Commit 5e500522 authored by unknown's avatar unknown

Import yaSSL version 1.5.8

 - Includes patch for Bug#25189


extra/yassl/README:
  Import patch yassl.diff
extra/yassl/include/openssl/ssl.h:
  Import patch yassl.diff
extra/yassl/src/make.bat:
  Import patch yassl.diff
extra/yassl/src/ssl.cpp:
  Import patch yassl.diff
extra/yassl/src/yassl_error.cpp:
  Import patch yassl.diff
extra/yassl/taocrypt/benchmark/make.bat:
  Import patch yassl.diff
extra/yassl/taocrypt/include/asn.hpp:
  Import patch yassl.diff
extra/yassl/taocrypt/include/error.hpp:
  Import patch yassl.diff
extra/yassl/taocrypt/include/file.hpp:
  Import patch yassl.diff
extra/yassl/taocrypt/src/asn.cpp:
  Import patch yassl.diff
extra/yassl/taocrypt/src/coding.cpp:
  Import patch yassl.diff
extra/yassl/taocrypt/src/integer.cpp:
  Import patch yassl.diff
extra/yassl/taocrypt/src/make.bat:
  Import patch yassl.diff
extra/yassl/taocrypt/test/make.bat:
  Import patch yassl.diff
extra/yassl/taocrypt/test/test.cpp:
  Import patch yassl.diff
extra/yassl/testsuite/make.bat:
  Import patch yassl.diff
extra/yassl/testsuite/testsuite.cpp:
  Import patch yassl.diff
parent 1d82eb04
yaSSL Release notes, version 1.5.0 (11/09/06) *****************yaSSL Release notes, version 1.5.0 (1/10/07)
This release of yaSSL contains bug fixes, portability enhancements, and
support for GCC 4.1.1 and vs2005 sp1.
Since yaSSL now supports zlib, as does libcur, the libcurl build test can
fail if yaSSL is built with zlib support since the zlib library isn't
passed. You can do two things to fix this:
1) build yaSSL w/o zlib --without-zlib
2) or add flags to curl configure LDFLAGS="-lm -lz"
*****************yaSSL Release notes, version 1.5.0 (11/09/06)
This release of yaSSL contains bug fixes, portability enhancements, This release of yaSSL contains bug fixes, portability enhancements,
and full TLS 1.1 support. Use the functions: and full TLS 1.1 support. Use the functions:
......
...@@ -41,7 +41,7 @@ ...@@ -41,7 +41,7 @@
#include "rsa.h" #include "rsa.h"
#define YASSL_VERSION "1.5.0" #define YASSL_VERSION "1.5.8"
#if defined(__cplusplus) #if defined(__cplusplus)
......
REM quick and dirty build file for testing different MSDEVs REM quick and dirty build file for testing different MSDEVs
@echo off
REM Copyright (C) 2006 MySQL AB
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
@echo on
setlocal setlocal
set myFLAGS= /I../include /I../taocrypt/mySTL /I../taocrypt/include /W3 /c /ZI set myFLAGS= /I../include /I../taocrypt/mySTL /I../taocrypt/include /W3 /c /ZI
......
...@@ -958,7 +958,7 @@ void ERR_print_errors_fp(FILE* /*fp*/) ...@@ -958,7 +958,7 @@ void ERR_print_errors_fp(FILE* /*fp*/)
char* ERR_error_string(unsigned long errNumber, char* buffer) char* ERR_error_string(unsigned long errNumber, char* buffer)
{ {
static char* msg = (char*) "Please supply a buffer for error string"; static char* msg = "Please supply a buffer for error string";
if (buffer) { if (buffer) {
SetErrorString(YasslError(errNumber), buffer); SetErrorString(YasslError(errNumber), buffer);
......
...@@ -150,6 +150,10 @@ void SetErrorString(YasslError error, char* buffer) ...@@ -150,6 +150,10 @@ void SetErrorString(YasslError error, char* buffer)
strncpy(buffer, "the read operation would block", max); strncpy(buffer, "the read operation would block", max);
break; break;
case CERTFICATE_ERROR :
strncpy(buffer, "Unable to verify certificate", max);
break;
// TaoCrypt errors // TaoCrypt errors
case NO_ERROR_E : case NO_ERROR_E :
strncpy(buffer, "not in error state", max); strncpy(buffer, "not in error state", max);
...@@ -255,8 +259,12 @@ void SetErrorString(YasslError error, char* buffer) ...@@ -255,8 +259,12 @@ void SetErrorString(YasslError error, char* buffer)
strncpy(buffer, "ASN: bad other signature confirmation", max); strncpy(buffer, "ASN: bad other signature confirmation", max);
break; break;
case CERTFICATE_ERROR : case CONTENT_E :
strncpy(buffer, "Unable to verify certificate", max); strncpy(buffer, "bad content processing", max);
break;
case PEM_E :
strncpy(buffer, "bad PEM format processing", max);
break; break;
default : default :
......
REM quick and dirty build file for testing different MSDEVs REM quick and dirty build file for testing different MSDEVs
@echo off
REM Copyright (C) 2006 MySQL AB
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
@echo on
setlocal setlocal
set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
......
...@@ -99,6 +99,17 @@ enum DNTags ...@@ -99,6 +99,17 @@ enum DNTags
}; };
enum PCKS12_Tags
{
/* DATA = 1, */ // from ASN1
SIGNED_DATA = 2,
ENVELOPED_DATA = 3,
SIGNED_AND_ENVELOPED_DATA = 4,
DIGESTED_DATA = 5,
ENCRYPTED_DATA = 6
};
enum Constants enum Constants
{ {
MIN_DATE_SZ = 13, MIN_DATE_SZ = 13,
...@@ -195,6 +206,16 @@ private: ...@@ -195,6 +206,16 @@ private:
}; };
// PKCS12 BER Decoder
class PKCS12_Decoder : public BER_Decoder {
public:
explicit PKCS12_Decoder(Source& s) : BER_Decoder(s) {}
void Decode();
private:
void ReadHeader();
};
// General PublicKey // General PublicKey
class PublicKey { class PublicKey {
byte* key_; byte* key_;
...@@ -241,6 +262,7 @@ private: ...@@ -241,6 +262,7 @@ private:
typedef STL::list<Signer*> SignerList; typedef STL::list<Signer*> SignerList;
enum ContentType { HUH = 651 };
enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA =649}; enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA =649};
enum HashType { MD2h = 646, MD5h = 649, SHAh = 88 }; enum HashType { MD2h = 646, MD5h = 649, SHAh = 88 };
enum KeyType { DSAk = 515, RSAk = 645 }; // sums of algo OID enum KeyType { DSAk = 515, RSAk = 645 }; // sums of algo OID
...@@ -345,6 +367,12 @@ private: ...@@ -345,6 +367,12 @@ private:
}; };
// Get Cert in PEM format from BEGIN to END
int GetCert(Source&);
// Get Cert in PEM format from pkcs12 file
int GetPKCS_Cert(const char* password, Source&);
} // namespace } // namespace
......
...@@ -70,8 +70,12 @@ DSA_SZ_E = 1035, // "bad DSA r or s size" ...@@ -70,8 +70,12 @@ DSA_SZ_E = 1035, // "bad DSA r or s size"
BEFORE_DATE_E = 1036, // "before date in the future" BEFORE_DATE_E = 1036, // "before date in the future"
AFTER_DATE_E = 1037, // "after date in the past" AFTER_DATE_E = 1037, // "after date in the past"
SIG_CONFIRM_E = 1038, // "bad self signature confirmation" SIG_CONFIRM_E = 1038, // "bad self signature confirmation"
SIG_OTHER_E = 1039 // "bad other signature confirmation" SIG_OTHER_E = 1039, // "bad other signature confirmation"
CONTENT_E = 1040, // "bad content processing"
PEM_E = 1041 // "bad pem format error"
// add error string to yassl/src/yassl_error.cpp !!!
}; };
......
...@@ -71,8 +71,10 @@ public: ...@@ -71,8 +71,10 @@ public:
void SetError(ErrorNumber w) { error_.SetError(w); } void SetError(ErrorNumber w) { error_.SetError(w); }
friend class FileSource; // for get() friend class FileSource; // for get()
private:
Source(const Source& that) : buffer_(that.buffer_), current_(that.current_) {} Source(const Source& that)
: buffer_(that.buffer_), current_(that.current_) {}
Source& operator=(const Source& that) Source& operator=(const Source& that)
{ {
Source tmp(that); Source tmp(that);
......
...@@ -1098,4 +1098,83 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz) ...@@ -1098,4 +1098,83 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
} }
// Get Cert in PEM format from BEGIN to END
int GetCert(Source& source)
{
char header[] = "-----BEGIN CERTIFICATE-----";
char footer[] = "-----END CERTIFICATE-----";
char* begin = strstr((char*)source.get_buffer(), header);
char* end = strstr((char*)source.get_buffer(), footer);
if (!begin || !end || begin >= end) return -1;
end += strlen(footer);
if (*end == '\r') end++;
Source tmp((byte*)begin, end - begin + 1);
source.Swap(tmp);
return 0;
}
// Decode a BER encoded PKCS12 structure
void PKCS12_Decoder::Decode()
{
ReadHeader();
if (source_.GetError().What()) return;
// Get AuthSafe
GetSequence();
// get object id
byte obj_id = source_.next();
if (obj_id != OBJECT_IDENTIFIER) {
source_.SetError(OBJECT_ID_E);
return;
}
word32 length = GetLength(source_);
word32 algo_sum = 0;
while (length--)
algo_sum += source_.next();
// Get MacData optional
/*
mac digestInfo like certdecoder::getdigest?
macsalt octet string
iter integer
*/
}
void PKCS12_Decoder::ReadHeader()
{
// Gets Version
GetSequence();
GetVersion();
}
// Get Cert in PEM format from pkcs12 file
int GetPKCS_Cert(const char* password, Source& source)
{
PKCS12_Decoder pkcs12(source);
pkcs12.Decode();
return 0;
}
} // namespace } // namespace
...@@ -131,8 +131,7 @@ void HexDecoder::Decode() ...@@ -131,8 +131,7 @@ void HexDecoder::Decode()
void Base64Encoder::Encode() void Base64Encoder::Encode()
{ {
word32 bytes = plain_.size(); word32 bytes = plain_.size();
word32 outSz = bytes * 4 / 3; word32 outSz = (bytes + 3 - 1) / 3 * 4;
outSz += (outSz % 4); // 4 byte integrals
outSz += (outSz + pemLineSz - 1) / pemLineSz; // new lines outSz += (outSz + pemLineSz - 1) / pemLineSz; // new lines
encoded_.New(outSz); encoded_.New(outSz);
...@@ -159,7 +158,7 @@ void Base64Encoder::Encode() ...@@ -159,7 +158,7 @@ void Base64Encoder::Encode()
bytes -= 3; bytes -= 3;
if ((++j % 16) == 0) if ((++j % 16) == 0 && bytes)
encoded_[i++] = '\n'; encoded_[i++] = '\n';
} }
...@@ -236,11 +235,18 @@ void Base64Decoder::Decode() ...@@ -236,11 +235,18 @@ void Base64Decoder::Decode()
if ((++j % 16) == 0) { if ((++j % 16) == 0) {
byte endLine = coded_.next(); byte endLine = coded_.next();
bytes--; bytes--;
while (endLine == ' ') { // remove possible whitespace
endLine = coded_.next();
bytes--;
}
if (endLine == '\r') { if (endLine == '\r') {
endLine = coded_.next(); endLine = coded_.next();
bytes--; bytes--;
} }
assert(endLine == '\n'); if (endLine != '\n') {
coded_.SetError(PEM_E);
return;
}
} }
} }
......
...@@ -88,7 +88,7 @@ namespace TaoCrypt { ...@@ -88,7 +88,7 @@ namespace TaoCrypt {
#ifdef SSE2_INTRINSICS_AVAILABLE #ifdef SSE2_INTRINSICS_AVAILABLE
template <class T> template <class T>
CPP_TYPENAME AllocatorBase<T>::pointer AlignedAllocator<T>::allocate( CPP_TYPENAME AlignedAllocator<T>::pointer AlignedAllocator<T>::allocate(
size_type n, const void *) size_type n, const void *)
{ {
CheckSize(n); CheckSize(n);
...@@ -572,24 +572,29 @@ static word AtomicInverseModPower2(word A) ...@@ -572,24 +572,29 @@ static word AtomicInverseModPower2(word A)
class Portable class Portable
{ {
public: public:
static word Add(word *C, const word *A, const word *B, unsigned int N); static word TAOCRYPT_CDECL Add(word *C, const word *A, const word *B,
static word Subtract(word *C, const word *A, const word*B, unsigned int N); unsigned int N);
static word TAOCRYPT_CDECL Subtract(word *C, const word *A, const word*B,
static void Multiply2(word *C, const word *A, const word *B); unsigned int N);
static word Multiply2Add(word *C, const word *A, const word *B); static void TAOCRYPT_CDECL Multiply2(word *C, const word *A, const word *B);
static void Multiply4(word *C, const word *A, const word *B); static word TAOCRYPT_CDECL Multiply2Add(word *C,
static void Multiply8(word *C, const word *A, const word *B); const word *A, const word *B);
static unsigned int MultiplyRecursionLimit() {return 8;} static void TAOCRYPT_CDECL Multiply4(word *C, const word *A, const word *B);
static void TAOCRYPT_CDECL Multiply8(word *C, const word *A, const word *B);
static void Multiply2Bottom(word *C, const word *A, const word *B); static unsigned int TAOCRYPT_CDECL MultiplyRecursionLimit() {return 8;}
static void Multiply4Bottom(word *C, const word *A, const word *B);
static void Multiply8Bottom(word *C, const word *A, const word *B); static void TAOCRYPT_CDECL Multiply2Bottom(word *C, const word *A,
static unsigned int MultiplyBottomRecursionLimit() {return 8;} const word *B);
static void TAOCRYPT_CDECL Multiply4Bottom(word *C, const word *A,
static void Square2(word *R, const word *A); const word *B);
static void Square4(word *R, const word *A); static void TAOCRYPT_CDECL Multiply8Bottom(word *C, const word *A,
static void Square8(word *R, const word *A) {assert(false);} const word *B);
static unsigned int SquareRecursionLimit() {return 4;} static unsigned int TAOCRYPT_CDECL MultiplyBottomRecursionLimit(){return 8;}
static void TAOCRYPT_CDECL Square2(word *R, const word *A);
static void TAOCRYPT_CDECL Square4(word *R, const word *A);
static void TAOCRYPT_CDECL Square8(word *R, const word *A) {assert(false);}
static unsigned int TAOCRYPT_CDECL SquareRecursionLimit() {return 4;}
}; };
word Portable::Add(word *C, const word *A, const word *B, unsigned int N) word Portable::Add(word *C, const word *A, const word *B, unsigned int N)
......
REM quick and dirty build file for testing different MSDEVs REM quick and dirty build file for testing different MSDEVs
@echo off
REM Copyright (C) 2006 MySQL AB
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
@echo on
setlocal setlocal
set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
......
REM quick and dirty build file for testing different MSDEVs REM quick and dirty build file for testing different MSDEVs
@echo off
REM Copyright (C) 2006 MySQL AB
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
@echo on
setlocal setlocal
set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2
......
...@@ -74,7 +74,8 @@ using TaoCrypt::EncodeDSA_Signature; ...@@ -74,7 +74,8 @@ using TaoCrypt::EncodeDSA_Signature;
using TaoCrypt::DecodeDSA_Signature; using TaoCrypt::DecodeDSA_Signature;
using TaoCrypt::PBKDF2_HMAC; using TaoCrypt::PBKDF2_HMAC;
using TaoCrypt::tcArrayDelete; using TaoCrypt::tcArrayDelete;
using TaoCrypt::GetCert;
using TaoCrypt::GetPKCS_Cert;
struct testVector { struct testVector {
...@@ -103,6 +104,7 @@ int rsa_test(); ...@@ -103,6 +104,7 @@ int rsa_test();
int dsa_test(); int dsa_test();
int dh_test(); int dh_test();
int pwdbased_test(); int pwdbased_test();
int pkcs12_test();
TaoCrypt::RandomNumberGenerator rng; TaoCrypt::RandomNumberGenerator rng;
...@@ -228,6 +230,13 @@ void taocrypt_test(void* args) ...@@ -228,6 +230,13 @@ void taocrypt_test(void* args)
else else
printf( "PBKDF2 test passed!\n"); printf( "PBKDF2 test passed!\n");
/* not ready yet
if ( (ret = pkcs12_test()) )
err_sys("PKCS12 test failed!\n", ret);
else
printf( "PKCS12 test passed!\n");
*/
tcArrayDelete(cipher); tcArrayDelete(cipher);
tcArrayDelete(plain); tcArrayDelete(plain);
tcArrayDelete(msg); tcArrayDelete(msg);
...@@ -994,3 +1003,38 @@ int pwdbased_test() ...@@ -994,3 +1003,38 @@ int pwdbased_test()
return 0; return 0;
} }
int pkcs12_test()
{
Source cert;
FileSource("../certs/server-cert.pem", cert);
if (cert.size() == 0) {
FileSource("../../certs/server-cert.pem", cert); // for testsuite
if (cert.size() == 0) {
FileSource("../../../certs/server-cert.pem", cert); // Debug dir
if (cert.size() == 0)
err_sys("where's your certs dir?", -109);
}
}
if (GetCert(cert) != 0)
return -110;
Source source;
FileSource("../certs/server.p12", source);
if (source.size() == 0) {
FileSource("../../certs/server.p12", source); // for testsuite
if (source.size() == 0) {
FileSource("../../../certs/server.p12", source); // Debug dir
if (source.size() == 0)
err_sys("where's your certs dir?", -111);
}
}
if (GetPKCS_Cert("password", source) != 0)
return -112;
return 0;
}
REM quick and dirty build file for testing different MSDEVs REM quick and dirty build file for testing different MSDEVs
@echo off
REM Copyright (C) 2006 MySQL AB
REM
REM This program is free software; you can redistribute it and/or modify
REM it under the terms of the GNU General Public License as published by
REM the Free Software Foundation; version 2 of the License.
REM
REM This program is distributed in the hope that it will be useful,
REM but WITHOUT ANY WARRANTY; without even the implied warranty of
REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
REM GNU General Public License for more details.
REM
REM You should have received a copy of the GNU General Public License
REM along with this program; if not, write to the Free Software
REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
@echo on
setlocal setlocal
set myFLAGS= /I../include /I../taocrypt/include /I../taocrypt/mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER" set myFLAGS= /I../include /I../taocrypt/include /I../taocrypt/mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"
......
...@@ -86,8 +86,8 @@ int main(int argc, char** argv) ...@@ -86,8 +86,8 @@ int main(int argc, char** argv)
// input output compare // input output compare
byte input[TaoCrypt::MD5::DIGEST_SIZE]; byte input[TaoCrypt::MD5::DIGEST_SIZE];
byte output[TaoCrypt::MD5::DIGEST_SIZE]; byte output[TaoCrypt::MD5::DIGEST_SIZE];
file_test((char*) "input", input); file_test("input", input);
file_test((char*) "output", output); file_test("output", output);
assert(memcmp(input, output, sizeof(input)) == 0); assert(memcmp(input, output, sizeof(input)) == 0);
printf("\nAll tests passed!\n"); printf("\nAll tests passed!\n");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment