Commit 3dc1365b authored by msvensson@neptunus.(none)'s avatar msvensson@neptunus.(none)

Merge 192.168.0.20:mysql/my50-maint-yassl

into  neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
parents 7d9efcc2 bb5c6d43
yaSSL Release notes, version 1.2.2 (03/27/06) yaSSL Release notes, version 1.3.0 (04/26/06)
This release of yaSSL contains minor bug fixes, portability enhancements,
and libcurl support.
See normal build instructions below under 1.0.6.
--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
To build for libcurl the library needs to be built without C++ globals since
the linker will be called in a C context, also libcurl configure will expect
OpenSSL library names so some symbolic links are created.
./configure --enable-pure-c
make
make openssl-links
(then go to your libcurl home and tell libcurl about yaSSL)
./configure --with-ssl=/yaSSL-HomeDir
make
--To build for libcurl on Win32:
Simply add the yaSSL project as a dependency to libcurl, add
yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
define USE_SSLEAY and USE_OPENSSL
please email todd@yassl.com if you have any questions.
*******************yaSSL Release notes, version 1.2.2 (03/27/06)
This release of yaSSL contains minor bug fixes and portability enhancements. This release of yaSSL contains minor bug fixes and portability enhancements.
......
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 20:12:32 2005 GMT
Not After : Oct 15 20:12:32 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cf:2b:14:00:b0:3c:df:6f:9e:91:40:ec:c8:f6:
90:b2:5b:b4:70:80:a5:a4:0a:73:c7:44:f3:2a:26:
c4:2f:f1:3a:f1:c3:c4:ac:fc:c3:d2:c3:bf:f5:d7:
6a:38:42:ad:22:ab:c8:c4:4b:4c:1d:16:af:05:34:
7d:79:97:5e:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
X509v3 Authority Key Identifier:
keyid:CB:0F:1F:E9:A2:76:71:C9:E6:E8:23:A6:C1:18:B7:CC:44:CF:B9:84
DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
27:f7:3d:fb:39:6f:73:a4:86:f3:a0:48:22:60:84:e9:5c:3d:
28:36:05:16:44:98:07:87:e1:5d:b5:f3:a7:bc:33:5f:f4:29:
a9:5f:87:33:df:e6:8e:bd:e2:f3:0a:c8:00:69:ae:3d:41:47:
03:ea:0b:4c:67:45:4b:ab:f3:39
-----BEGIN CERTIFICATE-----
MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDExODIwMTIzMloXDTA3
MTAxNTIwMTIzMlowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDPKxQAsDzfb56RQOzI9pCy
W7RwgKWkCnPHRPMqJsQv8Trxw8Ss/MPSw7/112o4Qq0iq8jES0wdFq8FNH15l17h
AgMBAAGjgekwgeYwHQYDVR0OBBYEFMsPH+midnHJ5ugjpsEYt8xEz7mEMIG2BgNV
HSMEga4wgauAFMsPH+midnHJ5ugjpsEYt8xEz7mEoYGPpIGMMIGJMQswCQYDVQQG
EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQQFAANBACf3Pfs5b3OkhvOgSCJghOlcPSg2BRZEmAeH4V21
86e8M1/0KalfhzPf5o694vMKyABprj1BRwPqC0xnRUur8zk=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 19:33:15 2005 GMT
Not After : Oct 15 19:33:15 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86:
36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2:
26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28:
65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd:
46:2a:a0:45:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
X509v3 Authority Key Identifier:
keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
c5:82:26:0c:1f:61:01:14:b0:ce:18:99:64:91:0e:f1:f8:90:
3e:a3:0e:be:38:7c:97:ba:05:c9:2a:dc:dd:62:2d:12:61:79:
7a:86:b1:97:5d:1e:e8:f7:e8:32:34:f7:8f:b1:08:3d:13:71:
a6:3c:15:91:85:12:35:6e:78:87
-----BEGIN CERTIFICATE-----
MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP
MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT
U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMB4XDTA1MDExODE5MzMxNVoXDTA3MTAxNTE5MzMxNVoweDELMAkG
A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM
BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH
+LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA
ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC
wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu
ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQEEBQADQQDFgiYMH2EBFLDOGJlkkQ7x+JA+ow6+OHyXugXJKtzdYi0SYXl6
hrGXXR7o9+gyNPePsQg9E3GmPBWRhRI1bniH
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz
Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l
n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg
QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT
8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP
YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA
uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L
-----END RSA PRIVATE KEY-----
30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102
\ No newline at end of file
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: dsaWithSHA1
Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
Validity
Not Before: Jan 23 22:54:51 2005 GMT
Not After : Oct 20 22:54:51 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
DSA Public Key:
pub:
04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
ef:bb:b9:82
P:
00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
b9:42:fd:1b:11
Q:
00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
a6:b7:dd:4d:03:09
G:
12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
10:46:19:31
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
X509v3 Authority Key Identifier:
keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@yassl.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: dsaWithSHA1
30:2b:02:14:74:46:9f:91:7b:24:17:3b:ee:0f:10:e3:76:62:
f4:dc:81:e6:fd:fe:02:13:08:f4:87:0a:ab:ba:9c:de:3a:69:
72:59:b8:ec:e9:57:f4:bf:37
-----BEGIN CERTIFICATE-----
MIIDMTCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE
U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz
bC5jb20wHhcNMDUwMTIzMjI1NDUxWhcNMDcxMDIwMjI1NDUxWjB4MQswCQYDVQQG
EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE
ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW
DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+
Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5
Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l
jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA
AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z
JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK
IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow
eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh
bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ
KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG
SM44BAMDLgAwKwIUdEafkXskFzvuDxDjdmL03IHm/f4CEwj0hwqrupzeOmlyWbjs
6Vf0vzc=
-----END CERTIFICATE-----
-----BEGIN DSA PRIVATE KEY-----
MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
E2V27tjDFY02uA==
-----END DSA PRIVATE KEY-----
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 20:50:59 2005 GMT
Not After : Oct 15 20:50:59 2007 GMT
Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9:
95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0:
a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be:
6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd:
f2:25:93:22:e7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
08:36:07:8c:3a:7f:f9:91:0a:82:d1:6a:c1:34:be:bc:2d:b2:
20:98:dc:45:50:53:9c:66:e6:26:71:bd:fa:d2:b4:91:d3:53:
c0:20:05:c0:b6:84:9a:5f:3f:61:75:f5:fd:c6:ec:e2:f6:9f:
a2:13:17:a9:b7:83:60:cc:cb:eb
-----BEGIN CERTIFICATE-----
MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290
aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI
hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAxMTgyMDUwNTlaFw0wNzEwMTUy
MDUwNTlaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh
b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G
CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg
0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI
hvcNAQEEBQADQQAINgeMOn/5kQqC0WrBNL68LbIgmNxFUFOcZuYmcb360rSR01PA
IAXAtoSaXz9hdfX9xuzi9p+iExept4NgzMvr
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU
ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC
1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI
2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE
B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw
7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL
WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI=
-----END RSA PRIVATE KEY-----
***** Create a self signed cert ************
1) openssl genrsa 512 > client-key.pem
2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
-- adding metadata to beginning
3) openssl x509 -in client-cert.pem -text > tmp.pem
4) mv tmp.pem client-cert.pem
***** Create a CA, signing authority **********
same as self signed, use ca prefix instead of client
***** Create a cert signed by CA **************
1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
2) copy ca-key.pem ca-cert.srl (why ????)
3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
***** To create a dsa cert ********************
1) openssl dsaparam 512 > dsa512.param # creates group params
2) openssl gendsa dsa512.param > dsa512.pem # creates private key
3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem
***** To convert from PEM to DER **************
a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
to convert rsa private PEM to DER :
b) openssl rsa -in key.pem -outform DER -out key.der
...@@ -33,10 +33,10 @@ void client_test(void* args) ...@@ -33,10 +33,10 @@ void client_test(void* args)
const char* cipher = 0; const char* cipher = 0;
int index = 0; int index = 0;
char list[1024]; char list[1024];
strcpy(list, "cipherlist"); strncpy(list, "cipherlist", 11);
while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) { while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) {
strcat(list, ":"); strncat(list, ":", 2);
strcat(list, cipher); strncat(list, cipher, strlen(cipher) + 1);
} }
printf("%s\n", list); printf("%s\n", list);
printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl)); printf("Using Cipher Suite %s\n", SSL_get_cipher(ssl));
......
/* err.h for openssl */ /* err.h for openssl */
#ifndef ysSSL_err_h__ #ifndef yaSSL_err_h__
#define yaSSL_err_h__ #define yaSSL_err_h__
......
/* md5.h for openssl */ /* md5.h for openssl */
#include "ssl.h" /* in there for now */
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
#define yaSSL_openssl_h__ #define yaSSL_openssl_h__
#include <stdio.h> /* ERR_print fp */ #include <stdio.h> /* ERR_print fp */
#include "opensslv.h" /* for version number */
#include "rsa.h" #include "rsa.h"
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
...@@ -102,7 +103,6 @@ void X509_free(X509*); ...@@ -102,7 +103,6 @@ void X509_free(X509*);
typedef struct BIO BIO; typedef struct BIO BIO;
/* ASN stuff */ /* ASN stuff */
typedef struct ASN1_TIME ASN1_TIME;
...@@ -345,8 +345,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); ...@@ -345,8 +345,8 @@ long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_algorithms(void);
void SSL_library_init(); int SSL_library_init();
void SSLeay_add_ssl_algorithms(void); int SSLeay_add_ssl_algorithms(void);
SSL_CIPHER* SSL_get_current_cipher(SSL*); SSL_CIPHER* SSL_get_current_cipher(SSL*);
...@@ -371,6 +371,10 @@ typedef unsigned char DES_cblock[8]; ...@@ -371,6 +371,10 @@ typedef unsigned char DES_cblock[8];
typedef const DES_cblock const_DES_cblock; typedef const DES_cblock const_DES_cblock;
typedef DES_cblock DES_key_schedule; typedef DES_cblock DES_key_schedule;
enum {
DES_ENCRYPT = 1,
DES_DECRYPT = 0
};
const EVP_MD* EVP_md5(void); const EVP_MD* EVP_md5(void);
const EVP_CIPHER* EVP_des_ede3_cbc(void); const EVP_CIPHER* EVP_des_ede3_cbc(void);
...@@ -392,6 +396,108 @@ int RAND_write_file(const char*); ...@@ -392,6 +396,108 @@ int RAND_write_file(const char*);
int RAND_load_file(const char*, long); int RAND_load_file(const char*, long);
/* for libcurl */
int RAND_status(void);
int DES_set_key(const_DES_cblock*, DES_key_schedule*);
void DES_set_odd_parity(DES_cblock*);
void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
void SSL_SESSION_free(SSL_SESSION* session);
X509* SSL_get_certificate(SSL* ssl);
EVP_PKEY* SSL_get_privatekey(SSL* ssl);
EVP_PKEY* X509_get_pubkey(X509* x);
int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
void EVP_PKEY_free(EVP_PKEY* pkey);
void ERR_error_string_n(unsigned long e, char *buf, size_t len);
void ERR_free_strings(void);
void EVP_cleanup(void);
void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
#define GEN_IPADD 7
#define NID_subject_alt_name 85
#define STACK_OF(x) x
/* defined here because libcurl dereferences */
typedef struct ASN1_STRING {
int type;
int length;
unsigned char* data;
} ASN1_STRING;
typedef struct GENERAL_NAME {
int type;
union {
ASN1_STRING* ia5;
} d;
} GENERAL_NAME;
void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
unsigned char* ASN1_STRING_data(ASN1_STRING* x);
int ASN1_STRING_length(ASN1_STRING* x);
int ASN1_STRING_type(ASN1_STRING *x);
typedef ASN1_STRING X509_NAME_ENTRY;
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
#define OPENSSL_malloc(x) malloc(x)
#define OPENSSL_free(x) free(x)
int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */
SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */
SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */
#define CRYPTO_free(x) free(x)
#define ASN1_TIME ASN1_STRING
ASN1_TIME* X509_get_notBefore(X509* x);
ASN1_TIME* X509_get_notAfter(X509* x);
#define ASN1_UTCTIME ASN1_STRING
#define NID_commonName 13
#define V_ASN1_UTF8STRING 12
#define GEN_DNS 2
typedef struct MD4_CTX {
void* ptr;
} MD4_CTX;
void MD4_Init(MD4_CTX*);
void MD4_Update(MD4_CTX*, const void*, unsigned long);
void MD4_Final(unsigned char*, MD4_CTX*);
typedef struct MD5_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} MD5_CTX;
void MD5_Init(MD5_CTX*);
void MD5_Update(MD5_CTX*, const void*, unsigned long);
void MD5_Final(unsigned char*, MD5_CTX*);
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */ #define SSL_DEFAULT_CIPHER_LIST "" /* default all */
......
/* x509.h for libcurl */
/* x509v3.h for libcurl */
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
#include "cert_wrapper.hpp" #include "cert_wrapper.hpp"
#include "log.hpp" #include "log.hpp"
#include "lock.hpp" #include "lock.hpp"
#include "openssl/ssl.h" // ASN1_STRING and DH
namespace yaSSL { namespace yaSSL {
...@@ -126,32 +127,70 @@ private: ...@@ -126,32 +127,70 @@ private:
}; };
// hold add crypt references provided to callers
class CryptProvider {
mySTL::list<Digest*> digestList_;
mySTL::list<BulkCipher*> cipherList_;
CryptProvider() {} // only GetCryptProvider creates
public:
~CryptProvider();
Digest* NewMd5();
BulkCipher* NewDesEde();
friend CryptProvider& GetCryptProvider();
private:
CryptProvider(const CryptProvider&); // hide copy
CryptProvider& operator=(const CryptProvider&); // and assign
};
CryptProvider& GetCryptProvider();
#undef X509_NAME // wincrypt.h clash #undef X509_NAME // wincrypt.h clash
// openSSL X509 names // openSSL X509 names
class X509_NAME { class X509_NAME {
char* name_; char* name_;
size_t sz_;
ASN1_STRING entry_;
public: public:
X509_NAME(const char*, size_t sz); X509_NAME(const char*, size_t sz);
~X509_NAME(); ~X509_NAME();
char* GetName(); char* GetName();
ASN1_STRING* GetEntry(int i);
private: private:
X509_NAME(const X509_NAME&); // hide copy X509_NAME(const X509_NAME&); // hide copy
X509_NAME& operator=(const X509_NAME&); // and assign X509_NAME& operator=(const X509_NAME&); // and assign
}; };
class StringHolder {
ASN1_STRING asnString_;
public:
StringHolder(const char* str, int sz);
~StringHolder();
ASN1_STRING* GetString();
};
// openSSL X509 // openSSL X509
class X509 { class X509 {
X509_NAME issuer_; X509_NAME issuer_;
X509_NAME subject_; X509_NAME subject_;
StringHolder beforeDate_; // not valid before
StringHolder afterDate_; // not valid after
public: public:
X509(const char* i, size_t, const char* s, size_t); X509(const char* i, size_t, const char* s, size_t,
const char* b, int, const char* a, int);
~X509() {} ~X509() {}
X509_NAME* GetIssuer(); X509_NAME* GetIssuer();
X509_NAME* GetSubject(); X509_NAME* GetSubject();
ASN1_STRING* GetBefore();
ASN1_STRING* GetAfter();
private: private:
X509(const X509&); // hide copy X509(const X509&); // hide copy
X509& operator=(const X509&); // and assign X509& operator=(const X509&); // and assign
......
// this is a dummy file
...@@ -271,10 +271,13 @@ int CertManager::Validate() ...@@ -271,10 +271,13 @@ int CertManager::Validate()
else else
peerKeyType_ = dsa_sa_algo; peerKeyType_ = dsa_sa_algo;
int iSz = cert.GetIssuer() ? strlen(cert.GetIssuer()) + 1 : 0; int iSz = strlen(cert.GetIssuer()) + 1;
int sSz = cert.GetCommonName() ? strlen(cert.GetCommonName()) + 1 : 0; int sSz = strlen(cert.GetCommonName()) + 1;
int bSz = strlen(cert.GetBeforeDate()) + 1;
int aSz = strlen(cert.GetAfterDate()) + 1;
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
sSz); sSz, cert.GetBeforeDate(), bSz,
cert.GetAfterDate(), aSz);
} }
return 0; return 0;
} }
......
/* ssl.cpp /* ssl.cpp
* *
* Copyright (C) 2003 Sawtooth Consulting Ltd. * Copyright (C) 2003 Sawtooth Consulting Ltd.
* *
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#include "openssl/ssl.h" #include "openssl/ssl.h"
#include "handshake.hpp" #include "handshake.hpp"
#include "yassl_int.hpp" #include "yassl_int.hpp"
#include "md5.hpp" // for TaoCrypt MD5 size assert
#include <stdio.h> #include <stdio.h>
#ifdef _WIN32 #ifdef _WIN32
...@@ -723,8 +724,10 @@ void OpenSSL_add_all_algorithms() // compatibility only ...@@ -723,8 +724,10 @@ void OpenSSL_add_all_algorithms() // compatibility only
{} {}
void SSL_library_init() // compatiblity only int SSL_library_init() // compatiblity only
{} {
return 1;
}
DH* DH_new(void) DH* DH_new(void)
...@@ -804,15 +807,13 @@ const char* X509_verify_cert_error_string(long /* error */) ...@@ -804,15 +807,13 @@ const char* X509_verify_cert_error_string(long /* error */)
const EVP_MD* EVP_md5(void) const EVP_MD* EVP_md5(void)
{ {
// TODO: FIX add to some list for destruction return GetCryptProvider().NewMd5();
return NEW_YS MD5;
} }
const EVP_CIPHER* EVP_des_ede3_cbc(void) const EVP_CIPHER* EVP_des_ede3_cbc(void)
{ {
// TODO: FIX add to some list for destruction return GetCryptProvider().NewDesEde();
return NEW_YS DES_EDE;
} }
...@@ -897,6 +898,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, ...@@ -897,6 +898,275 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
} }
// functions for libcurl
int RAND_status()
{
return 1; /* TaoCrypt provides enough seed */
}
int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
{
memcpy(schedule, key, sizeof(const_DES_cblock));
return 1;
}
void DES_set_odd_parity(DES_cblock* key)
{
// not needed now for TaoCrypt
}
void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
DES_key_schedule* key, int enc)
{
DES des;
if (enc) {
des.set_encryptKey(*key, 0);
des.encrypt(*output, *input, DES_BLOCK);
}
else {
des.set_decryptKey(*key, 0);
des.decrypt(*output, *input, DES_BLOCK);
}
}
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata)
{
// yaSSL doesn't support yet, unencrypt your PEM file with userdata
// before handing off to yaSSL
}
X509* SSL_get_certificate(SSL* ssl)
{
// only used to pass to get_privatekey which isn't used
return 0;
}
EVP_PKEY* SSL_get_privatekey(SSL* ssl)
{
// only called, not used
return 0;
}
void SSL_SESSION_free(SSL_SESSION* session)
{
// managed by singleton
}
EVP_PKEY* X509_get_pubkey(X509* x)
{
// called, not used though
return 0;
}
int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
{
// called, not used though
return 0;
}
void EVP_PKEY_free(EVP_PKEY* pkey)
{
// never allocated from above
}
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
if (len) ERR_error_string(e, buf);
}
void ERR_free_strings(void)
{
// handled internally
}
void EVP_cleanup(void)
{
// nothing to do yet
}
ASN1_TIME* X509_get_notBefore(X509* x)
{
if (x) return x->GetBefore();
return 0;
}
ASN1_TIME* X509_get_notAfter(X509* x)
{
if (x) return x->GetAfter();
return 0;
}
SSL_METHOD* SSLv23_client_method(void) /* doesn't actually roll back */
{
return SSLv3_client_method();
}
SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */
{
return 0;
}
SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */
{
return SSL_get_session(ssl);
}
void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
{
// no extension names supported yet
}
int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
{
// no extension names supported yet
return 0;
}
GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
{
// no extension names supported yet
return 0;
}
unsigned char* ASN1_STRING_data(ASN1_STRING* x)
{
if (x) return x->data;
return 0;
}
int ASN1_STRING_length(ASN1_STRING* x)
{
if (x) return x->length;
return 0;
}
int ASN1_STRING_type(ASN1_STRING *x)
{
if (x) return x->type;
return 0;
}
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
{
int idx = -1; // not found
const char* start = &name->GetName()[lastpos + 1];
switch (nid) {
case NID_commonName:
char* found = strstr(start, "/CN=");
if (found) {
found += 4; // advance to str
idx = found - start + lastpos + 1;
}
break;
}
return idx;
}
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
{
// the same in yaSSL
return ne;
}
X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
{
return name->GetEntry(loc);
}
// already formatted, caller responsible for freeing *out
int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
{
if (!in) return 0;
*out = (unsigned char*)malloc(in->length + 1);
if (*out) {
memcpy(*out, in->data, in->length);
(*out)[in->length] = 0;
}
return in->length;
}
void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
{
// no extensions supported yet
return 0;
}
void MD4_Init(MD4_CTX* md4)
{
assert(0); // not yet supported, build compat. only
}
void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
{
}
void MD4_Final(unsigned char* hash, MD4_CTX* md4)
{
}
void MD5_Init(MD5_CTX* md5)
{
// make sure we have a big enough buffer
typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
(void) sizeof(ok);
// using TaoCrypt since no dynamic memory allocated
// and no destructor will be called
new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
}
void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
{
reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
static_cast<const byte*>(data), static_cast<unsigned int>(sz));
}
void MD5_Final(unsigned char* hash, MD5_CTX* md5)
{
reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
}
// functions for stunnel // functions for stunnel
void RAND_screen() void RAND_screen()
...@@ -1098,8 +1368,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz, ...@@ -1098,8 +1368,10 @@ void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
} }
void SSLeay_add_ssl_algorithms() // compatibility only int SSLeay_add_ssl_algorithms() // compatibility only
{} {
return 1;
}
void ERR_remove_state(unsigned long) void ERR_remove_state(unsigned long)
......
...@@ -50,12 +50,16 @@ template class list<yaSSL::SSL_SESSION*>; ...@@ -50,12 +50,16 @@ template class list<yaSSL::SSL_SESSION*>;
template class list<yaSSL::input_buffer*>; template class list<yaSSL::input_buffer*>;
template class list<yaSSL::output_buffer*>; template class list<yaSSL::output_buffer*>;
template class list<yaSSL::x509*>; template class list<yaSSL::x509*>;
template class list<yaSSL::Digest*>;
template class list<yaSSL::BulkCipher*>;
template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*); template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero); template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
} }
namespace yaSSL { namespace yaSSL {
...@@ -81,6 +85,7 @@ template void ysDelete<X509>(X509*); ...@@ -81,6 +85,7 @@ template void ysDelete<X509>(X509*);
template void ysDelete<Message>(Message*); template void ysDelete<Message>(Message*);
template void ysDelete<sslFactory>(sslFactory*); template void ysDelete<sslFactory>(sslFactory*);
template void ysDelete<Sessions>(Sessions*); template void ysDelete<Sessions>(Sessions*);
template void ysDelete<CryptProvider>(CryptProvider*);
template void ysArrayDelete<unsigned char>(unsigned char*); template void ysArrayDelete<unsigned char>(unsigned char*);
template void ysArrayDelete<char>(char*); template void ysArrayDelete<char>(char*);
} }
......
...@@ -28,7 +28,6 @@ ...@@ -28,7 +28,6 @@
#include "yassl_int.hpp" #include "yassl_int.hpp"
#include "handshake.hpp" #include "handshake.hpp"
#include "timer.hpp" #include "timer.hpp"
#include "openssl/ssl.h" // for DH
#ifdef YASSL_PURE_C #ifdef YASSL_PURE_C
...@@ -1375,16 +1374,51 @@ Sessions& GetSessions() ...@@ -1375,16 +1374,51 @@ Sessions& GetSessions()
static sslFactory* sslFactoryInstance = 0; static sslFactory* sslFactoryInstance = 0;
sslFactory& GetSSL_Factory(){ sslFactory& GetSSL_Factory()
{
if (!sslFactoryInstance) if (!sslFactoryInstance)
sslFactoryInstance = NEW_YS sslFactory; sslFactoryInstance = NEW_YS sslFactory;
return *sslFactoryInstance; return *sslFactoryInstance;
} }
static CryptProvider* cryptProviderInstance = 0;
CryptProvider& GetCryptProvider()
{
if (!cryptProviderInstance)
cryptProviderInstance = NEW_YS CryptProvider;
return *cryptProviderInstance;
}
CryptProvider::~CryptProvider()
{
mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
}
Digest* CryptProvider::NewMd5()
{
Digest* ptr = NEW_YS MD5();
digestList_.push_back(ptr);
return ptr;
}
BulkCipher* CryptProvider::NewDesEde()
{
BulkCipher* ptr = NEW_YS DES_EDE();
cipherList_.push_back(ptr);
return ptr;
}
void CleanUp() void CleanUp()
{ {
TaoCrypt::CleanUp(); TaoCrypt::CleanUp();
ysDelete(cryptProviderInstance);
ysDelete(sslFactoryInstance); ysDelete(sslFactoryInstance);
ysDelete(sessionsInstance); ysDelete(sessionsInstance);
} }
...@@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b) ...@@ -1978,18 +2012,20 @@ void Security::set_resuming(bool b)
X509_NAME::X509_NAME(const char* n, size_t sz) X509_NAME::X509_NAME(const char* n, size_t sz)
: name_(0) : name_(0), sz_(sz)
{ {
if (sz) { if (sz) {
name_ = NEW_YS char[sz]; name_ = NEW_YS char[sz];
memcpy(name_, n, sz); memcpy(name_, n, sz);
} }
entry_.data = 0;
} }
X509_NAME::~X509_NAME() X509_NAME::~X509_NAME()
{ {
ysArrayDelete(name_); ysArrayDelete(name_);
ysArrayDelete(entry_.data);
} }
...@@ -1999,8 +2035,10 @@ char* X509_NAME::GetName() ...@@ -1999,8 +2035,10 @@ char* X509_NAME::GetName()
} }
X509::X509(const char* i, size_t iSz, const char* s, size_t sSz) X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
: issuer_(i, iSz), subject_(s, sSz) const char* b, int bSz, const char* a, int aSz)
: issuer_(i, iSz), subject_(s, sSz),
beforeDate_(b, bSz), afterDate_(a, aSz)
{} {}
...@@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject() ...@@ -2016,6 +2054,61 @@ X509_NAME* X509::GetSubject()
} }
ASN1_STRING* X509::GetBefore()
{
return beforeDate_.GetString();
}
ASN1_STRING* X509::GetAfter()
{
return afterDate_.GetString();
}
ASN1_STRING* X509_NAME::GetEntry(int i)
{
if (i < 0 || i >= int(sz_))
return 0;
if (entry_.data)
ysArrayDelete(entry_.data);
entry_.data = NEW_YS byte[sz_]; // max size;
memcpy(entry_.data, &name_[i], sz_ - i);
if (entry_.data[sz_ -i - 1]) {
entry_.data[sz_ - i] = 0;
entry_.length = sz_ - i;
}
else
entry_.length = sz_ - i - 1;
entry_.type = 0;
return &entry_;
}
StringHolder::StringHolder(const char* str, int sz)
{
asnString_.length = sz;
asnString_.data = NEW_YS byte[sz + 1];
memcpy(asnString_.data, str, sz);
asnString_.type = 0; // not used for now
}
StringHolder::~StringHolder()
{
ysArrayDelete(asnString_.data);
}
ASN1_STRING* StringHolder::GetString()
{
return &asnString_;
}
} // namespace } // namespace
......
...@@ -92,7 +92,7 @@ enum DNTags ...@@ -92,7 +92,7 @@ enum DNTags
enum Constants enum Constants
{ {
MIN_DATE_SZ = 13, MIN_DATE_SZ = 13,
MAX_DATE_SZ = 15, MAX_DATE_SZ = 16,
MAX_ALGO_SZ = 16, MAX_ALGO_SZ = 16,
MAX_LENGTH_SZ = 5, MAX_LENGTH_SZ = 5,
MAX_SEQ_SZ = 5, // enum(seq|con) + length(4) MAX_SEQ_SZ = 5, // enum(seq|con) + length(4)
...@@ -252,6 +252,8 @@ public: ...@@ -252,6 +252,8 @@ public:
const char* GetIssuer() const { return issuer_; } const char* GetIssuer() const { return issuer_; }
const char* GetCommonName() const { return subject_; } const char* GetCommonName() const { return subject_; }
const byte* GetHash() const { return subjectHash_; } const byte* GetHash() const { return subjectHash_; }
const char* GetBeforeDate() const { return beforeDate_; }
const char* GetAfterDate() const { return afterDate_; }
void DecodeToKey(); void DecodeToKey();
private: private:
...@@ -266,6 +268,8 @@ private: ...@@ -266,6 +268,8 @@ private:
byte* signature_; byte* signature_;
char issuer_[NAME_MAX]; // Names char issuer_[NAME_MAX]; // Names
char subject_[NAME_MAX]; // Names char subject_[NAME_MAX]; // Names
char beforeDate_[MAX_DATE_SZ]; // valid before date
char afterDate_[MAX_DATE_SZ]; // valid after date
bool verify_; // Default to yes, but could be off bool verify_; // Default to yes, but could be off
void ReadHeader(); void ReadHeader();
......
...@@ -784,6 +784,16 @@ void CertDecoder::GetDate(DateType dt) ...@@ -784,6 +784,16 @@ void CertDecoder::GetDate(DateType dt)
source_.SetError(BEFORE_DATE_E); source_.SetError(BEFORE_DATE_E);
else else
source_.SetError(AFTER_DATE_E); source_.SetError(AFTER_DATE_E);
// save for later use
if (dt == BEFORE) {
memcpy(beforeDate_, date, length);
beforeDate_[length] = 0;
}
else { // after
memcpy(afterDate_, date, length);
afterDate_[length] = 0;
}
} }
......
...@@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b) ...@@ -2428,7 +2428,7 @@ void PositiveMultiply(Integer& product, const Integer& a, const Integer& b)
product.reg_.CleanNew(RoundupSize(aSize + bSize)); product.reg_.CleanNew(RoundupSize(aSize + bSize));
product.sign_ = Integer::POSITIVE; product.sign_ = Integer::POSITIVE;
WordBlock workspace(aSize + bSize); AlignedWordBlock workspace(aSize + bSize);
AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(), AsymmetricMultiply(product.reg_.get_buffer(), workspace.get_buffer(),
a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize); a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), bSize);
} }
...@@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient, ...@@ -3375,7 +3375,7 @@ void PositiveDivide(Integer& remainder, Integer& quotient,
quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2)); quotient.reg_.CleanNew(RoundupSize(aSize-bSize+2));
quotient.sign_ = Integer::POSITIVE; quotient.sign_ = Integer::POSITIVE;
WordBlock T(aSize+2*bSize+4); AlignedWordBlock T(aSize+2*bSize+4);
Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(), Divide(remainder.reg_.get_buffer(), quotient.reg_.get_buffer(),
T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(), T.get_buffer(), a.reg_.get_buffer(), aSize, b.reg_.get_buffer(),
bSize); bSize);
...@@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const ...@@ -3595,7 +3595,7 @@ Integer Integer::InverseMod(const Integer &m) const
return !u ? Zero() : (m*(*this-u)+1)/(*this); return !u ? Zero() : (m*(*this-u)+1)/(*this);
} }
WordBlock T(m.reg_.size() * 4); AlignedWordBlock T(m.reg_.size() * 4);
Integer r((word)0, m.reg_.size()); Integer r((word)0, m.reg_.size());
unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(), unsigned k = AlmostInverse(r.reg_.get_buffer(), T.get_buffer(),
reg_.get_buffer(), reg_.size(), reg_.get_buffer(), reg_.size(),
......
...@@ -25,6 +25,15 @@ ...@@ -25,6 +25,15 @@
#include "runtime.hpp" #include "runtime.hpp"
#include "misc.hpp" #include "misc.hpp"
extern "C" {
// for libcurl configure test, these are the signatures they use
// locking handled internally by library
char CRYPTO_lock() { return 0;}
char CRYPTO_add_lock() { return 0;}
} // extern "C"
#ifdef YASSL_PURE_C #ifdef YASSL_PURE_C
void* operator new(size_t sz, TaoCrypt::new_t) void* operator new(size_t sz, TaoCrypt::new_t)
......
...@@ -64,7 +64,8 @@ LIB32=link.exe -lib ...@@ -64,7 +64,8 @@ LIB32=link.exe -lib
# PROP Intermediate_Dir "Debug" # PROP Intermediate_Dir "Debug"
# PROP Target_Dir "" # PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /FR /YX /FD /GZ /c # ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
# SUBTRACT CPP /Fr
# ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe BSC32=bscmake.exe
......
...@@ -146,10 +146,10 @@ int test_openSSL_des() ...@@ -146,10 +146,10 @@ int test_openSSL_des()
(byte*)key, iv); (byte*)key, iv);
byte cipher[16]; byte cipher[16];
DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[8], DES_ede3_cbc_encrypt((byte*)data, cipher, dataSz, &key[0], &key[1],
&key[16], &iv, true); &key[2], &iv, true);
byte plain[16]; byte plain[16];
DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[8], &key[16], DES_ede3_cbc_encrypt(cipher, plain, 16, &key[0], &key[1], &key[2],
&iv, false); &iv, false);
return 0; return 0;
} }
...@@ -42,7 +42,7 @@ RSC=rc.exe ...@@ -42,7 +42,7 @@ RSC=rc.exe
# PROP Ignore_Export_Lib 0 # PROP Ignore_Export_Lib 0
# PROP Target_Dir "" # PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /MT /W3 /GX- /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c # ADD CPP /nologo /MT /W3 /O2 /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe BSC32=bscmake.exe
...@@ -67,7 +67,7 @@ LINK32=link.exe ...@@ -67,7 +67,7 @@ LINK32=link.exe
# PROP Ignore_Export_Lib 0 # PROP Ignore_Export_Lib 0
# PROP Target_Dir "" # PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /GX- /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c # ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "../taocrypt/include" /I "../include" /I "../mySTL" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "NO_MAIN_DRIVER" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe BSC32=bscmake.exe
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment