diff --git a/configure.in b/configure.in index 2e3941e03..48e1ae79d 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ AC_INIT AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE(cyassl,1.8.8) # !!! also change in ssl.h !!! +AM_INIT_AUTOMAKE(cyassl,1.8.9) # !!! also change in ssl.h !!! AM_CONFIG_HEADER(ctaocrypt/include/config.h) @@ -305,6 +305,19 @@ then fi +# Web Server Build +AC_ARG_ENABLE(webServer, + [ --enable-webServer Enable Web Server (default: disabled)], + [ ENABLED_WEBSERVER=$enableval ], + [ ENABLED_WEBSERVER=no ] + ) + +if test "$ENABLED_WEBSERVER" = "yes" +then + CFLAGS="$CFLAGS -DHAVE_WEBSERVER" +fi + + # ECC AC_ARG_ENABLE(ecc, [ --enable-ecc Enable ECC (default: disabled)], diff --git a/ctaocrypt/include/coding.h b/ctaocrypt/include/coding.h index 454a3e028..2ece68f5e 100644 --- a/ctaocrypt/include/coding.h +++ b/ctaocrypt/include/coding.h @@ -33,7 +33,7 @@ /* decode needed by CyaSSL */ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen); -#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) +#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) /* encode isn't */ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen); int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen); diff --git a/ctaocrypt/include/config.h b/ctaocrypt/include/config.h index 1a294f5bb..56409d55f 100644 --- a/ctaocrypt/include/config.h +++ b/ctaocrypt/include/config.h @@ -79,7 +79,7 @@ #define STDC_HEADERS 1 /* Version number of package */ -#define VERSION "1.8.8" +#define VERSION "1.8.9" /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 1e1f98c5c..5ffabf179 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -109,7 +109,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen) } -#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) +#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) static const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', diff --git a/include/cyassl_int.h b/include/cyassl_int.h index 6f8c712a3..1ecc0e088 100644 --- a/include/cyassl_int.h +++ b/include/cyassl_int.h @@ -594,7 +594,7 @@ struct SSL_CTX { psk_server_callback server_psk_cb; /* server callback */ char server_hint[MAX_PSK_ID_LEN]; #endif /* NO_PSK */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) pem_password_cb passwd_cb; void* userdata; #endif /* OPENSSL_EXTRA */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 44acb5adf..884795f50 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -39,7 +39,7 @@ #include "prefix_ssl.h" #endif -#define CYASSL_VERSION "1.8.8" +#define CYASSL_VERSION "1.8.9" #undef X509_NAME /* wincrypt.h clash */ diff --git a/src/ssl.c b/src/ssl.c index 10d69f705..68be3614b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25,9 +25,12 @@ #include "cyassl_error.h" #include "coding.h" +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + #include "evp.h" +#endif + #ifdef OPENSSL_EXTRA /* openssl headers begin */ - #include "evp.h" #include "hmac.h" #include "crypto.h" #include "des.h" @@ -405,7 +408,7 @@ static int AddCA(SSL_CTX* ctx, buffer der) else return SSL_BAD_FILE; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) { /* remove encrypted header if there */ char encHeader[] = "Proc-Type"; @@ -447,7 +450,7 @@ static int AddCA(SSL_CTX* ctx, buffer der) headerEnd = newline; } } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ /* find footer */ footerEnd = XSTRSTR((char*)buff, footer); @@ -511,7 +514,7 @@ static int AddCA(SSL_CTX* ctx, buffer der) der.length = sz; } -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) if (info.set) { /* decrypt */ char password[80]; @@ -560,7 +563,7 @@ static int AddCA(SSL_CTX* ctx, buffer der) else return SSL_BAD_FILE; } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ if (type == CA_TYPE) return AddCA(ctx, der); /* takes der over */ @@ -2249,6 +2252,129 @@ int CyaSSL_set_compression(SSL* ssl) #endif /* OPENSSL_EXTRA || GOAHEAD_WS */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + + void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata) + { + ctx->userdata = userdata; + } + + + void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb) + { + ctx->passwd_cb = cb; + } + + int CRYPTO_num_locks(void) + { + return 0; + } + + void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int)) + { + + } + + void CRYPTO_set_id_callback(unsigned long (*f)(void)) + { + + } + + unsigned long ERR_get_error(void) + { + /* TODO: */ + return 0; + } + + int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, + const byte* salt, const byte* data, int sz, int count, + byte* key, byte* iv) + { + int keyLen = 0; + int ivLen = 0; + + Md5 myMD; + byte digest[MD5_DIGEST_SIZE]; + + int j; + int keyLeft; + int ivLeft; + int keyOutput = 0; + + InitMd5(&myMD); + + /* only support MD5 for now */ + if (XSTRNCMP(md, "MD5", 3)) return 0; + + /* only support CBC DES and AES for now */ + if (XSTRNCMP(type, "DES-CBC", 7) == 0) { + keyLen = DES_KEY_SIZE; + ivLen = DES_IV_SIZE; + } + else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) { + keyLen = DES3_KEY_SIZE; + ivLen = DES_IV_SIZE; + } + else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) { + keyLen = AES_128_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) { + keyLen = AES_192_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) { + keyLen = AES_256_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else + return 0; + + keyLeft = keyLen; + ivLeft = ivLen; + + while (keyOutput < (keyLen + ivLen)) { + int digestLeft = MD5_DIGEST_SIZE; + /* D_(i - 1) */ + if (keyOutput) /* first time D_0 is empty */ + Md5Update(&myMD, digest, MD5_DIGEST_SIZE); + /* data */ + Md5Update(&myMD, data, sz); + /* salt */ + if (salt) + Md5Update(&myMD, salt, EVP_SALT_SIZE); + Md5Final(&myMD, digest); + /* count */ + for (j = 1; j < count; j++) { + Md5Update(&myMD, digest, MD5_DIGEST_SIZE); + Md5Final(&myMD, digest); + } + + if (keyLeft) { + int store = min(keyLeft, MD5_DIGEST_SIZE); + XMEMCPY(&key[keyLen - keyLeft], digest, store); + + keyOutput += store; + keyLeft -= store; + digestLeft -= store; + } + + if (ivLeft && digestLeft) { + int store = min(ivLeft, digestLeft); + XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE - + digestLeft], store); + keyOutput += store; + ivLeft -= store; + } + } + if (keyOutput != (keyLen + ivLen)) + return 0; + return keyOutput; + } + +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ + + #ifdef OPENSSL_EXTRA unsigned long SSLeay(void) @@ -2409,12 +2535,6 @@ int CyaSSL_set_compression(SSL* ssl) return md; } - unsigned long ERR_get_error(void) - { - /* TODO: */ - return 0; - } - void ERR_clear_error(void) { /* TODO: */ @@ -2848,24 +2968,6 @@ int CyaSSL_set_compression(SSL* ssl) } - int CRYPTO_num_locks(void) - { - return 0; - } - - - void CRYPTO_set_id_callback(unsigned long (*f)(void)) - { - - } - - - void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int)) - { - - } - - void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)( const char*, int)) { @@ -3067,18 +3169,6 @@ int CyaSSL_set_compression(SSL* ssl) } - void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata) - { - ctx->userdata = userdata; - } - - - void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb) - { - ctx->passwd_cb = cb; - } - - long SSL_CTX_set_timeout(SSL_CTX* ctx, long to) { return 0; @@ -3245,92 +3335,6 @@ int CyaSSL_set_compression(SSL* ssl) } - int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, - const byte* salt, const byte* data, int sz, int count, - byte* key, byte* iv) - { - int keyLen = 0; - int ivLen = 0; - - Md5 myMD; - byte digest[MD5_DIGEST_SIZE]; - - int j; - int keyLeft; - int ivLeft; - int keyOutput = 0; - - InitMd5(&myMD); - - /* only support MD5 for now */ - if (XSTRNCMP(md, "MD5", 3)) return 0; - - /* only support CBC DES and AES for now */ - if (XSTRNCMP(type, "DES-CBC", 7) == 0) { - keyLen = DES_KEY_SIZE; - ivLen = DES_IV_SIZE; - } - else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) { - keyLen = DES3_KEY_SIZE; - ivLen = DES_IV_SIZE; - } - else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) { - keyLen = AES_128_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) { - keyLen = AES_192_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) { - keyLen = AES_256_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else - return 0; - - keyLeft = keyLen; - ivLeft = ivLen; - - while (keyOutput < (keyLen + ivLen)) { - int digestLeft = MD5_DIGEST_SIZE; - /* D_(i - 1) */ - if (keyOutput) /* first time D_0 is empty */ - Md5Update(&myMD, digest, MD5_DIGEST_SIZE); - /* data */ - Md5Update(&myMD, data, sz); - /* salt */ - if (salt) - Md5Update(&myMD, salt, EVP_SALT_SIZE); - Md5Final(&myMD, digest); - /* count */ - for (j = 1; j < count; j++) { - Md5Update(&myMD, digest, MD5_DIGEST_SIZE); - Md5Final(&myMD, digest); - } - - if (keyLeft) { - int store = min(keyLeft, MD5_DIGEST_SIZE); - XMEMCPY(&key[keyLen - keyLeft], digest, store); - - keyOutput += store; - keyLeft -= store; - digestLeft -= store; - } - - if (ivLeft && digestLeft) { - int store = min(ivLeft, digestLeft); - XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE - - digestLeft], store); - keyOutput += store; - ivLeft -= store; - } - } - if (keyOutput != (keyLen + ivLen)) - return 0; - return keyOutput; - } - /* stunnel 4.28 needs */ void* SSL_CTX_get_ex_data(const SSL_CTX* ctx, int d) {