From cb90900920870b682442a5aab2a9364dda23378b Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 28 Oct 2011 18:43:07 -0700 Subject: [PATCH] wpa adds --- cyassl/internal.h | 3 +- cyassl/openssl/ssl.h | 7 +++ cyassl/ssl.h | 10 +++++ src/internal.c | 17 ++++---- src/ssl.c | 101 +++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 125 insertions(+), 13 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 1503c8571..2eefe6a98 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -532,7 +532,7 @@ typedef struct Suites { CYASSL_LOCAL void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int); CYASSL_LOCAL -int SetCipherList(CYASSL_CTX* ctx, const char* list); +int SetCipherList(Suites*, const char* list); #ifndef PSK_TYPES_DEFINED typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, @@ -983,6 +983,7 @@ struct CYASSL { Options options; Arrays arrays; CYASSL_SESSION session; + VerifyCallback verifyCallback; /* cert verification callback */ RsaKey peerRsaKey; byte peerRsaKeyPresent; #ifdef HAVE_NTRU diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index 0ee6d41f1..70de397b3 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -111,17 +111,20 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_shutdown CyaSSL_shutdown #define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown +#define SSL_set_quiet_shutdown CyaSSL_set_quiet_shutdown #define SSL_get_error CyaSSL_get_error #define SSL_set_session CyaSSL_set_session #define SSL_get_session CyaSSL_get_session #define SSL_flush_sessions CyaSSL_flush_sessions #define SSL_CTX_set_verify CyaSSL_CTX_set_verify +#define SSL_set_verify CyaSSL_set_verify #define SSL_pending CyaSSL_pending #define SSL_load_error_strings CyaSSL_load_error_strings #define SSL_library_init CyaSSL_library_init #define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode #define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list +#define SSL_set_cipher_list CyaSSL_set_cipher_list #define ERR_error_string CyaSSL_ERR_error_string #define ERR_error_string_n CyaSSL_ERR_error_string_n @@ -136,6 +139,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_set_accept_state CyaSSL_set_accept_state #define SSL_session_reused CyaSSL_session_reused #define SSL_SESSION_free CyaSSL_SESSION_free +#define SSL_is_init_finished CyaSSL_is_init_finished #define SSL_get_version CyaSSL_get_version #define SSL_get_current_cipher CyaSSL_get_current_cipher @@ -143,6 +147,9 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name #define SSL_get1_session CyaSSL_get1_session +#define SSL_get_keyblock_size CyaSSL_get_keyblock_size +#define SSL_get_keys CyaSSL_get_keys + #define X509_free CyaSSL_X509_free #define OPENSSL_free CyaSSL_OPENSSL_free diff --git a/cyassl/ssl.h b/cyassl/ssl.h index f738a6c94..c2c57de32 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -176,6 +176,7 @@ CYASSL_API void CyaSSL_free(CYASSL*); CYASSL_API int CyaSSL_shutdown(CYASSL*); CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int); +CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int); CYASSL_API int CyaSSL_get_error(CYASSL*, int); @@ -189,6 +190,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*); CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, VerifyCallback verify_callback); +CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback); CYASSL_API int CyaSSL_pending(CYASSL*); @@ -198,6 +200,7 @@ CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long); /* only supports full name from cipher_name[] delimited by : */ CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*); +CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*); CYASSL_API int CyaSSL_ERR_GET_REASON(int err); CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); @@ -219,6 +222,7 @@ CYASSL_API void CyaSSL_set_connect_state(CYASSL*); CYASSL_API void CyaSSL_set_accept_state(CYASSL*); CYASSL_API int CyaSSL_session_reused(CYASSL*); CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session); +CYASSL_API int CyaSSL_is_init_finished(CYASSL*); CYASSL_API const char* CyaSSL_get_version(CYASSL*); CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*); @@ -667,6 +671,12 @@ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz, unsigned char* g, int gSz); +/* keyblock size in bytes or -1 */ +CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*); +CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen, + unsigned char** sr, unsigned int* srLen, + unsigned char** cr, unsigned int* crLen); + #ifndef _WIN32 #ifndef NO_WRITEV #ifdef __PPU diff --git a/src/internal.c b/src/internal.c index 776fc6c03..e00084e77 100644 --- a/src/internal.c +++ b/src/internal.c @@ -671,6 +671,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #endif InitRsaKey(&ssl->peerRsaKey, ctx->heap); + ssl->verifyCallback = ctx->verifyCallback; ssl->peerRsaKeyPresent = 0; ssl->options.side = ctx->method->side; ssl->options.downgrade = ctx->method->downgrade; @@ -1614,7 +1615,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) int why = bad_certificate; if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) why = certificate_expired; - if (ssl->ctx->verifyCallback) { + if (ssl->verifyCallback) { int ok; CYASSL_X509_STORE_CTX store; @@ -1626,7 +1627,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) #else store.current_cert = NULL; #endif - ok = ssl->ctx->verifyCallback(0, &store); + ok = ssl->verifyCallback(0, &store); if (ok) { CYASSL_MSG("Verify callback overriding error!"); ret = 0; @@ -3484,7 +3485,7 @@ int cipher_name_idx[] = /* return true if set, else false */ /* only supports full name from cipher_name[] delimited by : */ -int SetCipherList(CYASSL_CTX* ctx, const char* list) +int SetCipherList(Suites* s, const char* list) { int ret = 0, i; char name[MAX_SUITE_NAME]; @@ -3519,10 +3520,10 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list) for (i = 0; i < suiteSz; i++) if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { if (XSTRSTR(name, "EC")) - ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */ + s->suites[idx++] = ECC_BYTE; /* ECC suite */ else - ctx->suites.suites[idx++] = 0x00; /* normal */ - ctx->suites.suites[idx++] = (byte)cipher_name_idx[i]; + s->suites[idx++] = 0x00; /* normal */ + s->suites[idx++] = (byte)cipher_name_idx[i]; if (!ret) ret = 1; /* found at least one */ break; @@ -3532,8 +3533,8 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list) } if (ret) { - ctx->suites.setSuites = 1; - ctx->suites.suiteSz = (word16)idx; + s->setSuites = 1; + s->suiteSz = (word16)idx; } return ret; diff --git a/src/ssl.c b/src/ssl.c index 6dda16968..d652d1fb0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1177,7 +1177,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) { - CYASSL_ENTER("SSL_CTX_set_verify"); + CYASSL_ENTER("CyaSSL_CTX_set_verify"); if (mode & SSL_VERIFY_PEER) { ctx->verifyPeer = 1; ctx->verifyNone = 0; /* in case perviously set */ @@ -1195,6 +1195,26 @@ void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) } +void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc) +{ + CYASSL_ENTER("CyaSSL_set_verify"); + if (mode & SSL_VERIFY_PEER) { + ssl->options.verifyPeer = 1; + ssl->options.verifyNone = 0; /* in case perviously set */ + } + + if (mode == SSL_VERIFY_NONE) { + ssl->options.verifyNone = 1; + ssl->options.verifyPeer = 0; /* in case previously set */ + } + + if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) + ssl->options.failNoCert = 1; + + ssl->verifyCallback = vc; +} + + #ifndef NO_SESSION_CACHE CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl) @@ -1250,14 +1270,35 @@ long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode) int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) { - CYASSL_ENTER("SSL_CTX_set_cipher_list"); - if (SetCipherList(ctx, list)) + CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); + if (SetCipherList(&ctx->suites, list)) return SSL_SUCCESS; else return SSL_FAILURE; } +int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) +{ + CYASSL_ENTER("CyaSSL_set_cipher_list"); + if (SetCipherList(&ssl->suites, list)) { + byte havePSK = 0; + + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + + InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK, + ssl->options.haveNTRU, ssl->options.haveECDSA, + ssl->ctx->method->side); + + return SSL_SUCCESS; + } + else + return SSL_FAILURE; +} + + /* client only parts */ #ifndef NO_CYASSL_CLIENT @@ -2361,12 +2402,20 @@ int CyaSSL_set_compression(CYASSL* ssl) void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode) { - CYASSL_ENTER("SSL_CTX_set_quiet_shutdown"); + CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); if (mode) ctx->quietShutdown = 1; } + void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode) + { + CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); + if (mode) + ssl->options.quietShutdown = 1; + } + + int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx) { /* TODO: check private against public for RSA match */ @@ -2410,6 +2459,37 @@ int CyaSSL_set_compression(CYASSL* ssl) } + /* keyblock size in bytes or -1 */ + int CyaSSL_get_keyblock_size(CYASSL* ssl) + { + if (ssl == NULL) + return -1; + + return 2 * (ssl->specs.key_size + ssl->specs.iv_size + + ssl->specs.hash_size); + } + + + /* store keys returns 0 or -1 on error */ + int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen, + unsigned char** sr, unsigned int* srLen, + unsigned char** cr, unsigned int* crLen) + { + if (ssl == NULL) + return -1; + + *ms = ssl->arrays.masterSecret; + *sr = ssl->arrays.serverRandom; + *cr = ssl->arrays.clientRandom; + + *msLen = SECRET_LEN; + *srLen = RAN_LEN; + *crLen = RAN_LEN; + + return 0; + } + + void CyaSSL_set_accept_state(CYASSL* ssl) { byte havePSK = 0; @@ -2425,6 +2505,19 @@ int CyaSSL_set_compression(CYASSL* ssl) ssl->ctx->method->side); } + + /* return true if connection established */ + int CyaSSL_is_init_finished(CYASSL* ssl) + { + if (ssl == NULL) + return 0; + + if (ssl->options.handShakeState == HANDSHAKE_DONE) + return 1; + + return 0; + } + void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx, CYASSL_RSA*(*f)(CYASSL*, int, int))