wpa adds
This commit is contained in:
parent
3ac390c147
commit
cb90900920
@ -532,7 +532,7 @@ typedef struct Suites {
|
||||
CYASSL_LOCAL
|
||||
void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
|
||||
CYASSL_LOCAL
|
||||
int SetCipherList(CYASSL_CTX* ctx, const char* list);
|
||||
int SetCipherList(Suites*, const char* list);
|
||||
|
||||
#ifndef PSK_TYPES_DEFINED
|
||||
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
|
||||
@ -983,6 +983,7 @@ struct CYASSL {
|
||||
Options options;
|
||||
Arrays arrays;
|
||||
CYASSL_SESSION session;
|
||||
VerifyCallback verifyCallback; /* cert verification callback */
|
||||
RsaKey peerRsaKey;
|
||||
byte peerRsaKeyPresent;
|
||||
#ifdef HAVE_NTRU
|
||||
|
@ -111,17 +111,20 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_shutdown CyaSSL_shutdown
|
||||
|
||||
#define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown
|
||||
#define SSL_set_quiet_shutdown CyaSSL_set_quiet_shutdown
|
||||
#define SSL_get_error CyaSSL_get_error
|
||||
#define SSL_set_session CyaSSL_set_session
|
||||
#define SSL_get_session CyaSSL_get_session
|
||||
#define SSL_flush_sessions CyaSSL_flush_sessions
|
||||
|
||||
#define SSL_CTX_set_verify CyaSSL_CTX_set_verify
|
||||
#define SSL_set_verify CyaSSL_set_verify
|
||||
#define SSL_pending CyaSSL_pending
|
||||
#define SSL_load_error_strings CyaSSL_load_error_strings
|
||||
#define SSL_library_init CyaSSL_library_init
|
||||
#define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode
|
||||
#define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list
|
||||
#define SSL_set_cipher_list CyaSSL_set_cipher_list
|
||||
|
||||
#define ERR_error_string CyaSSL_ERR_error_string
|
||||
#define ERR_error_string_n CyaSSL_ERR_error_string_n
|
||||
@ -136,6 +139,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_set_accept_state CyaSSL_set_accept_state
|
||||
#define SSL_session_reused CyaSSL_session_reused
|
||||
#define SSL_SESSION_free CyaSSL_SESSION_free
|
||||
#define SSL_is_init_finished CyaSSL_is_init_finished
|
||||
|
||||
#define SSL_get_version CyaSSL_get_version
|
||||
#define SSL_get_current_cipher CyaSSL_get_current_cipher
|
||||
@ -143,6 +147,9 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
|
||||
#define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name
|
||||
#define SSL_get1_session CyaSSL_get1_session
|
||||
|
||||
#define SSL_get_keyblock_size CyaSSL_get_keyblock_size
|
||||
#define SSL_get_keys CyaSSL_get_keys
|
||||
|
||||
#define X509_free CyaSSL_X509_free
|
||||
#define OPENSSL_free CyaSSL_OPENSSL_free
|
||||
|
||||
|
10
cyassl/ssl.h
10
cyassl/ssl.h
@ -176,6 +176,7 @@ CYASSL_API void CyaSSL_free(CYASSL*);
|
||||
CYASSL_API int CyaSSL_shutdown(CYASSL*);
|
||||
|
||||
CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
|
||||
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
|
||||
|
||||
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
|
||||
|
||||
@ -189,6 +190,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*);
|
||||
|
||||
CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int,
|
||||
VerifyCallback verify_callback);
|
||||
CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback);
|
||||
|
||||
CYASSL_API int CyaSSL_pending(CYASSL*);
|
||||
|
||||
@ -198,6 +200,7 @@ CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
|
||||
|
||||
/* only supports full name from cipher_name[] delimited by : */
|
||||
CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
|
||||
CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*);
|
||||
|
||||
CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
|
||||
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
|
||||
@ -219,6 +222,7 @@ CYASSL_API void CyaSSL_set_connect_state(CYASSL*);
|
||||
CYASSL_API void CyaSSL_set_accept_state(CYASSL*);
|
||||
CYASSL_API int CyaSSL_session_reused(CYASSL*);
|
||||
CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
|
||||
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
|
||||
|
||||
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
|
||||
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
|
||||
@ -667,6 +671,12 @@ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
|
||||
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz,
|
||||
unsigned char* g, int gSz);
|
||||
|
||||
/* keyblock size in bytes or -1 */
|
||||
CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*);
|
||||
CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
|
||||
unsigned char** sr, unsigned int* srLen,
|
||||
unsigned char** cr, unsigned int* crLen);
|
||||
|
||||
#ifndef _WIN32
|
||||
#ifndef NO_WRITEV
|
||||
#ifdef __PPU
|
||||
|
@ -671,6 +671,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
||||
#endif
|
||||
InitRsaKey(&ssl->peerRsaKey, ctx->heap);
|
||||
|
||||
ssl->verifyCallback = ctx->verifyCallback;
|
||||
ssl->peerRsaKeyPresent = 0;
|
||||
ssl->options.side = ctx->method->side;
|
||||
ssl->options.downgrade = ctx->method->downgrade;
|
||||
@ -1614,7 +1615,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
int why = bad_certificate;
|
||||
if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
|
||||
why = certificate_expired;
|
||||
if (ssl->ctx->verifyCallback) {
|
||||
if (ssl->verifyCallback) {
|
||||
int ok;
|
||||
CYASSL_X509_STORE_CTX store;
|
||||
|
||||
@ -1626,7 +1627,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
#else
|
||||
store.current_cert = NULL;
|
||||
#endif
|
||||
ok = ssl->ctx->verifyCallback(0, &store);
|
||||
ok = ssl->verifyCallback(0, &store);
|
||||
if (ok) {
|
||||
CYASSL_MSG("Verify callback overriding error!");
|
||||
ret = 0;
|
||||
@ -3484,7 +3485,7 @@ int cipher_name_idx[] =
|
||||
|
||||
/* return true if set, else false */
|
||||
/* only supports full name from cipher_name[] delimited by : */
|
||||
int SetCipherList(CYASSL_CTX* ctx, const char* list)
|
||||
int SetCipherList(Suites* s, const char* list)
|
||||
{
|
||||
int ret = 0, i;
|
||||
char name[MAX_SUITE_NAME];
|
||||
@ -3519,10 +3520,10 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
|
||||
for (i = 0; i < suiteSz; i++)
|
||||
if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
|
||||
if (XSTRSTR(name, "EC"))
|
||||
ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */
|
||||
s->suites[idx++] = ECC_BYTE; /* ECC suite */
|
||||
else
|
||||
ctx->suites.suites[idx++] = 0x00; /* normal */
|
||||
ctx->suites.suites[idx++] = (byte)cipher_name_idx[i];
|
||||
s->suites[idx++] = 0x00; /* normal */
|
||||
s->suites[idx++] = (byte)cipher_name_idx[i];
|
||||
|
||||
if (!ret) ret = 1; /* found at least one */
|
||||
break;
|
||||
@ -3532,8 +3533,8 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
|
||||
}
|
||||
|
||||
if (ret) {
|
||||
ctx->suites.setSuites = 1;
|
||||
ctx->suites.suiteSz = (word16)idx;
|
||||
s->setSuites = 1;
|
||||
s->suiteSz = (word16)idx;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
101
src/ssl.c
101
src/ssl.c
@ -1177,7 +1177,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
|
||||
|
||||
void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
|
||||
{
|
||||
CYASSL_ENTER("SSL_CTX_set_verify");
|
||||
CYASSL_ENTER("CyaSSL_CTX_set_verify");
|
||||
if (mode & SSL_VERIFY_PEER) {
|
||||
ctx->verifyPeer = 1;
|
||||
ctx->verifyNone = 0; /* in case perviously set */
|
||||
@ -1195,6 +1195,26 @@ void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
|
||||
}
|
||||
|
||||
|
||||
void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_set_verify");
|
||||
if (mode & SSL_VERIFY_PEER) {
|
||||
ssl->options.verifyPeer = 1;
|
||||
ssl->options.verifyNone = 0; /* in case perviously set */
|
||||
}
|
||||
|
||||
if (mode == SSL_VERIFY_NONE) {
|
||||
ssl->options.verifyNone = 1;
|
||||
ssl->options.verifyPeer = 0; /* in case previously set */
|
||||
}
|
||||
|
||||
if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
|
||||
ssl->options.failNoCert = 1;
|
||||
|
||||
ssl->verifyCallback = vc;
|
||||
}
|
||||
|
||||
|
||||
#ifndef NO_SESSION_CACHE
|
||||
|
||||
CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
|
||||
@ -1250,14 +1270,35 @@ long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
|
||||
|
||||
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
|
||||
{
|
||||
CYASSL_ENTER("SSL_CTX_set_cipher_list");
|
||||
if (SetCipherList(ctx, list))
|
||||
CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
|
||||
if (SetCipherList(&ctx->suites, list))
|
||||
return SSL_SUCCESS;
|
||||
else
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
||||
if (SetCipherList(&ssl->suites, list)) {
|
||||
byte havePSK = 0;
|
||||
|
||||
#ifndef NO_PSK
|
||||
havePSK = ssl->options.havePSK;
|
||||
#endif
|
||||
|
||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||
ssl->options.haveNTRU, ssl->options.haveECDSA,
|
||||
ssl->ctx->method->side);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
else
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
/* client only parts */
|
||||
#ifndef NO_CYASSL_CLIENT
|
||||
|
||||
@ -2361,12 +2402,20 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
|
||||
void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
|
||||
{
|
||||
CYASSL_ENTER("SSL_CTX_set_quiet_shutdown");
|
||||
CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
|
||||
if (mode)
|
||||
ctx->quietShutdown = 1;
|
||||
}
|
||||
|
||||
|
||||
void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
|
||||
{
|
||||
CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
|
||||
if (mode)
|
||||
ssl->options.quietShutdown = 1;
|
||||
}
|
||||
|
||||
|
||||
int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
|
||||
{
|
||||
/* TODO: check private against public for RSA match */
|
||||
@ -2410,6 +2459,37 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
/* keyblock size in bytes or -1 */
|
||||
int CyaSSL_get_keyblock_size(CYASSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return -1;
|
||||
|
||||
return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
|
||||
ssl->specs.hash_size);
|
||||
}
|
||||
|
||||
|
||||
/* store keys returns 0 or -1 on error */
|
||||
int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
|
||||
unsigned char** sr, unsigned int* srLen,
|
||||
unsigned char** cr, unsigned int* crLen)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return -1;
|
||||
|
||||
*ms = ssl->arrays.masterSecret;
|
||||
*sr = ssl->arrays.serverRandom;
|
||||
*cr = ssl->arrays.clientRandom;
|
||||
|
||||
*msLen = SECRET_LEN;
|
||||
*srLen = RAN_LEN;
|
||||
*crLen = RAN_LEN;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void CyaSSL_set_accept_state(CYASSL* ssl)
|
||||
{
|
||||
byte havePSK = 0;
|
||||
@ -2425,6 +2505,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
ssl->ctx->method->side);
|
||||
}
|
||||
|
||||
|
||||
/* return true if connection established */
|
||||
int CyaSSL_is_init_finished(CYASSL* ssl)
|
||||
{
|
||||
if (ssl == NULL)
|
||||
return 0;
|
||||
|
||||
if (ssl->options.handShakeState == HANDSHAKE_DONE)
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
|
||||
CYASSL_RSA*(*f)(CYASSL*, int, int))
|
||||
|
Loading…
Reference in New Issue
Block a user