wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

wpa adds

Browse Source
This commit is contained in:
toddouska
2011-10-28 18:43:07 -07:00
parent 3ac390c147
commit cb90900920
5 changed files with 125 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cyassl/internal.h
View File

@@ -532,7 +532,7 @@ typedef struct Suites {
CYASSL_LOCAL CYASSL_LOCAL
void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int); void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
CYASSL_LOCAL CYASSL_LOCAL
int SetCipherList(CYASSL_CTX* ctx, const char* list); int SetCipherList(Suites*, const char* list);
#ifndef PSK_TYPES_DEFINED #ifndef PSK_TYPES_DEFINED
typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*, typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
@@ -983,6 +983,7 @@ struct CYASSL {
Options options; Options options;
Arrays arrays; Arrays arrays;
CYASSL_SESSION session; CYASSL_SESSION session;
VerifyCallback verifyCallback; /* cert verification callback */
RsaKey peerRsaKey; RsaKey peerRsaKey;
byte peerRsaKeyPresent; byte peerRsaKeyPresent;
#ifdef HAVE_NTRU #ifdef HAVE_NTRU

7
cyassl/openssl/ssl.h
View File

@@ -111,17 +111,20 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_shutdown CyaSSL_shutdown #define SSL_shutdown CyaSSL_shutdown
#define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown #define SSL_CTX_set_quiet_shutdown CyaSSL_CTX_set_quiet_shutdown
#define SSL_set_quiet_shutdown CyaSSL_set_quiet_shutdown
#define SSL_get_error CyaSSL_get_error #define SSL_get_error CyaSSL_get_error
#define SSL_set_session CyaSSL_set_session #define SSL_set_session CyaSSL_set_session
#define SSL_get_session CyaSSL_get_session #define SSL_get_session CyaSSL_get_session
#define SSL_flush_sessions CyaSSL_flush_sessions #define SSL_flush_sessions CyaSSL_flush_sessions
#define SSL_CTX_set_verify CyaSSL_CTX_set_verify #define SSL_CTX_set_verify CyaSSL_CTX_set_verify
#define SSL_set_verify CyaSSL_set_verify
#define SSL_pending CyaSSL_pending #define SSL_pending CyaSSL_pending
#define SSL_load_error_strings CyaSSL_load_error_strings #define SSL_load_error_strings CyaSSL_load_error_strings
#define SSL_library_init CyaSSL_library_init #define SSL_library_init CyaSSL_library_init
#define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode #define SSL_CTX_set_session_cache_mode CyaSSL_CTX_set_session_cache_mode
#define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list #define SSL_CTX_set_cipher_list CyaSSL_CTX_set_cipher_list
#define SSL_set_cipher_list CyaSSL_set_cipher_list
#define ERR_error_string CyaSSL_ERR_error_string #define ERR_error_string CyaSSL_ERR_error_string
#define ERR_error_string_n CyaSSL_ERR_error_string_n #define ERR_error_string_n CyaSSL_ERR_error_string_n
@@ -136,6 +139,7 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_set_accept_state CyaSSL_set_accept_state #define SSL_set_accept_state CyaSSL_set_accept_state
#define SSL_session_reused CyaSSL_session_reused #define SSL_session_reused CyaSSL_session_reused
#define SSL_SESSION_free CyaSSL_SESSION_free #define SSL_SESSION_free CyaSSL_SESSION_free
#define SSL_is_init_finished CyaSSL_is_init_finished
#define SSL_get_version CyaSSL_get_version #define SSL_get_version CyaSSL_get_version
#define SSL_get_current_cipher CyaSSL_get_current_cipher #define SSL_get_current_cipher CyaSSL_get_current_cipher
@@ -143,6 +147,9 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name #define SSL_CIPHER_get_name CyaSSL_CIPHER_get_name
#define SSL_get1_session CyaSSL_get1_session #define SSL_get1_session CyaSSL_get1_session
#define SSL_get_keyblock_size CyaSSL_get_keyblock_size
#define SSL_get_keys CyaSSL_get_keys
#define X509_free CyaSSL_X509_free #define X509_free CyaSSL_X509_free
#define OPENSSL_free CyaSSL_OPENSSL_free #define OPENSSL_free CyaSSL_OPENSSL_free

10
cyassl/ssl.h
View File

@@ -176,6 +176,7 @@ CYASSL_API void CyaSSL_free(CYASSL*);
CYASSL_API int CyaSSL_shutdown(CYASSL*); CYASSL_API int CyaSSL_shutdown(CYASSL*);
CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int); CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
CYASSL_API int CyaSSL_get_error(CYASSL*, int); CYASSL_API int CyaSSL_get_error(CYASSL*, int);
@@ -189,6 +190,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*);
CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int,
VerifyCallback verify_callback); VerifyCallback verify_callback);
CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback);
CYASSL_API int CyaSSL_pending(CYASSL*); CYASSL_API int CyaSSL_pending(CYASSL*);
@@ -198,6 +200,7 @@ CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
/* only supports full name from cipher_name[] delimited by : */ /* only supports full name from cipher_name[] delimited by : */
CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*); CYASSL_API int CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
CYASSL_API int CyaSSL_set_cipher_list(CYASSL*, const char*);
CYASSL_API int CyaSSL_ERR_GET_REASON(int err); CYASSL_API int CyaSSL_ERR_GET_REASON(int err);
CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*); CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
@@ -219,6 +222,7 @@ CYASSL_API void CyaSSL_set_connect_state(CYASSL*);
CYASSL_API void CyaSSL_set_accept_state(CYASSL*); CYASSL_API void CyaSSL_set_accept_state(CYASSL*);
CYASSL_API int CyaSSL_session_reused(CYASSL*); CYASSL_API int CyaSSL_session_reused(CYASSL*);
CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session); CYASSL_API void CyaSSL_SESSION_free(CYASSL_SESSION* session);
CYASSL_API int CyaSSL_is_init_finished(CYASSL*);
CYASSL_API const char* CyaSSL_get_version(CYASSL*); CYASSL_API const char* CyaSSL_get_version(CYASSL*);
CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*); CYASSL_API CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL*);
@@ -667,6 +671,12 @@ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl);
CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz, CYASSL_API int CyaSSL_SetTmpDH(CYASSL*, unsigned char* p, int pSz,
unsigned char* g, int gSz); unsigned char* g, int gSz);
/* keyblock size in bytes or -1 */
CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*);
CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen);
#ifndef _WIN32 #ifndef _WIN32
#ifndef NO_WRITEV #ifndef NO_WRITEV
#ifdef __PPU #ifdef __PPU

17
src/internal.c
View File

@@ -671,6 +671,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
#endif #endif
InitRsaKey(&ssl->peerRsaKey, ctx->heap); InitRsaKey(&ssl->peerRsaKey, ctx->heap);
ssl->verifyCallback = ctx->verifyCallback;
ssl->peerRsaKeyPresent = 0; ssl->peerRsaKeyPresent = 0;
ssl->options.side = ctx->method->side; ssl->options.side = ctx->method->side;
ssl->options.downgrade = ctx->method->downgrade; ssl->options.downgrade = ctx->method->downgrade;
@@ -1614,7 +1615,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
int why = bad_certificate; int why = bad_certificate;
if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
why = certificate_expired; why = certificate_expired;
if (ssl->ctx->verifyCallback) { if (ssl->verifyCallback) {
int ok; int ok;
CYASSL_X509_STORE_CTX store; CYASSL_X509_STORE_CTX store;
@@ -1626,7 +1627,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
#else #else
store.current_cert = NULL; store.current_cert = NULL;
#endif #endif
ok = ssl->ctx->verifyCallback(0, &store); ok = ssl->verifyCallback(0, &store);
if (ok) { if (ok) {
CYASSL_MSG("Verify callback overriding error!"); CYASSL_MSG("Verify callback overriding error!");
ret = 0; ret = 0;
@@ -3484,7 +3485,7 @@ int cipher_name_idx[] =
/* return true if set, else false */ /* return true if set, else false */
/* only supports full name from cipher_name[] delimited by : */ /* only supports full name from cipher_name[] delimited by : */
int SetCipherList(CYASSL_CTX* ctx, const char* list) int SetCipherList(Suites* s, const char* list)
{ {
int ret = 0, i; int ret = 0, i;
char name[MAX_SUITE_NAME]; char name[MAX_SUITE_NAME];
@@ -3519,10 +3520,10 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
for (i = 0; i < suiteSz; i++) for (i = 0; i < suiteSz; i++)
if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
if (XSTRSTR(name, "EC")) if (XSTRSTR(name, "EC"))
ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */ s->suites[idx++] = ECC_BYTE; /* ECC suite */
else else
ctx->suites.suites[idx++] = 0x00; /* normal */ s->suites[idx++] = 0x00; /* normal */
ctx->suites.suites[idx++] = (byte)cipher_name_idx[i]; s->suites[idx++] = (byte)cipher_name_idx[i];
if (!ret) ret = 1; /* found at least one */ if (!ret) ret = 1; /* found at least one */
break; break;
@@ -3532,8 +3533,8 @@ int SetCipherList(CYASSL_CTX* ctx, const char* list)
} }
if (ret) { if (ret) {
ctx->suites.setSuites = 1; s->setSuites = 1;
ctx->suites.suiteSz = (word16)idx; s->suiteSz = (word16)idx;
} }
return ret; return ret;

101
src/ssl.c
View File

@@ -1177,7 +1177,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
{ {
CYASSL_ENTER("SSL_CTX_set_verify"); CYASSL_ENTER("CyaSSL_CTX_set_verify");
if (mode & SSL_VERIFY_PEER) { if (mode & SSL_VERIFY_PEER) {
ctx->verifyPeer = 1; ctx->verifyPeer = 1;
ctx->verifyNone = 0; /* in case perviously set */ ctx->verifyNone = 0; /* in case perviously set */
@@ -1195,6 +1195,26 @@ void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
} }
void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
{
CYASSL_ENTER("CyaSSL_set_verify");
if (mode & SSL_VERIFY_PEER) {
ssl->options.verifyPeer = 1;
ssl->options.verifyNone = 0; /* in case perviously set */
}
if (mode == SSL_VERIFY_NONE) {
ssl->options.verifyNone = 1;
ssl->options.verifyPeer = 0; /* in case previously set */
}
if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ssl->options.failNoCert = 1;
ssl->verifyCallback = vc;
}
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl) CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
@@ -1250,14 +1270,35 @@ long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
{ {
CYASSL_ENTER("SSL_CTX_set_cipher_list"); CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
if (SetCipherList(ctx, list)) if (SetCipherList(&ctx->suites, list))
return SSL_SUCCESS; return SSL_SUCCESS;
else else
return SSL_FAILURE; return SSL_FAILURE;
} }
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
{
CYASSL_ENTER("CyaSSL_set_cipher_list");
if (SetCipherList(&ssl->suites, list)) {
byte havePSK = 0;
#ifndef NO_PSK
havePSK = ssl->options.havePSK;
#endif
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->ctx->method->side);
return SSL_SUCCESS;
}
else
return SSL_FAILURE;
}
/* client only parts */ /* client only parts */
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
@@ -2361,12 +2402,20 @@ int CyaSSL_set_compression(CYASSL* ssl)
void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode) void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
{ {
CYASSL_ENTER("SSL_CTX_set_quiet_shutdown"); CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
if (mode) if (mode)
ctx->quietShutdown = 1; ctx->quietShutdown = 1;
} }
void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
{
CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
if (mode)
ssl->options.quietShutdown = 1;
}
int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx) int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
{ {
/* TODO: check private against public for RSA match */ /* TODO: check private against public for RSA match */
@@ -2410,6 +2459,37 @@ int CyaSSL_set_compression(CYASSL* ssl)
} }
/* keyblock size in bytes or -1 */
int CyaSSL_get_keyblock_size(CYASSL* ssl)
{
if (ssl == NULL)
return -1;
return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
ssl->specs.hash_size);
}
/* store keys returns 0 or -1 on error */
int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen)
{
if (ssl == NULL)
return -1;
*ms = ssl->arrays.masterSecret;
*sr = ssl->arrays.serverRandom;
*cr = ssl->arrays.clientRandom;
*msLen = SECRET_LEN;
*srLen = RAN_LEN;
*crLen = RAN_LEN;
return 0;
}
void CyaSSL_set_accept_state(CYASSL* ssl) void CyaSSL_set_accept_state(CYASSL* ssl)
{ {
byte havePSK = 0; byte havePSK = 0;
@@ -2426,6 +2506,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
} }
/* return true if connection established */
int CyaSSL_is_init_finished(CYASSL* ssl)
{
if (ssl == NULL)
return 0;
if (ssl->options.handShakeState == HANDSHAKE_DONE)
return 1;
return 0;
}
void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx, void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
CYASSL_RSA*(*f)(CYASSL*, int, int)) CYASSL_RSA*(*f)(CYASSL*, int, int))
{ {