From 72e7f011b29998d8a3e15eb5b381ef962af5fe5b Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Fri, 5 Apr 2019 10:30:58 +0300 Subject: Upgrade to 8.0.15 --- mysql/extra/yassl/include/buffer.hpp | 211 ------ mysql/extra/yassl/include/cert_wrapper.hpp | 137 ---- mysql/extra/yassl/include/crypto_wrapper.hpp | 428 ------------ mysql/extra/yassl/include/factory.hpp | 101 --- mysql/extra/yassl/include/handshake.hpp | 69 -- mysql/extra/yassl/include/lock.hpp | 96 --- mysql/extra/yassl/include/log.hpp | 55 -- mysql/extra/yassl/include/openssl/crypto.h | 33 - mysql/extra/yassl/include/openssl/des.h | 20 - mysql/extra/yassl/include/openssl/des_old.h | 20 - mysql/extra/yassl/include/openssl/engine.h | 24 - mysql/extra/yassl/include/openssl/err.h | 27 - mysql/extra/yassl/include/openssl/evp.h | 29 - mysql/extra/yassl/include/openssl/hmac.h | 20 - mysql/extra/yassl/include/openssl/lhash.h | 21 - mysql/extra/yassl/include/openssl/md4.h | 20 - mysql/extra/yassl/include/openssl/md5.h | 23 - mysql/extra/yassl/include/openssl/objects.h | 20 - mysql/extra/yassl/include/openssl/opensslv.h | 31 - mysql/extra/yassl/include/openssl/pem.h | 20 - mysql/extra/yassl/include/openssl/pkcs12.h | 24 - mysql/extra/yassl/include/openssl/prefix_crypto.h | 20 - mysql/extra/yassl/include/openssl/prefix_ssl.h | 189 ------ mysql/extra/yassl/include/openssl/rand.h | 21 - mysql/extra/yassl/include/openssl/rsa.h | 29 - mysql/extra/yassl/include/openssl/sha.h | 20 - mysql/extra/yassl/include/openssl/ssl.h | 568 ---------------- .../extra/yassl/include/openssl/transport_types.h | 26 - mysql/extra/yassl/include/openssl/x509.h | 20 - mysql/extra/yassl/include/openssl/x509v3.h | 20 - mysql/extra/yassl/include/socket_wrapper.hpp | 104 --- mysql/extra/yassl/include/timer.hpp | 40 -- mysql/extra/yassl/include/yassl.hpp | 85 --- mysql/extra/yassl/include/yassl_error.hpp | 88 --- mysql/extra/yassl/include/yassl_imp.hpp | 748 --------------------- mysql/extra/yassl/include/yassl_int.hpp | 725 -------------------- mysql/extra/yassl/include/yassl_types.hpp | 540 --------------- 37 files changed, 4672 deletions(-) delete mode 100644 mysql/extra/yassl/include/buffer.hpp delete mode 100644 mysql/extra/yassl/include/cert_wrapper.hpp delete mode 100644 mysql/extra/yassl/include/crypto_wrapper.hpp delete mode 100644 mysql/extra/yassl/include/factory.hpp delete mode 100644 mysql/extra/yassl/include/handshake.hpp delete mode 100644 mysql/extra/yassl/include/lock.hpp delete mode 100644 mysql/extra/yassl/include/log.hpp delete mode 100644 mysql/extra/yassl/include/openssl/crypto.h delete mode 100644 mysql/extra/yassl/include/openssl/des.h delete mode 100644 mysql/extra/yassl/include/openssl/des_old.h delete mode 100644 mysql/extra/yassl/include/openssl/engine.h delete mode 100644 mysql/extra/yassl/include/openssl/err.h delete mode 100644 mysql/extra/yassl/include/openssl/evp.h delete mode 100644 mysql/extra/yassl/include/openssl/hmac.h delete mode 100644 mysql/extra/yassl/include/openssl/lhash.h delete mode 100644 mysql/extra/yassl/include/openssl/md4.h delete mode 100644 mysql/extra/yassl/include/openssl/md5.h delete mode 100644 mysql/extra/yassl/include/openssl/objects.h delete mode 100644 mysql/extra/yassl/include/openssl/opensslv.h delete mode 100644 mysql/extra/yassl/include/openssl/pem.h delete mode 100644 mysql/extra/yassl/include/openssl/pkcs12.h delete mode 100644 mysql/extra/yassl/include/openssl/prefix_crypto.h delete mode 100644 mysql/extra/yassl/include/openssl/prefix_ssl.h delete mode 100644 mysql/extra/yassl/include/openssl/rand.h delete mode 100644 mysql/extra/yassl/include/openssl/rsa.h delete mode 100644 mysql/extra/yassl/include/openssl/sha.h delete mode 100644 mysql/extra/yassl/include/openssl/ssl.h delete mode 100644 mysql/extra/yassl/include/openssl/transport_types.h delete mode 100644 mysql/extra/yassl/include/openssl/x509.h delete mode 100644 mysql/extra/yassl/include/openssl/x509v3.h delete mode 100644 mysql/extra/yassl/include/socket_wrapper.hpp delete mode 100644 mysql/extra/yassl/include/timer.hpp delete mode 100644 mysql/extra/yassl/include/yassl.hpp delete mode 100644 mysql/extra/yassl/include/yassl_error.hpp delete mode 100644 mysql/extra/yassl/include/yassl_imp.hpp delete mode 100644 mysql/extra/yassl/include/yassl_int.hpp delete mode 100644 mysql/extra/yassl/include/yassl_types.hpp (limited to 'mysql/extra/yassl/include') diff --git a/mysql/extra/yassl/include/buffer.hpp b/mysql/extra/yassl/include/buffer.hpp deleted file mode 100644 index 77d2ed8..0000000 --- a/mysql/extra/yassl/include/buffer.hpp +++ /dev/null @@ -1,211 +0,0 @@ -/* - Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* yaSSL buffer header defines input and output buffers to simulate streaming - * with SSL types and sockets - */ - -#ifndef yaSSL_BUFFER_HPP -#define yaSSL_BUFFER_HPP - -#include // assert -#include "yassl_types.hpp" // ysDelete -#include "memory.hpp" // mySTL::auto_ptr -#include STL_ALGORITHM_FILE - - -namespace STL = STL_NAMESPACE; - - -#ifdef _MSC_VER - // disable truncated debug symbols - #pragma warning(disable:4786) -#endif - - -namespace yaSSL { - -typedef unsigned char byte; -typedef unsigned int uint; -const uint AUTO = 0xFEEDBEEF; - - - -struct NoCheck { - int check(uint, uint); -}; - -struct Check { - int check(uint, uint); -}; - -/* input_buffer operates like a smart c style array with a checking option, - * meant to be read from through [] with AUTO index or read(). - * Should only write to at/near construction with assign() or raw (e.g., recv) - * followed by add_size with the number of elements added by raw write. - * - * Not using vector because need checked []access, offset, and the ability to - * write to the buffer bulk wise and have the correct size - */ - -class input_buffer : public Check { - uint size_; // number of elements in buffer - uint current_; // current offset position in buffer - byte* buffer_; // storage for buffer - byte* end_; // end of storage marker - int error_; // error number - byte zero_; // for returning const reference to zero byte -public: - input_buffer(); - - explicit input_buffer(uint s); - - // with assign - input_buffer(uint s, const byte* t, uint len); - - ~input_buffer(); - - // users can pass defualt zero length buffer and then allocate - void allocate(uint s); - - // for passing to raw writing functions at beginning, then use add_size - byte* get_buffer() const; - - // after a raw write user can set new size - // if you know the size before the write use assign() - void add_size(uint i); - - uint get_capacity() const; - - uint get_current() const; - - uint get_size() const; - - uint get_remaining() const; - - int get_error() const; - - void set_error(); - - void set_current(uint i); - - // read only access through [], advance current - // user passes in AUTO index for ease of use - const byte& operator[](uint i); - - // end of input test - bool eof(); - - // peek ahead - byte peek(); - - // write function, should use at/near construction - void assign(const byte* t, uint s); - - // use read to query input, adjusts current - void read(byte* dst, uint length); - -private: - input_buffer(const input_buffer&); // hide copy - input_buffer& operator=(const input_buffer&); // and assign -}; - - -/* output_buffer operates like a smart c style array with a checking option. - * Meant to be written to through [] with AUTO index or write(). - * Size (current) counter increases when written to. Can be constructed with - * zero length buffer but be sure to allocate before first use. - * Don't use add write for a couple bytes, use [] instead, way less overhead. - * - * Not using vector because need checked []access and the ability to - * write to the buffer bulk wise and retain correct size - */ -class output_buffer : public NoCheck { - uint current_; // current offset and elements in buffer - byte* buffer_; // storage for buffer - byte* end_; // end of storage marker -public: - // default - output_buffer(); - - // with allocate - explicit output_buffer(uint s); - - // with assign - output_buffer(uint s, const byte* t, uint len); - - ~output_buffer(); - - uint get_size() const; - - uint get_capacity() const; - - void set_current(uint c); - - // users can pass defualt zero length buffer and then allocate - void allocate(uint s); - - // for passing to reading functions when finished - const byte* get_buffer() const; - - // allow write access through [], update current - // user passes in AUTO as index for ease of use - byte& operator[](uint i); - - // end of output test - bool eof(); - - void write(const byte* t, uint s); - -private: - output_buffer(const output_buffer&); // hide copy - output_buffer& operator=(const output_buffer&); // and assign -}; - - - - -// turn delete an incomplete type into comipler error instead of warning -template -inline void checked_delete(T* p) -{ - typedef char complete_type[sizeof(T) ? 1 : -1]; - (void)sizeof(complete_type); - ysDelete(p); -} - - -// checked delete functor increases effeciency, no indirection on function call -// sets pointer to zero so safe for std conatiners -struct del_ptr_zero -{ - template - void operator()(T*& p) const - { - T* tmp = 0; - STL::swap(tmp, p); - checked_delete(tmp); - } -}; - - - -} // naemspace - -#endif // yaSSL_BUUFER_HPP diff --git a/mysql/extra/yassl/include/cert_wrapper.hpp b/mysql/extra/yassl/include/cert_wrapper.hpp deleted file mode 100644 index 8e3393b..0000000 --- a/mysql/extra/yassl/include/cert_wrapper.hpp +++ /dev/null @@ -1,137 +0,0 @@ -/* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. - */ - - -/* The certificate wrapper header defines certificate management functions - * - */ - - -#ifndef yaSSL_CERT_WRAPPER_HPP -#define yaSSL_CERT_WRAPPER_HPP - -#ifdef _MSC_VER - // disable truncated debug symbols - #pragma warning(disable:4786) -#endif - - -#include "yassl_types.hpp" // SignatureAlgorithm -#include "buffer.hpp" // input_buffer -#include "asn.hpp" // SignerList -#include "openssl/ssl.h" // internal and external use -#include STL_LIST_FILE -#include STL_ALGORITHM_FILE - - -namespace STL = STL_NAMESPACE; - - -namespace yaSSL { - -typedef unsigned char opaque; -class X509; // forward openSSL type - -using TaoCrypt::SignerList; - -// an x509 version 3 certificate -class x509 { - uint length_; - opaque* buffer_; -public: - explicit x509(uint sz); - ~x509(); - - uint get_length() const; - const opaque* get_buffer() const; - opaque* use_buffer(); - - x509(const x509&); - x509& operator=(const x509&); -private: - void Swap(x509&); -}; - - -// Certificate Manager keeps a list of the cert chain and public key -class CertManager { - typedef STL::list CertList; - - CertList list_; // self - input_buffer privateKey_; - - CertList peerList_; // peer - input_buffer peerPublicKey_; - X509* peerX509_; // peer's openSSL X509 - X509* selfX509_; // our own openSSL X509 - - SignatureAlgorithm keyType_; // self key type - SignatureAlgorithm peerKeyType_; // peer's key type - - SignerList signers_; // decoded CA keys and names - // plus verified chained certs - bool verifyPeer_; - bool verifyNone_; // no error if verify fails - bool failNoCert_; - bool sendVerify_; - bool sendBlankCert_; - VerifyCallback verifyCallback_; // user verify callback -public: - CertManager(); - ~CertManager(); - - void AddPeerCert(x509* x); // take ownership - void CopySelfCert(const x509* x); - int CopyCaCert(const x509* x); - int Validate(); - - int SetPrivateKey(const x509&); - - const x509* get_cert() const; - const opaque* get_peerKey() const; - const opaque* get_privateKey() const; - X509* get_peerX509() const; - X509* get_selfX509() const; - SignatureAlgorithm get_keyType() const; - SignatureAlgorithm get_peerKeyType() const; - - uint get_peerKeyLength() const; - uint get_privateKeyLength() const; - - bool verifyPeer() const; - bool verifyNone() const; - bool failNoCert() const; - bool sendVerify() const; - bool sendBlankCert() const; - - void setVerifyPeer(); - void setVerifyNone(); - void setFailNoCert(); - void setSendVerify(); - void setSendBlankCert(); - void setPeerX509(X509*); - void setVerifyCallback(VerifyCallback); -private: - CertManager(const CertManager&); // hide copy - CertManager& operator=(const CertManager&); // and assigin -}; - - -} // naemspace - -#endif // yaSSL_CERT_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/crypto_wrapper.hpp b/mysql/extra/yassl/include/crypto_wrapper.hpp deleted file mode 100644 index c0395cb..0000000 --- a/mysql/extra/yassl/include/crypto_wrapper.hpp +++ /dev/null @@ -1,428 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* The crypto wrapper header is used to define policies for the cipher - * components used by SSL. There are 3 policies to consider: - * - * 1) MAC, the Message Authentication Code used for each Message - * 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message - * 3) Atuhentication, the Digitial Signing/Verifiaction scheme used - * - * This header doesn't rely on a specific crypto libraries internals, - * only the implementation should. - */ - - -#ifndef yaSSL_CRYPTO_WRAPPER_HPP -#define yaSSL_CRYPTO_WRAPPER_HPP - -#include "yassl_types.hpp" -#include // FILE - - -namespace yaSSL { - - -// Digest policy should implement a get_digest, update, and get sizes for pad -// and digest -struct Digest : public virtual_base { - virtual void get_digest(byte*) = 0; - virtual void get_digest(byte*, const byte*, unsigned int) = 0; - virtual void update(const byte*, unsigned int) = 0; - virtual uint get_digestSize() const = 0; - virtual uint get_padSize() const = 0; - virtual ~Digest() {} -}; - - -// For use with NULL Digests -struct NO_MAC : public Digest { - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; -}; - - -// MD5 Digest -class MD5 : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - MD5(); - ~MD5(); - MD5(const MD5&); - MD5& operator=(const MD5&); -private: - struct MD5Impl; - MD5Impl* pimpl_; -}; - - -// SHA-1 Digest -class SHA : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - SHA(); - ~SHA(); - SHA(const SHA&); - SHA& operator=(const SHA&); -private: - struct SHAImpl; - SHAImpl* pimpl_; - -}; - - -// RIPEMD-160 Digest -class RMD : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - RMD(); - ~RMD(); - RMD(const RMD&); - RMD& operator=(const RMD&); -private: - struct RMDImpl; - RMDImpl* pimpl_; - -}; - - -// HMAC_MD5 -class HMAC_MD5 : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - HMAC_MD5(const byte*, unsigned int); - ~HMAC_MD5(); -private: - struct HMAC_MD5Impl; - HMAC_MD5Impl* pimpl_; - - HMAC_MD5(const HMAC_MD5&); - HMAC_MD5& operator=(const HMAC_MD5&); -}; - - -// HMAC_SHA-1 -class HMAC_SHA : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - HMAC_SHA(const byte*, unsigned int); - ~HMAC_SHA(); -private: - struct HMAC_SHAImpl; - HMAC_SHAImpl* pimpl_; - - HMAC_SHA(const HMAC_SHA&); - HMAC_SHA& operator=(const HMAC_SHA&); -}; - - -// HMAC_RMD -class HMAC_RMD : public Digest { -public: - void get_digest(byte*); - void get_digest(byte*, const byte*, unsigned int); - void update(const byte*, unsigned int); - uint get_digestSize() const; - uint get_padSize() const; - HMAC_RMD(const byte*, unsigned int); - ~HMAC_RMD(); -private: - struct HMAC_RMDImpl; - HMAC_RMDImpl* pimpl_; - - HMAC_RMD(const HMAC_RMD&); - HMAC_RMD& operator=(const HMAC_RMD&); -}; - - -// BulkCipher policy should implement encrypt, decrypt, get block size, -// and set keys for encrypt and decrypt -struct BulkCipher : public virtual_base { - virtual void encrypt(byte*, const byte*, unsigned int) = 0; - virtual void decrypt(byte*, const byte*, unsigned int) = 0; - virtual void set_encryptKey(const byte*, const byte* = 0) = 0; - virtual void set_decryptKey(const byte*, const byte* = 0) = 0; - virtual uint get_blockSize() const = 0; - virtual int get_keySize() const = 0; - virtual int get_ivSize() const = 0; - virtual ~BulkCipher() {} -}; - - -// For use with NULL Ciphers -struct NO_Cipher : public BulkCipher { - void encrypt(byte*, const byte*, unsigned int) {} - void decrypt(byte*, const byte*, unsigned int) {} - void set_encryptKey(const byte*, const byte*) {} - void set_decryptKey(const byte*, const byte*) {} - uint get_blockSize() const { return 0; } - int get_keySize() const { return 0; } - int get_ivSize() const { return 0; } -}; - - -// SSLv3 and TLSv1 always use DES in CBC mode so IV is required -class DES : public BulkCipher { -public: - void encrypt(byte*, const byte*, unsigned int); - void decrypt(byte*, const byte*, unsigned int); - void set_encryptKey(const byte*, const byte*); - void set_decryptKey(const byte*, const byte*); - uint get_blockSize() const { return DES_BLOCK; } - int get_keySize() const { return DES_KEY_SZ; } - int get_ivSize() const { return DES_IV_SZ; } - DES(); - ~DES(); -private: - struct DESImpl; - DESImpl* pimpl_; - - DES(const DES&); // hide copy - DES& operator=(const DES&); // & assign -}; - - -// 3DES Encrypt-Decrypt-Encrypt in CBC mode -class DES_EDE : public BulkCipher { -public: - void encrypt(byte*, const byte*, unsigned int); - void decrypt(byte*, const byte*, unsigned int); - void set_encryptKey(const byte*, const byte*); - void set_decryptKey(const byte*, const byte*); - uint get_blockSize() const { return DES_BLOCK; } - int get_keySize() const { return DES_EDE_KEY_SZ; } - int get_ivSize() const { return DES_IV_SZ; } - DES_EDE(); - ~DES_EDE(); -private: - struct DES_EDEImpl; - DES_EDEImpl* pimpl_; - - DES_EDE(const DES_EDE&); // hide copy - DES_EDE& operator=(const DES_EDE&); // & assign -}; - - -// Alledged RC4 -class RC4 : public BulkCipher { -public: - void encrypt(byte*, const byte*, unsigned int); - void decrypt(byte*, const byte*, unsigned int); - void set_encryptKey(const byte*, const byte*); - void set_decryptKey(const byte*, const byte*); - uint get_blockSize() const { return 0; } - int get_keySize() const { return RC4_KEY_SZ; } - int get_ivSize() const { return 0; } - RC4(); - ~RC4(); -private: - struct RC4Impl; - RC4Impl* pimpl_; - - RC4(const RC4&); // hide copy - RC4& operator=(const RC4&); // & assign -}; - - -// AES -class AES : public BulkCipher { -public: - void encrypt(byte*, const byte*, unsigned int); - void decrypt(byte*, const byte*, unsigned int); - void set_encryptKey(const byte*, const byte*); - void set_decryptKey(const byte*, const byte*); - uint get_blockSize() const { return AES_BLOCK_SZ; } - int get_keySize() const; - int get_ivSize() const { return AES_IV_SZ; } - explicit AES(unsigned int = AES_128_KEY_SZ); - ~AES(); -private: - struct AESImpl; - AESImpl* pimpl_; - - AES(const AES&); // hide copy - AES& operator=(const AES&); // & assign -}; - - -// Random number generator -class RandomPool { -public: - void Fill(opaque* dst, uint sz) const; - RandomPool(); - ~RandomPool(); - - int GetError() const; - - friend class RSA; - friend class DSS; - friend class DiffieHellman; -private: - struct RandomImpl; - RandomImpl* pimpl_; - - RandomPool(const RandomPool&); // hide copy - RandomPool& operator=(const RandomPool&); // & assign -}; - - -// Authentication policy should implement sign, and verify -struct Auth : public virtual_base { - virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0; - virtual bool verify(const byte*, unsigned int, const byte*, - unsigned int) = 0; - virtual uint get_signatureLength() const = 0; - virtual ~Auth() {} -}; - - -// For use with NULL Authentication schemes -struct NO_Auth : public Auth { - void sign(byte*, const byte*, unsigned int, const RandomPool&) {} - bool verify(const byte*, unsigned int, const byte*, unsigned int) - { return true; } -}; - - -// Digitial Signature Standard scheme -class DSS : public Auth { -public: - void sign(byte*, const byte*, unsigned int, const RandomPool&); - bool verify(const byte*, unsigned int, const byte*, unsigned int); - uint get_signatureLength() const; - DSS(const byte*, unsigned int, bool publicKey = true); - ~DSS(); -private: - struct DSSImpl; - DSSImpl* pimpl_; - - DSS(const DSS&); - DSS& operator=(const DSS&); -}; - - -// RSA Authentication and exchange -class RSA : public Auth { -public: - void sign(byte*, const byte*, unsigned int, const RandomPool&); - bool verify(const byte*, unsigned int, const byte*, unsigned int); - void encrypt(byte*, const byte*, unsigned int, const RandomPool&); - void decrypt(byte*, const byte*, unsigned int, const RandomPool&); - uint get_signatureLength() const; - uint get_cipherLength() const; - RSA(const byte*, unsigned int, bool publicKey = true); - ~RSA(); -private: - struct RSAImpl; - RSAImpl* pimpl_; - - RSA(const RSA&); // hide copy - RSA& operator=(const RSA&); // & assing -}; - - -class Integer; - -// Diffie-Hellman agreement -// hide for now TODO: figure out a way to give access to C clients p and g args -class DiffieHellman { -public: - DiffieHellman(const byte*, unsigned int, const byte*, unsigned int, - const byte*, unsigned int, const RandomPool& random); - //DiffieHellman(const char*, const RandomPool&); - DiffieHellman(const Integer&, const Integer&, const RandomPool&); - ~DiffieHellman(); - - DiffieHellman(const DiffieHellman&); - DiffieHellman& operator=(const DiffieHellman&); - - uint get_agreedKeyLength() const; - const byte* get_agreedKey() const; - uint get_publicKeyLength() const; - const byte* get_publicKey() const; - void makeAgreement(const byte*, unsigned int); - - void set_sizes(int&, int&, int&) const; - void get_parms(byte*, byte*, byte*) const; -private: - struct DHImpl; - DHImpl* pimpl_; -}; - - -// Lagrge Integer -class Integer { -public: - Integer(); - ~Integer(); - - Integer(const Integer&); - Integer& operator=(const Integer&); - - void assign(const byte*, unsigned int); - - friend class DiffieHellman; -private: - struct IntegerImpl; - IntegerImpl* pimpl_; -}; - - -class x509; - - -struct EncryptedInfo { - enum { IV_SZ = 32, NAME_SZ = 80 }; - char name[NAME_SZ]; // max one line - byte iv[IV_SZ]; // in base16 rep - uint ivSz; - bool set; - - EncryptedInfo() : ivSz(0), set(false) {} -}; - -x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0); - - -} // naemspace - -#endif // yaSSL_CRYPTO_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/factory.hpp b/mysql/extra/yassl/include/factory.hpp deleted file mode 100644 index dd6532f..0000000 --- a/mysql/extra/yassl/include/factory.hpp +++ /dev/null @@ -1,101 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* The factory header defines an Object Factory, used by SSL message and - * handshake types. - * - * See Desgin Pattern in GoF and Alexandrescu's chapter in Modern C++ Design, - * page 208 - */ - - - -#ifndef yaSSL_FACTORY_HPP -#define yaSSL_FACTORY_HPP - -#include STL_VECTOR_FILE -#include STL_PAIR_FILE - - -namespace STL = STL_NAMESPACE; - - - - - -namespace yaSSL { - - -// Factory uses its callback map to create objects by id, -// returning an abstract base pointer -template -class Factory { - typedef STL::pair CallBack; - typedef STL::vector CallBackVector; - - CallBackVector callbacks_; -public: - // pass function pointer to register all callbacks upon creation - explicit Factory(void (*init)(Factory&)) - { - init(*this); - } - - // reserve place in vector before registering, used by init funcion - void Reserve(size_t sz) - { - callbacks_.reserve(sz); - } - - // register callback - void Register(const IdentifierType& id, ProductCreator pc) - { - callbacks_.push_back(STL::make_pair(id, pc)); - } - - // THE Creator, returns a new object of the proper type or 0 - AbstractProduct* CreateObject(const IdentifierType& id) const - { - typedef typename STL::vector::const_iterator cIter; - - cIter first = callbacks_.begin(); - cIter last = callbacks_.end(); - - while (first != last) { - if (first->first == id) - break; - ++first; - } - - if (first == callbacks_.end()) - return 0; - return (first->second)(); - } -private: - Factory(const Factory&); // hide copy - Factory& operator=(const Factory&); // and assign -}; - - -} // naemspace - -#endif // yaSSL_FACTORY_HPP diff --git a/mysql/extra/yassl/include/handshake.hpp b/mysql/extra/yassl/include/handshake.hpp deleted file mode 100644 index 0c9949a..0000000 --- a/mysql/extra/yassl/include/handshake.hpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* The handshake header declares function prototypes for creating and reading - * the various handshake messages. - */ - - - -#ifndef yaSSL_HANDSHAKE_HPP -#define yaSSL_HANDSHAKE_HPP - -#include "yassl_types.hpp" - - -namespace yaSSL { - -// forward decls -class SSL; -class Finished; -class Data; -class Alert; -struct Hashes; - -enum BufferOutput { buffered, unbuffered }; - -void sendClientHello(SSL&); -void sendServerHello(SSL&, BufferOutput = buffered); -void sendServerHelloDone(SSL&, BufferOutput = buffered); -void sendClientKeyExchange(SSL&, BufferOutput = buffered); -void sendServerKeyExchange(SSL&, BufferOutput = buffered); -void sendChangeCipher(SSL&, BufferOutput = buffered); -void sendFinished(SSL&, ConnectionEnd, BufferOutput = buffered); -void sendCertificate(SSL&, BufferOutput = buffered); -void sendCertificateRequest(SSL&, BufferOutput = buffered); -void sendCertificateVerify(SSL&, BufferOutput = buffered); -int sendData(SSL&, const void*, int); -int sendAlert(SSL& ssl, const Alert& alert); - -int receiveData(SSL&, Data&, bool peek = false); -void processReply(SSL&); - -void buildFinished(SSL&, Finished&, const opaque*); -void build_certHashes(SSL&, Hashes&); - -void hmac(SSL&, byte*, const byte*, uint, ContentType, bool verify = false); -void TLS_hmac(SSL&, byte*, const byte*, uint, ContentType, - bool verify = false); -void PRF(byte* digest, uint digLen, const byte* secret, uint secLen, - const byte* label, uint labLen, const byte* seed, uint seedLen); - -} // naemspace - -#endif // yaSSL_HANDSHAKE_HPP diff --git a/mysql/extra/yassl/include/lock.hpp b/mysql/extra/yassl/include/lock.hpp deleted file mode 100644 index 5273f92..0000000 --- a/mysql/extra/yassl/include/lock.hpp +++ /dev/null @@ -1,96 +0,0 @@ -/* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks - * automatically upon exit, no-ops provided for Single Threaded -*/ - -#ifndef yaSSL_LOCK_HPP -#define yaSSL_LOCK_HPP - -/* - Visual Studio Source Annotations header (sourceannotations.h) fails - to compile if outside of the global namespace. -*/ -#ifdef MULTI_THREADED -#ifdef _WIN32 -#include -#endif -#endif - -namespace yaSSL { - - -#ifdef MULTI_THREADED - #ifdef _WIN32 - #include - - class Mutex { - CRITICAL_SECTION cs_; - public: - Mutex(); - ~Mutex(); - - class Lock; - friend class Lock; - - class Lock { - Mutex& mutex_; - public: - explicit Lock(Mutex& lm); - ~Lock(); - }; - }; - #else // _WIN32 - #include - - class Mutex { - pthread_mutex_t mutex_; - public: - - Mutex(); - ~Mutex(); - - class Lock; - friend class Lock; - - class Lock { - Mutex& mutex_; - public: - explicit Lock(Mutex& lm); - ~Lock(); - }; - }; - - #endif // _WIN32 -#else // MULTI_THREADED (WE'RE SINGLE) - - class Mutex { - public: - class Lock { - public: - explicit Lock(Mutex&) {} - }; - }; - -#endif // MULTI_THREADED - - - -} // namespace -#endif // yaSSL_LOCK_HPP diff --git a/mysql/extra/yassl/include/log.hpp b/mysql/extra/yassl/include/log.hpp deleted file mode 100644 index 2651d07..0000000 --- a/mysql/extra/yassl/include/log.hpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* yaSSL log interface - * - */ - -#ifndef yaSSL_LOG_HPP -#define yaSSL_LOG_HPP - -#include "socket_wrapper.hpp" - -#ifdef YASSL_LOG -#include -#endif - -namespace yaSSL { - -typedef unsigned int uint; - - -// Debug logger -class Log { -#ifdef YASSL_LOG - FILE* log_; -#endif -public: - explicit Log(const char* str = "yaSSL.log"); - ~Log(); - - void Trace(const char*); - void ShowTCP(socket_t, bool ended = false); - void ShowData(uint, bool sent = false); -}; - - -} // naemspace - -#endif // yaSSL_LOG_HPP diff --git a/mysql/extra/yassl/include/openssl/crypto.h b/mysql/extra/yassl/include/openssl/crypto.h deleted file mode 100644 index fc2971a..0000000 --- a/mysql/extra/yassl/include/openssl/crypto.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/* crypto.h for openSSL */ - -#ifndef yaSSL_crypto_h__ -#define yaSSL_crypto_h__ - -#ifdef YASSL_PREFIX -#include "prefix_crypto.h" -#endif - -const char* SSLeay_version(int type); - -#define SSLEAY_NUMBER_DEFINED -#define SSLEAY_VERSION 0x0900L -#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION - - -#endif /* yaSSL_crypto_h__ */ - diff --git a/mysql/extra/yassl/include/openssl/des.h b/mysql/extra/yassl/include/openssl/des.h deleted file mode 100644 index f7394b6..0000000 --- a/mysql/extra/yassl/include/openssl/des.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2005 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* des.h for openssl */ diff --git a/mysql/extra/yassl/include/openssl/des_old.h b/mysql/extra/yassl/include/openssl/des_old.h deleted file mode 100644 index b6e2e3e..0000000 --- a/mysql/extra/yassl/include/openssl/des_old.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2007 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* des_old.h for openvn */ diff --git a/mysql/extra/yassl/include/openssl/engine.h b/mysql/extra/yassl/include/openssl/engine.h deleted file mode 100644 index 15ddcd1..0000000 --- a/mysql/extra/yassl/include/openssl/engine.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* engine.h for libcurl */ - -#undef HAVE_OPENSSL_ENGINE_H - - diff --git a/mysql/extra/yassl/include/openssl/err.h b/mysql/extra/yassl/include/openssl/err.h deleted file mode 100644 index 9484742..0000000 --- a/mysql/extra/yassl/include/openssl/err.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - Copyright (C) 2005, 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* err.h for openssl */ - -#ifndef yaSSL_err_h__ -#define yaSSL_err_h__ - - - -#endif /* yaSSL_err_h__ */ diff --git a/mysql/extra/yassl/include/openssl/evp.h b/mysql/extra/yassl/include/openssl/evp.h deleted file mode 100644 index 6aa7335..0000000 --- a/mysql/extra/yassl/include/openssl/evp.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - Copyright (C) 2007 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* evp.h for openSSL */ - -#ifndef SSLEAY_NUMBER_DEFINED -#define SSLEAY_NUMBER_DEFINED - -/* for OpenVPN */ -#define SSLEAY_VERSION_NUMBER 0x0090700f - - -#endif /* SSLEAY_NUMBER_DEFINED */ diff --git a/mysql/extra/yassl/include/openssl/hmac.h b/mysql/extra/yassl/include/openssl/hmac.h deleted file mode 100644 index 5da6644..0000000 --- a/mysql/extra/yassl/include/openssl/hmac.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2007 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* hmac.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/lhash.h b/mysql/extra/yassl/include/openssl/lhash.h deleted file mode 100644 index 6d64df7..0000000 --- a/mysql/extra/yassl/include/openssl/lhash.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - Copyright (C) 2005 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* lhash.h for openSSL */ - diff --git a/mysql/extra/yassl/include/openssl/md4.h b/mysql/extra/yassl/include/openssl/md4.h deleted file mode 100644 index 8a86499..0000000 --- a/mysql/extra/yassl/include/openssl/md4.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* md4.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/md5.h b/mysql/extra/yassl/include/openssl/md5.h deleted file mode 100644 index b54ebcd..0000000 --- a/mysql/extra/yassl/include/openssl/md5.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - Copyright (C) 2005, 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* md5.h for openssl */ - -#include "ssl.h" /* in there for now */ - diff --git a/mysql/extra/yassl/include/openssl/objects.h b/mysql/extra/yassl/include/openssl/objects.h deleted file mode 100644 index ed2c029..0000000 --- a/mysql/extra/yassl/include/openssl/objects.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2007 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* objects.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/opensslv.h b/mysql/extra/yassl/include/openssl/opensslv.h deleted file mode 100644 index 88b9ca6..0000000 --- a/mysql/extra/yassl/include/openssl/opensslv.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - Copyright (C) 2005 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* opensslv.h compatibility */ - -#ifndef yaSSL_opensslv_h__ -#define yaSSL_opensslv_h__ - - -/* api version compatibility */ -#define OPENSSL_VERSION_NUMBER 0x0090700f - - -#endif /* yaSSLopensslv_h__ */ - diff --git a/mysql/extra/yassl/include/openssl/pem.h b/mysql/extra/yassl/include/openssl/pem.h deleted file mode 100644 index c467e46..0000000 --- a/mysql/extra/yassl/include/openssl/pem.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* pem.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/pkcs12.h b/mysql/extra/yassl/include/openssl/pkcs12.h deleted file mode 100644 index c3f8ee6..0000000 --- a/mysql/extra/yassl/include/openssl/pkcs12.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* pkcs12.h for libcurl */ - - -#undef HAVE_OPENSSL_PKCS12_H - diff --git a/mysql/extra/yassl/include/openssl/prefix_crypto.h b/mysql/extra/yassl/include/openssl/prefix_crypto.h deleted file mode 100644 index 895dd51..0000000 --- a/mysql/extra/yassl/include/openssl/prefix_crypto.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -#define SSLeay_version yaSSLeay_version diff --git a/mysql/extra/yassl/include/openssl/prefix_ssl.h b/mysql/extra/yassl/include/openssl/prefix_ssl.h deleted file mode 100644 index 806f103..0000000 --- a/mysql/extra/yassl/include/openssl/prefix_ssl.h +++ /dev/null @@ -1,189 +0,0 @@ -/* - Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -#define Copyright yaCopyright -#define yaSSL_CleanUp yayaSSL_CleanUp -#define BN_bin2bn yaBN_bin2bn -#define DH_new yaDH_new -#define DH_free yaDH_free -#define RSA_free yaRSA_free -#define RSA_generate_key yaRSA_generate_key -#define X509_free yaX509_free -#define X509_STORE_CTX_get_current_cert yaX509_STORE_CTX_get_current_cert -#define X509_STORE_CTX_get_error yaX509_STORE_CTX_get_error -#define X509_STORE_CTX_get_error_depth yaX509_STORE_CTX_get_error_depth -#define X509_NAME_oneline yaX509_NAME_oneline -#define X509_get_issuer_name yaX509_get_issuer_name -#define X509_get_subject_name yaX509_get_subject_name -#define X509_verify_cert_error_string yaX509_verify_cert_error_string -#define X509_LOOKUP_add_dir yaX509_LOOKUP_add_dir -#define X509_LOOKUP_load_file yaX509_LOOKUP_load_file -#define X509_LOOKUP_hash_dir yaX509_LOOKUP_hash_dir -#define X509_LOOKUP_file yaX509_LOOKUP_file -#define X509_STORE_add_lookup yaX509_STORE_add_lookup -#define X509_STORE_new yaX509_STORE_new -#define X509_STORE_get_by_subject yaX509_STORE_get_by_subject -#define ERR_get_error_line_data yaERR_get_error_line_data -#define ERR_print_errors_fp yaERR_print_errors_fp -#define ERR_error_string yaERR_error_string -#define ERR_remove_state yaERR_remove_state -#define ERR_get_error yaERR_get_error -#define ERR_peek_error yaERR_peek_error -#define ERR_GET_REASON yaERR_GET_REASON -#define SSL_CTX_new yaSSL_CTX_new -#define SSL_new yaSSL_new -#define SSL_set_fd yaSSL_set_fd -#define SSL_get_fd yaSSL_get_fd -#define SSL_connect yaSSL_connect -#define SSL_write yaSSL_write -#define SSL_read yaSSL_read -#define SSL_accept yaSSL_accept -#define SSL_CTX_free yaSSL_CTX_free -#define SSL_free yaSSL_free -#define SSL_clear yaSSL_clear -#define SSL_shutdown yaSSL_shutdown -#define SSL_set_connect_state yaSSL_set_connect_state -#define SSL_set_accept_state yaSSL_set_accept_state -#define SSL_do_handshake yaSSL_do_handshake -#define SSL_get_cipher yaSSL_get_cipher -#define SSL_get_cipher_name yaSSL_get_cipher_name -#define SSL_get_shared_ciphers yaSSL_get_shared_ciphers -#define SSL_get_cipher_list yaSSL_get_cipher_list -#define SSL_get_version yaSSL_get_version -#define SSLeay_version yaSSLeay_version -#define SSL_get_error yaSSL_get_error -#define SSL_load_error_strings yaSSL_load_error_strings -#define SSL_set_session yaSSL_set_session -#define SSL_get_session yaSSL_get_session -#define SSL_flush_sessions yaSSL_flush_sessions -#define SSL_SESSION_set_timeout yaSSL_SESSION_set_timeout -#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode -#define SSL_get_peer_certificate yaSSL_get_peer_certificate -#define SSL_get_verify_result yaSSL_get_verify_result -#define SSL_CTX_set_verify yaSSL_CTX_set_verify -#define SSL_CTX_load_verify_locations yaSSL_CTX_load_verify_locations -#define SSL_CTX_set_default_verify_paths yaSSL_CTX_set_default_verify_paths -#define SSL_CTX_check_private_key yaSSL_CTX_check_private_key -#define SSL_CTX_set_session_id_context yaSSL_CTX_set_session_id_context -#define SSL_CTX_set_tmp_rsa_callback yaSSL_CTX_set_tmp_rsa_callback -#define SSL_CTX_set_options yaSSL_CTX_set_options -#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode -#define SSL_CTX_set_timeout yaSSL_CTX_set_timeout -#define SSL_CTX_use_certificate_chain_file yaSSL_CTX_use_certificate_chain_file -#define SSL_CTX_set_default_passwd_cb yaSSL_CTX_set_default_passwd_cb -#define SSL_CTX_use_RSAPrivateKey_file yaSSL_CTX_use_RSAPrivateKey_file -#define SSL_CTX_set_info_callback yaSSL_CTX_set_info_callback -#define SSL_CTX_sess_accept yaSSL_CTX_sess_accept -#define SSL_CTX_sess_connect yaSSL_CTX_sess_connect -#define SSL_CTX_sess_accept_good yaSSL_CTX_sess_accept_good -#define SSL_CTX_sess_connect_good yaSSL_CTX_sess_connect_good -#define SSL_CTX_sess_accept_renegotiate yaSSL_CTX_sess_accept_renegotiate -#define SSL_CTX_sess_connect_renegotiate yaSSL_CTX_sess_connect_renegotiate -#define SSL_CTX_sess_hits yaSSL_CTX_sess_hits -#define SSL_CTX_sess_cb_hits yaSSL_CTX_sess_cb_hits -#define SSL_CTX_sess_cache_full yaSSL_CTX_sess_cache_full -#define SSL_CTX_sess_misses yaSSL_CTX_sess_misses -#define SSL_CTX_sess_timeouts yaSSL_CTX_sess_timeouts -#define SSL_CTX_sess_number yaSSL_CTX_sess_number -#define SSL_CTX_sess_get_cache_size yaSSL_CTX_sess_get_cache_size -#define SSL_CTX_get_verify_mode yaSSL_CTX_get_verify_mode -#define SSL_get_verify_mode yaSSL_get_verify_mode -#define SSL_CTX_get_verify_depth yaSSL_CTX_get_verify_depth -#define SSL_get_verify_depth yaSSL_get_verify_depth -#define SSL_get_default_timeout yaSSL_get_default_timeout -#define SSL_CTX_get_session_cache_mode yaSSL_CTX_get_session_cache_mode -#define SSL_session_reused yaSSL_session_reused -#define SSL_set_rfd yaSSL_set_rfd -#define SSL_set_wfd yaSSL_set_wfd -#define SSL_set_shutdown yaSSL_set_shutdown -#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown -#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown -#define SSL_want_read yaSSL_want_read -#define SSL_want_write yaSSL_want_write -#define SSL_pending yaSSL_pending -#define SSLv3_method yaSSLv3_method -#define SSLv3_server_method yaSSLv3_server_method -#define SSLv3_client_method yaSSLv3_client_method -#define TLSv1_server_method yaTLSv1_server_method -#define TLSv1_client_method yaTLSv1_client_method -#define TLSv1_1_server_method yaTLSv1_1_server_method -#define TLSv1_1_client_method yaTLSv1_1_client_method -#define SSLv23_server_method yaSSLv23_server_method -#define SSL_CTX_use_certificate_file yaSSL_CTX_use_certificate_file -#define SSL_CTX_use_PrivateKey_file yaSSL_CTX_use_PrivateKey_file -#define SSL_CTX_set_cipher_list yaSSL_CTX_set_cipher_list -#define SSL_CTX_sess_set_cache_size yaSSL_CTX_sess_set_cache_size -#define SSL_CTX_set_tmp_dh yaSSL_CTX_set_tmp_dh -#define OpenSSL_add_all_algorithms yaOpenSSL_add_all_algorithms -#define SSL_library_init yaSSL_library_init -#define SSLeay_add_ssl_algorithms yaSSLeay_add_ssl_algorithms -#define SSL_get_current_cipher yaSSL_get_current_cipher -#define SSL_CIPHER_description yaSSL_CIPHER_description -#define SSL_alert_type_string_long yaSSL_alert_type_string_long -#define SSL_alert_desc_string_long yaSSL_alert_desc_string_long -#define SSL_state_string_long yaSSL_state_string_long -#define EVP_md5 yaEVP_md5 -#define EVP_des_ede3_cbc yaEVP_des_ede3_cbc -#define EVP_BytesToKey yaEVP_BytesToKey -#define DES_set_key_unchecked yaDES_set_key_unchecked -#define DES_ede3_cbc_encrypt yaDES_ede3_cbc_encrypt -#define RAND_screen yaRAND_screen -#define RAND_file_name yaRAND_file_name -#define RAND_write_file yaRAND_write_file -#define RAND_load_file yaRAND_load_file -#define RAND_status yaRAND_status -#define RAND_bytes yaRAND_bytes -#define DES_set_key yaDES_set_key -#define DES_set_odd_parity yaDES_set_odd_parity -#define DES_ecb_encrypt yaDES_ecb_encrypt -#define SSL_CTX_set_default_passwd_cb_userdata yaSSL_CTX_set_default_passwd_cb_userdata -#define SSL_SESSION_free yaSSL_SESSION_free -#define SSL_peek yaSSL_peek -#define SSL_get_certificate yaSSL_get_certificate -#define SSL_get_privatekey yaSSL_get_privatekey -#define X509_get_pubkey yaX509_get_pubkey -#define EVP_PKEY_copy_parameters yaEVP_PKEY_copy_parameters -#define EVP_PKEY_free yaEVP_PKEY_free -#define ERR_error_string_n yaERR_error_string_n -#define ERR_free_strings yaERR_free_strings -#define EVP_cleanup yaEVP_cleanup -#define X509_get_ext_d2i yaX509_get_ext_d2i -#define GENERAL_NAMES_free yaGENERAL_NAMES_free -#define sk_GENERAL_NAME_num yask_GENERAL_NAME_num -#define sk_GENERAL_NAME_value yask_GENERAL_NAME_value -#define ASN1_STRING_data yaASN1_STRING_data -#define ASN1_STRING_length yaASN1_STRING_length -#define ASN1_STRING_type yaASN1_STRING_type -#define X509_NAME_get_index_by_NID yaX509_NAME_get_index_by_NID -#define X509_NAME_ENTRY_get_data yaX509_NAME_ENTRY_get_data -#define X509_NAME_get_entry yaX509_NAME_get_entry -#define ASN1_STRING_to_UTF8 yaASN1_STRING_to_UTF8 -#define SSLv23_client_method yaSSLv23_client_method -#define SSLv2_client_method yaSSLv2_client_method -#define SSL_get1_session yaSSL_get1_session -#define X509_get_notBefore yaX509_get_notBefore -#define X509_get_notAfter yaX509_get_notAfter -#define yaSSL_ASN1_TIME_to_string ya_SSL_ASN1_TIME_to_string -#define MD4_Init yaMD4_Init -#define MD4_Update yaMD4_Update -#define MD4_Final yaMD4_Final -#define MD5_Init yaMD5_Init -#define MD5_Update yaMD5_Update -#define MD5_Final yaMD5_Final -#define SSL_set_compression yaSSL_set_compression -#define PEM_read_X509 yaSSL_PEM_read_X509 diff --git a/mysql/extra/yassl/include/openssl/rand.h b/mysql/extra/yassl/include/openssl/rand.h deleted file mode 100644 index 9e0cedf..0000000 --- a/mysql/extra/yassl/include/openssl/rand.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - Copyright (C) 2005 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* rand.h for openSSL */ - diff --git a/mysql/extra/yassl/include/openssl/rsa.h b/mysql/extra/yassl/include/openssl/rsa.h deleted file mode 100644 index 95305a8..0000000 --- a/mysql/extra/yassl/include/openssl/rsa.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - Copyright (C) 2005, 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* rsa.h for openSSL */ - - -#ifndef yaSSL_rsa_h__ -#define yaSSL_rsa_h__ - -enum { RSA_F4 = 1 }; - - -#endif /* yaSSL_rsa_h__ */ diff --git a/mysql/extra/yassl/include/openssl/sha.h b/mysql/extra/yassl/include/openssl/sha.h deleted file mode 100644 index 5b7c6bd..0000000 --- a/mysql/extra/yassl/include/openssl/sha.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2007 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* sha.h for openvpn */ diff --git a/mysql/extra/yassl/include/openssl/ssl.h b/mysql/extra/yassl/include/openssl/ssl.h deleted file mode 100644 index 10fa491..0000000 --- a/mysql/extra/yassl/include/openssl/ssl.h +++ /dev/null @@ -1,568 +0,0 @@ -/* - Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. - */ - -/* ssl.h defines openssl compatibility layer - * - */ - - - -#ifndef yaSSL_openssl_h__ -#define yaSSL_openssl_h__ - -#ifdef YASSL_PREFIX -#include "prefix_ssl.h" -#endif - -#include /* ERR_print fp */ -#include "opensslv.h" /* for version number */ -#include "rsa.h" - - -#define YASSL_VERSION "2.4.4" - - -#if defined(__cplusplus) -extern "C" { -#endif - - void yaSSL_CleanUp(); /* call once at end of application use to - free static singleton memory holders, - not a leak per se, but helpful when - looking for them */ - -#if defined(__cplusplus) -} // extern -#endif - -#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) -namespace yaSSL { -extern "C" { -#endif - -#undef X509_NAME /* wincrypt.h clash */ - -#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) - class SSL; - class SSL_SESSION; - class SSL_METHOD; - class SSL_CTX; - class SSL_CIPHER; - - class RSA; - - class X509; - class X509_NAME; -#else - typedef struct SSL SSL; - typedef struct SSL_SESSION SSL_SESSION; - typedef struct SSL_METHOD SSL_METHOD; - typedef struct SSL_CTX SSL_CTX; - typedef struct SSL_CIPHER SSL_CIPHER; - - typedef struct RSA RSA; - - typedef struct X509 X509; - typedef struct X509_NAME X509_NAME; -#endif - - -/* Big Number stuff, different file? */ -typedef struct BIGNUM BIGNUM; - -BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*); - - -/* Diffie-Hellman stuff, different file? */ -/* mySQL deferences to set group parameters */ -typedef struct DH { - BIGNUM* p; - BIGNUM* g; -} DH; - -DH* DH_new(void); -void DH_free(DH*); - -/* RSA stuff */ - -void RSA_free(RSA*); -RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); - - -/* X509 stuff, different file? */ - -/* because mySQL dereferences to use error and current_cert, even after calling - * get functions for local references */ -typedef struct X509_STORE_CTX { - int error; - int error_depth; - X509* current_cert; -} X509_STORE_CTX; - - -typedef struct X509_STORE X509_STORE; -typedef struct X509_LOOKUP X509_LOOKUP; -typedef struct X509_OBJECT { char c; } X509_OBJECT; -typedef struct X509_CRL X509_CRL; -typedef struct X509_REVOKED X509_REVOKED; -typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD; - - -void X509_free(X509*); - - -/* bio stuff */ -typedef struct BIO BIO; - -/* ASN stuff */ - - - -X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*); -int X509_STORE_CTX_get_error(X509_STORE_CTX*); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*); - -char* X509_NAME_oneline(X509_NAME*, char*, int); -X509_NAME* X509_get_issuer_name(X509*); -X509_NAME* X509_get_subject_name(X509*); -const char* X509_verify_cert_error_string(long); - -int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long); -int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long); -X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void); -X509_LOOKUP_METHOD* X509_LOOKUP_file(void); - -X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*); -X509_STORE* X509_STORE_new(void); -int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, - X509_OBJECT*); - - - - -enum { /* X509 Constants */ - X509_V_OK = 0, - X509_V_ERR_CERT_CHAIN_TOO_LONG = 1, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2, - X509_V_ERR_CERT_NOT_YET_VALID = 3, - X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4, - X509_V_ERR_CERT_HAS_EXPIRED = 5, - X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6, - X509_FILETYPE_PEM = 7, - X509_LU_X509 = 8, - X509_LU_CRL = 9, - X509_V_ERR_CRL_SIGNATURE_FAILURE = 10, - X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11, - X509_V_ERR_CRL_HAS_EXPIRED = 12, - X509_V_ERR_CERT_REVOKED = 13, - X509_V_FLAG_CRL_CHECK = 14, - X509_V_FLAG_CRL_CHECK_ALL = 15 -}; - - -/* Error stuff, could move to yassl_error */ -unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); -void ERR_print_errors_fp(FILE*); -char* ERR_error_string(unsigned long,char*); -void ERR_remove_state(unsigned long); -unsigned long ERR_get_error(void); -unsigned long ERR_peek_error(void); -int ERR_GET_REASON(int); - - -enum { /* ERR Constants */ - ERR_TXT_STRING = 1, - EVP_R_BAD_DECRYPT = 2 -}; - -/* - Allow type used by SSL_set_fd to be changed, default to int - in order to be compatible with OpenSSL - */ -#ifndef YASSL_SOCKET_T_DEFINED -typedef int YASSL_SOCKET_T; -#endif - -SSL_CTX* SSL_CTX_new(SSL_METHOD*); -SSL* SSL_new(SSL_CTX*); -int SSL_set_fd (SSL*, YASSL_SOCKET_T); -YASSL_SOCKET_T SSL_get_fd(const SSL*); -int SSL_connect(SSL*); /* if you get an error from connect - see note at top of README */ -int SSL_write(SSL*, const void*, int); -int SSL_read(SSL*, void*, int); -int SSL_accept(SSL*); -void SSL_CTX_free(SSL_CTX*); -void SSL_free(SSL*); -int SSL_clear(SSL*); -int SSL_shutdown(SSL*); - -void SSL_set_connect_state(SSL*); -void SSL_set_accept_state(SSL*); -int SSL_do_handshake(SSL*); - -const char* SSL_get_cipher(SSL*); -const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */ -char* SSL_get_shared_ciphers(SSL*, char*, int); -const char* SSL_get_cipher_list(SSL*, int); -const char* SSL_get_version(SSL*); -const char* SSLeay_version(int); - -int SSL_get_error(SSL*, int); -void SSL_load_error_strings(void); - -int SSL_set_session(SSL *ssl, SSL_SESSION *session); -SSL_SESSION* SSL_get_session(SSL* ssl); -void SSL_flush_sessions(SSL_CTX *ctx, long tm); -long SSL_SESSION_set_timeout(SSL_SESSION*, long); -long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode); -X509* SSL_get_peer_certificate(SSL*); -long SSL_get_verify_result(SSL*); - - -typedef int (*VerifyCallback)(int, X509_STORE_CTX*); -typedef int (*pem_password_cb)(char*, int, int, void*); -int default_password_callback(char * buffer, int size_arg, int rwflag, - void * u); - -void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback); -int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*); -int SSL_CTX_set_default_verify_paths(SSL_CTX*); -int SSL_CTX_check_private_key(SSL_CTX*); -int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*, - unsigned int); - -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int)); -long SSL_CTX_set_options(SSL_CTX*, long); -long SSL_CTX_set_session_cache_mode(SSL_CTX*, long); -long SSL_CTX_set_timeout(SSL_CTX*, long); -int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*); -void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int); -void SSL_CTX_set_info_callback(SSL_CTX*, void (*)()); - -long SSL_CTX_sess_accept(SSL_CTX*); -long SSL_CTX_sess_connect(SSL_CTX*); -long SSL_CTX_sess_accept_good(SSL_CTX*); -long SSL_CTX_sess_connect_good(SSL_CTX*); -long SSL_CTX_sess_accept_renegotiate(SSL_CTX*); -long SSL_CTX_sess_connect_renegotiate(SSL_CTX*); -long SSL_CTX_sess_hits(SSL_CTX*); -long SSL_CTX_sess_cb_hits(SSL_CTX*); -long SSL_CTX_sess_cache_full(SSL_CTX*); -long SSL_CTX_sess_misses(SSL_CTX*); -long SSL_CTX_sess_timeouts(SSL_CTX*); -long SSL_CTX_sess_number(SSL_CTX*); -long SSL_CTX_sess_get_cache_size(SSL_CTX*); - -int SSL_CTX_get_verify_mode(SSL_CTX*); -int SSL_get_verify_mode(SSL*); -int SSL_CTX_get_verify_depth(SSL_CTX*); -int SSL_get_verify_depth(SSL*); - -long SSL_get_default_timeout(SSL*); -long SSL_CTX_get_session_cache_mode(SSL_CTX*); -int SSL_session_reused(SSL*); - -int SSL_set_rfd(SSL*, int); -int SSL_set_wfd(SSL*, int); -void SSL_set_shutdown(SSL*, int); -void SSL_set_quiet_shutdown(SSL *ssl,int mode); -int SSL_get_quiet_shutdown(SSL *ssl); - -int SSL_want_read(SSL*); -int SSL_want_write(SSL*); - -int SSL_pending(SSL*); - - -enum { /* ssl Constants */ - SSL_WOULD_BLOCK = -8, - SSL_BAD_STAT = -7, - SSL_BAD_PATH = -6, - SSL_BAD_FILETYPE = -5, - SSL_BAD_FILE = -4, - SSL_NOT_IMPLEMENTED = -3, - SSL_UNKNOWN = -2, - SSL_FATAL_ERROR = -1, - SSL_NORMAL_SHUTDOWN = 0, - SSL_ERROR_NONE = 0, /* for most functions */ - SSL_FAILURE = 0, /* for some functions */ - SSL_SUCCESS = 1, - - SSL_FILETYPE_ASN1 = 10, - SSL_FILETYPE_PEM = 11, - SSL_FILETYPE_DEFAULT = 10, /* ASN1 */ - - SSL_VERIFY_NONE = 0, - SSL_VERIFY_PEER = 1, - SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, - SSL_VERIFY_CLIENT_ONCE = 4, - - SSL_SESS_CACHE_OFF = 30, - SSL_SESS_CACHE_CLIENT = 31, - SSL_SESS_CACHE_SERVER = 32, - SSL_SESS_CACHE_BOTH = 33, - SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, - - SSL_OP_MICROSOFT_SESS_ID_BUG = 50, - SSL_OP_NETSCAPE_CHALLENGE_BUG = 51, - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52, - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53, - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54, - SSL_OP_MSIE_SSLV2_RSA_PADDING = 55, - SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56, - SSL_OP_TLS_D5_BUG = 57, - SSL_OP_TLS_BLOCK_PADDING_BUG = 58, - SSL_OP_TLS_ROLLBACK_BUG = 59, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60, - SSL_OP_ALL = 61, - SSL_OP_SINGLE_DH_USE = 62, - SSL_OP_EPHEMERAL_RSA = 63, - SSL_OP_PKCS1_CHECK_1 = 67, - SSL_OP_PKCS1_CHECK_2 = 68, - SSL_OP_NETSCAPE_CA_DN_BUG = 69, - SSL_OP_NON_EXPORT_FIRST = 70, - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71, - - SSL_ERROR_WANT_READ = 80, - SSL_ERROR_WANT_WRITE = 81, - SSL_ERROR_SYSCALL = 82, - SSL_ERROR_WANT_X509_LOOKUP = 83, - SSL_ERROR_ZERO_RETURN = 84, - SSL_ERROR_SSL = 85, - - SSL_ST_CONNECT = 90, - SSL_ST_ACCEPT = 91, - SSL_CB_LOOP = 92, - SSL_SENT_SHUTDOWN = 93, - SSL_RECEIVED_SHUTDOWN = 94, - SSL_CB_ALERT = 95, - SSL_CB_READ = 96, - SSL_CB_HANDSHAKE_DONE = 97, - - SSL_OP_NO_SSLv2 = 128, - SSL_OP_NO_SSLv3 = 256, - SSL_OP_NO_TLSv1 = 512, - SSL_OP_NO_TLSv1_1 = 1024, -}; - - -SSL_METHOD *SSLv3_method(void); -SSL_METHOD *SSLv3_server_method(void); -SSL_METHOD *SSLv3_client_method(void); -SSL_METHOD *TLSv1_server_method(void); -SSL_METHOD *TLSv1_client_method(void); -SSL_METHOD *TLSv1_1_server_method(void); -SSL_METHOD *TLSv1_1_client_method(void); -SSL_METHOD *SSLv23_server_method(void); - -int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int); -int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int); -int SSL_CTX_set_cipher_list(SSL_CTX*, const char*); - -long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); -long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); - -void OpenSSL_add_all_algorithms(void); -int SSL_library_init(); -int SSLeay_add_ssl_algorithms(void); - - -SSL_CIPHER* SSL_get_current_cipher(SSL*); -char* SSL_CIPHER_description(SSL_CIPHER*, char*, int); - - -char* SSL_alert_type_string_long(int); -char* SSL_alert_desc_string_long(int); -char* SSL_state_string_long(SSL*); - -X509* PEM_read_X509(FILE *fp, X509 *x, pem_password_cb cb, void *u); -/* EVP stuff, des and md5, different file? */ -typedef char EVP_MD; - -typedef char EVP_CIPHER; - -typedef struct EVP_PKEY EVP_PKEY; - -typedef unsigned char DES_cblock[8]; -typedef const DES_cblock const_DES_cblock; -typedef DES_cblock DES_key_schedule; - -enum { - DES_ENCRYPT = 1, - DES_DECRYPT = 0 -}; - -const EVP_MD* EVP_md5(void); -const EVP_CIPHER* EVP_des_ede3_cbc(void); - -typedef unsigned char opaque; - -int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*, - const opaque*, int, int, opaque*, opaque*); - -void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*); -void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*, - DES_key_schedule*, DES_key_schedule*, DES_cblock*, int); - - -/* RAND stuff */ -void RAND_screen(void); -const char* RAND_file_name(char*, size_t); -int RAND_write_file(const char*); -int RAND_load_file(const char*, long); - - -/* for libcurl */ -int RAND_status(void); -int RAND_bytes(unsigned char* buf, int num); - -int DES_set_key(const_DES_cblock*, DES_key_schedule*); -void DES_set_odd_parity(DES_cblock*); -void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); - -void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); -void SSL_SESSION_free(SSL_SESSION* session); -int SSL_peek(SSL* ssl, void* buf, int num); - -X509* SSL_get_certificate(SSL* ssl); -EVP_PKEY* SSL_get_privatekey(SSL* ssl); -EVP_PKEY* X509_get_pubkey(X509* x); - -int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from); -void EVP_PKEY_free(EVP_PKEY* pkey); -void ERR_error_string_n(unsigned long e, char *buf, size_t len); -void ERR_free_strings(void); -void EVP_cleanup(void); - -void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx); - -#define GEN_IPADD 7 -#define NID_subject_alt_name 85 -#define STACK_OF(x) x - - -/* defined here because libcurl dereferences */ -typedef struct ASN1_STRING { - int type; - int length; - unsigned char* data; -} ASN1_STRING; - - -typedef struct GENERAL_NAME { - int type; - union { - ASN1_STRING* ia5; - } d; -} GENERAL_NAME; - -void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x); - -int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x); -GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i); - - -unsigned char* ASN1_STRING_data(ASN1_STRING* x); -int ASN1_STRING_length(ASN1_STRING* x); -int ASN1_STRING_type(ASN1_STRING *x); - -typedef ASN1_STRING X509_NAME_ENTRY; - -int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos); - -ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne); -X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc); - -#define OPENSSL_malloc(x) malloc(x) -#define OPENSSL_free(x) free(x) - -int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in); - -SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */ -SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */ - - -SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ - - -#define CRYPTO_free(x) free(x) -#define ASN1_TIME ASN1_STRING - -ASN1_TIME* X509_get_notBefore(X509* x); -ASN1_TIME* X509_get_notAfter(X509* x); - - -#define ASN1_UTCTIME ASN1_STRING -#define NID_commonName 13 -#define V_ASN1_UTF8STRING 12 -#define GEN_DNS 2 - -#define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */ - - -typedef struct MD4_CTX { - int buffer[32]; /* big enough to hold, check size in Init */ -} MD4_CTX; - -void MD4_Init(MD4_CTX*); -void MD4_Update(MD4_CTX*, const void*, unsigned long); -void MD4_Final(unsigned char*, MD4_CTX*); - - -typedef struct MD5_CTX { - int buffer[32]; /* big enough to hold, check size in Init */ -} MD5_CTX; - -void MD5_Init(MD5_CTX*); -void MD5_Update(MD5_CTX*, const void*, unsigned long); -void MD5_Final(unsigned char*, MD5_CTX*); - -#define MD5_DIGEST_LENGTH 16 - - -#define SSL_DEFAULT_CIPHER_LIST "" /* default all */ - - -/* yaSSL extensions */ -int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */ -char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len); - -#include "transport_types.h" - -/* - Set functions for yaSSL to use in order to send and receive data. - - These hooks are offered in order to enable non-blocking I/O. If - not set, yaSSL defaults to using send() and recv(). - - @todo Remove hooks and accompanying code when yaSSL is fixed. -*/ -void yaSSL_transport_set_ptr(SSL *, void *); -void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t); -void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t); - -#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) -} /* namespace */ -} /* extern "C" */ -#endif - - -#endif /* yaSSL_openssl_h__ */ diff --git a/mysql/extra/yassl/include/openssl/transport_types.h b/mysql/extra/yassl/include/openssl/transport_types.h deleted file mode 100644 index 5a9d234..0000000 --- a/mysql/extra/yassl/include/openssl/transport_types.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -#ifndef yaSSL_transport_types_h__ -#define yaSSL_transport_types_h__ - -/* Type of transport functions used for sending and receiving data. */ -typedef long (*yaSSL_recv_func_t) (void *, void *, size_t); -typedef long (*yaSSL_send_func_t) (void *, const void *, size_t); - -#endif diff --git a/mysql/extra/yassl/include/openssl/x509.h b/mysql/extra/yassl/include/openssl/x509.h deleted file mode 100644 index 74eb83e..0000000 --- a/mysql/extra/yassl/include/openssl/x509.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* x509.h for libcurl */ diff --git a/mysql/extra/yassl/include/openssl/x509v3.h b/mysql/extra/yassl/include/openssl/x509v3.h deleted file mode 100644 index b48e9b4..0000000 --- a/mysql/extra/yassl/include/openssl/x509v3.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright (C) 2006 MySQL AB - Use is subject to license terms - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* x509v3.h for libcurl */ diff --git a/mysql/extra/yassl/include/socket_wrapper.hpp b/mysql/extra/yassl/include/socket_wrapper.hpp deleted file mode 100644 index ec3ab6f..0000000 --- a/mysql/extra/yassl/include/socket_wrapper.hpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. - */ - - -/* The socket wrapper header defines a Socket class that hides the differences - * between Berkely style sockets and Windows sockets, allowing transparent TCP - * access. - */ - - -#ifndef yaSSL_SOCKET_WRAPPER_HPP -#define yaSSL_SOCKET_WRAPPER_HPP - - -#ifdef _WIN32 - #include -#else - #include - #include - #include - #include - #include - #include -#endif - - -namespace yaSSL { - -typedef unsigned int uint; - -#ifdef _WIN32 - typedef SOCKET socket_t; -#else - typedef int socket_t; - const socket_t INVALID_SOCKET = -1; - const int SD_RECEIVE = 0; - const int SD_SEND = 1; - const int SD_BOTH = 2; - const int SOCKET_ERROR = -1; -#endif - - extern "C" { - #include "openssl/transport_types.h" - } - -typedef unsigned char byte; - - -// Wraps Windows Sockets and BSD Sockets -class Socket { - socket_t socket_; // underlying socket descriptor - bool wouldBlock_; // if non-blocking data, for last read - bool nonBlocking_; // is option set - void *ptr_; // Argument to transport function - yaSSL_send_func_t send_func_; // Function to send data - yaSSL_recv_func_t recv_func_; // Function to receive data -public: - explicit Socket(socket_t s = INVALID_SOCKET); - ~Socket(); - - void set_fd(socket_t s); - uint get_ready() const; - socket_t get_fd() const; - - void set_transport_ptr(void *ptr); - void set_transport_recv_function(yaSSL_recv_func_t recv_func); - void set_transport_send_function(yaSSL_send_func_t send_func); - - uint send(const byte* buf, unsigned int len, unsigned int& sent); - uint receive(byte* buf, unsigned int len); - - bool wait(); - bool WouldBlock() const; - bool IsNonBlocking() const; - - void closeSocket(); - void shutDown(int how = SD_SEND); - - static int get_lastError(); - static void set_lastError(int error); -private: - Socket(const Socket&); // hide copy - Socket& operator= (const Socket&); // and assign -}; - - -} // naemspace - -#endif // yaSSL_SOCKET_WRAPPER_HPP diff --git a/mysql/extra/yassl/include/timer.hpp b/mysql/extra/yassl/include/timer.hpp deleted file mode 100644 index 0d99603..0000000 --- a/mysql/extra/yassl/include/timer.hpp +++ /dev/null @@ -1,40 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* timer.hpp provides a high res and low res timers - * -*/ - - -#ifndef yaSSL_TIMER_HPP -#define yaSSL_TIMER_HPP - -namespace yaSSL { - -typedef double timer_d; -typedef unsigned int uint; - - - -timer_d timer(); -uint lowResTimer(); - - - -} // namespace -#endif // yaSSL_TIMER_HPP diff --git a/mysql/extra/yassl/include/yassl.hpp b/mysql/extra/yassl/include/yassl.hpp deleted file mode 100644 index 081d653..0000000 --- a/mysql/extra/yassl/include/yassl.hpp +++ /dev/null @@ -1,85 +0,0 @@ -/* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* yaSSL externel header defines yaSSL API - */ - - -#ifndef yaSSL_EXT_HPP -#define yaSSL_EXT_HPP - - -namespace yaSSL { - - -#ifdef _WIN32 - typedef unsigned int SOCKET_T; -#else - typedef int SOCKET_T; -#endif - - -class Client { -public: - Client(); - ~Client(); - - // basics - int Connect(SOCKET_T); - int Write(const void*, int); - int Read(void*, int); - - // options - void SetCA(const char*); - void SetCert(const char*); - void SetKey(const char*); -private: - struct ClientImpl; - ClientImpl* pimpl_; - - Client(const Client&); // hide copy - Client& operator=(const Client&); // and assign -}; - - -class Server { -public: - Server(); - ~Server(); - - // basics - int Accept(SOCKET_T); - int Write(const void*, int); - int Read(void*, int); - - // options - void SetCA(const char*); - void SetCert(const char*); - void SetKey(const char*); -private: - struct ServerImpl; - ServerImpl* pimpl_; - - Server(const Server&); // hide copy - Server& operator=(const Server&); // and assign -}; - - -} // namespace yaSSL -#endif // yaSSL_EXT_HPP diff --git a/mysql/extra/yassl/include/yassl_error.hpp b/mysql/extra/yassl/include/yassl_error.hpp deleted file mode 100644 index d63244d..0000000 --- a/mysql/extra/yassl/include/yassl_error.hpp +++ /dev/null @@ -1,88 +0,0 @@ -/* - Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* yaSSL error header defines error codes and an exception class - */ - -#ifndef yaSSL_ERROR_HPP -#define yaSSL_ERROR_HPP - - - -namespace yaSSL { - - -enum YasslError { - no_error = 0, - - // 10 - 47 from AlertDescription, 0 also close_notify - - range_error = 101, - realloc_error = 102, - factory_error = 103, - unknown_cipher = 104, - prefix_error = 105, - record_layer = 106, - handshake_layer = 107, - out_of_order = 108, - bad_input = 109, - match_error = 110, - no_key_file = 111, - verify_error = 112, - send_error = 113, - receive_error = 114, - certificate_error = 115, - privateKey_error = 116, - badVersion_error = 117, - compress_error = 118, - decompress_error = 119, - pms_version_error = 120, - sanityCipher_error = 121, - rsaSignFault_error = 122 - - // !!!! add error message to .cpp !!!! - - // 1000+ from TaoCrypt error.hpp - -}; - - -enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib }; -enum { MAX_ERROR_SZ = 80 }; - -void SetErrorString(YasslError, char*); - -/* remove for now, if go back to exceptions use this wrapper -// Base class for all yaSSL exceptions -class Error : public mySTL::runtime_error { - YasslError error_; - Library lib_; -public: - explicit Error(const char* s = "", YasslError e = no_error, - Library l = yaSSL_Lib); - - YasslError get_number() const; - Library get_lib() const; -}; -*/ - - -} // naemspace - -#endif // yaSSL_ERROR_HPP diff --git a/mysql/extra/yassl/include/yassl_imp.hpp b/mysql/extra/yassl/include/yassl_imp.hpp deleted file mode 100644 index a952da0..0000000 --- a/mysql/extra/yassl/include/yassl_imp.hpp +++ /dev/null @@ -1,748 +0,0 @@ -/* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* yaSSL implementation header defines all strucutres from the SSL.v3 - * specification "draft-freier-ssl-version3-02.txt" - * all page citations refer to this document unless otherwise noted. - */ - - -#ifndef yaSSL_IMP_HPP -#define yaSSL_IMP_HPP - -#ifdef _MSC_VER - // disable truncated debug symbols - #pragma warning(disable:4786) -#endif - -#include "yassl_types.hpp" -#include "factory.hpp" -#include STL_LIST_FILE - - -namespace STL = STL_NAMESPACE; - - -namespace yaSSL { - - -class SSL; // forward decls -class input_buffer; -class output_buffer; - - -struct ProtocolVersion { - uint8 major_; - uint8 minor_; // major and minor SSL/TLS version numbers - - ProtocolVersion(uint8 maj = 3, uint8 min = 0); -}; - - -// Record Layer Header for PlainText, Compressed, and CipherText -struct RecordLayerHeader { - ContentType type_; - ProtocolVersion version_; - uint16 length_; // should not exceed 2^14 -}; - - -// base for all messages -struct Message : public virtual_base { - virtual input_buffer& set(input_buffer&) =0; - virtual output_buffer& get(output_buffer&) const =0; - - virtual void Process(input_buffer&, SSL&) =0; - virtual ContentType get_type() const =0; - virtual uint16 get_length() const =0; - - virtual ~Message() {} -}; - - -class ChangeCipherSpec : public Message { - CipherChoice type_; -public: - ChangeCipherSpec(); - - friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&); - friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - ContentType get_type() const; - uint16 get_length() const; - void Process(input_buffer&, SSL&); -private: - ChangeCipherSpec(const ChangeCipherSpec&); // hide copy - ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign -}; - - - -class Alert : public Message { - AlertLevel level_; - AlertDescription description_; -public: - Alert() {} - Alert(AlertLevel al, AlertDescription ad); - - ContentType get_type() const; - uint16 get_length() const; - void Process(input_buffer&, SSL&); - - friend input_buffer& operator>>(input_buffer&, Alert&); - friend output_buffer& operator<<(output_buffer&, const Alert&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; -private: - Alert(const Alert&); // hide copy - Alert& operator=(const Alert&); // and assign -}; - - -class Data : public Message { - uint16 length_; - opaque* buffer_; // read buffer used by fillData input - const opaque* write_buffer_; // write buffer used by output operator -public: - Data(); - Data(uint16 len, opaque* b); - - friend output_buffer& operator<<(output_buffer&, const Data&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - ContentType get_type() const; - uint16 get_length() const; - void set_length(uint16 l); - opaque* set_buffer(); - void SetData(uint16, const opaque*); - void Process(input_buffer&, SSL&); -private: - Data(const Data&); // hide copy - Data& operator=(const Data&); // and assign -}; - - -uint32 c24to32(const uint24); // forward form internal header -void c32to24(uint32, uint24&); - - -// HandShake header, same for each message type from page 20/21 -class HandShakeHeader : public Message { - HandShakeType type_; - uint24 length_; // length of message -public: - HandShakeHeader() {} - - ContentType get_type() const; - uint16 get_length() const; - HandShakeType get_handshakeType() const; - void Process(input_buffer&, SSL&); - - void set_type(HandShakeType hst); - void set_length(uint32 u32); - - friend input_buffer& operator>>(input_buffer&, HandShakeHeader&); - friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; -private: - HandShakeHeader(const HandShakeHeader&); // hide copy - HandShakeHeader& operator=(const HandShakeHeader&); // and assign -}; - - -// Base Class for all handshake messages -class HandShakeBase : public virtual_base { - int length_; -public: - int get_length() const; - void set_length(int); - - // for building buffer's type field - virtual HandShakeType get_type() const =0; - - // handles dispactch of proper >> - virtual input_buffer& set(input_buffer& in) =0; - virtual output_buffer& get(output_buffer& out) const =0; - - virtual void Process(input_buffer&, SSL&) =0; - - virtual ~HandShakeBase() {} -}; - - -struct HelloRequest : public HandShakeBase { - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - void Process(input_buffer&, SSL&); - - HandShakeType get_type() const; -}; - - -// The Client's Hello Message from page 23 -class ClientHello : public HandShakeBase { - ProtocolVersion client_version_; - Random random_; - uint8 id_len_; // session id length - opaque session_id_[ID_LEN]; - uint16 suite_len_; // cipher suite length - opaque cipher_suites_[MAX_SUITE_SZ]; - uint8 comp_len_; // compression length - CompressionMethod compression_methods_; -public: - friend input_buffer& operator>>(input_buffer&, ClientHello&); - friend output_buffer& operator<<(output_buffer&, const ClientHello&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - HandShakeType get_type() const; - void Process(input_buffer&, SSL&); - - const opaque* get_random() const; - friend void buildClientHello(SSL&, ClientHello&); - friend void ProcessOldClientHello(input_buffer& input, SSL& ssl); - - ClientHello(); - ClientHello(ProtocolVersion pv, bool useCompression); -private: - ClientHello(const ClientHello&); // hide copy - ClientHello& operator=(const ClientHello&); // and assign -}; - - - -// The Server's Hello Message from page 24 -class ServerHello : public HandShakeBase { - ProtocolVersion server_version_; - Random random_; - uint8 id_len_; // session id length - opaque session_id_[ID_LEN]; - opaque cipher_suite_[SUITE_LEN]; - CompressionMethod compression_method_; -public: - ServerHello(ProtocolVersion pv, bool useCompression); - ServerHello(); - - friend input_buffer& operator>>(input_buffer&, ServerHello&); - friend output_buffer& operator<<(output_buffer&, const ServerHello&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - HandShakeType get_type() const; - void Process(input_buffer&, SSL&); - - const opaque* get_random() const; - friend void buildServerHello(SSL&, ServerHello&); -private: - ServerHello(const ServerHello&); // hide copy - ServerHello& operator=(const ServerHello&); // and assign -}; - - -class x509; - -// Certificate could be a chain -class Certificate : public HandShakeBase { - const x509* cert_; -public: - Certificate(); - explicit Certificate(const x509* cert); - friend output_buffer& operator<<(output_buffer&, const Certificate&); - - const opaque* get_buffer() const; - - // Process handles input, needs SSL - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - HandShakeType get_type() const; - void Process(input_buffer&, SSL&); -private: - Certificate(const Certificate&); // hide copy - Certificate& operator=(const Certificate&); // and assign -}; - - - -// RSA Public Key -struct ServerRSAParams { - opaque* rsa_modulus_; - opaque* rsa_exponent_; -}; - - -// Ephemeral Diffie-Hellman Parameters -class ServerDHParams { - int pSz_; - int gSz_; - int pubSz_; - opaque* p_; - opaque* g_; - opaque* Ys_; -public: - ServerDHParams(); - ~ServerDHParams(); - - int get_pSize() const; - int get_gSize() const; - int get_pubSize() const; - - const opaque* get_p() const; - const opaque* get_g() const; - const opaque* get_pub() const; - - opaque* alloc_p(int sz); - opaque* alloc_g(int sz); - opaque* alloc_pub(int sz); -private: - ServerDHParams(const ServerDHParams&); // hide copy - ServerDHParams& operator=(const ServerDHParams&); // and assign -}; - - -struct ServerKeyBase : public virtual_base { - virtual ~ServerKeyBase() {} - virtual void build(SSL&) {} - virtual void read(SSL&, input_buffer&) {} - virtual int get_length() const; - virtual opaque* get_serverKey() const; -}; - - -// Server random number for FORTEZZA KEA -struct Fortezza_Server : public ServerKeyBase { - opaque r_s_[FORTEZZA_MAX]; -}; - - -struct SignatureBase : public virtual_base { - virtual ~SignatureBase() {} -}; - -struct anonymous_sa : public SignatureBase {}; - - -struct Hashes { - uint8 md5_[MD5_LEN]; - uint8 sha_[SHA_LEN]; -}; - - -struct rsa_sa : public SignatureBase { - Hashes hashes_; -}; - - -struct dsa_sa : public SignatureBase { - uint8 sha_[SHA_LEN]; -}; - - -// Server's Diffie-Hellman exchange -class DH_Server : public ServerKeyBase { - ServerDHParams parms_; - opaque* signature_; - - int length_; // total length of message - opaque* keyMessage_; // total exchange message -public: - DH_Server(); - ~DH_Server(); - - void build(SSL&); - void read(SSL&, input_buffer&); - int get_length() const; - opaque* get_serverKey() const; -private: - DH_Server(const DH_Server&); // hide copy - DH_Server& operator=(const DH_Server&); // and assign -}; - - -// Server's RSA exchange -struct RSA_Server : public ServerKeyBase { - ServerRSAParams params_; - opaque* signature_; // signed rsa_sa hashes -}; - - -class ServerKeyExchange : public HandShakeBase { - ServerKeyBase* server_key_; -public: - explicit ServerKeyExchange(SSL&); - ServerKeyExchange(); - ~ServerKeyExchange(); - - void createKey(SSL&); - void build(SSL& ssl); - - const opaque* getKey() const; - int getKeyLength() const; - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&); - - void Process(input_buffer&, SSL&); - HandShakeType get_type() const; -private: - ServerKeyExchange(const ServerKeyExchange&); // hide copy - ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign -}; - - - -class CertificateRequest : public HandShakeBase { - ClientCertificateType certificate_types_[CERT_TYPES]; - int typeTotal_; - STL::list certificate_authorities_; -public: - CertificateRequest(); - ~CertificateRequest(); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - friend input_buffer& operator>>(input_buffer&, CertificateRequest&); - friend output_buffer& operator<<(output_buffer&, - const CertificateRequest&); - - void Process(input_buffer&, SSL&); - HandShakeType get_type() const; - - void Build(); -private: - CertificateRequest(const CertificateRequest&); // hide copy - CertificateRequest& operator=(const CertificateRequest&); // and assign -}; - - -struct ServerHelloDone : public HandShakeBase { - ServerHelloDone(); - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - void Process(input_buffer& input, SSL& ssl); - - HandShakeType get_type() const; -}; - - -struct PreMasterSecret { - opaque random_[SECRET_LEN]; // first two bytes Protocol Version -}; - - -struct ClientKeyBase : public virtual_base { - virtual ~ClientKeyBase() {} - virtual void build(SSL&) {} - virtual void read(SSL&, input_buffer&) {} - virtual int get_length() const; - virtual opaque* get_clientKey() const; -}; - - -class EncryptedPreMasterSecret : public ClientKeyBase { - opaque* secret_; - int length_; -public: - EncryptedPreMasterSecret(); - ~EncryptedPreMasterSecret(); - - void build(SSL&); - void read(SSL&, input_buffer&); - int get_length() const; - opaque* get_clientKey() const; - void alloc(int sz); -private: - // hide copy and assign - EncryptedPreMasterSecret(const EncryptedPreMasterSecret&); - EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&); -}; - - -// Fortezza Key Parameters from page 29 -// hard code lengths cause only used here -struct FortezzaKeys : public ClientKeyBase { - opaque y_c_ [128]; // client's Yc, public value - opaque r_c_ [128]; // client's Rc - opaque y_signature_ [40]; // DSS signed public key - opaque wrapped_client_write_key_ [12]; // wrapped by the TEK - opaque wrapped_server_write_key_ [12]; // wrapped by the TEK - opaque client_write_iv_ [24]; - opaque server_write_iv_ [24]; - opaque master_secret_iv_ [24]; // IV used to encrypt preMaster - opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK -}; - - - -// Diffie-Hellman public key from page 40/41 -class ClientDiffieHellmanPublic : public ClientKeyBase { - PublicValueEncoding public_value_encoding_; - int length_; // includes two byte length for message - opaque* Yc_; // length + Yc_ - // dh_Yc only if explicit, otherwise sent in certificate - enum { KEY_OFFSET = 2 }; -public: - ClientDiffieHellmanPublic(); - ~ClientDiffieHellmanPublic(); - - void build(SSL&); - void read(SSL&, input_buffer&); - int get_length() const; - opaque* get_clientKey() const; - void alloc(int sz, bool offset = false); -private: - // hide copy and assign - ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&); - ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&); -}; - - -class ClientKeyExchange : public HandShakeBase { - ClientKeyBase* client_key_; -public: - explicit ClientKeyExchange(SSL& ssl); - ClientKeyExchange(); - ~ClientKeyExchange(); - - void createKey(SSL&); - void build(SSL& ssl); - - const opaque* getKey() const; - int getKeyLength() const; - - friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - HandShakeType get_type() const; - void Process(input_buffer&, SSL&); -private: - ClientKeyExchange(const ClientKeyExchange&); // hide copy - ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign -}; - - -class CertificateVerify : public HandShakeBase { - Hashes hashes_; - byte* signature_; // owns -public: - CertificateVerify(); - ~CertificateVerify(); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - friend input_buffer& operator>>(input_buffer&, CertificateVerify&); - friend output_buffer& operator<<(output_buffer&, const CertificateVerify&); - - void Process(input_buffer&, SSL&); - HandShakeType get_type() const; - - void Build(SSL&); -private: - CertificateVerify(const CertificateVerify&); // hide copy - CertificateVerify& operator=(const CertificateVerify&); // and assign -}; - - -class Finished : public HandShakeBase { - Hashes hashes_; -public: - Finished(); - - uint8* set_md5(); - uint8* set_sha(); - - friend input_buffer& operator>>(input_buffer&, Finished&); - friend output_buffer& operator<<(output_buffer&, const Finished&); - - input_buffer& set(input_buffer& in); - output_buffer& get(output_buffer& out) const; - - void Process(input_buffer&, SSL&); - - HandShakeType get_type() const; -private: - Finished(const Finished&); // hide copy - Finished& operator=(const Finished&); // and assign -}; - - -class RandomPool; // forward for connection - - -// SSL Connection defined on page 11 -struct Connection { - opaque *pre_master_secret_; - opaque master_secret_[SECRET_LEN]; - opaque client_random_[RAN_LEN]; - opaque server_random_[RAN_LEN]; - opaque sessionID_[ID_LEN]; - opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size - opaque server_write_MAC_secret_[SHA_LEN]; - opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz - opaque server_write_key_[AES_256_KEY_SZ]; - opaque client_write_IV_[AES_IV_SZ]; // aes is max size - opaque server_write_IV_[AES_IV_SZ]; - uint32 sequence_number_; - uint32 peer_sequence_number_; - uint32 pre_secret_len_; // pre master length - bool send_server_key_; // server key exchange? - bool master_clean_; // master secret clean? - bool TLS_; // TLSv1 or greater - bool TLSv1_1_; // TLSv1.1 or greater - bool sessionID_Set_; // do we have a session - bool compression_; // zlib compression? - ProtocolVersion version_; // negotiated version - ProtocolVersion chVersion_; // client hello version - RandomPool& random_; - - Connection(ProtocolVersion v, RandomPool& ran); - ~Connection(); - - void AllocPreSecret(uint sz); - void CleanPreMaster(); - void CleanMaster(); - void TurnOffTLS(); - void TurnOffTLS1_1(); -private: - Connection(const Connection&); // hide copy - Connection& operator=(const Connection&); // and assign -}; - - -struct Ciphers; // forward - - -// TLSv1 Security Spec, defined on page 56 of RFC 2246 -struct Parameters { - ConnectionEnd entity_; - BulkCipherAlgorithm bulk_cipher_algorithm_; - CipherType cipher_type_; - uint8 key_size_; - uint8 iv_size_; - IsExportable is_exportable_; - MACAlgorithm mac_algorithm_; - uint8 hash_size_; - CompressionMethod compression_algorithm_; - KeyExchangeAlgorithm kea_; // yassl additions - SignatureAlgorithm sig_algo_; // signature auth type - SignatureAlgorithm verify_algo_; // cert verify auth type - bool pending_; - bool resumable_; // new conns by session - uint16 encrypt_size_; // current msg encrypt sz - Cipher suite_[SUITE_LEN]; // choosen suite - uint8 suites_size_; - Cipher suites_[MAX_SUITE_SZ]; - char cipher_name_[MAX_SUITE_NAME]; - char cipher_list_[MAX_CIPHERS][MAX_SUITE_NAME]; - bool removeDH_; // for server's later use - - Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion, bool haveDH); - - void SetSuites(ProtocolVersion pv, bool removeDH = false, - bool removeRSA = false, bool removeDSA = false); - void SetCipherNames(); -private: - Parameters(const Parameters&); // hide copy - Parameters& operator=(const Parameters&); // and assing -}; - - -input_buffer& operator>>(input_buffer&, RecordLayerHeader&); -output_buffer& operator<<(output_buffer&, const RecordLayerHeader&); - -input_buffer& operator>>(input_buffer&, Message&); -output_buffer& operator<<(output_buffer&, const Message&); - -input_buffer& operator>>(input_buffer&, HandShakeBase&); -output_buffer& operator<<(output_buffer&, const HandShakeBase&); - - -// Message Factory definition -// uses the ContentType enumeration for unique id -typedef Factory MessageFactory; -void InitMessageFactory(MessageFactory&); // registers derived classes - -// HandShake Factory definition -// uses the HandShakeType enumeration for unique id -typedef Factory HandShakeFactory; -void InitHandShakeFactory(HandShakeFactory&); // registers derived classes - -// ServerKey Factory definition -// uses KeyExchangeAlgorithm enumeration for unique id -typedef Factory ServerKeyFactory; -void InitServerKeyFactory(ServerKeyFactory&); - -// ClientKey Factory definition -// uses KeyExchangeAlgorithm enumeration for unique id -typedef Factory ClientKeyFactory; -void InitClientKeyFactory(ClientKeyFactory&); - - -// Message Creators -Message* CreateHandShake(); -Message* CreateCipherSpec(); -Message* CreateAlert(); -Message* CreateData(); - - -// HandShake Creators -HandShakeBase* CreateCertificate(); -HandShakeBase* CreateHelloRequest(); -HandShakeBase* CreateClientHello(); -HandShakeBase* CreateServerHello(); -HandShakeBase* CreateServerKeyExchange(); -HandShakeBase* CreateCertificateRequest(); -HandShakeBase* CreateServerHelloDone(); -HandShakeBase* CreateClientKeyExchange(); -HandShakeBase* CreateCertificateVerify(); -HandShakeBase* CreateFinished(); - - -// ServerKey Exchange Creators -ServerKeyBase* CreateRSAServerKEA(); -ServerKeyBase* CreateDHServerKEA(); -ServerKeyBase* CreateFortezzaServerKEA(); - -// ClientKey Exchange Creators -ClientKeyBase* CreateRSAClient(); -ClientKeyBase* CreateDHClient(); -ClientKeyBase* CreateFortezzaClient(); - - - -} // naemspace - -#endif // yaSSL_IMP_HPP diff --git a/mysql/extra/yassl/include/yassl_int.hpp b/mysql/extra/yassl/include/yassl_int.hpp deleted file mode 100644 index 240cf94..0000000 --- a/mysql/extra/yassl/include/yassl_int.hpp +++ /dev/null @@ -1,725 +0,0 @@ -/* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - - -/* yaSSL internal header defines SSL supporting types not specified in the - * draft along with type conversion functions and openssl compatibility - */ - - -#ifndef yaSSL_INT_HPP -#define yaSSL_INT_HPP - -#include "yassl_imp.hpp" -#include "yassl_error.hpp" -#include "crypto_wrapper.hpp" -#include "cert_wrapper.hpp" -#include "log.hpp" -#include "lock.hpp" -#include "openssl/ssl.h" // ASN1_STRING and DH - -// Check if _POSIX_THREADS should be forced -#if !defined(_POSIX_THREADS) && defined(__hpux) -// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented -#define _POSIX_THREADS -#endif - -#ifdef _POSIX_THREADS - #include -#endif - - -namespace STL = STL_NAMESPACE; - - -namespace yaSSL { - - -// State Machine for Record Layer Protocol -enum RecordLayerState { - recordNotReady = 0, // fatal error, no more processing - recordReady -}; - - -// State Machine for HandShake Protocol -enum HandShakeState { - handShakeNotReady = 0, // fatal error, no more processing - preHandshake, // initial state - inHandshake, // handshake started - handShakeReady // handshake done -}; - - -// client input HandShake state, use if HandShakeState == inHandShake -enum ClientState { - serverNull = 0, - serverHelloComplete, - serverCertComplete, - serverKeyExchangeComplete, - serverHelloDoneComplete, - serverFinishedComplete -}; - - -// server input HandShake state, use if HandShakeState == inHandShake -enum ServerState { - clientNull = 0, - clientHelloComplete, - clientKeyExchangeComplete, - clientFinishedComplete -}; - - -// client connect state for nonblocking restart -enum ConnectState { - CONNECT_BEGIN = 0, - CLIENT_HELLO_SENT, - FIRST_REPLY_DONE, - FINISHED_DONE, - SECOND_REPLY_DONE -}; - - -// server accpet state for nonblocking restart -enum AcceptState { - ACCEPT_BEGIN = 0, - ACCEPT_FIRST_REPLY_DONE, - SERVER_HELLO_DONE, - ACCEPT_SECOND_REPLY_DONE, - ACCEPT_FINISHED_DONE, - ACCEPT_THIRD_REPLY_DONE -}; - - -// track received messages to explicitly disallow duplicate messages -struct RecvdMessages { - uint8 gotClientHello_; - uint8 gotServerHello_; - uint8 gotCert_; - uint8 gotServerKeyExchange_; - uint8 gotCertRequest_; - uint8 gotServerHelloDone_; - uint8 gotCertVerify_; - uint8 gotClientKeyExchange_; - uint8 gotFinished_; - RecvdMessages() : gotClientHello_(0), gotServerHello_(0), gotCert_(0), - gotServerKeyExchange_(0), gotCertRequest_(0), - gotServerHelloDone_(0), gotCertVerify_(0), - gotClientKeyExchange_(0), gotFinished_(0) - {} -}; - - -// combines all states -class States { - RecordLayerState recordLayer_; - HandShakeState handshakeLayer_; - ClientState clientState_; - ServerState serverState_; - ConnectState connectState_; - AcceptState acceptState_; - RecvdMessages recvdMessages_; - char errorString_[MAX_ERROR_SZ]; - YasslError what_; -public: - States(); - - const RecordLayerState& getRecord() const; - const HandShakeState& getHandShake() const; - const ClientState& getClient() const; - const ServerState& getServer() const; - const ConnectState& GetConnect() const; - const AcceptState& GetAccept() const; - const char* getString() const; - YasslError What() const; - - RecordLayerState& useRecord(); - HandShakeState& useHandShake(); - ClientState& useClient(); - ServerState& useServer(); - ConnectState& UseConnect(); - AcceptState& UseAccept(); - char* useString(); - void SetError(YasslError); - int SetMessageRecvd(HandShakeType); -private: - States(const States&); // hide copy - States& operator=(const States&); // and assign -}; - - -// holds all factories -class sslFactory { - MessageFactory messageFactory_; // creates new messages by type - HandShakeFactory handShakeFactory_; // creates new handshake types - ServerKeyFactory serverKeyFactory_; // creates new server key types - ClientKeyFactory clientKeyFactory_; // creates new client key types - - sslFactory(); // only GetSSL_Factory creates -public: - const MessageFactory& getMessage() const; - const HandShakeFactory& getHandShake() const; - const ServerKeyFactory& getServerKey() const; - const ClientKeyFactory& getClientKey() const; - - friend sslFactory& GetSSL_Factory(); // singleton creator -private: - sslFactory(const sslFactory&); // hide copy - sslFactory& operator=(const sslFactory&); // and assign -}; - - -#undef X509_NAME // wincrypt.h clash - -// openSSL X509 names -class X509_NAME { - char* name_; - size_t sz_; - int cnPosition_; // start of common name, -1 is none - int cnLen_; // length of above - ASN1_STRING entry_; -public: - X509_NAME(const char*, size_t sz, int pos, int len); - ~X509_NAME(); - - const char* GetName() const; - ASN1_STRING* GetEntry(int i); - size_t GetLength() const; - int GetCnPosition() const { return cnPosition_; } - int GetCnLength() const { return cnLen_; } - -private: - X509_NAME(const X509_NAME&); // hide copy - X509_NAME& operator=(const X509_NAME&); // and assign -}; - - -class StringHolder { - ASN1_STRING asnString_; -public: - StringHolder(const char* str, int sz, byte type= 0); - ~StringHolder(); - - ASN1_STRING* GetString(); -private: - StringHolder(const StringHolder&); // hide copy - StringHolder& operator=(const StringHolder&); // and assign -}; - - -// openSSL X509 -class X509 { - X509_NAME issuer_; - X509_NAME subject_; - StringHolder beforeDate_; // not valid before - StringHolder afterDate_; // not valid after -public: - X509(const char* i, size_t, const char* s, size_t, - ASN1_STRING *b, ASN1_STRING *a, int, int, int, int); - ~X509() {} - - X509_NAME* GetIssuer(); - X509_NAME* GetSubject(); - - ASN1_STRING* GetBefore(); - ASN1_STRING* GetAfter(); - -private: - X509(const X509&); // hide copy - X509& operator=(const X509&); // and assign -}; - - -// openSSL bignum -struct BIGNUM { - /* - gcc 2.96 fix: because of two Integer classes (yaSSL::Integer and - TaoCrypt::Integer), we need to explicitly state the namespace - here to let gcc 2.96 deduce the correct type. - */ - yaSSL::Integer int_; - void assign(const byte* b, uint s) { int_.assign(b,s); } -}; - - -// openSSL session -class SSL_SESSION { - opaque sessionID_[ID_LEN]; - opaque master_secret_[SECRET_LEN]; - Cipher suite_[SUITE_LEN]; - uint bornOn_; // create time in seconds - uint timeout_; // timeout in seconds - RandomPool& random_; // will clean master secret - X509* peerX509_; -public: - explicit SSL_SESSION(RandomPool&); - SSL_SESSION(const SSL&, RandomPool&); - ~SSL_SESSION(); - - const opaque* GetID() const; - const opaque* GetSecret() const; - const Cipher* GetSuite() const; - uint GetBornOn() const; - uint GetTimeOut() const; - X509* GetPeerX509() const; - void SetTimeOut(uint); - - SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption -private: - SSL_SESSION(const SSL_SESSION&); // hide copy - - void CopyX509(X509*); -}; - - -// holds all sessions -class Sessions { - STL::list list_; - RandomPool random_; // for session cleaning - Mutex mutex_; // no-op for single threaded - int count_; // flush counter - - Sessions() : count_(0) {} // only GetSessions can create -public: - SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0); - void add(const SSL&); - void remove(const opaque*); - void Flush(); - - ~Sessions(); - - friend void Session_initialize(); - friend Sessions& GetSessions(); // singleton creator -private: - Sessions(const Sessions&); // hide copy - Sessions& operator=(const Sessions&); // and assign -}; - - -#ifdef _POSIX_THREADS - typedef pthread_t THREAD_ID_T; -#else - typedef DWORD THREAD_ID_T; -#endif - -// thread error data -struct ThreadError { - THREAD_ID_T threadID_; - int errorID_; -}; - - -// holds all errors -class Errors { - STL::list list_; - Mutex mutex_; - - Errors() {} // only GetErrors can create -public: - int Lookup(bool peek); // self lookup - void Add(int); - void Remove(); // remove self - - ~Errors() {} - - friend Errors& GetErrors(); // singleton creator -private: - Errors(const Errors&); // hide copy - Errors& operator=(const Errors); // and assign -}; - - -Sessions& GetSessions(); // forward singletons -sslFactory& GetSSL_Factory(); -Errors& GetErrors(); - - -// openSSL method and context types -class SSL_METHOD { - ProtocolVersion version_; - ConnectionEnd side_; - bool verifyPeer_; // request or send certificate - bool verifyNone_; // whether to verify certificate - bool failNoCert_; - bool multipleProtocol_; // for SSLv23 compatibility -public: - SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv, - bool multipleProtocol = false); - - ProtocolVersion getVersion() const; - ConnectionEnd getSide() const; - - void setVerifyPeer(); - void setVerifyNone(); - void setFailNoCert(); - - bool verifyPeer() const; - bool verifyNone() const; - bool failNoCert() const; - bool multipleProtocol() const; -private: - SSL_METHOD(const SSL_METHOD&); // hide copy - SSL_METHOD& operator=(const SSL_METHOD&); // and assign -}; - - -struct Ciphers { - bool setSuites_; // user set suites from default - byte suites_[MAX_SUITE_SZ]; // new suites - int suiteSz_; // suite length in bytes - - Ciphers() : setSuites_(false), suiteSz_(0) {} -}; - - -struct DH; // forward - - -// save for SSL construction -struct DH_Parms { - Integer p_; - Integer g_; - bool set_; // if set by user - - DH_Parms() : set_(false) {} -}; - - -enum StatsField { - Accept, Connect, AcceptGood, ConnectGood, AcceptRenegotiate, - ConnectRenegotiate, Hits, CbHits, CacheFull, Misses, Timeouts, Number, - GetCacheSize, VerifyMode, VerifyDepth -}; - - -// SSL stats -struct Stats { - long accept_; - long connect_; - long acceptGood_; - long connectGood_; - long acceptRenegotiate_; - long connectRenegotiate_; - - long hits_; - long cbHits_; - long cacheFull_; - long misses_; - long timeouts_; - long number_; - long getCacheSize_; - - int verifyMode_; - int verifyDepth_; -public: - Stats() : accept_(0), connect_(0), acceptGood_(0), connectGood_(0), - acceptRenegotiate_(0), connectRenegotiate_(0), hits_(0), cbHits_(0), - cacheFull_(0), misses_(0), timeouts_(0), number_(0), getCacheSize_(0), - verifyMode_(0), verifyDepth_(0) - {} -private: - Stats(const Stats&); // hide copy - Stats& operator=(const Stats&); // and assign -}; - - -// the SSL context -class SSL_CTX { -public: - typedef STL::list CertList; -private: - SSL_METHOD* method_; - x509* certificate_; - x509* privateKey_; - CertList caList_; - Ciphers ciphers_; - DH_Parms dhParms_; - pem_password_cb passwordCb_; - void* userData_; - bool sessionCacheOff_; - bool sessionCacheFlushOff_; - Stats stats_; - Mutex mutex_; // for Stats - VerifyCallback verifyCallback_; -public: - explicit SSL_CTX(SSL_METHOD* meth); - ~SSL_CTX(); - - const x509* getCert() const; - const x509* getKey() const; - const SSL_METHOD* getMethod() const; - const Ciphers& GetCiphers() const; - const DH_Parms& GetDH_Parms() const; - const Stats& GetStats() const; - VerifyCallback getVerifyCallback() const; - pem_password_cb GetPasswordCb() const; - void* GetUserData() const; - bool GetSessionCacheOff() const; - bool GetSessionCacheFlushOff() const; - - void setVerifyPeer(); - void setVerifyNone(); - void setFailNoCert(); - void setVerifyCallback(VerifyCallback); - bool SetCipherList(const char*); - bool SetDH(const DH&); - void SetPasswordCb(pem_password_cb cb); - void SetUserData(void*); - void SetSessionCacheOff(); - void SetSessionCacheFlushOff(); - void SetMethod(SSL_METHOD* meth); - void IncrementStats(StatsField); - void AddCA(x509* ca); - const CertList& GetCA_List() const; - - friend int read_file(SSL_CTX*, const char*, int, CertType); -private: - SSL_CTX(const SSL_CTX&); // hide copy - SSL_CTX& operator=(const SSL_CTX&); // and assign -}; - - -// holds all cryptographic types -class Crypto { - Digest* digest_; // agreed upon digest - BulkCipher* cipher_; // agreed upon cipher - DiffieHellman* dh_; // dh parms - RandomPool random_; // random number generator - CertManager cert_; // manages certificates -public: - explicit Crypto(); - ~Crypto(); - - const Digest& get_digest() const; - const BulkCipher& get_cipher() const; - const DiffieHellman& get_dh() const; - const RandomPool& get_random() const; - const CertManager& get_certManager() const; - - Digest& use_digest(); - BulkCipher& use_cipher(); - DiffieHellman& use_dh(); - RandomPool& use_random(); - CertManager& use_certManager(); - - void SetDH(DiffieHellman*); - void SetDH(const DH_Parms&); - void setDigest(Digest*); - void setCipher(BulkCipher*); - - bool DhSet(); -private: - Crypto(const Crypto&); // hide copy - Crypto& operator=(const Crypto&); // and assign -}; - - -// holds all handshake and verify hashes -class sslHashes { - MD5 md5HandShake_; // md5 handshake hash - SHA shaHandShake_; // sha handshake hash - Finished verify_; // peer's verify hash - Hashes certVerify_; // peer's cert verify hash -public: - sslHashes() {} - - const MD5& get_MD5() const; - const SHA& get_SHA() const; - const Finished& get_verify() const; - const Hashes& get_certVerify() const; - - MD5& use_MD5(); - SHA& use_SHA(); - Finished& use_verify(); - Hashes& use_certVerify(); -private: - sslHashes(const sslHashes&); // hide copy - sslHashes& operator=(const sslHashes&); // and assign -}; - - -// holds input and output buffers -class Buffers { -public: - typedef STL::list inputList; - typedef STL::list outputList; - int prevSent; // previous plain text bytes sent when got WANT_WRITE - int plainSz; // plain text bytes in buffer to send when got WANT_WRITE -private: - inputList dataList_; // list of users app data / handshake - outputList handShakeList_; // buffered handshake msgs - input_buffer* rawInput_; // buffered raw input yet to process - output_buffer* output_; // WANT_WRITE buffered output -public: - Buffers(); - ~Buffers(); - - const inputList& getData() const; - const outputList& getHandShake() const; - - inputList& useData(); - outputList& useHandShake(); - - void SetRawInput(input_buffer*); // takes ownership - input_buffer* TakeRawInput(); // takes ownership - void SetOutput(output_buffer*); // takes ownership - output_buffer* TakeOutput(); // takes ownership -private: - Buffers(const Buffers&); // hide copy - Buffers& operator=(const Buffers&); // and assign -}; - - -// wraps security parameters -class Security { - Connection conn_; // connection information - Parameters parms_; // may be pending - SSL_SESSION resumeSession_; // if resuming - SSL_CTX* ctx_; // context used to init - bool resuming_; // trying to resume -public: - Security(ProtocolVersion, RandomPool&, ConnectionEnd, const Ciphers&, - SSL_CTX*, bool); - - const SSL_CTX* GetContext() const; - const Connection& get_connection() const; - const Parameters& get_parms() const; - const SSL_SESSION& get_resume() const; - bool get_resuming() const; - - Connection& use_connection(); - Parameters& use_parms(); - SSL_SESSION& use_resume(); - - void set_resuming(bool b); -private: - Security(const Security&); // hide copy - Security& operator=(const Security&); // and assign -}; - - -// THE SSL type -class SSL { - Crypto crypto_; // agreed crypto agents - Security secure_; // Connection and Session parms - States states_; // Record and HandShake states - sslHashes hashes_; // handshake, finished hashes - Socket socket_; // socket wrapper - Buffers buffers_; // buffered handshakes and data - Log log_; // logger - bool quietShutdown_; - - // optimization variables - bool has_data_; // buffered data ready? -public: - SSL(SSL_CTX* ctx); - - // gets and uses - const Crypto& getCrypto() const; - const Security& getSecurity() const; - const States& getStates() const; - const sslHashes& getHashes() const; - const sslFactory& getFactory() const; - const Socket& getSocket() const; - YasslError GetError() const; - bool GetMultiProtocol() const; - bool CompressionOn() const; - - Crypto& useCrypto(); - Security& useSecurity(); - States& useStates(); - sslHashes& useHashes(); - Socket& useSocket(); - Log& useLog(); - Buffers& useBuffers(); - - bool HasData() const; - bool GetQuietShutdown() const; - - // sets - void set_pending(Cipher suite); - void set_random(const opaque*, ConnectionEnd); - void set_sessionID(const opaque*); - void set_session(SSL_SESSION*); - void set_preMaster(const opaque*, uint); - void set_masterSecret(const opaque*); - void SetError(YasslError); - int SetCompression(); - void UnSetCompression(); - void SetQuietShutdown(bool mode); - - // helpers - bool isTLS() const; - bool isTLSv1_1() const; - void order_error(); - void makeMasterSecret(); - void makeTLSMasterSecret(); - void addData(input_buffer* data); - void fillData(Data&); - void PeekData(Data&); - void addBuffer(output_buffer* b); - void flushBuffer(); - void verifyState(const RecordLayerHeader&); - void verifyState(const HandShakeHeader&); - void verifyState(ClientState); - void verifyState(ServerState); - void verfiyHandShakeComplete(); - void matchSuite(const opaque*, uint length); - void deriveKeys(); - void deriveTLSKeys(); - void Send(const byte*, uint); - void SendWriteBuffered(); - - uint bufferedData(); - uint get_SEQIncrement(bool); - - const byte* get_macSecret(bool); -private: - void storeKeys(const opaque*); - void setKeys(); - void verifyClientState(HandShakeType); - void verifyServerState(HandShakeType); - - SSL(const SSL&); // hide copy - const SSL& operator=(const SSL&); // and assign -}; - - -// compression -int Compress(const byte*, int, input_buffer&); -int DeCompress(input_buffer&, int, input_buffer&); - - -// conversion functions -void c32to24(uint32, uint24&); -void c24to32(const uint24, uint32&); - -uint32 c24to32(const uint24); - -void ato16(const opaque*, uint16&); -void ato24(const opaque*, uint24&); - -void c16toa(uint16, opaque*); -void c24toa(const uint24, opaque*); -void c32toa(uint32 u32, opaque*); - - -} // naemspace - -#endif // yaSSL_INT_HPP diff --git a/mysql/extra/yassl/include/yassl_types.hpp b/mysql/extra/yassl/include/yassl_types.hpp deleted file mode 100644 index 129661c..0000000 --- a/mysql/extra/yassl/include/yassl_types.hpp +++ /dev/null @@ -1,540 +0,0 @@ -/* - Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301 USA. -*/ - -/* yaSSL types header defines all constants, enums, and typedefs - * from the SSL.v3 specification "draft-freier-ssl-version3-02.txt" - */ - - -#ifndef yaSSL_TYPES_HPP -#define yaSSL_TYPES_HPP - -#include -#include "type_traits.hpp" - - -#ifdef _MSC_VER - // disable conversion warning - // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy - #pragma warning(disable:4244 4996) -#endif - - -#ifdef _MSC_VER - // disable conversion warning - // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy - #pragma warning(disable:4244 4996) -#endif - - -namespace yaSSL { - -#define YASSL_LIB - - -#ifdef YASSL_PURE_C - - // library allocation - struct new_t {}; // yaSSL New type - extern new_t ys; // pass in parameter - - } // namespace yaSSL - - void* operator new (size_t, yaSSL::new_t); - void* operator new[](size_t, yaSSL::new_t); - - void operator delete (void*, yaSSL::new_t); - void operator delete[](void*, yaSSL::new_t); - - - namespace yaSSL { - - - template - void ysDelete(T* ptr) - { - if (ptr) ptr->~T(); - ::operator delete(ptr, yaSSL::ys); - } - - template - void ysArrayDelete(T* ptr) - { - // can't do array placement destruction since not tracking size in - // allocation, only allow builtins to use array placement since they - // don't need destructors called - typedef char builtin[TaoCrypt::IsFundamentalType::Yes ? 1 : -1]; - (void)sizeof(builtin); - - ::operator delete[](ptr, yaSSL::ys); - } - - #define NEW_YS new (yaSSL::ys) - - // to resolve compiler generated operator delete on base classes with - // virtual destructors (when on stack) - class virtual_base { - public: - static void operator delete(void*) { } - }; - - -#else // YASSL_PURE_C - - - template - void ysDelete(T* ptr) - { - delete ptr; - } - - template - void ysArrayDelete(T* ptr) - { - delete[] ptr; - } - - #define NEW_YS new - - class virtual_base {}; - - - -#endif // YASSL_PURE_C - - -typedef unsigned char uint8; -typedef unsigned short uint16; -typedef unsigned int uint32; -typedef uint8 uint24[3]; -typedef uint32 uint64[2]; - -typedef uint8 opaque; -typedef opaque byte; - -typedef unsigned int uint; - - -#ifdef USE_SYS_STL - // use system STL - #define STL_VECTOR_FILE - #define STL_LIST_FILE - #define STL_ALGORITHM_FILE - #define STL_MEMORY_FILE - #define STL_PAIR_FILE - - #define STL_NAMESPACE std -#else - // use mySTL - #define STL_VECTOR_FILE "vector.hpp" - #define STL_LIST_FILE "list.hpp" - #define STL_ALGORITHM_FILE "algorithm.hpp" - #define STL_MEMORY_FILE "memory.hpp" - #define STL_PAIR_FILE "pair.hpp" - - #define STL_NAMESPACE mySTL -#endif - - -#ifdef min - #undef min -#endif - -template -T min(T a, T b) -{ - return a < b ? a : b; -} - - - -// all length constants in bytes -const int ID_LEN = 32; // session id length -const int SUITE_LEN = 2; // cipher suite length -const int SECRET_LEN = 48; // pre RSA and all master secret length -const int MASTER_ROUNDS = 3; // master secret derivation rounds -const int RAN_LEN = 32; // client and server random length -const int MAC_BLOCK_SZ = 64; // MAC block size, & padding -const int MD5_LEN = 16; // MD5 digest length -const int SHA_LEN = 20; // SHA digest length -const int RMD_LEN = 20; // RIPEMD-160 digest length -const int PREFIX = 3; // up to 3 prefix letters for secret rounds -const int KEY_PREFIX = 7; // up to 7 prefix letters for key rounds -const int FORTEZZA_MAX = 128; // Maximum Fortezza Key length -const int MAX_SUITE_SZ = 128; // 64 max suites * sizeof(suite) -const int MAX_SUITE_NAME = 48; // max length of suite name -const int MAX_CIPHERS = 32; // max supported ciphers for cipher list -const int SIZEOF_ENUM = 1; // SSL considers an enum 1 byte, not 4 -const int SIZEOF_SENDER = 4; // Sender constant, for finished generation -const int PAD_MD5 = 48; // pad length 1 and 2 for md5 finished -const int PAD_SHA = 40; // should be 44, specd wrong by netscape -const int PAD_RMD = 44; // pad length for RIPEMD-160, some use 40?? -const int CERT_HEADER = 3; // always use 3 bytes for certificate -const int CERT_TYPES = 7; // certificate request types -const int REQUEST_HEADER = 2; // request uses 2 bytes -const int VERIFY_HEADER = 2; // verify length field -const int MIN_CERT_TYPES = 1; // minimum certificate request types -const int MIN_DIS_NAMES = 3; // minimum distinguished names -const int MIN_DIS_SIZE = 1; // minimum distinguished name size -const int RECORD_HEADER = 5; // type + version + length(2) -const int HANDSHAKE_HEADER = 4; // type + length(3) -const int FINISHED_SZ = MD5_LEN + SHA_LEN; // sizeof finished data -const int TLS_FINISHED_SZ = 12; // TLS verify data size -const int SEQ_SZ = 8; // 64 bit sequence number -const int LENGTH_SZ = 2; // length field for HMAC, data only -const int VERSION_SZ = SIZEOF_ENUM * 2; // SSL/TLS length of version -const int DES_KEY_SZ = 8; // DES Key length -const int DES_EDE_KEY_SZ = 24; // DES EDE Key length -const int DES_BLOCK = 8; // DES is always fixed block size 8 -const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES -const int RC4_KEY_SZ = 16; // RC4 Key length -const int AES_128_KEY_SZ = 16; // AES 128bit Key length -const int AES_192_KEY_SZ = 24; // AES 192bit Key length -const int AES_256_KEY_SZ = 32; // AES 256bit Key length -const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268 -const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length -const int DSS_SIG_SZ = 40; // two 20 byte high byte first Integers -const int DSS_ENCODED_EXTRA = 6; // seqID + len(1) + (intID + len(1)) * 2 -const int EVP_SALT_SZ = 8; -const int MASTER_LABEL_SZ = 13; // TLS master secret label size -const int KEY_LABEL_SZ = 13; // TLS key block expansion size -const int FINISHED_LABEL_SZ = 15; // TLS finished lable length -const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random -const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds -const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard -const int COMPRESS_EXTRA = 1024; // extra compression possible addition -const int SESSION_FLUSH_COUNT = 256; // when to flush session cache -const int MAX_PAD_SIZE = 256; // max TLS padding size -const int COMPRESS_CONSTANT = 13; // compression calculation constant -const int COMPRESS_UPPER = 55; // compression calculation numerator -const int COMPRESS_LOWER = 64; // compression calculation denominator -const int COMPRESS_DUMMY_SIZE = 64; // compression dummy round size - -typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS - -typedef opaque Random[RAN_LEN]; - -typedef opaque* DistinguishedName; - -typedef bool IsExportable; - - -enum CompressionMethod { no_compression = 0, zlib = 221 }; - -enum CipherType { stream, block }; - -enum CipherChoice { change_cipher_spec_choice = 1 }; - -enum PublicValueEncoding { implicit_encoding, explicit_encoding }; - -enum ConnectionEnd { server_end, client_end }; - -enum AlertLevel { warning = 1, fatal = 2 }; - - - -// Record Layer Header identifier from page 12 -enum ContentType { - no_type = 0, - change_cipher_spec = 20, - alert = 21, - handshake = 22, - application_data = 23 -}; - - -// HandShake Layer Header identifier from page 20 -enum HandShakeType { - no_shake = -1, - hello_request = 0, - client_hello = 1, - server_hello = 2, - certificate = 11, - server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20 -}; - - -// Valid Alert types from page 16/17 -enum AlertDescription { - close_notify = 0, - unexpected_message = 10, - bad_record_mac = 20, - decompression_failure = 30, - handshake_failure = 40, - no_certificate = 41, - bad_certificate = 42, - unsupported_certificate = 43, - certificate_revoked = 44, - certificate_expired = 45, - certificate_unknown = 46, - illegal_parameter = 47 -}; - - -// Supported Key Exchange Protocols -enum KeyExchangeAlgorithm { - no_kea = 0, - rsa_kea, - diffie_hellman_kea, - fortezza_kea -}; - - -// Supported Authentication Schemes -enum SignatureAlgorithm { - anonymous_sa_algo = 0, - rsa_sa_algo, - dsa_sa_algo -}; - - -// Valid client certificate request types from page 27 -enum ClientCertificateType { - rsa_sign = 1, - dss_sign = 2, - rsa_fixed_dh = 3, - dss_fixed_dh = 4, - rsa_ephemeral_dh = 5, - dss_ephemeral_dh = 6, - fortezza_kea_cert = 20 -}; - - -// Supported Ciphers from page 43 -enum BulkCipherAlgorithm { - cipher_null, - rc4, - rc2, - des, - triple_des, // leading 3 (3des) not valid identifier - des40, - idea, - aes -}; - - -// Supported Message Authentication Codes from page 43 -enum MACAlgorithm { - no_mac, - md5, - sha, - rmd -}; - - -// Certificate file Type -enum CertType { Cert = 0, PrivateKey, CA }; - - -// all Cipher Suites from pages 41/42 -const Cipher SSL_NULL_WITH_NULL_NULL = 0; // { 0x00, 0x00 } -const Cipher SSL_RSA_WITH_NULL_MD5 = 1; // { 0x00, 0x01 } -const Cipher SSL_RSA_WITH_NULL_SHA = 2; // { 0x00, 0x02 } -const Cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3; // { 0x00, 0x03 } -const Cipher SSL_RSA_WITH_RC4_128_MD5 = 4; // { 0x00, 0x04 } -const Cipher SSL_RSA_WITH_RC4_128_SHA = 5; // { 0x00, 0x05 } -const Cipher SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6; // { 0x00, 0x06 } -const Cipher SSL_RSA_WITH_IDEA_CBC_SHA = 7; // { 0x00, 0x07 } -const Cipher SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8; // { 0x00, 0x08 } -const Cipher SSL_RSA_WITH_DES_CBC_SHA = 9; // { 0x00, 0x09 } -const Cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10; // { 0x00, 0x0A } -const Cipher SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11; // { 0x00, 0x0B } -const Cipher SSL_DH_DSS_WITH_DES_CBC_SHA = 12; // { 0x00, 0x0C } -const Cipher SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13; // { 0x00, 0x0D } -const Cipher SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14; // { 0x00, 0x0E } -const Cipher SSL_DH_RSA_WITH_DES_CBC_SHA = 15; // { 0x00, 0x0F } -const Cipher SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16; // { 0x00, 0x10 } -const Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17; // { 0x00, 0x11 } -const Cipher SSL_DHE_DSS_WITH_DES_CBC_SHA = 18; // { 0x00, 0x12 } -const Cipher SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19; // { 0x00, 0x13 } -const Cipher SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20; // { 0x00, 0x14 } -const Cipher SSL_DHE_RSA_WITH_DES_CBC_SHA = 21; // { 0x00, 0x15 } -const Cipher SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22; // { 0x00, 0x16 } -const Cipher SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23; // { 0x00, 0x17 } -const Cipher SSL_DH_anon_WITH_RC4_128_MD5 = 24; // { 0x00, 0x18 } -const Cipher SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25; // { 0x00, 0x19 } -const Cipher SSL_DH_anon_WITH_DES_CBC_SHA = 26; // { 0x00, 0x1A } -const Cipher SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27; // { 0x00, 0x1B } -const Cipher SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28; // { 0x00, 0x1C } -const Cipher SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29; // { 0x00, 0x1D } -const Cipher SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30; // { 0x00, 0x1E } - -// .. to 0x2B uses Kerberos Authentication - - -// TLS AES extensions -const Cipher TLS_RSA_WITH_AES_128_CBC_SHA = 47; // { 0x00, 0x2F } -const Cipher TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48; // { 0x00, 0x30 } -const Cipher TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49; // { 0x00, 0x31 } -const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50; // { 0x00, 0x32 } -const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51; // { 0x00, 0x33 } -const Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA = 52; // { 0x00, 0x34 } - -const Cipher TLS_RSA_WITH_AES_256_CBC_SHA = 53; // { 0x00, 0x35 } -const Cipher TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54; // { 0x00, 0x36 } -const Cipher TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55; // { 0x00, 0x37 } -const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56; // { 0x00, 0x38 } -const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57; // { 0x00, 0x39 } -const Cipher TLS_DH_anon_WITH_AES_256_CBC_SHA = 58; // { 0x00, 0x3A } - - -// OpenPGP extensions - -const Cipher TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114; // { 0x00, 0x72 }; -const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115; // { 0x00, 0x73 }; -const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116; // { 0x00, 0x74 }; -const Cipher TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119; // { 0x00, 0x77 }; -const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120; // { 0x00, 0x78 }; -const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121; // { 0x00, 0x79 }; -const Cipher TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124; // { 0x00, 0x7C }; -const Cipher TLS_RSA_WITH_AES_128_CBC_RMD160 = 125; // { 0x00, 0x7D }; -const Cipher TLS_RSA_WITH_AES_256_CBC_RMD160 = 126; // { 0x00, 0x7E }; - - -const char* const null_str = ""; - -const char* const cipher_names[128] = -{ - null_str, // SSL_NULL_WITH_NULL_NULL = 0 - null_str, // SSL_RSA_WITH_NULL_MD5 = 1 - null_str, // SSL_RSA_WITH_NULL_SHA = 2 - null_str, // SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3 - "RC4-MD5", // SSL_RSA_WITH_RC4_128_MD5 = 4 - "RC4-SHA", // SSL_RSA_WITH_RC4_128_SHA = 5 - null_str, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6 - null_str, // SSL_RSA_WITH_IDEA_CBC_SHA = 7 - null_str, // SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8 - "DES-CBC-SHA", // SSL_RSA_WITH_DES_CBC_SHA = 9 - "DES-CBC3-SHA", // SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10 - - null_str, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11 - null_str, // SSL_DH_DSS_WITH_DES_CBC_SHA = 12 - null_str, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13 - null_str, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14 - null_str, // SSL_DH_RSA_WITH_DES_CBC_SHA = 15 - null_str, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16 - null_str, // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17 - "EDH-DSS-DES-CBC-SHA", // SSL_DHE_DSS_WITH_DES_CBC_SHA = 18 - "EDH-DSS-DES-CBC3-SHA", // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19 - null_str, // SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20 - - "EDH-RSA-DES-CBC-SHA", // SSL_DHE_RSA_WITH_DES_CBC_SHA = 21 - "EDH-RSA-DES-CBC3-SHA", // SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22 - null_str, // SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23 - null_str, // SSL_DH_anon_WITH_RC4_128_MD5 = 24 - null_str, // SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25 - null_str, // SSL_DH_anon_WITH_DES_CBC_SHA = 26 - null_str, // SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27 - null_str, // SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28 - null_str, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29 - null_str, // SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30 - - null_str, null_str, null_str, null_str, null_str, // 31 - 35 - null_str, null_str, null_str, null_str, null_str, // 36 - 40 - null_str, null_str, null_str, null_str, null_str, // 41 - 45 - null_str, // 46 - - // TLS AES extensions - "AES128-SHA", // TLS_RSA_WITH_AES_128_CBC_SHA = 47 - null_str, // TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48 - null_str, // TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49 - "DHE-DSS-AES128-SHA", // TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50 - "DHE-RSA-AES128-SHA", // TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51 - null_str, // TLS_DH_anon_WITH_AES_128_CBC_SHA = 52 - - "AES256-SHA", // TLS_RSA_WITH_AES_256_CBC_SHA = 53 - null_str, // TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54 - null_str, // TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55 - "DHE-DSS-AES256-SHA", // TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56 - "DHE-RSA-AES256-SHA", // TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57 - null_str, // TLS_DH_anon_WITH_AES_256_CBC_SHA = 58 - - null_str, // 59 - null_str, // 60 - null_str, null_str, null_str, null_str, null_str, // 61 - 65 - null_str, null_str, null_str, null_str, null_str, // 66 - 70 - null_str, null_str, null_str, null_str, null_str, // 71 - 75 - null_str, null_str, null_str, null_str, null_str, // 76 - 80 - null_str, null_str, null_str, null_str, null_str, // 81 - 85 - null_str, null_str, null_str, null_str, null_str, // 86 - 90 - null_str, null_str, null_str, null_str, null_str, // 91 - 95 - null_str, null_str, null_str, null_str, null_str, // 96 - 100 - null_str, null_str, null_str, null_str, null_str, // 101 - 105 - null_str, null_str, null_str, null_str, null_str, // 106 - 110 - null_str, null_str, null_str, // 111 - 113 - - "DHE-DSS-DES-CBC3-RMD", // TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114 - "DHE-DSS-AES128-RMD", // TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115 - "DHE-DSS-AES256-RMD", // TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116 - null_str, // 117 - null_str, // 118 - "DHE-RSA-DES-CBC3-RMD", // TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119 - "DHE-RSA-AES128-RMD", // TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120 - "DHE-RSA-AES256-RMD", // TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121 - null_str, // 122 - null_str, // 123 - "DES-CBC3-RMD", // TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124 - "AES128-RMD", // TLS_RSA_WITH_AES_128_CBC_RMD160 = 125 - "AES256-RMD", // TLS_RSA_WITH_AES_256_CBC_RMD160 = 126 - null_str // 127 -}; - -// fill with MD5 pad size since biggest required -const opaque PAD1[PAD_MD5] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 - }; -const opaque PAD2[PAD_MD5] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c - }; - -const opaque client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; -const opaque server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; - -const opaque tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; -const opaque tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; - -const opaque master_label[MASTER_LABEL_SZ + 1] = "master secret"; -const opaque key_label [KEY_LABEL_SZ + 1] = "key expansion"; - - -} // naemspace - -#if __GNUC__ == 2 && __GNUC_MINOR__ <= 96 -/* - gcc 2.96 bails out because of two declarations of byte: yaSSL::byte and - TaoCrypt::byte. TODO: define global types.hpp and move the declaration of - 'byte' there. -*/ -using yaSSL::byte; -#endif - - -#endif // yaSSL_TYPES_HPP -- cgit v1.1