This commit is contained in:
toddouska 2011-10-28 18:43:07 -07:00
parent 3ac390c147
commit cb90900920
5 changed files with 125 additions and 13 deletions

View File

@ -532,7 +532,7 @@ typedef struct Suites {
CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
CYASSL_LOCAL
int SetCipherList(CYASSL_CTX* ctx, const char* list);
int SetCipherList(Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
@ -983,6 +983,7 @@ struct CYASSL {
Options options;
Arrays arrays;
CYASSL_SESSION session;
VerifyCallback verifyCallback; /* cert verification callback */
RsaKey peerRsaKey;
byte peerRsaKeyPresent;
#ifdef HAVE_NTRU

View File

@ -111,17 +111,20 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_shutdown CyaSSL_shutdown
#define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown
#define SSL_set_quiet_shutdown CyaSSL_set_quiet_shutdown
#define SSL_get_error CyaSSL_get_error
#define SSL_set_session CyaSSL_set_session
#define SSL_get_session CyaSSL_get_session
#define SSL_flush_sessions CyaSSL_flush_sessions
#define SSL_CTX_set_verify CyaSSL_CTX_set_verify
#define SSL_set_verify CyaSSL_set_verify
#define SSL_pending CyaSSL_pending
#define SSL_load_error_strings CyaSSL_load_error_strings
#define SSL_library_init CyaSSL_library_init
#define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list
#define SSL_set_cipher_list CyaSSL_set_cipher_list
#define ERR_error_string CyaSSL_ERR_error_string
#define ERR_error_string_n CyaSSL_ERR_error_string_n
@ -136,6 +139,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_set_accept_state CyaSSL_set_accept_state
#define SSL_session_reused CyaSSL_session_reused
#define SSL_SESSION_free CyaSSL_SESSION_free
#define SSL_is_init_finished CyaSSL_is_init_finished
#define SSL_get_version CyaSSL_get_version
#define SSL_get_current_cipher CyaSSL_get_current_cipher
@ -143,6 +147,9 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name
#define SSL_get1_session CyaSSL_get1_session
#define SSL_get_keyblock_size CyaSSL_get_keyblock_size
#define SSL_get_keys CyaSSL_get_keys
#define X509_free CyaSSL_X509_free
#define OPENSSL_free CyaSSL_OPENSSL_free

View File

@ -176,6 +176,7 @@ CYASSL_API void CyaSSL_free(CYASSL*);
CYASSL_API int CyaSSL_shutdown(CYASSL*);
CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
@ -189,6 +190,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*);
CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int,
VerifyCallback verify_callback);
CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback);
CYASSL_API int CyaSSL_pending(CYASSL*);
@ -198,6 +200,7 @@ CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
/* only supports full name from cipher_name[] delimited by : */
CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*);
CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
@ -219,6 +222,7 @@ CYASSL_API void CyaSSL_set_connect_state(CYASSL*);
CYASSL_API void CyaSSL_set_accept_state(CYASSL*);
CYASSL_API int CyaSSL_session_reused(CYASSL*);
CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
@ -667,6 +671,12 @@ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz,
unsigned char* g, int gSz);
/* keyblock size in bytes or -1 */
CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*);
CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen);
#ifndef _WIN32
#ifndef NO_WRITEV
#ifdef __PPU

View File

@ -671,6 +671,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#endif
InitRsaKey(&ssl->peerRsaKey, ctx->heap);
ssl->verifyCallback = ctx->verifyCallback;
ssl->peerRsaKeyPresent = 0;
ssl->options.side = ctx->method->side;
ssl->options.downgrade = ctx->method->downgrade;
@ -1614,7 +1615,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
int why = bad_certificate;
if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
why = certificate_expired;
if (ssl->ctx->verifyCallback) {
if (ssl->verifyCallback) {
int ok;
CYASSL_X509_STORE_CTX store;
@ -1626,7 +1627,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
#else
store.current_cert = NULL;
#endif
ok = ssl->ctx->verifyCallback(0, &store);
ok = ssl->verifyCallback(0, &store);
if (ok) {
CYASSL_MSG("Verify callback overriding error!");
ret = 0;
@ -3484,7 +3485,7 @@ int cipher_name_idx[] =
/* return true if set, else false */
/* only supports full name from cipher_name[] delimited by : */
int SetCipherList(CYASSL_CTX* ctx, const char* list)
int SetCipherList(Suites* s, const char* list)
{
int ret = 0, i;
char name[MAX_SUITE_NAME];
@ -3519,10 +3520,10 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
for (i = 0; i < suiteSz; i++)
if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
if (XSTRSTR(name, "EC"))
ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */
s->suites[idx++] = ECC_BYTE; /* ECC suite */
else
ctx->suites.suites[idx++] = 0x00; /* normal */
ctx->suites.suites[idx++] = (byte)cipher_name_idx[i];
s->suites[idx++] = 0x00; /* normal */
s->suites[idx++] = (byte)cipher_name_idx[i];
if (!ret) ret = 1; /* found at least one */
break;
@ -3532,8 +3533,8 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
}
if (ret) {
ctx->suites.setSuites = 1;
ctx->suites.suiteSz = (word16)idx;
s->setSuites = 1;
s->suiteSz = (word16)idx;
}
return ret;

101
src/ssl.c
View File

@ -1177,7 +1177,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
{
CYASSL_ENTER("SSL_CTX_set_verify");
CYASSL_ENTER("CyaSSL_CTX_set_verify");
if (mode & SSL_VERIFY_PEER) {
ctx->verifyPeer = 1;
ctx->verifyNone = 0; /* in case perviously set */
@ -1195,6 +1195,26 @@ void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
}
void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
{
CYASSL_ENTER("CyaSSL_set_verify");
if (mode & SSL_VERIFY_PEER) {
ssl->options.verifyPeer = 1;
ssl->options.verifyNone = 0; /* in case perviously set */
}
if (mode == SSL_VERIFY_NONE) {
ssl->options.verifyNone = 1;
ssl->options.verifyPeer = 0; /* in case previously set */
}
if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ssl->options.failNoCert = 1;
ssl->verifyCallback = vc;
}
#ifndef NO_SESSION_CACHE
CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
@ -1250,14 +1270,35 @@ long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
{
CYASSL_ENTER("SSL_CTX_set_cipher_list");
if (SetCipherList(ctx, list))
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
if (SetCipherList(&ctx->suites, list))
return SSL_SUCCESS;
else
return SSL_FAILURE;
}
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
{
CYASSL_ENTER("CyaSSL_set_cipher_list");
if (SetCipherList(&ssl->suites, list)) {
byte havePSK = 0;
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->ctx->method->side);
return SSL_SUCCESS;
}
else
return SSL_FAILURE;
}
/* client only parts */
#ifndef NO_CYASSL_CLIENT
@ -2361,12 +2402,20 @@ int CyaSSL_set_compression(CYASSL* ssl)
void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
{
CYASSL_ENTER("SSL_CTX_set_quiet_shutdown");
CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
if (mode)
ctx->quietShutdown = 1;
}
void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
{
CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
if (mode)
ssl->options.quietShutdown = 1;
}
int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
{
/* TODO: check private against public for RSA match */
@ -2410,6 +2459,37 @@ int CyaSSL_set_compression(CYASSL* ssl)
}
/* keyblock size in bytes or -1 */
int CyaSSL_get_keyblock_size(CYASSL* ssl)
{
if (ssl == NULL)
return -1;
return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
ssl->specs.hash_size);
}
/* store keys returns 0 or -1 on error */
int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen)
{
if (ssl == NULL)
return -1;
*ms = ssl->arrays.masterSecret;
*sr = ssl->arrays.serverRandom;
*cr = ssl->arrays.clientRandom;
*msLen = SECRET_LEN;
*srLen = RAN_LEN;
*crLen = RAN_LEN;
return 0;
}
void CyaSSL_set_accept_state(CYASSL* ssl)
{
byte havePSK = 0;
@ -2425,6 +2505,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
ssl->ctx->method->side);
}
/* return true if connection established */
int CyaSSL_is_init_finished(CYASSL* ssl)
{
if (ssl == NULL)
return 0;
if (ssl->options.handShakeState == HANDSHAKE_DONE)
return 1;
return 0;
}
void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
CYASSL_RSA*(*f)(CYASSL*, int, int))