1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 10.4 to 10.5

Browse Source
This commit is contained in:
Marko Mäkelä 2019-05-27 11:08:51 +03:00
commit c0cd662b98
240 changed files with 742 additions and 46072 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -8,6 +8,9 @@
path = wsrep-lib
url = https://github.com/codership/wsrep-lib.git
branch = master
[submodule "extra/wolfssl/wolfssl"]
path = extra/wolfssl/wolfssl
url = https://github.com/WolfSSL/wolfssl
[submodule "storage/maria/libmarias3"]
path = storage/maria/libmarias3
url = https://github.com/mariadb-corporation/libmarias3

4
CMakeLists.txt
View File

@ -351,7 +351,7 @@ IF(NOT HAVE_CXX_NEW)
ENDIF()
# Find header files from the bundled libraries
# (yassl, readline, pcre, etc)
# (wolfssl, readline, pcre, etc)
# before the ones installed in the system
SET(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)
@ -364,7 +364,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR}/include)
# Add bundled or system zlib.
MYSQL_CHECK_ZLIB_WITH_COMPRESS()
# Add bundled yassl/taocrypt or system openssl.
# Add bundled wolfssl/wolfcrypt or system openssl.
MYSQL_CHECK_SSL()
# Add readline or libedit.
MYSQL_CHECK_READLINE()

2
cmake/libutils.cmake
View File

@ -317,7 +317,7 @@ ELSEIF(UNIX)
ENDIF()
ENDIF()
# We try to hide the symbols in yassl/zlib to avoid name clashes with
# We try to hide the symbols in bundled libraries to avoid name clashes with
# other libraries like openssl.
FUNCTION(RESTRICT_SYMBOL_EXPORTS target)
IF(VISIBILITY_HIDDEN_FLAG)

2
cmake/mariadb_connector_c.cmake
View File

@ -8,7 +8,7 @@ SET(CONC_WITH_SIGNCODE ${SIGNCODE})
SET(SIGN_OPTIONS ${SIGNTOOL_PARAMETERS})
SET(CONC_WITH_EXTERNAL_ZLIB ON)
IF(SSL_DEFINES MATCHES "YASSL")
IF(SSL_DEFINES MATCHES "WOLFSSL")
IF(WIN32)
SET(CONC_WITH_SSL "SCHANNEL")
ELSE()

36
cmake/ssl.cmake
View File

@ -15,7 +15,7 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA
# We support different versions of SSL:
# - "bundled" uses source code in <source dir>/extra/yassl
# - "bundled" uses source code in <source dir>/extra/wolfssl
# - "system" (typically) uses headers/libraries in /usr/lib and /usr/lib64
# - a custom installation of openssl can be used like this
# - cmake -DCMAKE_PREFIX_PATH=</path/to/custom/openssl> -DWITH_SSL="system"
@ -35,7 +35,7 @@
# 'set path=</path/to/custom/openssl>\bin;%PATH%
# in order to find the .dll files at runtime.
SET(WITH_SSL_DOC "bundled (use yassl)")
SET(WITH_SSL_DOC "bundled (use wolfssl)")
SET(WITH_SSL_DOC
"${WITH_SSL_DOC}, yes (prefer os library if present, otherwise use bundled)")
SET(WITH_SSL_DOC
@ -48,29 +48,19 @@ MACRO (CHANGE_SSL_SETTINGS string)
ENDMACRO()
MACRO (MYSQL_USE_BUNDLED_SSL)
SET(INC_DIRS
${CMAKE_SOURCE_DIR}/extra/yassl/include
${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/include
SET(INC_DIRS
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl/wolfssl
)
SET(SSL_LIBRARIES yassl taocrypt)
SET(SSL_LIBRARIES wolfssl wolfcrypt)
SET(SSL_INCLUDE_DIRS ${INC_DIRS})
SET(SSL_INTERNAL_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL)
SET(SSL_DEFINES "-DHAVE_YASSL -DYASSL_PREFIX -DHAVE_OPENSSL -DMULTI_THREADED")
SET(HAVE_ERR_remove_thread_state OFF CACHE INTERNAL "yassl doesn't have ERR_remove_thread_state")
SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "yassl doesn't support AES-CTR")
SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "yassl doesn't support AES-GCM")
SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DOPENSSL_ALL -DWOLFSSL_MYSQL_COMPATIBLE -DWC_NO_HARDEN")
SET(HAVE_ERR_remove_thread_state ON CACHE INTERNAL "wolfssl doesn't have ERR_remove_thread_state")
SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "wolfssl does support AES-CTR, but differently from openssl")
SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM")
SET(HAVE_X509_check_host ON CACHE INTERNAL "wolfssl does support X509_check_host")
CHANGE_SSL_SETTINGS("bundled")
ADD_SUBDIRECTORY(extra/yassl)
ADD_SUBDIRECTORY(extra/yassl/taocrypt)
GET_TARGET_PROPERTY(src yassl SOURCES)
FOREACH(file ${src})
SET(SSL_SOURCES ${SSL_SOURCES} ${CMAKE_SOURCE_DIR}/extra/yassl/${file})
ENDFOREACH()
GET_TARGET_PROPERTY(src taocrypt SOURCES)
FOREACH(file ${src})
SET(SSL_SOURCES ${SSL_SOURCES}
${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/${file})
ENDFOREACH()
ADD_SUBDIRECTORY(extra/wolfssl)
MESSAGE_ONCE(SSL_LIBRARIES "SSL_LIBRARIES = ${SSL_LIBRARIES}")
ENDMACRO()
@ -155,6 +145,8 @@ MACRO (MYSQL_CHECK_SSL)
HAVE_EncryptAes128Ctr)
CHECK_SYMBOL_EXISTS(EVP_aes_128_gcm "openssl/evp.h"
HAVE_EncryptAes128Gcm)
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
HAVE_X509_check_host)
SET(CMAKE_REQUIRED_INCLUDES)
SET(CMAKE_REQUIRED_LIBRARIES)
ELSE()

1
config.h.cmake
View File

@ -385,6 +385,7 @@
#cmakedefine HAVE_SVR3_SIGNALS 1
#cmakedefine HAVE_V7_SIGNALS 1
#cmakedefine HAVE_ERR_remove_thread_state 1
#cmakedefine HAVE_X509_check_host 1
#cmakedefine HAVE_SOLARIS_STYLE_GETHOST 1

4
extra/mariabackup/CMakeLists.txt
View File

@ -52,8 +52,8 @@ ELSE()
SET(NT_SERVICE_SOURCE)
ENDIF()
ADD_DEFINITIONS(-DPCRE_STATIC=1 -DHAVE_OPENSSL=1)
ADD_DEFINITIONS(-DPCRE_STATIC=1)
ADD_DEFINITIONS(${SSL_DEFINES})
MYSQL_ADD_EXECUTABLE(mariabackup
xtrabackup.cc
innobackupex.cc

20
extra/mariabackup/xtrabackup.cc
View File

@ -2655,7 +2655,7 @@ static lsn_t xtrabackup_copy_log(lsn_t start_lsn, lsn_t end_lsn, bool last)
log_block,
scanned_lsn + data_len);
recv_sys->scanned_lsn = scanned_lsn + data_len;
recv_sys.scanned_lsn = scanned_lsn + data_len;
if (data_len == OS_FILE_LOG_BLOCK_SIZE) {
/* We got a full log block. */
@ -2707,13 +2707,13 @@ static lsn_t xtrabackup_copy_log(lsn_t start_lsn, lsn_t end_lsn, bool last)
static bool xtrabackup_copy_logfile(bool last = false)
{
ut_a(dst_log_file != NULL);
ut_ad(recv_sys != NULL);
ut_ad(recv_sys.is_initialised());
lsn_t start_lsn;
lsn_t end_lsn;
recv_sys->parse_start_lsn = log_copy_scanned_lsn;
recv_sys->scanned_lsn = log_copy_scanned_lsn;
recv_sys.parse_start_lsn = log_copy_scanned_lsn;
recv_sys.scanned_lsn = log_copy_scanned_lsn;
start_lsn = ut_uint64_align_down(log_copy_scanned_lsn,
OS_FILE_LOG_BLOCK_SIZE);
@ -2736,15 +2736,15 @@ static bool xtrabackup_copy_logfile(bool last = false)
if (lsn == start_lsn) {
start_lsn = 0;
} else {
mutex_enter(&recv_sys->mutex);
mutex_enter(&recv_sys.mutex);
start_lsn = xtrabackup_copy_log(start_lsn, lsn, last);
mutex_exit(&recv_sys->mutex);
mutex_exit(&recv_sys.mutex);
}
log_mutex_exit();
if (!start_lsn) {
msg(recv_sys->found_corrupt_log
msg(recv_sys.found_corrupt_log
? "xtrabackup_copy_logfile() failed: corrupt log."
: "xtrabackup_copy_logfile() failed.");
return true;
@ -4059,7 +4059,7 @@ fail:
ut_crc32_init();
crc_init();
recv_sys_init();
recv_sys.create();
#ifdef WITH_INNODB_DISALLOW_WRITES
srv_allow_writes_event = os_event_create(0);
@ -4219,7 +4219,7 @@ fail_before_log_copying_thread_start:
/* copy log file by current position */
log_copy_scanned_lsn = checkpoint_lsn_start;
recv_sys->recovered_lsn = log_copy_scanned_lsn;
recv_sys.recovered_lsn = log_copy_scanned_lsn;
log_optimized_ddl_op = backup_optimized_ddl_op;
if (xtrabackup_copy_logfile())
@ -5458,7 +5458,7 @@ static bool xtrabackup_prepare_func(char** argv)
sync_check_init();
ut_d(sync_check_enable());
ut_crc32_init();
recv_sys_init();
recv_sys.create();
log_sys.create();
recv_recovery_on = true;

89
extra/wolfssl/CMakeLists.txt Normal file
View File

@ -0,0 +1,89 @@
SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
ADD_DEFINITIONS(${SSL_DEFINES})
ADD_DEFINITIONS(
-DHAVE_CRL
-DWOLFSSL_MYSQL_COMPATIBLE
-DHAVE_ECC
-DECC_TIMING_RESISTANT
-DBUILDING_WOLFSSL
-DHAVE_HASHDRBG
-DWOLFSSL_AES_DIRECT
-DWOLFSSL_SHA384
-DWOLFSSL_SHA512
-DWOLFSSL_SHA224
-DSESSION_CERT
-DKEEP_OUR_CERT
-DWOLFSSL_STATIC_RSA
-DWC_RSA_BLINDING
-DHAVE_TLS_EXTENSIONS
-DHAVE_AES_ECB
-DWOLFSSL_AES_COUNTER
-DNO_WOLFSSL_STUB)
SET(WOLFSSL_SOURCES
${WOLFSSL_SRCDIR}/crl.c
${WOLFSSL_SRCDIR}/internal.c
${WOLFSSL_SRCDIR}/keys.c
${WOLFSSL_SRCDIR}/tls.c
${WOLFSSL_SRCDIR}/wolfio.c
${WOLFSSL_SRCDIR}/ocsp.c
${WOLFSSL_SRCDIR}/ssl.c)
ADD_DEFINITIONS(-DWOLFSSL_LIB)
INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
IF(MSVC)
# size_t to long truncation warning
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267")
IF(CMAKE_C_COMPILER_ID MATCHES Clang)
# Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
ADD_DEFINITIONS(-DMP_16BIT)
ENDIF()
ENDIF()
ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})
# Workaround linker crash with older Ubuntu binutils
# e.g aborting at ../../bfd/merge.c line 873 in _bfd_merged_section_offset
IF(CMAKE_SYSTEM_NAME MATCHES "Linux")
STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_RELWITHDEBINFO
${CMAKE_C_FLAGS_RELWITHDEBINFO})
STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_DEBUG
${CMAKE_C_FLAGS_DEBUG})
STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_RELWITHDEBINFO
${CMAKE_C_FLAGS_RELWITHDEBINFO})
STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_DEBUG
${CMAKE_C_FLAGS_DEBUG})
ENDIF()
SET(WOLFCRYPT_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/wolfcrypt/src)
SET(WOLFCRYPT_SOURCES
${WOLFCRYPT_SRCDIR}/aes.c
${WOLFCRYPT_SRCDIR}/arc4.c
${WOLFCRYPT_SRCDIR}/asn.c
${WOLFCRYPT_SRCDIR}/coding.c
${WOLFCRYPT_SRCDIR}/des3.c
${WOLFCRYPT_SRCDIR}/dh.c
${WOLFCRYPT_SRCDIR}/dsa.c
${WOLFCRYPT_SRCDIR}/ecc.c
${WOLFCRYPT_SRCDIR}/error.c
${WOLFCRYPT_SRCDIR}/hmac.c
${WOLFCRYPT_SRCDIR}/integer.c
${WOLFCRYPT_SRCDIR}/logging.c
${WOLFCRYPT_SRCDIR}/md4.c
${WOLFCRYPT_SRCDIR}/md5.c
${WOLFCRYPT_SRCDIR}/memory.c
${WOLFCRYPT_SRCDIR}/pkcs12.c
${WOLFCRYPT_SRCDIR}/pwdbased.c
${WOLFCRYPT_SRCDIR}/rabbit.c
${WOLFCRYPT_SRCDIR}/random.c
${WOLFCRYPT_SRCDIR}/rsa.c
${WOLFCRYPT_SRCDIR}/sha.c
${WOLFCRYPT_SRCDIR}/sha256.c
${WOLFCRYPT_SRCDIR}/sha512.c
${WOLFCRYPT_SRCDIR}/wc_port.c
${WOLFCRYPT_SRCDIR}/wc_encrypt.c
${WOLFCRYPT_SRCDIR}/hash.c
${WOLFCRYPT_SRCDIR}/wolfmath.c
)
ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})

1
extra/wolfssl/wolfssl Submodule

@ -0,0 +1 @@
Subproject commit 21f2beca9f320199fcea4a96df3e19967804144b

0
extra/yassl/AUTHORS
View File

29
extra/yassl/CMakeLists.txt
View File

@ -1,29 +0,0 @@
# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA
INCLUDE_DIRECTORIES(
${CMAKE_SOURCE_DIR}/include
${CMAKE_SOURCE_DIR}/extra/yassl/include
${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/include
${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL)
ADD_DEFINITIONS(${SSL_DEFINES})
SET(YASSL_SOURCES src/buffer.cpp src/cert_wrapper.cpp src/crypto_wrapper.cpp src/handshake.cpp src/lock.cpp
src/log.cpp src/socket_wrapper.cpp src/ssl.cpp src/timer.cpp src/yassl_error.cpp
src/yassl_imp.cpp src/yassl_int.cpp)
ADD_CONVENIENCE_LIBRARY(yassl ${YASSL_SOURCES})
RESTRICT_SYMBOL_EXPORTS(yassl)

340
extra/yassl/COPYING
View File

@ -1,340 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

0
extra/yassl/ChangeLog
View File

121
extra/yassl/FLOSS-EXCEPTIONS
View File

@ -1,121 +0,0 @@
yaSSL FLOSS License Exception
****************************************
Version 0.2, 31 August 2006
The Sawtooth Consulting Ltd. Exception for Free/Libre and Open Source
Software-only Applications Using yaSSL Libraries (the "FLOSS Exception").
*Exception Intent*
We want specified Free/Libre and Open Source Software ("FLOSS")
applications to be able to use specified GPL-licensed yaSSL
libraries (the "Program") despite the fact that not all FLOSS
licenses are compatible with version 2 of the GNU General Public
License (the "GPL").
*Legal Terms and Conditions*
As a special exception to the terms and conditions of version 2.0 of
the GPL:
1. You are free to distribute a Derivative Work that is formed
entirely from the Program and one or more works (each, a "FLOSS
Work") licensed under one or more of the licenses listed below
in section 1, as long as:
1. You obey the GPL in all respects for the Program and the
Derivative Work, except for identifiable sections of the
Derivative Work which are not derived from the Program,
and which can reasonably be considered independent and
separate works in themselves,
2. all identifiable sections of the Derivative Work which
are not derived from the Program, and which can reasonably be
considered independent and separate works in themselves,
* i
are distributed subject to one of the FLOSS licenses
listed below, and
* ii
the object code or executable form of those sections are
accompanied by the complete corresponding machine-readable
source code for those sections on the same medium and under
the same FLOSS license as the corresponding object code or
executable forms of those sections, and
3. any works which are aggregated with the Program or with
a Derivative Work on a volume of a storage or distribution
medium in accordance with the GPL, can reasonably be considered
independent and separate works in themselves which are not
derivatives of either the Program, a Derivative Work or a FLOSS
Work.
If the above conditions are not met, then the Program may only be
copied, modified, distributed or used under the terms and
conditions of the GPL or another valid licensing option from
Sawtooth Consulting Ltd.
2. FLOSS License List
*License name* *Version(s)/Copyright Date*
Academic Free License 2.0
Apache Software License 1.0/1.1/2.0
Apple Public Source License 2.0
Artistic license From Perl 5.8.0
BSD license "July 22 1999"
Common Development and Distribution License (CDDL) 1.0
Common Public License 1.0
GNU Library or "Lesser" General Public 2.0/2.1
License (LGPL)
Jabber Open Source License 1.0
MIT license -
Mozilla Public License (MPL) 1.0/1.1
Open Software License 2.0
PHP License 3.0
Python license (CNRI Python License) -
Python Software Foundation License 2.1.1
Sleepycat License "1999"
University of Illinois/NCSA Open Source License -
W3C License "2001"
X11 License "2001"
Zlib/libpng License -
Zope Public License 2.0
Due to the many variants of some of the above licenses, we require
that any version follow the 2003 version of the Free Software
Foundation's Free Software Definition
(http://www.gnu.org/philosophy/free-sw.html
(http://www.gnu.org/philosophy/free-sw.html)) or version 1.9 of
the Open Source Definition by the Open Source Initiative
(http://www.opensource.org/docs/definition.php
(http://www.opensource.org/docs/definition.php)).
3. Definitions
1. Terms used, but not defined, herein shall have the
meaning provided in the GPL.
2. Derivative Work means a derivative work under copyright
law.
4. Applicability This FLOSS Exception applies to all Programs that
contain a notice placed by Sawtooth Consulting Ltd. saying that the
Program may be distributed under the terms of this FLOSS Exception.
If you create or distribute a work which is a Derivative Work of
both the Program and any other work licensed under the GPL, then
this FLOSS Exception is not available for that work; thus, you
must remove the FLOSS Exception notice from that work and
comply with the GPL in all respects, including by retaining all
GPL notices. You may choose to redistribute a copy of the
Program exclusively under the terms of the GPL by removing the
FLOSS Exception notice from that copy of the Program, provided
that the copy has never been modified by you or any third party.

234
extra/yassl/INSTALL
View File

@ -1,234 +0,0 @@
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006 Free Software Foundation, Inc.
This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that the
`configure' script does not know about. Run `./configure --help' for
details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out automatically,
but needs to determine by the type of machine the package will run on.
Usually, assuming the package is built to be run on the _same_
architectures, `configure' can figure that out, but if it prints a
message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share, you
can create a site shell script called `config.site' that gives default
values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it operates.
`--help'
`-h'
Print a summary of the options to `configure', and exit.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

0
extra/yassl/NEWS
View File

786
extra/yassl/README
View File

@ -1,786 +0,0 @@
*** Note, Please read ***
yaSSL takes a different approach to certificate verification than OpenSSL does.
The default policy for the client is to verify the server, this means that if
you don't load CAs to verify the server you'll get a connect error, unable to
verify. It you want to mimic OpenSSL behavior of not verifying the server and
reducing security you can do this by calling:
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling SSL_new();
*** end Note ***
yaSSL Release notes, version 2.4.4 (8/8/2017)
This release of yaSSL fixes an interop issue. A fix for detecting cipher
suites with non leading zeros is included as yaSSL only supports cipher
suites with leading zeros. Thanks for the report from Security Innovation
and Oracle.
Users interoping with other SSL stacks should update.
yaSSL Release notes, version 2.4.2 (9/22/2016)
This release of yaSSL fixes a medium security vulnerability. A fix for
potential AES side channel leaks is included that a local user monitoring
the same CPU core cache could exploit. VM users, hyper-threading users,
and users where potential attackers have access to the CPU cache will need
to update if they utilize AES.
DSA padding fixes for unusual sizes is included as well. Users with DSA
certficiates should update.
yaSSL Release notes, version 2.4.0 (5/20/2016)
This release of yaSSL fixes the OpenSSL compatibility function
SSL_CTX_load_verify_locations() when using the path directory to allow
unlimited path sizes. Minor Windows build fixes are included.
No high level security fixes in this version but we always recommend
updating.
yaSSL Release notes, version 2.3.9b (2/03/2016)
This release of yaSSL fixes the OpenSSL compatibility function
X509_NAME_get_index_by_NID() to use the actual index of the common name
instead of searching on the format prefix. Thanks for the report from
yashwant.sahu@oracle.com . Anyone using this function should update.
yaSSL Release notes, version 2.3.9 (12/01/2015)
This release of yaSSL fixes two client side Diffie-Hellman problems.
yaSSL was only handling the cases of zero or one leading zeros for the key
agreement instead of potentially any number. This caused about 1 in 50,000
connections to fail when using DHE cipher suites. The second problem was
the case where a server would send a public value shorter than the prime
value, causing about 1 in 128 client connections to fail, and also
caused the yaSSL client to read off the end of memory. All client side
DHE cipher suite users should update.
Thanks to Adam Langely (agl@imperialviolet.org) for the detailed report!
yaSSL Release notes, version 2.3.8 (9/17/2015)
This release of yaSSL fixes a high security vulnerability. All users
SHOULD update. If using yaSSL for TLS on the server side with private
RSA keys allowing ephemeral key exchange you MUST update and regenerate
the RSA private keys. This report is detailed in:
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
yaSSL now detects RSA signature faults and returns an error.
yaSSL Patch notes, version 2.3.7e (6/26/2015)
This release of yaSSL includes a fix for Date less than comparison.
Previously yaSSL would return true on less than comparisons if the Dates
were equal. Reported by Oracle. No security problem, but if a cert was
generated right now, a server started using it in the same second, and a
client tried to verify it in the same second it would report not yet valid.
yaSSL Patch notes, version 2.3.7d (6/22/2015)
This release of yaSSL includes a fix for input_buffer set_current with
index 0. SSL_peek() at front of waiting data could trigger. Robert
Golebiowski of Oracle identified and suggested a fix, thanks!
yaSSL Patch notes, version 2.3.7c (6/12/2015)
This release of yaSSL does certificate DATE comparisons to the second
instead of to the minute, helpful when using freshly generated certs.
Though keep in mind that time sync differences could still show up.
yaSSL Patch notes, version 2.3.7b (3/18/2015)
This release of yaSSL fixes a potential crash with corrupted private keys.
Also detects bad keys earlier for user.
yaSSL Release notes, version 2.3.7 (12/10/2014)
This release of yaSSL fixes the potential to process duplicate handshake
messages by explicitly marking/checking received handshake messages.
yaSSL Release notes, version 2.3.6 (11/25/2014)
This release of yaSSL fixes some valgrind warnings/errors including
uninitialized reads and off by one index errors induced from fuzzing
the handshake. These were reported by Oracle.
yaSSL Release notes, version 2.3.5 (9/29/2014)
This release of yaSSL fixes an RSA Padding check vulnerability reported by
Intel Security Advanced Threat Research team
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
yaSSL Release notes, version 2.3.4 (8/15/2014)
This release of yaSSL adds checking to the input_buffer class itself.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
yaSSL Release notes, version 2.3.2 (7/25/2014)
This release of yaSSL updates test certs.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.3.0 (12/5/2013)
This release of yaSSL updates asm for newer GCC versions.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.2.3 (4/23/2013)
This release of yaSSL updates the test certificates as they were expired
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.2.2d (2/5/2013)
This release of yaSSL contains countermeasuers for the Lucky 13 TLS 1.1
CBC timing padding attack identified by Nadhem AlFardan and Kenneth Paterson
see: http://www.isg.rhul.ac.uk/tls/
It also adds SHA2 certificate verification and better checks for malicious
input.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.2.2 (7/5/2012)
This release of yaSSL contains bug fixes and more security checks around
malicious certificates.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.1.2 (9/2/2011)
This release of yaSSL contains bug fixes, better non-blocking support with
SSL_write, and OpenSSL RSA public key format support.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 2.0.0 (7/6/2010)
This release of yaSSL contains bug fixes, new testing certs,
and a security patch for a potential heap overflow on forged application
data processing. Vulnerability discovered by Matthieu Bonetti from VUPEN
Security http://www.vupen.com.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
This release of yaSSL contains bug fixes, the removal of assert() s and
a security patch for a buffer overflow possibility in certificate name
processing.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.8 (10/14/09)
This release of yaSSL contains bug fixes and adds new stream ciphers
Rabbit and HC-128
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.6 (11/13/08)
This release of yaSSL contains bug fixes, adds autconf shared library
support and has better server suite detection based on certficate and
private key.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.2 (9/24/08)
This release of yaSSL contains bug fixes and improved certificate verify
callback support.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.8.8 (5/7/08)
This release of yaSSL contains bug fixes, and better socket handling.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.8.6 (1/31/08)
This release of yaSSL contains bug fixes, and fixes security problems
associated with using SSL 2.0 client hellos and improper input handling.
Please upgrade to this version if you are using a previous one.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.7.5 (10/15/07)
This release of yaSSL contains bug fixes, adds MSVC 2005 project support,
GCC 4.2 support, IPV6 support and test, and new test certificates.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.7.2 (8/20/07)
This release of yaSSL contains bug fixes and adds initial OpenVPN support.
Just configure at this point and beginning of build.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.6.8 (4/16/07)
This release of yaSSL contains bug fixes and adds SHA-256, SHA-512, SHA-224,
and SHA-384.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.6.0 (2/22/07)
This release of yaSSL contains bug fixes, portability enhancements, and
better X509 support.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.5.8 (1/10/07)
This release of yaSSL contains bug fixes, portability enhancements, and
support for GCC 4.1.1 and vs2005 sp1.
Since yaSSL now supports zlib, as does libcurl, the libcurl build test can
fail if yaSSL is built with zlib support since the zlib library isn't
passed. You can do two things to fix this:
1) build yaSSL w/o zlib --without-zlib
2) or add flags to curl configure LDFLAGS="-lm -lz"
*****************yaSSL Release notes, version 1.5.0 (11/09/06)
This release of yaSSL contains bug fixes, portability enhancements,
and full TLS 1.1 support. Use the functions:
SSL_METHOD *TLSv1_1_server_method(void);
SSL_METHOD *TLSv1_1_client_method(void);
or the SSLv23 versions (even though yaSSL doesn't support SSL 2.0 the v23
means to pick the highest of SSL 3.0, TLS 1.0, or TLS 1.1).
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
****************yaSSL Release notes, version 1.4.5 (10/15/06)
This release of yaSSL contains bug fixes, portability enhancements,
zlib compression support, removal of assembly instructions at runtime if
not supported, and initial TLS 1.1 support.
Compression Notes: yaSSL uses zlib for compression and the compression
should only be used if yaSSL is at both ends because the implementation
details aren't yet standard. If you'd like to turn compression on use
the SSL_set_compression() function on the client before calling
SSL_connect(). If both the client and server were built with zlib support
then the connection will use compression. If the client isn't built with
support then SSL_set_compression() will return an error (-1).
To build yaSSL with zlib support on Unix simply have zlib support on your
system and configure will find it if it's in the standard locations. If
it's somewhere else use the option ./configure --with-zlib=DIR. If you'd
like to disable compression support in yaSSL use ./configure --without-zlib.
To build yaSSL with zlib support on Windows:
1) download zlib from http://www.zlib.net/
2) follow the instructions in zlib from projects/visualc6/README.txt
for how to add the zlib project into the yaSSL workspace noting that
you'll need to add configuration support for "Win32 Debug" and
"Win32 Release" in note 3 under "To use:".
3) define HAVE_LIBZ when building yaSSL
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.4.0 (08/13/06)
This release of yaSSL contains bug fixes, portability enhancements,
nonblocking connect and accept, better OpenSSL error mapping, and
certificate caching for session resumption.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.3.7 (06/26/06)
This release of yaSSL contains bug fixes, portability enhancements,
and libcurl 7.15.4 support (any newer versions may not build).
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.3.5 (06/01/06)
This release of yaSSL contains bug fixes, portability enhancements,
better libcurl support, and improved non-blocking I/O.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.3.0 (04/26/06)
This release of yaSSL contains minor bug fixes, portability enhancements,
and libcurl support.
See normal build instructions below under 1.0.6.
--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
To build for libcurl the library needs to be built without C++ globals since
the linker will be called in a C context, also libcurl configure will expect
OpenSSL library names so some symbolic links are created.
./configure --enable-pure-c
make
make openssl-links
(then go to your libcurl home and tell libcurl about yaSSL build dir)
./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm
make
--To build for libcurl on Win32:
Simply add the yaSSL project as a dependency to libcurl, add
yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
define USE_SSLEAY and USE_OPENSSL
please email todd@yassl.com if you have any questions.
*******************yaSSL Release notes, version 1.2.2 (03/27/06)
This release of yaSSL contains minor bug fixes and portability enhancements.
See build instructions below under 1.0.6:
*******************yaSSL Release notes, version 1.2.0
This release of yaSSL contains minor bug fixes, portability enhancements,
Diffie-Hellman compatibility fixes for other servers and client,
optimization improvements, and x86 ASM changes.
See build instructions below under 1.0.6:
*****************yaSSL Release notes, version 1.1.5
This release of yaSSL contains minor bug fixes, portability enhancements,
and user requested changes including the ability to add all certificates in
a directory, more robust socket handling, no new overloading unless
requested, and an SSL_VERIFY_NONE option.
See build instructions below under 1.0.6:
******************yaSSL Release notes, version 1.0.6
This release of yaSSL contains minor bug fixes, portability enhancements,
x86 assembly for ARC4, SHA, MD5, and RIPEMD, --enable-ia32-asm configure
option, and a security patch for certificate chain processing.
--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
./configure
make
run testsuite from yaSSL-Home/testsuite to test the build
to make a release build:
./configure --disable-debug
make
run testsuite from yaSSL-Home/testsuite to test the build
--To build on Win32
Choose (Re)Build All from the project workspace
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
***************** yaSSL Release notes, version 1.0.5
This release of yaSSL contains minor bug fixes, portability enhancements,
x86 assembly for AES, 3DES, BLOWFISH, and TWOFISH, --without-debug configure
option, and --enable-kernel-mode configure option for using TaoCrypt with
kernel modules.
--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
./configure
make
run testsuite from yaSSL-Home/testsuite to test the build
to make a release build:
./configure --without-debug
make
run testsuite from yaSSL-Home/testsuite to test the build
--To build on Win32
Choose (Re)Build All from the project workspace
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
******************yaSSL Release notes, version 1.0.1
This release of yaSSL contains minor bug fixes, portability enhancements,
GCC 3.4.4 support, MSVC 2003 support, and more documentation.
Please see build instructions in the release notes for 0.9.6 below.
******************yaSSL Release notes, version 1.0
This release of yaSSL contains minor bug fixes, portability enhancements,
GCC 4.0 support, testsuite, improvements, and API additions.
Please see build instructions in the release notes for 0.9.6 below.
******************yaSSL Release notes, version 0.9.9
This release of yaSSL contains minor bug fixes, portability enchancements,
MSVC 7 support, memory improvements, and API additions.
Please see build instructions in the release notes for 0.9.6 below.
******************yaSSL Release notes, version 0.9.8
This release of yaSSL contains minor bug fixes and portability enchancements.
Please see build instructions in the release notes for 0.9.6 below.
******************yaSSL Release notes, version 0.9.6
This release of yaSSL contains minor bug fixes, removal of STL support, and
removal of exceptions and rtti so that the library can be linked without the
std c++ library.
--To build on Linux, Solaris, FreeBSD, Mac OS X, or Cygwin
./configure
make
run testsuite from yaSSL-Home/testsuite to test the build
--To build on Win32
Choose (Re)Build All from the project workspace
run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
******************yaSSL Release notes, version 0.9.2
This release of yaSSL contains minor bug fixes, expanded certificate
verification and chaining, and improved documentation.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.9.0
This release of yaSSL contains minor bug fixes, client verification handling,
hex and base64 encoing/decoding, and an improved test suite.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.8.0
This release of yaSSL contains minor bug fixes, and initial porting effort to
64bit, BigEndian, and more UNIX systems.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.6.0
This release of yaSSL contains minor bug fixes, source cleanup, and binary beta
(1) of the yaSSL libraries.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.5.0
This release of yaSSL contains minor bug fixes, full session resumption
support, and initial testing suite support.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.4.0
This release of yaSSL contains minor bug fixes, an optional memory tracker,
an echo client and server with input/output redirection for load testing,
and initial session caching support.
Please see build instructions in release notes 0.3.0.
******************yaSSL Release notes, version 0.3.5
This release of yaSSL contains minor bug fixes and extensions to the crypto
library including a full test suite.
*******************yaSSL Release notes, version 0.3.0
This release of yaSSL contains minor bug fixes and extensions to the crypto
library including AES and an improved random number generator. GNU autoconf
and automake are now used to simplify the build process on Linux.
*** Linux Build process
./configure
make
*** Windows Build process
open the yassl workspace and build the project
*******************yaSSL Release notes, version 0.2.9
This release of yaSSL contains minor bug fixes and extensions to the crypto
library.
See the notes at the bottom of this page for build instructions.
*******************yaSSL Release notes, version 0.2.5
This release of yaSSL contains minor bug fixes and a beta binary of the yaSSL
libraries for win32 and linux.
See the notes at the bottom of this page for build instructions.
*******************yaSSL Release notes, version 0.2.0
This release of yaSSL contains minor bug fixes and initial alternate crypto
functionality.
*** Complete Build ***
See the notes in Readme.txt for build instructions.
*** Update Build ***
If you have already done a complete build of yaSSL as described in the release
0.0.1 - 0.1.0 notes and downloaded the update to 0.2.0, place the update file
yassl-update-0.2.0.tar.gz in the yaSSL home directory and issue the command:
gzip -cd yassl-update-0.2.0.tar.gz | tar xvf -
to update the previous release.
Then issue the make command on linux or rebuild the yaSSL project on Windows.
*******************yaSSL Release notes, version 0.1.0
This release of yaSSL contains minor bug fixes, full client and server TLSv1
support including full ephemeral Diffie-Hellman support, SSL type RSA and DSS
signing and verification, and initial stunnel 4.05 build support.
*********************yaSSL Release notes, version 0.0.3
The third release of yaSSL contains minor bug fixes, client certificate
enhancements, and initial ephemeral Diffie-Hellman integration:
*********************
yaSSL Release notes, version 0.0.2
The second release of yaSSL contains minor bug fixes, client certificate
enhancements, session resumption, and improved TLS support including:
- HMAC for MD5 and SHA-1
- PRF (pseudo random function)
- Master Secret and Key derivation routines
- Record Authentication codes
- Finish verify data check
Once ephemeral RSA and DH are added yaSSL will be fully complaint with TLS.
**********************
yassl Release notes, version 0.0.1
The first release of yassl supports normal RSA mode SSLv3 connections with
support for SHA-1 and MD5 digests. Ciphers include DES, 3DES, and RC4.
yassl uses the CryptoPP library for cryptography, the source is available at
www.cryptopp.com .
yassl uses CML (the Certificate Management Library) for x509 support. More
features will be in future versions. The CML source is available for download
from www.digitalnet.com/knowledge/cml_home.htm .
The next release of yassl will support the 3 lesser-used SSL connection modes;
HandShake resumption, Ephemeral RSA (or DH), and Client Authentication as well
as full support for TLS. Backwards support for SSLv2 is not planned at this
time.
**********************
Building yassl on linux:
use the ./buildall script to build everything.
buildall will configure and build CML, CryptoPP, and yassl. Testing was
preformed with gcc version 3.3.2 on kernel 2.4.22.
**********************
Building yassl on Windows:
Testing was preformed on Windows 2000 with Visual C++ 6 sp5.
1) decompress esnacc_r16.tgz in place, see buildall for syntax if unsure
2) decompress smp_r23.tgz in place
3) unzip cryptopp51/crypto51.zip in place
4) Build SNACC (part of CML) using snacc_builds.dsw in the SNACC directory
5) Build SMP (part of CMP) using smp.dsw in the smp directory
6) Build yassl using yassl.dsw
**********************
examples, server and client:
Please see the server and client examples in both versions to see how to link
to yassl and the support libraries. On linux do 'make server' and 'make
client' to build them. On Windows you will find the example projects in the
main workspace, yassl.dsw.
The example server and client are compatible with openssl.
**********************
Building yassl into mysql on linux:
Testing was done using mysql version 4.0.17.
alter openssl_libs in the configure file, line 21056. Change '-lssl -lcrypto'
to '-lyassl -lcryptopp -lcmapi -lcmlasn -lctil -lc++asn1'.
see build/config_command for the configure command used to configure mysql
please change /home/touska/ to the relevant directory of course.
add yassl/lib to the LD_LIBRARY_PATH because libmysql/conf_to_src does not
use the ssl lib directory though it does use the ssl libraries.
make
make install
*********************
License: yassl is currently under the GPL, please see license information
in the source and include files.
*********************
Contact: please send comments or questions to Todd A Ouska at todd@yassl.com
and/or Larry Stefonic at larry@yassl.com.

87
extra/yassl/certs/ca-cert.pem
View File

@ -1,87 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf
+n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH
7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2
DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB
VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq
Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9a:41:47:cd:a1:14:62:8c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 11 03:20:08 2014 GMT
Not After : Apr 6 03:20:08 2017 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9A:41:47:CD:A1:14:62:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f:
fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca:
f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f:
7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4:
33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f:
ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3:
c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5:
b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a:
91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81:
54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74:
43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14:
e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9:
64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3:
bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f:
b2:b3:03:d8

27
extra/yassl/certs/ca-key.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
-----END RSA PRIVATE KEY-----

BIN
extra/yassl/certs/client-cert.der
View File

Binary file not shown.

87
extra/yassl/certs/client-cert.pem
View File

@ -1,87 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b6:63:af:8f:5d:62:57:a0
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 11 17:39:44 2014 GMT
Not After : Apr 6 17:39:44 2017 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
ba:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:B6:63:AF:8F:5D:62:57:A0
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
85:10:90:c5:5d:de:25:8c:f2:57:7b:2d:14:1c:05:f9:71:63:
40:b0:e3:c1:c1:2e:13:2a:7a:b7:d6:24:58:87:eb:03:fb:0d:
af:e0:f4:d0:c8:bc:51:36:10:4f:79:cc:4f:66:7d:af:99:cb:
7b:ce:68:94:c6:36:aa:42:6e:8c:78:5b:b2:85:ca:d1:e1:a8:
31:d1:81:d9:f9:c1:a3:9e:34:43:ef:0a:79:7d:3e:83:61:fc:
14:5c:d1:dd:bc:0e:d7:51:b7:71:6e:41:7e:8b:2c:5a:9a:cb:
77:4b:6a:f5:06:ff:02:af:1e:e6:63:4f:bc:44:d9:3f:56:9e:
09:9c:43:f9:55:21:32:46:82:09:86:a9:7b:74:1c:9e:5a:2a:
bf:03:79:91:cb:f2:29:7f:c9:15:82:89:b9:53:cd:7e:07:90:
a9:5d:76:e1:19:5e:0d:58:b8:59:d5:0d:df:23:ab:6b:63:76:
19:9e:9c:df:b0:57:49:6c:d0:86:97:c3:6c:3c:fa:e0:56:c2:
1b:e3:a1:42:1a:58:62:85:9d:74:19:83:08:af:59:90:f8:99:
bd:67:d3:4a:ea:0e:c9:ca:61:8a:0d:8a:42:cc:90:e9:2e:c2:
54:73:7f:5e:af:8d:e2:32:cb:45:20:d6:19:4d:5b:77:31:cc:
0f:2d:c0:7e
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJALZjr49dYlegMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNDA3MTExNzM5NDRaFw0xNzA0MDYxNzM5NDRaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am
NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/
Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7
9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX
11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l
TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU
M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAtmOvj11iV6AwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAhRCQxV3eJYzyV3stFBwF+XFj
QLDjwcEuEyp6t9YkWIfrA/sNr+D00Mi8UTYQT3nMT2Z9r5nLe85olMY2qkJujHhb
soXK0eGoMdGB2fnBo540Q+8KeX0+g2H8FFzR3bwO11G3cW5BfossWprLd0tq9Qb/
Aq8e5mNPvETZP1aeCZxD+VUhMkaCCYape3QcnloqvwN5kcvyKX/JFYKJuVPNfgeQ
qV124RleDVi4WdUN3yOra2N2GZ6c37BXSWzQhpfDbDz64FbCG+OhQhpYYoWddBmD
CK9ZkPiZvWfTSuoOycphig2KQsyQ6S7CVHN/Xq+N4jLLRSDWGU1bdzHMDy3Afg==
-----END CERTIFICATE-----

BIN
extra/yassl/certs/client-key.der
View File

Binary file not shown.

27
extra/yassl/certs/client-key.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
-----END RSA PRIVATE KEY-----

12
extra/yassl/certs/client-keyEnc.pem
View File

@ -1,12 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BDE979D13CCC0ABD
N7yz2JV13EmQ7MZPL5wamid5+G1V1gp8FKqMemAC5JDxonS/W9oViMLUcxbfPTDx
FznKdYSVTIQ7vv3ofmDG4MEyV/2C568N2kdtAw+jTfrZFN+IU9CI+W+In/nacirF
02sAcvDMofustnooKNOO7/iyb5+3vRvEt5vSSRQn5WuSQ9sUKjuzoLs/lbf7fyAt
4NeqfI3rYBZXxiUOLITOGXzGNRuFoY+o2uDCfelLAJ8uhiVG6ME3LeJEo1dT5lZ8
CSJOLPasKg0iG4V7olM4j9FvAfZr48RRsSfUen756Jo2HpI4bad8LKhFYIdNs2Au
WwKLmjpo6QB9hBmRshR04rEXPdrgTqLBExCE08PyaGYnWU8ggWritCeBzDQFj/n4
sI+NO0Mymuvg98e5RpO52lg3Xnqv9RIK3guLFOmI6aEHC0PS4WwOEQ==
-----END RSA PRIVATE KEY-----

12
extra/yassl/certs/client-keyEnc3.pem
View File

@ -1,12 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BDE979D13CCC0ABD
N7yz2JV13EmQ7MZPL5wamid5+G1V1gp8FKqMemAC5JDxonS/W9oViMLUcxbfPTDx
FznKdYSVTIQ7vv3ofmDG4MEyV/2C568N2kdtAw+jTfrZFN+IU9CI+W+In/nacirF
02sAcvDMofustnooKNOO7/iyb5+3vRvEt5vSSRQn5WuSQ9sUKjuzoLs/lbf7fyAt
4NeqfI3rYBZXxiUOLITOGXzGNRuFoY+o2uDCfelLAJ8uhiVG6ME3LeJEo1dT5lZ8
CSJOLPasKg0iG4V7olM4j9FvAfZr48RRsSfUen756Jo2HpI4bad8LKhFYIdNs2Au
WwKLmjpo6QB9hBmRshR04rEXPdrgTqLBExCE08PyaGYnWU8ggWritCeBzDQFj/n4
sI+NO0Mymuvg98e5RpO52lg3Xnqv9RIK3guLFOmI6aEHC0PS4WwOEQ==
-----END RSA PRIVATE KEY-----

1
extra/yassl/certs/dh1024.dat
View File

@ -1 +0,0 @@
30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102

22
extra/yassl/certs/dsa-cert.pem
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDrzCCA2+gAwIBAgIJAK1zRM7YFcNjMAkGByqGSM44BAMwgZAxCzAJBgNVBAYT
AlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRAwDgYDVQQK
DAd3b2xmU1NMMRAwDgYDVQQLDAd0ZXN0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTYwOTIy
MjEyMzA0WhcNMjIwMzE1MjEyMzA0WjCBkDELMAkGA1UEBhMCVVMxDzANBgNVBAgM
Bk9yZWdvbjERMA8GA1UEBwwIUG9ydGxhbmQxEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB3Rlc3RpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCAbgwggEsBgcqhkjOOAQBMIIBHwKB
gQC9Ue5KMuCKx+rG4epwxFFDzyoH4ccSwlglXsRdvqswDRK/oQvTNNNoWiVxTn3k
vQ8qDlhWy9KjGTrqr/ttgmh56FFpe6tz4yTgCNyR9D+eGclD7lNfdPUc4E3SA6ef
opG6+ymI55bS+9xUFTG402UCrYSKT59zI2HBfuI6dltsxQIVAJHJ7WDQ+jBn/nmM
yCQzdi+0qJx1AoGBAJJacRK36s5yGY1b6qhxWqvpoAC+SfEKylZnYWGYf2PM+Iwo
6AgPKEw6BSsX+7Nmc4Gjyr4JWhComKi6onPamO/A2CbMM0DCxb47BeLBWfqWAgXV
j0CODT4MQos5yugnviR/YpEgbzLxvrXr469lKWsAyB19/gFmGmQWcCgAwGm6A4GF
AAKBgQCdy2PPch8r0P07EOs5WG6L425P6IJ3bDKj3TVLy+Ebj04CT/3Gmgw2tFye
2pOgO0yfkIXizcDl6GT2CQuBBhUgwF6WJ4hoW1iK1UwhnupZmQ358eNFl0tJJN5v
wx2gtNxJSwIsm8VRscqqFH2092b9ScH7VjLoqhx+bgA4XV7l1aNQME4wHQYDVR0O
BBYEFCCY5ONeqOL/KqR/SwbV5Ufb/IHHMB8GA1UdIwQYMBaAFCCY5ONeqOL/KqR/
SwbV5Ufb/IHHMAwGA1UdEwQFMAMBAf8wCQYHKoZIzjgEAwMvADAsAhQRYSCVN/Ge
agV3mffU3qNZ92fI0QIUPH7Jp+iASI7U1ocaYDc10qXGaGY=
-----END CERTIFICATE-----

BIN
extra/yassl/certs/dsa1024.der
View File

Binary file not shown.

12
extra/yassl/certs/dsa1024.pem
View File

@ -1,12 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQC9Ue5KMuCKx+rG4epwxFFDzyoH4ccSwlglXsRdvqswDRK/oQvT
NNNoWiVxTn3kvQ8qDlhWy9KjGTrqr/ttgmh56FFpe6tz4yTgCNyR9D+eGclD7lNf
dPUc4E3SA6efopG6+ymI55bS+9xUFTG402UCrYSKT59zI2HBfuI6dltsxQIVAJHJ
7WDQ+jBn/nmMyCQzdi+0qJx1AoGBAJJacRK36s5yGY1b6qhxWqvpoAC+SfEKylZn
YWGYf2PM+Iwo6AgPKEw6BSsX+7Nmc4Gjyr4JWhComKi6onPamO/A2CbMM0DCxb47
BeLBWfqWAgXVj0CODT4MQos5yugnviR/YpEgbzLxvrXr469lKWsAyB19/gFmGmQW
cCgAwGm6AoGBAJ3LY89yHyvQ/TsQ6zlYbovjbk/ogndsMqPdNUvL4RuPTgJP/caa
DDa0XJ7ak6A7TJ+QheLNwOXoZPYJC4EGFSDAXpYniGhbWIrVTCGe6lmZDfnx40WX
S0kk3m/DHaC03ElLAiybxVGxyqoUfbT3Zv1JwftWMuiqHH5uADhdXuXVAhQ01VXa
Rr8IPem35lKghVKnq/kGQw==
-----END DSA PRIVATE KEY-----

173
extra/yassl/certs/server-cert.pem
View File

@ -1,173 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 11 17:20:14 2014 GMT
Not After : Apr 6 17:20:14 2017 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9A:41:47:CD:A1:14:62:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
3d:8c:70:05:5b:62:4b:bf:6c:b6:48:61:01:10:1d:5e:05:ba:
55:94:2c:ae:59:6f:97:80:5d:6c:86:ec:9a:eb:15:45:44:e4:
56:f8:75:ca:8a:45:32:f4:c7:e1:fa:f2:98:1c:91:d3:3f:e8:
0e:c9:1b:fa:e1:79:99:67:0e:0d:6b:8a:ec:1a:2c:59:c4:34:
04:8d:39:77:cd:b5:e9:60:5b:82:bf:34:ce:ed:c6:4f:3f:b4:
5c:4d:8a:b4:f4:0a:04:12:a0:56:c1:e1:33:37:a1:54:87:48:
e9:81:c2:0f:8f:6f:d3:52:4c:4c:32:4c:6b:9f:3a:04:8f:77:
5d:ad:dc:3d:2b:f2:c9:df:3c:60:5d:d8:fc:86:72:7c:3d:d0:
84:4b:8c:df:26:43:fe:c0:cc:5b:e1:36:b3:3d:32:28:a3:ef:
0c:20:d6:b1:50:39:d6:67:a9:8b:84:bc:92:34:eb:19:23:e8:
10:8f:ea:bd:18:8c:93:27:3c:74:75:8e:58:04:fa:2a:74:44:
7d:fc:4d:39:df:54:17:ba:78:e1:5d:6a:70:d3:7c:a2:80:81:
e6:19:51:91:c3:44:51:ec:bb:88:a9:53:e1:d7:a9:8c:28:f4:
21:1c:42:51:09:b4:12:6d:a0:d6:25:09:85:c6:2a:0c:af:a7:
58:e6:52:8b
-----BEGIN CERTIFICATE-----
MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx
MTcyMDE0WhcNMTcwNDA2MTcyMDE0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAPYxwBVtiS79stkhhARAdXgW6VZQsrllvl4BdbIbs
musVRUTkVvh1yopFMvTH4frymByR0z/oDskb+uF5mWcODWuK7BosWcQ0BI05d821
6WBbgr80zu3GTz+0XE2KtPQKBBKgVsHhMzehVIdI6YHCD49v01JMTDJMa586BI93
Xa3cPSvyyd88YF3Y/IZyfD3QhEuM3yZD/sDMW+E2sz0yKKPvDCDWsVA51mepi4S8
kjTrGSPoEI/qvRiMkyc8dHWOWAT6KnREffxNOd9UF7p44V1qcNN8ooCB5hlRkcNE
Uey7iKlT4depjCj0IRxCUQm0Em2g1iUJhcYqDK+nWOZSiw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9a:41:47:cd:a1:14:62:8c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 11 03:20:08 2014 GMT
Not After : Apr 6 03:20:08 2017 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9A:41:47:CD:A1:14:62:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f:
fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca:
f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f:
7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4:
33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f:
ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3:
c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5:
b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a:
91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81:
54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74:
43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14:
e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9:
64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3:
bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f:
b2:b3:03:d8
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ
MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf
+n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH
7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2
DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB
VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq
Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A==
-----END CERTIFICATE-----

27
extra/yassl/certs/server-key.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
-----END RSA PRIVATE KEY-----

30
extra/yassl/certs/server-keyEnc.pem
View File

@ -1,30 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,136C7D8A69656668
jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
-----END RSA PRIVATE KEY-----

62
extra/yassl/certs/taoCert.txt
View File

@ -1,62 +0,0 @@
***** Create a self signed cert ************
1) openssl genrsa 512 > client-key.pem
2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
-- adding metadata to beginning
3) openssl x509 -in client-cert.pem -text > tmp.pem
4) mv tmp.pem client-cert.pem
***** Create a CA, signing authority **********
same as self signed, use ca prefix instead of client
***** Create a cert signed by CA **************
1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
2) copy ca-key.pem ca-cert.srl (why ????)
3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
***** To create a dsa cert ********************
1) openssl dsaparam 512 > dsa512.param # creates group params
2) openssl gendsa dsa512.param > dsa512.pem # creates private key
3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem
***** To convert from PEM to DER **************
a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
to convert rsa private PEM to DER :
b) openssl rsa -in key.pem -outform DER -out key.der
**** To encrypt rsa key already in pem **********
a) openssl rsa <server-key.pem.bak -des >server-keyEnc.pem
note location of des, pass = yassl123
*** To make a public key from a private key ******
openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub

179
extra/yassl/examples/client/client.cpp
View File

@ -1,179 +0,0 @@
/*
Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* client.cpp */
// takes an optional command line argument of cipher list to make scripting
// easier
#include "../../testsuite/test.hpp"
//#define TEST_RESUME
void ClientError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& sockfd, const char* msg)
{
SSL_CTX_free(ctx);
SSL_free(ssl);
tcp_close(sockfd);
err_sys(msg);
}
#ifdef NON_BLOCKING
void NonBlockingSSL_Connect(SSL* ssl, SSL_CTX* ctx, SOCKET_T& sockfd)
{
int ret = SSL_connect(ssl);
int err = SSL_get_error(ssl, 0);
while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
err == SSL_ERROR_WANT_WRITE)) {
if (err == SSL_ERROR_WANT_READ)
printf("... client would read block\n");
else
printf("... client would write block\n");
#ifdef _WIN32
Sleep(1000);
#else
sleep(1);
#endif
ret = SSL_connect(ssl);
err = SSL_get_error(ssl, 0);
}
if (ret != SSL_SUCCESS)
ClientError(ctx, ssl, sockfd, "SSL_connect failed");
}
#endif
void client_test(void* args)
{
#ifdef _WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
#endif
SOCKET_T sockfd = 0;
int argc = 0;
char** argv = 0;
set_args(argc, argv, *static_cast<func_args*>(args));
tcp_connect(sockfd);
#ifdef NON_BLOCKING
tcp_set_nonblocking(sockfd);
#endif
SSL_METHOD* method = TLSv1_client_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_certs(ctx);
if (argc >= 2) {
printf("setting cipher list to %s\n", argv[1]);
if (SSL_CTX_set_cipher_list(ctx, argv[1]) != SSL_SUCCESS) {
ClientError(ctx, NULL, sockfd, "set_cipher_list error\n");
}
}
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, sockfd);
#ifdef NON_BLOCKING
NonBlockingSSL_Connect(ssl, ctx, sockfd);
#else
// if you get an error here see note at top of README
if (SSL_connect(ssl) != SSL_SUCCESS)
ClientError(ctx, ssl, sockfd, "SSL_connect failed");
#endif
showPeer(ssl);
const char* cipher = 0;
int index = 0;
char list[1024];
strncpy(list, "cipherlist", 11);
while ( (cipher = SSL_get_cipher_list(ssl, index++)) ) {
strncat(list, ":", 2);
strncat(list, cipher, strlen(cipher) + 1);
}
printf("%s\n", list);
printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));
char msg[] = "hello yassl!";
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
ClientError(ctx, ssl, sockfd, "SSL_write failed");
char reply[1024];
int input = SSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
}
#ifdef TEST_RESUME
SSL_SESSION* session = SSL_get_session(ssl);
SSL* sslResume = SSL_new(ctx);
#endif
SSL_shutdown(ssl);
SSL_free(ssl);
tcp_close(sockfd);
#ifdef TEST_RESUME
tcp_connect(sockfd);
SSL_set_fd(sslResume, sockfd);
SSL_set_session(sslResume, session);
if (SSL_connect(sslResume) != SSL_SUCCESS)
ClientError(ctx, sslResume, sockfd, "SSL_resume failed");
showPeer(sslResume);
if (SSL_write(sslResume, msg, sizeof(msg)) != sizeof(msg))
ClientError(ctx, sslResume, sockfd, "SSL_write failed");
input = SSL_read(sslResume, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
}
SSL_shutdown(sslResume);
SSL_free(sslResume);
tcp_close(sockfd);
#endif // TEST_RESUME
SSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
}
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
args.argc = argc;
args.argv = argv;
client_test(&args);
yaSSL_CleanUp();
return args.return_code;
}
#endif // NO_MAIN_DRIVER

102
extra/yassl/examples/client/client.dsp
View File

@ -1,102 +0,0 @@
# Microsoft Developer Studio Project File - Name="client" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Console Application" 0x0103
CFG=client - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
!MESSAGE NMAKE /f "client.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
!MESSAGE NMAKE /f "client.mak" CFG="client - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
!MESSAGE "client - Win32 Release" (based on "Win32 (x86) Console Application")
!MESSAGE "client - Win32 Debug" (based on "Win32 (x86) Console Application")
!MESSAGE
# Begin Project
# PROP AllowPerConfigDependencies 0
# PROP Scc_ProjName ""
# PROP Scc_LocalPath ""
CPP=cl.exe
RSC=rc.exe
!IF "$(CFG)" == "client - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir "Release"
# PROP BASE Intermediate_Dir "Release"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir "Release"
# PROP Intermediate_Dir "Release"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /MT /W3 /O2 /I "..\..\taocrypt\include" /I "..\..\include" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /machine:I386
!ELSEIF "$(CFG)" == "client - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir "Debug"
# PROP BASE Intermediate_Dir "Debug"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir "Debug"
# PROP Intermediate_Dir "Debug"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "..\..\include" /I "..\..\taocrypt\include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
!ENDIF
# Begin Target
# Name "client - Win32 Release"
# Name "client - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
# Begin Source File
SOURCE=.\client.cpp
# End Source File
# End Group
# Begin Group "Header Files"
# PROP Default_Filter "h;hpp;hxx;hm;inl"
# End Group
# Begin Group "Resource Files"
# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
# End Group
# End Target
# End Project

120
extra/yassl/examples/echoclient/echoclient.cpp
View File

@ -1,120 +0,0 @@
/*
Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* echoclient.cpp */
#include "../../testsuite/test.hpp"
void EchoClientError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& sockfd, const char* msg)
{
SSL_CTX_free(ctx);
SSL_free(ssl);
tcp_close(sockfd);
err_sys(msg);
}
void echoclient_test(void* args)
{
#ifdef _WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
#endif
SOCKET_T sockfd = 0;
int argc = 0;
char** argv = 0;
FILE* fin = stdin;
FILE* fout = stdout;
bool inCreated = false;
bool outCreated = false;
set_args(argc, argv, *static_cast<func_args*>(args));
if (argc >= 2) {
fin = fopen(argv[1], "r");
inCreated = true;
}
if (argc >= 3) {
fout = fopen(argv[2], "w");
outCreated = true;
}
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
tcp_connect(sockfd);
SSL_METHOD* method = SSLv23_client_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_certs(ctx);
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, sockfd);
if (SSL_connect(ssl) != SSL_SUCCESS)
EchoClientError(ctx, ssl, sockfd, "SSL_connect failed");
char send[1024];
char reply[1024];
while (fgets(send, sizeof(send), fin)) {
int sendSz = (int)strlen(send) + 1;
if (SSL_write(ssl, send, sendSz) != sendSz)
EchoClientError(ctx, ssl, sockfd, "SSL_write failed");
if (strncmp(send, "quit", 4) == 0) {
fputs("sending server shutdown command: quit!\n", fout);
break;
}
if (SSL_read(ssl, reply, sizeof(reply)) > 0)
fputs(reply, fout);
}
SSL_CTX_free(ctx);
SSL_free(ssl);
tcp_close(sockfd);
fflush(fout);
if (inCreated) fclose(fin);
if (outCreated) fclose(fout);
((func_args*)args)->return_code = 0;
}
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
args.argc = argc;
args.argv = argv;
echoclient_test(&args);
yaSSL_CleanUp();
return args.return_code;
}
#endif // NO_MAIN_DRIVER

102
extra/yassl/examples/echoclient/echoclient.dsp
View File

@ -1,102 +0,0 @@
# Microsoft Developer Studio Project File - Name="echoclient" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Console Application" 0x0103
CFG=echoclient - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
!MESSAGE NMAKE /f "echoclient.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
!MESSAGE NMAKE /f "echoclient.mak" CFG="echoclient - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
!MESSAGE "echoclient - Win32 Release" (based on "Win32 (x86) Console Application")
!MESSAGE "echoclient - Win32 Debug" (based on "Win32 (x86) Console Application")
!MESSAGE
# Begin Project
# PROP AllowPerConfigDependencies 0
# PROP Scc_ProjName ""
# PROP Scc_LocalPath ""
CPP=cl.exe
RSC=rc.exe
!IF "$(CFG)" == "echoclient - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir "Release"
# PROP BASE Intermediate_Dir "Release"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir "Release"
# PROP Intermediate_Dir "Release"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /MT /W3 /O2 /I "..\..\include" /I "..\..\taocrypt\include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /machine:I386
!ELSEIF "$(CFG)" == "echoclient - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir "Debug"
# PROP BASE Intermediate_Dir "Debug"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir "Debug"
# PROP Intermediate_Dir "Debug"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "..\..\include" /I "..\..\taocrypt\include" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
!ENDIF
# Begin Target
# Name "echoclient - Win32 Release"
# Name "echoclient - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
# Begin Source File
SOURCE=.\echoclient.cpp
# End Source File
# End Group
# Begin Group "Header Files"
# PROP Default_Filter "h;hpp;hxx;hm;inl"
# End Group
# Begin Group "Resource Files"
# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
# End Group
# End Target
# End Project

93
extra/yassl/examples/echoclient/input
View File

@ -1,93 +0,0 @@
/* echoclient.cpp */
#include "openssl/ssl.h" /* openssl compatibility test */
#include <stdio.h>
#include <stdlib.h>
#ifdef WIN32
#include <winsock2.h>
#else
#include <string.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#endif /* WIN32 */
void err_sys(const char* msg)
{
fputs("yassl client error: ", stderr);
fputs(msg, stderr);
exit(EXIT_FAILURE);
}
const char* loopback = "127.0.0.1";
const short yasslPort = 11111;
using namespace yaSSL;
int main(int argc, char** argv)
{
#ifdef WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
int sockfd;
#else
unsigned int sockfd;
#endif /* WIN32 */
FILE* fin = stdin;
FILE* fout = stdout;
if (argc >= 2) fin = fopen(argv[1], "r");
if (argc >= 3) fout = fopen(argv[2], "w");
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
sockaddr_in servaddr;
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(yasslPort);
servaddr.sin_addr.s_addr = inet_addr(loopback);
if (connect(sockfd, (const sockaddr*)&servaddr, sizeof(servaddr)) != 0)
err_sys("tcp connect failed");
SSL_METHOD* method = TLSv1_client_method();
SSL_CTX* ctx = SSL_CTX_new(method);
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, sockfd);
if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed");
char send[1024];
char reply[1024];
while (fgets(send, sizeof(send), fin)) {
int sendSz = strlen(send) + 1;
if (SSL_write(ssl, send, sendSz) != sendSz)
err_sys("SSL_write failed");
if (strncmp(send, "quit", 4) == 0) {
fputs("sending server shutdown command: quit!", fout);
break;
}
if (SSL_read(ssl, reply, sizeof(reply)) > 0)
fputs(reply, fout);
}
SSL_CTX_free(ctx);
SSL_free(ssl);
return 0;
}

2
extra/yassl/examples/echoclient/quit
View File

@ -1,2 +0,0 @@
quit

167
extra/yassl/examples/echoserver/echoserver.cpp
View File

@ -1,167 +0,0 @@
/*
Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* echoserver.cpp */
#include "../../testsuite/test.hpp"
#ifndef NO_MAIN_DRIVER
#define ECHO_OUT
THREAD_RETURN YASSL_API echoserver_test(void*);
int main(int argc, char** argv)
{
func_args args;
args.argc = argc;
args.argv = argv;
echoserver_test(&args);
yaSSL_CleanUp();
return args.return_code;
}
#endif // NO_MAIN_DRIVER
void EchoError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& s1, SOCKET_T& s2,
const char* msg)
{
SSL_CTX_free(ctx);
SSL_free(ssl);
tcp_close(s1);
tcp_close(s2);
err_sys(msg);
}
THREAD_RETURN YASSL_API echoserver_test(void* args)
{
#ifdef _WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
#endif
SOCKET_T sockfd = 0;
int argc = 0;
char** argv = 0;
set_args(argc, argv, *static_cast<func_args*>(args));
#ifdef ECHO_OUT
FILE* fout = stdout;
if (argc >= 2) fout = fopen(argv[1], "w");
if (!fout) err_sys("can't open output file");
#endif
tcp_listen(sockfd);
SSL_METHOD* method = SSLv23_server_method();
SSL_CTX* ctx = SSL_CTX_new(method);
set_serverCerts(ctx);
DH* dh = set_tmpDH(ctx);
bool shutdown(false);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
// signal ready to tcp_accept
func_args& server_args = *((func_args*)args);
tcp_ready& ready = *server_args.signal_;
pthread_mutex_lock(&ready.mutex_);
ready.ready_ = true;
pthread_cond_signal(&ready.cond_);
pthread_mutex_unlock(&ready.mutex_);
#endif
while (!shutdown) {
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
SOCKET_T clientfd = accept(sockfd, (sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
if (clientfd == (SOCKET_T) -1) {
SSL_CTX_free(ctx);
tcp_close(sockfd);
err_sys("tcp accept failed");
}
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
if (SSL_accept(ssl) != SSL_SUCCESS) {
printf("SSL_accept failed\n");
SSL_free(ssl);
tcp_close(clientfd);
continue;
}
char command[1024];
int echoSz(0);
while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) {
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutdown = true;
break;
}
else if ( strncmp(command, "GET", 3) == 0) {
char type[] = "HTTP/1.0 200 ok\r\nContent-type:"
" text/html\r\n\r\n";
char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
char body[] = "greetings from yaSSL\n";
char footer[] = "</body></html>\r\n\r\n";
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
strncpy(&command[echoSz], header, sizeof(header));
echoSz += sizeof(header) - 1;
strncpy(&command[echoSz], body, sizeof(body));
echoSz += sizeof(body) - 1;
strncpy(&command[echoSz], footer, sizeof(footer));
echoSz += sizeof(footer);
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
break;
}
command[echoSz] = 0;
#ifdef ECHO_OUT
fputs(command, fout);
#endif
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
}
SSL_shutdown(ssl);
SSL_free(ssl);
tcp_close(clientfd);
}
tcp_close(sockfd);
DH_free(dh);
SSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
return 0;
}

102
extra/yassl/examples/echoserver/echoserver.dsp
View File

@ -1,102 +0,0 @@
# Microsoft Developer Studio Project File - Name="echoserver" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Console Application" 0x0103
CFG=echoserver - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
!MESSAGE NMAKE /f "echoserver.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
!MESSAGE NMAKE /f "echoserver.mak" CFG="echoserver - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
!MESSAGE "echoserver - Win32 Release" (based on "Win32 (x86) Console Application")
!MESSAGE "echoserver - Win32 Debug" (based on "Win32 (x86) Console Application")
!MESSAGE
# Begin Project
# PROP AllowPerConfigDependencies 0
# PROP Scc_ProjName ""
# PROP Scc_LocalPath ""
CPP=cl.exe
RSC=rc.exe
!IF "$(CFG)" == "echoserver - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir "Release"
# PROP BASE Intermediate_Dir "Release"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir "Release"
# PROP Intermediate_Dir "Release"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /G6 /MT /W3 /O2 /I "..\..\include" /I "..\..\taocrypt\include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /machine:I386
!ELSEIF "$(CFG)" == "echoserver - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir "Debug"
# PROP BASE Intermediate_Dir "Debug"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir "Debug"
# PROP Intermediate_Dir "Debug"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "..\..\include" /I "..\..\taocrypt\include" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
!ENDIF
# Begin Target
# Name "echoserver - Win32 Release"
# Name "echoserver - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
# Begin Source File
SOURCE=.\echoserver.cpp
# End Source File
# End Group
# Begin Group "Header Files"
# PROP Default_Filter "h;hpp;hxx;hm;inl"
# End Group
# Begin Group "Resource Files"
# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
# End Group
# End Target
# End Project

155
extra/yassl/examples/server/server.cpp
View File

@ -1,155 +0,0 @@
/*
Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* server.cpp */
// takes 2 optional command line argument to make scripting
// if the first command line argument is 'n' client auth is disabled
// if the second command line argument is 'd' DSA certs are used instead of RSA
#include "../../testsuite/test.hpp"
void ServerError(SSL_CTX* ctx, SSL* ssl, SOCKET_T& sockfd, const char* msg)
{
SSL_CTX_free(ctx);
SSL_free(ssl);
tcp_close(sockfd);
err_sys(msg);
}
#ifdef NON_BLOCKING
void NonBlockingSSL_Accept(SSL* ssl, SSL_CTX* ctx, SOCKET_T& clientfd)
{
int ret = SSL_accept(ssl);
int err = SSL_get_error(ssl, 0);
while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
err == SSL_ERROR_WANT_WRITE)) {
if (err == SSL_ERROR_WANT_READ)
printf("... server would read block\n");
else
printf("... server would write block\n");
#ifdef _WIN32
Sleep(1000);
#else
sleep(1);
#endif
ret = SSL_accept(ssl);
err = SSL_get_error(ssl, 0);
}
if (ret != SSL_SUCCESS)
ServerError(ctx, ssl, clientfd, "SSL_accept failed");
}
#endif
THREAD_RETURN YASSL_API server_test(void* args)
{
#ifdef _WIN32
WSADATA wsd;
WSAStartup(0x0002, &wsd);
#endif
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
int argc = 0;
char** argv = 0;
set_args(argc, argv, *static_cast<func_args*>(args));
#ifdef SERVER_READY_FILE
set_file_ready("server_ready", *static_cast<func_args*>(args));
#endif
tcp_accept(sockfd, clientfd, *static_cast<func_args*>(args));
tcp_close(sockfd);
SSL_METHOD* method = TLSv1_server_method();
SSL_CTX* ctx = SSL_CTX_new(method);
//SSL_CTX_set_cipher_list(ctx, "RC4-SHA:RC4-MD5");
// should we disable client auth
if (argc >= 2 && argv[1][0] == 'n')
printf("disabling client auth\n");
else
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
// are we using DSA certs
if (argc >= 3 && argv[2][0] == 'd') {
printf("using DSA certs\n");
set_dsaServerCerts(ctx);
}
else {
set_serverCerts(ctx);
}
DH* dh = set_tmpDH(ctx);
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
#ifdef NON_BLOCKING
NonBlockingSSL_Accept(ssl, ctx, clientfd);
#else
if (SSL_accept(ssl) != SSL_SUCCESS)
ServerError(ctx, ssl, clientfd, "SSL_accept failed");
#endif
showPeer(ssl);
printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));
char command[1024];
int input = SSL_read(ssl, command, sizeof(command));
if (input > 0) {
command[input] = 0;
printf("First client command: %s\n", command);
}
char msg[] = "I hear you, fa shizzle!";
if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
ServerError(ctx, ssl, clientfd, "SSL_write failed");
DH_free(dh);
SSL_CTX_free(ctx);
SSL_shutdown(ssl);
SSL_free(ssl);
tcp_close(clientfd);
((func_args*)args)->return_code = 0;
return 0;
}
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
args.argc = argc;
args.argv = argv;
server_test(&args);
yaSSL_CleanUp();
return args.return_code;
}
#endif // NO_MAIN_DRIVER

109
extra/yassl/examples/server/server.dsp
View File

@ -1,109 +0,0 @@
# Microsoft Developer Studio Project File - Name="server" - Package Owner=<4>
# Microsoft Developer Studio Generated Build File, Format Version 6.00
# ** DO NOT EDIT **
# TARGTYPE "Win32 (x86) Application" 0x0101
CFG=server - Win32 Debug
!MESSAGE This is not a valid makefile. To build this project using NMAKE,
!MESSAGE use the Export Makefile command and run
!MESSAGE
!MESSAGE NMAKE /f "server.mak".
!MESSAGE
!MESSAGE You can specify a configuration when running NMAKE
!MESSAGE by defining the macro CFG on the command line. For example:
!MESSAGE
!MESSAGE NMAKE /f "server.mak" CFG="server - Win32 Debug"
!MESSAGE
!MESSAGE Possible choices for configuration are:
!MESSAGE
!MESSAGE "server - Win32 Release" (based on "Win32 (x86) Application")
!MESSAGE "server - Win32 Debug" (based on "Win32 (x86) Application")
!MESSAGE
# Begin Project
# PROP AllowPerConfigDependencies 0
# PROP Scc_ProjName ""
# PROP Scc_LocalPath ""
CPP=cl.exe
MTL=midl.exe
RSC=rc.exe
!IF "$(CFG)" == "server - Win32 Release"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 0
# PROP BASE Output_Dir "Release"
# PROP BASE Intermediate_Dir "Release"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
# PROP Output_Dir "Release"
# PROP Intermediate_Dir "Release"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
# ADD CPP /nologo /MT /W3 /O2 /I "..\..\include" /I "..\..\taocrypt\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /c
# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /machine:I386
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /machine:I386
# SUBTRACT LINK32 /pdb:none
!ELSEIF "$(CFG)" == "server - Win32 Debug"
# PROP BASE Use_MFC 0
# PROP BASE Use_Debug_Libraries 1
# PROP BASE Output_Dir "Debug"
# PROP BASE Intermediate_Dir "Debug"
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
# PROP Output_Dir "Debug"
# PROP Intermediate_Dir "Debug"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "..\..\include" /I "..\..\taocrypt\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /FR /YX /FD /GZ /c
# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
# SUBTRACT LINK32 /pdb:none /nodefaultlib
!ENDIF
# Begin Target
# Name "server - Win32 Release"
# Name "server - Win32 Debug"
# Begin Group "Source Files"
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
# Begin Source File
SOURCE=.\server.cpp
# End Source File
# End Group
# Begin Group "Header Files"
# PROP Default_Filter "h;hpp;hxx;hm;inl"
# End Group
# Begin Group "Resource Files"
# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
# End Group
# End Target
# End Project

211
extra/yassl/include/buffer.hpp
View File

@ -1,211 +0,0 @@
/*
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL buffer header defines input and output buffers to simulate streaming
* with SSL types and sockets
*/
#ifndef yaSSL_BUFFER_HPP
#define yaSSL_BUFFER_HPP
#include <assert.h> // assert
#include "yassl_types.hpp" // ysDelete
#include "memory.hpp" // mySTL::auto_ptr
#include STL_ALGORITHM_FILE
namespace STL = STL_NAMESPACE;
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
namespace yaSSL {
typedef unsigned char byte;
typedef unsigned int uint;
const uint AUTO = 0xFEEDBEEF;
struct NoCheck {
int check(uint, uint);
};
struct Check {
int check(uint, uint);
};
/* input_buffer operates like a smart c style array with a checking option,
* meant to be read from through [] with AUTO index or read().
* Should only write to at/near construction with assign() or raw (e.g., recv)
* followed by add_size with the number of elements added by raw write.
*
* Not using vector because need checked []access, offset, and the ability to
* write to the buffer bulk wise and have the correct size
*/
class input_buffer : public Check {
uint size_; // number of elements in buffer
uint current_; // current offset position in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
int error_; // error number
byte zero_; // for returning const reference to zero byte
public:
input_buffer();
explicit input_buffer(uint s);
// with assign
input_buffer(uint s, const byte* t, uint len);
~input_buffer();
// users can pass defualt zero length buffer and then allocate
void allocate(uint s);
// for passing to raw writing functions at beginning, then use add_size
byte* get_buffer() const;
// after a raw write user can set new size
// if you know the size before the write use assign()
void add_size(uint i);
uint get_capacity() const;
uint get_current() const;
uint get_size() const;
uint get_remaining() const;
int get_error() const;
void set_error();
void set_current(uint i);
// read only access through [], advance current
// user passes in AUTO index for ease of use
const byte& operator[](uint i);
// end of input test
bool eof();
// peek ahead
byte peek();
// write function, should use at/near construction
void assign(const byte* t, uint s);
// use read to query input, adjusts current
void read(byte* dst, uint length);
private:
input_buffer(const input_buffer&); // hide copy
input_buffer& operator=(const input_buffer&); // and assign
};
/* output_buffer operates like a smart c style array with a checking option.
* Meant to be written to through [] with AUTO index or write().
* Size (current) counter increases when written to. Can be constructed with
* zero length buffer but be sure to allocate before first use.
* Don't use add write for a couple bytes, use [] instead, way less overhead.
*
* Not using vector because need checked []access and the ability to
* write to the buffer bulk wise and retain correct size
*/
class output_buffer : public NoCheck {
uint current_; // current offset and elements in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
public:
// default
output_buffer();
// with allocate
explicit output_buffer(uint s);
// with assign
output_buffer(uint s, const byte* t, uint len);
~output_buffer();
uint get_size() const;
uint get_capacity() const;
void set_current(uint c);
// users can pass defualt zero length buffer and then allocate
void allocate(uint s);
// for passing to reading functions when finished
const byte* get_buffer() const;
// allow write access through [], update current
// user passes in AUTO as index for ease of use
byte& operator[](uint i);
// end of output test
bool eof();
void write(const byte* t, uint s);
private:
output_buffer(const output_buffer&); // hide copy
output_buffer& operator=(const output_buffer&); // and assign
};
// turn delete an incomplete type into comipler error instead of warning
template <typename T>
inline void checked_delete(T* p)
{
typedef char complete_type[sizeof(T) ? 1 : -1];
(void)sizeof(complete_type);
ysDelete(p);
}
// checked delete functor increases effeciency, no indirection on function call
// sets pointer to zero so safe for std conatiners
struct del_ptr_zero
{
template <typename T>
void operator()(T*& p) const
{
T* tmp = 0;
STL::swap(tmp, p);
checked_delete(tmp);
}
};
} // naemspace
#endif // yaSSL_BUUFER_HPP

137
extra/yassl/include/cert_wrapper.hpp
View File

@ -1,137 +0,0 @@
/*
Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The certificate wrapper header defines certificate management functions
*
*/
#ifndef yaSSL_CERT_WRAPPER_HPP
#define yaSSL_CERT_WRAPPER_HPP
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
#include "yassl_types.hpp" // SignatureAlgorithm
#include "buffer.hpp" // input_buffer
#include "asn.hpp" // SignerList
#include "openssl/ssl.h" // internal and external use
#include STL_LIST_FILE
#include STL_ALGORITHM_FILE
namespace STL = STL_NAMESPACE;
namespace yaSSL {
typedef unsigned char opaque;
class X509; // forward openSSL type
using TaoCrypt::SignerList;
// an x509 version 3 certificate
class x509 {
uint length_;
opaque* buffer_;
public:
explicit x509(uint sz);
~x509();
uint get_length() const;
const opaque* get_buffer() const;
opaque* use_buffer();
x509(const x509&);
x509& operator=(const x509&);
private:
void Swap(x509&);
};
// Certificate Manager keeps a list of the cert chain and public key
class CertManager {
typedef STL::list<x509*> CertList;
CertList list_; // self
input_buffer privateKey_;
CertList peerList_; // peer
input_buffer peerPublicKey_;
X509* peerX509_; // peer's openSSL X509
X509* selfX509_; // our own openSSL X509
SignatureAlgorithm keyType_; // self key type
SignatureAlgorithm peerKeyType_; // peer's key type
SignerList signers_; // decoded CA keys and names
// plus verified chained certs
bool verifyPeer_;
bool verifyNone_; // no error if verify fails
bool failNoCert_;
bool sendVerify_;
bool sendBlankCert_;
VerifyCallback verifyCallback_; // user verify callback
public:
CertManager();
~CertManager();
void AddPeerCert(x509* x); // take ownership
void CopySelfCert(const x509* x);
int CopyCaCert(const x509* x);
int Validate();
int SetPrivateKey(const x509&);
const x509* get_cert() const;
const opaque* get_peerKey() const;
const opaque* get_privateKey() const;
X509* get_peerX509() const;
X509* get_selfX509() const;
SignatureAlgorithm get_keyType() const;
SignatureAlgorithm get_peerKeyType() const;
uint get_peerKeyLength() const;
uint get_privateKeyLength() const;
bool verifyPeer() const;
bool verifyNone() const;
bool failNoCert() const;
bool sendVerify() const;
bool sendBlankCert() const;
void setVerifyPeer();
void setVerifyNone();
void setFailNoCert();
void setSendVerify();
void setSendBlankCert();
void setPeerX509(X509*);
void setVerifyCallback(VerifyCallback);
private:
CertManager(const CertManager&); // hide copy
CertManager& operator=(const CertManager&); // and assigin
};
} // naemspace
#endif // yaSSL_CERT_WRAPPER_HPP

429
extra/yassl/include/crypto_wrapper.hpp
View File

@ -1,429 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The crypto wrapper header is used to define policies for the cipher
* components used by SSL. There are 3 policies to consider:
*
* 1) MAC, the Message Authentication Code used for each Message
* 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message
* 3) Atuhentication, the Digitial Signing/Verifiaction scheme used
*
* This header doesn't rely on a specific crypto libraries internals,
* only the implementation should.
*/
#ifndef yaSSL_CRYPTO_WRAPPER_HPP
#define yaSSL_CRYPTO_WRAPPER_HPP
#include "yassl_types.hpp"
#include <stdio.h> // FILE
namespace yaSSL {
// Digest policy should implement a get_digest, update, and get sizes for pad
// and digest
struct Digest : public virtual_base {
virtual void get_digest(byte*) = 0;
virtual void get_digest(byte*, const byte*, unsigned int) = 0;
virtual void update(const byte*, unsigned int) = 0;
virtual uint get_digestSize() const = 0;
virtual uint get_padSize() const = 0;
virtual ~Digest() {}
};
// For use with NULL Digests
struct NO_MAC : public Digest {
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
};
// MD5 Digest
class MD5 : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
MD5();
~MD5();
MD5(const MD5&);
MD5& operator=(const MD5&);
private:
struct MD5Impl;
MD5Impl* pimpl_;
};
// SHA-1 Digest
class SHA : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
SHA();
~SHA();
SHA(const SHA&);
SHA& operator=(const SHA&);
private:
struct SHAImpl;
SHAImpl* pimpl_;
};
// RIPEMD-160 Digest
class RMD : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
RMD();
~RMD();
RMD(const RMD&);
RMD& operator=(const RMD&);
private:
struct RMDImpl;
RMDImpl* pimpl_;
};
// HMAC_MD5
class HMAC_MD5 : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_MD5(const byte*, unsigned int);
~HMAC_MD5();
private:
struct HMAC_MD5Impl;
HMAC_MD5Impl* pimpl_;
HMAC_MD5(const HMAC_MD5&);
HMAC_MD5& operator=(const HMAC_MD5&);
};
// HMAC_SHA-1
class HMAC_SHA : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_SHA(const byte*, unsigned int);
~HMAC_SHA();
private:
struct HMAC_SHAImpl;
HMAC_SHAImpl* pimpl_;
HMAC_SHA(const HMAC_SHA&);
HMAC_SHA& operator=(const HMAC_SHA&);
};
// HMAC_RMD
class HMAC_RMD : public Digest {
public:
void get_digest(byte*);
void get_digest(byte*, const byte*, unsigned int);
void update(const byte*, unsigned int);
uint get_digestSize() const;
uint get_padSize() const;
HMAC_RMD(const byte*, unsigned int);
~HMAC_RMD();
private:
struct HMAC_RMDImpl;
HMAC_RMDImpl* pimpl_;
HMAC_RMD(const HMAC_RMD&);
HMAC_RMD& operator=(const HMAC_RMD&);
};
// BulkCipher policy should implement encrypt, decrypt, get block size,
// and set keys for encrypt and decrypt
struct BulkCipher : public virtual_base {
virtual void encrypt(byte*, const byte*, unsigned int) = 0;
virtual void decrypt(byte*, const byte*, unsigned int) = 0;
virtual void set_encryptKey(const byte*, const byte* = 0) = 0;
virtual void set_decryptKey(const byte*, const byte* = 0) = 0;
virtual uint get_blockSize() const = 0;
virtual int get_keySize() const = 0;
virtual int get_ivSize() const = 0;
virtual ~BulkCipher() {}
};
// For use with NULL Ciphers
struct NO_Cipher : public BulkCipher {
void encrypt(byte*, const byte*, unsigned int) {}
void decrypt(byte*, const byte*, unsigned int) {}
void set_encryptKey(const byte*, const byte*) {}
void set_decryptKey(const byte*, const byte*) {}
uint get_blockSize() const { return 0; }
int get_keySize() const { return 0; }
int get_ivSize() const { return 0; }
};
// SSLv3 and TLSv1 always use DES in CBC mode so IV is required
class DES : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return DES_BLOCK; }
int get_keySize() const { return DES_KEY_SZ; }
int get_ivSize() const { return DES_IV_SZ; }
DES();
~DES();
private:
struct DESImpl;
DESImpl* pimpl_;
DES(const DES&); // hide copy
DES& operator=(const DES&); // & assign
};
// 3DES Encrypt-Decrypt-Encrypt in CBC mode
class DES_EDE : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return DES_BLOCK; }
int get_keySize() const { return DES_EDE_KEY_SZ; }
int get_ivSize() const { return DES_IV_SZ; }
DES_EDE();
~DES_EDE();
private:
struct DES_EDEImpl;
DES_EDEImpl* pimpl_;
DES_EDE(const DES_EDE&); // hide copy
DES_EDE& operator=(const DES_EDE&); // & assign
};
// Alledged RC4
class RC4 : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return 0; }
int get_keySize() const { return RC4_KEY_SZ; }
int get_ivSize() const { return 0; }
RC4();
~RC4();
private:
struct RC4Impl;
RC4Impl* pimpl_;
RC4(const RC4&); // hide copy
RC4& operator=(const RC4&); // & assign
};
// AES
class AES : public BulkCipher {
public:
void encrypt(byte*, const byte*, unsigned int);
void decrypt(byte*, const byte*, unsigned int);
void set_encryptKey(const byte*, const byte*);
void set_decryptKey(const byte*, const byte*);
uint get_blockSize() const { return AES_BLOCK_SZ; }
int get_keySize() const;
int get_ivSize() const { return AES_IV_SZ; }
explicit AES(unsigned int = AES_128_KEY_SZ);
~AES();
private:
struct AESImpl;
AESImpl* pimpl_;
AES(const AES&); // hide copy
AES& operator=(const AES&); // & assign
};
// Random number generator
class RandomPool {
public:
void Fill(opaque* dst, uint sz) const;
RandomPool();
~RandomPool();
int GetError() const;
friend class RSA;
friend class DSS;
friend class DiffieHellman;
private:
struct RandomImpl;
RandomImpl* pimpl_;
RandomPool(const RandomPool&); // hide copy
RandomPool& operator=(const RandomPool&); // & assign
};
// Authentication policy should implement sign, and verify
struct Auth : public virtual_base {
virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0;
virtual bool verify(const byte*, unsigned int, const byte*,
unsigned int) = 0;
virtual uint get_signatureLength() const = 0;
virtual ~Auth() {}
};
// For use with NULL Authentication schemes
struct NO_Auth : public Auth {
void sign(byte*, const byte*, unsigned int, const RandomPool&) {}
bool verify(const byte*, unsigned int, const byte*, unsigned int)
{ return true; }
};
// Digitial Signature Standard scheme
class DSS : public Auth {
public:
void sign(byte*, const byte*, unsigned int, const RandomPool&);
bool verify(const byte*, unsigned int, const byte*, unsigned int);
uint get_signatureLength() const;
DSS(const byte*, unsigned int, bool publicKey = true);
~DSS();
private:
struct DSSImpl;
DSSImpl* pimpl_;
DSS(const DSS&);
DSS& operator=(const DSS&);
};
// RSA Authentication and exchange
class RSA : public Auth {
public:
void sign(byte*, const byte*, unsigned int, const RandomPool&);
bool verify(const byte*, unsigned int, const byte*, unsigned int);
void encrypt(byte*, const byte*, unsigned int, const RandomPool&);
void decrypt(byte*, const byte*, unsigned int, const RandomPool&);
uint get_signatureLength() const;
uint get_cipherLength() const;
RSA(const byte*, unsigned int, bool publicKey = true);
~RSA();
private:
struct RSAImpl;
RSAImpl* pimpl_;
RSA(const RSA&); // hide copy
RSA& operator=(const RSA&); // & assing
};
class Integer;
// Diffie-Hellman agreement
// hide for now TODO: figure out a way to give access to C clients p and g args
class DiffieHellman {
public:
DiffieHellman(const byte*, unsigned int, const byte*, unsigned int,
const byte*, unsigned int, const RandomPool& random);
//DiffieHellman(const char*, const RandomPool&);
DiffieHellman(const Integer&, const Integer&, const RandomPool&);
~DiffieHellman();
DiffieHellman(const DiffieHellman&);
DiffieHellman& operator=(const DiffieHellman&);
uint get_agreedKeyLength() const;
const byte* get_agreedKey() const;
uint get_publicKeyLength() const;
const byte* get_publicKey() const;
void makeAgreement(const byte*, unsigned int);
void set_sizes(int&, int&, int&) const;
void get_parms(byte*, byte*, byte*) const;
private:
struct DHImpl;
DHImpl* pimpl_;
};
// Lagrge Integer
class Integer {
public:
Integer();
~Integer();
Integer(const Integer&);
Integer& operator=(const Integer&);
void assign(const byte*, unsigned int);
friend class DiffieHellman;
private:
struct IntegerImpl;
IntegerImpl* pimpl_;
};
class x509;
struct EncryptedInfo {
enum { IV_SZ = 32, NAME_SZ = 80 };
char name[NAME_SZ]; // max one line
byte iv[IV_SZ]; // in base16 rep
uint ivSz;
bool set;
EncryptedInfo() : ivSz(0), set(false) {}
};
x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0);
} // naemspace
#endif // yaSSL_CRYPTO_WRAPPER_HPP

102
extra/yassl/include/factory.hpp
View File

@ -1,102 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The factory header defines an Object Factory, used by SSL message and
* handshake types.
*
* See Desgin Pattern in GoF and Alexandrescu's chapter in Modern C++ Design,
* page 208
*/
#ifndef yaSSL_FACTORY_HPP
#define yaSSL_FACTORY_HPP
#include STL_VECTOR_FILE
#include STL_PAIR_FILE
namespace STL = STL_NAMESPACE;
namespace yaSSL {
// Factory uses its callback map to create objects by id,
// returning an abstract base pointer
template<class AbstractProduct,
typename IdentifierType = int,
typename ProductCreator = AbstractProduct* (*)()
>
class Factory {
typedef STL::pair<IdentifierType, ProductCreator> CallBack;
typedef STL::vector<CallBack> CallBackVector;
CallBackVector callbacks_;
public:
// pass function pointer to register all callbacks upon creation
explicit Factory(void (*init)(Factory<AbstractProduct, IdentifierType,
ProductCreator>&))
{
init(*this);
}
// reserve place in vector before registering, used by init funcion
void Reserve(size_t sz)
{
callbacks_.reserve(sz);
}
// register callback
void Register(const IdentifierType& id, ProductCreator pc)
{
callbacks_.push_back(STL::make_pair(id, pc));
}
// THE Creator, returns a new object of the proper type or 0
AbstractProduct* CreateObject(const IdentifierType& id) const
{
typedef typename STL::vector<CallBack>::const_iterator cIter;
cIter first = callbacks_.begin();
cIter last = callbacks_.end();
while (first != last) {
if (first->first == id)
break;
++first;
}
if (first == callbacks_.end())
return 0;
return (first->second)();
}
private:
Factory(const Factory&); // hide copy
Factory& operator=(const Factory&); // and assign
};
} // naemspace
#endif // yaSSL_FACTORY_HPP

70
extra/yassl/include/handshake.hpp
View File

@ -1,70 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The handshake header declares function prototypes for creating and reading
* the various handshake messages.
*/
#ifndef yaSSL_HANDSHAKE_HPP
#define yaSSL_HANDSHAKE_HPP
#include "yassl_types.hpp"
namespace yaSSL {
// forward decls
class SSL;
class Finished;
class Data;
class Alert;
struct Hashes;
enum BufferOutput { buffered, unbuffered };
void sendClientHello(SSL&);
void sendServerHello(SSL&, BufferOutput = buffered);
void sendServerHelloDone(SSL&, BufferOutput = buffered);
void sendClientKeyExchange(SSL&, BufferOutput = buffered);
void sendServerKeyExchange(SSL&, BufferOutput = buffered);
void sendChangeCipher(SSL&, BufferOutput = buffered);
void sendFinished(SSL&, ConnectionEnd, BufferOutput = buffered);
void sendCertificate(SSL&, BufferOutput = buffered);
void sendCertificateRequest(SSL&, BufferOutput = buffered);
void sendCertificateVerify(SSL&, BufferOutput = buffered);
int sendData(SSL&, const void*, int);
int sendAlert(SSL& ssl, const Alert& alert);
int receiveData(SSL&, Data&, bool peek = false);
void processReply(SSL&);
void buildFinished(SSL&, Finished&, const opaque*);
void build_certHashes(SSL&, Hashes&);
void hmac(SSL&, byte*, const byte*, uint, ContentType, bool verify = false);
void TLS_hmac(SSL&, byte*, const byte*, uint, ContentType,
bool verify = false);
void PRF(byte* digest, uint digLen, const byte* secret, uint secLen,
const byte* label, uint labLen, const byte* seed, uint seedLen);
} // naemspace
#endif // yaSSL_HANDSHAKE_HPP

96
extra/yassl/include/lock.hpp
View File

@ -1,96 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks
* automatically upon exit, no-ops provided for Single Threaded
*/
#ifndef yaSSL_LOCK_HPP
#define yaSSL_LOCK_HPP
/*
Visual Studio Source Annotations header (sourceannotations.h) fails
to compile if outside of the global namespace.
*/
#ifdef MULTI_THREADED
#ifdef _WIN32
#include <windows.h>
#endif
#endif
namespace yaSSL {
#ifdef MULTI_THREADED
#ifdef _WIN32
#include <windows.h>
class Mutex {
CRITICAL_SECTION cs_;
public:
Mutex();
~Mutex();
class Lock;
friend class Lock;
class Lock {
Mutex& mutex_;
public:
explicit Lock(Mutex& lm);
~Lock();
};
};
#else // _WIN32
#include <pthread.h>
class Mutex {
pthread_mutex_t mutex_;
public:
Mutex();
~Mutex();
class Lock;
friend class Lock;
class Lock {
Mutex& mutex_;
public:
explicit Lock(Mutex& lm);
~Lock();
};
};
#endif // _WIN32
#else // MULTI_THREADED (WE'RE SINGLE)
class Mutex {
public:
class Lock {
public:
explicit Lock(Mutex&) {}
};
};
#endif // MULTI_THREADED
} // namespace
#endif // yaSSL_LOCK_HPP

56
extra/yassl/include/log.hpp
View File

@ -1,56 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL log interface
*
*/
#ifndef yaSSL_LOG_HPP
#define yaSSL_LOG_HPP
#include "socket_wrapper.hpp"
#ifdef YASSL_LOG
#include <stdio.h>
#endif
namespace yaSSL {
typedef unsigned int uint;
// Debug logger
class Log {
#ifdef YASSL_LOG
FILE* log_;
#endif
public:
explicit Log(const char* str = "yaSSL.log");
~Log();
void Trace(const char*);
void ShowTCP(socket_t, bool ended = false);
void ShowData(uint, bool sent = false);
};
} // naemspace
#endif // yaSSL_LOG_HPP

37
extra/yassl/include/openssl/crypto.h
View File

@ -1,37 +0,0 @@
/*
Copyright (C) 2005, 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* crypto.h for openSSL */
#ifndef yaSSL_crypto_h__
#define yaSSL_crypto_h__
#ifdef YASSL_PREFIX
#include "prefix_crypto.h"
#endif
const char* SSLeay_version(int type);
#define SSLEAY_NUMBER_DEFINED
#define SSLEAY_VERSION 0x0900L
#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
#endif /* yaSSL_crypto_h__ */

20
extra/yassl/include/openssl/des.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2005 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* des.h for openssl */

20
extra/yassl/include/openssl/des_old.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* des_old.h for openvn */

24
extra/yassl/include/openssl/engine.h
View File

@ -1,24 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* engine.h for libcurl */
#undef HAVE_OPENSSL_ENGINE_H

27
extra/yassl/include/openssl/err.h
View File

@ -1,27 +0,0 @@
/*
Copyright (C) 2005, 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* err.h for openssl */
#ifndef yaSSL_err_h__
#define yaSSL_err_h__
#endif /* yaSSL_err_h__ */

29
extra/yassl/include/openssl/evp.h
View File

@ -1,29 +0,0 @@
/*
Copyright (C) 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* evp.h for openSSL */
#ifndef SSLEAY_NUMBER_DEFINED
#define SSLEAY_NUMBER_DEFINED
/* for OpenVPN */
#define SSLEAY_VERSION_NUMBER 0x0090700f
#endif /* SSLEAY_NUMBER_DEFINED */

62
extra/yassl/include/openssl/generate_prefix_files.pl
View File

@ -1,62 +0,0 @@
#!/usr/bin/perl
# Copyright (C) 2006 MySQL AB
# Use is subject to license terms
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
#
# This script generates defines for all functions
# in yassl/include/openssl/ so they are renamed to
# ya<old_function_name>. Hopefully that is unique enough.
#
# The script is to be run manually when we import
# a new version of yaSSL
#
# Find all functions in "input" and add macros
# to prefix/rename them into "output
sub generate_prefix($$)
{
my $input= shift;
my $output= shift;
open(IN, $input)
or die("Can't open input file $input: $!");
open(OUT, ">", $output)
or mtr_error("Can't open output file $output: $!");
while (<IN>)
{
chomp;
if ( /typedef/ )
{
next;
}
if ( /^\s*[a-zA-Z0-9*_ ]+\s+\*?([_a-zA-Z0-9]+)\s*\(/ )
{
print OUT "#define $1 ya$1\n";
}
}
close OUT;
close IN;
}
generate_prefix("ssl.h", "prefix_ssl.h");
generate_prefix("crypto.h", "prefix_crypto.h");

20
extra/yassl/include/openssl/hmac.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* hmac.h for openvpn */

21
extra/yassl/include/openssl/lhash.h
View File

@ -1,21 +0,0 @@
/*
Copyright (C) 2005 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* lhash.h for openSSL */

20
extra/yassl/include/openssl/md4.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* md4.h for libcurl */

23
extra/yassl/include/openssl/md5.h
View File

@ -1,23 +0,0 @@
/*
Copyright (C) 2005, 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* md5.h for openssl */
#include "ssl.h" /* in there for now */

20
extra/yassl/include/openssl/objects.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* objects.h for openvpn */

31
extra/yassl/include/openssl/opensslv.h
View File

@ -1,31 +0,0 @@
/*
Copyright (C) 2005 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* opensslv.h compatibility */
#ifndef yaSSL_opensslv_h__
#define yaSSL_opensslv_h__
/* api version compatibility */
#define OPENSSL_VERSION_NUMBER 0x0090700f
#endif /* yaSSLopensslv_h__ */

20
extra/yassl/include/openssl/pem.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* pem.h for libcurl */

24
extra/yassl/include/openssl/pkcs12.h
View File

@ -1,24 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* pkcs12.h for libcurl */
#undef HAVE_OPENSSL_PKCS12_H

20
extra/yassl/include/openssl/prefix_crypto.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
#define SSLeay_version yaSSLeay_version

188
extra/yassl/include/openssl/prefix_ssl.h
View File

@ -1,188 +0,0 @@
/*
Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
#define Copyright yaCopyright
#define yaSSL_CleanUp yayaSSL_CleanUp
#define BN_bin2bn yaBN_bin2bn
#define DH_new yaDH_new
#define DH_free yaDH_free
#define RSA_free yaRSA_free
#define RSA_generate_key yaRSA_generate_key
#define X509_free yaX509_free
#define X509_STORE_CTX_get_current_cert yaX509_STORE_CTX_get_current_cert
#define X509_STORE_CTX_get_error yaX509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth yaX509_STORE_CTX_get_error_depth
#define X509_NAME_oneline yaX509_NAME_oneline
#define X509_get_issuer_name yaX509_get_issuer_name
#define X509_get_subject_name yaX509_get_subject_name
#define X509_verify_cert_error_string yaX509_verify_cert_error_string
#define X509_LOOKUP_add_dir yaX509_LOOKUP_add_dir
#define X509_LOOKUP_load_file yaX509_LOOKUP_load_file
#define X509_LOOKUP_hash_dir yaX509_LOOKUP_hash_dir
#define X509_LOOKUP_file yaX509_LOOKUP_file
#define X509_STORE_add_lookup yaX509_STORE_add_lookup
#define X509_STORE_new yaX509_STORE_new
#define X509_STORE_get_by_subject yaX509_STORE_get_by_subject
#define ERR_get_error_line_data yaERR_get_error_line_data
#define ERR_print_errors_fp yaERR_print_errors_fp
#define ERR_error_string yaERR_error_string
#define ERR_remove_state yaERR_remove_state
#define ERR_get_error yaERR_get_error
#define ERR_peek_error yaERR_peek_error
#define ERR_GET_REASON yaERR_GET_REASON
#define SSL_CTX_new yaSSL_CTX_new
#define SSL_new yaSSL_new
#define SSL_set_fd yaSSL_set_fd
#define SSL_get_fd yaSSL_get_fd
#define SSL_connect yaSSL_connect
#define SSL_write yaSSL_write
#define SSL_read yaSSL_read
#define SSL_accept yaSSL_accept
#define SSL_CTX_free yaSSL_CTX_free
#define SSL_free yaSSL_free
#define SSL_clear yaSSL_clear
#define SSL_shutdown yaSSL_shutdown
#define SSL_set_connect_state yaSSL_set_connect_state
#define SSL_set_accept_state yaSSL_set_accept_state
#define SSL_do_handshake yaSSL_do_handshake
#define SSL_get_cipher yaSSL_get_cipher
#define SSL_get_cipher_name yaSSL_get_cipher_name
#define SSL_get_shared_ciphers yaSSL_get_shared_ciphers
#define SSL_get_cipher_list yaSSL_get_cipher_list
#define SSL_get_version yaSSL_get_version
#define SSLeay_version yaSSLeay_version
#define SSL_get_error yaSSL_get_error
#define SSL_load_error_strings yaSSL_load_error_strings
#define SSL_set_session yaSSL_set_session
#define SSL_get_session yaSSL_get_session
#define SSL_flush_sessions yaSSL_flush_sessions
#define SSL_SESSION_set_timeout yaSSL_SESSION_set_timeout
#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode
#define SSL_get_peer_certificate yaSSL_get_peer_certificate
#define SSL_get_verify_result yaSSL_get_verify_result
#define SSL_CTX_set_verify yaSSL_CTX_set_verify
#define SSL_CTX_load_verify_locations yaSSL_CTX_load_verify_locations
#define SSL_CTX_set_default_verify_paths yaSSL_CTX_set_default_verify_paths
#define SSL_CTX_check_private_key yaSSL_CTX_check_private_key
#define SSL_CTX_set_session_id_context yaSSL_CTX_set_session_id_context
#define SSL_CTX_set_tmp_rsa_callback yaSSL_CTX_set_tmp_rsa_callback
#define SSL_CTX_set_options yaSSL_CTX_set_options
#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_timeout yaSSL_CTX_set_timeout
#define SSL_CTX_use_certificate_chain_file yaSSL_CTX_use_certificate_chain_file
#define SSL_CTX_set_default_passwd_cb yaSSL_CTX_set_default_passwd_cb
#define SSL_CTX_use_RSAPrivateKey_file yaSSL_CTX_use_RSAPrivateKey_file
#define SSL_CTX_set_info_callback yaSSL_CTX_set_info_callback
#define SSL_CTX_sess_accept yaSSL_CTX_sess_accept
#define SSL_CTX_sess_connect yaSSL_CTX_sess_connect
#define SSL_CTX_sess_accept_good yaSSL_CTX_sess_accept_good
#define SSL_CTX_sess_connect_good yaSSL_CTX_sess_connect_good
#define SSL_CTX_sess_accept_renegotiate yaSSL_CTX_sess_accept_renegotiate
#define SSL_CTX_sess_connect_renegotiate yaSSL_CTX_sess_connect_renegotiate
#define SSL_CTX_sess_hits yaSSL_CTX_sess_hits
#define SSL_CTX_sess_cb_hits yaSSL_CTX_sess_cb_hits
#define SSL_CTX_sess_cache_full yaSSL_CTX_sess_cache_full
#define SSL_CTX_sess_misses yaSSL_CTX_sess_misses
#define SSL_CTX_sess_timeouts yaSSL_CTX_sess_timeouts
#define SSL_CTX_sess_number yaSSL_CTX_sess_number
#define SSL_CTX_sess_get_cache_size yaSSL_CTX_sess_get_cache_size
#define SSL_CTX_get_verify_mode yaSSL_CTX_get_verify_mode
#define SSL_get_verify_mode yaSSL_get_verify_mode
#define SSL_CTX_get_verify_depth yaSSL_CTX_get_verify_depth
#define SSL_get_verify_depth yaSSL_get_verify_depth
#define SSL_get_default_timeout yaSSL_get_default_timeout
#define SSL_CTX_get_session_cache_mode yaSSL_CTX_get_session_cache_mode
#define SSL_session_reused yaSSL_session_reused
#define SSL_set_rfd yaSSL_set_rfd
#define SSL_set_wfd yaSSL_set_wfd
#define SSL_set_shutdown yaSSL_set_shutdown
#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
#define SSL_want_read yaSSL_want_read
#define SSL_want_write yaSSL_want_write
#define SSL_pending yaSSL_pending
#define SSLv3_method yaSSLv3_method
#define SSLv3_server_method yaSSLv3_server_method
#define SSLv3_client_method yaSSLv3_client_method
#define TLSv1_server_method yaTLSv1_server_method
#define TLSv1_client_method yaTLSv1_client_method
#define TLSv1_1_server_method yaTLSv1_1_server_method
#define TLSv1_1_client_method yaTLSv1_1_client_method
#define SSLv23_server_method yaSSLv23_server_method
#define SSL_CTX_use_certificate_file yaSSL_CTX_use_certificate_file
#define SSL_CTX_use_PrivateKey_file yaSSL_CTX_use_PrivateKey_file
#define SSL_CTX_set_cipher_list yaSSL_CTX_set_cipher_list
#define SSL_CTX_sess_set_cache_size yaSSL_CTX_sess_set_cache_size
#define SSL_CTX_set_tmp_dh yaSSL_CTX_set_tmp_dh
#define OpenSSL_add_all_algorithms yaOpenSSL_add_all_algorithms
#define SSL_library_init yaSSL_library_init
#define SSLeay_add_ssl_algorithms yaSSLeay_add_ssl_algorithms
#define SSL_get_current_cipher yaSSL_get_current_cipher
#define SSL_CIPHER_description yaSSL_CIPHER_description
#define SSL_alert_type_string_long yaSSL_alert_type_string_long
#define SSL_alert_desc_string_long yaSSL_alert_desc_string_long
#define SSL_state_string_long yaSSL_state_string_long
#define EVP_md5 yaEVP_md5
#define EVP_des_ede3_cbc yaEVP_des_ede3_cbc
#define EVP_BytesToKey yaEVP_BytesToKey
#define DES_set_key_unchecked yaDES_set_key_unchecked
#define DES_ede3_cbc_encrypt yaDES_ede3_cbc_encrypt
#define RAND_screen yaRAND_screen
#define RAND_file_name yaRAND_file_name
#define RAND_write_file yaRAND_write_file
#define RAND_load_file yaRAND_load_file
#define RAND_status yaRAND_status
#define RAND_bytes yaRAND_bytes
#define DES_set_key yaDES_set_key
#define DES_set_odd_parity yaDES_set_odd_parity
#define DES_ecb_encrypt yaDES_ecb_encrypt
#define SSL_CTX_set_default_passwd_cb_userdata yaSSL_CTX_set_default_passwd_cb_userdata
#define SSL_SESSION_free yaSSL_SESSION_free
#define SSL_peek yaSSL_peek
#define SSL_get_certificate yaSSL_get_certificate
#define SSL_get_privatekey yaSSL_get_privatekey
#define X509_get_pubkey yaX509_get_pubkey
#define EVP_PKEY_copy_parameters yaEVP_PKEY_copy_parameters
#define EVP_PKEY_free yaEVP_PKEY_free
#define ERR_error_string_n yaERR_error_string_n
#define ERR_free_strings yaERR_free_strings
#define EVP_cleanup yaEVP_cleanup
#define X509_get_ext_d2i yaX509_get_ext_d2i
#define GENERAL_NAMES_free yaGENERAL_NAMES_free
#define sk_GENERAL_NAME_num yask_GENERAL_NAME_num
#define sk_GENERAL_NAME_value yask_GENERAL_NAME_value
#define ASN1_STRING_data yaASN1_STRING_data
#define ASN1_STRING_length yaASN1_STRING_length
#define ASN1_STRING_type yaASN1_STRING_type
#define X509_NAME_get_index_by_NID yaX509_NAME_get_index_by_NID
#define X509_NAME_ENTRY_get_data yaX509_NAME_ENTRY_get_data
#define X509_NAME_get_entry yaX509_NAME_get_entry
#define ASN1_STRING_to_UTF8 yaASN1_STRING_to_UTF8
#define SSLv23_client_method yaSSLv23_client_method
#define SSLv2_client_method yaSSLv2_client_method
#define SSL_get1_session yaSSL_get1_session
#define X509_get_notBefore yaX509_get_notBefore
#define X509_get_notAfter yaX509_get_notAfter
#define yaSSL_ASN1_TIME_to_string ya_SSL_ASN1_TIME_to_string
#define MD4_Init yaMD4_Init
#define MD4_Update yaMD4_Update
#define MD4_Final yaMD4_Final
#define MD5_Init yaMD5_Init
#define MD5_Update yaMD5_Update
#define MD5_Final yaMD5_Final
#define SSL_set_compression yaSSL_set_compression

21
extra/yassl/include/openssl/rand.h
View File

@ -1,21 +0,0 @@
/*
Copyright (C) 2005 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* rand.h for openSSL */

29
extra/yassl/include/openssl/rsa.h
View File

@ -1,29 +0,0 @@
/*
Copyright (C) 2005, 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* rsa.h for openSSL */
#ifndef yaSSL_rsa_h__
#define yaSSL_rsa_h__
enum { RSA_F4 = 1 };
#endif /* yaSSL_rsa_h__ */

20
extra/yassl/include/openssl/sha.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* sha.h for openvpn */

566
extra/yassl/include/openssl/ssl.h
View File

@ -1,566 +0,0 @@
/*
Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* ssl.h defines openssl compatibility layer
*
*/
#ifndef yaSSL_openssl_h__
#define yaSSL_openssl_h__
#ifdef YASSL_PREFIX
#include "prefix_ssl.h"
#endif
#include <stdio.h> /* ERR_print fp */
#include "opensslv.h" /* for version number */
#include "rsa.h"
#define YASSL_VERSION "2.4.4"
#if defined(__cplusplus)
extern "C" {
#endif
void yaSSL_CleanUp(); /* call once at end of application use to
free static singleton memory holders,
not a leak per se, but helpful when
looking for them */
#if defined(__cplusplus)
} // extern
#endif
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
namespace yaSSL {
extern "C" {
#endif
#undef X509_NAME /* wincrypt.h clash */
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
class SSL;
class SSL_SESSION;
class SSL_METHOD;
class SSL_CTX;
class SSL_CIPHER;
class RSA;
class X509;
class X509_NAME;
#else
typedef struct SSL SSL;
typedef struct SSL_SESSION SSL_SESSION;
typedef struct SSL_METHOD SSL_METHOD;
typedef struct SSL_CTX SSL_CTX;
typedef struct SSL_CIPHER SSL_CIPHER;
typedef struct RSA RSA;
typedef struct X509 X509;
typedef struct X509_NAME X509_NAME;
#endif
/* Big Number stuff, different file? */
typedef struct BIGNUM BIGNUM;
BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*);
/* Diffie-Hellman stuff, different file? */
/* mySQL deferences to set group parameters */
typedef struct DH {
BIGNUM* p;
BIGNUM* g;
} DH;
DH* DH_new(void);
void DH_free(DH*);
/* RSA stuff */
void RSA_free(RSA*);
RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
/* X509 stuff, different file? */
/* because mySQL dereferences to use error and current_cert, even after calling
* get functions for local references */
typedef struct X509_STORE_CTX {
int error;
int error_depth;
X509* current_cert;
} X509_STORE_CTX;
typedef struct X509_STORE X509_STORE;
typedef struct X509_LOOKUP X509_LOOKUP;
typedef struct X509_OBJECT { char c; } X509_OBJECT;
typedef struct X509_CRL X509_CRL;
typedef struct X509_REVOKED X509_REVOKED;
typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
void X509_free(X509*);
/* bio stuff */
typedef struct BIO BIO;
/* ASN stuff */
X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
int X509_STORE_CTX_get_error(X509_STORE_CTX*);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
char* X509_NAME_oneline(X509_NAME*, char*, int);
X509_NAME* X509_get_issuer_name(X509*);
X509_NAME* X509_get_subject_name(X509*);
const char* X509_verify_cert_error_string(long);
int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
X509_STORE* X509_STORE_new(void);
int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*,
X509_OBJECT*);
enum { /* X509 Constants */
X509_V_OK = 0,
X509_V_ERR_CERT_CHAIN_TOO_LONG = 1,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2,
X509_V_ERR_CERT_NOT_YET_VALID = 3,
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4,
X509_V_ERR_CERT_HAS_EXPIRED = 5,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6,
X509_FILETYPE_PEM = 7,
X509_LU_X509 = 8,
X509_LU_CRL = 9,
X509_V_ERR_CRL_SIGNATURE_FAILURE = 10,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11,
X509_V_ERR_CRL_HAS_EXPIRED = 12,
X509_V_ERR_CERT_REVOKED = 13,
X509_V_FLAG_CRL_CHECK = 14,
X509_V_FLAG_CRL_CHECK_ALL = 15
};
/* Error stuff, could move to yassl_error */
unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
void ERR_print_errors_fp(FILE*);
char* ERR_error_string(unsigned long,char*);
void ERR_remove_state(unsigned long);
unsigned long ERR_get_error(void);
unsigned long ERR_peek_error(void);
int ERR_GET_REASON(int);
enum { /* ERR Constants */
ERR_TXT_STRING = 1,
EVP_R_BAD_DECRYPT = 2
};
/*
Allow type used by SSL_set_fd to be changed, default to int
in order to be compatible with OpenSSL
*/
#ifndef YASSL_SOCKET_T_DEFINED
typedef int YASSL_SOCKET_T;
#endif
SSL_CTX* SSL_CTX_new(SSL_METHOD*);
SSL* SSL_new(SSL_CTX*);
int SSL_set_fd (SSL*, YASSL_SOCKET_T);
YASSL_SOCKET_T SSL_get_fd(const SSL*);
int SSL_connect(SSL*); /* if you get an error from connect
see note at top of README */
int SSL_write(SSL*, const void*, int);
int SSL_read(SSL*, void*, int);
int SSL_accept(SSL*);
void SSL_CTX_free(SSL_CTX*);
void SSL_free(SSL*);
int SSL_clear(SSL*);
int SSL_shutdown(SSL*);
void SSL_set_connect_state(SSL*);
void SSL_set_accept_state(SSL*);
int SSL_do_handshake(SSL*);
const char* SSL_get_cipher(SSL*);
const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */
char* SSL_get_shared_ciphers(SSL*, char*, int);
const char* SSL_get_cipher_list(SSL*, int);
const char* SSL_get_version(SSL*);
const char* SSLeay_version(int);
int SSL_get_error(SSL*, int);
void SSL_load_error_strings(void);
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
void SSL_flush_sessions(SSL_CTX *ctx, long tm);
long SSL_SESSION_set_timeout(SSL_SESSION*, long);
long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode);
X509* SSL_get_peer_certificate(SSL*);
long SSL_get_verify_result(SSL*);
typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);
void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback);
int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
int SSL_CTX_set_default_verify_paths(SSL_CTX*);
int SSL_CTX_check_private_key(SSL_CTX*);
int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
unsigned int);
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
long SSL_CTX_set_options(SSL_CTX*, long);
long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
long SSL_CTX_set_timeout(SSL_CTX*, long);
int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*);
void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
void SSL_CTX_set_info_callback(SSL_CTX*, void (*)());
long SSL_CTX_sess_accept(SSL_CTX*);
long SSL_CTX_sess_connect(SSL_CTX*);
long SSL_CTX_sess_accept_good(SSL_CTX*);
long SSL_CTX_sess_connect_good(SSL_CTX*);
long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
long SSL_CTX_sess_hits(SSL_CTX*);
long SSL_CTX_sess_cb_hits(SSL_CTX*);
long SSL_CTX_sess_cache_full(SSL_CTX*);
long SSL_CTX_sess_misses(SSL_CTX*);
long SSL_CTX_sess_timeouts(SSL_CTX*);
long SSL_CTX_sess_number(SSL_CTX*);
long SSL_CTX_sess_get_cache_size(SSL_CTX*);
int SSL_CTX_get_verify_mode(SSL_CTX*);
int SSL_get_verify_mode(SSL*);
int SSL_CTX_get_verify_depth(SSL_CTX*);
int SSL_get_verify_depth(SSL*);
long SSL_get_default_timeout(SSL*);
long SSL_CTX_get_session_cache_mode(SSL_CTX*);
int SSL_session_reused(SSL*);
int SSL_set_rfd(SSL*, int);
int SSL_set_wfd(SSL*, int);
void SSL_set_shutdown(SSL*, int);
void SSL_set_quiet_shutdown(SSL *ssl,int mode);
int SSL_get_quiet_shutdown(SSL *ssl);
int SSL_want_read(SSL*);
int SSL_want_write(SSL*);
int SSL_pending(SSL*);
enum { /* ssl Constants */
SSL_WOULD_BLOCK = -8,
SSL_BAD_STAT = -7,
SSL_BAD_PATH = -6,
SSL_BAD_FILETYPE = -5,
SSL_BAD_FILE = -4,
SSL_NOT_IMPLEMENTED = -3,
SSL_UNKNOWN = -2,
SSL_FATAL_ERROR = -1,
SSL_NORMAL_SHUTDOWN = 0,
SSL_ERROR_NONE = 0, /* for most functions */
SSL_FAILURE = 0, /* for some functions */
SSL_SUCCESS = 1,
SSL_FILETYPE_ASN1 = 10,
SSL_FILETYPE_PEM = 11,
SSL_FILETYPE_DEFAULT = 10, /* ASN1 */
SSL_VERIFY_NONE = 0,
SSL_VERIFY_PEER = 1,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
SSL_VERIFY_CLIENT_ONCE = 4,
SSL_SESS_CACHE_OFF = 30,
SSL_SESS_CACHE_CLIENT = 31,
SSL_SESS_CACHE_SERVER = 32,
SSL_SESS_CACHE_BOTH = 33,
SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
SSL_OP_MICROSOFT_SESS_ID_BUG = 50,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 51,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 55,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56,
SSL_OP_TLS_D5_BUG = 57,
SSL_OP_TLS_BLOCK_PADDING_BUG = 58,
SSL_OP_TLS_ROLLBACK_BUG = 59,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60,
SSL_OP_ALL = 61,
SSL_OP_SINGLE_DH_USE = 62,
SSL_OP_EPHEMERAL_RSA = 63,
SSL_OP_NO_SSLv2 = 64,
SSL_OP_NO_SSLv3 = 65,
SSL_OP_NO_TLSv1 = 66,
SSL_OP_PKCS1_CHECK_1 = 67,
SSL_OP_PKCS1_CHECK_2 = 68,
SSL_OP_NETSCAPE_CA_DN_BUG = 69,
SSL_OP_NON_EXPORT_FIRST = 70,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71,
SSL_ERROR_WANT_READ = 80,
SSL_ERROR_WANT_WRITE = 81,
SSL_ERROR_SYSCALL = 82,
SSL_ERROR_WANT_X509_LOOKUP = 83,
SSL_ERROR_ZERO_RETURN = 84,
SSL_ERROR_SSL = 85,
SSL_ST_CONNECT = 90,
SSL_ST_ACCEPT = 91,
SSL_CB_LOOP = 92,
SSL_SENT_SHUTDOWN = 93,
SSL_RECEIVED_SHUTDOWN = 94,
SSL_CB_ALERT = 95,
SSL_CB_READ = 96,
SSL_CB_HANDSHAKE_DONE = 97
};
SSL_METHOD *SSLv3_method(void);
SSL_METHOD *SSLv3_server_method(void);
SSL_METHOD *SSLv3_client_method(void);
SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
SSL_METHOD *TLSv1_1_server_method(void);
SSL_METHOD *TLSv1_1_client_method(void);
SSL_METHOD *SSLv23_server_method(void);
int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
int SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
void OpenSSL_add_all_algorithms(void);
int SSL_library_init();
int SSLeay_add_ssl_algorithms(void);
SSL_CIPHER* SSL_get_current_cipher(SSL*);
char* SSL_CIPHER_description(SSL_CIPHER*, char*, int);
char* SSL_alert_type_string_long(int);
char* SSL_alert_desc_string_long(int);
char* SSL_state_string_long(SSL*);
/* EVP stuff, des and md5, different file? */
typedef char EVP_MD;
typedef char EVP_CIPHER;
typedef struct EVP_PKEY EVP_PKEY;
typedef unsigned char DES_cblock[8];
typedef const DES_cblock const_DES_cblock;
typedef DES_cblock DES_key_schedule;
enum {
DES_ENCRYPT = 1,
DES_DECRYPT = 0
};
const EVP_MD* EVP_md5(void);
const EVP_CIPHER* EVP_des_ede3_cbc(void);
typedef unsigned char opaque;
int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*,
const opaque*, int, int, opaque*, opaque*);
void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*,
DES_key_schedule*, DES_key_schedule*, DES_cblock*, int);
/* RAND stuff */
void RAND_screen(void);
const char* RAND_file_name(char*, size_t);
int RAND_write_file(const char*);
int RAND_load_file(const char*, long);
/* for libcurl */
int RAND_status(void);
int RAND_bytes(unsigned char* buf, int num);
int DES_set_key(const_DES_cblock*, DES_key_schedule*);
void DES_set_odd_parity(DES_cblock*);
void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
void SSL_SESSION_free(SSL_SESSION* session);
int SSL_peek(SSL* ssl, void* buf, int num);
X509* SSL_get_certificate(SSL* ssl);
EVP_PKEY* SSL_get_privatekey(SSL* ssl);
EVP_PKEY* X509_get_pubkey(X509* x);
int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
void EVP_PKEY_free(EVP_PKEY* pkey);
void ERR_error_string_n(unsigned long e, char *buf, size_t len);
void ERR_free_strings(void);
void EVP_cleanup(void);
void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
#define GEN_IPADD 7
#define NID_subject_alt_name 85
#define STACK_OF(x) x
/* defined here because libcurl dereferences */
typedef struct ASN1_STRING {
int type;
int length;
unsigned char* data;
} ASN1_STRING;
typedef struct GENERAL_NAME {
int type;
union {
ASN1_STRING* ia5;
} d;
} GENERAL_NAME;
void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
unsigned char* ASN1_STRING_data(ASN1_STRING* x);
int ASN1_STRING_length(ASN1_STRING* x);
int ASN1_STRING_type(ASN1_STRING *x);
typedef ASN1_STRING X509_NAME_ENTRY;
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
#define OPENSSL_malloc(x) malloc(x)
#define OPENSSL_free(x) free(x)
int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */
SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */
SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */
#define CRYPTO_free(x) free(x)
#define ASN1_TIME ASN1_STRING
ASN1_TIME* X509_get_notBefore(X509* x);
ASN1_TIME* X509_get_notAfter(X509* x);
#define ASN1_UTCTIME ASN1_STRING
#define NID_commonName 13
#define V_ASN1_UTF8STRING 12
#define GEN_DNS 2
#define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */
typedef struct MD4_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} MD4_CTX;
void MD4_Init(MD4_CTX*);
void MD4_Update(MD4_CTX*, const void*, unsigned long);
void MD4_Final(unsigned char*, MD4_CTX*);
typedef struct MD5_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} MD5_CTX;
void MD5_Init(MD5_CTX*);
void MD5_Update(MD5_CTX*, const void*, unsigned long);
void MD5_Final(unsigned char*, MD5_CTX*);
#define MD5_DIGEST_LENGTH 16
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
/* yaSSL extensions */
int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */
char *yaSSL_ASN1_TIME_to_string(const ASN1_TIME *time, char *buf, size_t len);
#include "transport_types.h"
/*
Set functions for yaSSL to use in order to send and receive data.
These hooks are offered in order to enable non-blocking I/O. If
not set, yaSSL defaults to using send() and recv().
@todo Remove hooks and accompanying code when yaSSL is fixed.
*/
void yaSSL_transport_set_ptr(SSL *, void *);
void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t);
void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t);
#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
} /* namespace */
} /* extern "C" */
#endif
#endif /* yaSSL_openssl_h__ */

26
extra/yassl/include/openssl/transport_types.h
View File

@ -1,26 +0,0 @@
/*
Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
#ifndef yaSSL_transport_types_h__
#define yaSSL_transport_types_h__
/* Type of transport functions used for sending and receiving data. */
typedef long (*yaSSL_recv_func_t) (void *, void *, size_t, int);
typedef long (*yaSSL_send_func_t) (void *, const void *, size_t, int);
#endif

20
extra/yassl/include/openssl/x509.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* x509.h for libcurl */

20
extra/yassl/include/openssl/x509v3.h
View File

@ -1,20 +0,0 @@
/*
Copyright (C) 2006 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* x509v3.h for libcurl */

105
extra/yassl/include/socket_wrapper.hpp
View File

@ -1,105 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The socket wrapper header defines a Socket class that hides the differences
* between Berkely style sockets and Windows sockets, allowing transparent TCP
* access.
*/
#ifndef yaSSL_SOCKET_WRAPPER_HPP
#define yaSSL_SOCKET_WRAPPER_HPP
#ifdef _WIN32
#include <winsock2.h>
#else
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
namespace yaSSL {
typedef unsigned int uint;
#ifdef _WIN32
typedef SOCKET socket_t;
#else
typedef int socket_t;
const socket_t INVALID_SOCKET = -1;
const int SD_RECEIVE = 0;
const int SD_SEND = 1;
const int SD_BOTH = 2;
const int SOCKET_ERROR = -1;
#endif
extern "C" {
#include "openssl/transport_types.h"
}
typedef unsigned char byte;
// Wraps Windows Sockets and BSD Sockets
class Socket {
socket_t socket_; // underlying socket descriptor
bool wouldBlock_; // if non-blocking data, for last read
bool nonBlocking_; // is option set
void *ptr_; // Argument to transport function
yaSSL_send_func_t send_func_; // Function to send data
yaSSL_recv_func_t recv_func_; // Function to receive data
public:
explicit Socket(socket_t s = INVALID_SOCKET);
~Socket();
void set_fd(socket_t s);
uint get_ready() const;
socket_t get_fd() const;
void set_transport_ptr(void *ptr);
void set_transport_recv_function(yaSSL_recv_func_t recv_func);
void set_transport_send_function(yaSSL_send_func_t send_func);
uint send(const byte* buf, unsigned int len, unsigned int& sent,
int flags = 0);
uint receive(byte* buf, unsigned int len, int flags = 0);
bool wait();
bool WouldBlock() const;
bool IsNonBlocking() const;
void closeSocket();
void shutDown(int how = SD_SEND);
static int get_lastError();
static void set_lastError(int error);
private:
Socket(const Socket&); // hide copy
Socket& operator= (const Socket&); // and assign
};
} // naemspace
#endif // yaSSL_SOCKET_WRAPPER_HPP

41
extra/yassl/include/timer.hpp
View File

@ -1,41 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* timer.hpp provides a high res and low res timers
*
*/
#ifndef yaSSL_TIMER_HPP
#define yaSSL_TIMER_HPP
namespace yaSSL {
typedef double timer_d;
typedef unsigned int uint;
timer_d timer();
uint lowResTimer();
} // namespace
#endif // yaSSL_TIMER_HPP

86
extra/yassl/include/yassl.hpp
View File

@ -1,86 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL externel header defines yaSSL API
*/
#ifndef yaSSL_EXT_HPP
#define yaSSL_EXT_HPP
namespace yaSSL {
#ifdef _WIN32
typedef unsigned int SOCKET_T;
#else
typedef int SOCKET_T;
#endif
class Client {
public:
Client();
~Client();
// basics
int Connect(SOCKET_T);
int Write(const void*, int);
int Read(void*, int);
// options
void SetCA(const char*);
void SetCert(const char*);
void SetKey(const char*);
private:
struct ClientImpl;
ClientImpl* pimpl_;
Client(const Client&); // hide copy
Client& operator=(const Client&); // and assign
};
class Server {
public:
Server();
~Server();
// basics
int Accept(SOCKET_T);
int Write(const void*, int);
int Read(void*, int);
// options
void SetCA(const char*);
void SetCert(const char*);
void SetKey(const char*);
private:
struct ServerImpl;
ServerImpl* pimpl_;
Server(const Server&); // hide copy
Server& operator=(const Server&); // and assign
};
} // namespace yaSSL
#endif // yaSSL_EXT_HPP

88
extra/yassl/include/yassl_error.hpp
View File

@ -1,88 +0,0 @@
/*
Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL error header defines error codes and an exception class
*/
#ifndef yaSSL_ERROR_HPP
#define yaSSL_ERROR_HPP
namespace yaSSL {
enum YasslError {
no_error = 0,
// 10 - 47 from AlertDescription, 0 also close_notify
range_error = 101,
realloc_error = 102,
factory_error = 103,
unknown_cipher = 104,
prefix_error = 105,
record_layer = 106,
handshake_layer = 107,
out_of_order = 108,
bad_input = 109,
match_error = 110,
no_key_file = 111,
verify_error = 112,
send_error = 113,
receive_error = 114,
certificate_error = 115,
privateKey_error = 116,
badVersion_error = 117,
compress_error = 118,
decompress_error = 119,
pms_version_error = 120,
sanityCipher_error = 121,
rsaSignFault_error = 122
// !!!! add error message to .cpp !!!!
// 1000+ from TaoCrypt error.hpp
};
enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib };
enum { MAX_ERROR_SZ = 80 };
void SetErrorString(YasslError, char*);
/* remove for now, if go back to exceptions use this wrapper
// Base class for all yaSSL exceptions
class Error : public mySTL::runtime_error {
YasslError error_;
Library lib_;
public:
explicit Error(const char* s = "", YasslError e = no_error,
Library l = yaSSL_Lib);
YasslError get_number() const;
Library get_lib() const;
};
*/
} // naemspace
#endif // yaSSL_ERROR_HPP

748
extra/yassl/include/yassl_imp.hpp
View File

@ -1,748 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL implementation header defines all strucutres from the SSL.v3
* specification "draft-freier-ssl-version3-02.txt"
* all page citations refer to this document unless otherwise noted.
*/
#ifndef yaSSL_IMP_HPP
#define yaSSL_IMP_HPP
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
#include "yassl_types.hpp"
#include "factory.hpp"
#include STL_LIST_FILE
namespace STL = STL_NAMESPACE;
namespace yaSSL {
class SSL; // forward decls
class input_buffer;
class output_buffer;
struct ProtocolVersion {
uint8 major_;
uint8 minor_; // major and minor SSL/TLS version numbers
ProtocolVersion(uint8 maj = 3, uint8 min = 0);
};
// Record Layer Header for PlainText, Compressed, and CipherText
struct RecordLayerHeader {
ContentType type_;
ProtocolVersion version_;
uint16 length_; // should not exceed 2^14
};
// base for all messages
struct Message : public virtual_base {
virtual input_buffer& set(input_buffer&) =0;
virtual output_buffer& get(output_buffer&) const =0;
virtual void Process(input_buffer&, SSL&) =0;
virtual ContentType get_type() const =0;
virtual uint16 get_length() const =0;
virtual ~Message() {}
};
class ChangeCipherSpec : public Message {
CipherChoice type_;
public:
ChangeCipherSpec();
friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&);
friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
ContentType get_type() const;
uint16 get_length() const;
void Process(input_buffer&, SSL&);
private:
ChangeCipherSpec(const ChangeCipherSpec&); // hide copy
ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign
};
class Alert : public Message {
AlertLevel level_;
AlertDescription description_;
public:
Alert() {}
Alert(AlertLevel al, AlertDescription ad);
ContentType get_type() const;
uint16 get_length() const;
void Process(input_buffer&, SSL&);
friend input_buffer& operator>>(input_buffer&, Alert&);
friend output_buffer& operator<<(output_buffer&, const Alert&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
private:
Alert(const Alert&); // hide copy
Alert& operator=(const Alert&); // and assign
};
class Data : public Message {
uint16 length_;
opaque* buffer_; // read buffer used by fillData input
const opaque* write_buffer_; // write buffer used by output operator
public:
Data();
Data(uint16 len, opaque* b);
friend output_buffer& operator<<(output_buffer&, const Data&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
ContentType get_type() const;
uint16 get_length() const;
void set_length(uint16 l);
opaque* set_buffer();
void SetData(uint16, const opaque*);
void Process(input_buffer&, SSL&);
private:
Data(const Data&); // hide copy
Data& operator=(const Data&); // and assign
};
uint32 c24to32(const uint24); // forward form internal header
void c32to24(uint32, uint24&);
// HandShake header, same for each message type from page 20/21
class HandShakeHeader : public Message {
HandShakeType type_;
uint24 length_; // length of message
public:
HandShakeHeader() {}
ContentType get_type() const;
uint16 get_length() const;
HandShakeType get_handshakeType() const;
void Process(input_buffer&, SSL&);
void set_type(HandShakeType hst);
void set_length(uint32 u32);
friend input_buffer& operator>>(input_buffer&, HandShakeHeader&);
friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
private:
HandShakeHeader(const HandShakeHeader&); // hide copy
HandShakeHeader& operator=(const HandShakeHeader&); // and assign
};
// Base Class for all handshake messages
class HandShakeBase : public virtual_base {
int length_;
public:
int get_length() const;
void set_length(int);
// for building buffer's type field
virtual HandShakeType get_type() const =0;
// handles dispactch of proper >>
virtual input_buffer& set(input_buffer& in) =0;
virtual output_buffer& get(output_buffer& out) const =0;
virtual void Process(input_buffer&, SSL&) =0;
virtual ~HandShakeBase() {}
};
struct HelloRequest : public HandShakeBase {
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
};
// The Client's Hello Message from page 23
class ClientHello : public HandShakeBase {
ProtocolVersion client_version_;
Random random_;
uint8 id_len_; // session id length
opaque session_id_[ID_LEN];
uint16 suite_len_; // cipher suite length
opaque cipher_suites_[MAX_SUITE_SZ];
uint8 comp_len_; // compression length
CompressionMethod compression_methods_;
public:
friend input_buffer& operator>>(input_buffer&, ClientHello&);
friend output_buffer& operator<<(output_buffer&, const ClientHello&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
friend void buildClientHello(SSL&, ClientHello&);
friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
ClientHello();
ClientHello(ProtocolVersion pv, bool useCompression);
private:
ClientHello(const ClientHello&); // hide copy
ClientHello& operator=(const ClientHello&); // and assign
};
// The Server's Hello Message from page 24
class ServerHello : public HandShakeBase {
ProtocolVersion server_version_;
Random random_;
uint8 id_len_; // session id length
opaque session_id_[ID_LEN];
opaque cipher_suite_[SUITE_LEN];
CompressionMethod compression_method_;
public:
ServerHello(ProtocolVersion pv, bool useCompression);
ServerHello();
friend input_buffer& operator>>(input_buffer&, ServerHello&);
friend output_buffer& operator<<(output_buffer&, const ServerHello&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
const opaque* get_random() const;
friend void buildServerHello(SSL&, ServerHello&);
private:
ServerHello(const ServerHello&); // hide copy
ServerHello& operator=(const ServerHello&); // and assign
};
class x509;
// Certificate could be a chain
class Certificate : public HandShakeBase {
const x509* cert_;
public:
Certificate();
explicit Certificate(const x509* cert);
friend output_buffer& operator<<(output_buffer&, const Certificate&);
const opaque* get_buffer() const;
// Process handles input, needs SSL
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
private:
Certificate(const Certificate&); // hide copy
Certificate& operator=(const Certificate&); // and assign
};
// RSA Public Key
struct ServerRSAParams {
opaque* rsa_modulus_;
opaque* rsa_exponent_;
};
// Ephemeral Diffie-Hellman Parameters
class ServerDHParams {
int pSz_;
int gSz_;
int pubSz_;
opaque* p_;
opaque* g_;
opaque* Ys_;
public:
ServerDHParams();
~ServerDHParams();
int get_pSize() const;
int get_gSize() const;
int get_pubSize() const;
const opaque* get_p() const;
const opaque* get_g() const;
const opaque* get_pub() const;
opaque* alloc_p(int sz);
opaque* alloc_g(int sz);
opaque* alloc_pub(int sz);
private:
ServerDHParams(const ServerDHParams&); // hide copy
ServerDHParams& operator=(const ServerDHParams&); // and assign
};
struct ServerKeyBase : public virtual_base {
virtual ~ServerKeyBase() {}
virtual void build(SSL&) {}
virtual void read(SSL&, input_buffer&) {}
virtual int get_length() const;
virtual opaque* get_serverKey() const;
};
// Server random number for FORTEZZA KEA
struct Fortezza_Server : public ServerKeyBase {
opaque r_s_[FORTEZZA_MAX];
};
struct SignatureBase : public virtual_base {
virtual ~SignatureBase() {}
};
struct anonymous_sa : public SignatureBase {};
struct Hashes {
uint8 md5_[MD5_LEN];
uint8 sha_[SHA_LEN];
};
struct rsa_sa : public SignatureBase {
Hashes hashes_;
};
struct dsa_sa : public SignatureBase {
uint8 sha_[SHA_LEN];
};
// Server's Diffie-Hellman exchange
class DH_Server : public ServerKeyBase {
ServerDHParams parms_;
opaque* signature_;
int length_; // total length of message
opaque* keyMessage_; // total exchange message
public:
DH_Server();
~DH_Server();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_serverKey() const;
private:
DH_Server(const DH_Server&); // hide copy
DH_Server& operator=(const DH_Server&); // and assign
};
// Server's RSA exchange
struct RSA_Server : public ServerKeyBase {
ServerRSAParams params_;
opaque* signature_; // signed rsa_sa hashes
};
class ServerKeyExchange : public HandShakeBase {
ServerKeyBase* server_key_;
public:
explicit ServerKeyExchange(SSL&);
ServerKeyExchange();
~ServerKeyExchange();
void createKey(SSL&);
void build(SSL& ssl);
const opaque* getKey() const;
int getKeyLength() const;
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
private:
ServerKeyExchange(const ServerKeyExchange&); // hide copy
ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign
};
class CertificateRequest : public HandShakeBase {
ClientCertificateType certificate_types_[CERT_TYPES];
int typeTotal_;
STL::list<DistinguishedName> certificate_authorities_;
public:
CertificateRequest();
~CertificateRequest();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend input_buffer& operator>>(input_buffer&, CertificateRequest&);
friend output_buffer& operator<<(output_buffer&,
const CertificateRequest&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
void Build();
private:
CertificateRequest(const CertificateRequest&); // hide copy
CertificateRequest& operator=(const CertificateRequest&); // and assign
};
struct ServerHelloDone : public HandShakeBase {
ServerHelloDone();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer& input, SSL& ssl);
HandShakeType get_type() const;
};
struct PreMasterSecret {
opaque random_[SECRET_LEN]; // first two bytes Protocol Version
};
struct ClientKeyBase : public virtual_base {
virtual ~ClientKeyBase() {}
virtual void build(SSL&) {}
virtual void read(SSL&, input_buffer&) {}
virtual int get_length() const;
virtual opaque* get_clientKey() const;
};
class EncryptedPreMasterSecret : public ClientKeyBase {
opaque* secret_;
int length_;
public:
EncryptedPreMasterSecret();
~EncryptedPreMasterSecret();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_clientKey() const;
void alloc(int sz);
private:
// hide copy and assign
EncryptedPreMasterSecret(const EncryptedPreMasterSecret&);
EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&);
};
// Fortezza Key Parameters from page 29
// hard code lengths cause only used here
struct FortezzaKeys : public ClientKeyBase {
opaque y_c_ [128]; // client's Yc, public value
opaque r_c_ [128]; // client's Rc
opaque y_signature_ [40]; // DSS signed public key
opaque wrapped_client_write_key_ [12]; // wrapped by the TEK
opaque wrapped_server_write_key_ [12]; // wrapped by the TEK
opaque client_write_iv_ [24];
opaque server_write_iv_ [24];
opaque master_secret_iv_ [24]; // IV used to encrypt preMaster
opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK
};
// Diffie-Hellman public key from page 40/41
class ClientDiffieHellmanPublic : public ClientKeyBase {
PublicValueEncoding public_value_encoding_;
int length_; // includes two byte length for message
opaque* Yc_; // length + Yc_
// dh_Yc only if explicit, otherwise sent in certificate
enum { KEY_OFFSET = 2 };
public:
ClientDiffieHellmanPublic();
~ClientDiffieHellmanPublic();
void build(SSL&);
void read(SSL&, input_buffer&);
int get_length() const;
opaque* get_clientKey() const;
void alloc(int sz, bool offset = false);
private:
// hide copy and assign
ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&);
ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&);
};
class ClientKeyExchange : public HandShakeBase {
ClientKeyBase* client_key_;
public:
explicit ClientKeyExchange(SSL& ssl);
ClientKeyExchange();
~ClientKeyExchange();
void createKey(SSL&);
void build(SSL& ssl);
const opaque* getKey() const;
int getKeyLength() const;
friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
HandShakeType get_type() const;
void Process(input_buffer&, SSL&);
private:
ClientKeyExchange(const ClientKeyExchange&); // hide copy
ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign
};
class CertificateVerify : public HandShakeBase {
Hashes hashes_;
byte* signature_; // owns
public:
CertificateVerify();
~CertificateVerify();
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
friend input_buffer& operator>>(input_buffer&, CertificateVerify&);
friend output_buffer& operator<<(output_buffer&, const CertificateVerify&);
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
void Build(SSL&);
private:
CertificateVerify(const CertificateVerify&); // hide copy
CertificateVerify& operator=(const CertificateVerify&); // and assign
};
class Finished : public HandShakeBase {
Hashes hashes_;
public:
Finished();
uint8* set_md5();
uint8* set_sha();
friend input_buffer& operator>>(input_buffer&, Finished&);
friend output_buffer& operator<<(output_buffer&, const Finished&);
input_buffer& set(input_buffer& in);
output_buffer& get(output_buffer& out) const;
void Process(input_buffer&, SSL&);
HandShakeType get_type() const;
private:
Finished(const Finished&); // hide copy
Finished& operator=(const Finished&); // and assign
};
class RandomPool; // forward for connection
// SSL Connection defined on page 11
struct Connection {
opaque *pre_master_secret_;
opaque master_secret_[SECRET_LEN];
opaque client_random_[RAN_LEN];
opaque server_random_[RAN_LEN];
opaque sessionID_[ID_LEN];
opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size
opaque server_write_MAC_secret_[SHA_LEN];
opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz
opaque server_write_key_[AES_256_KEY_SZ];
opaque client_write_IV_[AES_IV_SZ]; // aes is max size
opaque server_write_IV_[AES_IV_SZ];
uint32 sequence_number_;
uint32 peer_sequence_number_;
uint32 pre_secret_len_; // pre master length
bool send_server_key_; // server key exchange?
bool master_clean_; // master secret clean?
bool TLS_; // TLSv1 or greater
bool TLSv1_1_; // TLSv1.1 or greater
bool sessionID_Set_; // do we have a session
bool compression_; // zlib compression?
ProtocolVersion version_; // negotiated version
ProtocolVersion chVersion_; // client hello version
RandomPool& random_;
Connection(ProtocolVersion v, RandomPool& ran);
~Connection();
void AllocPreSecret(uint sz);
void CleanPreMaster();
void CleanMaster();
void TurnOffTLS();
void TurnOffTLS1_1();
private:
Connection(const Connection&); // hide copy
Connection& operator=(const Connection&); // and assign
};
struct Ciphers; // forward
// TLSv1 Security Spec, defined on page 56 of RFC 2246
struct Parameters {
ConnectionEnd entity_;
BulkCipherAlgorithm bulk_cipher_algorithm_;
CipherType cipher_type_;
uint8 key_size_;
uint8 iv_size_;
IsExportable is_exportable_;
MACAlgorithm mac_algorithm_;
uint8 hash_size_;
CompressionMethod compression_algorithm_;
KeyExchangeAlgorithm kea_; // yassl additions
SignatureAlgorithm sig_algo_; // signature auth type
SignatureAlgorithm verify_algo_; // cert verify auth type
bool pending_;
bool resumable_; // new conns by session
uint16 encrypt_size_; // current msg encrypt sz
Cipher suite_[SUITE_LEN]; // choosen suite
uint8 suites_size_;
Cipher suites_[MAX_SUITE_SZ];
char cipher_name_[MAX_SUITE_NAME];
char cipher_list_[MAX_CIPHERS][MAX_SUITE_NAME];
bool removeDH_; // for server's later use
Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion, bool haveDH);
void SetSuites(ProtocolVersion pv, bool removeDH = false,
bool removeRSA = false, bool removeDSA = false);
void SetCipherNames();
private:
Parameters(const Parameters&); // hide copy
Parameters& operator=(const Parameters&); // and assing
};
input_buffer& operator>>(input_buffer&, RecordLayerHeader&);
output_buffer& operator<<(output_buffer&, const RecordLayerHeader&);
input_buffer& operator>>(input_buffer&, Message&);
output_buffer& operator<<(output_buffer&, const Message&);
input_buffer& operator>>(input_buffer&, HandShakeBase&);
output_buffer& operator<<(output_buffer&, const HandShakeBase&);
// Message Factory definition
// uses the ContentType enumeration for unique id
typedef Factory<Message> MessageFactory;
void InitMessageFactory(MessageFactory&); // registers derived classes
// HandShake Factory definition
// uses the HandShakeType enumeration for unique id
typedef Factory<HandShakeBase> HandShakeFactory;
void InitHandShakeFactory(HandShakeFactory&); // registers derived classes
// ServerKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique id
typedef Factory<ServerKeyBase> ServerKeyFactory;
void InitServerKeyFactory(ServerKeyFactory&);
// ClientKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique id
typedef Factory<ClientKeyBase> ClientKeyFactory;
void InitClientKeyFactory(ClientKeyFactory&);
// Message Creators
Message* CreateHandShake();
Message* CreateCipherSpec();
Message* CreateAlert();
Message* CreateData();
// HandShake Creators
HandShakeBase* CreateCertificate();
HandShakeBase* CreateHelloRequest();
HandShakeBase* CreateClientHello();
HandShakeBase* CreateServerHello();
HandShakeBase* CreateServerKeyExchange();
HandShakeBase* CreateCertificateRequest();
HandShakeBase* CreateServerHelloDone();
HandShakeBase* CreateClientKeyExchange();
HandShakeBase* CreateCertificateVerify();
HandShakeBase* CreateFinished();
// ServerKey Exchange Creators
ServerKeyBase* CreateRSAServerKEA();
ServerKeyBase* CreateDHServerKEA();
ServerKeyBase* CreateFortezzaServerKEA();
// ClientKey Exchange Creators
ClientKeyBase* CreateRSAClient();
ClientKeyBase* CreateDHClient();
ClientKeyBase* CreateFortezzaClient();
} // naemspace
#endif // yaSSL_IMP_HPP

724
extra/yassl/include/yassl_int.hpp
View File

@ -1,724 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL internal header defines SSL supporting types not specified in the
* draft along with type conversion functions and openssl compatibility
*/
#ifndef yaSSL_INT_HPP
#define yaSSL_INT_HPP
#include "yassl_imp.hpp"
#include "yassl_error.hpp"
#include "crypto_wrapper.hpp"
#include "cert_wrapper.hpp"
#include "log.hpp"
#include "lock.hpp"
#include "openssl/ssl.h" // ASN1_STRING and DH
// Check if _POSIX_THREADS should be forced
#if !defined(_POSIX_THREADS) && defined(__hpux)
// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented
#define _POSIX_THREADS
#endif
#ifdef _POSIX_THREADS
#include <pthread.h>
#endif
namespace STL = STL_NAMESPACE;
namespace yaSSL {
// State Machine for Record Layer Protocol
enum RecordLayerState {
recordNotReady = 0, // fatal error, no more processing
recordReady
};
// State Machine for HandShake Protocol
enum HandShakeState {
handShakeNotReady = 0, // fatal error, no more processing
preHandshake, // initial state
inHandshake, // handshake started
handShakeReady // handshake done
};
// client input HandShake state, use if HandShakeState == inHandShake
enum ClientState {
serverNull = 0,
serverHelloComplete,
serverCertComplete,
serverKeyExchangeComplete,
serverHelloDoneComplete,
serverFinishedComplete
};
// server input HandShake state, use if HandShakeState == inHandShake
enum ServerState {
clientNull = 0,
clientHelloComplete,
clientKeyExchangeComplete,
clientFinishedComplete
};
// client connect state for nonblocking restart
enum ConnectState {
CONNECT_BEGIN = 0,
CLIENT_HELLO_SENT,
FIRST_REPLY_DONE,
FINISHED_DONE,
SECOND_REPLY_DONE
};
// server accpet state for nonblocking restart
enum AcceptState {
ACCEPT_BEGIN = 0,
ACCEPT_FIRST_REPLY_DONE,
SERVER_HELLO_DONE,
ACCEPT_SECOND_REPLY_DONE,
ACCEPT_FINISHED_DONE,
ACCEPT_THIRD_REPLY_DONE
};
// track received messages to explicitly disallow duplicate messages
struct RecvdMessages {
uint8 gotClientHello_;
uint8 gotServerHello_;
uint8 gotCert_;
uint8 gotServerKeyExchange_;
uint8 gotCertRequest_;
uint8 gotServerHelloDone_;
uint8 gotCertVerify_;
uint8 gotClientKeyExchange_;
uint8 gotFinished_;
RecvdMessages() : gotClientHello_(0), gotServerHello_(0), gotCert_(0),
gotServerKeyExchange_(0), gotCertRequest_(0),
gotServerHelloDone_(0), gotCertVerify_(0),
gotClientKeyExchange_(0), gotFinished_(0)
{}
};
// combines all states
class States {
RecordLayerState recordLayer_;
HandShakeState handshakeLayer_;
ClientState clientState_;
ServerState serverState_;
ConnectState connectState_;
AcceptState acceptState_;
RecvdMessages recvdMessages_;
char errorString_[MAX_ERROR_SZ];
YasslError what_;
public:
States();
const RecordLayerState& getRecord() const;
const HandShakeState& getHandShake() const;
const ClientState& getClient() const;
const ServerState& getServer() const;
const ConnectState& GetConnect() const;
const AcceptState& GetAccept() const;
const char* getString() const;
YasslError What() const;
RecordLayerState& useRecord();
HandShakeState& useHandShake();
ClientState& useClient();
ServerState& useServer();
ConnectState& UseConnect();
AcceptState& UseAccept();
char* useString();
void SetError(YasslError);
int SetMessageRecvd(HandShakeType);
private:
States(const States&); // hide copy
States& operator=(const States&); // and assign
};
// holds all factories
class sslFactory {
MessageFactory messageFactory_; // creates new messages by type
HandShakeFactory handShakeFactory_; // creates new handshake types
ServerKeyFactory serverKeyFactory_; // creates new server key types
ClientKeyFactory clientKeyFactory_; // creates new client key types
sslFactory(); // only GetSSL_Factory creates
public:
const MessageFactory& getMessage() const;
const HandShakeFactory& getHandShake() const;
const ServerKeyFactory& getServerKey() const;
const ClientKeyFactory& getClientKey() const;
friend sslFactory& GetSSL_Factory(); // singleton creator
private:
sslFactory(const sslFactory&); // hide copy
sslFactory& operator=(const sslFactory&); // and assign
};
#undef X509_NAME // wincrypt.h clash
// openSSL X509 names
class X509_NAME {
char* name_;
size_t sz_;
int cnPosition_; // start of common name, -1 is none
int cnLen_; // length of above
ASN1_STRING entry_;
public:
X509_NAME(const char*, size_t sz, int pos, int len);
~X509_NAME();
const char* GetName() const;
ASN1_STRING* GetEntry(int i);
size_t GetLength() const;
int GetCnPosition() const { return cnPosition_; }
int GetCnLength() const { return cnLen_; }
private:
X509_NAME(const X509_NAME&); // hide copy
X509_NAME& operator=(const X509_NAME&); // and assign
};
class StringHolder {
ASN1_STRING asnString_;
public:
StringHolder(const char* str, int sz, byte type= 0);
~StringHolder();
ASN1_STRING* GetString();
private:
StringHolder(const StringHolder&); // hide copy
StringHolder& operator=(const StringHolder&); // and assign
};
// openSSL X509
class X509 {
X509_NAME issuer_;
X509_NAME subject_;
StringHolder beforeDate_; // not valid before
StringHolder afterDate_; // not valid after
public:
X509(const char* i, size_t, const char* s, size_t,
ASN1_STRING *b, ASN1_STRING *a, int, int, int, int);
~X509() {}
X509_NAME* GetIssuer();
X509_NAME* GetSubject();
ASN1_STRING* GetBefore();
ASN1_STRING* GetAfter();
private:
X509(const X509&); // hide copy
X509& operator=(const X509&); // and assign
};
// openSSL bignum
struct BIGNUM {
/*
gcc 2.96 fix: because of two Integer classes (yaSSL::Integer and
TaoCrypt::Integer), we need to explicitly state the namespace
here to let gcc 2.96 deduce the correct type.
*/
yaSSL::Integer int_;
void assign(const byte* b, uint s) { int_.assign(b,s); }
};
// openSSL session
class SSL_SESSION {
opaque sessionID_[ID_LEN];
opaque master_secret_[SECRET_LEN];
Cipher suite_[SUITE_LEN];
uint bornOn_; // create time in seconds
uint timeout_; // timeout in seconds
RandomPool& random_; // will clean master secret
X509* peerX509_;
public:
explicit SSL_SESSION(RandomPool&);
SSL_SESSION(const SSL&, RandomPool&);
~SSL_SESSION();
const opaque* GetID() const;
const opaque* GetSecret() const;
const Cipher* GetSuite() const;
uint GetBornOn() const;
uint GetTimeOut() const;
X509* GetPeerX509() const;
void SetTimeOut(uint);
SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption
private:
SSL_SESSION(const SSL_SESSION&); // hide copy
void CopyX509(X509*);
};
// holds all sessions
class Sessions {
STL::list<SSL_SESSION*> list_;
RandomPool random_; // for session cleaning
Mutex mutex_; // no-op for single threaded
int count_; // flush counter
Sessions() : count_(0) {} // only GetSessions can create
public:
SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0);
void add(const SSL&);
void remove(const opaque*);
void Flush();
~Sessions();
friend Sessions& GetSessions(); // singleton creator
private:
Sessions(const Sessions&); // hide copy
Sessions& operator=(const Sessions&); // and assign
};
#ifdef _POSIX_THREADS
typedef pthread_t THREAD_ID_T;
#else
typedef DWORD THREAD_ID_T;
#endif
// thread error data
struct ThreadError {
THREAD_ID_T threadID_;
int errorID_;
};
// holds all errors
class Errors {
STL::list<ThreadError> list_;
Mutex mutex_;
Errors() {} // only GetErrors can create
public:
int Lookup(bool peek); // self lookup
void Add(int);
void Remove(); // remove self
~Errors() {}
friend Errors& GetErrors(); // singleton creator
private:
Errors(const Errors&); // hide copy
Errors& operator=(const Errors); // and assign
};
Sessions& GetSessions(); // forward singletons
sslFactory& GetSSL_Factory();
Errors& GetErrors();
bool HasErrors();
// openSSL method and context types
class SSL_METHOD {
ProtocolVersion version_;
ConnectionEnd side_;
bool verifyPeer_; // request or send certificate
bool verifyNone_; // whether to verify certificate
bool failNoCert_;
bool multipleProtocol_; // for SSLv23 compatibility
public:
SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv,
bool multipleProtocol = false);
ProtocolVersion getVersion() const;
ConnectionEnd getSide() const;
void setVerifyPeer();
void setVerifyNone();
void setFailNoCert();
bool verifyPeer() const;
bool verifyNone() const;
bool failNoCert() const;
bool multipleProtocol() const;
private:
SSL_METHOD(const SSL_METHOD&); // hide copy
SSL_METHOD& operator=(const SSL_METHOD&); // and assign
};
struct Ciphers {
bool setSuites_; // user set suites from default
byte suites_[MAX_SUITE_SZ]; // new suites
int suiteSz_; // suite length in bytes
Ciphers() : setSuites_(false), suiteSz_(0) {}
};
struct DH; // forward
// save for SSL construction
struct DH_Parms {
Integer p_;
Integer g_;
bool set_; // if set by user
DH_Parms() : set_(false) {}
};
enum StatsField {
Accept, Connect, AcceptGood, ConnectGood, AcceptRenegotiate,
ConnectRenegotiate, Hits, CbHits, CacheFull, Misses, Timeouts, Number,
GetCacheSize, VerifyMode, VerifyDepth
};
// SSL stats
struct Stats {
long accept_;
long connect_;
long acceptGood_;
long connectGood_;
long acceptRenegotiate_;
long connectRenegotiate_;
long hits_;
long cbHits_;
long cacheFull_;
long misses_;
long timeouts_;
long number_;
long getCacheSize_;
int verifyMode_;
int verifyDepth_;
public:
Stats() : accept_(0), connect_(0), acceptGood_(0), connectGood_(0),
acceptRenegotiate_(0), connectRenegotiate_(0), hits_(0), cbHits_(0),
cacheFull_(0), misses_(0), timeouts_(0), number_(0), getCacheSize_(0),
verifyMode_(0), verifyDepth_(0)
{}
private:
Stats(const Stats&); // hide copy
Stats& operator=(const Stats&); // and assign
};
// the SSL context
class SSL_CTX {
public:
typedef STL::list<x509*> CertList;
private:
SSL_METHOD* method_;
x509* certificate_;
x509* privateKey_;
CertList caList_;
Ciphers ciphers_;
DH_Parms dhParms_;
pem_password_cb passwordCb_;
void* userData_;
bool sessionCacheOff_;
bool sessionCacheFlushOff_;
Stats stats_;
Mutex mutex_; // for Stats
VerifyCallback verifyCallback_;
public:
explicit SSL_CTX(SSL_METHOD* meth);
~SSL_CTX();
const x509* getCert() const;
const x509* getKey() const;
const SSL_METHOD* getMethod() const;
const Ciphers& GetCiphers() const;
const DH_Parms& GetDH_Parms() const;
const Stats& GetStats() const;
VerifyCallback getVerifyCallback() const;
pem_password_cb GetPasswordCb() const;
void* GetUserData() const;
bool GetSessionCacheOff() const;
bool GetSessionCacheFlushOff() const;
void setVerifyPeer();
void setVerifyNone();
void setFailNoCert();
void setVerifyCallback(VerifyCallback);
bool SetCipherList(const char*);
bool SetDH(const DH&);
void SetPasswordCb(pem_password_cb cb);
void SetUserData(void*);
void SetSessionCacheOff();
void SetSessionCacheFlushOff();
void IncrementStats(StatsField);
void AddCA(x509* ca);
const CertList& GetCA_List() const;
friend int read_file(SSL_CTX*, const char*, int, CertType);
private:
SSL_CTX(const SSL_CTX&); // hide copy
SSL_CTX& operator=(const SSL_CTX&); // and assign
};
// holds all cryptographic types
class Crypto {
Digest* digest_; // agreed upon digest
BulkCipher* cipher_; // agreed upon cipher
DiffieHellman* dh_; // dh parms
RandomPool random_; // random number generator
CertManager cert_; // manages certificates
public:
explicit Crypto();
~Crypto();
const Digest& get_digest() const;
const BulkCipher& get_cipher() const;
const DiffieHellman& get_dh() const;
const RandomPool& get_random() const;
const CertManager& get_certManager() const;
Digest& use_digest();
BulkCipher& use_cipher();
DiffieHellman& use_dh();
RandomPool& use_random();
CertManager& use_certManager();
void SetDH(DiffieHellman*);
void SetDH(const DH_Parms&);
void setDigest(Digest*);
void setCipher(BulkCipher*);
bool DhSet();
private:
Crypto(const Crypto&); // hide copy
Crypto& operator=(const Crypto&); // and assign
};
// holds all handshake and verify hashes
class sslHashes {
MD5 md5HandShake_; // md5 handshake hash
SHA shaHandShake_; // sha handshake hash
Finished verify_; // peer's verify hash
Hashes certVerify_; // peer's cert verify hash
public:
sslHashes() {}
const MD5& get_MD5() const;
const SHA& get_SHA() const;
const Finished& get_verify() const;
const Hashes& get_certVerify() const;
MD5& use_MD5();
SHA& use_SHA();
Finished& use_verify();
Hashes& use_certVerify();
private:
sslHashes(const sslHashes&); // hide copy
sslHashes& operator=(const sslHashes&); // and assign
};
// holds input and output buffers
class Buffers {
public:
typedef STL::list<input_buffer*> inputList;
typedef STL::list<output_buffer*> outputList;
int prevSent; // previous plain text bytes sent when got WANT_WRITE
int plainSz; // plain text bytes in buffer to send when got WANT_WRITE
private:
inputList dataList_; // list of users app data / handshake
outputList handShakeList_; // buffered handshake msgs
input_buffer* rawInput_; // buffered raw input yet to process
output_buffer* output_; // WANT_WRITE buffered output
public:
Buffers();
~Buffers();
const inputList& getData() const;
const outputList& getHandShake() const;
inputList& useData();
outputList& useHandShake();
void SetRawInput(input_buffer*); // takes ownership
input_buffer* TakeRawInput(); // takes ownership
void SetOutput(output_buffer*); // takes ownership
output_buffer* TakeOutput(); // takes ownership
private:
Buffers(const Buffers&); // hide copy
Buffers& operator=(const Buffers&); // and assign
};
// wraps security parameters
class Security {
Connection conn_; // connection information
Parameters parms_; // may be pending
SSL_SESSION resumeSession_; // if resuming
SSL_CTX* ctx_; // context used to init
bool resuming_; // trying to resume
public:
Security(ProtocolVersion, RandomPool&, ConnectionEnd, const Ciphers&,
SSL_CTX*, bool);
const SSL_CTX* GetContext() const;
const Connection& get_connection() const;
const Parameters& get_parms() const;
const SSL_SESSION& get_resume() const;
bool get_resuming() const;
Connection& use_connection();
Parameters& use_parms();
SSL_SESSION& use_resume();
void set_resuming(bool b);
private:
Security(const Security&); // hide copy
Security& operator=(const Security&); // and assign
};
// THE SSL type
class SSL {
Crypto crypto_; // agreed crypto agents
Security secure_; // Connection and Session parms
States states_; // Record and HandShake states
sslHashes hashes_; // handshake, finished hashes
Socket socket_; // socket wrapper
Buffers buffers_; // buffered handshakes and data
Log log_; // logger
bool quietShutdown_;
// optimization variables
bool has_data_; // buffered data ready?
public:
SSL(SSL_CTX* ctx);
// gets and uses
const Crypto& getCrypto() const;
const Security& getSecurity() const;
const States& getStates() const;
const sslHashes& getHashes() const;
const sslFactory& getFactory() const;
const Socket& getSocket() const;
YasslError GetError() const;
bool GetMultiProtocol() const;
bool CompressionOn() const;
Crypto& useCrypto();
Security& useSecurity();
States& useStates();
sslHashes& useHashes();
Socket& useSocket();
Log& useLog();
Buffers& useBuffers();
bool HasData() const;
bool GetQuietShutdown() const;
// sets
void set_pending(Cipher suite);
void set_random(const opaque*, ConnectionEnd);
void set_sessionID(const opaque*);
void set_session(SSL_SESSION*);
void set_preMaster(const opaque*, uint);
void set_masterSecret(const opaque*);
void SetError(YasslError);
int SetCompression();
void UnSetCompression();
void SetQuietShutdown(bool mode);
// helpers
bool isTLS() const;
bool isTLSv1_1() const;
void order_error();
void makeMasterSecret();
void makeTLSMasterSecret();
void addData(input_buffer* data);
void fillData(Data&);
void PeekData(Data&);
void addBuffer(output_buffer* b);
void flushBuffer();
void verifyState(const RecordLayerHeader&);
void verifyState(const HandShakeHeader&);
void verifyState(ClientState);
void verifyState(ServerState);
void verfiyHandShakeComplete();
void matchSuite(const opaque*, uint length);
void deriveKeys();
void deriveTLSKeys();
void Send(const byte*, uint);
void SendWriteBuffered();
uint bufferedData();
uint get_SEQIncrement(bool);
const byte* get_macSecret(bool);
private:
void storeKeys(const opaque*);
void setKeys();
void verifyClientState(HandShakeType);
void verifyServerState(HandShakeType);
SSL(const SSL&); // hide copy
const SSL& operator=(const SSL&); // and assign
};
// compression
int Compress(const byte*, int, input_buffer&);
int DeCompress(input_buffer&, int, input_buffer&);
// conversion functions
void c32to24(uint32, uint24&);
void c24to32(const uint24, uint32&);
uint32 c24to32(const uint24);
void ato16(const opaque*, uint16&);
void ato24(const opaque*, uint24&);
void c16toa(uint16, opaque*);
void c24toa(const uint24, opaque*);
void c32toa(uint32 u32, opaque*);
} // naemspace
#endif // yaSSL_INT_HPP

540
extra/yassl/include/yassl_types.hpp
View File

@ -1,540 +0,0 @@
/*
Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL types header defines all constants, enums, and typedefs
* from the SSL.v3 specification "draft-freier-ssl-version3-02.txt"
*/
#ifndef yaSSL_TYPES_HPP
#define yaSSL_TYPES_HPP
#include <stddef.h>
#include "type_traits.hpp"
#ifdef _MSC_VER
// disable conversion warning
// 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
#pragma warning(disable:4244 4996)
#endif
#ifdef _MSC_VER
// disable conversion warning
// 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
#pragma warning(disable:4244 4996)
#endif
namespace yaSSL {
#define YASSL_LIB
#ifdef YASSL_PURE_C
// library allocation
struct new_t {}; // yaSSL New type
extern new_t ys; // pass in parameter
} // namespace yaSSL
void* operator new (size_t, yaSSL::new_t);
void* operator new[](size_t, yaSSL::new_t);
void operator delete (void*, yaSSL::new_t);
void operator delete[](void*, yaSSL::new_t);
namespace yaSSL {
template<typename T>
void ysDelete(T* ptr)
{
if (ptr) ptr->~T();
::operator delete(ptr, yaSSL::ys);
}
template<typename T>
void ysArrayDelete(T* ptr)
{
// can't do array placement destruction since not tracking size in
// allocation, only allow builtins to use array placement since they
// don't need destructors called
typedef char builtin[TaoCrypt::IsFundamentalType<T>::Yes ? 1 : -1];
(void)sizeof(builtin);
::operator delete[](ptr, yaSSL::ys);
}
#define NEW_YS new (yaSSL::ys)
// to resolve compiler generated operator delete on base classes with
// virtual destructors (when on stack)
class virtual_base {
public:
static void operator delete(void*) { }
};
#else // YASSL_PURE_C
template<typename T>
void ysDelete(T* ptr)
{
delete ptr;
}
template<typename T>
void ysArrayDelete(T* ptr)
{
delete[] ptr;
}
#define NEW_YS new
class virtual_base {};
#endif // YASSL_PURE_C
typedef unsigned char uint8;
typedef unsigned short uint16;
typedef unsigned int uint32;
typedef uint8 uint24[3];
typedef uint32 uint64[2];
typedef uint8 opaque;
typedef opaque byte;
typedef unsigned int uint;
#ifdef USE_SYS_STL
// use system STL
#define STL_VECTOR_FILE <vector>
#define STL_LIST_FILE <list>
#define STL_ALGORITHM_FILE <algorithm>
#define STL_MEMORY_FILE <memory>
#define STL_PAIR_FILE <utility>
#define STL_NAMESPACE std
#else
// use mySTL
#define STL_VECTOR_FILE "vector.hpp"
#define STL_LIST_FILE "list.hpp"
#define STL_ALGORITHM_FILE "algorithm.hpp"
#define STL_MEMORY_FILE "memory.hpp"
#define STL_PAIR_FILE "pair.hpp"
#define STL_NAMESPACE mySTL
#endif
#ifdef min
#undef min
#endif
template <typename T>
T min(T a, T b)
{
return a < b ? a : b;
}
// all length constants in bytes
const int ID_LEN = 32; // session id length
const int SUITE_LEN = 2; // cipher suite length
const int SECRET_LEN = 48; // pre RSA and all master secret length
const int MASTER_ROUNDS = 3; // master secret derivation rounds
const int RAN_LEN = 32; // client and server random length
const int MAC_BLOCK_SZ = 64; // MAC block size, & padding
const int MD5_LEN = 16; // MD5 digest length
const int SHA_LEN = 20; // SHA digest length
const int RMD_LEN = 20; // RIPEMD-160 digest length
const int PREFIX = 3; // up to 3 prefix letters for secret rounds
const int KEY_PREFIX = 7; // up to 7 prefix letters for key rounds
const int FORTEZZA_MAX = 128; // Maximum Fortezza Key length
const int MAX_SUITE_SZ = 128; // 64 max suites * sizeof(suite)
const int MAX_SUITE_NAME = 48; // max length of suite name
const int MAX_CIPHERS = 32; // max supported ciphers for cipher list
const int SIZEOF_ENUM = 1; // SSL considers an enum 1 byte, not 4
const int SIZEOF_SENDER = 4; // Sender constant, for finished generation
const int PAD_MD5 = 48; // pad length 1 and 2 for md5 finished
const int PAD_SHA = 40; // should be 44, specd wrong by netscape
const int PAD_RMD = 44; // pad length for RIPEMD-160, some use 40??
const int CERT_HEADER = 3; // always use 3 bytes for certificate
const int CERT_TYPES = 7; // certificate request types
const int REQUEST_HEADER = 2; // request uses 2 bytes
const int VERIFY_HEADER = 2; // verify length field
const int MIN_CERT_TYPES = 1; // minimum certificate request types
const int MIN_DIS_NAMES = 3; // minimum distinguished names
const int MIN_DIS_SIZE = 1; // minimum distinguished name size
const int RECORD_HEADER = 5; // type + version + length(2)
const int HANDSHAKE_HEADER = 4; // type + length(3)
const int FINISHED_SZ = MD5_LEN + SHA_LEN; // sizeof finished data
const int TLS_FINISHED_SZ = 12; // TLS verify data size
const int SEQ_SZ = 8; // 64 bit sequence number
const int LENGTH_SZ = 2; // length field for HMAC, data only
const int VERSION_SZ = SIZEOF_ENUM * 2; // SSL/TLS length of version
const int DES_KEY_SZ = 8; // DES Key length
const int DES_EDE_KEY_SZ = 24; // DES EDE Key length
const int DES_BLOCK = 8; // DES is always fixed block size 8
const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES
const int RC4_KEY_SZ = 16; // RC4 Key length
const int AES_128_KEY_SZ = 16; // AES 128bit Key length
const int AES_192_KEY_SZ = 24; // AES 192bit Key length
const int AES_256_KEY_SZ = 32; // AES 256bit Key length
const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268
const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length
const int DSS_SIG_SZ = 40; // two 20 byte high byte first Integers
const int DSS_ENCODED_EXTRA = 6; // seqID + len(1) + (intID + len(1)) * 2
const int EVP_SALT_SZ = 8;
const int MASTER_LABEL_SZ = 13; // TLS master secret label size
const int KEY_LABEL_SZ = 13; // TLS key block expansion size
const int FINISHED_LABEL_SZ = 15; // TLS finished lable length
const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random
const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds
const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard
const int COMPRESS_EXTRA = 1024; // extra compression possible addition
const int SESSION_FLUSH_COUNT = 256; // when to flush session cache
const int MAX_PAD_SIZE = 256; // max TLS padding size
const int COMPRESS_CONSTANT = 13; // compression calculation constant
const int COMPRESS_UPPER = 55; // compression calculation numerator
const int COMPRESS_LOWER = 64; // compression calculation denominator
const int COMPRESS_DUMMY_SIZE = 64; // compression dummy round size
typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS
typedef opaque Random[RAN_LEN];
typedef opaque* DistinguishedName;
typedef bool IsExportable;
enum CompressionMethod { no_compression = 0, zlib = 221 };
enum CipherType { stream, block };
enum CipherChoice { change_cipher_spec_choice = 1 };
enum PublicValueEncoding { implicit_encoding, explicit_encoding };
enum ConnectionEnd { server_end, client_end };
enum AlertLevel { warning = 1, fatal = 2 };
// Record Layer Header identifier from page 12
enum ContentType {
no_type = 0,
change_cipher_spec = 20,
alert = 21,
handshake = 22,
application_data = 23
};
// HandShake Layer Header identifier from page 20
enum HandShakeType {
no_shake = -1,
hello_request = 0,
client_hello = 1,
server_hello = 2,
certificate = 11,
server_key_exchange = 12,
certificate_request = 13,
server_hello_done = 14,
certificate_verify = 15,
client_key_exchange = 16,
finished = 20
};
// Valid Alert types from page 16/17
enum AlertDescription {
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
decompression_failure = 30,
handshake_failure = 40,
no_certificate = 41,
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
certificate_expired = 45,
certificate_unknown = 46,
illegal_parameter = 47
};
// Supported Key Exchange Protocols
enum KeyExchangeAlgorithm {
no_kea = 0,
rsa_kea,
diffie_hellman_kea,
fortezza_kea
};
// Supported Authentication Schemes
enum SignatureAlgorithm {
anonymous_sa_algo = 0,
rsa_sa_algo,
dsa_sa_algo
};
// Valid client certificate request types from page 27
enum ClientCertificateType {
rsa_sign = 1,
dss_sign = 2,
rsa_fixed_dh = 3,
dss_fixed_dh = 4,
rsa_ephemeral_dh = 5,
dss_ephemeral_dh = 6,
fortezza_kea_cert = 20
};
// Supported Ciphers from page 43
enum BulkCipherAlgorithm {
cipher_null,
rc4,
rc2,
des,
triple_des, // leading 3 (3des) not valid identifier
des40,
idea,
aes
};
// Supported Message Authentication Codes from page 43
enum MACAlgorithm {
no_mac,
md5,
sha,
rmd
};
// Certificate file Type
enum CertType { Cert = 0, PrivateKey, CA };
// all Cipher Suites from pages 41/42
const Cipher SSL_NULL_WITH_NULL_NULL = 0; // { 0x00, 0x00 }
const Cipher SSL_RSA_WITH_NULL_MD5 = 1; // { 0x00, 0x01 }
const Cipher SSL_RSA_WITH_NULL_SHA = 2; // { 0x00, 0x02 }
const Cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3; // { 0x00, 0x03 }
const Cipher SSL_RSA_WITH_RC4_128_MD5 = 4; // { 0x00, 0x04 }
const Cipher SSL_RSA_WITH_RC4_128_SHA = 5; // { 0x00, 0x05 }
const Cipher SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6; // { 0x00, 0x06 }
const Cipher SSL_RSA_WITH_IDEA_CBC_SHA = 7; // { 0x00, 0x07 }
const Cipher SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8; // { 0x00, 0x08 }
const Cipher SSL_RSA_WITH_DES_CBC_SHA = 9; // { 0x00, 0x09 }
const Cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10; // { 0x00, 0x0A }
const Cipher SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11; // { 0x00, 0x0B }
const Cipher SSL_DH_DSS_WITH_DES_CBC_SHA = 12; // { 0x00, 0x0C }
const Cipher SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13; // { 0x00, 0x0D }
const Cipher SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14; // { 0x00, 0x0E }
const Cipher SSL_DH_RSA_WITH_DES_CBC_SHA = 15; // { 0x00, 0x0F }
const Cipher SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16; // { 0x00, 0x10 }
const Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17; // { 0x00, 0x11 }
const Cipher SSL_DHE_DSS_WITH_DES_CBC_SHA = 18; // { 0x00, 0x12 }
const Cipher SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19; // { 0x00, 0x13 }
const Cipher SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20; // { 0x00, 0x14 }
const Cipher SSL_DHE_RSA_WITH_DES_CBC_SHA = 21; // { 0x00, 0x15 }
const Cipher SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22; // { 0x00, 0x16 }
const Cipher SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23; // { 0x00, 0x17 }
const Cipher SSL_DH_anon_WITH_RC4_128_MD5 = 24; // { 0x00, 0x18 }
const Cipher SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25; // { 0x00, 0x19 }
const Cipher SSL_DH_anon_WITH_DES_CBC_SHA = 26; // { 0x00, 0x1A }
const Cipher SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27; // { 0x00, 0x1B }
const Cipher SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28; // { 0x00, 0x1C }
const Cipher SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29; // { 0x00, 0x1D }
const Cipher SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30; // { 0x00, 0x1E }
// .. to 0x2B uses Kerberos Authentication
// TLS AES extensions
const Cipher TLS_RSA_WITH_AES_128_CBC_SHA = 47; // { 0x00, 0x2F }
const Cipher TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48; // { 0x00, 0x30 }
const Cipher TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49; // { 0x00, 0x31 }
const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50; // { 0x00, 0x32 }
const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51; // { 0x00, 0x33 }
const Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA = 52; // { 0x00, 0x34 }
const Cipher TLS_RSA_WITH_AES_256_CBC_SHA = 53; // { 0x00, 0x35 }
const Cipher TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54; // { 0x00, 0x36 }
const Cipher TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55; // { 0x00, 0x37 }
const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56; // { 0x00, 0x38 }
const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57; // { 0x00, 0x39 }
const Cipher TLS_DH_anon_WITH_AES_256_CBC_SHA = 58; // { 0x00, 0x3A }
// OpenPGP extensions
const Cipher TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114; // { 0x00, 0x72 };
const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115; // { 0x00, 0x73 };
const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116; // { 0x00, 0x74 };
const Cipher TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119; // { 0x00, 0x77 };
const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120; // { 0x00, 0x78 };
const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121; // { 0x00, 0x79 };
const Cipher TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124; // { 0x00, 0x7C };
const Cipher TLS_RSA_WITH_AES_128_CBC_RMD160 = 125; // { 0x00, 0x7D };
const Cipher TLS_RSA_WITH_AES_256_CBC_RMD160 = 126; // { 0x00, 0x7E };
const char* const null_str = "";
const char* const cipher_names[128] =
{
null_str, // SSL_NULL_WITH_NULL_NULL = 0
null_str, // SSL_RSA_WITH_NULL_MD5 = 1
null_str, // SSL_RSA_WITH_NULL_SHA = 2
null_str, // SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3
"RC4-MD5", // SSL_RSA_WITH_RC4_128_MD5 = 4
"RC4-SHA", // SSL_RSA_WITH_RC4_128_SHA = 5
null_str, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
null_str, // SSL_RSA_WITH_IDEA_CBC_SHA = 7
null_str, // SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
"DES-CBC-SHA", // SSL_RSA_WITH_DES_CBC_SHA = 9
"DES-CBC3-SHA", // SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10
null_str, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
null_str, // SSL_DH_DSS_WITH_DES_CBC_SHA = 12
null_str, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
null_str, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
null_str, // SSL_DH_RSA_WITH_DES_CBC_SHA = 15
null_str, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
null_str, // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
"EDH-DSS-DES-CBC-SHA", // SSL_DHE_DSS_WITH_DES_CBC_SHA = 18
"EDH-DSS-DES-CBC3-SHA", // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
null_str, // SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
"EDH-RSA-DES-CBC-SHA", // SSL_DHE_RSA_WITH_DES_CBC_SHA = 21
"EDH-RSA-DES-CBC3-SHA", // SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
null_str, // SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23
null_str, // SSL_DH_anon_WITH_RC4_128_MD5 = 24
null_str, // SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25
null_str, // SSL_DH_anon_WITH_DES_CBC_SHA = 26
null_str, // SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27
null_str, // SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28
null_str, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29
null_str, // SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30
null_str, null_str, null_str, null_str, null_str, // 31 - 35
null_str, null_str, null_str, null_str, null_str, // 36 - 40
null_str, null_str, null_str, null_str, null_str, // 41 - 45
null_str, // 46
// TLS AES extensions
"AES128-SHA", // TLS_RSA_WITH_AES_128_CBC_SHA = 47
null_str, // TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
null_str, // TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49
"DHE-DSS-AES128-SHA", // TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
"DHE-RSA-AES128-SHA", // TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
null_str, // TLS_DH_anon_WITH_AES_128_CBC_SHA = 52
"AES256-SHA", // TLS_RSA_WITH_AES_256_CBC_SHA = 53
null_str, // TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
null_str, // TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55
"DHE-DSS-AES256-SHA", // TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
"DHE-RSA-AES256-SHA", // TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
null_str, // TLS_DH_anon_WITH_AES_256_CBC_SHA = 58
null_str, // 59
null_str, // 60
null_str, null_str, null_str, null_str, null_str, // 61 - 65
null_str, null_str, null_str, null_str, null_str, // 66 - 70
null_str, null_str, null_str, null_str, null_str, // 71 - 75
null_str, null_str, null_str, null_str, null_str, // 76 - 80
null_str, null_str, null_str, null_str, null_str, // 81 - 85
null_str, null_str, null_str, null_str, null_str, // 86 - 90
null_str, null_str, null_str, null_str, null_str, // 91 - 95
null_str, null_str, null_str, null_str, null_str, // 96 - 100
null_str, null_str, null_str, null_str, null_str, // 101 - 105
null_str, null_str, null_str, null_str, null_str, // 106 - 110
null_str, null_str, null_str, // 111 - 113
"DHE-DSS-DES-CBC3-RMD", // TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114
"DHE-DSS-AES128-RMD", // TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115
"DHE-DSS-AES256-RMD", // TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116
null_str, // 117
null_str, // 118
"DHE-RSA-DES-CBC3-RMD", // TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119
"DHE-RSA-AES128-RMD", // TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120
"DHE-RSA-AES256-RMD", // TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121
null_str, // 122
null_str, // 123
"DES-CBC3-RMD", // TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124
"AES128-RMD", // TLS_RSA_WITH_AES_128_CBC_RMD160 = 125
"AES256-RMD", // TLS_RSA_WITH_AES_256_CBC_RMD160 = 126
null_str // 127
};
// fill with MD5 pad size since biggest required
const opaque PAD1[PAD_MD5] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
};
const opaque PAD2[PAD_MD5] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
};
const opaque client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
const opaque server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
const opaque tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
const opaque tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
const opaque master_label[MASTER_LABEL_SZ + 1] = "master secret";
const opaque key_label [KEY_LABEL_SZ + 1] = "key expansion";
} // naemspace
#if __GNUC__ == 2 && __GNUC_MINOR__ <= 96
/*
gcc 2.96 bails out because of two declarations of byte: yaSSL::byte and
TaoCrypt::byte. TODO: define global types.hpp and move the declaration of
'byte' there.
*/
using yaSSL::byte;
#endif
#endif // yaSSL_TYPES_HPP

1
extra/yassl/lib/dummy
View File

@ -1 +0,0 @@
// this is a dummy file

331
extra/yassl/src/buffer.cpp
View File

@ -1,331 +0,0 @@
/*
Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL buffer header implements input/output buffers to simulate streaming
* with SSL types and sockets
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h> // memcpy
#include "runtime.hpp"
#include "buffer.hpp"
#include "yassl_types.hpp"
namespace yaSSL {
/* return 0 on check success, always true for NoCheck policy */
int NoCheck::check(uint, uint)
{
return 0;
}
/* return 0 on check success */
int Check::check(uint i, uint max)
{
if (i < max)
return 0;
return -1;
}
/* input_buffer operates like a smart c style array with a checking option,
* meant to be read from through [] with AUTO index or read().
* Should only write to at/near construction with assign() or raw (e.g., recv)
* followed by add_size with the number of elements added by raw write.
*
* Not using vector because need checked []access, offset, and the ability to
* write to the buffer bulk wise and have the correct size
*/
input_buffer::input_buffer()
: size_(0), current_(0), buffer_(0), end_(0), error_(0), zero_(0)
{}
input_buffer::input_buffer(uint s)
: size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
error_(0), zero_(0)
{}
// with assign
input_buffer::input_buffer(uint s, const byte* t, uint len)
: size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
error_(0), zero_(0)
{
assign(t, len);
}
input_buffer::~input_buffer()
{
ysArrayDelete(buffer_);
}
// users can pass defualt zero length buffer and then allocate
void input_buffer::allocate(uint s)
{
if (error_ == 0) {
buffer_ = NEW_YS byte[s];
end_ = buffer_ + s;
}
}
// for passing to raw writing functions at beginning, then use add_size
byte* input_buffer::get_buffer() const
{
return buffer_;
}
// after a raw write user can set NEW_YS size
// if you know the size before the write use assign()
void input_buffer::add_size(uint i)
{
if (error_ == 0 && check(size_ + i-1, get_capacity()) == 0)
size_ += i;
else
error_ = -1;
}
uint input_buffer::get_capacity() const
{
if (error_ == 0)
return end_ - buffer_;
return 0;
}
uint input_buffer::get_current() const
{
if (error_ == 0)
return current_;
return 0;
}
uint input_buffer::get_size() const
{
if (error_ == 0)
return size_;
return 0;
}
uint input_buffer::get_remaining() const
{
if (error_ == 0)
return size_ - current_;
return 0;
}
int input_buffer::get_error() const
{
return error_;
}
void input_buffer::set_error()
{
error_ = -1;
}
void input_buffer::set_current(uint i)
{
if (error_ == 0 && check(i ? i - 1 : 0, size_) == 0)
current_ = i;
else
error_ = -1;
}
// read only access through [], advance current
// user passes in AUTO index for ease of use
const byte& input_buffer::operator[](uint i)
{
if (error_ == 0 && check(current_, size_) == 0)
return buffer_[current_++];
error_ = -1;
return zero_;
}
// end of input test
bool input_buffer::eof()
{
if (error_ != 0)
return true;
return current_ >= size_;
}
// peek ahead
byte input_buffer::peek()
{
if (error_ == 0 && check(current_, size_) == 0)
return buffer_[current_];
error_ = -1;
return 0;
}
// write function, should use at/near construction
void input_buffer::assign(const byte* t, uint s)
{
if (t && error_ == 0 && check(current_, get_capacity()) == 0) {
add_size(s);
if (error_ == 0) {
memcpy(&buffer_[current_], t, s);
return; // success
}
}
error_ = -1;
}
// use read to query input, adjusts current
void input_buffer::read(byte* dst, uint length)
{
if (dst && error_ == 0 && check(current_ + length - 1, size_) == 0) {
memcpy(dst, &buffer_[current_], length);
current_ += length;
} else {
error_ = -1;
}
}
/* output_buffer operates like a smart c style array with a checking option.
* Meant to be written to through [] with AUTO index or write().
* Size (current) counter increases when written to. Can be constructed with
* zero length buffer but be sure to allocate before first use.
* Don't use add write for a couple bytes, use [] instead, way less overhead.
*
* Not using vector because need checked []access and the ability to
* write to the buffer bulk wise and retain correct size
*/
output_buffer::output_buffer()
: current_(0), buffer_(0), end_(0)
{}
// with allocate
output_buffer::output_buffer(uint s)
: current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s)
{}
// with assign
output_buffer::output_buffer(uint s, const byte* t, uint len)
: current_(0), buffer_(NEW_YS byte[s]), end_(buffer_+ s)
{
write(t, len);
}
output_buffer::~output_buffer()
{
ysArrayDelete(buffer_);
}
uint output_buffer::get_size() const
{
return current_;
}
uint output_buffer::get_capacity() const
{
return (uint) (end_ - buffer_);
}
void output_buffer::set_current(uint c)
{
check(c, get_capacity());
current_ = c;
}
// users can pass defualt zero length buffer and then allocate
void output_buffer::allocate(uint s)
{
buffer_ = NEW_YS byte[s]; end_ = buffer_ + s;
}
// for passing to reading functions when finished
const byte* output_buffer::get_buffer() const
{
return buffer_;
}
// allow write access through [], update current
// user passes in AUTO as index for ease of use
byte& output_buffer::operator[](uint i)
{
check(current_, get_capacity());
return buffer_[current_++];
}
// end of output test
bool output_buffer::eof()
{
return current_ >= get_capacity();
}
void output_buffer::write(const byte* t, uint s)
{
check(current_ + s - 1, get_capacity());
memcpy(&buffer_[current_], t, s);
current_ += s;
}
} // naemspace

408
extra/yassl/src/cert_wrapper.cpp
View File

@ -1,408 +0,0 @@
/*
Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The certificate wrapper source implements certificate management functions
*
*/
#include "runtime.hpp"
#include "cert_wrapper.hpp"
#include "yassl_int.hpp"
#include "error.hpp"
#if defined(USE_CML_LIB)
#include "cmapi_cpp.h"
#else
#include "asn.hpp"
#include "file.hpp"
#endif // USE_CML_LIB
namespace yaSSL {
x509::x509(uint sz) : length_(sz), buffer_(NEW_YS opaque[sz])
{
}
x509::~x509()
{
ysArrayDelete(buffer_);
}
x509::x509(const x509& that) : length_(that.length_),
buffer_(NEW_YS opaque[length_])
{
memcpy(buffer_, that.buffer_, length_);
}
void x509::Swap(x509& that)
{
STL::swap(length_, that.length_);
STL::swap(buffer_, that.buffer_);
}
x509& x509::operator=(const x509& that)
{
x509 temp(that);
Swap(temp);
return *this;
}
uint x509::get_length() const
{
return length_;
}
const opaque* x509::get_buffer() const
{
return buffer_;
}
opaque* x509::use_buffer()
{
return buffer_;
}
//CertManager
CertManager::CertManager()
: peerX509_(0), selfX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false),
sendVerify_(false), sendBlankCert_(false), verifyCallback_(0)
{}
CertManager::~CertManager()
{
ysDelete(peerX509_);
ysDelete(selfX509_);
STL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
STL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
STL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
}
bool CertManager::verifyPeer() const
{
return verifyPeer_;
}
bool CertManager::verifyNone() const
{
return verifyNone_;
}
bool CertManager::failNoCert() const
{
return failNoCert_;
}
bool CertManager::sendVerify() const
{
return sendVerify_;
}
void CertManager::setVerifyPeer()
{
verifyPeer_ = true;
}
void CertManager::setVerifyNone()
{
verifyNone_ = true;
}
bool CertManager::sendBlankCert() const
{
return sendBlankCert_;
}
void CertManager::setFailNoCert()
{
failNoCert_ = true;
}
void CertManager::setSendVerify()
{
sendVerify_ = true;
}
void CertManager::setSendBlankCert()
{
sendBlankCert_ = true;
}
void CertManager::setVerifyCallback(VerifyCallback vc)
{
verifyCallback_ = vc;
}
void CertManager::AddPeerCert(x509* x)
{
peerList_.push_back(x); // take ownership
}
void CertManager::CopySelfCert(const x509* x)
{
if (x)
list_.push_back(NEW_YS x509(*x));
}
// add to signers
int CertManager::CopyCaCert(const x509* x)
{
TaoCrypt::Source source(x->get_buffer(), x->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_,
TaoCrypt::CertDecoder::CA);
if (!cert.GetError().What()) {
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
cert.GetCommonName(), cert.GetHash()));
}
// just don't add, not an error return cert.GetError().What();
return 0;
}
const x509* CertManager::get_cert() const
{
return list_.front();
}
const opaque* CertManager::get_peerKey() const
{
return peerPublicKey_.get_buffer();
}
X509* CertManager::get_peerX509() const
{
return peerX509_;
}
X509* CertManager::get_selfX509() const
{
return selfX509_;
}
SignatureAlgorithm CertManager::get_peerKeyType() const
{
return peerKeyType_;
}
SignatureAlgorithm CertManager::get_keyType() const
{
return keyType_;
}
uint CertManager::get_peerKeyLength() const
{
return peerPublicKey_.get_size();
}
const opaque* CertManager::get_privateKey() const
{
return privateKey_.get_buffer();
}
uint CertManager::get_privateKeyLength() const
{
return privateKey_.get_size();
}
// Validate the peer's certificate list, from root to peer (last to first)
int CertManager::Validate()
{
CertList::reverse_iterator last = peerList_.rbegin();
size_t count = peerList_.size();
while ( count > 1 ) {
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
if (int err = cert.GetError().What())
return err;
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
cert.GetCommonName(), cert.GetHash()));
++last;
--count;
}
if (count) {
// peer's is at the front
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
int err = cert.GetError().What();
if ( err && err != TaoCrypt::SIG_OTHER_E)
return err;
uint sz = cert.GetPublicKey().size();
peerPublicKey_.allocate(sz);
peerPublicKey_.assign(cert.GetPublicKey().GetKey(), sz);
if (cert.GetKeyType() == TaoCrypt::RSAk)
peerKeyType_ = rsa_sa_algo;
else
peerKeyType_ = dsa_sa_algo;
size_t iSz = strlen(cert.GetIssuer()) + 1;
size_t sSz = strlen(cert.GetCommonName()) + 1;
ASN1_STRING beforeDate, afterDate;
beforeDate.data= (unsigned char *) cert.GetBeforeDate();
beforeDate.type= cert.GetBeforeDateType();
beforeDate.length= (int)strlen((char *) beforeDate.data) + 1;
afterDate.data= (unsigned char *) cert.GetAfterDate();
afterDate.type= cert.GetAfterDateType();
afterDate.length= (int)strlen((char *) afterDate.data) + 1;
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
sSz, &beforeDate, &afterDate,
cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
cert.GetSubjectCnStart(), cert.GetSubjectCnLength()
);
if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
X509_STORE_CTX store;
store.error = err;
store.error_depth = static_cast<int>(count) - 1;
store.current_cert = peerX509_;
int ok = verifyCallback_(0, &store);
if (ok) return 0;
}
if (err == TaoCrypt::SIG_OTHER_E) return err;
}
return 0;
}
// Set the private key
int CertManager::SetPrivateKey(const x509& key)
{
privateKey_.allocate(key.get_length());
privateKey_.assign(key.get_buffer(), key.get_length());
// set key type
if (x509* cert = list_.front()) {
TaoCrypt::Source source(cert->get_buffer(), cert->get_length());
TaoCrypt::CertDecoder cd(source, false);
cd.DecodeToKey();
if (int err = cd.GetError().What())
return err;
if (cd.GetKeyType() == TaoCrypt::RSAk)
keyType_ = rsa_sa_algo;
else
keyType_ = dsa_sa_algo;
size_t iSz = strlen(cd.GetIssuer()) + 1;
size_t sSz = strlen(cd.GetCommonName()) + 1;
ASN1_STRING beforeDate, afterDate;
beforeDate.data= (unsigned char *) cd.GetBeforeDate();
beforeDate.type= cd.GetBeforeDateType();
beforeDate.length= (int)strlen((char *) beforeDate.data) + 1;
afterDate.data= (unsigned char *) cd.GetAfterDate();
afterDate.type= cd.GetAfterDateType();
afterDate.length= (int)strlen((char *) afterDate.data) + 1;
selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(),
sSz, &beforeDate, &afterDate,
cd.GetIssuerCnStart(), cd.GetIssuerCnLength(),
cd.GetSubjectCnStart(), cd.GetSubjectCnLength());
}
return 0;
}
// Store OpenSSL type peer's cert
void CertManager::setPeerX509(X509* x)
{
if (x == 0) return;
X509_NAME* issuer = x->GetIssuer();
X509_NAME* subject = x->GetSubject();
ASN1_STRING* before = x->GetBefore();
ASN1_STRING* after = x->GetAfter();
peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
subject->GetName(), subject->GetLength(), before, after,
issuer->GetCnPosition(), issuer->GetCnLength(),
subject->GetCnPosition(), subject->GetCnLength());
}
#if defined(USE_CML_LIB)
// Get the peer's certificate, extract and save public key
void CertManager::SetPeerKey()
{
// first cert is the peer's
x509* main = peerList_.front();
Bytes_struct cert;
cert.num = main->get_length();
cert.data = main->set_buffer();
CML::Certificate cm(cert);
const CML::ASN::Cert& raw = cm.base();
CTIL::CSM_Buffer key = raw.pubKeyInfo.key;
uint sz;
opaque* key_buffer = reinterpret_cast<opaque*>(key.Get(sz));
peerPublicKey_.allocate(sz);
peerPublicKey_.assign(key_buffer, sz);
}
#endif // USE_CML_LIB
} // namespace

998
extra/yassl/src/crypto_wrapper.cpp
View File

@ -1,998 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The crypto wrapper source implements the policies for the cipher
* components used by SSL.
*
* The implementation relies on a specfic library, taoCrypt.
*/
#if !defined(USE_CRYPTOPP_LIB)
#include "runtime.hpp"
#include "crypto_wrapper.hpp"
#include "cert_wrapper.hpp"
#include "md5.hpp"
#include "sha.hpp"
#include "ripemd.hpp"
#include "hmac.hpp"
#include "modes.hpp"
#include "des.hpp"
#include "arc4.hpp"
#include "aes.hpp"
#include "rsa.hpp"
#include "dsa.hpp"
#include "dh.hpp"
#include "random.hpp"
#include "file.hpp"
#include "coding.hpp"
namespace yaSSL {
// MD5 Implementation
struct MD5::MD5Impl {
TaoCrypt::MD5 md5_;
MD5Impl() {}
explicit MD5Impl(const TaoCrypt::MD5& md5) : md5_(md5) {}
};
MD5::MD5() : pimpl_(NEW_YS MD5Impl) {}
MD5::~MD5() { ysDelete(pimpl_); }
MD5::MD5(const MD5& that) : Digest(), pimpl_(NEW_YS
MD5Impl(that.pimpl_->md5_)) {}
MD5& MD5::operator=(const MD5& that)
{
pimpl_->md5_ = that.pimpl_->md5_;
return *this;
}
uint MD5::get_digestSize() const
{
return MD5_LEN;
}
uint MD5::get_padSize() const
{
return PAD_MD5;
}
// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
void MD5::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->md5_.Update(in, sz);
pimpl_->md5_.Final(out);
}
// Fill out with MD5 digest from previous updates
void MD5::get_digest(byte* out)
{
pimpl_->md5_.Final(out);
}
// Update the current digest
void MD5::update(const byte* in, unsigned int sz)
{
pimpl_->md5_.Update(in, sz);
}
// SHA Implementation
struct SHA::SHAImpl {
TaoCrypt::SHA sha_;
SHAImpl() {}
explicit SHAImpl(const TaoCrypt::SHA& sha) : sha_(sha) {}
};
SHA::SHA() : pimpl_(NEW_YS SHAImpl) {}
SHA::~SHA() { ysDelete(pimpl_); }
SHA::SHA(const SHA& that) : Digest(), pimpl_(NEW_YS SHAImpl(that.pimpl_->sha_)) {}
SHA& SHA::operator=(const SHA& that)
{
pimpl_->sha_ = that.pimpl_->sha_;
return *this;
}
uint SHA::get_digestSize() const
{
return SHA_LEN;
}
uint SHA::get_padSize() const
{
return PAD_SHA;
}
// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
void SHA::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->sha_.Update(in, sz);
pimpl_->sha_.Final(out);
}
// Fill out with SHA digest from previous updates
void SHA::get_digest(byte* out)
{
pimpl_->sha_.Final(out);
}
// Update the current digest
void SHA::update(const byte* in, unsigned int sz)
{
pimpl_->sha_.Update(in, sz);
}
// RMD-160 Implementation
struct RMD::RMDImpl {
TaoCrypt::RIPEMD160 rmd_;
RMDImpl() {}
explicit RMDImpl(const TaoCrypt::RIPEMD160& rmd) : rmd_(rmd) {}
};
RMD::RMD() : pimpl_(NEW_YS RMDImpl) {}
RMD::~RMD() { ysDelete(pimpl_); }
RMD::RMD(const RMD& that) : Digest(), pimpl_(NEW_YS RMDImpl(that.pimpl_->rmd_)) {}
RMD& RMD::operator=(const RMD& that)
{
pimpl_->rmd_ = that.pimpl_->rmd_;
return *this;
}
uint RMD::get_digestSize() const
{
return RMD_LEN;
}
uint RMD::get_padSize() const
{
return PAD_RMD;
}
// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
void RMD::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->rmd_.Update(in, sz);
pimpl_->rmd_.Final(out);
}
// Fill out with RMD digest from previous updates
void RMD::get_digest(byte* out)
{
pimpl_->rmd_.Final(out);
}
// Update the current digest
void RMD::update(const byte* in, unsigned int sz)
{
pimpl_->rmd_.Update(in, sz);
}
// HMAC_MD5 Implementation
struct HMAC_MD5::HMAC_MD5Impl {
TaoCrypt::HMAC<TaoCrypt::MD5> mac_;
HMAC_MD5Impl() {}
};
HMAC_MD5::HMAC_MD5(const byte* secret, unsigned int len)
: pimpl_(NEW_YS HMAC_MD5Impl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_MD5::~HMAC_MD5() { ysDelete(pimpl_); }
uint HMAC_MD5::get_digestSize() const
{
return MD5_LEN;
}
uint HMAC_MD5::get_padSize() const
{
return PAD_MD5;
}
// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
void HMAC_MD5::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with MD5 digest from previous updates
void HMAC_MD5::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_MD5::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
// HMAC_SHA Implementation
struct HMAC_SHA::HMAC_SHAImpl {
TaoCrypt::HMAC<TaoCrypt::SHA> mac_;
HMAC_SHAImpl() {}
};
HMAC_SHA::HMAC_SHA(const byte* secret, unsigned int len)
: pimpl_(NEW_YS HMAC_SHAImpl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_SHA::~HMAC_SHA() { ysDelete(pimpl_); }
uint HMAC_SHA::get_digestSize() const
{
return SHA_LEN;
}
uint HMAC_SHA::get_padSize() const
{
return PAD_SHA;
}
// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
void HMAC_SHA::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with SHA digest from previous updates
void HMAC_SHA::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_SHA::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
// HMAC_RMD Implementation
struct HMAC_RMD::HMAC_RMDImpl {
TaoCrypt::HMAC<TaoCrypt::RIPEMD160> mac_;
HMAC_RMDImpl() {}
};
HMAC_RMD::HMAC_RMD(const byte* secret, unsigned int len)
: pimpl_(NEW_YS HMAC_RMDImpl)
{
pimpl_->mac_.SetKey(secret, len);
}
HMAC_RMD::~HMAC_RMD() { ysDelete(pimpl_); }
uint HMAC_RMD::get_digestSize() const
{
return RMD_LEN;
}
uint HMAC_RMD::get_padSize() const
{
return PAD_RMD;
}
// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
void HMAC_RMD::get_digest(byte* out, const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
pimpl_->mac_.Final(out);
}
// Fill out with RMD digest from previous updates
void HMAC_RMD::get_digest(byte* out)
{
pimpl_->mac_.Final(out);
}
// Update the current digest
void HMAC_RMD::update(const byte* in, unsigned int sz)
{
pimpl_->mac_.Update(in, sz);
}
struct DES::DESImpl {
TaoCrypt::DES_CBC_Encryption encryption;
TaoCrypt::DES_CBC_Decryption decryption;
};
DES::DES() : pimpl_(NEW_YS DESImpl) {}
DES::~DES() { ysDelete(pimpl_); }
void DES::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, DES_KEY_SZ, iv);
}
void DES::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, DES_KEY_SZ, iv);
}
// DES encrypt plain of length sz into cipher
void DES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// DES decrypt cipher of length sz into plain
void DES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
struct DES_EDE::DES_EDEImpl {
TaoCrypt::DES_EDE3_CBC_Encryption encryption;
TaoCrypt::DES_EDE3_CBC_Decryption decryption;
};
DES_EDE::DES_EDE() : pimpl_(NEW_YS DES_EDEImpl) {}
DES_EDE::~DES_EDE() { ysDelete(pimpl_); }
void DES_EDE::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, DES_EDE_KEY_SZ, iv);
}
void DES_EDE::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, DES_EDE_KEY_SZ, iv);
}
// 3DES encrypt plain of length sz into cipher
void DES_EDE::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// 3DES decrypt cipher of length sz into plain
void DES_EDE::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
// Implementation of alledged RC4
struct RC4::RC4Impl {
TaoCrypt::ARC4::Encryption encryption;
TaoCrypt::ARC4::Decryption decryption;
};
RC4::RC4() : pimpl_(NEW_YS RC4Impl) {}
RC4::~RC4() { ysDelete(pimpl_); }
void RC4::set_encryptKey(const byte* k, const byte*)
{
pimpl_->encryption.SetKey(k, RC4_KEY_SZ);
}
void RC4::set_decryptKey(const byte* k, const byte*)
{
pimpl_->decryption.SetKey(k, RC4_KEY_SZ);
}
// RC4 encrypt plain of length sz into cipher
void RC4::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// RC4 decrypt cipher of length sz into plain
void RC4::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
// Implementation of AES
struct AES::AESImpl {
TaoCrypt::AES_CBC_Encryption encryption;
TaoCrypt::AES_CBC_Decryption decryption;
unsigned int keySz_;
AESImpl(unsigned int ks) : keySz_(ks) {}
};
AES::AES(unsigned int ks) : pimpl_(NEW_YS AESImpl(ks)) {}
AES::~AES() { ysDelete(pimpl_); }
int AES::get_keySize() const
{
return pimpl_->keySz_;
}
void AES::set_encryptKey(const byte* k, const byte* iv)
{
pimpl_->encryption.SetKey(k, pimpl_->keySz_, iv);
}
void AES::set_decryptKey(const byte* k, const byte* iv)
{
pimpl_->decryption.SetKey(k, pimpl_->keySz_, iv);
}
// AES encrypt plain of length sz into cipher
void AES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
{
pimpl_->encryption.Process(cipher, plain, sz);
}
// AES decrypt cipher of length sz into plain
void AES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
{
pimpl_->decryption.Process(plain, cipher, sz);
}
struct RandomPool::RandomImpl {
TaoCrypt::RandomNumberGenerator RNG_;
};
RandomPool::RandomPool() : pimpl_(NEW_YS RandomImpl) {}
RandomPool::~RandomPool() { ysDelete(pimpl_); }
int RandomPool::GetError() const
{
return pimpl_->RNG_.GetError();
}
void RandomPool::Fill(opaque* dst, uint sz) const
{
pimpl_->RNG_.GenerateBlock(dst, sz);
}
// Implementation of DSS Authentication
struct DSS::DSSImpl {
void SetPublic (const byte*, unsigned int);
void SetPrivate(const byte*, unsigned int);
TaoCrypt::DSA_PublicKey publicKey_;
TaoCrypt::DSA_PrivateKey privateKey_;
};
// Decode and store the public key
void DSS::DSSImpl::SetPublic(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
publicKey_.Initialize(source);
}
// Decode and store the public key
void DSS::DSSImpl::SetPrivate(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
privateKey_.Initialize(source);
publicKey_ = TaoCrypt::DSA_PublicKey(privateKey_);
}
// Set public or private key
DSS::DSS(const byte* key, unsigned int sz, bool publicKey)
: pimpl_(NEW_YS DSSImpl)
{
if (publicKey)
pimpl_->SetPublic(key, sz);
else
pimpl_->SetPrivate(key, sz);
}
DSS::~DSS()
{
ysDelete(pimpl_);
}
uint DSS::get_signatureLength() const
{
return pimpl_->publicKey_.SignatureLength();
}
// DSS Sign message of length sz into sig
void DSS::sign(byte* sig, const byte* sha_digest, unsigned int /* shaSz */,
const RandomPool& random)
{
using namespace TaoCrypt;
DSA_Signer signer(pimpl_->privateKey_);
signer.Sign(sha_digest, sig, random.pimpl_->RNG_);
}
// DSS Verify message of length sz against sig, is it correct?
bool DSS::verify(const byte* sha_digest, unsigned int /* shaSz */,
const byte* sig, unsigned int /* sigSz */)
{
using namespace TaoCrypt;
DSA_Verifier ver(pimpl_->publicKey_);
return ver.Verify(sha_digest, sig);
}
// Implementation of RSA key interface
struct RSA::RSAImpl {
void SetPublic (const byte*, unsigned int);
void SetPrivate(const byte*, unsigned int);
TaoCrypt::RSA_PublicKey publicKey_;
TaoCrypt::RSA_PrivateKey privateKey_;
};
// Decode and store the public key
void RSA::RSAImpl::SetPublic(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
publicKey_.Initialize(source);
}
// Decode and store the private key
void RSA::RSAImpl::SetPrivate(const byte* key, unsigned int sz)
{
TaoCrypt::Source source(key, sz);
privateKey_.Initialize(source);
publicKey_ = TaoCrypt::RSA_PublicKey(privateKey_);
}
// Set public or private key
RSA::RSA(const byte* key, unsigned int sz, bool publicKey)
: pimpl_(NEW_YS RSAImpl)
{
if (publicKey)
pimpl_->SetPublic(key, sz);
else
pimpl_->SetPrivate(key, sz);
}
RSA::~RSA()
{
ysDelete(pimpl_);
}
// get cipher text length, varies on key size
unsigned int RSA::get_cipherLength() const
{
return pimpl_->publicKey_.FixedCiphertextLength();
}
// get signautre length, varies on key size
unsigned int RSA::get_signatureLength() const
{
return get_cipherLength();
}
// RSA Sign message of length sz into sig
void RSA::sign(byte* sig, const byte* message, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
dec.SSL_Sign(message, sz, sig, random.pimpl_->RNG_);
}
// RSA Verify message of length sz against sig
bool RSA::verify(const byte* message, unsigned int sz, const byte* sig,
unsigned int)
{
TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
return enc.SSL_Verify(message, sz, sig);
}
// RSA public encrypt plain of length sz into cipher
void RSA::encrypt(byte* cipher, const byte* plain, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
enc.Encrypt(plain, sz, cipher, random.pimpl_->RNG_);
}
// RSA private decrypt cipher of length sz into plain
void RSA::decrypt(byte* plain, const byte* cipher, unsigned int sz,
const RandomPool& random)
{
TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
dec.Decrypt(cipher, sz, plain, random.pimpl_->RNG_);
}
struct Integer::IntegerImpl {
TaoCrypt::Integer int_;
IntegerImpl() {}
explicit IntegerImpl(const TaoCrypt::Integer& i) : int_(i) {}
};
Integer::Integer() : pimpl_(NEW_YS IntegerImpl) {}
Integer::~Integer() { ysDelete(pimpl_); }
Integer::Integer(const Integer& other) : pimpl_(NEW_YS
IntegerImpl(other.pimpl_->int_))
{}
Integer& Integer::operator=(const Integer& that)
{
pimpl_->int_ = that.pimpl_->int_;
return *this;
}
void Integer::assign(const byte* num, unsigned int sz)
{
pimpl_->int_ = TaoCrypt::Integer(num, sz);
}
struct DiffieHellman::DHImpl {
TaoCrypt::DH dh_;
TaoCrypt::RandomNumberGenerator& ranPool_;
byte* publicKey_;
byte* privateKey_;
byte* agreedKey_;
uint pubKeyLength_;
DHImpl(TaoCrypt::RandomNumberGenerator& r) : ranPool_(r), publicKey_(0),
privateKey_(0), agreedKey_(0), pubKeyLength_(0) {}
~DHImpl()
{
ysArrayDelete(agreedKey_);
ysArrayDelete(privateKey_);
ysArrayDelete(publicKey_);
}
DHImpl(const DHImpl& that) : dh_(that.dh_), ranPool_(that.ranPool_),
publicKey_(0), privateKey_(0), agreedKey_(0), pubKeyLength_(0)
{
uint length = dh_.GetByteLength();
AllocKeys(length, length, length);
}
void AllocKeys(unsigned int pubSz, unsigned int privSz, unsigned int agrSz)
{
publicKey_ = NEW_YS byte[pubSz];
privateKey_ = NEW_YS byte[privSz];
agreedKey_ = NEW_YS byte[agrSz];
}
};
/*
// server Side DH, server's view
DiffieHellman::DiffieHellman(const char* file, const RandomPool& random)
: pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
{
using namespace TaoCrypt;
Source source;
FileSource(file, source);
if (source.size() == 0)
return; // TODO add error state, and force check
HexDecoder hd(source);
pimpl_->dh_.Initialize(source);
uint length = pimpl_->dh_.GetByteLength();
pimpl_->AllocKeys(length, length, length);
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
*/
// server Side DH, client's view
DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g,
unsigned int gSz, const byte* pub,
unsigned int pubSz, const RandomPool& random)
: pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
{
using TaoCrypt::Integer;
pimpl_->dh_.Initialize(Integer(p, pSz).Ref(), Integer(g, gSz).Ref());
pimpl_->publicKey_ = NEW_YS opaque[pimpl_->pubKeyLength_ = pubSz];
memcpy(pimpl_->publicKey_, pub, pubSz);
}
// Server Side DH, server's view
DiffieHellman::DiffieHellman(const Integer& p, const Integer& g,
const RandomPool& random)
: pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
{
using TaoCrypt::Integer;
pimpl_->dh_.Initialize(p.pimpl_->int_, g.pimpl_->int_);
uint length = pimpl_->dh_.GetByteLength();
pimpl_->AllocKeys(length, length, length);
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
DiffieHellman::~DiffieHellman() { ysDelete(pimpl_); }
// Client side and view, use server that for p and g
DiffieHellman::DiffieHellman(const DiffieHellman& that)
: pimpl_(NEW_YS DHImpl(*that.pimpl_))
{
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
}
DiffieHellman& DiffieHellman::operator=(const DiffieHellman& that)
{
pimpl_->dh_ = that.pimpl_->dh_;
pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
pimpl_->publicKey_);
return *this;
}
void DiffieHellman::makeAgreement(const byte* other, unsigned int otherSz)
{
pimpl_->dh_.Agree(pimpl_->agreedKey_, pimpl_->privateKey_, other, otherSz);
}
uint DiffieHellman::get_agreedKeyLength() const
{
return pimpl_->dh_.GetByteLength();
}
const byte* DiffieHellman::get_agreedKey() const
{
return pimpl_->agreedKey_;
}
uint DiffieHellman::get_publicKeyLength() const
{
return pimpl_->pubKeyLength_;
}
const byte* DiffieHellman::get_publicKey() const
{
return pimpl_->publicKey_;
}
void DiffieHellman::set_sizes(int& pSz, int& gSz, int& pubSz) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
pSz = p.ByteCount();
gSz = g.ByteCount();
pubSz = pimpl_->dh_.GetByteLength();
}
void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
p.Encode(bp, p.ByteCount());
g.Encode(bg, g.ByteCount());
memcpy(bpub, pimpl_->publicKey_, pimpl_->dh_.GetByteLength());
}
// convert PEM file to DER x509 type
x509* PemToDer(FILE* file, CertType type, EncryptedInfo* info)
{
using namespace TaoCrypt;
char header[80];
char footer[80];
if (type == Cert) {
strncpy(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
strncpy(footer, "-----END CERTIFICATE-----", sizeof(footer));
} else {
strncpy(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
strncpy(footer, "-----END RSA PRIVATE KEY-----", sizeof(header));
}
long begin = -1;
long end = 0;
bool foundEnd = false;
char line[80];
while(fgets(line, sizeof(line), file))
if (strncmp(header, line, strlen(header)) == 0) {
begin = ftell(file);
break;
}
// remove encrypted header if there
if (fgets(line, sizeof(line), file)) {
char encHeader[] = "Proc-Type";
if (strncmp(encHeader, line, strlen(encHeader)) == 0 &&
fgets(line,sizeof(line), file)) {
char* start = strstr(line, "DES");
char* finish = strstr(line, ",");
if (!start)
start = strstr(line, "AES");
if (!info) return 0;
if ( start && finish && (start < finish)) {
memcpy(info->name, start, finish - start);
info->name[finish - start] = 0;
memcpy(info->iv, finish + 1, sizeof(info->iv));
char* newline = strstr(line, "\r");
if (!newline) newline = strstr(line, "\n");
if (newline && (newline > finish)) {
info->ivSz = newline - (finish + 1);
info->set = true;
}
}
begin = ftell(file);
if (fgets(line,sizeof(line), file)) // get blank line
begin = ftell(file);
}
}
while(fgets(line, sizeof(line), file))
if (strncmp(footer, line, strlen(footer)) == 0) {
foundEnd = true;
break;
}
else
end = ftell(file);
if (begin == -1 || !foundEnd)
return 0;
input_buffer tmp(end - begin);
fseek(file, begin, SEEK_SET);
size_t bytes = fread(tmp.get_buffer(), end - begin, 1, file);
if (bytes != 1)
return 0;
Source der(tmp.get_buffer(), end - begin);
Base64Decoder b64Dec(der);
uint sz = der.size();
mySTL::auto_ptr<x509> x(NEW_YS x509(sz));
memcpy(x->use_buffer(), der.get_buffer(), sz);
return x.release();
}
} // namespace
#endif // !USE_CRYPTOPP_LIB

4
extra/yassl/src/dummy.cpp
View File

@ -1,4 +0,0 @@
/*
To make libtool always use a C++ linker when compiling with yaSSL we need
to add a dummy C++ file to the source list.
*/

1203
extra/yassl/src/handshake.cpp
View File

File diff suppressed because it is too large Load Diff

87
extra/yassl/src/lock.cpp
View File

@ -1,87 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* Locking functions
*/
#include "runtime.hpp"
#include "lock.hpp"
namespace yaSSL {
#ifdef MULTI_THREADED
#ifdef _WIN32
Mutex::Mutex()
{
InitializeCriticalSection(&cs_);
}
Mutex::~Mutex()
{
DeleteCriticalSection(&cs_);
}
Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
{
EnterCriticalSection(&mutex_.cs_);
}
Mutex::Lock::~Lock()
{
LeaveCriticalSection(&mutex_.cs_);
}
#else // _WIN32
Mutex::Mutex()
{
pthread_mutex_init(&mutex_, 0);
}
Mutex::~Mutex()
{
pthread_mutex_destroy(&mutex_);
}
Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
{
pthread_mutex_lock(&mutex_.mutex_);
}
Mutex::Lock::~Lock()
{
pthread_mutex_unlock(&mutex_.mutex_);
}
#endif // _WIN32
#endif // MULTI_THREADED
} // namespace yaSSL

146
extra/yassl/src/log.cpp
View File

@ -1,146 +0,0 @@
/*
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* Debug logging functions
*/
#include "runtime.hpp"
#include "log.hpp"
#ifdef YASSL_LOG
#include <time.h>
#include <stdio.h>
#include <string.h>
#endif
namespace yaSSL {
#ifdef YASSL_LOG
enum { MAX_MSG = 81 };
Log::Log(const char* str)
{
log_ = fopen(str, "w");
Trace("********** Logger Attached **********");
}
Log::~Log()
{
Trace("********** Logger Detached **********");
fclose(log_);
}
// Trace a message
void Log::Trace(const char* str)
{
if (!log_) return;
time_t clicks = time(0);
char timeStr[32];
// get rid of newline
strncpy(timeStr, ctime(&clicks), sizeof(timeStr));
unsigned int len = strlen(timeStr);
timeStr[len - 1] = 0;
char msg[MAX_MSG];
strncpy(msg, timeStr, sizeof(timeStr));
strncat(msg, ":", 1);
strncat(msg, str, MAX_MSG - sizeof(timeStr) - 2);
strncat(msg, "\n", 1);
msg[MAX_MSG - 1] = 0;
fputs(msg, log_);
}
#if defined(_WIN32) || defined(__MACH__) || defined(__hpux__)
typedef int socklen_t;
#endif
// write tcp address
void Log::ShowTCP(socket_t fd, bool ended)
{
sockaddr_in peeraddr;
socklen_t len = sizeof(peeraddr);
if (getpeername(fd, (sockaddr*)&peeraddr, &len) != 0)
return;
const char* p = reinterpret_cast<const char*>(&peeraddr.sin_addr);
char msg[MAX_MSG];
char number[16];
if (ended)
strncpy(msg, "yaSSL conn DONE w/ peer ", 26);
else
strncpy(msg, "yaSSL conn BEGUN w/ peer ", 26);
for (int i = 0; i < 4; ++i) {
sprintf(number, "%u", static_cast<unsigned short>(p[i]));
strncat(msg, number, 8);
if (i < 3)
strncat(msg, ".", 1);
}
strncat(msg, " port ", 8);
sprintf(number, "%d", htons(peeraddr.sin_port));
strncat(msg, number, 8);
msg[MAX_MSG - 1] = 0;
Trace(msg);
}
// log processed data
void Log::ShowData(uint bytes, bool sent)
{
char msg[MAX_MSG];
char number[16];
if (sent)
strncpy(msg, "Sent ", 10);
else
strncpy(msg, "Received ", 10);
sprintf(number, "%u", bytes);
strncat(msg, number, 8);
strncat(msg, " bytes of application data", 27);
msg[MAX_MSG - 1] = 0;
Trace(msg);
}
#else // no YASSL_LOG
Log::Log(const char*) {}
Log::~Log() {}
void Log::Trace(const char*) {}
void Log::ShowTCP(socket_t, bool) {}
void Log::ShowData(uint, bool) {}
#endif // YASSL_LOG
} // namespace

42
extra/yassl/src/make.bat
View File

@ -1,42 +0,0 @@
REM Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
REM quick and dirty build file for testing different MSDEVs
setlocal
set myFLAGS= /I../include /I../taocrypt/mySTL /I../taocrypt/include /W3 /c /ZI
cl %myFLAGS% buffer.cpp
cl %myFLAGS% cert_wrapper.cpp
cl %myFLAGS% crypto_wrapper.cpp
cl %myFLAGS% handshake.cpp
cl %myFLAGS% lock.cpp
cl %myFLAGS% log.cpp
cl %myFLAGS% socket_wrapper.cpp
cl %myFLAGS% ssl.cpp
cl %myFLAGS% template_instnt.cpp
cl %myFLAGS% timer.cpp
cl %myFLAGS% yassl.cpp
cl %myFLAGS% yassl_error.cpp
cl %myFLAGS% yassl_imp.cpp
cl %myFLAGS% yassl_int.cpp
link.exe -lib /out:yassl.lib buffer.obj cert_wrapper.obj crypto_wrapper.obj handshake.obj lock.obj log.obj socket_wrapper.obj ssl.obj template_instnt.obj timer.obj yassl.obj yassl_error.obj yassl_imp.obj yassl_int.obj

261
extra/yassl/src/socket_wrapper.cpp
View File

@ -1,261 +0,0 @@
/*
Copyright (c) 2005, 2012, Oracle and/or its affiliates.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* The socket wrapper source implements a Socket class that hides the
* differences between Berkely style sockets and Windows sockets, allowing
* transparent TCP access.
*/
#include "runtime.hpp"
#include "socket_wrapper.hpp"
#ifndef _WIN32
#include <errno.h>
#include <netdb.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <string.h>
#include <fcntl.h>
#endif // _WIN32
#if defined(__sun) || defined(__SCO_VERSION__)
#include <sys/filio.h>
#endif
#ifdef _WIN32
const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK;
const int SOCKET_EAGAIN = WSAEWOULDBLOCK;
#else
const int SOCKET_EINVAL = EINVAL;
const int SOCKET_EWOULDBLOCK = EWOULDBLOCK;
const int SOCKET_EAGAIN = EAGAIN;
#endif // _WIN32
namespace {
extern "C" long system_recv(void *ptr, void *buf, size_t count, int flags)
{
yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr;
return ::recv(*socket, reinterpret_cast<char *>(buf), (int)count, flags);
}
extern "C" long system_send(void *ptr, const void *buf, size_t count,
int flags)
{
yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr;
return ::send(*socket, reinterpret_cast<const char *>(buf), (int)count, flags);
}
}
namespace yaSSL {
Socket::Socket(socket_t s)
: socket_(s), wouldBlock_(false), nonBlocking_(false),
ptr_(&socket_), send_func_(system_send), recv_func_(system_recv)
{}
void Socket::set_fd(socket_t s)
{
socket_ = s;
}
socket_t Socket::get_fd() const
{
return socket_;
}
Socket::~Socket()
{
// don't close automatically now
}
void Socket::closeSocket()
{
if (socket_ != INVALID_SOCKET) {
#ifdef _WIN32
closesocket(socket_);
#else
close(socket_);
#endif
socket_ = INVALID_SOCKET;
}
}
uint Socket::get_ready() const
{
#ifdef _WIN32
unsigned long ready = 0;
ioctlsocket(socket_, FIONREAD, &ready);
#else
/*
64-bit Solaris requires the variable passed to
FIONREAD be a 32-bit value.
*/
unsigned int ready = 0;
ioctl(socket_, FIONREAD, &ready);
#endif
return ready;
}
void Socket::set_transport_ptr(void *ptr)
{
ptr_ = ptr;
}
void Socket::set_transport_recv_function(yaSSL_recv_func_t recv_func)
{
recv_func_ = recv_func;
}
void Socket::set_transport_send_function(yaSSL_send_func_t send_func)
{
send_func_ = send_func;
}
uint Socket::send(const byte* buf, unsigned int sz, unsigned int &written,
int flags)
{
const byte* pos = buf;
const byte* end = pos + sz;
wouldBlock_ = false;
while (pos != end)
{
int sent = send_func_(ptr_, pos, static_cast<int>(end - pos), flags);
if (sent == -1)
{
if (get_lastError() == SOCKET_EWOULDBLOCK ||
get_lastError() == SOCKET_EAGAIN)
{
wouldBlock_ = true; // would have blocked this time only
nonBlocking_ = true; // nonblocking, win32 only way to tell
return 0;
}
return static_cast<uint>(-1);
}
pos += sent;
written += sent;
}
return sz;
}
uint Socket::receive(byte* buf, unsigned int sz, int flags)
{
wouldBlock_ = false;
int recvd = recv_func_(ptr_, buf, sz, flags);
// idea to seperate error from would block by arnetheduck@gmail.com
if (recvd == -1) {
if (get_lastError() == SOCKET_EWOULDBLOCK ||
get_lastError() == SOCKET_EAGAIN) {
wouldBlock_ = true; // would have blocked this time only
nonBlocking_ = true; // socket nonblocking, win32 only way to tell
return 0;
}
}
else if (recvd == 0)
return static_cast<uint>(-1);
return recvd;
}
// wait if blocking for input, return false for error
bool Socket::wait()
{
char b;
int recvd = ::recv(socket_, &b, 1, MSG_PEEK);
if (recvd == -1) {
if (get_lastError() == SOCKET_EWOULDBLOCK ||
get_lastError() == SOCKET_EAGAIN) {
wouldBlock_ = true; // would have blocked this time only
nonBlocking_ = true; // socket nonblocking, win32 only way to tell
return 1;
}
}
else if (recvd == 0)
return 0; // Non blocking & no data
return 1; // Data can be read
}
void Socket::shutDown(int how)
{
shutdown(socket_, how);
}
int Socket::get_lastError()
{
#ifdef _WIN32
return WSAGetLastError();
#else
return errno;
#endif
}
bool Socket::WouldBlock() const
{
return wouldBlock_;
}
bool Socket::IsNonBlocking() const
{
return nonBlocking_;
}
void Socket::set_lastError(int errorCode)
{
#ifdef _WIN32
WSASetLastError(errorCode);
#else
errno = errorCode;
#endif
}
} // namespace

1782
extra/yassl/src/ssl.cpp
View File

File diff suppressed because it is too large Load Diff

82
extra/yassl/src/timer.cpp
View File

@ -1,82 +0,0 @@
/*
Copyright (C) 2000-2007 MySQL AB
Use is subject to license terms
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* timer.cpp implements a high res and low res timer
*
*/
#include "runtime.hpp"
#include "timer.hpp"
#ifdef _WIN32
#define WIN32_LEAN_AND_MEAN 1
#include <windows.h>
#else
#include <sys/time.h>
#endif
namespace yaSSL {
#ifdef _WIN32
timer_d timer()
{
static bool init(false);
static LARGE_INTEGER freq;
if (!init) {
QueryPerformanceFrequency(&freq);
init = true;
}
LARGE_INTEGER count;
QueryPerformanceCounter(&count);
return static_cast<double>(count.QuadPart) / freq.QuadPart;
}
uint lowResTimer()
{
return static_cast<uint>(timer());
}
#else // _WIN32
timer_d timer()
{
struct timeval tv;
gettimeofday(&tv, 0);
return static_cast<double>(tv.tv_sec)
+ static_cast<double>(tv.tv_usec) / 1000000;
}
uint lowResTimer()
{
struct timeval tv;
gettimeofday(&tv, 0);
return tv.tv_sec;
}
#endif // _WIN32
} // namespace yaSSL

229
extra/yassl/src/yassl.cpp
View File

@ -1,229 +0,0 @@
/*
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL implements external API
*/
#include "runtime.hpp"
#include "yassl.hpp"
#include "yassl_int.hpp"
#include "handshake.hpp"
#include <stdio.h>
#include "openssl/ssl.h" // get rid of this
namespace yaSSL {
struct Base {
SSL_METHOD* method_;
SSL_CTX* ctx_;
SSL* ssl_;
char* ca_;
char* cert_;
char* key_;
DH* dh_;
Base() : method_(0), ctx_(0), ssl_(0), ca_(0), cert_(0), key_(0), dh_(0)
{}
~Base()
{
if (dh_) DH_free(dh_);
delete[] key_;
delete[] cert_;
delete[] ca_;
SSL_CTX_free(ctx_); // frees method_ too
SSL_free(ssl_);
}
};
void SetDH(Base&);
void SetUpBase(Base& base, ConnectionEnd end, SOCKET_T s)
{
base.method_ = new SSL_METHOD(end, ProtocolVersion(3,1));
base.ctx_ = new SSL_CTX(base.method_);
if (base.ca_)
if (SSL_CTX_load_verify_locations(base.ctx_,
base.ca_, 0) != SSL_SUCCESS) throw(0);
if (base.cert_)
if (SSL_CTX_use_certificate_file(base.ctx_,
base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
if (base.key_)
if (SSL_CTX_use_PrivateKey_file(base.ctx_, base.key_,
SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
if (end == server_end) SetDH(base);
base.ssl_ = new SSL(base.ctx_);
base.ssl_->useSocket().set_fd(s);
}
void SetDH(Base& base)
{
static unsigned char dh512_p[] =
{
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
0x47,0x74,0xE8,0x33,
};
static unsigned char dh512_g[] =
{
0x02,
};
if ( (base.dh_ = DH_new()) ) {
base.dh_->p = BN_bin2bn(dh512_p, sizeof(dh512_p), 0);
base.dh_->g = BN_bin2bn(dh512_g, sizeof(dh512_g), 0);
}
if (!base.dh_->p || !base.dh_->g) {
DH_free(base.dh_);
base.dh_ = 0;
}
SSL_CTX_set_tmp_dh(base.ctx_, base.dh_);
}
void NewCopy(char*& dst, const char* src)
{
size_t len = strlen(src) + 1;
dst = new char[len];
strncpy(dst, src, len);
}
// Client Implementation
struct Client::ClientImpl {
Base base_;
};
Client::Client() : pimpl_(new ClientImpl)
{}
Client::~Client() { delete pimpl_; }
int Client::Connect(SOCKET_T s)
{
SetUpBase(pimpl_->base_, client_end, s);
return SSL_connect(pimpl_->base_.ssl_);
}
int Client::Write(const void* buffer, int sz)
{
return sendData(*pimpl_->base_.ssl_, buffer, sz);
}
int Client::Read(void* buffer, int sz)
{
Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
return receiveData(*pimpl_->base_.ssl_, data);
}
void Client::SetCA(const char* name)
{
NewCopy(pimpl_->base_.ca_, name);
}
void Client::SetCert(const char* name)
{
NewCopy(pimpl_->base_.cert_, name);
}
void Client::SetKey(const char* name)
{
NewCopy(pimpl_->base_.key_, name);
}
// Server Implementation
struct Server::ServerImpl {
Base base_;
};
Server::Server() : pimpl_(new ServerImpl)
{}
Server::~Server() { delete pimpl_; }
int Server::Accept(SOCKET_T s)
{
SetUpBase(pimpl_->base_, server_end, s);
return SSL_accept(pimpl_->base_.ssl_);
}
int Server::Write(const void* buffer, int sz)
{
return sendData(*pimpl_->base_.ssl_, buffer, sz);
}
int Server::Read(void* buffer, int sz)
{
Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
return receiveData(*pimpl_->base_.ssl_, data);
}
void Server::SetCA(const char* name)
{
NewCopy(pimpl_->base_.ca_, name);
}
void Server::SetCert(const char* name)
{
NewCopy(pimpl_->base_.cert_, name);
}
void Server::SetKey(const char* name)
{
NewCopy(pimpl_->base_.key_, name);
}
} // namespace yaSSL

288
extra/yassl/src/yassl_error.cpp
View File

@ -1,288 +0,0 @@
/*
Copyright (c) 2005, 2013, Oracle and/or its affiliates
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1335 USA.
*/
/* yaSSL error implements and an exception class
*/
#include "runtime.hpp"
#include "yassl_error.hpp"
#include "error.hpp" // TaoCrypt error numbers
#include "openssl/ssl.h" // SSL_ERROR_WANT_READ
#include <string.h> // strncpy
#ifdef _MSC_VER
// 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
#pragma warning(disable: 4996)
#endif
namespace yaSSL {
/* may bring back in future
Error::Error(const char* s, YasslError e, Library l)
: mySTL::runtime_error(s), error_(e), lib_(l)
{
}
YasslError Error::get_number() const
{
return error_;
}
Library Error::get_lib() const
{
return lib_;
}
*/
void SetErrorString(YasslError error, char* buffer)
{
using namespace TaoCrypt;
const int max = MAX_ERROR_SZ; // shorthand
int localError = error; // errors from a few enums
switch (localError) {
// yaSSL proper errors
case range_error :
strncpy(buffer, "buffer index error, out of range", max);
break;
case realloc_error :
strncpy(buffer, "trying to realloc a fixed buffer", max);
break;
case factory_error :
strncpy(buffer, "unknown factory create request", max);
break;
case unknown_cipher :
strncpy(buffer, "trying to use an unknown cipher", max);
break;
case prefix_error :
strncpy(buffer, "bad master secret derivation, prefix too big", max);
break;
case record_layer :
strncpy(buffer, "record layer not ready yet", max);
break;
case handshake_layer :
strncpy(buffer, "handshake layer not ready yet", max);
break;
case out_of_order :
strncpy(buffer, "handshake message received in wrong order", max);
break;
case bad_input :
strncpy(buffer, "bad cipher suite input", max);
break;
case match_error :
strncpy(buffer, "unable to match a supported cipher suite", max);
break;
case no_key_file :
strncpy(buffer, "the server needs a private key file", max);
break;
case verify_error :
strncpy(buffer, "unable to verify peer checksum", max);
break;
case send_error :
strncpy(buffer, "socket layer send error", max);
break;
case receive_error :
strncpy(buffer, "socket layer receive error", max);
break;
case certificate_error :
strncpy(buffer, "unable to process cerificate", max);
break;
case privateKey_error :
strncpy(buffer, "unable to process private key, bad format", max);
break;
case badVersion_error :
strncpy(buffer, "protocol version mismatch", max);
break;
case compress_error :
strncpy(buffer, "compression error", max);
break;
case decompress_error :
strncpy(buffer, "decompression error", max);
break;
case pms_version_error :
strncpy(buffer, "bad PreMasterSecret version error", max);
break;
case sanityCipher_error :
strncpy(buffer, "sanity check on cipher text size error", max);
break;
case rsaSignFault_error:
strncpy(buffer, "rsa signature fault error", max);
break;
// openssl errors
case SSL_ERROR_WANT_READ :
strncpy(buffer, "the read operation would block", max);
break;
case SSL_ERROR_WANT_WRITE :
strncpy(buffer, "the write operation would block", max);
break;
case CERTFICATE_ERROR :
strncpy(buffer, "Unable to verify certificate", max);
break;
// TaoCrypt errors
case NO_ERROR_E :
strncpy(buffer, "not in error state", max);
break;
case WINCRYPT_E :
strncpy(buffer, "bad wincrypt acquire", max);
break;
case CRYPTGEN_E :
strncpy(buffer, "CryptGenRandom error", max);
break;
case OPEN_RAN_E :
strncpy(buffer, "unable to use random device", max);
break;
case READ_RAN_E :
strncpy(buffer, "unable to use random device", max);
break;
case INTEGER_E :
strncpy(buffer, "ASN: bad DER Integer Header", max);
break;
case SEQUENCE_E :
strncpy(buffer, "ASN: bad Sequence Header", max);
break;
case SET_E :
strncpy(buffer, "ASN: bad Set Header", max);
break;
case VERSION_E :
strncpy(buffer, "ASN: version length not 1", max);
break;
case SIG_OID_E :
strncpy(buffer, "ASN: signature OID mismatch", max);
break;
case BIT_STR_E :
strncpy(buffer, "ASN: bad BitString Header", max);
break;
case UNKNOWN_OID_E :
strncpy(buffer, "ASN: unknown key OID type", max);
break;
case OBJECT_ID_E :
strncpy(buffer, "ASN: bad Ojbect ID Header", max);
break;
case TAG_NULL_E :
strncpy(buffer, "ASN: expected TAG NULL", max);
break;
case EXPECT_0_E :
strncpy(buffer, "ASN: expected 0", max);
break;
case OCTET_STR_E :
strncpy(buffer, "ASN: bad Octet String Header", max);
break;
case TIME_E :
strncpy(buffer, "ASN: bad TIME", max);
break;
case DATE_SZ_E :
strncpy(buffer, "ASN: bad Date Size", max);
break;
case SIG_LEN_E :
strncpy(buffer, "ASN: bad Signature Length", max);
break;
case UNKOWN_SIG_E :
strncpy(buffer, "ASN: unknown signature OID", max);
break;
case UNKOWN_HASH_E :
strncpy(buffer, "ASN: unknown hash OID", max);
break;
case DSA_SZ_E :
strncpy(buffer, "ASN: bad DSA r or s size", max);
break;
case BEFORE_DATE_E :
strncpy(buffer, "ASN: before date in the future", max);
break;
case AFTER_DATE_E :
strncpy(buffer, "ASN: after date in the past", max);
break;
case SIG_CONFIRM_E :
strncpy(buffer, "ASN: bad self signature confirmation", max);
break;
case SIG_OTHER_E :
strncpy(buffer, "ASN: bad other signature confirmation", max);
break;
case CONTENT_E :
strncpy(buffer, "bad content processing", max);
break;
case PEM_E :
strncpy(buffer, "bad PEM format processing", max);
break;
default :
strncpy(buffer, "unknown error number", max);
}
}
} // namespace yaSSL

2636
extra/yassl/src/yassl_imp.cpp
View File

File diff suppressed because it is too large Load Diff

2705
extra/yassl/src/yassl_int.cpp
View File

File diff suppressed because it is too large Load Diff

34
extra/yassl/taocrypt/CMakeLists.txt
View File

@ -1,34 +0,0 @@
# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL
${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/include)
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
ADD_DEFINITIONS(${SSL_DEFINES})
SET(TAOCRYPT_SOURCES src/aes.cpp src/aestables.cpp src/algebra.cpp src/arc4.cpp src/asn.cpp src/coding.cpp
src/des.cpp src/dh.cpp src/dsa.cpp src/file.cpp src/hash.cpp src/integer.cpp src/md2.cpp
src/md4.cpp src/md5.cpp src/misc.cpp src/random.cpp src/ripemd.cpp src/rsa.cpp src/sha.cpp
src/rabbit.cpp src/hc128.cpp
include/aes.hpp include/algebra.hpp include/arc4.hpp include/asn.hpp include/block.hpp
include/coding.hpp include/des.hpp include/dh.hpp include/dsa.hpp include/dsa.hpp
include/error.hpp include/file.hpp include/hash.hpp include/hmac.hpp include/integer.hpp
include/md2.hpp include/md5.hpp include/misc.hpp include/modarith.hpp include/modes.hpp
include/random.hpp include/ripemd.hpp include/rsa.hpp include/sha.hpp
include/rabbit.hpp include/hc128.hpp)
ADD_CONVENIENCE_LIBRARY(taocrypt ${TAOCRYPT_SOURCES})
RESTRICT_SYMBOL_EXPORTS(taocrypt)

340
extra/yassl/taocrypt/COPYING
View File

@ -1,340 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

Some files were not shown because too many files have changed in this diff Show More