mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow an app to link with cyassl and openssl, whew

Browse Source
This commit is contained in:
Todd A Ouska 2011-08-26 14:40:51 -07:00
parent 9d7c016cdb
commit efe6f80e77
17 changed files with 1735 additions and 1291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README
View File

@ -29,7 +29,26 @@ before calling SSL_new(); Though it's not recommended.
*** end Note ***
CyaSSL Release 2.0.0rc2 (6/6/2011)
CyaSSL Release 2.0.0rc3 (x/x/2011)
Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
- updated autoconf support
- better make install and uninstall (uses system directories)
- make test / make check
- CyaSSL headers now in <cyassl/*.h>
- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
- examples and tests all run from home diretory so can use certs in ./certs
(see note 1)
So previous applications that used the OpenSSL compatibility header
<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
changes are required.
Special Thanks to Brian Aker for his autoconf, install, and header patches.
************CyaSSL Release 2.0.0rc2 (6/6/2011)
Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
- bug fixes (Alerts, DTLS with DHE)

1
cyassl/include.am
View File

@ -10,6 +10,7 @@ EXTRA_DIST+= cyassl/sniffer_error.rc
nobase_include_HEADERS+= \
cyassl/error.h \
cyassl/internal.h \
cyassl/ssl.h \
cyassl/sniffer_error.h \
cyassl/sniffer.h \
cyassl/callbacks.h \

221
cyassl/internal.h
View File

@ -24,6 +24,7 @@
#define CYASSL_INT_H
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/des3.h>
@ -388,41 +389,6 @@ enum states {
};
#ifndef SSL_TYPES_DEFINED
typedef struct SSL_METHOD SSL_METHOD;
typedef struct SSL_CTX SSL_CTX;
typedef struct SSL_SESSION SSL_SESSION;
typedef struct SSL_CIPHER SSL_CIPHER;
typedef struct SSL SSL;
typedef struct X509 X509;
typedef struct X509_CHAIN X509_CHAIN;
typedef struct BIO BIO;
typedef struct BIO_METHOD BIO_METHOD;
#undef X509_NAME
typedef struct X509_NAME X509_NAME;
typedef struct X509_STORE_CTX {
int error;
int error_depth;
X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */
} X509_STORE_CTX;
typedef int (*pem_password_cb)(char*, int, int, void*);
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
/* make sure external "C" linkage for C++ programs with callbacks */
void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
#endif /* SSL_TYPES_DEFINED */
/* SSL Version */
typedef struct ProtocolVersion {
@ -448,26 +414,26 @@ enum BIO_TYPE {
};
/* OpenSSL BIO_METHOD type */
struct BIO_METHOD {
/* CyaSSL BIO_METHOD type */
struct CYASSL_BIO_METHOD {
byte type; /* method type */
};
/* OpenSSL BIO type */
struct BIO {
byte type; /* method type */
byte close; /* close flag */
byte eof; /* eof flag */
SSL* ssl; /* possible associated ssl */
int fd; /* possible file descriptor */
BIO* prev; /* previous in chain */
BIO* next; /* next in chain */
/* CyaSSL BIO type */
struct CYASSL_BIO {
byte type; /* method type */
byte close; /* close flag */
byte eof; /* eof flag */
CYASSL* ssl; /* possible associated ssl */
int fd; /* possible file descriptor */
CYASSL_BIO* prev; /* previous in chain */
CYASSL_BIO* next; /* next in chain */
};
/* OpenSSL method type */
struct SSL_METHOD {
/* CyaSSL method type */
struct CYASSL_METHOD {
ProtocolVersion version;
byte side; /* connection side, server or client */
byte verifyPeer; /* request or send certificate */
@ -478,12 +444,12 @@ struct SSL_METHOD {
/* defautls to client */
CYASSL_LOCAL void InitSSL_Method(SSL_METHOD*, ProtocolVersion);
CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
/* for sniffer */
CYASSL_LOCAL int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx,
CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
int sniff);
CYASSL_LOCAL int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx);
CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
/* CyaSSL buffer type */
@ -566,12 +532,12 @@ typedef struct Suites {
CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
CYASSL_LOCAL
int SetCipherList(SSL_CTX* ctx, const char* list);
int SetCipherList(CYASSL_CTX* ctx, const char* list);
#ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
unsigned int, unsigned char*, unsigned int);
typedef unsigned int (*psk_server_callback)(SSL*, const char*,
typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
unsigned char*, unsigned int);
#endif /* PSK_TYPES_DEFINED */
@ -590,20 +556,20 @@ int SetCipherList(SSL_CTX* ctx, const char* list);
#endif
/* OpenSSL Cipher type just points back to SSL */
struct SSL_CIPHER {
SSL* ssl;
/* CyaSSL Cipher type just points back to SSL */
struct CYASSL_CIPHER {
CYASSL* ssl;
};
/* OpenSSL context type */
struct SSL_CTX {
SSL_METHOD* method;
/* CyaSSL context type */
struct CYASSL_CTX {
CYASSL_METHOD* method;
buffer certificate;
buffer certChain;
/* chain after self, in DER, with leading size for each cert */
buffer privateKey;
Signer* caList; /* SSL_CTX owns this, SSL will reference */
Signer* caList; /* CYASSL_CTX owns this, SSL will reference */
Suites suites;
void* heap; /* for user memory overrides */
byte verifyPeer;
@ -634,21 +600,21 @@ struct SSL_CTX {
CYASSL_LOCAL
void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*);
void InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
CYASSL_LOCAL
void FreeSSL_Ctx(SSL_CTX*);
void FreeSSL_Ctx(CYASSL_CTX*);
CYASSL_LOCAL
void SSL_CtxResourceFree(SSL_CTX*);
void SSL_CtxResourceFree(CYASSL_CTX*);
CYASSL_LOCAL
int DeriveTlsKeys(SSL* ssl);
int DeriveTlsKeys(CYASSL* ssl);
CYASSL_LOCAL
int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 inSz, word16 sz);
CYASSL_LOCAL
int AddCA(SSL_CTX* ctx, buffer der);
int AddCA(CYASSL_CTX* ctx, buffer der);
CYASSL_LOCAL
int IsCA(SSL_CTX* ctx, byte* hash);
int IsCA(CYASSL_CTX* ctx, byte* hash);
/* All cipher suite related info */
typedef struct CipherSpecs {
@ -808,20 +774,20 @@ typedef struct x509_buffer {
/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
struct X509_CHAIN {
struct CYASSL_X509_CHAIN {
int count; /* total number in chain */
x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
};
/* openSSL session type */
struct SSL_SESSION {
/* CyaSSL session type */
struct CYASSL_SESSION {
byte sessionID[ID_LEN];
byte masterSecret[SECRET_LEN];
word32 bornOn; /* create time in seconds */
word32 timeout; /* timeout in seconds */
#ifdef SESSION_CERTS
X509_CHAIN chain; /* peer cert chain, static */
CYASSL_X509_CHAIN chain; /* peer cert chain, static */
ProtocolVersion version;
byte cipherSuite0; /* first byte, normally 0 */
byte cipherSuite; /* 2nd byte, actual suite */
@ -830,11 +796,11 @@ struct SSL_SESSION {
CYASSL_LOCAL
SSL_SESSION* GetSession(SSL*, byte*);
CYASSL_SESSION* GetSession(CYASSL*, byte*);
CYASSL_LOCAL
int SetSession(SSL*, SSL_SESSION*);
int SetSession(CYASSL*, CYASSL_SESSION*);
typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int);
typedef void (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
/* client connect state for nonblocking restart */
@ -872,9 +838,9 @@ enum AcceptState {
typedef struct Buffers {
buffer certificate; /* SSL_CTX owns, unless we own */
buffer key; /* SSL_CTX owns, unless we own */
buffer certChain; /* SSL_CTX owns */
buffer certificate; /* CYASSL_CTX owns, unless we own */
buffer key; /* CYASSL_CTX owns, unless we own */
buffer certChain; /* CYASSL_CTX owns */
/* chain after self, in DER, with leading size for each cert */
buffer domainName; /* for client check */
buffer serverDH_P;
@ -955,19 +921,17 @@ typedef struct Arrays {
} Arrays;
#undef X509_NAME
struct X509_NAME {
struct CYASSL_X509_NAME {
char name[ASN_NAME_MAX];
int sz;
};
struct X509 {
X509_NAME issuer;
X509_NAME subject;
int serialSz;
byte serial[EXTERNAL_SERIAL_SIZE];
struct CYASSL_X509 {
CYASSL_X509_NAME issuer;
CYASSL_X509_NAME subject;
int serialSz;
byte serial[EXTERNAL_SERIAL_SIZE];
};
@ -989,9 +953,9 @@ typedef struct DtlsRecordLayerHeader {
} DtlsRecordLayerHeader;
/* OpenSSL ssl type */
struct SSL {
SSL_CTX* ctx;
/* CyaSSL ssl type */
struct CYASSL {
CYASSL_CTX* ctx;
int error;
ProtocolVersion version; /* negotiated version */
ProtocolVersion chVersion; /* client hello version */
@ -1002,8 +966,8 @@ struct SSL {
Keys keys;
int rfd; /* read file descriptor */
int wfd; /* write file descriptor */
BIO* biord; /* socket bio read to free/close */
BIO* biowr; /* socket bio write to free/close */
CYASSL_BIO* biord; /* socket bio read to free/close */
CYASSL_BIO* biowr; /* socket bio write to free/close */
void* IOCB_ReadCtx;
void* IOCB_WriteCtx;
RNG rng;
@ -1017,7 +981,7 @@ struct SSL {
Buffers buffers;
Options options;
Arrays arrays;
SSL_SESSION session;
CYASSL_SESSION session;
RsaKey peerRsaKey;
byte peerRsaKeyPresent;
#ifdef HAVE_NTRU
@ -1039,7 +1003,7 @@ struct SSL {
void* heap; /* for user overrides */
RecordLayerHeader curRL;
word16 curSize;
SSL_CIPHER cipher;
CYASSL_CIPHER cipher;
#ifdef HAVE_LIBZ
z_stream c_stream; /* compression stream */
z_stream d_stream; /* decompression stream */
@ -1052,16 +1016,16 @@ struct SSL {
byte toInfoOn; /* track timeout info */
#endif
#ifdef OPENSSL_EXTRA
X509 peerCert; /* X509 peer cert */
CYASSL_X509 peerCert; /* X509 peer cert */
#endif
};
CYASSL_LOCAL
int InitSSL(SSL*, SSL_CTX*);
int InitSSL(CYASSL*, CYASSL_CTX*);
CYASSL_LOCAL
void FreeSSL(SSL*);
CYASSL_API void SSL_ResourceFree(SSL*); /* Micrium uses */
void FreeSSL(CYASSL*);
CYASSL_API void SSL_ResourceFree(CYASSL*); /* Micrium uses */
enum {
@ -1076,7 +1040,7 @@ typedef struct EncryptedInfo {
word32 ivSz; /* encrypted IV size */
long consumed; /* tracks PEM bytes consumed */
byte set; /* if encryption set */
SSL_CTX* ctx; /* CTX owner */
CYASSL_CTX* ctx; /* CTX owner */
} EncryptedInfo;
@ -1084,7 +1048,7 @@ typedef struct EncryptedInfo {
CYASSL_LOCAL
void InitHandShakeInfo(HandShakeInfo*);
CYASSL_LOCAL
void FinishHandShakeInfo(HandShakeInfo*, const SSL*);
void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
CYASSL_LOCAL
void AddPacketName(const char*, HandShakeInfo*);
@ -1187,49 +1151,50 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
/* internal functions */
CYASSL_LOCAL int SendChangeCipher(SSL*);
CYASSL_LOCAL int SendData(SSL*, const void*, int);
CYASSL_LOCAL int SendCertificate(SSL*);
CYASSL_LOCAL int SendCertificateRequest(SSL*);
CYASSL_LOCAL int SendServerKeyExchange(SSL*);
CYASSL_LOCAL int SendBuffered(SSL*);
CYASSL_LOCAL int ReceiveData(SSL*, byte*, int);
CYASSL_LOCAL int SendFinished(SSL*);
CYASSL_LOCAL int SendAlert(SSL*, int, int);
CYASSL_LOCAL int ProcessReply(SSL*);
CYASSL_LOCAL int SendChangeCipher(CYASSL*);
CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
CYASSL_LOCAL int SendCertificate(CYASSL*);
CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
CYASSL_LOCAL int SendBuffered(CYASSL*);
CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int);
CYASSL_LOCAL int SendFinished(CYASSL*);
CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
CYASSL_LOCAL int ProcessReply(CYASSL*);
CYASSL_LOCAL int SetCipherSpecs(SSL*);
CYASSL_LOCAL int MakeMasterSecret(SSL*);
CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
CYASSL_LOCAL int AddSession(SSL*);
CYASSL_LOCAL int DeriveKeys(SSL* ssl);
CYASSL_LOCAL int StoreKeys(SSL* ssl, const byte* keyData);
CYASSL_LOCAL int AddSession(CYASSL*);
CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
CYASSL_LOCAL int IsTLS(const SSL* ssl);
CYASSL_LOCAL int IsAtLeastTLSv1_2(const SSL* ssl);
CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
CYASSL_LOCAL void ShrinkInputBuffer(SSL* ssl, int forcedFree);
CYASSL_LOCAL void ShrinkOutputBuffer(SSL* ssl);
CYASSL_LOCAL int SendHelloVerifyRequest(SSL* ssl);
CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL* ssl);
CYASSL_LOCAL Signer* GetCA(Signer* signers, byte* hash);
CYASSL_LOCAL void BuildTlsFinished(SSL* ssl, Hashes* hashes,const byte* sender);
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
const byte* sender);
#ifndef NO_TLS
CYASSL_LOCAL int MakeTlsMasterSecret(SSL*);
CYASSL_LOCAL void TLS_hmac(SSL* ssl, byte* digest, const byte* buffer,
CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
CYASSL_LOCAL void TLS_hmac(CYASSL* ssl, byte* digest, const byte* buffer,
word32 sz, int content, int verify);
#endif
#ifndef NO_CYASSL_CLIENT
CYASSL_LOCAL int SendClientHello(SSL*);
CYASSL_LOCAL int SendClientKeyExchange(SSL*);
CYASSL_LOCAL int SendCertificateVerify(SSL*);
CYASSL_LOCAL int SendClientHello(CYASSL*);
CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
#endif /* NO_CYASSL_CLIENT */
#ifndef NO_CYASSL_SERVER
CYASSL_LOCAL int SendServerHello(SSL*);
CYASSL_LOCAL int SendServerHelloDone(SSL*);
CYASSL_LOCAL int SendServerHello(CYASSL*);
CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
#ifdef CYASSL_DTLS
CYASSL_LOCAL int SendHelloVerifyRequest(SSL*);
CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
#endif
#endif /* NO_CYASSL_SERVER */

7
cyassl/openssl/crypto.h
View File

@ -7,8 +7,11 @@
#include "prefix_crypto.h"
#endif
CYASSL_API const char* SSLeay_version(int type);
CYASSL_API unsigned long SSLeay(void);
CYASSL_API const char* CyaSSLeay_version(int type);
CYASSL_API unsigned long CyaSSLeay(void);
#define SSLeay_version CyaSSLeay_version
#define SSLeay CyaSSLeay
#define SSLEAY_VERSION 0x0090600fL

40
cyassl/openssl/des.h
View File

@ -37,9 +37,9 @@
extern "C" {
#endif
typedef unsigned char DES_cblock[8];
typedef /* const */ DES_cblock const_DES_cblock;
typedef DES_cblock DES_key_schedule;
typedef unsigned char CYASSL_DES_cblock[8];
typedef /* const */ CYASSL_DES_cblock CYASSL_const_DES_cblock;
typedef CYASSL_DES_cblock CYASSL_DES_key_schedule;
enum {
@ -48,18 +48,34 @@ enum {
};
CYASSL_API void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
CYASSL_API int DES_key_sched(const_DES_cblock* key,DES_key_schedule* schedule);
CYASSL_API void DES_cbc_encrypt(const unsigned char* input,
CYASSL_API void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock*,
CYASSL_DES_key_schedule*);
CYASSL_API int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
CYASSL_DES_key_schedule* schedule);
CYASSL_API void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
unsigned char* output, long length,
DES_key_schedule* schedule, DES_cblock* ivec, int enc);
CYASSL_API void DES_ncbc_encrypt(const unsigned char* input,
CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
int enc);
CYASSL_API void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
unsigned char* output, long length,
DES_key_schedule* schedule, DES_cblock* ivec, int enc);
CYASSL_DES_key_schedule* schedule,
CYASSL_DES_cblock* ivec, int enc);
CYASSL_API void DES_set_odd_parity(DES_cblock*);
CYASSL_API void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*,
int);
CYASSL_API void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock*);
CYASSL_API void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock*, CYASSL_DES_cblock*,
CYASSL_DES_key_schedule*, int);
typedef CYASSL_DES_cblock DES_cblock;
typedef CYASSL_const_DES_cblock const_DES_cblock;
typedef CYASSL_DES_key_schedule DES_key_schedule;
#define DES_set_key_unchecked CyaSSL_DES_set_key_unchecked
#define DES_key_sched CyaSSL_DES_key_sched
#define DES_cbc_encrypt CyaSSL_DES_cbc_encrypt
#define DES_ncbc_encrypt CyaSSL_DES_ncbc_encrypt
#define DES_set_odd_parity CyaSSL_DES_set_odd_parity
#define DES_ecb_encrypt CyaSSL_DES_ecb_encrypt
#ifdef __cplusplus
} /* extern "C" */

66
cyassl/openssl/evp.h
View File

@ -32,46 +32,64 @@
#include "prefix_evp.h"
#endif
#include "md5.h"
#include "sha.h"
#include <cyassl/openssl/md5.h>
#include <cyassl/openssl/sha.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef char EVP_MD;
typedef char EVP_CIPHER;
typedef char CYASSL_EVP_MD;
typedef char CYASSL_EVP_CIPHER;
CYASSL_API const EVP_MD* EVP_md5(void);
CYASSL_API const EVP_MD* EVP_sha1(void);
CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_md5(void);
CYASSL_API const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void);
typedef union {
MD5_CTX md5;
SHA_CTX sha;
} Hasher;
CYASSL_MD5_CTX md5;
CYASSL_SHA_CTX sha;
} CYASSL_Hasher;
typedef struct EVP_MD_CTX {
typedef struct CYASSL_EVP_MD_CTX {
unsigned char macType; /* md5 or sha for now */
Hasher hash;
} EVP_MD_CTX;
CYASSL_Hasher hash;
} CYASSL_EVP_MD_CTX;
CYASSL_API void EVP_MD_CTX_init(EVP_MD_CTX* ctx);
CYASSL_API int EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx);
CYASSL_API void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx);
CYASSL_API int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx);
CYASSL_API int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx,
const CYASSL_EVP_MD* type);
CYASSL_API int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
unsigned long sz);
CYASSL_API int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
unsigned int* s);
CYASSL_API int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx,
unsigned char* md, unsigned int* s);
CYASSL_API int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER*,
const CYASSL_EVP_MD*, const unsigned char*,
const unsigned char*, int, int, unsigned char*,
unsigned char*);
typedef CYASSL_EVP_MD EVP_MD;
typedef CYASSL_EVP_CIPHER EVP_CIPHER;
typedef CYASSL_EVP_MD_CTX EVP_MD_CTX;
#define EVP_md5 CyaSSL_EVP_md5
#define EVP_sha1 CyaSSL_EVP_sha1
#define EVP_MD_CTX_init CyaSSL_EVP_MD_CTX_init
#define EVP_MD_CTX_cleanup CyaSSL_EVP_MD_CTX_cleanup
#define EVP_DigestInit CyaSSL_EVP_DigestInit
#define EVP_DigestUpdate CyaSSL_EVP_DigestUpdate
#define EVP_DigestFinal CyaSSL_EVP_DigestFinal
#define EVP_DigestFinal_ex CyaSSL_EVP_DigestFinal_ex
#define EVP_BytesToKey CyaSSL_EVP_BytesToKey
CYASSL_API int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type);
CYASSL_API int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data,
unsigned long sz);
CYASSL_API int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md,
unsigned int* s);
CYASSL_API int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md,
unsigned int* s);
CYASSL_API int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*,
const unsigned char*, const unsigned char*,
int, int, unsigned char*, unsigned char*);
#ifdef __cplusplus
} /* extern "C" */

11
cyassl/openssl/hmac.h
View File

@ -32,18 +32,21 @@
#include "prefix_hmac.h"
#endif
#include "evp.h"
#include <cyassl/openssl/evp.h>
#ifdef __cplusplus
extern "C" {
#endif
CYASSL_API unsigned char* HMAC(const EVP_MD* evp_md, const void* key,
int key_len, const unsigned char* d, int n,
unsigned char* md, unsigned int* md_len);
CYASSL_API unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md,
const void* key, int key_len,
const unsigned char* d, int n, unsigned char* md,
unsigned int* md_len);
#define HMAC(a,b,c,d,e,f,g) CyaSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
#ifdef __cplusplus
} /* extern "C" */
#endif

15
cyassl/openssl/md5.h
View File

@ -13,15 +13,20 @@
#endif
typedef struct MD5_CTX {
typedef struct CYASSL_MD5_CTX {
int holder[24]; /* big enough to hold ctaocrypt md5, but check on init */
} MD5_CTX;
} CYASSL_MD5_CTX;
CYASSL_API void MD5_Init(MD5_CTX*);
CYASSL_API void MD5_Update(MD5_CTX*, const void*, unsigned long);
CYASSL_API void MD5_Final(unsigned char*, MD5_CTX*);
CYASSL_API void CyaSSL_MD5_Init(CYASSL_MD5_CTX*);
CYASSL_API void CyaSSL_MD5_Update(CYASSL_MD5_CTX*, const void*, unsigned long);
CYASSL_API void CyaSSL_MD5_Final(unsigned char*, CYASSL_MD5_CTX*);
typedef CYASSL_MD5_CTX MD5_CTX;
#define MD5_Init MD5_Init
#define MD5_Update MD5_Update
#define MD5_Final MD5_Final
#ifdef __cplusplus
} /* extern "C" */

27
cyassl/openssl/sha.h
View File

@ -13,24 +13,35 @@
#endif
typedef struct SHA_CTX {
typedef struct CYASSL_SHA_CTX {
int holder[24]; /* big enough to hold ctaocrypt sha, but check on init */
} SHA_CTX;
} CYASSL_SHA_CTX;
CYASSL_API void SHA_Init(SHA_CTX*);
CYASSL_API void SHA_Update(SHA_CTX*, const void*, unsigned long);
CYASSL_API void SHA_Final(unsigned char*, SHA_CTX*);
CYASSL_API void CyaSSL_SHA_Init(CYASSL_SHA_CTX*);
CYASSL_API void CyaSSL_SHA_Update(CYASSL_SHA_CTX*, const void*, unsigned long);
CYASSL_API void CyaSSL_SHA_Final(unsigned char*, CYASSL_SHA_CTX*);
/* SHA1 points to above, shouldn't use SHA0 ever */
CYASSL_API void SHA1_Init(SHA_CTX*);
CYASSL_API void SHA1_Update(SHA_CTX*, const void*, unsigned long);
CYASSL_API void SHA1_Final(unsigned char*, SHA_CTX*);
CYASSL_API void CyaSSL_SHA1_Init(CYASSL_SHA_CTX*);
CYASSL_API void CyaSSL_SHA1_Update(CYASSL_SHA_CTX*, const void*, unsigned long);
CYASSL_API void CyaSSL_SHA1_Final(unsigned char*, CYASSL_SHA_CTX*);
enum {
SHA_DIGEST_LENGTH = 20
};
typedef CYASSL_SHA_CTX SHA_CTX;
#define SHA_Init CyaSSL_SHA_Init
#define SHA_Update CyaSSL_SHA_Update
#define SHA_Final CyaSSL_SHA_Final
#define SHA1_Init CyaSSL_SHA1_Init
#define SHA1_Update CyaSSL_SHA1_Update
#define SHA1_Final CyaSSL_SHA1_Final
#ifdef __cplusplus
} /* extern "C" */
#endif

904
cyassl/openssl/ssl.h
View File

@ -15,7 +15,7 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* a with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
@ -28,16 +28,12 @@
#ifndef CYASSL_OPENSSL_H_
#define CYASSL_OPENSSL_H_
/* for users not using preprocessor flags */
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ssl.h>
#ifdef USE_CYASSL_VERSION
#include <cyassl/version.h>
#endif
#ifndef NO_FILESYSTEM
#include <stdio.h> /* ERR_print fp */
#endif
#ifdef YASSL_PREFIX
#include "prefix_ssl.h"
@ -59,666 +55,314 @@
#endif
typedef struct SSL SSL;
typedef struct SSL_SESSION SSL_SESSION;
typedef struct SSL_METHOD SSL_METHOD;
typedef struct SSL_CTX SSL_CTX;
typedef CYASSL SSL;
typedef CYASSL_SESSION SSL_SESSION;
typedef CYASSL_METHOD SSL_METHOD;
typedef CYASSL_CTX SSL_CTX;
typedef struct X509 X509;
typedef struct X509_NAME X509_NAME;
typedef struct X509_CHAIN X509_CHAIN;
typedef CYASSL_X509 X509;
typedef CYASSL_X509_NAME X509_NAME;
typedef CYASSL_X509_CHAIN X509_CHAIN;
/* redeclare guard */
#define SSL_TYPES_DEFINED
#define CYASSL_TYPES_DEFINED
typedef struct EVP_PKEY EVP_PKEY;
typedef struct RSA RSA;
typedef struct BIO BIO;
typedef struct BIO_METHOD BIO_METHOD;
typedef struct SSL_CIPHER SSL_CIPHER;
typedef struct X509_LOOKUP X509_LOOKUP;
typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
typedef struct X509_CRL X509_CRL;
typedef struct X509_EXTENSION X509_EXTENSION;
typedef struct ASN1_TIME ASN1_TIME;
typedef struct ASN1_INTEGER ASN1_INTEGER;
typedef struct ASN1_OBJECT ASN1_OBJECT;
typedef struct ASN1_STRING ASN1_STRING;
typedef struct CRYPTO_dynlock_value CRYPTO_dynlock_value;
typedef CYASSL_EVP_PKEY EVP_PKEY;
typedef CYASSL_RSA RSA;
typedef CYASSL_BIO BIO;
typedef CYASSL_BIO_METHOD BIO_METHOD;
typedef CYASSL_CIPHER SSL_CIPHER;
typedef CYASSL_X509_LOOKUP X509_LOOKUP;
typedef CYASSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
typedef CYASSL_X509_CRL X509_CRL;
typedef CYASSL_X509_EXTENSION X509_EXTENSION;
typedef CYASSL_ASN1_TIME ASN1_TIME;
typedef CYASSL_ASN1_INTEGER ASN1_INTEGER;
typedef CYASSL_ASN1_OBJECT ASN1_OBJECT;
typedef CYASSL_ASN1_STRING ASN1_STRING;
typedef CYASSL_dynlock_value CRYPTO_dynlock_value;
#define ASN1_UTCTIME ASN1_TIME
#define ASN1_UTCTIME CYASSL_ASN1_TIME
typedef struct MD4_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} MD4_CTX;
typedef CYASSL_MD4_CTX MD4_CTX;
typedef CYASSL_COMP_METHOD COMP_METHOD;
typedef CYASSL_X509_STORE X509_STORE;
typedef CYASSL_X509_REVOKED X509_REVOKED;
typedef CYASSL_X509_OBJECT X509_OBJECT;
typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
typedef struct COMP_METHOD {
int type; /* stunnel dereference */
} COMP_METHOD;
typedef struct X509_STORE {
int cache; /* stunnel dereference */
} X509_STORE;
typedef struct X509_REVOKED {
ASN1_INTEGER* serialNumber; /* stunnel dereference */
} X509_REVOKED;
typedef struct X509_OBJECT {
union {
char* ptr;
X509_CRL* crl; /* stunnel dereference */
} data;
} X509_OBJECT;
/* in cyassl_int.h too, change there !! */
typedef struct X509_STORE_CTX {
int error;
int error_depth;
X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */
/* in cyassl_int.h too, change there !! */
} X509_STORE_CTX;
CYASSL_API SSL_METHOD *SSLv3_server_method(void);
CYASSL_API SSL_METHOD *SSLv3_client_method(void);
CYASSL_API SSL_METHOD *TLSv1_server_method(void);
CYASSL_API SSL_METHOD *TLSv1_client_method(void);
CYASSL_API SSL_METHOD *TLSv1_1_server_method(void);
CYASSL_API SSL_METHOD *TLSv1_1_client_method(void);
CYASSL_API SSL_METHOD *TLSv1_2_server_method(void);
CYASSL_API SSL_METHOD *TLSv1_2_client_method(void);
#define SSLv3_server_method CyaSSLv3_server_method
#define SSLv3_client_method CyaSSLv3_client_method
#define TLSv1_server_method CyaTLSv1_server_method
#define TLSv1_client_method CyaTLSv1_client_method
#define TLSv1_1_server_method CyaTLSv1_1_server_method
#define TLSv1_1_client_method CyaTLSv1_1_client_method
#define TLSv1_2_server_method CyaTLSv1_2_server_method
#define TLSv1_2_client_method CyaTLSv1_2_client_method
#ifdef CYASSL_DTLS
CYASSL_API SSL_METHOD *DTLSv1_client_method(void);
CYASSL_API SSL_METHOD *DTLSv1_server_method(void);
#define DTLSv1_client_method CyaDTLSv1_client_method
#define DTLSv1_server_method CyaDTLSv1_server_method
#endif
#ifndef NO_FILESYSTEM
CYASSL_API int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
CYASSL_API int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
CYASSL_API int SSL_CTX_load_verify_locations(SSL_CTX*, const char*,const char*);
CYASSL_API int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *file);
CYASSL_API int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
#ifdef CYASSL_DER_LOAD
CYASSL_API int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int);
#define SSL_CTX_use_certificate_file CyaSSL_CTX_use_certificate_file
#define SSL_CTX_use_PrivateKey_file CyaSSL_CTX_use_PrivateKey_file
#define SSL_CTX_load_verify_locations CyaSSL_CTX_load_verify_locations
#define SSL_CTX_use_certificate_chain_file CyaSSL_CTX_use_certificate_chain_file
#define SSL_CTX_use_RSAPrivateKey_file CyaSSL_CTX_use_RSAPrivateKey_file
#endif
#ifdef HAVE_NTRU
CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*);
/* load NTRU private key blob */
#endif
#define SSL_CTX_new CyaSSL_CTX_new
#define SSL_new CyaSSL_new
#define SSL_set_fd CyaSSL_set_fd
#define SSL_get_fd CyaSSL_get_fd
#define SSL_connect CyaSSL_connect
#define SSL_write CyaSSL_write
#define SSL_read CyaSSL_read
#define SSL_accept CyaSSL_accept
#define SSL_CTX_free CyaSSL_CTX_free
#define SSL_free CyaSSL_free
#define SSL_shutdown CyaSSL_shutdown
#define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown
#define SSL_get_error CyaSSL_get_error
#define SSL_set_session CyaSSL_set_session
#define SSL_get_session CyaSSL_get_session
#define SSL_flush_sessions CyaSSL_flush_sessions
#define SSL_CTX_set_verify CyaSSL_CTX_set_verify
#define SSL_pending CyaSSL_pending
#define SSL_load_error_strings CyaSSL_load_error_strings
#define SSL_library_init CyaSSL_library_init
#define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list
#define ERR_error_string CyaSSL_ERR_error_string
#define ERR_error_string_n CyaSSL_ERR_error_string_n
#define SSL_set_ex_data CyaSSL_set_ex_data
#define SSL_get_shutdown CyaSSL_get_shutdown
#define SSL_set_rfd CyaSSL_set_rfd
#define SSL_set_wfd CyaSSL_set_wfd
#define SSL_set_shutdown CyaSSL_set_shutdown
#define SSL_set_session_id_context CyaSSL_set_session_id_context
#define SSL_set_connect_state CyaSSL_set_connect_state
#define SSL_set_accept_state CyaSSL_set_accept_state
#define SSL_session_reused CyaSSL_session_reused
#define SSL_SESSION_free CyaSSL_SESSION_free
#define SSL_get_version CyaSSL_get_version
#define SSL_get_current_cipher CyaSSL_get_current_cipher
#define SSL_CIPHER_description CyaSSL_CIPHER_description
#define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name
#define SSL_get1_session CyaSSL_get1_session
#define X509_free CyaSSL_X509_free
#define OPENSSL_free CyaSSL_OPENSSL_free
#define OCSP_parse_url CyaSSL_OCSP_parse_url
#define SSLv23_client_method CyaSSLv23_client_method
#define SSLv2_client_method CyaSSLv2_client_method
#define SSLv2_server_method CyaSSLv2_server_method
#define MD4_Init CyaSSL_MD4_Init
#define MD4_Update CyaSSL_MD4_Update
#define MD4_Final CyaSSL_MD4_Final
#define BIO_new CyaSSL_BIO_new
#define BIO_free CyaSSL_BIO_free
#define BIO_free_all CyaSSL_BIO_free_all
#define BIO_read CyaSSL_BIO_read
#define BIO_write CyaSSL_BIO_write
#define BIO_push CyaSSL_BIO_push
#define BIO_pop CyaSSL_BIO_pop
#define BIO_flush CyaSSL_BIO_flush
#define BIO_pending CyaSSL_BIO_pending
#define BIO_f_buffer CyaSSL_BIO_f_buffer
#define BIO_set_write_buffer_size CyaSSL_BIO_set_write_buffer_size
#define BIO_f_ssl CyaSSL_BIO_f_ssl
#define BIO_new_socket CyaSSL_BIO_new_socket
#define SSL_set_bio CyaSSL_set_bio
#define BIO_eof CyaSSL_BIO_eof
#define BIO_set_ss CyaSSL_BIO_set_ss
#define BIO_s_mem CyaSSL_BIO_s_mem
#define BIO_f_base64 CyaSSL_BIO_f_base64
#define BIO_set_flags CyaSSL_BIO_set_flags
#define OpenSSL_add_all_algorithms CyaSSL_add_all_algorithms
#define SSLeay_add_ssl_algorithms CyaSSL_add_all_algorithms
#define SSLeay_add_all_algorithms CyaSSL_add_all_algorithms
#define RAND_screen CyaSSL_RAND_screen
#define RAND_file_name CyaSSL_RAND_file_name
#define RAND_write_file CyaSSL_RAND_write_file
#define RAND_load_file CyaSSL_RAND_load_file
#define RAND_egd CyaSSL_RAND_egd
#define COMP_zlib CyaSSL_COMP_zlib
#define COMP_rle CyaSSL_COMP_rle
#define SSL_COMP_add_compression_method CyaSSL_COMP_add_compression_method
#define SSL_get_ex_new_index CyaSSL_get_ex_new_index
#define CRYPTO_set_id_callback CyaSSL_set_id_callback
#define CRYPTO_set_locking_callback CyaSSL_set_locking_callback
#define CRYPTO_set_dynlock_create_callback CyaSSL_set_dynlock_create_callback
#define CRYPTO_set_dynlock_lock_callback CyaSSL_set_dynlock_lock_callback
#define CRYPTO_set_dynlock_destroy_callback CyaSSL_set_dynlock_destroy_callback
#define CRYPTO_num_locks CyaSSL_num_locks
#define X509_STORE_CTX_get_current_cert CyaSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_CTX_get_error CyaSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth CyaSSL_X509_STORE_CTX_get_error_depth
#define X509_NAME_oneline CyaSSL_X509_NAME_oneline
#define X509_get_issuer_name CyaSSL_X509_get_issuer_name
#define X509_get_subject_name CyaSSL_X509_get_subject_name
#define X509_verify_cert_error_string CyaSSL_X509_verify_cert_error_string
#define X509_LOOKUP_add_dir CyaSSL_X509_LOOKUP_add_dir
#define X509_LOOKUP_load_file CyaSSL_X509_LOOKUP_load_file
#define X509_LOOKUP_hash_dir CyaSSL_X509_LOOKUP_hash_dir
#define X509_LOOKUP_file CyaSSL_X509_LOOKUP_file
#define X509_STORE_add_lookup CyaSSL_X509_STORE_add_lookup
#define X509_STORE_new CyaSSL_X509_STORE_new
#define X509_STORE_get_by_subject CyaSSL_X509_STORE_get_by_subject
#define X509_STORE_CTX_init CyaSSL_X509_STORE_CTX_init
#define X509_STORE_CTX_cleanup CyaSSL_X509_STORE_CTX_cleanup
#define X509_CRL_get_lastUpdate CyaSSL_X509_CRL_get_lastUpdate
#define X509_CRL_get_nextUpdate CyaSSL_X509_CRL_get_nextUpdate
#define X509_get_pubkey CyaSSL_X509_get_pubkey
#define X509_CRL_verify CyaSSL_X509_CRL_verify
#define X509_STORE_CTX_set_error CyaSSL_X509_OBJECT_free_contents
#define X509_OBJECT_free_contents CyaSSL_EVP_PKEY_free
#define EVP_PKEY_free CyaSSL_X509_cmp_current_time
#define X509_cmp_current_time CyaSSL_sk_X509_REVOKED_num
#define sk_X509_REVOKED_num CyaSSL_sk_X509_REVOKED_num
#define X509_CRL_get_REVOKED CyaSSL_X509_CRL_get_REVOKED
#define sk_X509_REVOKED_value CyaSSL_sk_X509_REVOKED_value
#define X509_get_serialNumber CyaSSL_X509_get_serialNumber
#define ASN1_TIME_pr CyaSSL_ASN1_TIME_pr
#define ASN1_INTEGER_cmp CyaSSL_ASN1_INTEGER_cmp
#define ASN1_INTEGER_get CyaSSL_ASN1_INTEGER_get
#define SSL_load_client_CA_file CyaSSL_load_client_CA_file
#define SSL_CTX_set_client_CA_list CyaSSL_CTX_set_client_CA_list
#define X509_STORE_CTX_get_ex_data CyaSSL_X509_STORE_CTX_get_ex_data
#define SSL_get_ex_data_X509_STORE_CTX_idx CyaSSL_get_ex_data_X509_STORE_CTX_idx
#define SSL_get_ex_data CyaSSL_get_ex_data
#define SSL_CTX_set_default_passwd_cb_userdata CyaSSL_CTX_set_default_passwd_cb_userdata
#define SSL_CTX_set_default_passwd_cb CyaSSL_CTX_set_default_passwd_cb
#define SSL_CTX_set_timeout CyaSSL_CTX_set_timeout
#define SSL_CTX_set_info_callback CyaSSL_CTX_set_info_callback
#define ERR_peek_error CyaSSL_ERR_peek_error
#define ERR_GET_REASON CyaSSL_ERR_GET_REASON
#define SSL_alert_type_string CyaSSL_alert_type_string
#define SSL_alert_desc_string CyaSSL_alert_desc_string
#define SSL_state_string CyaSSL_state_string
#define RSA_free CyaSSL_RSA_free
#define RSA_generate_key CyaSSL_RSA_generate_key
#define SSL_CTX_set_tmp_rsa_callback CyaSSL_CTX_set_tmp_rsa_callback
#define PEM_def_callback CyaSSL_PEM_def_callback
#define SSL_CTX_sess_accept CyaSSL_CTX_sess_accept
#define SSL_CTX_sess_connect CyaSSL_CTX_sess_connect
#define SSL_CTX_sess_accept_good CyaSSL_CTX_sess_accept_good
#define SSL_CTX_sess_connect_good CyaSSL_CTX_sess_connect_good
#define SSL_CTX_sess_accept_renegotiate CyaSSL_CTX_sess_accept_renegotiate
#define SSL_CTX_sess_connect_renegotiate CyaSSL_CTX_sess_connect_renegotiate
#define SSL_CTX_sess_hits CyaSSL_CTX_sess_hits
#define SSL_CTX_sess_cb_hits CyaSSL_CTX_sess_cb_hits
#define SSL_CTX_sess_cache_full CyaSSL_CTX_sess_cache_full
#define SSL_CTX_sess_misses CyaSSL_CTX_sess_misses
#define SSL_CTX_sess_timeouts CyaSSL_CTX_sess_timeouts
#define SSL_CTX_sess_number CyaSSL_CTX_sess_number
#define SSL_CTX_sess_get_cache_size CyaSSL_CTX_sess_get_cache_size
CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
#endif /* NO_FILESYSTEM */
#define SSL_DEFAULT_CIPHER_LIST CYASSL_DEFAULT_CIPHER_LIST
#define RSA_F4 CYASSL_RSA_F4
CYASSL_API SSL_CTX* SSL_CTX_new(SSL_METHOD*);
CYASSL_API SSL* SSL_new(SSL_CTX*);
CYASSL_API int SSL_set_fd (SSL*, int);
CYASSL_API int SSL_get_fd(const SSL*);
CYASSL_API int SSL_connect(SSL*); /* please see note at top of README
if you get an error from connect */
CYASSL_API int SSL_write(SSL*, const void*, int);
CYASSL_API int SSL_read(SSL*, void*, int);
CYASSL_API int SSL_accept(SSL*);
CYASSL_API void SSL_CTX_free(SSL_CTX*);
CYASSL_API void SSL_free(SSL*);
CYASSL_API int SSL_shutdown(SSL*);
#define SSL_CTX_set_psk_client_callback CyaSSL_CTX_set_psk_client_callback
#define SSL_set_psk_client_callback CyaSSL_set_psk_client_callback
CYASSL_API void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int);
#define SSL_get_psk_identity_hint CyaSSL_get_psk_identity_hint
#define SSL_get_psk_identity CyaSSL_get_psk_identity
CYASSL_API int SSL_get_error(SSL*, int);
#define SSL_CTX_use_psk_identity_hint CyaSSL_CTX_use_psk_identity_hint
#define SSL_use_psk_identity_hint CyaSSL_use_psk_identity_hint
CYASSL_API int SSL_set_session(SSL *ssl, SSL_SESSION *session);
CYASSL_API SSL_SESSION* SSL_get_session(SSL* ssl);
CYASSL_API void SSL_flush_sessions(SSL_CTX *ctx, long tm);
#define SSL_CTX_set_psk_server_callback CyaSSL_CTX_set_psk_server_callback
#define SSL_set_psk_server_callback CyaSSL_set_psk_server_callback
#define ERR_get_error_line_data CyaSSL_ERR_get_error_line_data
typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);
CYASSL_API void SSL_CTX_set_verify(SSL_CTX*,int,VerifyCallback verify_callback);
CYASSL_API int SSL_pending(SSL*);
CYASSL_API void SSL_load_error_strings(void);
CYASSL_API int SSL_library_init(void);
CYASSL_API long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
/* only supports full name from cipher_name[] delimited by : */
CYASSL_API int SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
CYASSL_API char* ERR_error_string(unsigned long,char*);
CYASSL_API void ERR_error_string_n(unsigned long e,char *buf,unsigned long sz);
/* extras */
#define STACK_OF(x) x
CYASSL_API int SSL_set_ex_data(SSL*, int, void*);
CYASSL_API int SSL_get_shutdown(const SSL*);
CYASSL_API int SSL_set_rfd(SSL*, int);
CYASSL_API int SSL_set_wfd(SSL*, int);
CYASSL_API void SSL_set_shutdown(SSL*, int);
CYASSL_API int SSL_set_session_id_context(SSL*, const unsigned char*,
unsigned int);
CYASSL_API void SSL_set_connect_state(SSL*);
CYASSL_API void SSL_set_accept_state(SSL*);
CYASSL_API int SSL_session_reused(SSL*);
CYASSL_API void SSL_SESSION_free(SSL_SESSION* session);
CYASSL_API const char* SSL_get_version(SSL*);
CYASSL_API SSL_CIPHER* SSL_get_current_cipher(SSL*);
CYASSL_API char* SSL_CIPHER_description(SSL_CIPHER*, char*, int);
CYASSL_API const char* SSL_CIPHER_get_name(const SSL_CIPHER* cipher);
CYASSL_API SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */
CYASSL_API void X509_free(X509*);
CYASSL_API void OPENSSL_free(void*);
CYASSL_API int OCSP_parse_url(char* url, char** host, char** port, char** path,
int* ssl);
CYASSL_API SSL_METHOD* SSLv23_client_method(void);
CYASSL_API SSL_METHOD* SSLv2_client_method(void);
CYASSL_API SSL_METHOD* SSLv2_server_method(void);
CYASSL_API void MD4_Init(MD4_CTX*);
CYASSL_API void MD4_Update(MD4_CTX*, const void*, unsigned long);
CYASSL_API void MD4_Final(unsigned char*, MD4_CTX*);
CYASSL_API BIO* BIO_new(BIO_METHOD*);
CYASSL_API int BIO_free(BIO*);
CYASSL_API int BIO_free_all(BIO*);
CYASSL_API int BIO_read(BIO*, void*, int);
CYASSL_API int BIO_write(BIO*, const void*, int);
CYASSL_API BIO* BIO_push(BIO*, BIO* append);
CYASSL_API BIO* BIO_pop(BIO*);
CYASSL_API int BIO_flush(BIO*);
CYASSL_API int BIO_pending(BIO*);
#define ERR_get_error CyaSSL_ERR_get_error
#define ERR_clear_error CyaSSL_ERR_clear_error
CYASSL_API BIO_METHOD* BIO_f_buffer(void);
CYASSL_API long BIO_set_write_buffer_size(BIO*, long size);
CYASSL_API BIO_METHOD* BIO_f_ssl(void);
CYASSL_API BIO* BIO_new_socket(int sfd, int flag);
CYASSL_API void SSL_set_bio(SSL*, BIO* rd, BIO* wr);
CYASSL_API int BIO_eof(BIO*);
CYASSL_API long BIO_set_ssl(BIO*, SSL*, int flag);
#define RAND_status CyaSSL_RAND_status
#define RAND_bytes CyaSSL_RAND_bytes
#define SSLv23_server_method CyaSSLv23_server_method
#define SSL_CTX_set_options CyaSSL_CTX_set_options
#define SSL_CTX_check_private_key CyaSSL_CTX_check_private_key
CYASSL_API BIO_METHOD* BIO_s_mem(void);
CYASSL_API BIO_METHOD* BIO_f_base64(void);
CYASSL_API void BIO_set_flags(BIO*, int);
#define ERR_free_strings CyaSSL_ERR_free_strings
#define ERR_remove_state CyaSSL_ERR_remove_state
#define EVP_cleanup CyaSSL_EVP_cleanup
CYASSL_API void OpenSSL_add_all_algorithms(void);
CYASSL_API int SSLeay_add_ssl_algorithms(void);
CYASSL_API int SSLeay_add_all_algorithms(void);
CYASSL_API void RAND_screen(void);
CYASSL_API const char* RAND_file_name(char*, unsigned long);
CYASSL_API int RAND_write_file(const char*);
CYASSL_API int RAND_load_file(const char*, long);
CYASSL_API int RAND_egd(const char*);
CYASSL_API COMP_METHOD* COMP_zlib(void);
CYASSL_API COMP_METHOD* COMP_rle(void);
CYASSL_API int SSL_COMP_add_compression_method(int, void*);
#define CRYPTO_cleanup_all_ex_data CyaSSL_cleanup_all_ex_data
#define SSL_CTX_set_mode CyaSSL_CTX_set_mode
#define SSL_CTX_get_mode CyaSSL_CTX_get_mode
#define SSL_CTX_set_default_read_ahead CyaSSL_CTX_set_default_read_ahead
CYASSL_API int SSL_get_ex_new_index(long, void*, void*, void*, void*);
#define SSL_CTX_sess_set_cache_size CyaSSL_CTX_sess_set_cache_size
#define SSL_CTX_set_default_verify_paths CyaSSL_CTX_set_default_verify_paths
CYASSL_API void CRYPTO_set_id_callback(unsigned long (*f)(void));
CYASSL_API void CRYPTO_set_locking_callback(void (*f)(int, int, const char*,
int));
CYASSL_API void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)
(const char*, int));
CYASSL_API void CRYPTO_set_dynlock_lock_callback(void (*f)(int,
CRYPTO_dynlock_value*, const char*, int));
CYASSL_API void CRYPTO_set_dynlock_destroy_callback(void (*f)
(CRYPTO_dynlock_value*, const char*, int));
CYASSL_API int CRYPTO_num_locks(void);
CYASSL_API X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
CYASSL_API int X509_STORE_CTX_get_error(X509_STORE_CTX*);
CYASSL_API int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
CYASSL_API char* X509_NAME_oneline(X509_NAME*, char*, int);
CYASSL_API X509_NAME* X509_get_issuer_name(X509*);
CYASSL_API X509_NAME* X509_get_subject_name(X509*);
CYASSL_API const char* X509_verify_cert_error_string(long);
CYASSL_API int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
CYASSL_API int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
CYASSL_API X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
CYASSL_API X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
CYASSL_API X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
CYASSL_API X509_STORE* X509_STORE_new(void);
CYASSL_API int X509_STORE_get_by_subject(X509_STORE_CTX*, int,
X509_NAME*, X509_OBJECT*);
CYASSL_API int X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*,
STACK_OF(X509)*);
CYASSL_API void X509_STORE_CTX_cleanup(X509_STORE_CTX*);
CYASSL_API ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*);
CYASSL_API ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*);
CYASSL_API EVP_PKEY* X509_get_pubkey(X509*);
CYASSL_API int X509_CRL_verify(X509_CRL*, EVP_PKEY*);
CYASSL_API void X509_STORE_CTX_set_error(X509_STORE_CTX*, int);
CYASSL_API void X509_OBJECT_free_contents(X509_OBJECT*);
CYASSL_API void EVP_PKEY_free(EVP_PKEY*);
CYASSL_API int X509_cmp_current_time(const ASN1_TIME*);
CYASSL_API int sk_X509_REVOKED_num(X509_REVOKED*);
CYASSL_API X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*);
CYASSL_API X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int);
CYASSL_API ASN1_INTEGER* X509_get_serialNumber(X509*);
CYASSL_API int ASN1_TIME_print(BIO*, const ASN1_TIME*);
CYASSL_API int ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*);
CYASSL_API long ASN1_INTEGER_get(const ASN1_INTEGER*);
CYASSL_API STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*);
CYASSL_API void SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*);
CYASSL_API void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int);
CYASSL_API int SSL_get_ex_data_X509_STORE_CTX_idx(void);
CYASSL_API void* SSL_get_ex_data(const SSL*, int);
CYASSL_API void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*,void* userdata);
CYASSL_API void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
CYASSL_API long SSL_CTX_set_timeout(SSL_CTX*, long);
CYASSL_API void SSL_CTX_set_info_callback(SSL_CTX*, void (*)(void));
CYASSL_API unsigned long ERR_peek_error(void);
CYASSL_API int ERR_GET_REASON(int);
CYASSL_API char* SSL_alert_type_string_long(int);
CYASSL_API char* SSL_alert_desc_string_long(int);
CYASSL_API char* SSL_state_string_long(SSL*);
CYASSL_API void RSA_free(RSA*);
CYASSL_API RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*),
void*);
CYASSL_API void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
CYASSL_API int PEM_def_callback(char*, int num, int w, void* key);
CYASSL_API long SSL_CTX_sess_accept(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_connect(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_accept_good(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_connect_good(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_hits(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_cb_hits(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_cache_full(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_misses(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_timeouts(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_number(SSL_CTX*);
CYASSL_API long SSL_CTX_sess_get_cache_size(SSL_CTX*);
#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
#define RSA_F4 0x10001L
enum {
OCSP_NOCERTS = 1,
OCSP_NOINTERN = 2,
OCSP_NOSIGS = 4,
OCSP_NOCHAIN = 8,
OCSP_NOVERIFY = 16,
OCSP_NOEXPLICIT = 32,
OCSP_NOCASIGN = 64,
OCSP_NODELEGATED = 128,
OCSP_NOCHECKS = 256,
OCSP_TRUSTOTHER = 512,
OCSP_RESPID_KEY = 1024,
OCSP_NOTIME = 2048,
OCSP_CERTID = 2,
OCSP_REQUEST = 4,
OCSP_RESPONSE = 8,
OCSP_BASICRESP = 16,
ASN1_GENERALIZEDTIME = 4,
SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 6,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7,
SSL_OP_TLS_D5_BUG = 8,
SSL_OP_TLS_BLOCK_PADDING_BUG = 9,
SSL_OP_TLS_ROLLBACK_BUG = 10,
SSL_OP_ALL = 11,
SSL_OP_EPHEMERAL_RSA = 12,
SSL_OP_NO_SSLv3 = 13,
SSL_OP_NO_TLSv1 = 14,
SSL_OP_PKCS1_CHECK_1 = 15,
SSL_OP_PKCS1_CHECK_2 = 16,
SSL_OP_NETSCAPE_CA_DN_BUG = 17,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18,
SSL_OP_SINGLE_DH_USE = 19,
SSL_OP_NO_TICKET = 20,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21,
SSL_OP_NO_QUERY_MTU = 22,
SSL_OP_COOKIE_EXCHANGE = 23,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24,
SSL_OP_SINGLE_ECDH_USE = 25,
SSL_OP_CIPHER_SERVER_PREFERENCE = 26,
SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
EVP_R_BAD_DECRYPT = 2,
SSL_CB_LOOP = 4,
SSL_ST_CONNECT = 5,
SSL_ST_ACCEPT = 6,
SSL_CB_ALERT = 7,
SSL_CB_READ = 8,
SSL_CB_HANDSHAKE_DONE = 9,
SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
BIO_FLAGS_BASE64_NO_NL = 1,
BIO_CLOSE = 1,
BIO_NOCLOSE = 0,
NID_undef = 0,
X509_FILETYPE_PEM = 8,
X509_LU_X509 = 9,
X509_LU_CRL = 12,
X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
X509_V_ERR_CRL_HAS_EXPIRED = 15,
X509_V_ERR_CERT_REVOKED = 16,
X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
X509_V_ERR_CERT_NOT_YET_VALID = 19,
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
X509_V_ERR_CERT_HAS_EXPIRED = 21,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
X509_V_OK = 0,
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10
};
/* extras end */
#ifndef NO_FILESYSTEM
/* CyaSSL extension, provide last error from SSL_get_error
since not using thread storage error queue */
CYASSL_API void ERR_print_errors_fp(FILE*, int err);
#endif
enum { /* ssl Constants */
SSL_ERROR_NONE = 0, /* for most functions */
SSL_FAILURE = 0, /* for some functions */
SSL_SUCCESS = 1,
SSL_BAD_CERTTYPE = -8,
SSL_BAD_STAT = -7,
SSL_BAD_PATH = -6,
SSL_BAD_FILETYPE = -5,
SSL_BAD_FILE = -4,
SSL_NOT_IMPLEMENTED = -3,
SSL_UNKNOWN = -2,
SSL_FATAL_ERROR = -1,
SSL_FILETYPE_ASN1 = 2,
SSL_FILETYPE_PEM = 1,
SSL_FILETYPE_DEFAULT = 2, /* ASN1 */
SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
SSL_VERIFY_NONE = 0,
SSL_VERIFY_PEER = 1,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
SSL_VERIFY_CLIENT_ONCE = 4,
SSL_SESS_CACHE_OFF = 30,
SSL_SESS_CACHE_CLIENT = 31,
SSL_SESS_CACHE_SERVER = 32,
SSL_SESS_CACHE_BOTH = 33,
SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
SSL_ERROR_WANT_READ = 2,
SSL_ERROR_WANT_WRITE = 3,
SSL_ERROR_WANT_CONNECT = 7,
SSL_ERROR_WANT_ACCEPT = 8,
SSL_ERROR_SYSCALL = 5,
SSL_ERROR_WANT_X509_LOOKUP = 83,
SSL_ERROR_ZERO_RETURN = 6,
SSL_ERROR_SSL = 85,
SSL_SENT_SHUTDOWN = 1,
SSL_RECEIVED_SHUTDOWN = 2,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
SSL_OP_NO_SSLv2 = 8,
SSL_R_SSL_HANDSHAKE_FAILURE = 101,
SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
PEM_BUFSIZE = 1024
};
#define SSL_CTX_set_session_id_context CyaSSL_CTX_set_session_id_context
#define SSL_get_peer_certificate CyaSSL_get_peer_certificate
#define SSL_want_read CyaSSL_want_read
#define SSL_want_write CyaSSL_want_write
#ifndef NO_PSK
typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
unsigned int, unsigned char*, unsigned int);
CYASSL_API void SSL_CTX_set_psk_client_callback(SSL_CTX*,
psk_client_callback);
CYASSL_API void SSL_set_psk_client_callback(SSL*, psk_client_callback);
CYASSL_API const char* SSL_get_psk_identity_hint(const SSL*);
CYASSL_API const char* SSL_get_psk_identity(const SSL*);
CYASSL_API int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*);
CYASSL_API int SSL_use_psk_identity_hint(SSL*, const char*);
typedef unsigned int (*psk_server_callback)(SSL*, const char*,
unsigned char*, unsigned int);
CYASSL_API void SSL_CTX_set_psk_server_callback(SSL_CTX*,
psk_server_callback);
CYASSL_API void SSL_set_psk_server_callback(SSL*, psk_server_callback);
#define PSK_TYPES_DEFINED
#endif /* NO_PSK */
/* extra begins */
enum { /* ERR Constants */
ERR_TXT_STRING = 1
};
CYASSL_API unsigned long ERR_get_error_line_data(const char**, int*,
const char**, int *);
CYASSL_API unsigned long ERR_get_error(void);
CYASSL_API void ERR_clear_error(void);
CYASSL_API int RAND_status(void);
CYASSL_API int RAND_bytes(unsigned char* buf, int num);
CYASSL_API SSL_METHOD *SSLv23_server_method(void);
CYASSL_API long SSL_CTX_set_options(SSL_CTX*, long);
CYASSL_API int SSL_CTX_check_private_key(SSL_CTX*);
CYASSL_API void ERR_free_strings(void);
CYASSL_API void ERR_remove_state(unsigned long);
CYASSL_API void EVP_cleanup(void);
CYASSL_API void CRYPTO_cleanup_all_ex_data(void);
CYASSL_API long SSL_CTX_set_mode(SSL_CTX* ctx, long mode);
CYASSL_API long SSL_CTX_get_mode(SSL_CTX* ctx);
CYASSL_API void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m);
CYASSL_API long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
CYASSL_API int SSL_CTX_set_default_verify_paths(SSL_CTX*);
CYASSL_API int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
unsigned int);
CYASSL_API X509* SSL_get_peer_certificate(SSL* ssl);
CYASSL_API int SSL_want_read(SSL*);
CYASSL_API int SSL_want_write(SSL*);
CYASSL_API int BIO_printf(BIO*, const char*, ...);
CYASSL_API int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*);
CYASSL_API int sk_num(X509_REVOKED*);
CYASSL_API void* sk_value(X509_REVOKED*, int);
/* stunnel 4.28 needs */
CYASSL_API void* SSL_CTX_get_ex_data(const SSL_CTX*, int);
CYASSL_API int SSL_CTX_set_ex_data(SSL_CTX*, int, void*);
CYASSL_API void SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*,
unsigned char*, int, int*));
CYASSL_API void SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*,SSL_SESSION*));
CYASSL_API void SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*,
SSL_SESSION*));
CYASSL_API int i2d_SSL_SESSION(SSL_SESSION*, unsigned char**);
CYASSL_API SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**,
long);
#define BIO_prf CyaSSL_BIO_prf
#define ASN1_UTCTIME_pr CyaSSL_ASN1_UTCTIME_pr
CYASSL_API long SSL_SESSION_get_timeout(const SSL_SESSION*);
CYASSL_API long SSL_SESSION_get_time(const SSL_SESSION*);
CYASSL_API int SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
/* extra ends */
#define sk_num CyaSSL_sk_num
#define sk_value CyaSSL_sk_value
#define SSL_CTX_get_ex_data CyaSSL_CTX_get_ex_data
#define SSL_CTX_set_ex_data CyaSSL_CTX_set_ex_data
#define SSL_CTX_sess_set_get_cb CyaSSL_CTX_sess_set_get_cb
#define SSL_CTX_sess_set_new_cb CyaSSL_CTX_sess_set_new_cb
#define SSL_CTX_sess_set_remove_cb CyaSSL_CTX_sess_set_remove_cb
/* CyaSSL extensions */
#define i2d_SSL_SESSION CyaSSL_i2d_SSL_SESSION
#define d2i_SSL_SESSION CyaSSL_d2i_SSL_SESSION
#define SSL_SESSION_get_timeout CyaSSL_SESSION_get_timeout
#define SSL_SESSION_get_time CyaSSL_SESSION_get_time
#define SSL_CTX_get_ex_new_index CyaSSL_CTX_get_ex_new_index
/* call before SSL_connect, if verifying will add name check to
date check and signature check */
CYASSL_API int CyaSSL_check_domain_name(SSL* ssl, const char* dn);
/* need to call once to load library (session cache) */
CYASSL_API int CyaSSL_Init(void);
/* call when done to cleanup/free session cache mutex / resources */
CYASSL_API int CyaSSL_Cleanup(void);
/* turn logging on, only if compiled in */
CYASSL_API int CyaSSL_Debugging_ON(void);
/* turn logging off */
CYASSL_API void CyaSSL_Debugging_OFF(void);
/* do accept or connect depedning on side */
CYASSL_API int CyaSSL_negotiate(SSL* ssl);
/* turn on CyaSSL data compression */
CYASSL_API int CyaSSL_set_compression(SSL* ssl);
/* get CyaSSL peer X509_CHAIN */
CYASSL_API X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl);
/* peer chain count */
CYASSL_API int CyaSSL_get_chain_count(X509_CHAIN* chain);
/* index cert length */
CYASSL_API int CyaSSL_get_chain_length(X509_CHAIN*, int idx);
/* index cert */
CYASSL_API unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx);
/* get index cert in PEM */
CYASSL_API int CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx,
unsigned char* buffer, int inLen, int* outLen);
CYASSL_API const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* sess);
CYASSL_API int CyaSSL_X509_get_serial_number(X509*, unsigned char*, int*);
/* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(SSL* ssl);
/* server CTX Diffie-Hellman parameters */
CYASSL_API int CyaSSL_SetTmpDH(SSL*, unsigned char* p, int pSz,
unsigned char* g, int gSz);
#ifndef _WIN32
#ifndef NO_WRITEV
#ifdef __PPU
#include <sys/types.h>
#include <sys/socket.h>
#else
#include <sys/uio.h>
#endif
/* allow writev style writing */
CYASSL_API int CyaSSL_writev(SSL* ssl, const struct iovec* iov,
int iovcnt);
#endif
#endif
/* SSL_CTX versions */
CYASSL_API int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*,
long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int);
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*,
long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,
const unsigned char*, long);
/* SSL versions */
CYASSL_API int CyaSSL_use_certificate_buffer(SSL*, const unsigned char*, long,
int);
CYASSL_API int CyaSSL_use_PrivateKey_buffer(SSL*, const unsigned char*, long,
int);
CYASSL_API int CyaSSL_use_certificate_chain_buffer(SSL*,const unsigned char*,
long);
/* I/O callbacks */
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
CYASSL_API void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
CYASSL_API void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
CYASSL_API void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
CYASSL_API void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
#ifdef CYASSL_CALLBACKS
/* used internally by CyaSSL while OpenSSL types aren't */
#include "cyassl_callbacks.h"
typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);
/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
for diagnostics */
CYASSL_API int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
CYASSL_API int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
#endif /* CYASSL_CALLBACKS */
#ifdef __cplusplus

724
cyassl/ssl.h Normal file
View File

@ -0,0 +1,724 @@
/* ssl.h
*
* Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* CyaSSL API */
#ifndef CYASSL_SSL_H
#define CYASSL_SSL_H
/* for users not using preprocessor flags*/
#include <cyassl/ctaocrypt/settings.h>
#ifndef NO_FILESYSTEM
#include <stdio.h> /* ERR_pr fp */
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct CYASSL CYASSL;
typedef struct CYASSL_SESSION CYASSL_SESSION;
typedef struct CYASSL_METHOD CYASSL_METHOD;
typedef struct CYASSL_CTX CYASSL_CTX;
typedef struct CYASSL_X509 CYASSL_X509;
typedef struct CYASSL_X509_NAME CYASSL_X509_NAME;
typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN;
/* redeclare guard */
#define CYASSL_TYPES_DEFINED
typedef struct CYASSL_EVP_PKEY CYASSL_EVP_PKEY;
typedef struct CYASSL_RSA CYASSL_RSA;
typedef struct CYASSL_BIO CYASSL_BIO;
typedef struct CYASSL_BIO_METHOD CYASSL_BIO_METHOD;
typedef struct CYASSL_CIPHER CYASSL_CIPHER;
typedef struct CYASSL_X509_LOOKUP CYASSL_X509_LOOKUP;
typedef struct CYASSL_X509_LOOKUP_METHOD CYASSL_X509_LOOKUP_METHOD;
typedef struct CYASSL_X509_CRL CYASSL_X509_CRL;
typedef struct CYASSL_X509_EXTENSION CYASSL_X509_EXTENSION;
typedef struct CYASSL_ASN1_TIME CYASSL_ASN1_TIME;
typedef struct CYASSL_ASN1_INTEGER CYASSL_ASN1_INTEGER;
typedef struct CYASSL_ASN1_OBJECT CYASSL_ASN1_OBJECT;
typedef struct CYASSL_ASN1_STRING CYASSL_ASN1_STRING;
typedef struct CYASSL_dynlock_value CYASSL_dynlock_value;
#define CYASSL_ASN1_UTCTIME CYASSL_ASN1_TIME
typedef struct CYASSL_MD4_CTX {
int buffer[32]; /* big enough to hold, check size in Init */
} CYASSL_MD4_CTX;
typedef struct CYASSL_COMP_METHOD {
int type; /* stunnel dereference */
} CYASSL_COMP_METHOD;
typedef struct CYASSL_X509_STORE {
int cache; /* stunnel dereference */
} CYASSL_X509_STORE;
typedef struct CYASSL_X509_REVOKED {
CYASSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
} CYASSL_X509_REVOKED;
typedef struct CYASSL_X509_OBJECT {
union {
char* ptr;
CYASSL_X509_CRL* crl; /* stunnel dereference */
} data;
} CYASSL_X509_OBJECT;
/* in internal.h too, change there !! */
typedef struct CYASSL_X509_STORE_CTX {
int error;
int error_depth;
CYASSL_X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */
/* in internal.h too, change there !! */
} CYASSL_X509_STORE_CTX;
CYASSL_API CYASSL_METHOD *CyaSSLv3_server_method(void);
CYASSL_API CYASSL_METHOD *CyaSSLv3_client_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_server_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_client_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_1_server_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_1_client_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_2_server_method(void);
CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
#ifdef CYASSL_DTLS
CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void);
CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
#endif
#ifndef NO_FILESYSTEM
CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*, const char*,
const char*);
CYASSL_API int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX *,
const char *file);
CYASSL_API int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX*, const char*, int);
#ifdef CYASSL_DER_LOAD
CYASSL_API int CyaSSL_CTX_load_verify_locations(CYASSL_CTX*,
const char*, int);
#endif
#ifdef HAVE_NTRU
CYASSL_API int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX*, const char*);
/* load NTRU private key blob */
#endif
CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);
#endif /* NO_FILESYSTEM */
CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*);
CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*);
CYASSL_API int CyaSSL_set_fd (CYASSL*, int);
CYASSL_API int CyaSSL_get_fd(const CYASSL*);
CYASSL_API int CyaSSL_connect(CYASSL*); /* please see note at top of README
if you get an error from connect */
CYASSL_API int CyaSSL_write(CYASSL*, const void*, int);
CYASSL_API int CyaSSL_read(CYASSL*, void*, int);
CYASSL_API int CyaSSL_accept(CYASSL*);
CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*);
CYASSL_API void CyaSSL_free(CYASSL*);
CYASSL_API int CyaSSL_shutdown(CYASSL*);
CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
CYASSL_API int CyaSSL_get_error(CYASSL*, int);
CYASSL_API int CyaSSL_set_session(CYASSL* ssl,CYASSL_SESSION* session);
CYASSL_API CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl);
CYASSL_API void CyaSSL_flush_sessions(CYASSL_CTX *ctx, long tm);
typedef int (*VerifyCallback)(int, CYASSL_X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);
CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int,
VerifyCallback verify_callback);
CYASSL_API int CyaSSL_pending(CYASSL*);
CYASSL_API void CyaSSL_load_error_strings(void);
CYASSL_API int CyaSSL_library_init(void);
CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
/* only supports full name from cipher_name[] delimited by : */
CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
CYASSL_API void CyaSSL_ERR_error_string_n(unsigned long e, char* buf,
unsigned long sz);
/* extras */
#define STACK_OF(x) x
CYASSL_API int CyaSSL_set_ex_data(CYASSL*, int, void*);
CYASSL_API int CyaSSL_get_shutdown(const CYASSL*);
CYASSL_API int CyaSSL_set_rfd(CYASSL*, int);
CYASSL_API int CyaSSL_set_wfd(CYASSL*, int);
CYASSL_API void CyaSSL_set_shutdown(CYASSL*, int);
CYASSL_API int CyaSSL_set_session_id_context(CYASSL*, const unsigned char*,
unsigned int);
CYASSL_API void CyaSSL_set_connect_state(CYASSL*);
CYASSL_API void CyaSSL_set_accept_state(CYASSL*);
CYASSL_API int CyaSSL_session_reused(CYASSL*);
CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
CYASSL_API const char* CyaSSL_get_version(CYASSL*);
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
CYASSL_API char* CyaSSL_CIPHER_description(CYASSL_CIPHER*, char*, int);
CYASSL_API const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher);
CYASSL_API CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl);
/* what's ref count */
CYASSL_API void CyaSSL_X509_free(CYASSL_X509*);
CYASSL_API void CyaSSL_OpenSSL_free(void*);
CYASSL_API int CyaSSL_OCSP_parse_url(char* url, char** host, char** port,
char** path, int* ssl);
CYASSL_API CYASSL_METHOD* CyaSSLv23_client_method(void);
CYASSL_API CYASSL_METHOD* CyaSSLv2_client_method(void);
CYASSL_API CYASSL_METHOD* CyaSSLv2_server_method(void);
CYASSL_API void CyaSSL_MD4_Init(CYASSL_MD4_CTX*);
CYASSL_API void CyaSSL_MD4_Update(CYASSL_MD4_CTX*, const void*, unsigned long);
CYASSL_API void CyaSSL_MD4_Final(unsigned char*, CYASSL_MD4_CTX*);
CYASSL_API CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD*);
CYASSL_API int CyaSSL_BIO_free(CYASSL_BIO*);
CYASSL_API int CyaSSL_BIO_free_all(CYASSL_BIO*);
CYASSL_API int CyaSSL_BIO_read(CYASSL_BIO*, void*, int);
CYASSL_API int CyaSSL_BIO_write(CYASSL_BIO*, const void*, int);
CYASSL_API CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO*, CYASSL_BIO* append);
CYASSL_API CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO*);
CYASSL_API int CyaSSL_BIO_flush(CYASSL_BIO*);
CYASSL_API int CyaSSL_BIO_pending(CYASSL_BIO*);
CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void);
CYASSL_API long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO*, long size);
CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void);
CYASSL_API CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int flag);
CYASSL_API void CyaSSL_set_bio(CYASSL*, CYASSL_BIO* rd, CYASSL_BIO* wr);
CYASSL_API int CyaSSL_BIO_eof(CYASSL_BIO*);
CYASSL_API long CyaSSL_BIO_set_ssl(CYASSL_BIO*, CYASSL*, int flag);
CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void);
CYASSL_API CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void);
CYASSL_API void CyaSSL_BIO_set_flags(CYASSL_BIO*, int);
CYASSL_API int CyaSSL_add_all_algorithms(void);
CYASSL_API void CyaSSL_RAND_screen(void);
CYASSL_API const char* CyaSSL_RAND_file_name(char*, unsigned long);
CYASSL_API int CyaSSL_RAND_write_file(const char*);
CYASSL_API int CyaSSL_RAND_load_file(const char*, long);
CYASSL_API int CyaSSL_RAND_egd(const char*);
CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void);
CYASSL_API CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void);
CYASSL_API int CyaSSL_COMP_add_compression_method(int, void*);
CYASSL_API int CyaSSL_get_ex_new_index(long, void*, void*, void*, void*);
CYASSL_API void CyaSSL_set_id_callback(unsigned long (*f)(void));
CYASSL_API void CyaSSL_set_locking_callback(void (*f)(int, int, const char*,
int));
CYASSL_API void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)
(const char*, int));
CYASSL_API void CyaSSL_set_dynlock_lock_callback(void (*f)(int,
CYASSL_dynlock_value*, const char*, int));
CYASSL_API void CyaSSL_set_dynlock_destroy_callback(void (*f)
(CYASSL_dynlock_value*, const char*, int));
CYASSL_API int CyaSSL_num_locks(void);
CYASSL_API CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
CYASSL_X509_STORE_CTX*);
CYASSL_API int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX*);
CYASSL_API int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX*);
CYASSL_API char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME*, char*, int);
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509*);
CYASSL_API CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509*);
CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long);
CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long);
CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*,
long);
CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void);
CYASSL_API CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void);
CYASSL_API CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE*,
CYASSL_X509_LOOKUP_METHOD*);
CYASSL_API CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void);
CYASSL_API int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX*,
int, CYASSL_X509_NAME*, CYASSL_X509_OBJECT*);
CYASSL_API int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX*,
CYASSL_X509_STORE*, CYASSL_X509*, STACK_OF(CYASSL_X509)*);
CYASSL_API void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX*);
CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL*);
CYASSL_API CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL*);
CYASSL_API CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509*);
CYASSL_API int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL*, CYASSL_EVP_PKEY*);
CYASSL_API void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX*,
int);
CYASSL_API void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT*);
CYASSL_API void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY*);
CYASSL_API int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME*);
CYASSL_API int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED*);
CYASSL_API CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL*);
CYASSL_API CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
CYASSL_X509_REVOKED*,int);
CYASSL_API CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509*);
CYASSL_API int CyaSSL_ASN1_TIME_print(CYASSL_BIO*, const CYASSL_ASN1_TIME*);
CYASSL_API int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER*,
const CYASSL_ASN1_INTEGER*);
CYASSL_API long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER*);
CYASSL_API STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char*);
CYASSL_API void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX*,
STACK_OF(CYASSL_X509_NAME)*);
CYASSL_API void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX*, int);
CYASSL_API int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void);
CYASSL_API void* CyaSSL_get_ex_data(const CYASSL*, int);
CYASSL_API void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX*,
void* userdata);
CYASSL_API void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX*, pem_password_cb);
CYASSL_API long CyaSSL_CTX_set_timeout(CYASSL_CTX*, long);
CYASSL_API void CyaSSL_CTX_set_info_callback(CYASSL_CTX*, void (*)(void));
CYASSL_API unsigned long CyaSSL_ERR_peek_error(void);
CYASSL_API int CyaSSL_GET_REASON(int);
CYASSL_API char* CyaSSL_alert_type_string_long(int);
CYASSL_API char* CyaSSL_alert_desc_string_long(int);
CYASSL_API char* CyaSSL_state_string_long(CYASSL*);
CYASSL_API void CyaSSL_RSA_free(CYASSL_RSA*);
CYASSL_API CYASSL_RSA* CyaSSL_RSA_generate_key(int, unsigned long,
void(*)(int, int, void*), void*);
CYASSL_API void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX*,
CYASSL_RSA*(*)(CYASSL*, int, int));
CYASSL_API int CyaSSL_PEM_def_callback(char*, int num, int w, void* key);
CYASSL_API long CyaSSL_CTX_sess_accept(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_connect(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_accept_good(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_connect_good(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_hits(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_cache_full(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_misses(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_timeouts(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_number(CYASSL_CTX*);
CYASSL_API long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX*);
#define CYASSL_DEFAULT_CIPHER_LIST "" /* default all */
#define CYASSL_RSA_F4 0x10001L
enum {
OCSP_NOCERTS = 1,
OCSP_NOINTERN = 2,
OCSP_NOSIGS = 4,
OCSP_NOCHAIN = 8,
OCSP_NOVERIFY = 16,
OCSP_NOEXPLICIT = 32,
OCSP_NOCASIGN = 64,
OCSP_NODELEGATED = 128,
OCSP_NOCHECKS = 256,
OCSP_TRUSTOTHER = 512,
OCSP_RESPID_KEY = 1024,
OCSP_NOTIME = 2048,
OCSP_CERTID = 2,
OCSP_REQUEST = 4,
OCSP_RESPONSE = 8,
OCSP_BASICRESP = 16,
ASN1_GENERALIZEDTIME = 4,
SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 6,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7,
SSL_OP_TLS_D5_BUG = 8,
SSL_OP_TLS_BLOCK_PADDING_BUG = 9,
SSL_OP_TLS_ROLLBACK_BUG = 10,
SSL_OP_ALL = 11,
SSL_OP_EPHEMERAL_RSA = 12,
SSL_OP_NO_SSLv3 = 13,
SSL_OP_NO_TLSv1 = 14,
SSL_OP_PKCS1_CHECK_1 = 15,
SSL_OP_PKCS1_CHECK_2 = 16,
SSL_OP_NETSCAPE_CA_DN_BUG = 17,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18,
SSL_OP_SINGLE_DH_USE = 19,
SSL_OP_NO_TICKET = 20,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21,
SSL_OP_NO_QUERY_MTU = 22,
SSL_OP_COOKIE_EXCHANGE = 23,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24,
SSL_OP_SINGLE_ECDH_USE = 25,
SSL_OP_CIPHER_SERVER_PREFERENCE = 26,
SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
EVP_R_BAD_DECRYPT = 2,
SSL_CB_LOOP = 4,
SSL_ST_CONNECT = 5,
SSL_ST_ACCEPT = 6,
SSL_CB_ALERT = 7,
SSL_CB_READ = 8,
SSL_CB_HANDSHAKE_DONE = 9,
SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
BIO_FLAGS_BASE64_NO_NL = 1,
BIO_CLOSE = 1,
BIO_NOCLOSE = 0,
NID_undef = 0,
X509_FILETYPE_PEM = 8,
X509_LU_X509 = 9,
X509_LU_CRL = 12,
X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
X509_V_ERR_CRL_HAS_EXPIRED = 15,
X509_V_ERR_CERT_REVOKED = 16,
X509_V_ERR_CERT_CHAIN_TOO_LONG = 17,
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18,
X509_V_ERR_CERT_NOT_YET_VALID = 19,
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
X509_V_ERR_CERT_HAS_EXPIRED = 21,
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22,
X509_V_OK = 0,
CRYPTO_LOCK = 1,
CRYPTO_NUM_LOCKS = 10
};
/* extras end */
#ifndef NO_FILESYSTEM
/* CyaSSL extension, provide last error from SSL_get_error
since not using thread storage error queue */
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
#endif
enum { /* ssl Constants */
SSL_ERROR_NONE = 0, /* for most functions */
SSL_FAILURE = 0, /* for some functions */
SSL_SUCCESS = 1,
SSL_BAD_CERTTYPE = -8,
SSL_BAD_STAT = -7,
SSL_BAD_PATH = -6,
SSL_BAD_FILETYPE = -5,
SSL_BAD_FILE = -4,
SSL_NOT_IMPLEMENTED = -3,
SSL_UNKNOWN = -2,
SSL_FATAL_ERROR = -1,
SSL_FILETYPE_ASN1 = 2,
SSL_FILETYPE_PEM = 1,
SSL_FILETYPE_DEFAULT = 2, /* ASN1 */
SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */
SSL_VERIFY_NONE = 0,
SSL_VERIFY_PEER = 1,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
SSL_VERIFY_CLIENT_ONCE = 4,
SSL_SESS_CACHE_OFF = 30,
SSL_SESS_CACHE_CLIENT = 31,
SSL_SESS_CACHE_SERVER = 32,
SSL_SESS_CACHE_BOTH = 33,
SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
SSL_ERROR_WANT_READ = 2,
SSL_ERROR_WANT_WRITE = 3,
SSL_ERROR_WANT_CONNECT = 7,
SSL_ERROR_WANT_ACCEPT = 8,
SSL_ERROR_SYSCALL = 5,
SSL_ERROR_WANT_X509_LOOKUP = 83,
SSL_ERROR_ZERO_RETURN = 6,
SSL_ERROR_SSL = 85,
SSL_SENT_SHUTDOWN = 1,
SSL_RECEIVED_SHUTDOWN = 2,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
SSL_OP_NO_SSLv2 = 8,
SSL_R_SSL_HANDSHAKE_FAILURE = 101,
SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102,
SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104,
PEM_BUFSIZE = 1024
};
#ifndef NO_PSK
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
unsigned int, unsigned char*, unsigned int);
CYASSL_API void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX*,
psk_client_callback);
CYASSL_API void CyaSSL_set_psk_client_callback(CYASSL*,psk_client_callback);
CYASSL_API const char* CyaSSL_get_psk_identity_hint(const CYASSL*);
CYASSL_API const char* CyaSSL_get_psk_identity(const CYASSL*);
CYASSL_API int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX*, const char*);
CYASSL_API int CyaSSL_use_psk_identity_hint(CYASSL*, const char*);
typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
unsigned char*, unsigned int);
CYASSL_API void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX*,
psk_server_callback);
CYASSL_API void CyaSSL_set_psk_server_callback(CYASSL*,psk_server_callback);
#define PSK_TYPES_DEFINED
#endif /* NO_PSK */
/* extra begins */
enum { /* ERR Constants */
ERR_TXT_STRING = 1
};
CYASSL_API unsigned long CyaSSL_ERR_get_error_line_data(const char**, int*,
const char**, int *);
CYASSL_API unsigned long CyaSSL_ERR_get_error(void);
CYASSL_API void CyaSSL_ERR_clear_error(void);
CYASSL_API int CyaSSL_RAND_status(void);
CYASSL_API int CyaSSL_RAND_bytes(unsigned char* buf, int num);
CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void);
CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long);
CYASSL_API int CyaSSL_CTX_check_private_key(CYASSL_CTX*);
CYASSL_API void CyaSSL_ERR_free_strings(void);
CYASSL_API void CyaSSL_ERR_remove_state(unsigned long);
CYASSL_API void CyaSSL_EVP_cleanup(void);
CYASSL_API void CyaSSL_cleanup_all_ex_data(void);
CYASSL_API long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode);
CYASSL_API long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx);
CYASSL_API void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m);
CYASSL_API long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX*, long);
CYASSL_API int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX*);
CYASSL_API int CyaSSL_CTX_set_session_id_context(CYASSL_CTX*,
const unsigned char*, unsigned int);
CYASSL_API CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl);
CYASSL_API int CyaSSL_want_read(CYASSL*);
CYASSL_API int CyaSSL_want_write(CYASSL*);
CYASSL_API int CyaSSL_BIO_printf(CYASSL_BIO*, const char*, ...);
CYASSL_API int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO*,
const CYASSL_ASN1_UTCTIME*);
CYASSL_API int CyaSSL_sk_num(CYASSL_X509_REVOKED*);
CYASSL_API void* CyaSSL_sk_value(CYASSL_X509_REVOKED*, int);
/* stunnel 4.28 needs */
CYASSL_API void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX*, int);
CYASSL_API int CyaSSL_CTX_set_ex_data(CYASSL_CTX*, int, void*);
CYASSL_API void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX*,
CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*));
CYASSL_API void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX*,
int (*f)(CYASSL*, CYASSL_SESSION*));
CYASSL_API void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*,
void (*f)(CYASSL_CTX*, CYASSL_SESSION*));
CYASSL_API int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**);
CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**,
long);
CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*);
CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*);
CYASSL_API int CyaSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
/* extra ends */
/* CyaSSL extensions */
/* call before SSL_connect, if verifying will add name check to
date check and signature check */
CYASSL_API int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn);
/* need to call once to load library (session cache) */
CYASSL_API int CyaSSL_Init(void);
/* call when done to cleanup/free session cache mutex / resources */
CYASSL_API int CyaSSL_Cleanup(void);
/* turn logging on, only if compiled in */
CYASSL_API int CyaSSL_Debugging_ON(void);
/* turn logging off */
CYASSL_API void CyaSSL_Debugging_OFF(void);
/* do accept or connect depedning on side */
CYASSL_API int CyaSSL_negotiate(CYASSL* ssl);
/* turn on CyaSSL data compression */
CYASSL_API int CyaSSL_set_compression(CYASSL* ssl);
/* get CyaSSL peer X509_CHAIN */
CYASSL_API CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl);
/* peer chain count */
CYASSL_API int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain);
/* index cert length */
CYASSL_API int CyaSSL_get_chain_length(CYASSL_X509_CHAIN*, int idx);
/* index cert */
CYASSL_API unsigned char* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN*, int idx);
/* get index cert in PEM */
CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
unsigned char* buffer, int inLen, int* outLen);
CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s);
CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*);
/* connect enough to get peer cert */
CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
/* server CTX Diffie-Hellman parameters */
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz,
unsigned char* g, int gSz);
#ifndef _WIN32
#ifndef NO_WRITEV
#ifdef __PPU
#include <sys/types.h>
#include <sys/socket.h>
#else
#include <sys/uio.h>
#endif
/* allow writev style writing */
CYASSL_API int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov,
int iovcnt);
#endif
#endif
/* SSL_CTX versions */
CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, const unsigned char*,
long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
const unsigned char*, long, int);
CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
const unsigned char*, long, int);
CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*,
const unsigned char*, long);
/* SSL versions */
CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
long, int);
CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, long,
int);
CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*,
const unsigned char*, long);
/* I/O callbacks */
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv);
CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend);
CYASSL_API void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *ctx);
CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
#ifdef CYASSL_CALLBACKS
/* used internally by CyaSSL while OpenSSL types aren't */
#include <cyassl/callbacks.h>
typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);
/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
for diagnostics */
CYASSL_API int CyaSSL_connect_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
Timeval);
#endif /* CYASSL_CALLBACKS */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CYASSL_SSL_H */

182
src/internal.c
View File

@ -53,22 +53,22 @@
#endif
int CyaSSL_negotiate(SSL*);
int CyaSSL_negotiate(CYASSL*);
#ifndef NO_CYASSL_CLIENT
static int DoHelloVerifyRequest(SSL* ssl, const byte* input, word32*);
static int DoServerHello(SSL* ssl, const byte* input, word32*);
static int DoCertificateRequest(SSL* ssl, const byte* input, word32*);
static int DoServerKeyExchange(SSL* ssl, const byte* input, word32*);
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerHello(CYASSL* ssl, const byte* input, word32*);
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*);
static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
#endif
#ifndef NO_CYASSL_SERVER
static int DoClientHello(SSL* ssl, const byte* input, word32*, word32,
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32,
word32);
static int DoCertificateVerify(SSL* ssl, byte*, word32*, word32);
static int DoClientKeyExchange(SSL* ssl, byte* input, word32*);
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*);
#endif
typedef enum {
@ -81,10 +81,10 @@ typedef enum {
runProcessingOneMessage
} processReply;
static void Hmac(SSL* ssl, byte* digest, const byte* buffer, word32 sz,
static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz,
int content, int verify);
static void BuildCertHashes(SSL* ssl, Hashes* hashes);
static void BuildCertHashes(CYASSL* ssl, Hashes* hashes);
#ifndef min
@ -97,7 +97,7 @@ static void BuildCertHashes(SSL* ssl, Hashes* hashes);
#endif /* min */
int IsTLS(const SSL* ssl)
int IsTLS(const CYASSL* ssl)
{
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
return 1;
@ -106,7 +106,7 @@ int IsTLS(const SSL* ssl)
}
int IsAtLeastTLSv1_2(const SSL* ssl)
int IsAtLeastTLSv1_2(const CYASSL* ssl)
{
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
return 1;
@ -236,7 +236,7 @@ static INLINE void ato32(const byte* c, word32* u32)
/* init zlib comp/decomp streams, 0 on success */
static int InitStreams(SSL* ssl)
static int InitStreams(CYASSL* ssl)
{
ssl->c_stream.zalloc = (alloc_func)myAlloc;
ssl->c_stream.zfree = (free_func)myFree;
@ -256,7 +256,7 @@ static INLINE void ato32(const byte* c, word32* u32)
}
static void FreeStreams(SSL* ssl)
static void FreeStreams(CYASSL* ssl)
{
if (ssl->didStreamInit) {
deflateEnd(&ssl->c_stream);
@ -266,7 +266,7 @@ static INLINE void ato32(const byte* c, word32* u32)
/* compress in to out, return out size or error */
static int Compress(SSL* ssl, byte* in, int inSz, byte* out, int outSz)
static int Compress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz)
{
int err;
int currTotal = ssl->c_stream.total_out;
@ -289,7 +289,7 @@ static INLINE void ato32(const byte* c, word32* u32)
/* decompress in to out, returnn out size or error */
static int DeCompress(SSL* ssl, byte* in, int inSz, byte* out, int outSz)
static int DeCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz)
{
int err;
int currTotal = ssl->d_stream.total_out;
@ -314,7 +314,7 @@ static INLINE void ato32(const byte* c, word32* u32)
#endif /* HAVE_LIBZ */
void InitSSL_Method(SSL_METHOD* method, ProtocolVersion pv)
void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv)
{
method->version = pv;
method->side = CLIENT_END;
@ -325,7 +325,7 @@ void InitSSL_Method(SSL_METHOD* method, ProtocolVersion pv)
}
void InitSSL_Ctx(SSL_CTX* ctx, SSL_METHOD* method)
void InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
{
ctx->method = method;
ctx->certificate.buffer = 0;
@ -384,7 +384,7 @@ void InitSSL_Ctx(SSL_CTX* ctx, SSL_METHOD* method)
/* In case contexts are held in array and don't want to free actual ctx */
void SSL_CtxResourceFree(SSL_CTX* ctx)
void SSL_CtxResourceFree(CYASSL_CTX* ctx)
{
XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
@ -395,7 +395,7 @@ void SSL_CtxResourceFree(SSL_CTX* ctx)
}
void FreeSSL_Ctx(SSL_CTX* ctx)
void FreeSSL_Ctx(CYASSL_CTX* ctx)
{
SSL_CtxResourceFree(ctx);
XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
@ -626,7 +626,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
}
int InitSSL(SSL* ssl, SSL_CTX* ctx)
int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
{
int ret;
byte havePSK = 0;
@ -727,7 +727,7 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
ssl->options.quietShutdown = ctx->quietShutdown;
ssl->options.certOnly = 0;
/* SSL_CTX still owns certificate, certChain, key, and caList buffers */
/* CYASSL_CTX still owns certificate, certChain, key, and caList buffers */
ssl->buffers.certificate = ctx->certificate;
ssl->buffers.certChain = ctx->certChain;
ssl->buffers.key = ctx->privateKey;
@ -807,11 +807,11 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
}
int BIO_free(BIO*); /* cyassl_int doesn't have */
int CyaSSL_BIO_free(CYASSL_BIO*); /* internal doesn't have */
/* In case holding SSL object in array and don't want to free actual ssl */
void SSL_ResourceFree(SSL* ssl)
void SSL_ResourceFree(CYASSL* ssl)
{
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
@ -819,7 +819,7 @@ void SSL_ResourceFree(SSL* ssl)
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
/* SSL_CTX always owns certChain */
/* CYASSL_CTX always owns certChain */
if (ssl->buffers.weOwnCert)
XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
if (ssl->buffers.weOwnKey)
@ -831,9 +831,9 @@ void SSL_ResourceFree(SSL* ssl)
if (ssl->buffers.outputBuffer.dynamicFlag)
ShrinkOutputBuffer(ssl);
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
BIO_free(ssl->biord);
CyaSSL_BIO_free(ssl->biord);
if (ssl->biord != ssl->biowr) /* in case same as write */
BIO_free(ssl->biowr);
CyaSSL_BIO_free(ssl->biowr);
#endif
#ifdef HAVE_LIBZ
FreeStreams(ssl);
@ -847,7 +847,7 @@ void SSL_ResourceFree(SSL* ssl)
}
void FreeSSL(SSL* ssl)
void FreeSSL(CYASSL* ssl)
{
SSL_ResourceFree(ssl);
XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
@ -951,7 +951,7 @@ ProtocolVersion MakeDTLSv1(void)
/* add output to md5 and sha handshake hashes, exclude record header */
static void HashOutput(SSL* ssl, const byte* output, int sz, int ivSz)
static void HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz)
{
const byte* adj = output + RECORD_HEADER_SZ + ivSz;
sz -= RECORD_HEADER_SZ;
@ -973,7 +973,7 @@ static void HashOutput(SSL* ssl, const byte* output, int sz, int ivSz)
/* add input to md5 and sha handshake hashes, include handshake header */
static void HashInput(SSL* ssl, const byte* input, int sz)
static void HashInput(CYASSL* ssl, const byte* input, int sz)
{
const byte* adj = input - HANDSHAKE_HEADER_SZ;
sz += HANDSHAKE_HEADER_SZ;
@ -995,7 +995,7 @@ static void HashInput(SSL* ssl, const byte* input, int sz)
/* add record layer header for message */
static void AddRecordHeader(byte* output, word32 length, byte type, SSL* ssl)
static void AddRecordHeader(byte* output, word32 length, byte type, CYASSL* ssl)
{
RecordLayerHeader* rl;
@ -1021,7 +1021,8 @@ static void AddRecordHeader(byte* output, word32 length, byte type, SSL* ssl)
/* add handshake header for message */
static void AddHandShakeHeader(byte* output, word32 length, byte type, SSL* ssl)
static void AddHandShakeHeader(byte* output, word32 length, byte type,
CYASSL* ssl)
{
HandShakeHeader* hs;
(void)ssl;
@ -1045,7 +1046,7 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type, SSL* ssl)
/* add both headers for handshake message */
static void AddHeaders(byte* output, word32 length, byte type, SSL* ssl)
static void AddHeaders(byte* output, word32 length, byte type, CYASSL* ssl)
{
if (!ssl->options.dtls) {
AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
@ -1061,7 +1062,7 @@ static void AddHeaders(byte* output, word32 length, byte type, SSL* ssl)
/* return bytes received, -1 on error */
static int Receive(SSL* ssl, byte* buf, word32 sz)
static int Receive(CYASSL* ssl, byte* buf, word32 sz)
{
int recvd;
@ -1109,7 +1110,7 @@ retry:
/* Switch dynamic output buffer back to static, buffer is assumed clear */
void ShrinkOutputBuffer(SSL* ssl)
void ShrinkOutputBuffer(CYASSL* ssl)
{
CYASSL_MSG("Shrinking output buffer\n");
XFREE(ssl->buffers.outputBuffer.buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
@ -1121,7 +1122,7 @@ void ShrinkOutputBuffer(SSL* ssl)
/* Switch dynamic input buffer back to static, keep any remaining input */
/* forced free means cleaning up */
void ShrinkInputBuffer(SSL* ssl, int forcedFree)
void ShrinkInputBuffer(CYASSL* ssl, int forcedFree)
{
int usedLength = ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx;
@ -1144,7 +1145,7 @@ void ShrinkInputBuffer(SSL* ssl, int forcedFree)
}
int SendBuffered(SSL* ssl)
int SendBuffered(CYASSL* ssl)
{
while (ssl->buffers.outputBuffer.length > 0) {
int sent = ssl->ctx->CBIOSend((char*)ssl->buffers.outputBuffer.buffer +
@ -1203,7 +1204,7 @@ int SendBuffered(SSL* ssl)
/* Grow the output buffer, should only be to send cert, should be blank */
static INLINE int GrowOutputBuffer(SSL* ssl, int size)
static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
{
byte* tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length,
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
@ -1227,7 +1228,7 @@ static INLINE int GrowOutputBuffer(SSL* ssl, int size)
/* Grow the input buffer, should only be to read cert or big app data */
static INLINE int GrowInputBuffer(SSL* ssl, int size, int usedLength)
static INLINE int GrowInputBuffer(CYASSL* ssl, int size, int usedLength)
{
byte* tmp = (byte*) XMALLOC(size + usedLength, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
@ -1253,7 +1254,7 @@ static INLINE int GrowInputBuffer(SSL* ssl, int size, int usedLength)
/* check avalaible size into output buffer */
static INLINE int CheckAvalaibleSize(SSL *ssl, int size)
static INLINE int CheckAvalaibleSize(CYASSL *ssl, int size)
{
if ((word32)size > ssl->buffers.outputBuffer.bufferSize)
if (GrowOutputBuffer(ssl, size) < 0)
@ -1271,7 +1272,7 @@ static INLINE int CheckAvalaibleSize(SSL *ssl, int size)
}
/* do all verify and sanity checks on record header */
static int GetRecordHeader(SSL* ssl, const byte* input, word32* inOutIdx,
static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
RecordLayerHeader* rh, word16 *size)
{
if (!ssl->options.dtls) {
@ -1329,7 +1330,7 @@ static int GetRecordHeader(SSL* ssl, const byte* input, word32* inOutIdx,
}
static int GetHandShakeHeader(SSL* ssl, const byte* input, word32* inOutIdx,
static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
byte *type, word32 *size)
{
const byte *ptr = input + *inOutIdx;
@ -1367,7 +1368,7 @@ static const byte PAD2[PAD_MD5] =
};
/* calculate MD5 hash for finished */
static void BuildMD5(SSL* ssl, Hashes* hashes, const byte* sender)
static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
byte md5_result[MD5_DIGEST_SIZE];
@ -1387,7 +1388,7 @@ static void BuildMD5(SSL* ssl, Hashes* hashes, const byte* sender)
/* calculate SHA hash for finished */
static void BuildSHA(SSL* ssl, Hashes* hashes, const byte* sender)
static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
byte sha_result[SHA_DIGEST_SIZE];
@ -1406,7 +1407,7 @@ static void BuildSHA(SSL* ssl, Hashes* hashes, const byte* sender)
}
static void BuildFinished(SSL* ssl, Hashes* hashes, const byte* sender)
static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
/* store current states, building requires get_digest which resets state */
Md5 md5 = ssl->hashMd5;
@ -1435,7 +1436,7 @@ static void BuildFinished(SSL* ssl, Hashes* hashes, const byte* sender)
}
static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
{
word32 listSz, i = *inOutIdx;
int ret = 0;
@ -1610,7 +1611,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
why = certificate_expired;
if (ssl->ctx->verifyCallback) {
int ok;
X509_STORE_CTX store;
CYASSL_X509_STORE_CTX store;
store.error = ret;
store.error_depth = totalCerts;
@ -1639,7 +1640,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
}
int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff)
int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
{
byte verifyMAC[SHA256_DIGEST_SIZE];
int finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ;
@ -1704,7 +1705,7 @@ int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff)
}
static int DoHandShakeMsg(SSL* ssl, byte* input, word32* inOutIdx,
static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
word32 totalSz)
{
byte type;
@ -1803,7 +1804,7 @@ static int DoHandShakeMsg(SSL* ssl, byte* input, word32* inOutIdx,
}
static INLINE void Encrypt(SSL* ssl, byte* out, const byte* input, word32 sz)
static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
{
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
@ -1851,7 +1852,8 @@ static INLINE void Encrypt(SSL* ssl, byte* out, const byte* input, word32 sz)
}
static INLINE void Decrypt(SSL* ssl, byte* plain, const byte* input, word32 sz)
static INLINE void Decrypt(CYASSL* ssl, byte* plain, const byte* input,
word32 sz)
{
switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4
@ -1891,7 +1893,7 @@ static INLINE void Decrypt(SSL* ssl, byte* plain, const byte* input, word32 sz)
/* decrypt input message in place */
static int DecryptMessage(SSL* ssl, byte* input, word32 sz, word32* idx)
static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
{
Decrypt(ssl, input, input, sz);
ssl->keys.encryptSz = sz;
@ -1902,7 +1904,7 @@ static int DecryptMessage(SSL* ssl, byte* input, word32 sz, word32* idx)
}
static INLINE word32 GetSEQIncrement(SSL* ssl, int verify)
static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
{
if (verify)
return ssl->keys.peer_sequence_number++;
@ -1911,7 +1913,7 @@ static INLINE word32 GetSEQIncrement(SSL* ssl, int verify)
}
int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx)
int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
{
word32 msgSz = ssl->keys.encryptSz;
word32 pad = 0,
@ -1992,7 +1994,7 @@ int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx)
/* process alert, return level */
static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type)
static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
{
byte level;
@ -2036,7 +2038,7 @@ static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type)
return level;
}
static int GetInputData(SSL *ssl, word32 size)
static int GetInputData(CYASSL *ssl, word32 size)
{
int in;
int inSz;
@ -2094,7 +2096,7 @@ static int GetInputData(SSL *ssl, word32 size)
/* process input requests, return 0 is done, 1 is call again to complete, and
negative number is error */
int ProcessReply(SSL* ssl)
int ProcessReply(CYASSL* ssl)
{
int ret, type, readSz;
word32 startIdx = 0;
@ -2341,7 +2343,7 @@ int ProcessReply(SSL* ssl)
}
int SendChangeCipher(SSL* ssl)
int SendChangeCipher(CYASSL* ssl)
{
byte *output;
int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
@ -2378,7 +2380,7 @@ int SendChangeCipher(SSL* ssl)
}
static INLINE const byte* GetMacSecret(SSL* ssl, int verify)
static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
{
if ( (ssl->options.side == CLIENT_END && !verify) ||
(ssl->options.side == SERVER_END && verify) )
@ -2388,7 +2390,7 @@ static INLINE const byte* GetMacSecret(SSL* ssl, int verify)
}
static void Hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
byte result[SHA256_DIGEST_SIZE]; /* max possible sizes */
@ -2442,7 +2444,7 @@ static void Hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
}
static void BuildMD5_CertVerify(SSL* ssl, byte* digest)
static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
{
byte md5_result[MD5_DIGEST_SIZE];
@ -2460,7 +2462,7 @@ static void BuildMD5_CertVerify(SSL* ssl, byte* digest)
}
static void BuildSHA_CertVerify(SSL* ssl, byte* digest)
static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
{
byte sha_result[SHA_DIGEST_SIZE];
@ -2478,7 +2480,7 @@ static void BuildSHA_CertVerify(SSL* ssl, byte* digest)
}
static void BuildCertHashes(SSL* ssl, Hashes* hashes)
static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
{
/* store current states, building requires get_digest which resets state */
Md5 md5 = ssl->hashMd5;
@ -2510,7 +2512,7 @@ static void BuildCertHashes(SSL* ssl, Hashes* hashes)
/* Build SSL Message, encrypted */
static int BuildMessage(SSL* ssl, byte* output, const byte* input, int inSz,
static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
int type)
{
word32 digestSz = ssl->specs.hash_size;
@ -2569,7 +2571,7 @@ static int BuildMessage(SSL* ssl, byte* output, const byte* input, int inSz,
}
int SendFinished(SSL* ssl)
int SendFinished(CYASSL* ssl)
{
int sendSz,
finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
@ -2637,7 +2639,7 @@ int SendFinished(SSL* ssl)
}
int SendCertificate(SSL* ssl)
int SendCertificate(CYASSL* ssl)
{
int sendSz, length, ret = 0;
word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -2716,7 +2718,7 @@ int SendCertificate(SSL* ssl)
}
int SendCertificateRequest(SSL* ssl)
int SendCertificateRequest(CYASSL* ssl)
{
byte *output;
int ret;
@ -2778,7 +2780,7 @@ int SendCertificateRequest(SSL* ssl)
}
int SendData(SSL* ssl, const void* data, int sz)
int SendData(CYASSL* ssl, const void* data, int sz)
{
int sent = 0, /* plainText size */
sendSz,
@ -2875,7 +2877,7 @@ int SendData(SSL* ssl, const void* data, int sz)
}
/* process input data */
int ReceiveData(SSL* ssl, byte* output, int sz)
int ReceiveData(CYASSL* ssl, byte* output, int sz)
{
int size;
@ -2927,7 +2929,7 @@ int ReceiveData(SSL* ssl, byte* output, int sz)
/* send alert message */
int SendAlert(SSL* ssl, int severity, int type)
int SendAlert(CYASSL* ssl, int severity, int type)
{
byte input[ALERT_SIZE];
byte *output;
@ -3477,7 +3479,7 @@ int cipher_name_idx[] =
/* return true if set, else false */
/* only supports full name from cipher_name[] delimited by : */
int SetCipherList(SSL_CTX* ctx, const char* list)
int SetCipherList(CYASSL_CTX* ctx, const char* list)
{
int ret = 0, i;
char name[MAX_SUITE_NAME];
@ -3548,7 +3550,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
/* Set Final HandShakeInfo parameters */
void FinishHandShakeInfo(HandShakeInfo* info, const SSL* ssl)
void FinishHandShakeInfo(HandShakeInfo* info, const CYASSL* ssl)
{
int i;
int sz = sizeof(cipher_name_idx)/sizeof(int);
@ -3680,7 +3682,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
/* client only parts */
#ifndef NO_CYASSL_CLIENT
int SendClientHello(SSL* ssl)
int SendClientHello(CYASSL* ssl)
{
byte *output;
word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -3775,7 +3777,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoHelloVerifyRequest(SSL* ssl, const byte* input,
static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input,
word32* inOutIdx)
{
ProtocolVersion pv;
@ -3799,7 +3801,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoServerHello(SSL* ssl, const byte* input, word32* inOutIdx)
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx)
{
byte b;
byte compression;
@ -3888,7 +3890,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
/* just read in and ignore for now TODO: */
static int DoCertificateRequest(SSL* ssl, const byte* input, word32*
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*
inOutIdx)
{
word16 len;
@ -3933,7 +3935,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoServerKeyExchange(SSL* ssl, const byte* input,
static int DoServerKeyExchange(CYASSL* ssl, const byte* input,
word32* inOutIdx)
{
#if defined(OPENSSL_EXTRA) || defined(HAVE_ECC)
@ -4147,7 +4149,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
int SendClientKeyExchange(SSL* ssl)
int SendClientKeyExchange(CYASSL* ssl)
{
byte encSecret[MAX_NTRU_ENCRYPT_SZ];
word32 encSz = 0;
@ -4351,7 +4353,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
return ret;
}
int SendCertificateVerify(SSL* ssl)
int SendCertificateVerify(CYASSL* ssl)
{
byte *output;
int sendSz = 0, length, ret;
@ -4452,7 +4454,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
#ifndef NO_CYASSL_SERVER
int SendServerHello(SSL* ssl)
int SendServerHello(CYASSL* ssl)
{
byte *output;
word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -4566,7 +4568,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
#endif /* HAVE_ECC */
int SendServerKeyExchange(SSL* ssl)
int SendServerKeyExchange(CYASSL* ssl)
{
int ret = 0;
(void)ssl;
@ -4984,7 +4986,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int MatchSuite(SSL* ssl, Suites* peerSuites)
static int MatchSuite(CYASSL* ssl, Suites* peerSuites)
{
word16 i, j;
@ -5008,7 +5010,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
/* process old style client hello, deprecate? */
int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 inSz, word16 sz)
{
word32 idx = *inOutIdx;
@ -5130,7 +5132,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
/* DoClientHello uses same resume code */
while (ssl->options.resuming) { /* let's try */
int ret;
SSL_SESSION* session = GetSession(ssl, ssl->arrays.masterSecret);
CYASSL_SESSION* session = GetSession(ssl, ssl->arrays.masterSecret);
if (!session) {
ssl->options.resuming = 0;
break; /* session lookup failed */
@ -5152,7 +5154,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 totalSz, word32 helloSz)
{
byte b;
@ -5283,7 +5285,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
/* ProcessOld uses same resume code */
while (ssl->options.resuming) { /* let's try */
int ret;
SSL_SESSION* session = GetSession(ssl, ssl->arrays.masterSecret);
CYASSL_SESSION* session = GetSession(ssl, ssl->arrays.masterSecret);
if (!session) {
ssl->options.resuming = 0;
CYASSL_MSG("Session lookup for resume failed");
@ -5305,7 +5307,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoCertificateVerify(SSL* ssl, byte* input, word32* inOutsz,
static int DoCertificateVerify(CYASSL* ssl, byte* input, word32* inOutsz,
word32 totalSz)
{
word16 sz = 0;
@ -5368,7 +5370,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
int SendServerHelloDone(SSL* ssl)
int SendServerHelloDone(CYASSL* ssl)
{
byte *output;
int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -5404,7 +5406,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
int SendHelloVerifyRequest(SSL* ssl)
int SendHelloVerifyRequest(CYASSL* ssl)
{
byte* output;
int length = VERSION_SZ + ENUM_LEN;
@ -5442,7 +5444,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
}
static int DoClientKeyExchange(SSL* ssl, byte* input,
static int DoClientKeyExchange(CYASSL* ssl, byte* input,
word32* inOutIdx)
{
int ret = 0;

8
src/io.c
View File

@ -202,25 +202,25 @@ int EmbedSend(char *buf, int sz, void *ctx)
#endif /* CYASSL_USER_IO */
CYASSL_API void CyaSSL_SetIORecv(SSL_CTX *ctx, CallbackIORecv CBIORecv)
CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX *ctx, CallbackIORecv CBIORecv)
{
ctx->CBIORecv = CBIORecv;
}
CYASSL_API void CyaSSL_SetIOSend(SSL_CTX *ctx, CallbackIOSend CBIOSend)
CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX *ctx, CallbackIOSend CBIOSend)
{
ctx->CBIOSend = CBIOSend;
}
CYASSL_API void CyaSSL_SetIOReadCtx(SSL* ssl, void *rctx)
CYASSL_API void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *rctx)
{
ssl->IOCB_ReadCtx = rctx;
}
CYASSL_API void CyaSSL_SetIOWriteCtx(SSL* ssl, void *wctx)
CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *wctx)
{
ssl->IOCB_WriteCtx = wctx;
}

10
src/keys.c
View File

@ -31,7 +31,7 @@
#endif
int SetCipherSpecs(SSL* ssl)
int SetCipherSpecs(CYASSL* ssl)
{
#ifdef HAVE_ECC
/* ECC extensions */
@ -646,7 +646,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
/* TLS can call too */
int StoreKeys(SSL* ssl, const byte* keyData)
int StoreKeys(CYASSL* ssl, const byte* keyData)
{
int sz = ssl->specs.hash_size, i;
@ -671,7 +671,7 @@ int StoreKeys(SSL* ssl, const byte* keyData)
}
int DeriveKeys(SSL* ssl)
int DeriveKeys(CYASSL* ssl)
{
int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
@ -719,7 +719,7 @@ int DeriveKeys(SSL* ssl)
}
static void CleanPreMaster(SSL* ssl)
static void CleanPreMaster(CYASSL* ssl)
{
int i, sz = ssl->arrays.preMasterSz;
@ -735,7 +735,7 @@ static void CleanPreMaster(SSL* ssl)
/* Create and store the master secret see page 32, 6.1 */
int MakeMasterSecret(SSL* ssl)
int MakeMasterSecret(CYASSL* ssl)
{
byte shaOutput[SHA_DIGEST_SIZE];
byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];

4
src/sniffer.c
View File

@ -39,8 +39,8 @@
#ifdef CYASSL_SNIFFER
#include <cyassl/openssl/ssl.h>
#include <cyassl/cyassl_int.h>
#include <cyassl/cyassl_error.h>
#include <cyassl/internal.h>
#include <cyassl/error.h>
#include <cyassl/sniffer.h>
#include <cyassl/sniffer_error.h>

707
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

78
src/tls.c
View File

@ -23,7 +23,7 @@
#include <config.h>
#endif
#include <cyassl/openssl/ssl.h>
#include <cyassl/ssl.h>
#include <cyassl/internal.h>
#include <cyassl/error.h>
#include <cyassl/ctaocrypt/hmac.h>
@ -126,7 +126,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
}
void BuildTlsFinished(SSL* ssl, Hashes* hashes, const byte* sender)
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
const byte* side;
byte handshake_hash[FINISHED_SZ];
@ -185,7 +185,7 @@ static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
int DeriveTlsKeys(SSL* ssl)
int DeriveTlsKeys(CYASSL* ssl)
{
int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
@ -203,7 +203,7 @@ int DeriveTlsKeys(SSL* ssl)
}
int MakeTlsMasterSecret(SSL* ssl)
int MakeTlsMasterSecret(CYASSL* ssl)
{
byte seed[SEED_LEN];
@ -249,7 +249,7 @@ static INLINE void c32toa(word32 u32, byte* c)
}
static INLINE word32 GetSEQIncrement(SSL* ssl, int verify)
static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
{
#ifdef CYASSL_DTLS
if (ssl->options.dtls) {
@ -268,7 +268,7 @@ static INLINE word32 GetSEQIncrement(SSL* ssl, int verify)
#ifdef CYASSL_DTLS
static INLINE word32 GetEpoch(SSL* ssl, int verify)
static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
{
if (verify)
return ssl->keys.dtls_peer_epoch;
@ -279,7 +279,7 @@ static INLINE word32 GetEpoch(SSL* ssl, int verify)
#endif /* CYASSL_DTLS */
static INLINE const byte* GetMacSecret(SSL* ssl, int verify)
static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
{
if ( (ssl->options.side == CLIENT_END && !verify) ||
(ssl->options.side == SERVER_END && verify) )
@ -292,7 +292,7 @@ static INLINE const byte* GetMacSecret(SSL* ssl, int verify)
/* TLS type HMAC */
void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
Hmac hmac;
@ -329,20 +329,22 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_CYASSL_CLIENT
SSL_METHOD* TLSv1_client_method(void)
CYASSL_METHOD* CyaTLSv1_client_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1());
return method;
}
SSL_METHOD* TLSv1_1_client_method(void)
CYASSL_METHOD* CyaTLSv1_1_client_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1_1());
return method;
@ -351,10 +353,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_SHA256 /* can't use without SHA256 */
SSL_METHOD* TLSv1_2_client_method(void)
CYASSL_METHOD* CyaTLSv1_2_client_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method)
InitSSL_Method(method, MakeTLSv1_2());
return method;
@ -363,10 +366,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#endif
SSL_METHOD* SSLv23_client_method(void)
CYASSL_METHOD* CyaSSLv23_client_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());
@ -385,10 +389,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_CYASSL_SERVER
SSL_METHOD* TLSv1_server_method(void)
CYASSL_METHOD* CyaTLSv1_server_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1());
method->side = SERVER_END;
@ -397,10 +402,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
}
SSL_METHOD* TLSv1_1_server_method(void)
CYASSL_METHOD* CyaTLSv1_1_server_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_1());
method->side = SERVER_END;
@ -411,10 +417,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#ifndef NO_SHA256 /* can't use without SHA256 */
SSL_METHOD* TLSv1_2_server_method(void)
CYASSL_METHOD* CyaTLSv1_2_server_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method) {
InitSSL_Method(method, MakeTLSv1_2());
method->side = SERVER_END;
@ -425,10 +432,11 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#endif
SSL_METHOD *SSLv23_server_method(void)
CYASSL_METHOD* CyaSSLv23_server_method(void)
{
SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
CYASSL_METHOD* method =
(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
DYNAMIC_TYPE_METHOD);
if (method) {
#ifndef NO_SHA256 /* 1.2 requires SHA256 */
InitSSL_Method(method, MakeTLSv1_2());
@ -448,19 +456,19 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
#else /* NO_TLS */
/* catch CyaSSL programming errors */
void BuildTlsFinished(SSL* ssl, Hashes* hashes, const byte* sender)
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
{
}
int DeriveTlsKeys(SSL* ssl)
int DeriveTlsKeys(CYASSL* ssl)
{
return NOT_COMPILED_IN;
}
int MakeTlsMasterSecret(SSL* ssl)
int MakeTlsMasterSecret(CYASSL* ssl)
{
return NOT_COMPILED_IN;
}