more porting changes

This commit is contained in:
Todd A Ouska 2011-04-04 17:42:50 -07:00
parent 8d38f93d8a
commit cf978c8189
9 changed files with 124 additions and 39 deletions

1
.gitignore vendored
View File

@ -28,6 +28,7 @@ sslSniffer/sslSnifferTest/tracefile.txt
*.gz
*.zip
*.bak
*.dummy
NTRU_algorithm/
build-test/
build/

View File

@ -1,6 +1,6 @@
AC_INIT
AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE(cyassl,1.9.0) # !!! also change in ssl.h !!!
AM_INIT_AUTOMAKE(cyassl,1.9.5) # !!! also change in ssl.h !!!
AM_CONFIG_HEADER(ctaocrypt/include/config.h)

View File

@ -79,7 +79,7 @@
#define STDC_HEADERS 1
/* Version number of package */
#define VERSION "1.9.0"
#define VERSION "1.9.5"
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */

View File

@ -158,7 +158,7 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
{
if (((size_t)buf | (size_t)mask | count) % WORD_SIZE == 0)
if (((word)buf | (word)mask | count) % WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / WORD_SIZE);
else {
word32 i;

View File

@ -835,8 +835,8 @@ enum AcceptState {
typedef struct Buffers {
buffer certificate; /* SSL_CTX owns */
buffer key; /* SSL_CTX owns */
buffer certificate; /* SSL_CTX owns, unless we own */
buffer key; /* SSL_CTX owns, unless we own */
buffer domainName; /* for client check */
buffer serverDH_P;
buffer serverDH_G;
@ -849,6 +849,8 @@ typedef struct Buffers {
when got WANT_WRITE */
int plainSz; /* plain text bytes in buffer to send
when got WANT_WRITE */
byte weOwnCert; /* SSL own cert flag */
byte weOwnKey; /* SSL own key flag */
} Buffers;

View File

@ -64,7 +64,7 @@ void EVP_MD_CTX_init(EVP_MD_CTX* ctx);
int EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx);
int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type);
int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, size_t sz);
int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, unsigned long sz);
int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s);
int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s);

View File

@ -39,7 +39,7 @@
#include "prefix_ssl.h"
#endif
#define CYASSL_VERSION "1.9.0"
#define CYASSL_VERSION "1.9.5"
#undef X509_NAME /* wincrypt.h clash */
@ -194,7 +194,7 @@ long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
int SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
char* ERR_error_string(unsigned long,char*);
void ERR_error_string_n(unsigned long e, char *buf, size_t len);
void ERR_error_string_n(unsigned long e, char *buf, unsigned long len);
/* extras */
@ -228,7 +228,7 @@ SSL_METHOD* SSLv2_client_method(void);
SSL_METHOD* SSLv2_server_method(void);
void MD4_Init(MD4_CTX*);
void MD4_Update(MD4_CTX*, const void*, size_t);
void MD4_Update(MD4_CTX*, const void*, unsigned long);
void MD4_Final(unsigned char*, MD4_CTX*);
BIO* BIO_new(BIO_METHOD*);
@ -258,7 +258,7 @@ int SSLeay_add_ssl_algorithms(void);
int SSLeay_add_all_algorithms(void);
void RAND_screen(void);
const char* RAND_file_name(char*, size_t);
const char* RAND_file_name(char*, unsigned long);
int RAND_write_file(const char*);
int RAND_load_file(const char*, long);
int RAND_egd(const char*);
@ -635,11 +635,16 @@ int CyaSSL_X509_get_serial_number(X509*, unsigned char*);
#endif
/* SSL_CTX versions */
int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*, long, int);
int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int);
int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*, long, int);
int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,const unsigned char*,long);
/* SSL versions */
int CyaSSL_use_certificate_buffer(SSL*, const unsigned char*, long,int);
int CyaSSL_use_PrivateKey_buffer(SSL*, const unsigned char*, long, int);
int CyaSSL_use_certificate_chain_buffer(SSL*,const unsigned char*,long);
/* I/O callbacks */

View File

@ -698,6 +698,8 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
/* SSL_CTX still owns certificate, key, and caList buffers */
ssl->buffers.certificate = ctx->certificate;
ssl->buffers.key = ctx->privateKey;
ssl->buffers.weOwnCert = 0;
ssl->buffers.weOwnKey = 0;
ssl->caList = ctx->caList;
#ifdef OPENSSL_EXTRA
@ -782,6 +784,12 @@ void SSL_ResourceFree(SSL* ssl)
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
if (ssl->buffers.weOwnCert)
XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
if (ssl->buffers.weOwnKey)
XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
FreeRsaKey(&ssl->peerRsaKey);
if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, FORCED_FREE);
@ -1396,6 +1404,9 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
c24to32(&input[i], &certSz);
i += CERT_HEADER_SZ;
if (listSz > MAX_RECORD_SIZE || certSz > MAX_RECORD_SIZE)
return BUFFER_E;
myCert.length = certSz;
myCert.buffer = input + i;
i += certSz;
@ -1912,7 +1923,7 @@ static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type)
return level;
}
static int GetInputData(SSL *ssl, size_t size)
static int GetInputData(SSL *ssl, word32 size)
{
int in;
int inSz;
@ -3314,14 +3325,14 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */
for(;;) {
size_t len;
word32 len;
prev = haystack;
haystack = XSTRSTR(haystack, needle);
if (!haystack) /* last cipher */
len = min(sizeof(name), XSTRLEN(prev));
else
len = min(sizeof(name), (size_t)(haystack - prev));
len = min(sizeof(name), (word32)(haystack - prev));
XSTRNCPY(name, prev, len);
name[(len == sizeof(name)) ? len - 1 : len] = 0;

116
src/ssl.c
View File

@ -265,7 +265,7 @@ char* ERR_error_string(unsigned long errNumber, char* buffer)
}
void ERR_error_string_n(unsigned long e, char* buf, size_t len)
void ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
{
if (len) ERR_error_string(e, buf);
}
@ -508,7 +508,7 @@ static int AddCA(SSL_CTX* ctx, buffer der)
static int ProcessBuffer(SSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type)
long sz, int format, int type, SSL* ssl)
{
EncryptedInfo info;
buffer der; /* holds DER or RAW (for NTRU) */
@ -598,14 +598,31 @@ static int AddCA(SSL_CTX* ctx, buffer der)
if (type == CA_TYPE)
return AddCA(ctx, der); /* takes der over */
else if (type == CERT_TYPE) {
if (ctx->certificate.buffer)
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType);
ctx->certificate = der; /* takes der over */
if (ssl) {
if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
XFREE(ssl->buffers.certificate.buffer, ctx->heap,
dynamicType);
ssl->buffers.certificate = der;
ssl->buffers.weOwnCert = 1;
}
else {
if (ctx->certificate.buffer)
XFREE(ctx->certificate.buffer, ctx->heap, dynamicType);
ctx->certificate = der; /* takes der over */
}
}
else if (type == PRIVATEKEY_TYPE) {
if (ctx->privateKey.buffer)
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType);
ctx->privateKey = der; /* takes der over */
if (ssl) {
if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
XFREE(ssl->buffers.key.buffer, ctx->heap, dynamicType);
ssl->buffers.key = der;
ssl->buffers.weOwnKey = 1;
}
else {
if (ctx->privateKey.buffer)
XFREE(ctx->privateKey.buffer, ctx->heap, dynamicType);
ctx->privateKey = der; /* takes der over */
}
}
else {
XFREE(der.buffer, ctx->heap, dynamicType);
@ -676,7 +693,8 @@ static int AddCA(SSL_CTX* ctx, buffer der)
#define XSEEK_END FS_SEEK_END
#endif
static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type)
static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type,
SSL* ssl)
{
byte staticBuffer[FILE_BUFFER_SIZE];
byte* buffer = staticBuffer;
@ -702,7 +720,7 @@ static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type)
if ( (ret = XFREAD(buffer, sz, 1, file)) < 0)
ret = SSL_BAD_FILE;
else
ret = ProcessBuffer(ctx, buffer, sz, format, type);
ret = ProcessBuffer(ctx, buffer, sz, format, type, ssl);
XFCLOSE(file);
if (dynamic) XFREE(buffer, ctx->heap, DYNAMIC_TYPE_FILE);
@ -715,7 +733,7 @@ static int ProcessFile(SSL_CTX* ctx, const char* fname, int format, int type)
int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
const char* path)
{
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -727,7 +745,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
/* Add format parameter to allow DER load of CA files */
int CyaSSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file, int format)
{
if (ProcessFile(ctx, file, format, CA_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, CA_TYPE, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -758,7 +776,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
sz = XFTELL(file);
XREWIND(file);
if (sz > sizeof(staticBuffer)) {
if (sz > (long)sizeof(staticBuffer)) {
fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
if (fileBuf == NULL) {
XFCLOSE(file);
@ -794,7 +812,7 @@ int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
{
if (ProcessFile(ctx, file, format, CERT_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, CERT_TYPE, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -803,7 +821,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format)
{
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -813,7 +831,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format)
int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
{
/* add first to ctx, all tested implementations support this */
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CERT_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -824,7 +842,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file)
{
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE)
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL)
== SSL_SUCCESS) {
ctx->haveNTRU = 1;
return SSL_SUCCESS;
@ -841,7 +859,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX* ctx, const char* file)
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX* ctx,const char* file,int format)
{
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE,NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1172,17 +1190,43 @@ int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list)
int SSL_accept(SSL* ssl)
{
byte havePSK = 0;
CYASSL_ENTER("SSL_accept()");
#ifdef HAVE_ERRNO_H
errno = 0;
#endif
#ifndef NO_PSK
havePSK = ssl->optoins.havePSK;
#endif
if (ssl->options.side != SERVER_END) {
CYASSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR;
}
/* in case used set_accept_state after init */
if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
ssl->buffers.key.buffer == NULL)) {
CYASSL_MSG("accept error: don't have server cert and key");
ssl->error = NO_PRIVATE_KEY;
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
#ifdef HAVE_ECC
/* in case used set_accept_state after init */
if (ssl->eccTempKeyPresent == 0) {
if (ecc_make_key(&ssl->rng, ECDHE_SIZE, &ssl->eccTempKey) != 0){
ssl->error = ECC_MAKEKEY_ERROR;
CYASSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
ssl->eccTempKeyPresent = 1;
}
#endif
#ifdef CYASSL_DTLS
if (ssl->version.major == DTLS_MAJOR &&
ssl->version.minor == DTLS_MINOR) {
@ -1882,21 +1926,21 @@ int CyaSSL_set_compression(SSL* ssl)
int CyaSSL_CTX_load_verify_buffer(SSL_CTX* ctx, const unsigned char* buffer,
long sz, int format)
{
return ProcessBuffer(ctx, buffer, sz, format, CA_TYPE);
return ProcessBuffer(ctx, buffer, sz, format, CA_TYPE, NULL);
}
int CyaSSL_CTX_use_certificate_buffer(SSL_CTX* ctx,
const unsigned char* buffer,long sz,int format)
{
return ProcessBuffer(ctx, buffer, sz, format, CERT_TYPE);
return ProcessBuffer(ctx, buffer, sz, format, CERT_TYPE, NULL);
}
int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX* ctx,
const unsigned char* buffer,long sz,int format)
{
return ProcessBuffer(ctx, buffer, sz, format, PRIVATEKEY_TYPE);
return ProcessBuffer(ctx, buffer, sz, format, PRIVATEKEY_TYPE, NULL);
}
@ -1904,7 +1948,29 @@ int CyaSSL_set_compression(SSL* ssl)
const unsigned char* buffer, long sz)
{
/* add first to ctx, all tested implementations support this */
return ProcessBuffer(ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE);
return ProcessBuffer(ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE, NULL);
}
int CyaSSL_use_certificate_buffer(SSL* ssl,
const unsigned char* buffer,long sz,int format)
{
return ProcessBuffer(ssl->ctx, buffer, sz, format, CERT_TYPE, ssl);
}
int CyaSSL_use_PrivateKey_buffer(SSL* ssl,
const unsigned char* buffer,long sz,int format)
{
return ProcessBuffer(ssl->ctx, buffer, sz, format, PRIVATEKEY_TYPE,ssl);
}
int CyaSSL_use_certificate_chain_buffer(SSL* ssl,
const unsigned char* buffer, long sz)
{
/* add first to ctx, all tested implementations support this */
return ProcessBuffer(ssl->ctx, buffer, sz, SSL_FILETYPE_PEM, CA_TYPE,
ssl);
}
/* old NO_FILESYSTEM end */
@ -2523,7 +2589,7 @@ int CyaSSL_set_compression(SSL* ssl)
}
int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, size_t sz)
int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, unsigned long sz)
{
if (ctx->macType == MD5)
MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
@ -2915,7 +2981,7 @@ int CyaSSL_set_compression(SSL* ssl)
}
void MD4_Update(MD4_CTX* md4, const void* data, size_t len)
void MD4_Update(MD4_CTX* md4, const void* data, unsigned long len)
{
Md4Update((Md4*)md4, (const byte*)data, (word32)len);
}
@ -2967,7 +3033,7 @@ int CyaSSL_set_compression(SSL* ssl)
}
const char* RAND_file_name(char* fname, size_t len)
const char* RAND_file_name(char* fname, unsigned long len)
{
return 0;
}