From: Todd O. <to...@us...> - 2009-08-13 22:11:01
|
Update of /cvsroot/yassl/cyassl/src In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv8332/src Modified Files: cyassl_int.c ssl.c Log Message: add negotiate if first call read or write and check input on session resumption Index: cyassl_int.c =================================================================== RCS file: /cvsroot/yassl/cyassl/src/cyassl_int.c,v retrieving revision 1.57 retrieving revision 1.58 diff -C2 -d -r1.57 -r1.58 *** cyassl_int.c 18 May 2009 02:14:56 -0000 1.57 --- cyassl_int.c 13 Aug 2009 22:10:52 -0000 1.58 *************** *** 42,45 **** --- 42,48 ---- + int CyaSSL_negotiate(SSL*); + + #ifndef NO_CYASSL_CLIENT static int DoHelloVerifyRequest(SSL* ssl, const byte* input, word32*); *************** *** 986,991 **** !ssl->options.verifyNone, ssl->caList); ! if (!firstTime || ret != 0) ! goto DoCertificate_free_cert; /* first one has peer's key */ --- 989,996 ---- !ssl->options.verifyNone, ssl->caList); ! if (!firstTime || ret != 0) { ! FreeDecodedCert(&dCert); ! continue; ! } /* first one has peer's key */ *************** *** 1003,1007 **** ssl->buffers.domainName.length - 1)) { ret = DOMAIN_NAME_MISMATCH; ! goto DoCertificate_free_cert; } --- 1008,1013 ---- ssl->buffers.domainName.length - 1)) { ret = DOMAIN_NAME_MISMATCH; ! FreeDecodedCert(&dCert); ! continue; } *************** *** 1010,1019 **** &ssl->peerRsaKey, dCert.pubKeySize) != 0) { ret = PEER_KEY_ERROR; ! goto DoCertificate_free_cert; } - ssl->peerRsaKeyPresent = 1; - DoCertificate_free_cert: FreeDecodedCert(&dCert); } --- 1016,1024 ---- &ssl->peerRsaKey, dCert.pubKeySize) != 0) { ret = PEER_KEY_ERROR; ! FreeDecodedCert(&dCert); ! continue; } ssl->peerRsaKeyPresent = 1; FreeDecodedCert(&dCert); } *************** *** 1467,1476 **** #endif ! switch ((processReply)ssl->options.processReply) { /* in the CYASSL_SERVER case, get the first byte for detecting * old client hello */ case doProcessInit: - lbl_doProcessInit: readSz = RECORD_HEADER_SZ; --- 1472,1481 ---- #endif ! for (;;) { ! switch ((processReply)ssl->options.processReply) { /* in the CYASSL_SERVER case, get the first byte for detecting * old client hello */ case doProcessInit: readSz = RECORD_HEADER_SZ; *************** *** 1514,1518 **** else { ssl->options.processReply = getRecordLayerHeader; ! goto lbl_getRecordLayerHeader; } --- 1519,1523 ---- else { ssl->options.processReply = getRecordLayerHeader; ! continue; } *************** *** 1525,1529 **** return ret; } else { ! #ifdef CYASSL_DTLS /* read ahead may already have */ used = ssl->buffers.inputBuffer.length - --- 1530,1534 ---- return ret; } else { ! #ifdef CYASSL_DTLS /* read ahead may already have */ used = ssl->buffers.inputBuffer.length - *************** *** 1532,1536 **** if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; ! #endif } --- 1537,1541 ---- if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; ! #endif /* CYASSL_DTLS */ } *************** *** 1549,1557 **** } ! #endif /* get the record layer header */ case getRecordLayerHeader: - lbl_getRecordLayerHeader: ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer, --- 1554,1561 ---- } ! #endif /* NO_CYASSL_SERVER */ /* get the record layer header */ case getRecordLayerHeader: ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer, *************** *** 1586,1590 **** /* the record layer is here */ case runProcessingOneMessage: ! lbl_runProcessingOneMessage: if (ssl->keys.encryptionOn) if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer + --- 1590,1594 ---- /* the record layer is here */ case runProcessingOneMessage: ! if (ssl->keys.encryptionOn) if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer + *************** *** 1681,1693 **** #ifdef CYASSL_DTLS /* read-ahead but dtls doesn't bundle messages per record */ ! if (ssl->options.dtls) ! goto lbl_doProcessInit; #endif ssl->options.processReply = runProcessingOneMessage; ! goto lbl_runProcessingOneMessage; } /* more records */ ! else ! goto lbl_doProcessInit; } --- 1685,1702 ---- #ifdef CYASSL_DTLS /* read-ahead but dtls doesn't bundle messages per record */ ! if (ssl->options.dtls) { ! ssl->options.processReply = doProcessInit; ! continue; ! } #endif ssl->options.processReply = runProcessingOneMessage; ! continue; } /* more records */ ! else { ! ssl->options.processReply = doProcessInit; ! continue; ! } ! } } *************** *** 2095,2100 **** if (ssl->options.handShakeState != HANDSHAKE_DONE) { ! CYASSL_ERROR(NOT_READY_ERROR); ! return ssl->error = NOT_READY_ERROR; } --- 2104,2110 ---- if (ssl->options.handShakeState != HANDSHAKE_DONE) { ! int err; ! if ( (err = CyaSSL_negotiate(ssl)) != 0) ! return err; } *************** *** 2188,2193 **** if (ssl->options.handShakeState != HANDSHAKE_DONE) { ! CYASSL_ERROR(NOT_READY_ERROR); ! return ssl->error = NOT_READY_ERROR; } --- 2198,2204 ---- if (ssl->options.handShakeState != HANDSHAKE_DONE) { ! int err; ! if ( (err = CyaSSL_negotiate(ssl)) != 0) ! return err; } Index: ssl.c =================================================================== RCS file: /cvsroot/yassl/cyassl/src/ssl.c,v retrieving revision 1.48 retrieving revision 1.49 diff -C2 -d -r1.48 -r1.49 *** ssl.c 3 Aug 2009 15:16:46 -0000 1.48 --- ssl.c 13 Aug 2009 22:10:52 -0000 1.49 *************** *** 106,109 **** --- 106,125 ---- + int CyaSSL_negotiate(SSL* ssl) + { + int err; + + if (ssl->options.side == SERVER_END) + err = SSL_accept(ssl); + else + err = SSL_connect(ssl); + + if (err == SSL_SUCCESS) + return 0; + else + return err; + } + + int SSL_write(SSL* ssl, const void* buffer, int sz) { *************** *** 1083,1087 **** for (; idx >= 0; idx--) { ! SSL_SESSION* current = &SessionCache[row].Sessions[idx]; if (memcmp(current->sessionID, id, ID_LEN) == 0) { if (LowResTimer() < (current->bornOn + current->timeout)) { --- 1099,1108 ---- for (; idx >= 0; idx--) { ! SSL_SESSION* current; ! ! if (idx >= SESSIONS_PER_ROW) /* server could have restarted, idx */ ! break; /* would be word32(-1) and seg fault */ ! ! current = &SessionCache[row].Sessions[idx]; if (memcmp(current->sessionID, id, ID_LEN) == 0) { if (LowResTimer() < (current->bornOn + current->timeout)) { *************** *** 1762,1765 **** --- 1783,1791 ---- } + void ERR_clear_error(void) + { + /* TODO: */ + } + int RAND_status(void) *************** *** 1833,1837 **** { /* TDOD: */ ! return SSL_SUCCESS; } --- 1859,1863 ---- { /* TDOD: */ ! return opt; } *************** *** 1840,1844 **** { /* TODO: check private against public for RSA match */ ! return SSL_NOT_IMPLEMENTED; } --- 1866,1870 ---- { /* TODO: check private against public for RSA match */ ! return SSL_SUCCESS; } |