From 354bb40e75d94466e91fe6960523612c9d17ccfb Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Thu, 2 Nov 2017 23:11:29 +0300 Subject: Add implementation --- mysql/extra/yassl/include/buffer.hpp | 211 ++++++ mysql/extra/yassl/include/cert_wrapper.hpp | 137 ++++ mysql/extra/yassl/include/crypto_wrapper.hpp | 428 ++++++++++++ mysql/extra/yassl/include/factory.hpp | 101 +++ mysql/extra/yassl/include/handshake.hpp | 69 ++ mysql/extra/yassl/include/lock.hpp | 96 +++ mysql/extra/yassl/include/log.hpp | 55 ++ mysql/extra/yassl/include/openssl/crypto.h | 33 + mysql/extra/yassl/include/openssl/des.h | 20 + mysql/extra/yassl/include/openssl/des_old.h | 20 + mysql/extra/yassl/include/openssl/engine.h | 24 + mysql/extra/yassl/include/openssl/err.h | 27 + mysql/extra/yassl/include/openssl/evp.h | 29 + mysql/extra/yassl/include/openssl/hmac.h | 20 + mysql/extra/yassl/include/openssl/lhash.h | 21 + mysql/extra/yassl/include/openssl/md4.h | 20 + mysql/extra/yassl/include/openssl/md5.h | 23 + mysql/extra/yassl/include/openssl/objects.h | 20 + mysql/extra/yassl/include/openssl/opensslv.h | 31 + mysql/extra/yassl/include/openssl/pem.h | 20 + mysql/extra/yassl/include/openssl/pkcs12.h | 24 + mysql/extra/yassl/include/openssl/prefix_crypto.h | 20 + mysql/extra/yassl/include/openssl/prefix_ssl.h | 189 ++++++ mysql/extra/yassl/include/openssl/rand.h | 21 + mysql/extra/yassl/include/openssl/rsa.h | 29 + mysql/extra/yassl/include/openssl/sha.h | 20 + mysql/extra/yassl/include/openssl/ssl.h | 568 ++++++++++++++++ .../extra/yassl/include/openssl/transport_types.h | 26 + mysql/extra/yassl/include/openssl/x509.h | 20 + mysql/extra/yassl/include/openssl/x509v3.h | 20 + mysql/extra/yassl/include/socket_wrapper.hpp | 104 +++ mysql/extra/yassl/include/timer.hpp | 40 ++ mysql/extra/yassl/include/yassl.hpp | 85 +++ mysql/extra/yassl/include/yassl_error.hpp | 88 +++ mysql/extra/yassl/include/yassl_imp.hpp | 748 +++++++++++++++++++++ mysql/extra/yassl/include/yassl_int.hpp | 725 ++++++++++++++++++++ mysql/extra/yassl/include/yassl_types.hpp | 540 +++++++++++++++ 37 files changed, 4672 insertions(+) create mode 100644 mysql/extra/yassl/include/buffer.hpp create mode 100644 mysql/extra/yassl/include/cert_wrapper.hpp create mode 100644 mysql/extra/yassl/include/crypto_wrapper.hpp create mode 100644 mysql/extra/yassl/include/factory.hpp create mode 100644 mysql/extra/yassl/include/handshake.hpp create mode 100644 mysql/extra/yassl/include/lock.hpp create mode 100644 mysql/extra/yassl/include/log.hpp create mode 100644 mysql/extra/yassl/include/openssl/crypto.h create mode 100644 mysql/extra/yassl/include/openssl/des.h create mode 100644 mysql/extra/yassl/include/openssl/des_old.h create mode 100644 mysql/extra/yassl/include/openssl/engine.h create mode 100644 mysql/extra/yassl/include/openssl/err.h create mode 100644 mysql/extra/yassl/include/openssl/evp.h create mode 100644 mysql/extra/yassl/include/openssl/hmac.h create mode 100644 mysql/extra/yassl/include/openssl/lhash.h create mode 100644 mysql/extra/yassl/include/openssl/md4.h create mode 100644 mysql/extra/yassl/include/openssl/md5.h create mode 100644 mysql/extra/yassl/include/openssl/objects.h create mode 100644 mysql/extra/yassl/include/openssl/opensslv.h create mode 100644 mysql/extra/yassl/include/openssl/pem.h create mode 100644 mysql/extra/yassl/include/openssl/pkcs12.h create mode 100644 mysql/extra/yassl/include/openssl/prefix_crypto.h create mode 100644 mysql/extra/yassl/include/openssl/prefix_ssl.h create mode 100644 mysql/extra/yassl/include/openssl/rand.h create mode 100644 mysql/extra/yassl/include/openssl/rsa.h create mode 100644 mysql/extra/yassl/include/openssl/sha.h create mode 100644 mysql/extra/yassl/include/openssl/ssl.h create mode 100644 mysql/extra/yassl/include/openssl/transport_types.h create mode 100644 mysql/extra/yassl/include/openssl/x509.h create mode 100644 mysql/extra/yassl/include/openssl/x509v3.h create mode 100644 mysql/extra/yassl/include/socket_wrapper.hpp create mode 100644 mysql/extra/yassl/include/timer.hpp create mode 100644 mysql/extra/yassl/include/yassl.hpp create mode 100644 mysql/extra/yassl/include/yassl_error.hpp create mode 100644 mysql/extra/yassl/include/yassl_imp.hpp create mode 100644 mysql/extra/yassl/include/yassl_int.hpp create mode 100644 mysql/extra/yassl/include/yassl_types.hpp (limited to 'mysql/extra/yassl/include') diff --git a/mysql/extra/yassl/include/buffer.hpp b/mysql/extra/yassl/include/buffer.hpp new file mode 100644 index 0000000..77d2ed8 --- /dev/null +++ b/mysql/extra/yassl/include/buffer.hpp @@ -0,0 +1,211 @@ +/* + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* yaSSL buffer header defines input and output buffers to simulate streaming + * with SSL types and sockets + */ + +#ifndef yaSSL_BUFFER_HPP +#define yaSSL_BUFFER_HPP + +#include // assert +#include "yassl_types.hpp" // ysDelete +#include "memory.hpp" // mySTL::auto_ptr +#include STL_ALGORITHM_FILE + + +namespace STL = STL_NAMESPACE; + + +#ifdef _MSC_VER + // disable truncated debug symbols + #pragma warning(disable:4786) +#endif + + +namespace yaSSL { + +typedef unsigned char byte; +typedef unsigned int uint; +const uint AUTO = 0xFEEDBEEF; + + + +struct NoCheck { + int check(uint, uint); +}; + +struct Check { + int check(uint, uint); +}; + +/* input_buffer operates like a smart c style array with a checking option, + * meant to be read from through [] with AUTO index or read(). + * Should only write to at/near construction with assign() or raw (e.g., recv) + * followed by add_size with the number of elements added by raw write. + * + * Not using vector because need checked []access, offset, and the ability to + * write to the buffer bulk wise and have the correct size + */ + +class input_buffer : public Check { + uint size_; // number of elements in buffer + uint current_; // current offset position in buffer + byte* buffer_; // storage for buffer + byte* end_; // end of storage marker + int error_; // error number + byte zero_; // for returning const reference to zero byte +public: + input_buffer(); + + explicit input_buffer(uint s); + + // with assign + input_buffer(uint s, const byte* t, uint len); + + ~input_buffer(); + + // users can pass defualt zero length buffer and then allocate + void allocate(uint s); + + // for passing to raw writing functions at beginning, then use add_size + byte* get_buffer() const; + + // after a raw write user can set new size + // if you know the size before the write use assign() + void add_size(uint i); + + uint get_capacity() const; + + uint get_current() const; + + uint get_size() const; + + uint get_remaining() const; + + int get_error() const; + + void set_error(); + + void set_current(uint i); + + // read only access through [], advance current + // user passes in AUTO index for ease of use + const byte& operator[](uint i); + + // end of input test + bool eof(); + + // peek ahead + byte peek(); + + // write function, should use at/near construction + void assign(const byte* t, uint s); + + // use read to query input, adjusts current + void read(byte* dst, uint length); + +private: + input_buffer(const input_buffer&); // hide copy + input_buffer& operator=(const input_buffer&); // and assign +}; + + +/* output_buffer operates like a smart c style array with a checking option. + * Meant to be written to through [] with AUTO index or write(). + * Size (current) counter increases when written to. Can be constructed with + * zero length buffer but be sure to allocate before first use. + * Don't use add write for a couple bytes, use [] instead, way less overhead. + * + * Not using vector because need checked []access and the ability to + * write to the buffer bulk wise and retain correct size + */ +class output_buffer : public NoCheck { + uint current_; // current offset and elements in buffer + byte* buffer_; // storage for buffer + byte* end_; // end of storage marker +public: + // default + output_buffer(); + + // with allocate + explicit output_buffer(uint s); + + // with assign + output_buffer(uint s, const byte* t, uint len); + + ~output_buffer(); + + uint get_size() const; + + uint get_capacity() const; + + void set_current(uint c); + + // users can pass defualt zero length buffer and then allocate + void allocate(uint s); + + // for passing to reading functions when finished + const byte* get_buffer() const; + + // allow write access through [], update current + // user passes in AUTO as index for ease of use + byte& operator[](uint i); + + // end of output test + bool eof(); + + void write(const byte* t, uint s); + +private: + output_buffer(const output_buffer&); // hide copy + output_buffer& operator=(const output_buffer&); // and assign +}; + + + + +// turn delete an incomplete type into comipler error instead of warning +template +inline void checked_delete(T* p) +{ + typedef char complete_type[sizeof(T) ? 1 : -1]; + (void)sizeof(complete_type); + ysDelete(p); +} + + +// checked delete functor increases effeciency, no indirection on function call +// sets pointer to zero so safe for std conatiners +struct del_ptr_zero +{ + template + void operator()(T*& p) const + { + T* tmp = 0; + STL::swap(tmp, p); + checked_delete(tmp); + } +}; + + + +} // naemspace + +#endif // yaSSL_BUUFER_HPP diff --git a/mysql/extra/yassl/include/cert_wrapper.hpp b/mysql/extra/yassl/include/cert_wrapper.hpp new file mode 100644 index 0000000..8e3393b --- /dev/null +++ b/mysql/extra/yassl/include/cert_wrapper.hpp @@ -0,0 +1,137 @@ +/* + Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. + */ + + +/* The certificate wrapper header defines certificate management functions + * + */ + + +#ifndef yaSSL_CERT_WRAPPER_HPP +#define yaSSL_CERT_WRAPPER_HPP + +#ifdef _MSC_VER + // disable truncated debug symbols + #pragma warning(disable:4786) +#endif + + +#include "yassl_types.hpp" // SignatureAlgorithm +#include "buffer.hpp" // input_buffer +#include "asn.hpp" // SignerList +#include "openssl/ssl.h" // internal and external use +#include STL_LIST_FILE +#include STL_ALGORITHM_FILE + + +namespace STL = STL_NAMESPACE; + + +namespace yaSSL { + +typedef unsigned char opaque; +class X509; // forward openSSL type + +using TaoCrypt::SignerList; + +// an x509 version 3 certificate +class x509 { + uint length_; + opaque* buffer_; +public: + explicit x509(uint sz); + ~x509(); + + uint get_length() const; + const opaque* get_buffer() const; + opaque* use_buffer(); + + x509(const x509&); + x509& operator=(const x509&); +private: + void Swap(x509&); +}; + + +// Certificate Manager keeps a list of the cert chain and public key +class CertManager { + typedef STL::list CertList; + + CertList list_; // self + input_buffer privateKey_; + + CertList peerList_; // peer + input_buffer peerPublicKey_; + X509* peerX509_; // peer's openSSL X509 + X509* selfX509_; // our own openSSL X509 + + SignatureAlgorithm keyType_; // self key type + SignatureAlgorithm peerKeyType_; // peer's key type + + SignerList signers_; // decoded CA keys and names + // plus verified chained certs + bool verifyPeer_; + bool verifyNone_; // no error if verify fails + bool failNoCert_; + bool sendVerify_; + bool sendBlankCert_; + VerifyCallback verifyCallback_; // user verify callback +public: + CertManager(); + ~CertManager(); + + void AddPeerCert(x509* x); // take ownership + void CopySelfCert(const x509* x); + int CopyCaCert(const x509* x); + int Validate(); + + int SetPrivateKey(const x509&); + + const x509* get_cert() const; + const opaque* get_peerKey() const; + const opaque* get_privateKey() const; + X509* get_peerX509() const; + X509* get_selfX509() const; + SignatureAlgorithm get_keyType() const; + SignatureAlgorithm get_peerKeyType() const; + + uint get_peerKeyLength() const; + uint get_privateKeyLength() const; + + bool verifyPeer() const; + bool verifyNone() const; + bool failNoCert() const; + bool sendVerify() const; + bool sendBlankCert() const; + + void setVerifyPeer(); + void setVerifyNone(); + void setFailNoCert(); + void setSendVerify(); + void setSendBlankCert(); + void setPeerX509(X509*); + void setVerifyCallback(VerifyCallback); +private: + CertManager(const CertManager&); // hide copy + CertManager& operator=(const CertManager&); // and assigin +}; + + +} // naemspace + +#endif // yaSSL_CERT_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/crypto_wrapper.hpp b/mysql/extra/yassl/include/crypto_wrapper.hpp new file mode 100644 index 0000000..c0395cb --- /dev/null +++ b/mysql/extra/yassl/include/crypto_wrapper.hpp @@ -0,0 +1,428 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* The crypto wrapper header is used to define policies for the cipher + * components used by SSL. There are 3 policies to consider: + * + * 1) MAC, the Message Authentication Code used for each Message + * 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message + * 3) Atuhentication, the Digitial Signing/Verifiaction scheme used + * + * This header doesn't rely on a specific crypto libraries internals, + * only the implementation should. + */ + + +#ifndef yaSSL_CRYPTO_WRAPPER_HPP +#define yaSSL_CRYPTO_WRAPPER_HPP + +#include "yassl_types.hpp" +#include // FILE + + +namespace yaSSL { + + +// Digest policy should implement a get_digest, update, and get sizes for pad +// and digest +struct Digest : public virtual_base { + virtual void get_digest(byte*) = 0; + virtual void get_digest(byte*, const byte*, unsigned int) = 0; + virtual void update(const byte*, unsigned int) = 0; + virtual uint get_digestSize() const = 0; + virtual uint get_padSize() const = 0; + virtual ~Digest() {} +}; + + +// For use with NULL Digests +struct NO_MAC : public Digest { + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; +}; + + +// MD5 Digest +class MD5 : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + MD5(); + ~MD5(); + MD5(const MD5&); + MD5& operator=(const MD5&); +private: + struct MD5Impl; + MD5Impl* pimpl_; +}; + + +// SHA-1 Digest +class SHA : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + SHA(); + ~SHA(); + SHA(const SHA&); + SHA& operator=(const SHA&); +private: + struct SHAImpl; + SHAImpl* pimpl_; + +}; + + +// RIPEMD-160 Digest +class RMD : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + RMD(); + ~RMD(); + RMD(const RMD&); + RMD& operator=(const RMD&); +private: + struct RMDImpl; + RMDImpl* pimpl_; + +}; + + +// HMAC_MD5 +class HMAC_MD5 : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + HMAC_MD5(const byte*, unsigned int); + ~HMAC_MD5(); +private: + struct HMAC_MD5Impl; + HMAC_MD5Impl* pimpl_; + + HMAC_MD5(const HMAC_MD5&); + HMAC_MD5& operator=(const HMAC_MD5&); +}; + + +// HMAC_SHA-1 +class HMAC_SHA : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + HMAC_SHA(const byte*, unsigned int); + ~HMAC_SHA(); +private: + struct HMAC_SHAImpl; + HMAC_SHAImpl* pimpl_; + + HMAC_SHA(const HMAC_SHA&); + HMAC_SHA& operator=(const HMAC_SHA&); +}; + + +// HMAC_RMD +class HMAC_RMD : public Digest { +public: + void get_digest(byte*); + void get_digest(byte*, const byte*, unsigned int); + void update(const byte*, unsigned int); + uint get_digestSize() const; + uint get_padSize() const; + HMAC_RMD(const byte*, unsigned int); + ~HMAC_RMD(); +private: + struct HMAC_RMDImpl; + HMAC_RMDImpl* pimpl_; + + HMAC_RMD(const HMAC_RMD&); + HMAC_RMD& operator=(const HMAC_RMD&); +}; + + +// BulkCipher policy should implement encrypt, decrypt, get block size, +// and set keys for encrypt and decrypt +struct BulkCipher : public virtual_base { + virtual void encrypt(byte*, const byte*, unsigned int) = 0; + virtual void decrypt(byte*, const byte*, unsigned int) = 0; + virtual void set_encryptKey(const byte*, const byte* = 0) = 0; + virtual void set_decryptKey(const byte*, const byte* = 0) = 0; + virtual uint get_blockSize() const = 0; + virtual int get_keySize() const = 0; + virtual int get_ivSize() const = 0; + virtual ~BulkCipher() {} +}; + + +// For use with NULL Ciphers +struct NO_Cipher : public BulkCipher { + void encrypt(byte*, const byte*, unsigned int) {} + void decrypt(byte*, const byte*, unsigned int) {} + void set_encryptKey(const byte*, const byte*) {} + void set_decryptKey(const byte*, const byte*) {} + uint get_blockSize() const { return 0; } + int get_keySize() const { return 0; } + int get_ivSize() const { return 0; } +}; + + +// SSLv3 and TLSv1 always use DES in CBC mode so IV is required +class DES : public BulkCipher { +public: + void encrypt(byte*, const byte*, unsigned int); + void decrypt(byte*, const byte*, unsigned int); + void set_encryptKey(const byte*, const byte*); + void set_decryptKey(const byte*, const byte*); + uint get_blockSize() const { return DES_BLOCK; } + int get_keySize() const { return DES_KEY_SZ; } + int get_ivSize() const { return DES_IV_SZ; } + DES(); + ~DES(); +private: + struct DESImpl; + DESImpl* pimpl_; + + DES(const DES&); // hide copy + DES& operator=(const DES&); // & assign +}; + + +// 3DES Encrypt-Decrypt-Encrypt in CBC mode +class DES_EDE : public BulkCipher { +public: + void encrypt(byte*, const byte*, unsigned int); + void decrypt(byte*, const byte*, unsigned int); + void set_encryptKey(const byte*, const byte*); + void set_decryptKey(const byte*, const byte*); + uint get_blockSize() const { return DES_BLOCK; } + int get_keySize() const { return DES_EDE_KEY_SZ; } + int get_ivSize() const { return DES_IV_SZ; } + DES_EDE(); + ~DES_EDE(); +private: + struct DES_EDEImpl; + DES_EDEImpl* pimpl_; + + DES_EDE(const DES_EDE&); // hide copy + DES_EDE& operator=(const DES_EDE&); // & assign +}; + + +// Alledged RC4 +class RC4 : public BulkCipher { +public: + void encrypt(byte*, const byte*, unsigned int); + void decrypt(byte*, const byte*, unsigned int); + void set_encryptKey(const byte*, const byte*); + void set_decryptKey(const byte*, const byte*); + uint get_blockSize() const { return 0; } + int get_keySize() const { return RC4_KEY_SZ; } + int get_ivSize() const { return 0; } + RC4(); + ~RC4(); +private: + struct RC4Impl; + RC4Impl* pimpl_; + + RC4(const RC4&); // hide copy + RC4& operator=(const RC4&); // & assign +}; + + +// AES +class AES : public BulkCipher { +public: + void encrypt(byte*, const byte*, unsigned int); + void decrypt(byte*, const byte*, unsigned int); + void set_encryptKey(const byte*, const byte*); + void set_decryptKey(const byte*, const byte*); + uint get_blockSize() const { return AES_BLOCK_SZ; } + int get_keySize() const; + int get_ivSize() const { return AES_IV_SZ; } + explicit AES(unsigned int = AES_128_KEY_SZ); + ~AES(); +private: + struct AESImpl; + AESImpl* pimpl_; + + AES(const AES&); // hide copy + AES& operator=(const AES&); // & assign +}; + + +// Random number generator +class RandomPool { +public: + void Fill(opaque* dst, uint sz) const; + RandomPool(); + ~RandomPool(); + + int GetError() const; + + friend class RSA; + friend class DSS; + friend class DiffieHellman; +private: + struct RandomImpl; + RandomImpl* pimpl_; + + RandomPool(const RandomPool&); // hide copy + RandomPool& operator=(const RandomPool&); // & assign +}; + + +// Authentication policy should implement sign, and verify +struct Auth : public virtual_base { + virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0; + virtual bool verify(const byte*, unsigned int, const byte*, + unsigned int) = 0; + virtual uint get_signatureLength() const = 0; + virtual ~Auth() {} +}; + + +// For use with NULL Authentication schemes +struct NO_Auth : public Auth { + void sign(byte*, const byte*, unsigned int, const RandomPool&) {} + bool verify(const byte*, unsigned int, const byte*, unsigned int) + { return true; } +}; + + +// Digitial Signature Standard scheme +class DSS : public Auth { +public: + void sign(byte*, const byte*, unsigned int, const RandomPool&); + bool verify(const byte*, unsigned int, const byte*, unsigned int); + uint get_signatureLength() const; + DSS(const byte*, unsigned int, bool publicKey = true); + ~DSS(); +private: + struct DSSImpl; + DSSImpl* pimpl_; + + DSS(const DSS&); + DSS& operator=(const DSS&); +}; + + +// RSA Authentication and exchange +class RSA : public Auth { +public: + void sign(byte*, const byte*, unsigned int, const RandomPool&); + bool verify(const byte*, unsigned int, const byte*, unsigned int); + void encrypt(byte*, const byte*, unsigned int, const RandomPool&); + void decrypt(byte*, const byte*, unsigned int, const RandomPool&); + uint get_signatureLength() const; + uint get_cipherLength() const; + RSA(const byte*, unsigned int, bool publicKey = true); + ~RSA(); +private: + struct RSAImpl; + RSAImpl* pimpl_; + + RSA(const RSA&); // hide copy + RSA& operator=(const RSA&); // & assing +}; + + +class Integer; + +// Diffie-Hellman agreement +// hide for now TODO: figure out a way to give access to C clients p and g args +class DiffieHellman { +public: + DiffieHellman(const byte*, unsigned int, const byte*, unsigned int, + const byte*, unsigned int, const RandomPool& random); + //DiffieHellman(const char*, const RandomPool&); + DiffieHellman(const Integer&, const Integer&, const RandomPool&); + ~DiffieHellman(); + + DiffieHellman(const DiffieHellman&); + DiffieHellman& operator=(const DiffieHellman&); + + uint get_agreedKeyLength() const; + const byte* get_agreedKey() const; + uint get_publicKeyLength() const; + const byte* get_publicKey() const; + void makeAgreement(const byte*, unsigned int); + + void set_sizes(int&, int&, int&) const; + void get_parms(byte*, byte*, byte*) const; +private: + struct DHImpl; + DHImpl* pimpl_; +}; + + +// Lagrge Integer +class Integer { +public: + Integer(); + ~Integer(); + + Integer(const Integer&); + Integer& operator=(const Integer&); + + void assign(const byte*, unsigned int); + + friend class DiffieHellman; +private: + struct IntegerImpl; + IntegerImpl* pimpl_; +}; + + +class x509; + + +struct EncryptedInfo { + enum { IV_SZ = 32, NAME_SZ = 80 }; + char name[NAME_SZ]; // max one line + byte iv[IV_SZ]; // in base16 rep + uint ivSz; + bool set; + + EncryptedInfo() : ivSz(0), set(false) {} +}; + +x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0); + + +} // naemspace + +#endif // yaSSL_CRYPTO_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/factory.hpp b/mysql/extra/yassl/include/factory.hpp new file mode 100644 index 0000000..dd6532f --- /dev/null +++ b/mysql/extra/yassl/include/factory.hpp @@ -0,0 +1,101 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* The factory header defines an Object Factory, used by SSL message and + * handshake types. + * + * See Desgin Pattern in GoF and Alexandrescu's chapter in Modern C++ Design, + * page 208 + */ + + + +#ifndef yaSSL_FACTORY_HPP +#define yaSSL_FACTORY_HPP + +#include STL_VECTOR_FILE +#include STL_PAIR_FILE + + +namespace STL = STL_NAMESPACE; + + + + + +namespace yaSSL { + + +// Factory uses its callback map to create objects by id, +// returning an abstract base pointer +template +class Factory { + typedef STL::pair CallBack; + typedef STL::vector CallBackVector; + + CallBackVector callbacks_; +public: + // pass function pointer to register all callbacks upon creation + explicit Factory(void (*init)(Factory&)) + { + init(*this); + } + + // reserve place in vector before registering, used by init funcion + void Reserve(size_t sz) + { + callbacks_.reserve(sz); + } + + // register callback + void Register(const IdentifierType& id, ProductCreator pc) + { + callbacks_.push_back(STL::make_pair(id, pc)); + } + + // THE Creator, returns a new object of the proper type or 0 + AbstractProduct* CreateObject(const IdentifierType& id) const + { + typedef typename STL::vector::const_iterator cIter; + + cIter first = callbacks_.begin(); + cIter last = callbacks_.end(); + + while (first != last) { + if (first->first == id) + break; + ++first; + } + + if (first == callbacks_.end()) + return 0; + return (first->second)(); + } +private: + Factory(const Factory&); // hide copy + Factory& operator=(const Factory&); // and assign +}; + + +} // naemspace + +#endif // yaSSL_FACTORY_HPP diff --git a/mysql/extra/yassl/include/handshake.hpp b/mysql/extra/yassl/include/handshake.hpp new file mode 100644 index 0000000..0c9949a --- /dev/null +++ b/mysql/extra/yassl/include/handshake.hpp @@ -0,0 +1,69 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* The handshake header declares function prototypes for creating and reading + * the various handshake messages. + */ + + + +#ifndef yaSSL_HANDSHAKE_HPP +#define yaSSL_HANDSHAKE_HPP + +#include "yassl_types.hpp" + + +namespace yaSSL { + +// forward decls +class SSL; +class Finished; +class Data; +class Alert; +struct Hashes; + +enum BufferOutput { buffered, unbuffered }; + +void sendClientHello(SSL&); +void sendServerHello(SSL&, BufferOutput = buffered); +void sendServerHelloDone(SSL&, BufferOutput = buffered); +void sendClientKeyExchange(SSL&, BufferOutput = buffered); +void sendServerKeyExchange(SSL&, BufferOutput = buffered); +void sendChangeCipher(SSL&, BufferOutput = buffered); +void sendFinished(SSL&, ConnectionEnd, BufferOutput = buffered); +void sendCertificate(SSL&, BufferOutput = buffered); +void sendCertificateRequest(SSL&, BufferOutput = buffered); +void sendCertificateVerify(SSL&, BufferOutput = buffered); +int sendData(SSL&, const void*, int); +int sendAlert(SSL& ssl, const Alert& alert); + +int receiveData(SSL&, Data&, bool peek = false); +void processReply(SSL&); + +void buildFinished(SSL&, Finished&, const opaque*); +void build_certHashes(SSL&, Hashes&); + +void hmac(SSL&, byte*, const byte*, uint, ContentType, bool verify = false); +void TLS_hmac(SSL&, byte*, const byte*, uint, ContentType, + bool verify = false); +void PRF(byte* digest, uint digLen, const byte* secret, uint secLen, + const byte* label, uint labLen, const byte* seed, uint seedLen); + +} // naemspace + +#endif // yaSSL_HANDSHAKE_HPP diff --git a/mysql/extra/yassl/include/lock.hpp b/mysql/extra/yassl/include/lock.hpp new file mode 100644 index 0000000..5273f92 --- /dev/null +++ b/mysql/extra/yassl/include/lock.hpp @@ -0,0 +1,96 @@ +/* + Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks + * automatically upon exit, no-ops provided for Single Threaded +*/ + +#ifndef yaSSL_LOCK_HPP +#define yaSSL_LOCK_HPP + +/* + Visual Studio Source Annotations header (sourceannotations.h) fails + to compile if outside of the global namespace. +*/ +#ifdef MULTI_THREADED +#ifdef _WIN32 +#include +#endif +#endif + +namespace yaSSL { + + +#ifdef MULTI_THREADED + #ifdef _WIN32 + #include + + class Mutex { + CRITICAL_SECTION cs_; + public: + Mutex(); + ~Mutex(); + + class Lock; + friend class Lock; + + class Lock { + Mutex& mutex_; + public: + explicit Lock(Mutex& lm); + ~Lock(); + }; + }; + #else // _WIN32 + #include + + class Mutex { + pthread_mutex_t mutex_; + public: + + Mutex(); + ~Mutex(); + + class Lock; + friend class Lock; + + class Lock { + Mutex& mutex_; + public: + explicit Lock(Mutex& lm); + ~Lock(); + }; + }; + + #endif // _WIN32 +#else // MULTI_THREADED (WE'RE SINGLE) + + class Mutex { + public: + class Lock { + public: + explicit Lock(Mutex&) {} + }; + }; + +#endif // MULTI_THREADED + + + +} // namespace +#endif // yaSSL_LOCK_HPP diff --git a/mysql/extra/yassl/include/log.hpp b/mysql/extra/yassl/include/log.hpp new file mode 100644 index 0000000..2651d07 --- /dev/null +++ b/mysql/extra/yassl/include/log.hpp @@ -0,0 +1,55 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* yaSSL log interface + * + */ + +#ifndef yaSSL_LOG_HPP +#define yaSSL_LOG_HPP + +#include "socket_wrapper.hpp" + +#ifdef YASSL_LOG +#include +#endif + +namespace yaSSL { + +typedef unsigned int uint; + + +// Debug logger +class Log { +#ifdef YASSL_LOG + FILE* log_; +#endif +public: + explicit Log(const char* str = "yaSSL.log"); + ~Log(); + + void Trace(const char*); + void ShowTCP(socket_t, bool ended = false); + void ShowData(uint, bool sent = false); +}; + + +} // naemspace + +#endif // yaSSL_LOG_HPP diff --git a/mysql/extra/yassl/include/openssl/crypto.h b/mysql/extra/yassl/include/openssl/crypto.h new file mode 100644 index 0000000..fc2971a --- /dev/null +++ b/mysql/extra/yassl/include/openssl/crypto.h @@ -0,0 +1,33 @@ +/* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/* crypto.h for openSSL */ + +#ifndef yaSSL_crypto_h__ +#define yaSSL_crypto_h__ + +#ifdef YASSL_PREFIX +#include "prefix_crypto.h" +#endif + +const char* SSLeay_version(int type); + +#define SSLEAY_NUMBER_DEFINED +#define SSLEAY_VERSION 0x0900L +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION + + +#endif /* yaSSL_crypto_h__ */ + diff --git a/mysql/extra/yassl/include/openssl/des.h b/mysql/extra/yassl/include/openssl/des.h new file mode 100644 index 0000000..f7394b6 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/des.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2005 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* des.h for openssl */ diff --git a/mysql/extra/yassl/include/openssl/des_old.h b/mysql/extra/yassl/include/openssl/des_old.h new file mode 100644 index 0000000..b6e2e3e --- /dev/null +++ b/mysql/extra/yassl/include/openssl/des_old.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2007 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* des_old.h for openvn */ diff --git a/mysql/extra/yassl/include/openssl/engine.h b/mysql/extra/yassl/include/openssl/engine.h new file mode 100644 index 0000000..15ddcd1 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/engine.h @@ -0,0 +1,24 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* engine.h for libcurl */ + +#undef HAVE_OPENSSL_ENGINE_H + + diff --git a/mysql/extra/yassl/include/openssl/err.h b/mysql/extra/yassl/include/openssl/err.h new file mode 100644 index 0000000..9484742 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/err.h @@ -0,0 +1,27 @@ +/* + Copyright (C) 2005, 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* err.h for openssl */ + +#ifndef yaSSL_err_h__ +#define yaSSL_err_h__ + + + +#endif /* yaSSL_err_h__ */ diff --git a/mysql/extra/yassl/include/openssl/evp.h b/mysql/extra/yassl/include/openssl/evp.h new file mode 100644 index 0000000..6aa7335 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/evp.h @@ -0,0 +1,29 @@ +/* + Copyright (C) 2007 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* evp.h for openSSL */ + +#ifndef SSLEAY_NUMBER_DEFINED +#define SSLEAY_NUMBER_DEFINED + +/* for OpenVPN */ +#define SSLEAY_VERSION_NUMBER 0x0090700f + + +#endif /* SSLEAY_NUMBER_DEFINED */ diff --git a/mysql/extra/yassl/include/openssl/hmac.h b/mysql/extra/yassl/include/openssl/hmac.h new file mode 100644 index 0000000..5da6644 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/hmac.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2007 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* hmac.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/lhash.h b/mysql/extra/yassl/include/openssl/lhash.h new file mode 100644 index 0000000..6d64df7 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/lhash.h @@ -0,0 +1,21 @@ +/* + Copyright (C) 2005 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* lhash.h for openSSL */ + diff --git a/mysql/extra/yassl/include/openssl/md4.h b/mysql/extra/yassl/include/openssl/md4.h new file mode 100644 index 0000000..8a86499 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/md4.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* md4.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/md5.h b/mysql/extra/yassl/include/openssl/md5.h new file mode 100644 index 0000000..b54ebcd --- /dev/null +++ b/mysql/extra/yassl/include/openssl/md5.h @@ -0,0 +1,23 @@ +/* + Copyright (C) 2005, 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* md5.h for openssl */ + +#include "ssl.h" /* in there for now */ + diff --git a/mysql/extra/yassl/include/openssl/objects.h b/mysql/extra/yassl/include/openssl/objects.h new file mode 100644 index 0000000..ed2c029 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/objects.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2007 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* objects.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/opensslv.h b/mysql/extra/yassl/include/openssl/opensslv.h new file mode 100644 index 0000000..88b9ca6 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/opensslv.h @@ -0,0 +1,31 @@ +/* + Copyright (C) 2005 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* opensslv.h compatibility */ + +#ifndef yaSSL_opensslv_h__ +#define yaSSL_opensslv_h__ + + +/* api version compatibility */ +#define OPENSSL_VERSION_NUMBER 0x0090700f + + +#endif /* yaSSLopensslv_h__ */ + diff --git a/mysql/extra/yassl/include/openssl/pem.h b/mysql/extra/yassl/include/openssl/pem.h new file mode 100644 index 0000000..c467e46 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/pem.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* pem.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/pkcs12.h b/mysql/extra/yassl/include/openssl/pkcs12.h new file mode 100644 index 0000000..c3f8ee6 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/pkcs12.h @@ -0,0 +1,24 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* pkcs12.h for libcurl */ + + +#undef HAVE_OPENSSL_PKCS12_H + diff --git a/mysql/extra/yassl/include/openssl/prefix_crypto.h b/mysql/extra/yassl/include/openssl/prefix_crypto.h new file mode 100644 index 0000000..895dd51 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/prefix_crypto.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +#define SSLeay_version yaSSLeay_version diff --git a/mysql/extra/yassl/include/openssl/prefix_ssl.h b/mysql/extra/yassl/include/openssl/prefix_ssl.h new file mode 100644 index 0000000..806f103 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/prefix_ssl.h @@ -0,0 +1,189 @@ +/* + Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +#define Copyright yaCopyright +#define yaSSL_CleanUp yayaSSL_CleanUp +#define BN_bin2bn yaBN_bin2bn +#define DH_new yaDH_new +#define DH_free yaDH_free +#define RSA_free yaRSA_free +#define RSA_generate_key yaRSA_generate_key +#define X509_free yaX509_free +#define X509_STORE_CTX_get_current_cert yaX509_STORE_CTX_get_current_cert +#define X509_STORE_CTX_get_error yaX509_STORE_CTX_get_error +#define X509_STORE_CTX_get_error_depth yaX509_STORE_CTX_get_error_depth +#define X509_NAME_oneline yaX509_NAME_oneline +#define X509_get_issuer_name yaX509_get_issuer_name +#define X509_get_subject_name yaX509_get_subject_name +#define X509_verify_cert_error_string yaX509_verify_cert_error_string +#define X509_LOOKUP_add_dir yaX509_LOOKUP_add_dir +#define X509_LOOKUP_load_file yaX509_LOOKUP_load_file +#define X509_LOOKUP_hash_dir yaX509_LOOKUP_hash_dir +#define X509_LOOKUP_file yaX509_LOOKUP_file +#define X509_STORE_add_lookup yaX509_STORE_add_lookup +#define X509_STORE_new yaX509_STORE_new +#define X509_STORE_get_by_subject yaX509_STORE_get_by_subject +#define ERR_get_error_line_data yaERR_get_error_line_data +#define ERR_print_errors_fp yaERR_print_errors_fp +#define ERR_error_string yaERR_error_string +#define ERR_remove_state yaERR_remove_state +#define ERR_get_error yaERR_get_error +#define ERR_peek_error yaERR_peek_error +#define ERR_GET_REASON yaERR_GET_REASON +#define SSL_CTX_new yaSSL_CTX_new +#define SSL_new yaSSL_new +#define SSL_set_fd yaSSL_set_fd +#define SSL_get_fd yaSSL_get_fd +#define SSL_connect yaSSL_connect +#define SSL_write yaSSL_write +#define SSL_read yaSSL_read +#define SSL_accept yaSSL_accept +#define SSL_CTX_free yaSSL_CTX_free +#define SSL_free yaSSL_free +#define SSL_clear yaSSL_clear +#define SSL_shutdown yaSSL_shutdown +#define SSL_set_connect_state yaSSL_set_connect_state +#define SSL_set_accept_state yaSSL_set_accept_state +#define SSL_do_handshake yaSSL_do_handshake +#define SSL_get_cipher yaSSL_get_cipher +#define SSL_get_cipher_name yaSSL_get_cipher_name +#define SSL_get_shared_ciphers yaSSL_get_shared_ciphers +#define SSL_get_cipher_list yaSSL_get_cipher_list +#define SSL_get_version yaSSL_get_version +#define SSLeay_version yaSSLeay_version +#define SSL_get_error yaSSL_get_error +#define SSL_load_error_strings yaSSL_load_error_strings +#define SSL_set_session yaSSL_set_session +#define SSL_get_session yaSSL_get_session +#define SSL_flush_sessions yaSSL_flush_sessions +#define SSL_SESSION_set_timeout yaSSL_SESSION_set_timeout +#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode +#define SSL_get_peer_certificate yaSSL_get_peer_certificate +#define SSL_get_verify_result yaSSL_get_verify_result +#define SSL_CTX_set_verify yaSSL_CTX_set_verify +#define SSL_CTX_load_verify_locations yaSSL_CTX_load_verify_locations +#define SSL_CTX_set_default_verify_paths yaSSL_CTX_set_default_verify_paths +#define SSL_CTX_check_private_key yaSSL_CTX_check_private_key +#define SSL_CTX_set_session_id_context yaSSL_CTX_set_session_id_context +#define SSL_CTX_set_tmp_rsa_callback yaSSL_CTX_set_tmp_rsa_callback +#define SSL_CTX_set_options yaSSL_CTX_set_options +#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode +#define SSL_CTX_set_timeout yaSSL_CTX_set_timeout +#define SSL_CTX_use_certificate_chain_file yaSSL_CTX_use_certificate_chain_file +#define SSL_CTX_set_default_passwd_cb yaSSL_CTX_set_default_passwd_cb +#define SSL_CTX_use_RSAPrivateKey_file yaSSL_CTX_use_RSAPrivateKey_file +#define SSL_CTX_set_info_callback yaSSL_CTX_set_info_callback +#define SSL_CTX_sess_accept yaSSL_CTX_sess_accept +#define SSL_CTX_sess_connect yaSSL_CTX_sess_connect +#define SSL_CTX_sess_accept_good yaSSL_CTX_sess_accept_good +#define SSL_CTX_sess_connect_good yaSSL_CTX_sess_connect_good +#define SSL_CTX_sess_accept_renegotiate yaSSL_CTX_sess_accept_renegotiate +#define SSL_CTX_sess_connect_renegotiate yaSSL_CTX_sess_connect_renegotiate +#define SSL_CTX_sess_hits yaSSL_CTX_sess_hits +#define SSL_CTX_sess_cb_hits yaSSL_CTX_sess_cb_hits +#define SSL_CTX_sess_cache_full yaSSL_CTX_sess_cache_full +#define SSL_CTX_sess_misses yaSSL_CTX_sess_misses +#define SSL_CTX_sess_timeouts yaSSL_CTX_sess_timeouts +#define SSL_CTX_sess_number yaSSL_CTX_sess_number +#define SSL_CTX_sess_get_cache_size yaSSL_CTX_sess_get_cache_size +#define SSL_CTX_get_verify_mode yaSSL_CTX_get_verify_mode +#define SSL_get_verify_mode yaSSL_get_verify_mode +#define SSL_CTX_get_verify_depth yaSSL_CTX_get_verify_depth +#define SSL_get_verify_depth yaSSL_get_verify_depth +#define SSL_get_default_timeout yaSSL_get_default_timeout +#define SSL_CTX_get_session_cache_mode yaSSL_CTX_get_session_cache_mode +#define SSL_session_reused yaSSL_session_reused +#define SSL_set_rfd yaSSL_set_rfd +#define SSL_set_wfd yaSSL_set_wfd +#define SSL_set_shutdown yaSSL_set_shutdown +#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown +#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown +#define SSL_want_read yaSSL_want_read +#define SSL_want_write yaSSL_want_write +#define SSL_pending yaSSL_pending +#define SSLv3_method yaSSLv3_method +#define SSLv3_server_method yaSSLv3_server_method +#define SSLv3_client_method yaSSLv3_client_method +#define TLSv1_server_method yaTLSv1_server_method +#define TLSv1_client_method yaTLSv1_client_method +#define TLSv1_1_server_method yaTLSv1_1_server_method +#define TLSv1_1_client_method yaTLSv1_1_client_method +#define SSLv23_server_method yaSSLv23_server_method +#define SSL_CTX_use_certificate_file yaSSL_CTX_use_certificate_file +#define SSL_CTX_use_PrivateKey_file yaSSL_CTX_use_PrivateKey_file +#define SSL_CTX_set_cipher_list yaSSL_CTX_set_cipher_list +#define SSL_CTX_sess_set_cache_size yaSSL_CTX_sess_set_cache_size +#define SSL_CTX_set_tmp_dh yaSSL_CTX_set_tmp_dh +#define OpenSSL_add_all_algorithms yaOpenSSL_add_all_algorithms +#define SSL_library_init yaSSL_library_init +#define SSLeay_add_ssl_algorithms yaSSLeay_add_ssl_algorithms +#define SSL_get_current_cipher yaSSL_get_current_cipher +#define SSL_CIPHER_description yaSSL_CIPHER_description +#define SSL_alert_type_string_long yaSSL_alert_type_string_long +#define SSL_alert_desc_string_long yaSSL_alert_desc_string_long +#define SSL_state_string_long yaSSL_state_string_long +#define EVP_md5 yaEVP_md5 +#define EVP_des_ede3_cbc yaEVP_des_ede3_cbc +#define EVP_BytesToKey yaEVP_BytesToKey +#define DES_set_key_unchecked yaDES_set_key_unchecked +#define DES_ede3_cbc_encrypt yaDES_ede3_cbc_encrypt +#define RAND_screen yaRAND_screen +#define RAND_file_name yaRAND_file_name +#define RAND_write_file yaRAND_write_file +#define RAND_load_file yaRAND_load_file +#define RAND_status yaRAND_status +#define RAND_bytes yaRAND_bytes +#define DES_set_key yaDES_set_key +#define DES_set_odd_parity yaDES_set_odd_parity +#define DES_ecb_encrypt yaDES_ecb_encrypt +#define SSL_CTX_set_default_passwd_cb_userdata yaSSL_CTX_set_default_passwd_cb_userdata +#define SSL_SESSION_free yaSSL_SESSION_free +#define SSL_peek yaSSL_peek +#define SSL_get_certificate yaSSL_get_certificate +#define SSL_get_privatekey yaSSL_get_privatekey +#define X509_get_pubkey yaX509_get_pubkey +#define EVP_PKEY_copy_parameters yaEVP_PKEY_copy_parameters +#define EVP_PKEY_free yaEVP_PKEY_free +#define ERR_error_string_n yaERR_error_string_n +#define ERR_free_strings yaERR_free_strings +#define EVP_cleanup yaEVP_cleanup +#define X509_get_ext_d2i yaX509_get_ext_d2i +#define GENERAL_NAMES_free yaGENERAL_NAMES_free +#define sk_GENERAL_NAME_num yask_GENERAL_NAME_num +#define sk_GENERAL_NAME_value yask_GENERAL_NAME_value +#define ASN1_STRING_data yaASN1_STRING_data +#define ASN1_STRING_length yaASN1_STRING_length +#define ASN1_STRING_type yaASN1_STRING_type +#define X509_NAME_get_index_by_NID yaX509_NAME_get_index_by_NID +#define X509_NAME_ENTRY_get_data yaX509_NAME_ENTRY_get_data +#define X509_NAME_get_entry yaX509_NAME_get_entry +#define ASN1_STRING_to_UTF8 yaASN1_STRING_to_UTF8 +#define SSLv23_client_method yaSSLv23_client_method +#define SSLv2_client_method yaSSLv2_client_method +#define SSL_get1_session yaSSL_get1_session +#define X509_get_notBefore yaX509_get_notBefore +#define X509_get_notAfter yaX509_get_notAfter +#define yaSSL_ASN1_TIME_to_string ya_SSL_ASN1_TIME_to_string +#define MD4_Init yaMD4_Init +#define MD4_Update yaMD4_Update +#define MD4_Final yaMD4_Final +#define MD5_Init yaMD5_Init +#define MD5_Update yaMD5_Update +#define MD5_Final yaMD5_Final +#define SSL_set_compression yaSSL_set_compression +#define PEM_read_X509 yaSSL_PEM_read_X509 diff --git a/mysql/extra/yassl/include/openssl/rand.h b/mysql/extra/yassl/include/openssl/rand.h new file mode 100644 index 0000000..9e0cedf --- /dev/null +++ b/mysql/extra/yassl/include/openssl/rand.h @@ -0,0 +1,21 @@ +/* + Copyright (C) 2005 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* rand.h for openSSL */ + diff --git a/mysql/extra/yassl/include/openssl/rsa.h b/mysql/extra/yassl/include/openssl/rsa.h new file mode 100644 index 0000000..95305a8 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/rsa.h @@ -0,0 +1,29 @@ +/* + Copyright (C) 2005, 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* rsa.h for openSSL */ + + +#ifndef yaSSL_rsa_h__ +#define yaSSL_rsa_h__ + +enum { RSA_F4 = 1 }; + + +#endif /* yaSSL_rsa_h__ */ diff --git a/mysql/extra/yassl/include/openssl/sha.h b/mysql/extra/yassl/include/openssl/sha.h new file mode 100644 index 0000000..5b7c6bd --- /dev/null +++ b/mysql/extra/yassl/include/openssl/sha.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2007 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* sha.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/ssl.h b/mysql/extra/yassl/include/openssl/ssl.h new file mode 100644 index 0000000..10fa491 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/ssl.h @@ -0,0 +1,568 @@ +/* + Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. + */ + +/* ssl.h defines openssl compatibility layer + * + */ + + + +#ifndef yaSSL_openssl_h__ +#define yaSSL_openssl_h__ + +#ifdef YASSL_PREFIX +#include "prefix_ssl.h" +#endif + +#include /* ERR_print fp */ +#include "opensslv.h" /* for version number */ +#include "rsa.h" + + +#define YASSL_VERSION "2.4.4" + + +#if defined(__cplusplus) +extern "C" { +#endif + + void yaSSL_CleanUp(); /* call once at end of application use to + free static singleton memory holders, + not a leak per se, but helpful when + looking for them */ + +#if defined(__cplusplus) +} // extern +#endif + +#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) +namespace yaSSL { +extern "C" { +#endif + +#undef X509_NAME /* wincrypt.h clash */ + +#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) + class SSL; + class SSL_SESSION; + class SSL_METHOD; + class SSL_CTX; + class SSL_CIPHER; + + class RSA; + + class X509; + class X509_NAME; +#else + typedef struct SSL SSL; + typedef struct SSL_SESSION SSL_SESSION; + typedef struct SSL_METHOD SSL_METHOD; + typedef struct SSL_CTX SSL_CTX; + typedef struct SSL_CIPHER SSL_CIPHER; + + typedef struct RSA RSA; + + typedef struct X509 X509; + typedef struct X509_NAME X509_NAME; +#endif + + +/* Big Number stuff, different file? */ +typedef struct BIGNUM BIGNUM; + +BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*); + + +/* Diffie-Hellman stuff, different file? */ +/* mySQL deferences to set group parameters */ +typedef struct DH { + BIGNUM* p; + BIGNUM* g; +} DH; + +DH* DH_new(void); +void DH_free(DH*); + +/* RSA stuff */ + +void RSA_free(RSA*); +RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); + + +/* X509 stuff, different file? */ + +/* because mySQL dereferences to use error and current_cert, even after calling + * get functions for local references */ +typedef struct X509_STORE_CTX { + int error; + int error_depth; + X509* current_cert; +} X509_STORE_CTX; + + +typedef struct X509_STORE X509_STORE; +typedef struct X509_LOOKUP X509_LOOKUP; +typedef struct X509_OBJECT { char c; } X509_OBJECT; +typedef struct X509_CRL X509_CRL; +typedef struct X509_REVOKED X509_REVOKED; +typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD; + + +void X509_free(X509*); + + +/* bio stuff */ +typedef struct BIO BIO; + +/* ASN stuff */ + + + +X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*); +int X509_STORE_CTX_get_error(X509_STORE_CTX*); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*); + +char* X509_NAME_oneline(X509_NAME*, char*, int); +X509_NAME* X509_get_issuer_name(X509*); +X509_NAME* X509_get_subject_name(X509*); +const char* X509_verify_cert_error_string(long); + +int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long); +int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long); +X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD* X509_LOOKUP_file(void); + +X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*); +X509_STORE* X509_STORE_new(void); +int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, + X509_OBJECT*); + + + + +enum { /* X509 Constants */ + X509_V_OK = 0, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 1, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2, + X509_V_ERR_CERT_NOT_YET_VALID = 3, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4, + X509_V_ERR_CERT_HAS_EXPIRED = 5, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6, + X509_FILETYPE_PEM = 7, + X509_LU_X509 = 8, + X509_LU_CRL = 9, + X509_V_ERR_CRL_SIGNATURE_FAILURE = 10, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11, + X509_V_ERR_CRL_HAS_EXPIRED = 12, + X509_V_ERR_CERT_REVOKED = 13, + X509_V_FLAG_CRL_CHECK = 14, + X509_V_FLAG_CRL_CHECK_ALL = 15 +}; + + +/* Error stuff, could move to yassl_error */ +unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); +void ERR_print_errors_fp(FILE*); +char* ERR_error_string(unsigned long,char*); +void ERR_remove_state(unsigned long); +unsigned long ERR_get_error(void); +unsigned long ERR_peek_error(void); +int ERR_GET_REASON(int); + + +enum { /* ERR Constants */ + ERR_TXT_STRING = 1, + EVP_R_BAD_DECRYPT = 2 +}; + +/* + Allow type used by SSL_set_fd to be changed, default to int + in order to be compatible with OpenSSL + */ +#ifndef YASSL_SOCKET_T_DEFINED +typedef int YASSL_SOCKET_T; +#endif + +SSL_CTX* SSL_CTX_new(SSL_METHOD*); +SSL* SSL_new(SSL_CTX*); +int SSL_set_fd (SSL*, YASSL_SOCKET_T); +YASSL_SOCKET_T SSL_get_fd(const SSL*); +int SSL_connect(SSL*); /* if you get an error from connect + see note at top of README */ +int SSL_write(SSL*, const void*, int); +int SSL_read(SSL*, void*, int); +int SSL_accept(SSL*); +void SSL_CTX_free(SSL_CTX*); +void SSL_free(SSL*); +int SSL_clear(SSL*); +int SSL_shutdown(SSL*); + +void SSL_set_connect_state(SSL*); +void SSL_set_accept_state(SSL*); +int SSL_do_handshake(SSL*); + +const char* SSL_get_cipher(SSL*); +const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */ +char* SSL_get_shared_ciphers(SSL*, char*, int); +const char* SSL_get_cipher_list(SSL*, int); +const char* SSL_get_version(SSL*); +const char* SSLeay_version(int); + +int SSL_get_error(SSL*, int); +void SSL_load_error_strings(void); + +int SSL_set_session(SSL *ssl, SSL_SESSION *session); +SSL_SESSION* SSL_get_session(SSL* ssl); +void SSL_flush_sessions(SSL_CTX *ctx, long tm); +long SSL_SESSION_set_timeout(SSL_SESSION*, long); +long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode); +X509* SSL_get_peer_certificate(SSL*); +long SSL_get_verify_result(SSL*); + + +typedef int (*VerifyCallback)(int, X509_STORE_CTX*); +typedef int (*pem_password_cb)(char*, int, int, void*); +int default_password_callback(char * buffer, int size_arg, int rwflag, + void * u); + +void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback); +int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*); +int SSL_CTX_set_default_verify_paths(SSL_CTX*); +int SSL_CTX_check_private_key(SSL_CTX*); +int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*, + unsigned int); + +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int)); +long SSL_CTX_set_options(SSL_CTX*, long); +long SSL_CTX_set_session_cache_mode(SSL_CTX*, long); +long SSL_CTX_set_timeout(SSL_CTX*, long); +int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*); +void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int); +void SSL_CTX_set_info_callback(SSL_CTX*, void (*)()); + +long SSL_CTX_sess_accept(SSL_CTX*); +long SSL_CTX_sess_connect(SSL_CTX*); +long SSL_CTX_sess_accept_good(SSL_CTX*); +long SSL_CTX_sess_connect_good(SSL_CTX*); +long SSL_CTX_sess_accept_renegotiate(SSL_CTX*); +long SSL_CTX_sess_connect_renegotiate(SSL_CTX*); +long SSL_CTX_sess_hits(SSL_CTX*); +long SSL_CTX_sess_cb_hits(SSL_CTX*); +long SSL_CTX_sess_cache_full(SSL_CTX*); +long SSL_CTX_sess_misses(SSL_CTX*); +long SSL_CTX_sess_timeouts(SSL_CTX*); +long SSL_CTX_sess_number(SSL_CTX*); +long SSL_CTX_sess_get_cache_size(SSL_CTX*); + +int SSL_CTX_get_verify_mode(SSL_CTX*); +int SSL_get_verify_mode(SSL*); +int SSL_CTX_get_verify_depth(SSL_CTX*); +int SSL_get_verify_depth(SSL*); + +long SSL_get_default_timeout(SSL*); +long SSL_CTX_get_session_cache_mode(SSL_CTX*); +int SSL_session_reused(SSL*); + +int SSL_set_rfd(SSL*, int); +int SSL_set_wfd(SSL*, int); +void SSL_set_shutdown(SSL*, int); +void SSL_set_quiet_shutdown(SSL *ssl,int mode); +int SSL_get_quiet_shutdown(SSL *ssl); + +int SSL_want_read(SSL*); +int SSL_want_write(SSL*); + +int SSL_pending(SSL*); + + +enum { /* ssl Constants */ + SSL_WOULD_BLOCK = -8, + SSL_BAD_STAT = -7, + SSL_BAD_PATH = -6, + SSL_BAD_FILETYPE = -5, + SSL_BAD_FILE = -4, + SSL_NOT_IMPLEMENTED = -3, + SSL_UNKNOWN = -2, + SSL_FATAL_ERROR = -1, + SSL_NORMAL_SHUTDOWN = 0, + SSL_ERROR_NONE = 0, /* for most functions */ + SSL_FAILURE = 0, /* for some functions */ + SSL_SUCCESS = 1, + + SSL_FILETYPE_ASN1 = 10, + SSL_FILETYPE_PEM = 11, + SSL_FILETYPE_DEFAULT = 10, /* ASN1 */ + + SSL_VERIFY_NONE = 0, + SSL_VERIFY_PEER = 1, + SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, + SSL_VERIFY_CLIENT_ONCE = 4, + + SSL_SESS_CACHE_OFF = 30, + SSL_SESS_CACHE_CLIENT = 31, + SSL_SESS_CACHE_SERVER = 32, + SSL_SESS_CACHE_BOTH = 33, + SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, + + SSL_OP_MICROSOFT_SESS_ID_BUG = 50, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 51, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 55, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56, + SSL_OP_TLS_D5_BUG = 57, + SSL_OP_TLS_BLOCK_PADDING_BUG = 58, + SSL_OP_TLS_ROLLBACK_BUG = 59, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60, + SSL_OP_ALL = 61, + SSL_OP_SINGLE_DH_USE = 62, + SSL_OP_EPHEMERAL_RSA = 63, + SSL_OP_PKCS1_CHECK_1 = 67, + SSL_OP_PKCS1_CHECK_2 = 68, + SSL_OP_NETSCAPE_CA_DN_BUG = 69, + SSL_OP_NON_EXPORT_FIRST = 70, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71, + + SSL_ERROR_WANT_READ = 80, + SSL_ERROR_WANT_WRITE = 81, + SSL_ERROR_SYSCALL = 82, + SSL_ERROR_WANT_X509_LOOKUP = 83, + SSL_ERROR_ZERO_RETURN = 84, + SSL_ERROR_SSL = 85, + + SSL_ST_CONNECT = 90, + SSL_ST_ACCEPT = 91, + SSL_CB_LOOP = 92, + SSL_SENT_SHUTDOWN = 93, + SSL_RECEIVED_SHUTDOWN = 94, + SSL_CB_ALERT = 95, + SSL_CB_READ = 96, + SSL_CB_HANDSHAKE_DONE = 97, + + SSL_OP_NO_SSLv2 = 128, + SSL_OP_NO_SSLv3 = 256, + SSL_OP_NO_TLSv1 = 512, + SSL_OP_NO_TLSv1_1 = 1024, +}; + + +SSL_METHOD *SSLv3_method(void); +SSL_METHOD *SSLv3_server_method(void); +SSL_METHOD *SSLv3_client_method(void); +SSL_METHOD *TLSv1_server_method(void); +SSL_METHOD *TLSv1_client_method(void); +SSL_METHOD *TLSv1_1_server_method(void); +SSL_METHOD *TLSv1_1_client_method(void); +SSL_METHOD *SSLv23_server_method(void); + +int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int); +int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int); +int SSL_CTX_set_cipher_list(SSL_CTX*, const char*); + +long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); +long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); + +void OpenSSL_add_all_algorithms(void); +int SSL_library_init(); +int SSLeay_add_ssl_algorithms(void); + + +SSL_CIPHER* SSL_get_current_cipher(SSL*); +char* SSL_CIPHER_description(SSL_CIPHER*, char*, int); + + +char* SSL_alert_type_string_long(int); +char* SSL_alert_desc_string_long(int); +char* SSL_state_string_long(SSL*); + +X509* PEM_read_X509(FILE *fp, X509 *x, pem_password_cb cb, void *u); +/* EVP stuff, des and md5, different file? */ +typedef char EVP_MD; + +typedef char EVP_CIPHER; + +typedef struct EVP_PKEY EVP_PKEY; + +typedef unsigned char DES_cblock[8]; +typedef const DES_cblock const_DES_cblock; +typedef DES_cblock DES_key_schedule; + +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; + +const EVP_MD* EVP_md5(void); +const EVP_CIPHER* EVP_des_ede3_cbc(void); + +typedef unsigned char opaque; + +int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*, + const opaque*, int, int, opaque*, opaque*); + +void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*); +void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*, + DES_key_schedule*, DES_key_schedule*, DES_cblock*, int); + + +/* RAND stuff */ +void RAND_screen(void); +const char* RAND_file_name(char*, size_t); +int RAND_write_file(const char*); +int RAND_load_file(const char*, long); + + +/* for libcurl */ +int RAND_status(void); +int RAND_bytes(unsigned char* buf, int num); + +int DES_set_key(const_DES_cblock*, DES_key_schedule*); +void DES_set_odd_parity(DES_cblock*); +void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); +void SSL_SESSION_free(SSL_SESSION* session); +int SSL_peek(SSL* ssl, void* buf, int num); + +X509* SSL_get_certificate(SSL* ssl); +EVP_PKEY* SSL_get_privatekey(SSL* ssl); +EVP_PKEY* X509_get_pubkey(X509* x); + +int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from); +void EVP_PKEY_free(EVP_PKEY* pkey); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +void ERR_free_strings(void); +void EVP_cleanup(void); + +void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx); + +#define GEN_IPADD 7 +#define NID_subject_alt_name 85 +#define STACK_OF(x) x + + +/* defined here because libcurl dereferences */ +typedef struct ASN1_STRING { + int type; + int length; + unsigned char* data; +} ASN1_STRING; + + +typedef struct GENERAL_NAME { + int type; + union { + ASN1_STRING* ia5; + } d; +} GENERAL_NAME; + +void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x); + +int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x); +GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i); + + +unsigned char* ASN1_STRING_data(ASN1_STRING* x); +int ASN1_STRING_length(ASN1_STRING* x); +int ASN1_STRING_type(ASN1_STRING *x); + +typedef ASN1_STRING X509_NAME_ENTRY; + +int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos); + +ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne); +X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc); + +#define OPENSSL_malloc(x) malloc(x) +#define OPENSSL_free(x) free(x) + +int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in); + +SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */ +SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */ + + +SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ + + +#define CRYPTO_free(x) free(x) +#define ASN1_TIME ASN1_STRING + +ASN1_TIME* X509_get_notBefore(X509* x); +ASN1_TIME* X509_get_notAfter(X509* x); + + +#define ASN1_UTCTIME ASN1_STRING +#define NID_commonName 13 +#define V_ASN1_UTF8STRING 12 +#define GEN_DNS 2 + +#define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */ + + +typedef struct MD4_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD4_CTX; + +void MD4_Init(MD4_CTX*); +void MD4_Update(MD4_CTX*, const void*, unsigned long); +void MD4_Final(unsigned char*, MD4_CTX*); + + +typedef struct MD5_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD5_CTX; + +void MD5_Init(MD5_CTX*); +void MD5_Update(MD5_CTX*, const void*, unsigned long); +void MD5_Final(unsigned char*, MD5_CTX*); + +#define MD5_DIGEST_LENGTH 16 + + +#define SSL_DEFAULT_CIPHER_LIST "" /* default all */ + + +/* yaSSL extensions */ +int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */ +char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len); + +#include "transport_types.h" + +/* + Set functions for yaSSL to use in order to send and receive data. + + These hooks are offered in order to enable non-blocking I/O. If + not set, yaSSL defaults to using send() and recv(). + + @todo Remove hooks and accompanying code when yaSSL is fixed. +*/ +void yaSSL_transport_set_ptr(SSL *, void *); +void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t); +void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t); + +#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) +} /* namespace */ +} /* extern "C" */ +#endif + + +#endif /* yaSSL_openssl_h__ */ diff --git a/mysql/extra/yassl/include/openssl/transport_types.h b/mysql/extra/yassl/include/openssl/transport_types.h new file mode 100644 index 0000000..5a9d234 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/transport_types.h @@ -0,0 +1,26 @@ +/* + Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +#ifndef yaSSL_transport_types_h__ +#define yaSSL_transport_types_h__ + +/* Type of transport functions used for sending and receiving data. */ +typedef long (*yaSSL_recv_func_t) (void *, void *, size_t); +typedef long (*yaSSL_send_func_t) (void *, const void *, size_t); + +#endif diff --git a/mysql/extra/yassl/include/openssl/x509.h b/mysql/extra/yassl/include/openssl/x509.h new file mode 100644 index 0000000..74eb83e --- /dev/null +++ b/mysql/extra/yassl/include/openssl/x509.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* x509.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/x509v3.h b/mysql/extra/yassl/include/openssl/x509v3.h new file mode 100644 index 0000000..b48e9b4 --- /dev/null +++ b/mysql/extra/yassl/include/openssl/x509v3.h @@ -0,0 +1,20 @@ +/* + Copyright (C) 2006 MySQL AB + Use is subject to license terms + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* x509v3.h for libcurl */ diff --git a/mysql/extra/yassl/include/socket_wrapper.hpp b/mysql/extra/yassl/include/socket_wrapper.hpp new file mode 100644 index 0000000..ec3ab6f --- /dev/null +++ b/mysql/extra/yassl/include/socket_wrapper.hpp @@ -0,0 +1,104 @@ +/* + Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. + */ + + +/* The socket wrapper header defines a Socket class that hides the differences + * between Berkely style sockets and Windows sockets, allowing transparent TCP + * access. + */ + + +#ifndef yaSSL_SOCKET_WRAPPER_HPP +#define yaSSL_SOCKET_WRAPPER_HPP + + +#ifdef _WIN32 + #include +#else + #include + #include + #include + #include + #include + #include +#endif + + +namespace yaSSL { + +typedef unsigned int uint; + +#ifdef _WIN32 + typedef SOCKET socket_t; +#else + typedef int socket_t; + const socket_t INVALID_SOCKET = -1; + const int SD_RECEIVE = 0; + const int SD_SEND = 1; + const int SD_BOTH = 2; + const int SOCKET_ERROR = -1; +#endif + + extern "C" { + #include "openssl/transport_types.h" + } + +typedef unsigned char byte; + + +// Wraps Windows Sockets and BSD Sockets +class Socket { + socket_t socket_; // underlying socket descriptor + bool wouldBlock_; // if non-blocking data, for last read + bool nonBlocking_; // is option set + void *ptr_; // Argument to transport function + yaSSL_send_func_t send_func_; // Function to send data + yaSSL_recv_func_t recv_func_; // Function to receive data +public: + explicit Socket(socket_t s = INVALID_SOCKET); + ~Socket(); + + void set_fd(socket_t s); + uint get_ready() const; + socket_t get_fd() const; + + void set_transport_ptr(void *ptr); + void set_transport_recv_function(yaSSL_recv_func_t recv_func); + void set_transport_send_function(yaSSL_send_func_t send_func); + + uint send(const byte* buf, unsigned int len, unsigned int& sent); + uint receive(byte* buf, unsigned int len); + + bool wait(); + bool WouldBlock() const; + bool IsNonBlocking() const; + + void closeSocket(); + void shutDown(int how = SD_SEND); + + static int get_lastError(); + static void set_lastError(int error); +private: + Socket(const Socket&); // hide copy + Socket& operator= (const Socket&); // and assign +}; + + +} // naemspace + +#endif // yaSSL_SOCKET_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/timer.hpp b/mysql/extra/yassl/include/timer.hpp new file mode 100644 index 0000000..0d99603 --- /dev/null +++ b/mysql/extra/yassl/include/timer.hpp @@ -0,0 +1,40 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* timer.hpp provides a high res and low res timers + * +*/ + + +#ifndef yaSSL_TIMER_HPP +#define yaSSL_TIMER_HPP + +namespace yaSSL { + +typedef double timer_d; +typedef unsigned int uint; + + + +timer_d timer(); +uint lowResTimer(); + + + +} // namespace +#endif // yaSSL_TIMER_HPP diff --git a/mysql/extra/yassl/include/yassl.hpp b/mysql/extra/yassl/include/yassl.hpp new file mode 100644 index 0000000..081d653 --- /dev/null +++ b/mysql/extra/yassl/include/yassl.hpp @@ -0,0 +1,85 @@ +/* + Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* yaSSL externel header defines yaSSL API + */ + + +#ifndef yaSSL_EXT_HPP +#define yaSSL_EXT_HPP + + +namespace yaSSL { + + +#ifdef _WIN32 + typedef unsigned int SOCKET_T; +#else + typedef int SOCKET_T; +#endif + + +class Client { +public: + Client(); + ~Client(); + + // basics + int Connect(SOCKET_T); + int Write(const void*, int); + int Read(void*, int); + + // options + void SetCA(const char*); + void SetCert(const char*); + void SetKey(const char*); +private: + struct ClientImpl; + ClientImpl* pimpl_; + + Client(const Client&); // hide copy + Client& operator=(const Client&); // and assign +}; + + +class Server { +public: + Server(); + ~Server(); + + // basics + int Accept(SOCKET_T); + int Write(const void*, int); + int Read(void*, int); + + // options + void SetCA(const char*); + void SetCert(const char*); + void SetKey(const char*); +private: + struct ServerImpl; + ServerImpl* pimpl_; + + Server(const Server&); // hide copy + Server& operator=(const Server&); // and assign +}; + + +} // namespace yaSSL +#endif // yaSSL_EXT_HPP diff --git a/mysql/extra/yassl/include/yassl_error.hpp b/mysql/extra/yassl/include/yassl_error.hpp new file mode 100644 index 0000000..d63244d --- /dev/null +++ b/mysql/extra/yassl/include/yassl_error.hpp @@ -0,0 +1,88 @@ +/* + Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* yaSSL error header defines error codes and an exception class + */ + +#ifndef yaSSL_ERROR_HPP +#define yaSSL_ERROR_HPP + + + +namespace yaSSL { + + +enum YasslError { + no_error = 0, + + // 10 - 47 from AlertDescription, 0 also close_notify + + range_error = 101, + realloc_error = 102, + factory_error = 103, + unknown_cipher = 104, + prefix_error = 105, + record_layer = 106, + handshake_layer = 107, + out_of_order = 108, + bad_input = 109, + match_error = 110, + no_key_file = 111, + verify_error = 112, + send_error = 113, + receive_error = 114, + certificate_error = 115, + privateKey_error = 116, + badVersion_error = 117, + compress_error = 118, + decompress_error = 119, + pms_version_error = 120, + sanityCipher_error = 121, + rsaSignFault_error = 122 + + // !!!! add error message to .cpp !!!! + + // 1000+ from TaoCrypt error.hpp + +}; + + +enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib }; +enum { MAX_ERROR_SZ = 80 }; + +void SetErrorString(YasslError, char*); + +/* remove for now, if go back to exceptions use this wrapper +// Base class for all yaSSL exceptions +class Error : public mySTL::runtime_error { + YasslError error_; + Library lib_; +public: + explicit Error(const char* s = "", YasslError e = no_error, + Library l = yaSSL_Lib); + + YasslError get_number() const; + Library get_lib() const; +}; +*/ + + +} // naemspace + +#endif // yaSSL_ERROR_HPP diff --git a/mysql/extra/yassl/include/yassl_imp.hpp b/mysql/extra/yassl/include/yassl_imp.hpp new file mode 100644 index 0000000..a952da0 --- /dev/null +++ b/mysql/extra/yassl/include/yassl_imp.hpp @@ -0,0 +1,748 @@ +/* + Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* yaSSL implementation header defines all strucutres from the SSL.v3 + * specification "draft-freier-ssl-version3-02.txt" + * all page citations refer to this document unless otherwise noted. + */ + + +#ifndef yaSSL_IMP_HPP +#define yaSSL_IMP_HPP + +#ifdef _MSC_VER + // disable truncated debug symbols + #pragma warning(disable:4786) +#endif + +#include "yassl_types.hpp" +#include "factory.hpp" +#include STL_LIST_FILE + + +namespace STL = STL_NAMESPACE; + + +namespace yaSSL { + + +class SSL; // forward decls +class input_buffer; +class output_buffer; + + +struct ProtocolVersion { + uint8 major_; + uint8 minor_; // major and minor SSL/TLS version numbers + + ProtocolVersion(uint8 maj = 3, uint8 min = 0); +}; + + +// Record Layer Header for PlainText, Compressed, and CipherText +struct RecordLayerHeader { + ContentType type_; + ProtocolVersion version_; + uint16 length_; // should not exceed 2^14 +}; + + +// base for all messages +struct Message : public virtual_base { + virtual input_buffer& set(input_buffer&) =0; + virtual output_buffer& get(output_buffer&) const =0; + + virtual void Process(input_buffer&, SSL&) =0; + virtual ContentType get_type() const =0; + virtual uint16 get_length() const =0; + + virtual ~Message() {} +}; + + +class ChangeCipherSpec : public Message { + CipherChoice type_; +public: + ChangeCipherSpec(); + + friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&); + friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + ContentType get_type() const; + uint16 get_length() const; + void Process(input_buffer&, SSL&); +private: + ChangeCipherSpec(const ChangeCipherSpec&); // hide copy + ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign +}; + + + +class Alert : public Message { + AlertLevel level_; + AlertDescription description_; +public: + Alert() {} + Alert(AlertLevel al, AlertDescription ad); + + ContentType get_type() const; + uint16 get_length() const; + void Process(input_buffer&, SSL&); + + friend input_buffer& operator>>(input_buffer&, Alert&); + friend output_buffer& operator<<(output_buffer&, const Alert&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; +private: + Alert(const Alert&); // hide copy + Alert& operator=(const Alert&); // and assign +}; + + +class Data : public Message { + uint16 length_; + opaque* buffer_; // read buffer used by fillData input + const opaque* write_buffer_; // write buffer used by output operator +public: + Data(); + Data(uint16 len, opaque* b); + + friend output_buffer& operator<<(output_buffer&, const Data&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + ContentType get_type() const; + uint16 get_length() const; + void set_length(uint16 l); + opaque* set_buffer(); + void SetData(uint16, const opaque*); + void Process(input_buffer&, SSL&); +private: + Data(const Data&); // hide copy + Data& operator=(const Data&); // and assign +}; + + +uint32 c24to32(const uint24); // forward form internal header +void c32to24(uint32, uint24&); + + +// HandShake header, same for each message type from page 20/21 +class HandShakeHeader : public Message { + HandShakeType type_; + uint24 length_; // length of message +public: + HandShakeHeader() {} + + ContentType get_type() const; + uint16 get_length() const; + HandShakeType get_handshakeType() const; + void Process(input_buffer&, SSL&); + + void set_type(HandShakeType hst); + void set_length(uint32 u32); + + friend input_buffer& operator>>(input_buffer&, HandShakeHeader&); + friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; +private: + HandShakeHeader(const HandShakeHeader&); // hide copy + HandShakeHeader& operator=(const HandShakeHeader&); // and assign +}; + + +// Base Class for all handshake messages +class HandShakeBase : public virtual_base { + int length_; +public: + int get_length() const; + void set_length(int); + + // for building buffer's type field + virtual HandShakeType get_type() const =0; + + // handles dispactch of proper >> + virtual input_buffer& set(input_buffer& in) =0; + virtual output_buffer& get(output_buffer& out) const =0; + + virtual void Process(input_buffer&, SSL&) =0; + + virtual ~HandShakeBase() {} +}; + + +struct HelloRequest : public HandShakeBase { + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + void Process(input_buffer&, SSL&); + + HandShakeType get_type() const; +}; + + +// The Client's Hello Message from page 23 +class ClientHello : public HandShakeBase { + ProtocolVersion client_version_; + Random random_; + uint8 id_len_; // session id length + opaque session_id_[ID_LEN]; + uint16 suite_len_; // cipher suite length + opaque cipher_suites_[MAX_SUITE_SZ]; + uint8 comp_len_; // compression length + CompressionMethod compression_methods_; +public: + friend input_buffer& operator>>(input_buffer&, ClientHello&); + friend output_buffer& operator<<(output_buffer&, const ClientHello&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + HandShakeType get_type() const; + void Process(input_buffer&, SSL&); + + const opaque* get_random() const; + friend void buildClientHello(SSL&, ClientHello&); + friend void ProcessOldClientHello(input_buffer& input, SSL& ssl); + + ClientHello(); + ClientHello(ProtocolVersion pv, bool useCompression); +private: + ClientHello(const ClientHello&); // hide copy + ClientHello& operator=(const ClientHello&); // and assign +}; + + + +// The Server's Hello Message from page 24 +class ServerHello : public HandShakeBase { + ProtocolVersion server_version_; + Random random_; + uint8 id_len_; // session id length + opaque session_id_[ID_LEN]; + opaque cipher_suite_[SUITE_LEN]; + CompressionMethod compression_method_; +public: + ServerHello(ProtocolVersion pv, bool useCompression); + ServerHello(); + + friend input_buffer& operator>>(input_buffer&, ServerHello&); + friend output_buffer& operator<<(output_buffer&, const ServerHello&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + HandShakeType get_type() const; + void Process(input_buffer&, SSL&); + + const opaque* get_random() const; + friend void buildServerHello(SSL&, ServerHello&); +private: + ServerHello(const ServerHello&); // hide copy + ServerHello& operator=(const ServerHello&); // and assign +}; + + +class x509; + +// Certificate could be a chain +class Certificate : public HandShakeBase { + const x509* cert_; +public: + Certificate(); + explicit Certificate(const x509* cert); + friend output_buffer& operator<<(output_buffer&, const Certificate&); + + const opaque* get_buffer() const; + + // Process handles input, needs SSL + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + HandShakeType get_type() const; + void Process(input_buffer&, SSL&); +private: + Certificate(const Certificate&); // hide copy + Certificate& operator=(const Certificate&); // and assign +}; + + + +// RSA Public Key +struct ServerRSAParams { + opaque* rsa_modulus_; + opaque* rsa_exponent_; +}; + + +// Ephemeral Diffie-Hellman Parameters +class ServerDHParams { + int pSz_; + int gSz_; + int pubSz_; + opaque* p_; + opaque* g_; + opaque* Ys_; +public: + ServerDHParams(); + ~ServerDHParams(); + + int get_pSize() const; + int get_gSize() const; + int get_pubSize() const; + + const opaque* get_p() const; + const opaque* get_g() const; + const opaque* get_pub() const; + + opaque* alloc_p(int sz); + opaque* alloc_g(int sz); + opaque* alloc_pub(int sz); +private: + ServerDHParams(const ServerDHParams&); // hide copy + ServerDHParams& operator=(const ServerDHParams&); // and assign +}; + + +struct ServerKeyBase : public virtual_base { + virtual ~ServerKeyBase() {} + virtual void build(SSL&) {} + virtual void read(SSL&, input_buffer&) {} + virtual int get_length() const; + virtual opaque* get_serverKey() const; +}; + + +// Server random number for FORTEZZA KEA +struct Fortezza_Server : public ServerKeyBase { + opaque r_s_[FORTEZZA_MAX]; +}; + + +struct SignatureBase : public virtual_base { + virtual ~SignatureBase() {} +}; + +struct anonymous_sa : public SignatureBase {}; + + +struct Hashes { + uint8 md5_[MD5_LEN]; + uint8 sha_[SHA_LEN]; +}; + + +struct rsa_sa : public SignatureBase { + Hashes hashes_; +}; + + +struct dsa_sa : public SignatureBase { + uint8 sha_[SHA_LEN]; +}; + + +// Server's Diffie-Hellman exchange +class DH_Server : public ServerKeyBase { + ServerDHParams parms_; + opaque* signature_; + + int length_; // total length of message + opaque* keyMessage_; // total exchange message +public: + DH_Server(); + ~DH_Server(); + + void build(SSL&); + void read(SSL&, input_buffer&); + int get_length() const; + opaque* get_serverKey() const; +private: + DH_Server(const DH_Server&); // hide copy + DH_Server& operator=(const DH_Server&); // and assign +}; + + +// Server's RSA exchange +struct RSA_Server : public ServerKeyBase { + ServerRSAParams params_; + opaque* signature_; // signed rsa_sa hashes +}; + + +class ServerKeyExchange : public HandShakeBase { + ServerKeyBase* server_key_; +public: + explicit ServerKeyExchange(SSL&); + ServerKeyExchange(); + ~ServerKeyExchange(); + + void createKey(SSL&); + void build(SSL& ssl); + + const opaque* getKey() const; + int getKeyLength() const; + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&); + + void Process(input_buffer&, SSL&); + HandShakeType get_type() const; +private: + ServerKeyExchange(const ServerKeyExchange&); // hide copy + ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign +}; + + + +class CertificateRequest : public HandShakeBase { + ClientCertificateType certificate_types_[CERT_TYPES]; + int typeTotal_; + STL::list certificate_authorities_; +public: + CertificateRequest(); + ~CertificateRequest(); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + friend input_buffer& operator>>(input_buffer&, CertificateRequest&); + friend output_buffer& operator<<(output_buffer&, + const CertificateRequest&); + + void Process(input_buffer&, SSL&); + HandShakeType get_type() const; + + void Build(); +private: + CertificateRequest(const CertificateRequest&); // hide copy + CertificateRequest& operator=(const CertificateRequest&); // and assign +}; + + +struct ServerHelloDone : public HandShakeBase { + ServerHelloDone(); + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + void Process(input_buffer& input, SSL& ssl); + + HandShakeType get_type() const; +}; + + +struct PreMasterSecret { + opaque random_[SECRET_LEN]; // first two bytes Protocol Version +}; + + +struct ClientKeyBase : public virtual_base { + virtual ~ClientKeyBase() {} + virtual void build(SSL&) {} + virtual void read(SSL&, input_buffer&) {} + virtual int get_length() const; + virtual opaque* get_clientKey() const; +}; + + +class EncryptedPreMasterSecret : public ClientKeyBase { + opaque* secret_; + int length_; +public: + EncryptedPreMasterSecret(); + ~EncryptedPreMasterSecret(); + + void build(SSL&); + void read(SSL&, input_buffer&); + int get_length() const; + opaque* get_clientKey() const; + void alloc(int sz); +private: + // hide copy and assign + EncryptedPreMasterSecret(const EncryptedPreMasterSecret&); + EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&); +}; + + +// Fortezza Key Parameters from page 29 +// hard code lengths cause only used here +struct FortezzaKeys : public ClientKeyBase { + opaque y_c_ [128]; // client's Yc, public value + opaque r_c_ [128]; // client's Rc + opaque y_signature_ [40]; // DSS signed public key + opaque wrapped_client_write_key_ [12]; // wrapped by the TEK + opaque wrapped_server_write_key_ [12]; // wrapped by the TEK + opaque client_write_iv_ [24]; + opaque server_write_iv_ [24]; + opaque master_secret_iv_ [24]; // IV used to encrypt preMaster + opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK +}; + + + +// Diffie-Hellman public key from page 40/41 +class ClientDiffieHellmanPublic : public ClientKeyBase { + PublicValueEncoding public_value_encoding_; + int length_; // includes two byte length for message + opaque* Yc_; // length + Yc_ + // dh_Yc only if explicit, otherwise sent in certificate + enum { KEY_OFFSET = 2 }; +public: + ClientDiffieHellmanPublic(); + ~ClientDiffieHellmanPublic(); + + void build(SSL&); + void read(SSL&, input_buffer&); + int get_length() const; + opaque* get_clientKey() const; + void alloc(int sz, bool offset = false); +private: + // hide copy and assign + ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&); + ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&); +}; + + +class ClientKeyExchange : public HandShakeBase { + ClientKeyBase* client_key_; +public: + explicit ClientKeyExchange(SSL& ssl); + ClientKeyExchange(); + ~ClientKeyExchange(); + + void createKey(SSL&); + void build(SSL& ssl); + + const opaque* getKey() const; + int getKeyLength() const; + + friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + HandShakeType get_type() const; + void Process(input_buffer&, SSL&); +private: + ClientKeyExchange(const ClientKeyExchange&); // hide copy + ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign +}; + + +class CertificateVerify : public HandShakeBase { + Hashes hashes_; + byte* signature_; // owns +public: + CertificateVerify(); + ~CertificateVerify(); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + friend input_buffer& operator>>(input_buffer&, CertificateVerify&); + friend output_buffer& operator<<(output_buffer&, const CertificateVerify&); + + void Process(input_buffer&, SSL&); + HandShakeType get_type() const; + + void Build(SSL&); +private: + CertificateVerify(const CertificateVerify&); // hide copy + CertificateVerify& operator=(const CertificateVerify&); // and assign +}; + + +class Finished : public HandShakeBase { + Hashes hashes_; +public: + Finished(); + + uint8* set_md5(); + uint8* set_sha(); + + friend input_buffer& operator>>(input_buffer&, Finished&); + friend output_buffer& operator<<(output_buffer&, const Finished&); + + input_buffer& set(input_buffer& in); + output_buffer& get(output_buffer& out) const; + + void Process(input_buffer&, SSL&); + + HandShakeType get_type() const; +private: + Finished(const Finished&); // hide copy + Finished& operator=(const Finished&); // and assign +}; + + +class RandomPool; // forward for connection + + +// SSL Connection defined on page 11 +struct Connection { + opaque *pre_master_secret_; + opaque master_secret_[SECRET_LEN]; + opaque client_random_[RAN_LEN]; + opaque server_random_[RAN_LEN]; + opaque sessionID_[ID_LEN]; + opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size + opaque server_write_MAC_secret_[SHA_LEN]; + opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz + opaque server_write_key_[AES_256_KEY_SZ]; + opaque client_write_IV_[AES_IV_SZ]; // aes is max size + opaque server_write_IV_[AES_IV_SZ]; + uint32 sequence_number_; + uint32 peer_sequence_number_; + uint32 pre_secret_len_; // pre master length + bool send_server_key_; // server key exchange? + bool master_clean_; // master secret clean? + bool TLS_; // TLSv1 or greater + bool TLSv1_1_; // TLSv1.1 or greater + bool sessionID_Set_; // do we have a session + bool compression_; // zlib compression? + ProtocolVersion version_; // negotiated version + ProtocolVersion chVersion_; // client hello version + RandomPool& random_; + + Connection(ProtocolVersion v, RandomPool& ran); + ~Connection(); + + void AllocPreSecret(uint sz); + void CleanPreMaster(); + void CleanMaster(); + void TurnOffTLS(); + void TurnOffTLS1_1(); +private: + Connection(const Connection&); // hide copy + Connection& operator=(const Connection&); // and assign +}; + + +struct Ciphers; // forward + + +// TLSv1 Security Spec, defined on page 56 of RFC 2246 +struct Parameters { + ConnectionEnd entity_; + BulkCipherAlgorithm bulk_cipher_algorithm_; + CipherType cipher_type_; + uint8 key_size_; + uint8 iv_size_; + IsExportable is_exportable_; + MACAlgorithm mac_algorithm_; + uint8 hash_size_; + CompressionMethod compression_algorithm_; + KeyExchangeAlgorithm kea_; // yassl additions + SignatureAlgorithm sig_algo_; // signature auth type + SignatureAlgorithm verify_algo_; // cert verify auth type + bool pending_; + bool resumable_; // new conns by session + uint16 encrypt_size_; // current msg encrypt sz + Cipher suite_[SUITE_LEN]; // choosen suite + uint8 suites_size_; + Cipher suites_[MAX_SUITE_SZ]; + char cipher_name_[MAX_SUITE_NAME]; + char cipher_list_[MAX_CIPHERS][MAX_SUITE_NAME]; + bool removeDH_; // for server's later use + + Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion, bool haveDH); + + void SetSuites(ProtocolVersion pv, bool removeDH = false, + bool removeRSA = false, bool removeDSA = false); + void SetCipherNames(); +private: + Parameters(const Parameters&); // hide copy + Parameters& operator=(const Parameters&); // and assing +}; + + +input_buffer& operator>>(input_buffer&, RecordLayerHeader&); +output_buffer& operator<<(output_buffer&, const RecordLayerHeader&); + +input_buffer& operator>>(input_buffer&, Message&); +output_buffer& operator<<(output_buffer&, const Message&); + +input_buffer& operator>>(input_buffer&, HandShakeBase&); +output_buffer& operator<<(output_buffer&, const HandShakeBase&); + + +// Message Factory definition +// uses the ContentType enumeration for unique id +typedef Factory MessageFactory; +void InitMessageFactory(MessageFactory&); // registers derived classes + +// HandShake Factory definition +// uses the HandShakeType enumeration for unique id +typedef Factory HandShakeFactory; +void InitHandShakeFactory(HandShakeFactory&); // registers derived classes + +// ServerKey Factory definition +// uses KeyExchangeAlgorithm enumeration for unique id +typedef Factory ServerKeyFactory; +void InitServerKeyFactory(ServerKeyFactory&); + +// ClientKey Factory definition +// uses KeyExchangeAlgorithm enumeration for unique id +typedef Factory ClientKeyFactory; +void InitClientKeyFactory(ClientKeyFactory&); + + +// Message Creators +Message* CreateHandShake(); +Message* CreateCipherSpec(); +Message* CreateAlert(); +Message* CreateData(); + + +// HandShake Creators +HandShakeBase* CreateCertificate(); +HandShakeBase* CreateHelloRequest(); +HandShakeBase* CreateClientHello(); +HandShakeBase* CreateServerHello(); +HandShakeBase* CreateServerKeyExchange(); +HandShakeBase* CreateCertificateRequest(); +HandShakeBase* CreateServerHelloDone(); +HandShakeBase* CreateClientKeyExchange(); +HandShakeBase* CreateCertificateVerify(); +HandShakeBase* CreateFinished(); + + +// ServerKey Exchange Creators +ServerKeyBase* CreateRSAServerKEA(); +ServerKeyBase* CreateDHServerKEA(); +ServerKeyBase* CreateFortezzaServerKEA(); + +// ClientKey Exchange Creators +ClientKeyBase* CreateRSAClient(); +ClientKeyBase* CreateDHClient(); +ClientKeyBase* CreateFortezzaClient(); + + + +} // naemspace + +#endif // yaSSL_IMP_HPP diff --git a/mysql/extra/yassl/include/yassl_int.hpp b/mysql/extra/yassl/include/yassl_int.hpp new file mode 100644 index 0000000..240cf94 --- /dev/null +++ b/mysql/extra/yassl/include/yassl_int.hpp @@ -0,0 +1,725 @@ +/* + Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + + +/* yaSSL internal header defines SSL supporting types not specified in the + * draft along with type conversion functions and openssl compatibility + */ + + +#ifndef yaSSL_INT_HPP +#define yaSSL_INT_HPP + +#include "yassl_imp.hpp" +#include "yassl_error.hpp" +#include "crypto_wrapper.hpp" +#include "cert_wrapper.hpp" +#include "log.hpp" +#include "lock.hpp" +#include "openssl/ssl.h" // ASN1_STRING and DH + +// Check if _POSIX_THREADS should be forced +#if !defined(_POSIX_THREADS) && defined(__hpux) +// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented +#define _POSIX_THREADS +#endif + +#ifdef _POSIX_THREADS + #include +#endif + + +namespace STL = STL_NAMESPACE; + + +namespace yaSSL { + + +// State Machine for Record Layer Protocol +enum RecordLayerState { + recordNotReady = 0, // fatal error, no more processing + recordReady +}; + + +// State Machine for HandShake Protocol +enum HandShakeState { + handShakeNotReady = 0, // fatal error, no more processing + preHandshake, // initial state + inHandshake, // handshake started + handShakeReady // handshake done +}; + + +// client input HandShake state, use if HandShakeState == inHandShake +enum ClientState { + serverNull = 0, + serverHelloComplete, + serverCertComplete, + serverKeyExchangeComplete, + serverHelloDoneComplete, + serverFinishedComplete +}; + + +// server input HandShake state, use if HandShakeState == inHandShake +enum ServerState { + clientNull = 0, + clientHelloComplete, + clientKeyExchangeComplete, + clientFinishedComplete +}; + + +// client connect state for nonblocking restart +enum ConnectState { + CONNECT_BEGIN = 0, + CLIENT_HELLO_SENT, + FIRST_REPLY_DONE, + FINISHED_DONE, + SECOND_REPLY_DONE +}; + + +// server accpet state for nonblocking restart +enum AcceptState { + ACCEPT_BEGIN = 0, + ACCEPT_FIRST_REPLY_DONE, + SERVER_HELLO_DONE, + ACCEPT_SECOND_REPLY_DONE, + ACCEPT_FINISHED_DONE, + ACCEPT_THIRD_REPLY_DONE +}; + + +// track received messages to explicitly disallow duplicate messages +struct RecvdMessages { + uint8 gotClientHello_; + uint8 gotServerHello_; + uint8 gotCert_; + uint8 gotServerKeyExchange_; + uint8 gotCertRequest_; + uint8 gotServerHelloDone_; + uint8 gotCertVerify_; + uint8 gotClientKeyExchange_; + uint8 gotFinished_; + RecvdMessages() : gotClientHello_(0), gotServerHello_(0), gotCert_(0), + gotServerKeyExchange_(0), gotCertRequest_(0), + gotServerHelloDone_(0), gotCertVerify_(0), + gotClientKeyExchange_(0), gotFinished_(0) + {} +}; + + +// combines all states +class States { + RecordLayerState recordLayer_; + HandShakeState handshakeLayer_; + ClientState clientState_; + ServerState serverState_; + ConnectState connectState_; + AcceptState acceptState_; + RecvdMessages recvdMessages_; + char errorString_[MAX_ERROR_SZ]; + YasslError what_; +public: + States(); + + const RecordLayerState& getRecord() const; + const HandShakeState& getHandShake() const; + const ClientState& getClient() const; + const ServerState& getServer() const; + const ConnectState& GetConnect() const; + const AcceptState& GetAccept() const; + const char* getString() const; + YasslError What() const; + + RecordLayerState& useRecord(); + HandShakeState& useHandShake(); + ClientState& useClient(); + ServerState& useServer(); + ConnectState& UseConnect(); + AcceptState& UseAccept(); + char* useString(); + void SetError(YasslError); + int SetMessageRecvd(HandShakeType); +private: + States(const States&); // hide copy + States& operator=(const States&); // and assign +}; + + +// holds all factories +class sslFactory { + MessageFactory messageFactory_; // creates new messages by type + HandShakeFactory handShakeFactory_; // creates new handshake types + ServerKeyFactory serverKeyFactory_; // creates new server key types + ClientKeyFactory clientKeyFactory_; // creates new client key types + + sslFactory(); // only GetSSL_Factory creates +public: + const MessageFactory& getMessage() const; + const HandShakeFactory& getHandShake() const; + const ServerKeyFactory& getServerKey() const; + const ClientKeyFactory& getClientKey() const; + + friend sslFactory& GetSSL_Factory(); // singleton creator +private: + sslFactory(const sslFactory&); // hide copy + sslFactory& operator=(const sslFactory&); // and assign +}; + + +#undef X509_NAME // wincrypt.h clash + +// openSSL X509 names +class X509_NAME { + char* name_; + size_t sz_; + int cnPosition_; // start of common name, -1 is none + int cnLen_; // length of above + ASN1_STRING entry_; +public: + X509_NAME(const char*, size_t sz, int pos, int len); + ~X509_NAME(); + + const char* GetName() const; + ASN1_STRING* GetEntry(int i); + size_t GetLength() const; + int GetCnPosition() const { return cnPosition_; } + int GetCnLength() const { return cnLen_; } + +private: + X509_NAME(const X509_NAME&); // hide copy + X509_NAME& operator=(const X509_NAME&); // and assign +}; + + +class StringHolder { + ASN1_STRING asnString_; +public: + StringHolder(const char* str, int sz, byte type= 0); + ~StringHolder(); + + ASN1_STRING* GetString(); +private: + StringHolder(const StringHolder&); // hide copy + StringHolder& operator=(const StringHolder&); // and assign +}; + + +// openSSL X509 +class X509 { + X509_NAME issuer_; + X509_NAME subject_; + StringHolder beforeDate_; // not valid before + StringHolder afterDate_; // not valid after +public: + X509(const char* i, size_t, const char* s, size_t, + ASN1_STRING *b, ASN1_STRING *a, int, int, int, int); + ~X509() {} + + X509_NAME* GetIssuer(); + X509_NAME* GetSubject(); + + ASN1_STRING* GetBefore(); + ASN1_STRING* GetAfter(); + +private: + X509(const X509&); // hide copy + X509& operator=(const X509&); // and assign +}; + + +// openSSL bignum +struct BIGNUM { + /* + gcc 2.96 fix: because of two Integer classes (yaSSL::Integer and + TaoCrypt::Integer), we need to explicitly state the namespace + here to let gcc 2.96 deduce the correct type. + */ + yaSSL::Integer int_; + void assign(const byte* b, uint s) { int_.assign(b,s); } +}; + + +// openSSL session +class SSL_SESSION { + opaque sessionID_[ID_LEN]; + opaque master_secret_[SECRET_LEN]; + Cipher suite_[SUITE_LEN]; + uint bornOn_; // create time in seconds + uint timeout_; // timeout in seconds + RandomPool& random_; // will clean master secret + X509* peerX509_; +public: + explicit SSL_SESSION(RandomPool&); + SSL_SESSION(const SSL&, RandomPool&); + ~SSL_SESSION(); + + const opaque* GetID() const; + const opaque* GetSecret() const; + const Cipher* GetSuite() const; + uint GetBornOn() const; + uint GetTimeOut() const; + X509* GetPeerX509() const; + void SetTimeOut(uint); + + SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption +private: + SSL_SESSION(const SSL_SESSION&); // hide copy + + void CopyX509(X509*); +}; + + +// holds all sessions +class Sessions { + STL::list list_; + RandomPool random_; // for session cleaning + Mutex mutex_; // no-op for single threaded + int count_; // flush counter + + Sessions() : count_(0) {} // only GetSessions can create +public: + SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0); + void add(const SSL&); + void remove(const opaque*); + void Flush(); + + ~Sessions(); + + friend void Session_initialize(); + friend Sessions& GetSessions(); // singleton creator +private: + Sessions(const Sessions&); // hide copy + Sessions& operator=(const Sessions&); // and assign +}; + + +#ifdef _POSIX_THREADS + typedef pthread_t THREAD_ID_T; +#else + typedef DWORD THREAD_ID_T; +#endif + +// thread error data +struct ThreadError { + THREAD_ID_T threadID_; + int errorID_; +}; + + +// holds all errors +class Errors { + STL::list list_; + Mutex mutex_; + + Errors() {} // only GetErrors can create +public: + int Lookup(bool peek); // self lookup + void Add(int); + void Remove(); // remove self + + ~Errors() {} + + friend Errors& GetErrors(); // singleton creator +private: + Errors(const Errors&); // hide copy + Errors& operator=(const Errors); // and assign +}; + + +Sessions& GetSessions(); // forward singletons +sslFactory& GetSSL_Factory(); +Errors& GetErrors(); + + +// openSSL method and context types +class SSL_METHOD { + ProtocolVersion version_; + ConnectionEnd side_; + bool verifyPeer_; // request or send certificate + bool verifyNone_; // whether to verify certificate + bool failNoCert_; + bool multipleProtocol_; // for SSLv23 compatibility +public: + SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv, + bool multipleProtocol = false); + + ProtocolVersion getVersion() const; + ConnectionEnd getSide() const; + + void setVerifyPeer(); + void setVerifyNone(); + void setFailNoCert(); + + bool verifyPeer() const; + bool verifyNone() const; + bool failNoCert() const; + bool multipleProtocol() const; +private: + SSL_METHOD(const SSL_METHOD&); // hide copy + SSL_METHOD& operator=(const SSL_METHOD&); // and assign +}; + + +struct Ciphers { + bool setSuites_; // user set suites from default + byte suites_[MAX_SUITE_SZ]; // new suites + int suiteSz_; // suite length in bytes + + Ciphers() : setSuites_(false), suiteSz_(0) {} +}; + + +struct DH; // forward + + +// save for SSL construction +struct DH_Parms { + Integer p_; + Integer g_; + bool set_; // if set by user + + DH_Parms() : set_(false) {} +}; + + +enum StatsField { + Accept, Connect, AcceptGood, ConnectGood, AcceptRenegotiate, + ConnectRenegotiate, Hits, CbHits, CacheFull, Misses, Timeouts, Number, + GetCacheSize, VerifyMode, VerifyDepth +}; + + +// SSL stats +struct Stats { + long accept_; + long connect_; + long acceptGood_; + long connectGood_; + long acceptRenegotiate_; + long connectRenegotiate_; + + long hits_; + long cbHits_; + long cacheFull_; + long misses_; + long timeouts_; + long number_; + long getCacheSize_; + + int verifyMode_; + int verifyDepth_; +public: + Stats() : accept_(0), connect_(0), acceptGood_(0), connectGood_(0), + acceptRenegotiate_(0), connectRenegotiate_(0), hits_(0), cbHits_(0), + cacheFull_(0), misses_(0), timeouts_(0), number_(0), getCacheSize_(0), + verifyMode_(0), verifyDepth_(0) + {} +private: + Stats(const Stats&); // hide copy + Stats& operator=(const Stats&); // and assign +}; + + +// the SSL context +class SSL_CTX { +public: + typedef STL::list CertList; +private: + SSL_METHOD* method_; + x509* certificate_; + x509* privateKey_; + CertList caList_; + Ciphers ciphers_; + DH_Parms dhParms_; + pem_password_cb passwordCb_; + void* userData_; + bool sessionCacheOff_; + bool sessionCacheFlushOff_; + Stats stats_; + Mutex mutex_; // for Stats + VerifyCallback verifyCallback_; +public: + explicit SSL_CTX(SSL_METHOD* meth); + ~SSL_CTX(); + + const x509* getCert() const; + const x509* getKey() const; + const SSL_METHOD* getMethod() const; + const Ciphers& GetCiphers() const; + const DH_Parms& GetDH_Parms() const; + const Stats& GetStats() const; + VerifyCallback getVerifyCallback() const; + pem_password_cb GetPasswordCb() const; + void* GetUserData() const; + bool GetSessionCacheOff() const; + bool GetSessionCacheFlushOff() const; + + void setVerifyPeer(); + void setVerifyNone(); + void setFailNoCert(); + void setVerifyCallback(VerifyCallback); + bool SetCipherList(const char*); + bool SetDH(const DH&); + void SetPasswordCb(pem_password_cb cb); + void SetUserData(void*); + void SetSessionCacheOff(); + void SetSessionCacheFlushOff(); + void SetMethod(SSL_METHOD* meth); + void IncrementStats(StatsField); + void AddCA(x509* ca); + const CertList& GetCA_List() const; + + friend int read_file(SSL_CTX*, const char*, int, CertType); +private: + SSL_CTX(const SSL_CTX&); // hide copy + SSL_CTX& operator=(const SSL_CTX&); // and assign +}; + + +// holds all cryptographic types +class Crypto { + Digest* digest_; // agreed upon digest + BulkCipher* cipher_; // agreed upon cipher + DiffieHellman* dh_; // dh parms + RandomPool random_; // random number generator + CertManager cert_; // manages certificates +public: + explicit Crypto(); + ~Crypto(); + + const Digest& get_digest() const; + const BulkCipher& get_cipher() const; + const DiffieHellman& get_dh() const; + const RandomPool& get_random() const; + const CertManager& get_certManager() const; + + Digest& use_digest(); + BulkCipher& use_cipher(); + DiffieHellman& use_dh(); + RandomPool& use_random(); + CertManager& use_certManager(); + + void SetDH(DiffieHellman*); + void SetDH(const DH_Parms&); + void setDigest(Digest*); + void setCipher(BulkCipher*); + + bool DhSet(); +private: + Crypto(const Crypto&); // hide copy + Crypto& operator=(const Crypto&); // and assign +}; + + +// holds all handshake and verify hashes +class sslHashes { + MD5 md5HandShake_; // md5 handshake hash + SHA shaHandShake_; // sha handshake hash + Finished verify_; // peer's verify hash + Hashes certVerify_; // peer's cert verify hash +public: + sslHashes() {} + + const MD5& get_MD5() const; + const SHA& get_SHA() const; + const Finished& get_verify() const; + const Hashes& get_certVerify() const; + + MD5& use_MD5(); + SHA& use_SHA(); + Finished& use_verify(); + Hashes& use_certVerify(); +private: + sslHashes(const sslHashes&); // hide copy + sslHashes& operator=(const sslHashes&); // and assign +}; + + +// holds input and output buffers +class Buffers { +public: + typedef STL::list inputList; + typedef STL::list outputList; + int prevSent; // previous plain text bytes sent when got WANT_WRITE + int plainSz; // plain text bytes in buffer to send when got WANT_WRITE +private: + inputList dataList_; // list of users app data / handshake + outputList handShakeList_; // buffered handshake msgs + input_buffer* rawInput_; // buffered raw input yet to process + output_buffer* output_; // WANT_WRITE buffered output +public: + Buffers(); + ~Buffers(); + + const inputList& getData() const; + const outputList& getHandShake() const; + + inputList& useData(); + outputList& useHandShake(); + + void SetRawInput(input_buffer*); // takes ownership + input_buffer* TakeRawInput(); // takes ownership + void SetOutput(output_buffer*); // takes ownership + output_buffer* TakeOutput(); // takes ownership +private: + Buffers(const Buffers&); // hide copy + Buffers& operator=(const Buffers&); // and assign +}; + + +// wraps security parameters +class Security { + Connection conn_; // connection information + Parameters parms_; // may be pending + SSL_SESSION resumeSession_; // if resuming + SSL_CTX* ctx_; // context used to init + bool resuming_; // trying to resume +public: + Security(ProtocolVersion, RandomPool&, ConnectionEnd, const Ciphers&, + SSL_CTX*, bool); + + const SSL_CTX* GetContext() const; + const Connection& get_connection() const; + const Parameters& get_parms() const; + const SSL_SESSION& get_resume() const; + bool get_resuming() const; + + Connection& use_connection(); + Parameters& use_parms(); + SSL_SESSION& use_resume(); + + void set_resuming(bool b); +private: + Security(const Security&); // hide copy + Security& operator=(const Security&); // and assign +}; + + +// THE SSL type +class SSL { + Crypto crypto_; // agreed crypto agents + Security secure_; // Connection and Session parms + States states_; // Record and HandShake states + sslHashes hashes_; // handshake, finished hashes + Socket socket_; // socket wrapper + Buffers buffers_; // buffered handshakes and data + Log log_; // logger + bool quietShutdown_; + + // optimization variables + bool has_data_; // buffered data ready? +public: + SSL(SSL_CTX* ctx); + + // gets and uses + const Crypto& getCrypto() const; + const Security& getSecurity() const; + const States& getStates() const; + const sslHashes& getHashes() const; + const sslFactory& getFactory() const; + const Socket& getSocket() const; + YasslError GetError() const; + bool GetMultiProtocol() const; + bool CompressionOn() const; + + Crypto& useCrypto(); + Security& useSecurity(); + States& useStates(); + sslHashes& useHashes(); + Socket& useSocket(); + Log& useLog(); + Buffers& useBuffers(); + + bool HasData() const; + bool GetQuietShutdown() const; + + // sets + void set_pending(Cipher suite); + void set_random(const opaque*, ConnectionEnd); + void set_sessionID(const opaque*); + void set_session(SSL_SESSION*); + void set_preMaster(const opaque*, uint); + void set_masterSecret(const opaque*); + void SetError(YasslError); + int SetCompression(); + void UnSetCompression(); + void SetQuietShutdown(bool mode); + + // helpers + bool isTLS() const; + bool isTLSv1_1() const; + void order_error(); + void makeMasterSecret(); + void makeTLSMasterSecret(); + void addData(input_buffer* data); + void fillData(Data&); + void PeekData(Data&); + void addBuffer(output_buffer* b); + void flushBuffer(); + void verifyState(const RecordLayerHeader&); + void verifyState(const HandShakeHeader&); + void verifyState(ClientState); + void verifyState(ServerState); + void verfiyHandShakeComplete(); + void matchSuite(const opaque*, uint length); + void deriveKeys(); + void deriveTLSKeys(); + void Send(const byte*, uint); + void SendWriteBuffered(); + + uint bufferedData(); + uint get_SEQIncrement(bool); + + const byte* get_macSecret(bool); +private: + void storeKeys(const opaque*); + void setKeys(); + void verifyClientState(HandShakeType); + void verifyServerState(HandShakeType); + + SSL(const SSL&); // hide copy + const SSL& operator=(const SSL&); // and assign +}; + + +// compression +int Compress(const byte*, int, input_buffer&); +int DeCompress(input_buffer&, int, input_buffer&); + + +// conversion functions +void c32to24(uint32, uint24&); +void c24to32(const uint24, uint32&); + +uint32 c24to32(const uint24); + +void ato16(const opaque*, uint16&); +void ato24(const opaque*, uint24&); + +void c16toa(uint16, opaque*); +void c24toa(const uint24, opaque*); +void c32toa(uint32 u32, opaque*); + + +} // naemspace + +#endif // yaSSL_INT_HPP diff --git a/mysql/extra/yassl/include/yassl_types.hpp b/mysql/extra/yassl/include/yassl_types.hpp new file mode 100644 index 0000000..129661c --- /dev/null +++ b/mysql/extra/yassl/include/yassl_types.hpp @@ -0,0 +1,540 @@ +/* + Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301 USA. +*/ + +/* yaSSL types header defines all constants, enums, and typedefs + * from the SSL.v3 specification "draft-freier-ssl-version3-02.txt" + */ + + +#ifndef yaSSL_TYPES_HPP +#define yaSSL_TYPES_HPP + +#include +#include "type_traits.hpp" + + +#ifdef _MSC_VER + // disable conversion warning + // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy + #pragma warning(disable:4244 4996) +#endif + + +#ifdef _MSC_VER + // disable conversion warning + // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy + #pragma warning(disable:4244 4996) +#endif + + +namespace yaSSL { + +#define YASSL_LIB + + +#ifdef YASSL_PURE_C + + // library allocation + struct new_t {}; // yaSSL New type + extern new_t ys; // pass in parameter + + } // namespace yaSSL + + void* operator new (size_t, yaSSL::new_t); + void* operator new[](size_t, yaSSL::new_t); + + void operator delete (void*, yaSSL::new_t); + void operator delete[](void*, yaSSL::new_t); + + + namespace yaSSL { + + + template + void ysDelete(T* ptr) + { + if (ptr) ptr->~T(); + ::operator delete(ptr, yaSSL::ys); + } + + template + void ysArrayDelete(T* ptr) + { + // can't do array placement destruction since not tracking size in + // allocation, only allow builtins to use array placement since they + // don't need destructors called + typedef char builtin[TaoCrypt::IsFundamentalType::Yes ? 1 : -1]; + (void)sizeof(builtin); + + ::operator delete[](ptr, yaSSL::ys); + } + + #define NEW_YS new (yaSSL::ys) + + // to resolve compiler generated operator delete on base classes with + // virtual destructors (when on stack) + class virtual_base { + public: + static void operator delete(void*) { } + }; + + +#else // YASSL_PURE_C + + + template + void ysDelete(T* ptr) + { + delete ptr; + } + + template + void ysArrayDelete(T* ptr) + { + delete[] ptr; + } + + #define NEW_YS new + + class virtual_base {}; + + + +#endif // YASSL_PURE_C + + +typedef unsigned char uint8; +typedef unsigned short uint16; +typedef unsigned int uint32; +typedef uint8 uint24[3]; +typedef uint32 uint64[2]; + +typedef uint8 opaque; +typedef opaque byte; + +typedef unsigned int uint; + + +#ifdef USE_SYS_STL + // use system STL + #define STL_VECTOR_FILE + #define STL_LIST_FILE + #define STL_ALGORITHM_FILE + #define STL_MEMORY_FILE + #define STL_PAIR_FILE + + #define STL_NAMESPACE std +#else + // use mySTL + #define STL_VECTOR_FILE "vector.hpp" + #define STL_LIST_FILE "list.hpp" + #define STL_ALGORITHM_FILE "algorithm.hpp" + #define STL_MEMORY_FILE "memory.hpp" + #define STL_PAIR_FILE "pair.hpp" + + #define STL_NAMESPACE mySTL +#endif + + +#ifdef min + #undef min +#endif + +template +T min(T a, T b) +{ + return a < b ? a : b; +} + + + +// all length constants in bytes +const int ID_LEN = 32; // session id length +const int SUITE_LEN = 2; // cipher suite length +const int SECRET_LEN = 48; // pre RSA and all master secret length +const int MASTER_ROUNDS = 3; // master secret derivation rounds +const int RAN_LEN = 32; // client and server random length +const int MAC_BLOCK_SZ = 64; // MAC block size, & padding +const int MD5_LEN = 16; // MD5 digest length +const int SHA_LEN = 20; // SHA digest length +const int RMD_LEN = 20; // RIPEMD-160 digest length +const int PREFIX = 3; // up to 3 prefix letters for secret rounds +const int KEY_PREFIX = 7; // up to 7 prefix letters for key rounds +const int FORTEZZA_MAX = 128; // Maximum Fortezza Key length +const int MAX_SUITE_SZ = 128; // 64 max suites * sizeof(suite) +const int MAX_SUITE_NAME = 48; // max length of suite name +const int MAX_CIPHERS = 32; // max supported ciphers for cipher list +const int SIZEOF_ENUM = 1; // SSL considers an enum 1 byte, not 4 +const int SIZEOF_SENDER = 4; // Sender constant, for finished generation +const int PAD_MD5 = 48; // pad length 1 and 2 for md5 finished +const int PAD_SHA = 40; // should be 44, specd wrong by netscape +const int PAD_RMD = 44; // pad length for RIPEMD-160, some use 40?? +const int CERT_HEADER = 3; // always use 3 bytes for certificate +const int CERT_TYPES = 7; // certificate request types +const int REQUEST_HEADER = 2; // request uses 2 bytes +const int VERIFY_HEADER = 2; // verify length field +const int MIN_CERT_TYPES = 1; // minimum certificate request types +const int MIN_DIS_NAMES = 3; // minimum distinguished names +const int MIN_DIS_SIZE = 1; // minimum distinguished name size +const int RECORD_HEADER = 5; // type + version + length(2) +const int HANDSHAKE_HEADER = 4; // type + length(3) +const int FINISHED_SZ = MD5_LEN + SHA_LEN; // sizeof finished data +const int TLS_FINISHED_SZ = 12; // TLS verify data size +const int SEQ_SZ = 8; // 64 bit sequence number +const int LENGTH_SZ = 2; // length field for HMAC, data only +const int VERSION_SZ = SIZEOF_ENUM * 2; // SSL/TLS length of version +const int DES_KEY_SZ = 8; // DES Key length +const int DES_EDE_KEY_SZ = 24; // DES EDE Key length +const int DES_BLOCK = 8; // DES is always fixed block size 8 +const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES +const int RC4_KEY_SZ = 16; // RC4 Key length +const int AES_128_KEY_SZ = 16; // AES 128bit Key length +const int AES_192_KEY_SZ = 24; // AES 192bit Key length +const int AES_256_KEY_SZ = 32; // AES 256bit Key length +const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268 +const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length +const int DSS_SIG_SZ = 40; // two 20 byte high byte first Integers +const int DSS_ENCODED_EXTRA = 6; // seqID + len(1) + (intID + len(1)) * 2 +const int EVP_SALT_SZ = 8; +const int MASTER_LABEL_SZ = 13; // TLS master secret label size +const int KEY_LABEL_SZ = 13; // TLS key block expansion size +const int FINISHED_LABEL_SZ = 15; // TLS finished lable length +const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random +const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds +const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard +const int COMPRESS_EXTRA = 1024; // extra compression possible addition +const int SESSION_FLUSH_COUNT = 256; // when to flush session cache +const int MAX_PAD_SIZE = 256; // max TLS padding size +const int COMPRESS_CONSTANT = 13; // compression calculation constant +const int COMPRESS_UPPER = 55; // compression calculation numerator +const int COMPRESS_LOWER = 64; // compression calculation denominator +const int COMPRESS_DUMMY_SIZE = 64; // compression dummy round size + +typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS + +typedef opaque Random[RAN_LEN]; + +typedef opaque* DistinguishedName; + +typedef bool IsExportable; + + +enum CompressionMethod { no_compression = 0, zlib = 221 }; + +enum CipherType { stream, block }; + +enum CipherChoice { change_cipher_spec_choice = 1 }; + +enum PublicValueEncoding { implicit_encoding, explicit_encoding }; + +enum ConnectionEnd { server_end, client_end }; + +enum AlertLevel { warning = 1, fatal = 2 }; + + + +// Record Layer Header identifier from page 12 +enum ContentType { + no_type = 0, + change_cipher_spec = 20, + alert = 21, + handshake = 22, + application_data = 23 +}; + + +// HandShake Layer Header identifier from page 20 +enum HandShakeType { + no_shake = -1, + hello_request = 0, + client_hello = 1, + server_hello = 2, + certificate = 11, + server_key_exchange = 12, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20 +}; + + +// Valid Alert types from page 16/17 +enum AlertDescription { + close_notify = 0, + unexpected_message = 10, + bad_record_mac = 20, + decompression_failure = 30, + handshake_failure = 40, + no_certificate = 41, + bad_certificate = 42, + unsupported_certificate = 43, + certificate_revoked = 44, + certificate_expired = 45, + certificate_unknown = 46, + illegal_parameter = 47 +}; + + +// Supported Key Exchange Protocols +enum KeyExchangeAlgorithm { + no_kea = 0, + rsa_kea, + diffie_hellman_kea, + fortezza_kea +}; + + +// Supported Authentication Schemes +enum SignatureAlgorithm { + anonymous_sa_algo = 0, + rsa_sa_algo, + dsa_sa_algo +}; + + +// Valid client certificate request types from page 27 +enum ClientCertificateType { + rsa_sign = 1, + dss_sign = 2, + rsa_fixed_dh = 3, + dss_fixed_dh = 4, + rsa_ephemeral_dh = 5, + dss_ephemeral_dh = 6, + fortezza_kea_cert = 20 +}; + + +// Supported Ciphers from page 43 +enum BulkCipherAlgorithm { + cipher_null, + rc4, + rc2, + des, + triple_des, // leading 3 (3des) not valid identifier + des40, + idea, + aes +}; + + +// Supported Message Authentication Codes from page 43 +enum MACAlgorithm { + no_mac, + md5, + sha, + rmd +}; + + +// Certificate file Type +enum CertType { Cert = 0, PrivateKey, CA }; + + +// all Cipher Suites from pages 41/42 +const Cipher SSL_NULL_WITH_NULL_NULL = 0; // { 0x00, 0x00 } +const Cipher SSL_RSA_WITH_NULL_MD5 = 1; // { 0x00, 0x01 } +const Cipher SSL_RSA_WITH_NULL_SHA = 2; // { 0x00, 0x02 } +const Cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3; // { 0x00, 0x03 } +const Cipher SSL_RSA_WITH_RC4_128_MD5 = 4; // { 0x00, 0x04 } +const Cipher SSL_RSA_WITH_RC4_128_SHA = 5; // { 0x00, 0x05 } +const Cipher SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6; // { 0x00, 0x06 } +const Cipher SSL_RSA_WITH_IDEA_CBC_SHA = 7; // { 0x00, 0x07 } +const Cipher SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8; // { 0x00, 0x08 } +const Cipher SSL_RSA_WITH_DES_CBC_SHA = 9; // { 0x00, 0x09 } +const Cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10; // { 0x00, 0x0A } +const Cipher SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11; // { 0x00, 0x0B } +const Cipher SSL_DH_DSS_WITH_DES_CBC_SHA = 12; // { 0x00, 0x0C } +const Cipher SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13; // { 0x00, 0x0D } +const Cipher SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14; // { 0x00, 0x0E } +const Cipher SSL_DH_RSA_WITH_DES_CBC_SHA = 15; // { 0x00, 0x0F } +const Cipher SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16; // { 0x00, 0x10 } +const Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17; // { 0x00, 0x11 } +const Cipher SSL_DHE_DSS_WITH_DES_CBC_SHA = 18; // { 0x00, 0x12 } +const Cipher SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19; // { 0x00, 0x13 } +const Cipher SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20; // { 0x00, 0x14 } +const Cipher SSL_DHE_RSA_WITH_DES_CBC_SHA = 21; // { 0x00, 0x15 } +const Cipher SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22; // { 0x00, 0x16 } +const Cipher SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23; // { 0x00, 0x17 } +const Cipher SSL_DH_anon_WITH_RC4_128_MD5 = 24; // { 0x00, 0x18 } +const Cipher SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25; // { 0x00, 0x19 } +const Cipher SSL_DH_anon_WITH_DES_CBC_SHA = 26; // { 0x00, 0x1A } +const Cipher SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27; // { 0x00, 0x1B } +const Cipher SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28; // { 0x00, 0x1C } +const Cipher SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29; // { 0x00, 0x1D } +const Cipher SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30; // { 0x00, 0x1E } + +// .. to 0x2B uses Kerberos Authentication + + +// TLS AES extensions +const Cipher TLS_RSA_WITH_AES_128_CBC_SHA = 47; // { 0x00, 0x2F } +const Cipher TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48; // { 0x00, 0x30 } +const Cipher TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49; // { 0x00, 0x31 } +const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50; // { 0x00, 0x32 } +const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51; // { 0x00, 0x33 } +const Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA = 52; // { 0x00, 0x34 } + +const Cipher TLS_RSA_WITH_AES_256_CBC_SHA = 53; // { 0x00, 0x35 } +const Cipher TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54; // { 0x00, 0x36 } +const Cipher TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55; // { 0x00, 0x37 } +const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56; // { 0x00, 0x38 } +const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57; // { 0x00, 0x39 } +const Cipher TLS_DH_anon_WITH_AES_256_CBC_SHA = 58; // { 0x00, 0x3A } + + +// OpenPGP extensions + +const Cipher TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114; // { 0x00, 0x72 }; +const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115; // { 0x00, 0x73 }; +const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116; // { 0x00, 0x74 }; +const Cipher TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119; // { 0x00, 0x77 }; +const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120; // { 0x00, 0x78 }; +const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121; // { 0x00, 0x79 }; +const Cipher TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124; // { 0x00, 0x7C }; +const Cipher TLS_RSA_WITH_AES_128_CBC_RMD160 = 125; // { 0x00, 0x7D }; +const Cipher TLS_RSA_WITH_AES_256_CBC_RMD160 = 126; // { 0x00, 0x7E }; + + +const char* const null_str = ""; + +const char* const cipher_names[128] = +{ + null_str, // SSL_NULL_WITH_NULL_NULL = 0 + null_str, // SSL_RSA_WITH_NULL_MD5 = 1 + null_str, // SSL_RSA_WITH_NULL_SHA = 2 + null_str, // SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3 + "RC4-MD5", // SSL_RSA_WITH_RC4_128_MD5 = 4 + "RC4-SHA", // SSL_RSA_WITH_RC4_128_SHA = 5 + null_str, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6 + null_str, // SSL_RSA_WITH_IDEA_CBC_SHA = 7 + null_str, // SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8 + "DES-CBC-SHA", // SSL_RSA_WITH_DES_CBC_SHA = 9 + "DES-CBC3-SHA", // SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10 + + null_str, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11 + null_str, // SSL_DH_DSS_WITH_DES_CBC_SHA = 12 + null_str, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13 + null_str, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14 + null_str, // SSL_DH_RSA_WITH_DES_CBC_SHA = 15 + null_str, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16 + null_str, // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17 + "EDH-DSS-DES-CBC-SHA", // SSL_DHE_DSS_WITH_DES_CBC_SHA = 18 + "EDH-DSS-DES-CBC3-SHA", // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19 + null_str, // SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20 + + "EDH-RSA-DES-CBC-SHA", // SSL_DHE_RSA_WITH_DES_CBC_SHA = 21 + "EDH-RSA-DES-CBC3-SHA", // SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22 + null_str, // SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23 + null_str, // SSL_DH_anon_WITH_RC4_128_MD5 = 24 + null_str, // SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25 + null_str, // SSL_DH_anon_WITH_DES_CBC_SHA = 26 + null_str, // SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27 + null_str, // SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28 + null_str, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29 + null_str, // SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30 + + null_str, null_str, null_str, null_str, null_str, // 31 - 35 + null_str, null_str, null_str, null_str, null_str, // 36 - 40 + null_str, null_str, null_str, null_str, null_str, // 41 - 45 + null_str, // 46 + + // TLS AES extensions + "AES128-SHA", // TLS_RSA_WITH_AES_128_CBC_SHA = 47 + null_str, // TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48 + null_str, // TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49 + "DHE-DSS-AES128-SHA", // TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50 + "DHE-RSA-AES128-SHA", // TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51 + null_str, // TLS_DH_anon_WITH_AES_128_CBC_SHA = 52 + + "AES256-SHA", // TLS_RSA_WITH_AES_256_CBC_SHA = 53 + null_str, // TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54 + null_str, // TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55 + "DHE-DSS-AES256-SHA", // TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56 + "DHE-RSA-AES256-SHA", // TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57 + null_str, // TLS_DH_anon_WITH_AES_256_CBC_SHA = 58 + + null_str, // 59 + null_str, // 60 + null_str, null_str, null_str, null_str, null_str, // 61 - 65 + null_str, null_str, null_str, null_str, null_str, // 66 - 70 + null_str, null_str, null_str, null_str, null_str, // 71 - 75 + null_str, null_str, null_str, null_str, null_str, // 76 - 80 + null_str, null_str, null_str, null_str, null_str, // 81 - 85 + null_str, null_str, null_str, null_str, null_str, // 86 - 90 + null_str, null_str, null_str, null_str, null_str, // 91 - 95 + null_str, null_str, null_str, null_str, null_str, // 96 - 100 + null_str, null_str, null_str, null_str, null_str, // 101 - 105 + null_str, null_str, null_str, null_str, null_str, // 106 - 110 + null_str, null_str, null_str, // 111 - 113 + + "DHE-DSS-DES-CBC3-RMD", // TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114 + "DHE-DSS-AES128-RMD", // TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115 + "DHE-DSS-AES256-RMD", // TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116 + null_str, // 117 + null_str, // 118 + "DHE-RSA-DES-CBC3-RMD", // TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119 + "DHE-RSA-AES128-RMD", // TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120 + "DHE-RSA-AES256-RMD", // TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121 + null_str, // 122 + null_str, // 123 + "DES-CBC3-RMD", // TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124 + "AES128-RMD", // TLS_RSA_WITH_AES_128_CBC_RMD160 = 125 + "AES256-RMD", // TLS_RSA_WITH_AES_256_CBC_RMD160 = 126 + null_str // 127 +}; + +// fill with MD5 pad size since biggest required +const opaque PAD1[PAD_MD5] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, + 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 + }; +const opaque PAD2[PAD_MD5] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, + 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c + }; + +const opaque client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; +const opaque server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; + +const opaque tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; +const opaque tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; + +const opaque master_label[MASTER_LABEL_SZ + 1] = "master secret"; +const opaque key_label [KEY_LABEL_SZ + 1] = "key expansion"; + + +} // naemspace + +#if __GNUC__ == 2 && __GNUC_MINOR__ <= 96 +/* + gcc 2.96 bails out because of two declarations of byte: yaSSL::byte and + TaoCrypt::byte. TODO: define global types.hpp and move the declaration of + 'byte' there. +*/ +using yaSSL::byte; +#endif + + +#endif // yaSSL_TYPES_HPP -- cgit v1.1