
- ClientHello ch(ssl.getSecurity().get_connection().version_);
+ ClientHello ch(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
output_buffer out;
@@ -789,7 +834,7 @@
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, ck);
buildOutput(*out.get(), rlHeader, hsHeader, ck);
hashHandShake(ssl, *out.get());
@@ -810,7 +855,7 @@
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, sk);
buildOutput(*out.get(), rlHeader, hsHeader, sk);
hashHandShake(ssl, *out.get());
@@ -835,7 +880,7 @@
ChangeCipherSpec ccs;
RecordLayerHeader rlHeader;
buildHeader(ssl, rlHeader, ccs);
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildOutput(*out.get(), rlHeader, ccs);
if (buffer == buffered)
@@ -852,7 +897,7 @@
Finished fin;
buildFinished(ssl, fin, side == client_end ? client : server);
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
cipherFinished(ssl, fin, *out.get()); // hashes handshake
if (ssl.getSecurity().get_resuming()) {
@@ -860,7 +905,8 @@
buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
}
else {
- GetSessions().add(ssl); // store session
+ if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
+ GetSessions().add(ssl); // store session
if (side == client_end)
buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
}
@@ -886,8 +932,21 @@
for (;;) {
int len = min(sz - sent, MAX_RECORD_SIZE);
output_buffer out;
- const Data data(len, static_cast<const opaque*>(buffer) + sent);
+ input_buffer tmp;
+ Data data;
+
+ if (ssl.CompressionOn()) {
+ if (Compress(static_cast<const opaque*>(buffer) + sent, len,
+ tmp) == -1) {
+ ssl.SetError(compress_error);
+ return -1;
+ }
+ data.SetData(tmp.get_size(), tmp.get_buffer());
+ }
+ else
+ data.SetData(len, static_cast<const opaque*>(buffer) + sent);
+
buildMessage(ssl, out, data);
ssl.Send(out.get_buffer(), out.get_size());
@@ -948,10 +1007,11 @@
ssl.verifyState(clientHelloComplete);
if (ssl.GetError()) return;
- ServerHello sh(ssl.getSecurity().get_connection().version_);
+ ServerHello sh(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildServerHello(ssl, sh);
ssl.set_random(sh.get_random(), server_end);
@@ -974,7 +1034,7 @@
ServerHelloDone shd;
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, shd);
buildOutput(*out.get(), rlHeader, hsHeader, shd);
@@ -995,7 +1055,7 @@
Certificate cert(ssl.getCrypto().get_certManager().get_cert());
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, cert);
buildOutput(*out.get(), rlHeader, hsHeader, cert);
@@ -1017,7 +1077,7 @@
request.Build();
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, request);
buildOutput(*out.get(), rlHeader, hsHeader, request);
@@ -1039,7 +1099,7 @@
verify.Build(ssl);
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
- mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer, ysDelete);
+ STL_NAMESPACE::auto_ptr<output_buffer> out(NEW_YS output_buffer);
buildHeaders(ssl, hsHeader, rlHeader, verify);
buildOutput(*out.get(), rlHeader, hsHeader, verify);
Modified: dcplusplus/trunk/yassl/src/socket_wrapper.cpp
===================================================================
--- dcplusplus/trunk/yassl/src/socket_wrapper.cpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/src/socket_wrapper.cpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -44,7 +44,7 @@
#include <fcntl.h>
#endif // _WIN32
-#if defined(__sun) || defined(__SCO_VERSION__)
+#if defined(__sun) || defined(__SCO_VERSION__) || defined(__NETWARE__)
#include <sys/filio.h>
#endif
@@ -63,7 +63,7 @@
Socket::Socket(socket_t s)
- : socket_(s), wouldBlock_(false), blocking_(false)
+ : socket_(s), wouldBlock_(false), nonBlocking_(false)
{}
@@ -148,8 +148,8 @@
if (recvd == -1) {
if (get_lastError() == SOCKET_EWOULDBLOCK ||
get_lastError() == SOCKET_EAGAIN) {
- wouldBlock_ = true;
- blocking_ = true; // socket can block, only way to tell for win32
+ wouldBlock_ = true; // would have blocked this time only
+ nonBlocking_ = true; // socket nonblocking, win32 only way to tell
return 0;
}
}
@@ -191,9 +191,9 @@
}
-bool Socket::IsBlocking() const
+bool Socket::IsNonBlocking() const
{
- return blocking_;
+ return nonBlocking_;
}
Modified: dcplusplus/trunk/yassl/src/ssl.cpp
===================================================================
--- dcplusplus/trunk/yassl/src/ssl.cpp 2006-12-13 17:10:06 UTC (rev 687)
+++ dcplusplus/trunk/yassl/src/ssl.cpp 2006-12-13 20:39:44 UTC (rev 688)
@@ -41,6 +41,9 @@
#include "yassl_int.hpp"
#include "md5.hpp" // for TaoCrypt MD5 size assert
#include "md4.hpp" // for TaoCrypt MD4 size assert
+#include "file.hpp" // for TaoCrypt Source
+#include "coding.hpp" // HexDecoder
+#include "helpers.hpp" // for placement new hack
#include <stdio.h>
#ifdef _WIN32
@@ -54,7 +57,6 @@
namespace yaSSL {
-using mySTL::min;
int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
@@ -92,11 +94,55 @@
}
}
else {
- x = PemToDer(input, type);
+ EncryptedInfo info;
+ x = PemToDer(input, type, &info);
if (!x) {
fclose(input);
return SSL_BAD_FILE;
}
+ if (info.set) {
+ // decrypt
+ char password[80];
+ pem_password_cb cb = ctx->GetPasswordCb();
+ if (!cb) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ int passwordSz = cb(password, sizeof(password), 0,
+ ctx->GetUserData());
+ byte key[AES_256_KEY_SZ]; // max sizes
+ byte iv[AES_IV_SZ];
+
+ // use file's salt for key derivation, but not real iv
+ TaoCrypt::Source source(info.iv, info.ivSz);
+ TaoCrypt::HexDecoder dec(source);
+ memcpy(info.iv, source.get_buffer(), min((uint)sizeof(info.iv),
+ source.size()));
+ EVP_BytesToKey(info.name, "MD5", info.iv, (byte*)password,
+ passwordSz, 1, key, iv);
+
+ STL::auto_ptr<BulkCipher> cipher;
+ if (strncmp(info.name, "DES-CBC", 7) == 0)
+ cipher.reset(NEW_YS DES);
+ else if (strncmp(info.name, "DES-EDE3-CBC", 13) == 0)
+ cipher.reset(NEW_YS DES_EDE);
+ else if (strncmp(info.name, "AES-128-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_128_KEY_SZ));
+ else if (strncmp(info.name, "AES-192-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_192_KEY_SZ));
+ else if (strncmp(info.name, "AES-256-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_256_KEY_SZ));
+ else {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ cipher->set_decryptKey(key, info.iv);
+ STL::auto_ptr<x509> newx(NEW_YS x509(x->get_length()));
+ cipher->decrypt(newx->use_buffer(), x->get_buffer(),
+ x->get_length());
+ ysDelete(x);
+ x = newx.release();
+ }
}
}
fclose(input);
@@ -137,13 +183,34 @@
}
+SSL_METHOD* TLSv1_1_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
SSL_METHOD* SSLv23_server_method()
{
- // compatibility only, no version 2 support
- return SSLv3_server_method();
+ // compatibility only, no version 2 support, but does SSL 3 and TLS 1
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
}
+SSL_METHOD* SSLv23_client_method()
+{
+ // compatibility only, no version 2 support, but does SSL 3 and TLS 1
+ // though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
+ // TODO: maybe add support to send SSLv2 hello ???
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
+}
+
+
SSL_CTX* SSL_CTX_new(SSL_METHOD* method)
{
return NEW_YS SSL_CTX(method);
@@ -351,7 +418,6 @@
Alert alert(warning, close_notify);
sendAlert(*ssl, alert);
ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
- ssl->useSocket().closeSocket();
GetErrors().Remove();
@@ -359,8 +425,21 @@
}
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+ if (mode == SSL_SESS_CACHE_OFF)
+ ctx->SetSessionCacheOff();
+
+ return SSL_SUCCESS;
+}
+
+
SSL_SESSION* SSL_get_session(SSL* ssl)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return 0;
+
return GetSessions().lookup(
ssl->getSecurity().get_connection().sessionID_);
}
@@ -368,6 +447,9 @@
int SSL_set_session(SSL* ssl, SSL_SESSION* session)
{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return SSL_FAILURE;
+
ssl->set_session(session);
return SSL_SUCCESS;
}
@@ -456,6 +538,19 @@
}
+
+/* turn on yaSSL zlib compression
+ returns 0 for success, else error (not built in)
+ only need to turn on for client, becuase server on by default if built in
+ but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl)
+{
+ return ssl->SetCompression();
+}
+
+
+
X509* SSL_get_peer_certificate(SSL* ssl)
{
return ssl->getCrypto().get_certManager().get_peerX509();
@@ -828,9 +923,8 @@
// be created
BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal)
{
- using mySTL::auto_ptr;
bool created = false;
- auto_ptr<BIGNUM> bn(ysDelete);
+ STL_NAMESPACE::auto_ptr<BIGNUM> bn;
if (!retVal) {
created = true;
@@ -891,7 +985,7 @@
const EVP_CIPHER* EVP_des_ede3_cbc(void)
{
- static const char* type = "DES_EDE3_CBC";
+ static const char* type = "DES-EDE3-CBC";
return type;
}
@@ -902,16 +996,37 @@
// only support MD5 for now
if (strncmp(md, "MD5", 3)) return 0;
- // only support DES_EDE3_CBC for now
- if (strncmp(type, "DES_EDE3_CBC", 12)) return 0;
+ int keyLen = 0;
+ int ivLen = 0;
+ // only support CBC DES and AES for now
+ if (strncmp(type, "DES-CBC", 7) == 0) {
+ keyLen = DES_KEY_SZ;
+ ivLen = DES_IV_SZ;
+ }
+ else if (strncmp(type, "DES-EDE3-CBC", 12) == 0) {
+ keyLen = DES_EDE_KEY_SZ;
+ ivLen = DES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-128-CBC", 11) == 0) {
+ keyLen = AES_128_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-192-CBC", 11) == 0) {
+ keyLen = AES_192_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-256-CBC", 11) == 0) {
+ keyLen = AES_256_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else
+ return 0;
+
yaSSL::MD5 myMD;
uint digestSz = myMD.get_digestSize();
byte digest[SHA_LEN]; // max size
- yaSSL::DES_EDE cipher;
- int keyLen = cipher.get_keySize();
- int ivLen = cipher.get_ivSize();
int keyLeft = keyLen;
int ivLeft = ivLen;
int keyOutput = 0;
@@ -944,7 +1059,7 @@
if (ivLeft && digestLeft) {
int store = min(ivLeft, digestLeft);
- memcpy(&iv[ivLen - ivLeft], digest, store);
+ memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store);
keyOutput += store;
ivLeft -= store;
@@ -1020,10 +1135,9 @@
}
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata)
{
- // yaSSL doesn't support yet, unencrypt your PEM file with userdata
- // before handing off to yaSSL
+ ctx->SetUserData(userdata);
}
@@ -1100,12 +1214,6 @@
}
-SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */
-{
- return SSLv3_client_method();
-}
-
-
SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */
{
return 0;
@@ -1290,7 +1398,57 @@
}
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+ ctx->SetPasswordCb(cb);
+}
+
+int SSLeay_add_ssl_algorithms() /...
[truncated message content] |
