diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2015-01-09 09:46:07 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2015-01-09 09:46:07 +0100 |
commit | 5ac03256db0fe4ca7e3ad1117d096c3a76368b76 (patch) | |
tree | c767808892cc7f013b87174ad3b31c23508b5fa5 /release/src/router/cyassl/include/openssl | |
parent | d89b5dc1509c66ccbed1dbc7ed0e09264ea3179e (diff) | |
download | tomato-5ac03256db0fe4ca7e3ad1117d096c3a76368b76.tar.gz tomato-5ac03256db0fe4ca7e3ad1117d096c3a76368b76.tar.bz2 |
backported CyaSSL/OpenSSL support for internal webserver instead of MatrixSSL
Diffstat (limited to 'release/src/router/cyassl/include/openssl')
33 files changed, 1680 insertions, 0 deletions
diff --git a/release/src/router/cyassl/include/openssl/asn1.h b/release/src/router/cyassl/include/openssl/asn1.h new file mode 100644 index 00000000..3f34d7d2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/asn1.h @@ -0,0 +1,2 @@ +/* asn1.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/bio.h b/release/src/router/cyassl/include/openssl/bio.h new file mode 100644 index 00000000..bbdcc0f2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/bio.h @@ -0,0 +1,2 @@ +/* bio.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/bn.h b/release/src/router/cyassl/include/openssl/bn.h new file mode 100644 index 00000000..39770e99 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/bn.h @@ -0,0 +1,2 @@ +/* bn.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/conf.h b/release/src/router/cyassl/include/openssl/conf.h new file mode 100644 index 00000000..1e328cf4 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/conf.h @@ -0,0 +1,2 @@ +/* conf.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/crypto.h b/release/src/router/cyassl/include/openssl/crypto.h new file mode 100644 index 00000000..603943bc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/crypto.h @@ -0,0 +1,19 @@ +/* crypto.h for openSSL */ + +#ifndef CYASSL_CRYPTO_H_ +#define CYASSL_CRYPTO_H_ + +#ifdef YASSL_PREFIX +#include "prefix_crypto.h" +#endif + +const char* SSLeay_version(int type); +unsigned long SSLeay(void); + + +#define SSLEAY_VERSION 0x0090600fL +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION + + +#endif /* header */ + diff --git a/release/src/router/cyassl/include/openssl/cyassl_callbacks.h b/release/src/router/cyassl/include/openssl/cyassl_callbacks.h new file mode 100644 index 00000000..87998aa2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/cyassl_callbacks.h @@ -0,0 +1,81 @@ +/* cyassl_callbacks.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_CALLBACKS_H +#define CYASSL_CALLBACKS_H + +#include <sys/time.h> + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { /* CALLBACK CONTSTANTS */ + MAX_PACKETNAME_SZ = 24, + MAX_CIPHERNAME_SZ = 24, + MAX_TIMEOUT_NAME_SZ = 24, + MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */ + MAX_VALUE_SZ = 128, /* all handshake packets but Cert should + fit here */ +}; + + +typedef struct handShakeInfo_st { + char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */ + char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1]; + /* SSL packet names */ + int numberPackets; /* actual # of packets */ + int negotiationError; /* cipher/parameter err */ +} HandShakeInfo; + + +typedef struct timeval Timeval; + + +typedef struct packetInfo_st { + char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */ + Timeval timestamp; /* when it occured */ + unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */ + unsigned char* bufferValue; /* otherwise here (non 0) */ + int valueSz; /* sz of value or buffer */ +} PacketInfo; + + +typedef struct timeoutInfo_st { + char timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */ + int flags; /* for future use */ + int numberPackets; /* actual # of packets */ + PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */ + Timeval timeoutValue; /* timer that caused it */ +} TimeoutInfo; + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CyaSSL_CALLBACKS_H */ + diff --git a/release/src/router/cyassl/include/openssl/cyassl_test.h b/release/src/router/cyassl/include/openssl/cyassl_test.h new file mode 100644 index 00000000..555f3e19 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/cyassl_test.h @@ -0,0 +1,563 @@ +/* cyassl_test.h */ + +#ifndef CyaSSL_TEST_H +#define CyaSSL_TEST_H + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <ctype.h> +#include "types.h" + +#ifdef USE_WINDOWS_API + #include <winsock2.h> + #include <process.h> + #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ + #include <ws2tcpip.h> + #include <wspiapi.h> + #endif + #define SOCKET_T int +#else + #include <string.h> + #include <unistd.h> + #include <netdb.h> + #include <netinet/in.h> + #include <netinet/tcp.h> + #include <arpa/inet.h> + #include <sys/ioctl.h> + #include <sys/time.h> + #include <sys/types.h> + #include <sys/socket.h> + #include <pthread.h> + #ifdef NON_BLOCKING + #include <fcntl.h> + #endif + #ifdef TEST_IPV6 + #include <netdb.h> + #endif + #define SOCKET_T unsigned int +#endif /* USE_WINDOWS_API */ + +#ifdef _MSC_VER + /* disable conversion warning */ + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable:4244 4996) +#endif + +#if defined(__MACH__) || defined(USE_WINDOWS_API) + #ifndef _SOCKLEN_T + typedef int socklen_t; + #endif +#endif + + +/* HPUX doesn't use socklent_t for third parameter to accept */ +#if !defined(__hpux__) + typedef socklen_t* ACCEPT_THIRD_T; +#else + typedef int* ACCEPT_THIRD_T; +#endif + + +#ifdef USE_WINDOWS_API + #define CloseSocket(s) closesocket(s) + #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } +#else + #define CloseSocket(s) close(s) + #define StartTCP() +#endif + + +#ifdef SINGLE_THREADED + typedef unsigned int THREAD_RETURN; + typedef void* THREAD_TYPE; + #define CYASSL_API +#else + #ifndef _POSIX_THREADS + typedef unsigned int THREAD_RETURN; + typedef HANDLE THREAD_TYPE; + #define CYASSL_API __stdcall + #else + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define CYASSL_API + #endif +#endif + + +#ifdef TEST_IPV6 + typedef struct sockaddr_in6 SOCKADDR_IN_T; + #define AF_INET_V AF_INET6 +#else + typedef struct sockaddr_in SOCKADDR_IN_T; + #define AF_INET_V AF_INET +#endif + + +#ifndef NO_MAIN_DRIVER + const char* caCert = "../../certs/ca-cert.pem"; + const char* eccCert = "../../certs/server-ecc.pem"; + const char* eccKey = "../../certs/ecc-key.pem"; + const char* svrCert = "../../certs/server-cert.pem"; + const char* svrKey = "../../certs/server-key.pem"; + const char* cliCert = "../../certs/client-cert.pem"; + const char* cliKey = "../../certs/client-key.pem"; + const char* ntruCert = "../../certs/ntru-cert.pem"; + const char* ntruKey = "../../certs/ntru-key.raw"; +#else + static const char* caCert = "../certs/ca-cert.pem"; + static const char* eccCert = "../certs/server-ecc.pem"; + static const char* eccKey = "../certs/ecc-key.pem"; + static const char* svrCert = "../certs/server-cert.pem"; + static const char* svrKey = "../certs/server-key.pem"; + static const char* cliCert = "../certs/client-cert.pem"; + static const char* cliKey = "../certs/client-key.pem"; + static const char* ntruCert = "../certs/ntru-cert.pem"; + static const char* ntruKey = "../certs/ntru-key.raw"; +#endif + +typedef struct tcp_ready { + int ready; /* predicate */ +#ifdef _POSIX_THREADS + pthread_mutex_t mutex; + pthread_cond_t cond; +#endif +} tcp_ready; + + +void InitTcpReady(); +void FreeTcpReady(); + + +typedef struct func_args { + int argc; + char** argv; + int return_code; + tcp_ready* signal; +} func_args; + + +typedef THREAD_RETURN CYASSL_API THREAD_FUNC(void*); + +void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); +void join_thread(THREAD_TYPE); + +/* yaSSL */ +static const char* const yasslIP = "127.0.0.1"; +static const word16 yasslPort = 11111; + + +static INLINE void err_sys(const char* msg) +{ + printf("yassl error: %s\n", msg); + exit(EXIT_FAILURE); +} + + +#ifdef OPENSSL_EXTRA + +static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) +{ + strncpy(passwd, "yassl123", sz); + return 8; +} + +#endif + + +static INLINE void showPeer(SSL* ssl) +{ +#ifdef OPENSSL_EXTRA + + SSL_CIPHER* cipher; + X509* peer = SSL_get_peer_certificate(ssl); + if (peer) { + char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); + char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); + + printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, + subject); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + } + else + printf("peer has no cert!\n"); + printf("SSL version is %s\n", SSL_get_version(ssl)); + + cipher = SSL_get_current_cipher(ssl); + printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher)); +#endif + +#ifdef SESSION_CERTS + { + X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl); + int count = CyaSSL_get_chain_count(chain); + int i; + + for (i = 0; i < count; i++) { + int length; + unsigned char buffer[3072]; + + CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length); + buffer[length] = 0; + printf("cert %d has length %d data = \n%s\n", i, length, buffer); + } + } +#endif + +} + + +static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr, + const char* peer, word16 port) +{ +#ifndef TEST_IPV6 + const char* host = peer; + + /* peer could be in human readable form */ + if (peer != INADDR_ANY && isalpha(peer[0])) { + struct hostent* entry = gethostbyname(peer); + + if (entry) { + struct sockaddr_in tmp; + memset(&tmp, 0, sizeof(struct sockaddr_in)); + memcpy(&tmp.sin_addr.s_addr, entry->h_addr_list[0], + entry->h_length); + host = inet_ntoa(tmp.sin_addr); + } + else + err_sys("no entry for host"); + } +#endif + +#ifdef CYASSL_DTLS + *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0); +#else + *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); +#endif + memset(addr, 0, sizeof(SOCKADDR_IN_T)); + +#ifndef TEST_IPV6 + addr->sin_family = AF_INET_V; + addr->sin_port = htons(port); + if (host == INADDR_ANY) + addr->sin_addr.s_addr = INADDR_ANY; + else + addr->sin_addr.s_addr = inet_addr(host); +#else + addr->sin6_family = AF_INET_V; + addr->sin6_port = htons(port); + addr->sin6_addr = in6addr_loopback; +#endif + +#ifndef USE_WINDOWS_API +#ifdef SO_NOSIGPIPE + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); + if (res < 0) + err_sys("setsockopt SO_NOSIGPIPE failed\n"); + } +#endif + +#if defined(TCP_NODELAY) && !defined(CYASSL_DTLS) + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); + if (res < 0) + err_sys("setsockopt TCP_NODELAY failed\n"); + } +#endif +#endif /* USE_WINDOWS_API */ +} + + +static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) +{ + SOCKADDR_IN_T addr; + tcp_socket(sockfd, &addr, ip, port); + + if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp connect failed"); +} + + +static INLINE void tcp_listen(SOCKET_T* sockfd) +{ + SOCKADDR_IN_T addr; + + /* don't use INADDR_ANY by default, firewall may block, make user switch + on */ +#ifdef USE_ANY_ADDR + tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort); +#else + tcp_socket(sockfd, &addr, yasslIP, yasslPort); +#endif + +#ifndef USE_WINDOWS_API + { + int on = 1; + socklen_t len = sizeof(on); + setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); +#ifndef CYASSL_DTLS + if (listen(*sockfd, 5) != 0) + err_sys("tcp listen failed"); +#endif +} + + +static INLINE int udp_read_connect(SOCKET_T sockfd) +{ + SOCKADDR_IN_T cliaddr; + byte b[1500]; + int n; + socklen_t len = sizeof(cliaddr); + + n = recvfrom(sockfd, b, sizeof(b), MSG_PEEK, (struct sockaddr*)&cliaddr, + &len); + if (n > 0) { + if (connect(sockfd, (const struct sockaddr*)&cliaddr, + sizeof(cliaddr)) != 0) + err_sys("udp connect failed"); + } + else + err_sys("recvfrom failed"); + + return sockfd; +} + +static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) +{ + SOCKADDR_IN_T addr; + + tcp_socket(sockfd, &addr, yasslIP, yasslPort); + + +#ifndef USE_WINDOWS_API + { + int on = 1; + socklen_t len = sizeof(on); + setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); + +#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) + /* signal ready to accept data */ + { + tcp_ready* ready = args->signal; + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } +#endif + + *clientfd = udp_read_connect(*sockfd); +} + +static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) +{ + SOCKADDR_IN_T client; + socklen_t client_len = sizeof(client); + + #ifdef CYASSL_DTLS + udp_accept(sockfd, clientfd, args); + return; + #endif + + tcp_listen(sockfd); + +#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) + /* signal ready to tcp_accept */ + { + tcp_ready* ready = args->signal; + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } +#endif + + *clientfd = accept(*sockfd, (struct sockaddr*)&client, + (ACCEPT_THIRD_T)&client_len); + if (*clientfd == -1) + err_sys("tcp accept failed"); +} + + +static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) +{ +#ifdef NON_BLOCKING + #ifdef USE_WINDOWS_API + unsigned long blocking = 1; + int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); + #else + int flags = fcntl(*sockfd, F_GETFL, 0); + int ret = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + #endif +#endif +} + + +#ifndef NO_PSK + +static INLINE unsigned int my_psk_client_cb(SSL* ssl, const char* hint, + char* identity, unsigned int id_max_len, unsigned char* key, + unsigned int key_max_len) +{ + /* identity is OpenSSL testing default for openssl s_client, keep same */ + strncpy(identity, "Client_identity", id_max_len); + + + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 26; + key[1] = 43; + key[2] = 60; + key[3] = 77; + + return 4; /* length of key in octets or 0 for error */ +} + + +static INLINE unsigned int my_psk_server_cb(SSL* ssl, const char* identity, + unsigned char* key, unsigned int key_max_len) +{ + /* identity is OpenSSL testing default for openssl s_client, keep same */ + if (strncmp(identity, "Client_identity", 15) != 0) + return 0; + + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 26; + key[1] = 43; + key[2] = 60; + key[3] = 77; + + return 4; /* length of key in octets or 0 for error */ +} + +#endif /* NO_PSK */ + + +#ifdef USE_WINDOWS_API + + #define WIN32_LEAN_AND_MEAN + #include <windows.h> + + static INLINE double current_time() + { + static int init = 0; + static LARGE_INTEGER freq; + + LARGE_INTEGER count; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + + return (double)count.QuadPart / freq.QuadPart; + } + +#else + + #include <sys/time.h> + + static INLINE double current_time() + { + struct timeval tv; + gettimeofday(&tv, 0); + + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; + } + +#endif /* USE_WINDOWS_API */ + + +#ifdef NO_FILESYSTEM + + enum { + CYASSL_CA = 1, + CYASSL_CERT = 2, + CYASSL_KEY = 3 + }; + + static INLINE void load_buffer(SSL_CTX* ctx, const char* fname, int type) + { + /* test buffer load */ + long sz = 0; + byte buff[4096]; + FILE* file = fopen(fname, "rb"); + + if (!file) + err_sys("can't open file for buffer load"); + fseek(file, 0, SEEK_END); + sz = ftell(file); + rewind(file); + fread(buff, sizeof(buff), 1, file); + + if (type == CYASSL_CA) { + if (CyaSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load buffer ca file"); + } + else if (type == CYASSL_CERT) { + if (CyaSSL_CTX_use_certificate_buffer(ctx, buff, sz, + SSL_FILETYPE_PEM) != SSL_SUCCESS) + err_sys("can't load buffer cert file"); + } + else if (type == CYASSL_KEY) { + if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz, + SSL_FILETYPE_PEM) != SSL_SUCCESS) + err_sys("can't load buffer key file"); + } + } + +#endif /* NO_FILESYSTEM */ + +#ifdef VERIFY_CALLBACK + +static int myVerify(int preverify, X509_STORE_CTX* store) +{ + char buffer[80]; + + printf("In verification callback, error = %d, %s\n", store->error, + ERR_error_string(store->error, buffer)); +#ifdef OPENSSL_EXTRA + X509* peer = store->current_cert; + if (peer) { + char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); + char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); + + printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, + subject); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + } + else + printf("peer has no cert!\n"); +#endif + printf("Subject's domain name is %s\n", store->domain); + + printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n"); + return 1; +} + +#endif /* VERIFY_CALLBACK */ + + +#endif /* CyaSSL_TEST_H */ + diff --git a/release/src/router/cyassl/include/openssl/des.h b/release/src/router/cyassl/include/openssl/des.h new file mode 100644 index 00000000..b74409b2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/des.h @@ -0,0 +1,70 @@ +/* des.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* des.h defines mini des openssl compatibility layer + * + */ + + + +#ifndef CYASSL_DES_H_ +#define CYASSL_DES_H_ + +#ifdef YASSL_PREFIX +#include "prefix_des.h" +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ DES_cblock const_DES_cblock; +typedef DES_cblock DES_key_schedule; + + +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; + + +void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*); +int DES_key_sched(const_DES_cblock* key, DES_key_schedule* schedule); +void DES_cbc_encrypt(const unsigned char* input, unsigned char* output, + long length, DES_key_schedule* schedule, DES_cblock* ivec, + int enc); +void DES_ncbc_encrypt(const unsigned char* input, unsigned char* output, + long length, DES_key_schedule* schedule, DES_cblock* ivec, + int enc); + + +void DES_set_odd_parity(DES_cblock*); +void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_DES_H_ */ diff --git a/release/src/router/cyassl/include/openssl/dh.h b/release/src/router/cyassl/include/openssl/dh.h new file mode 100644 index 00000000..f3a6a7fc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/dh.h @@ -0,0 +1,2 @@ +/* dh.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/dsa.h b/release/src/router/cyassl/include/openssl/dsa.h new file mode 100644 index 00000000..756f8ea2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/dsa.h @@ -0,0 +1,2 @@ +/* dsa.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ec.h b/release/src/router/cyassl/include/openssl/ec.h new file mode 100644 index 00000000..5ffdaf6e --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ec.h @@ -0,0 +1,2 @@ +/* ec.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ecdsa.h b/release/src/router/cyassl/include/openssl/ecdsa.h new file mode 100644 index 00000000..f3cf0de3 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ecdsa.h @@ -0,0 +1,2 @@ +/* ecdsa.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/engine.h b/release/src/router/cyassl/include/openssl/engine.h new file mode 100644 index 00000000..39952fca --- /dev/null +++ b/release/src/router/cyassl/include/openssl/engine.h @@ -0,0 +1,5 @@ +/* engine.h for libcurl */ + +#undef HAVE_OPENSSL_ENGINE_H + + diff --git a/release/src/router/cyassl/include/openssl/err.h b/release/src/router/cyassl/include/openssl/err.h new file mode 100644 index 00000000..7e7f1eb7 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/err.h @@ -0,0 +1,2 @@ +/* err.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/evp.h b/release/src/router/cyassl/include/openssl/evp.h new file mode 100644 index 00000000..a795dcab --- /dev/null +++ b/release/src/router/cyassl/include/openssl/evp.h @@ -0,0 +1,79 @@ +/* evp.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* evp.h defines mini evp openssl compatibility layer + * + */ + + + +#ifndef CYASSL_EVP_H_ +#define CYASSL_EVP_H_ + +#ifdef YASSL_PREFIX +#include "prefix_evp.h" +#endif + +#include "md5.h" +#include "sha.h" + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef char EVP_MD; +typedef char EVP_CIPHER; + +const EVP_MD* EVP_md5(void); +const EVP_MD* EVP_sha1(void); + + +typedef union { + MD5_CTX md5; + SHA_CTX sha; +} Hasher; + + +typedef struct EVP_MD_CTX { + unsigned char macType; /* md5 or sha for now */ + Hasher hash; +} EVP_MD_CTX; + + +void EVP_MD_CTX_init(EVP_MD_CTX* ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx); + +int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type); +int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, size_t sz); +int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); +int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); + +int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const unsigned char*, + const unsigned char*, int, int, unsigned char*, unsigned char*); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_EVP_H_ */ diff --git a/release/src/router/cyassl/include/openssl/hmac.h b/release/src/router/cyassl/include/openssl/hmac.h new file mode 100644 index 00000000..10cff93f --- /dev/null +++ b/release/src/router/cyassl/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* hmac.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* hmac.h defines mini hamc openssl compatibility layer + * + */ + + + +#ifndef CYASSL_HMAC_H_ +#define CYASSL_HMAC_H_ + +#ifdef YASSL_PREFIX +#include "prefix_hmac.h" +#endif + +unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, + const unsigned char* d, int n, unsigned char* md, unsigned int* md_len); + + +#ifdef __cplusplus + extern "C" { +#endif + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_HMAC_H_ */ diff --git a/release/src/router/cyassl/include/openssl/lhash.h b/release/src/router/cyassl/include/openssl/lhash.h new file mode 100644 index 00000000..01f8535f --- /dev/null +++ b/release/src/router/cyassl/include/openssl/lhash.h @@ -0,0 +1,2 @@ +/* lhash.h for openSSL */ + diff --git a/release/src/router/cyassl/include/openssl/md4.h b/release/src/router/cyassl/include/openssl/md4.h new file mode 100644 index 00000000..2e99f977 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/md4.h @@ -0,0 +1 @@ +/* md4.h for libcurl */ diff --git a/release/src/router/cyassl/include/openssl/md5.h b/release/src/router/cyassl/include/openssl/md5.h new file mode 100644 index 00000000..467db4cc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/md5.h @@ -0,0 +1,32 @@ +/* md5.h for openssl */ + + +#ifndef CYASSL_MD5_H_ +#define CYASSL_MD5_H_ + +#ifdef YASSL_PREFIX +#include "prefix_md5.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct MD5_CTX { + int holder[24]; /* big enough to hold ctaocrypt md5, but check on init */ +} MD5_CTX; + +void MD5_Init(MD5_CTX*); +void MD5_Update(MD5_CTX*, const void*, unsigned long); +void MD5_Final(unsigned char*, MD5_CTX*); + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_MD5_H_ */ + diff --git a/release/src/router/cyassl/include/openssl/ocsp.h b/release/src/router/cyassl/include/openssl/ocsp.h new file mode 100644 index 00000000..7463eec9 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ocsp.h @@ -0,0 +1 @@ +/* ocsp.h for libcurl */ diff --git a/release/src/router/cyassl/include/openssl/opensslconf.h b/release/src/router/cyassl/include/openssl/opensslconf.h new file mode 100644 index 00000000..ac6b55bc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/opensslconf.h @@ -0,0 +1,8 @@ +/* opensslconf.h for openSSL */ + + +#ifndef OPENSSL_THREADS + #define OPENSSL_THREADS +#endif + + diff --git a/release/src/router/cyassl/include/openssl/opensslv.h b/release/src/router/cyassl/include/openssl/opensslv.h new file mode 100644 index 00000000..bdcc805e --- /dev/null +++ b/release/src/router/cyassl/include/openssl/opensslv.h @@ -0,0 +1,12 @@ +/* opensslv.h compatibility */ + +#ifndef CYASSL_OPENSSLV_H_ +#define CYASSL_OPENSSLV_H_ + + +/* api version compatibility */ +#define OPENSSL_VERSION_NUMBER 0x0090410fL + + +#endif /* header */ + diff --git a/release/src/router/cyassl/include/openssl/ossl_typ.h b/release/src/router/cyassl/include/openssl/ossl_typ.h new file mode 100644 index 00000000..65b00c72 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ossl_typ.h @@ -0,0 +1,2 @@ +/* ossl_typ.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/pem.h b/release/src/router/cyassl/include/openssl/pem.h new file mode 100644 index 00000000..fe7cab88 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/pem.h @@ -0,0 +1,2 @@ +/* pem.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/pkcs12.h b/release/src/router/cyassl/include/openssl/pkcs12.h new file mode 100644 index 00000000..544b6f09 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/pkcs12.h @@ -0,0 +1,2 @@ +/* pkcs12.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/rand.h b/release/src/router/cyassl/include/openssl/rand.h new file mode 100644 index 00000000..ba818729 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/rand.h @@ -0,0 +1,4 @@ +/* rand.h for openSSL */ + +#include "openssl/ssl.h" + diff --git a/release/src/router/cyassl/include/openssl/rsa.h b/release/src/router/cyassl/include/openssl/rsa.h new file mode 100644 index 00000000..55038c13 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/rsa.h @@ -0,0 +1,10 @@ +/* rsa.h for openSSL */ + + +#ifndef CYASSL_RSA_H_ +#define CYASSL_RSA_H_ + +enum { RSA_F4 = 1 }; + + +#endif /* header */ diff --git a/release/src/router/cyassl/include/openssl/sha.h b/release/src/router/cyassl/include/openssl/sha.h new file mode 100644 index 00000000..501274f4 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/sha.h @@ -0,0 +1,32 @@ +/* sha.h for openssl */ + + +#ifndef CYASSL_SHA_H_ +#define CYASSL_SHA_H_ + +#ifdef YASSL_PREFIX +#include "prefix_sha.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct SHA_CTX { + int holder[24]; /* big enough to hold ctaocrypt sha, but check on init */ +} SHA_CTX; + +void SHA_Init(SHA_CTX*); +void SHA_Update(SHA_CTX*, const void*, unsigned long); +void SHA_Final(unsigned char*, SHA_CTX*); + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_SHA_H_ */ + diff --git a/release/src/router/cyassl/include/openssl/ssl.h b/release/src/router/cyassl/include/openssl/ssl.h new file mode 100644 index 00000000..1ae308d8 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ssl.h @@ -0,0 +1,677 @@ +/* ssl.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* ssl.h defines openssl compatibility layer + * + */ + + + +#ifndef CYASSL_OPENSSL_H_ +#define CYASSL_OPENSSL_H_ + +#include "os_settings.h" /* for users not using preprocessor flags */ + +#ifndef NO_FILESYSTEM + #include <stdio.h> /* ERR_print fp */ +#endif + +#ifdef YASSL_PREFIX + #include "prefix_ssl.h" +#endif + +#define CYASSL_VERSION "1.9.0" + +#undef X509_NAME /* wincrypt.h clash */ + +#ifdef __cplusplus + extern "C" { +#endif + + + +typedef struct SSL SSL; +typedef struct SSL_SESSION SSL_SESSION; +typedef struct SSL_METHOD SSL_METHOD; +typedef struct SSL_CTX SSL_CTX; + +typedef struct X509 X509; +typedef struct X509_NAME X509_NAME; +typedef struct X509_CHAIN X509_CHAIN; + + +/* redeclare guard */ +#define SSL_TYPES_DEFINED + + + + +typedef struct EVP_PKEY EVP_PKEY; +typedef struct RSA RSA; +typedef struct BIO BIO; +typedef struct BIO_METHOD BIO_METHOD; +typedef struct SSL_CIPHER SSL_CIPHER; +typedef struct X509_LOOKUP X509_LOOKUP; +typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD; +typedef struct X509_CRL X509_CRL; +typedef struct X509_EXTENSION X509_EXTENSION; +typedef struct ASN1_TIME ASN1_TIME; +typedef struct ASN1_INTEGER ASN1_INTEGER; +typedef struct ASN1_OBJECT ASN1_OBJECT; +typedef struct ASN1_STRING ASN1_STRING; +typedef struct CRYPTO_dynlock_value CRYPTO_dynlock_value; + +#define ASN1_UTCTIME ASN1_TIME + +typedef struct MD4_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD4_CTX; + + +typedef struct COMP_METHOD { + int type; /* stunnel dereference */ +} COMP_METHOD; + + +typedef struct X509_STORE { + int cache; /* stunnel dereference */ +} X509_STORE; + + +typedef struct X509_REVOKED { + ASN1_INTEGER* serialNumber; /* stunnel dereference */ +} X509_REVOKED; + + +typedef struct X509_OBJECT { + union { + char* ptr; + X509_CRL* crl; /* stunnel dereference */ + } data; +} X509_OBJECT; + + +/* in cyassl_int.h too, change there !! */ +typedef struct X509_STORE_CTX { + int error; + int error_depth; + X509* current_cert; /* stunnel dereference */ + char* domain; /* subject CN domain name */ + /* in cyassl_int.h too, change there !! */ +} X509_STORE_CTX; + + +SSL_METHOD *SSLv3_server_method(void); +SSL_METHOD *SSLv3_client_method(void); +SSL_METHOD *TLSv1_server_method(void); +SSL_METHOD *TLSv1_client_method(void); +SSL_METHOD *TLSv1_1_server_method(void); +SSL_METHOD *TLSv1_1_client_method(void); +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); + +#ifdef CYASSL_DTLS + SSL_METHOD *DTLSv1_client_method(void); + SSL_METHOD *DTLSv1_server_method(void); +#endif + +#ifndef NO_FILESYSTEM + +int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int); +int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int); +int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int); + +#ifdef CYASSL_DER_LOAD + int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int); +#endif + +#ifdef HAVE_NTRU + int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU + private key blob */ +#endif + +int CyaSSL_PemCertToDer(const char*, unsigned char*, int); + +#endif /* NO_FILESYSTEM */ + +SSL_CTX* SSL_CTX_new(SSL_METHOD*); +SSL* SSL_new(SSL_CTX*); +int SSL_set_fd (SSL*, int); +int SSL_get_fd(const SSL*); +int SSL_connect(SSL*); /* please see note at top of README + if you get an error from connect */ +int SSL_write(SSL*, const void*, int); +int SSL_read(SSL*, void*, int); +int SSL_accept(SSL*); +void SSL_CTX_free(SSL_CTX*); +void SSL_free(SSL*); +int SSL_shutdown(SSL*); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int); + +int SSL_get_error(SSL*, int); + +int SSL_set_session(SSL *ssl, SSL_SESSION *session); +SSL_SESSION* SSL_get_session(SSL* ssl); +void SSL_flush_sessions(SSL_CTX *ctx, long tm); + + +typedef int (*VerifyCallback)(int, X509_STORE_CTX*); +typedef int (*pem_password_cb)(char*, int, int, void*); + +void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback); + + +int SSL_pending(SSL*); + + +void SSL_load_error_strings(void); +int SSL_library_init(void); +long SSL_CTX_set_session_cache_mode(SSL_CTX*, long); + +/* only supports full name from cipher_name[] delimited by : */ +int SSL_CTX_set_cipher_list(SSL_CTX*, const char*); + +char* ERR_error_string(unsigned long,char*); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); + + +/* extras */ + +#define STACK_OF(x) x + +int SSL_set_ex_data(SSL*, int, void*); +int SSL_get_shutdown(const SSL*); +int SSL_set_rfd(SSL*, int); +int SSL_set_wfd(SSL*, int); +void SSL_set_shutdown(SSL*, int); +int SSL_set_session_id_context(SSL*, const unsigned char*, unsigned int); +void SSL_set_connect_state(SSL*); +void SSL_set_accept_state(SSL*); +int SSL_session_reused(SSL*); +void SSL_SESSION_free(SSL_SESSION* session); + +const char* SSL_get_version(SSL*); +SSL_CIPHER* SSL_get_current_cipher(SSL*); +char* SSL_CIPHER_description(SSL_CIPHER*, char*, int); +const char* SSL_CIPHER_get_name(const SSL_CIPHER* cipher); +SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ + +void X509_free(X509*); +void OPENSSL_free(void*); + +int OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); + +SSL_METHOD* SSLv23_client_method(void); +SSL_METHOD* SSLv2_client_method(void); +SSL_METHOD* SSLv2_server_method(void); + +void MD4_Init(MD4_CTX*); +void MD4_Update(MD4_CTX*, const void*, size_t); +void MD4_Final(unsigned char*, MD4_CTX*); + +BIO* BIO_new(BIO_METHOD*); +int BIO_free(BIO*); +int BIO_free_all(BIO*); +int BIO_read(BIO*, void*, int); +int BIO_write(BIO*, const void*, int); +BIO* BIO_push(BIO*, BIO* append); +BIO* BIO_pop(BIO*); +int BIO_flush(BIO*); +int BIO_pending(BIO*); + +BIO_METHOD* BIO_f_buffer(void); +long BIO_set_write_buffer_size(BIO*, long size); +BIO_METHOD* BIO_f_ssl(void); +BIO* BIO_new_socket(int sfd, int flag); +void SSL_set_bio(SSL*, BIO* rd, BIO* wr); +int BIO_eof(BIO*); +long BIO_set_ssl(BIO*, SSL*, int flag); + +BIO_METHOD* BIO_s_mem(void); +BIO_METHOD* BIO_f_base64(void); +void BIO_set_flags(BIO*, int); + +void OpenSSL_add_all_algorithms(void); +int SSLeay_add_ssl_algorithms(void); +int SSLeay_add_all_algorithms(void); + +void RAND_screen(void); +const char* RAND_file_name(char*, size_t); +int RAND_write_file(const char*); +int RAND_load_file(const char*, long); +int RAND_egd(const char*); + +COMP_METHOD* COMP_zlib(void); +COMP_METHOD* COMP_rle(void); +int SSL_COMP_add_compression_method(int, void*); + +int SSL_get_ex_new_index(long, void*, void*, void*, void*); + +void CRYPTO_set_id_callback(unsigned long (*f)(void)); +void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int)); +void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)(const char*, + int)); +void CRYPTO_set_dynlock_lock_callback(void (*f)(int, CRYPTO_dynlock_value*, + const char*, int)); +void CRYPTO_set_dynlock_destroy_callback(void (*f)(CRYPTO_dynlock_value*, + const char*, int)); + +X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*); +int X509_STORE_CTX_get_error(X509_STORE_CTX*); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*); + +char* X509_NAME_oneline(X509_NAME*, char*, int); +X509_NAME* X509_get_issuer_name(X509*); +X509_NAME* X509_get_subject_name(X509*); +const char* X509_verify_cert_error_string(long); + +int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long); +int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long); +X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD* X509_LOOKUP_file(void); + +X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*); +X509_STORE* X509_STORE_new(void); +int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, + X509_OBJECT*); +int X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*, STACK_OF(X509)*); +void X509_STORE_CTX_cleanup(X509_STORE_CTX*); + +ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*); +ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*); + +EVP_PKEY* X509_get_pubkey(X509*); +int X509_CRL_verify(X509_CRL*, EVP_PKEY*); +void X509_STORE_CTX_set_error(X509_STORE_CTX*, int); +void X509_OBJECT_free_contents(X509_OBJECT*); +void EVP_PKEY_free(EVP_PKEY*); +int X509_cmp_current_time(const ASN1_TIME*); +int sk_X509_REVOKED_num(X509_REVOKED*); + +X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*); +X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int); + +ASN1_INTEGER* X509_get_serialNumber(X509*); + +int ASN1_TIME_print(BIO*, const ASN1_TIME*); + +int ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*); +long ASN1_INTEGER_get(const ASN1_INTEGER*); + +STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*); + +void SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*); +void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int); +int SSL_get_ex_data_X509_STORE_CTX_idx(void); +void* SSL_get_ex_data(const SSL*, int); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); +void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb); + + +long SSL_CTX_set_timeout(SSL_CTX*, long); +void SSL_CTX_set_info_callback(SSL_CTX*, void (*)()); + +unsigned long ERR_peek_error(void); +int ERR_GET_REASON(int); + +char* SSL_alert_type_string_long(int); +char* SSL_alert_desc_string_long(int); +char* SSL_state_string_long(SSL*); + +void RSA_free(RSA*); +RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int)); + +int PEM_def_callback(char*, int num, int w, void* key); + +long SSL_CTX_sess_accept(SSL_CTX*); +long SSL_CTX_sess_connect(SSL_CTX*); +long SSL_CTX_sess_accept_good(SSL_CTX*); +long SSL_CTX_sess_connect_good(SSL_CTX*); +long SSL_CTX_sess_accept_renegotiate(SSL_CTX*); +long SSL_CTX_sess_connect_renegotiate(SSL_CTX*); +long SSL_CTX_sess_hits(SSL_CTX*); +long SSL_CTX_sess_cb_hits(SSL_CTX*); +long SSL_CTX_sess_cache_full(SSL_CTX*); +long SSL_CTX_sess_misses(SSL_CTX*); +long SSL_CTX_sess_timeouts(SSL_CTX*); +long SSL_CTX_sess_number(SSL_CTX*); +long SSL_CTX_sess_get_cache_size(SSL_CTX*); + + +#define SSL_DEFAULT_CIPHER_LIST "" /* default all */ +#define RSA_F4 0x10001L + +enum { + OCSP_NOCERTS = 1, + OCSP_NOINTERN = 2, + OCSP_NOSIGS = 4, + OCSP_NOCHAIN = 8, + OCSP_NOVERIFY = 16, + OCSP_NOEXPLICIT = 32, + OCSP_NOCASIGN = 64, + OCSP_NODELEGATED = 128, + OCSP_NOCHECKS = 256, + OCSP_TRUSTOTHER = 512, + OCSP_RESPID_KEY = 1024, + OCSP_NOTIME = 2048, + + OCSP_CERTID = 2, + OCSP_REQUEST = 4, + OCSP_RESPONSE = 8, + OCSP_BASICRESP = 16, + + ASN1_GENERALIZEDTIME = 4, + + SSL_OP_MICROSOFT_SESS_ID_BUG = 1, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, + SSL_OP_TLS_D5_BUG = 8, + SSL_OP_TLS_BLOCK_PADDING_BUG = 9, + SSL_OP_TLS_ROLLBACK_BUG = 10, + SSL_OP_ALL = 11, + SSL_OP_EPHEMERAL_RSA = 12, + SSL_OP_NO_SSLv3 = 13, + SSL_OP_NO_TLSv1 = 14, + SSL_OP_PKCS1_CHECK_1 = 15, + SSL_OP_PKCS1_CHECK_2 = 16, + SSL_OP_NETSCAPE_CA_DN_BUG = 17, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, + SSL_OP_SINGLE_DH_USE = 19, + SSL_OP_NO_TICKET = 20, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, + SSL_OP_NO_QUERY_MTU = 22, + SSL_OP_COOKIE_EXCHANGE = 23, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, + SSL_OP_SINGLE_ECDH_USE = 25, + SSL_OP_CIPHER_SERVER_PREFERENCE = 26, + + SSL_MAX_SSL_SESSION_ID_LENGTH = 32, + + EVP_R_BAD_DECRYPT = 2, + + SSL_CB_LOOP = 4, + SSL_ST_CONNECT = 5, + SSL_ST_ACCEPT = 6, + SSL_CB_ALERT = 7, + SSL_CB_READ = 8, + SSL_CB_HANDSHAKE_DONE = 9, + + SSL_MODE_ENABLE_PARTIAL_WRITE = 2, + + BIO_FLAGS_BASE64_NO_NL = 1, + BIO_CLOSE = 1, + BIO_NOCLOSE = 0, + + NID_undef = 0, + + X509_FILETYPE_PEM = 8, + X509_LU_X509 = 9, + X509_LU_CRL = 12, + + X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, + X509_V_ERR_CRL_HAS_EXPIRED = 15, + X509_V_ERR_CERT_REVOKED = 16, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, + X509_V_ERR_CERT_NOT_YET_VALID = 19, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, + X509_V_ERR_CERT_HAS_EXPIRED = 21, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, + + X509_V_OK = 0, + + CRYPTO_LOCK = 1, + CRYPTO_NUM_LOCKS = 10, + +}; + +/* extras end */ + +#ifndef NO_FILESYSTEM +/* CyaSSL extension, provide last error from SSL_get_error + since not using thread storage error queue */ +void ERR_print_errors_fp(FILE*, int err); +#endif + +enum { /* ssl Constants */ + SSL_ERROR_NONE = 0, /* for most functions */ + SSL_FAILURE = 0, /* for some functions */ + SSL_SUCCESS = 1, + + SSL_BAD_CERTTYPE = -8, + SSL_BAD_STAT = -7, + SSL_BAD_PATH = -6, + SSL_BAD_FILETYPE = -5, + SSL_BAD_FILE = -4, + SSL_NOT_IMPLEMENTED = -3, + SSL_UNKNOWN = -2, + SSL_FATAL_ERROR = -1, + + SSL_FILETYPE_ASN1 = 2, + SSL_FILETYPE_PEM = 1, + SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ + SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ + + SSL_VERIFY_NONE = 0, + SSL_VERIFY_PEER = 1, + SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, + SSL_VERIFY_CLIENT_ONCE = 4, + + SSL_SESS_CACHE_OFF = 30, + SSL_SESS_CACHE_CLIENT = 31, + SSL_SESS_CACHE_SERVER = 32, + SSL_SESS_CACHE_BOTH = 33, + SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, + + SSL_ERROR_WANT_READ = 2, + SSL_ERROR_WANT_WRITE = 3, + SSL_ERROR_WANT_CONNECT = 7, + SSL_ERROR_WANT_ACCEPT = 8, + SSL_ERROR_SYSCALL = 5, + SSL_ERROR_WANT_X509_LOOKUP = 83, + SSL_ERROR_ZERO_RETURN = 6, + SSL_ERROR_SSL = 85, + + SSL_SENT_SHUTDOWN = 1, + SSL_RECEIVED_SHUTDOWN = 2, + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, + SSL_OP_NO_SSLv2 = 8, + + SSL_R_SSL_HANDSHAKE_FAILURE = 101, + SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, + SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, + SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, + + PEM_BUFSIZE = 1024, +}; + + +#ifndef NO_PSK + typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + void SSL_CTX_set_psk_client_callback(SSL_CTX*, psk_client_callback); + void SSL_set_psk_client_callback(SSL*, psk_client_callback); + + const char* SSL_get_psk_identity_hint(const SSL*); + const char* SSL_get_psk_identity(const SSL*); + + int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*); + int SSL_use_psk_identity_hint(SSL*, const char*); + + typedef unsigned int (*psk_server_callback)(SSL*, const char*, + unsigned char*, unsigned int); + void SSL_CTX_set_psk_server_callback(SSL_CTX*, psk_server_callback); + void SSL_set_psk_server_callback(SSL*, psk_server_callback); + + #define PSK_TYPES_DEFINED +#endif /* NO_PSK */ + + +/* extra begins */ + +enum { /* ERR Constants */ + ERR_TXT_STRING = 1, +}; + +unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); + +unsigned long ERR_get_error(void); +void ERR_clear_error(void); + + +int RAND_status(void); +int RAND_bytes(unsigned char* buf, int num); +SSL_METHOD *SSLv23_server_method(void); +long SSL_CTX_set_options(SSL_CTX*, long); +int SSL_CTX_check_private_key(SSL_CTX*); + + +void ERR_free_strings(void); +void ERR_remove_state(unsigned long); +void EVP_cleanup(void); + +void CRYPTO_cleanup_all_ex_data(void); +long SSL_CTX_set_mode(SSL_CTX* ctx, long mode); +long SSL_CTX_get_mode(SSL_CTX* ctx); +void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m); + +long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); + +int SSL_CTX_set_default_verify_paths(SSL_CTX*); +int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*, + unsigned int); + +X509* SSL_get_peer_certificate(SSL* ssl); + +int SSL_want_read(SSL*); +int SSL_want_write(SSL*); + +int BIO_printf(BIO*, const char*, ...); +int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*); + +int sk_num(X509_REVOKED*); +void* sk_value(X509_REVOKED*, int); + +/* stunnel 4.28 needs */ +void* SSL_CTX_get_ex_data(const SSL_CTX*, int); +int SSL_CTX_set_ex_data(SSL_CTX*, int, void*); +void SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*, unsigned char*, + int, int*)); +void SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*, SSL_SESSION*)); +void SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*, SSL_SESSION*)); + +int i2d_SSL_SESSION(SSL_SESSION*, unsigned char**); +SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**, long); + +long SSL_SESSION_get_timeout(const SSL_SESSION*); +long SSL_SESSION_get_time(const SSL_SESSION*); +int SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + +/* extra ends */ + + +/* CyaSSL extensions */ + +/* call before SSL_connect, if verifying will add name check to + date check and signature check */ +int CyaSSL_check_domain_name(SSL* ssl, const char* dn); + +int InitCyaSSL(void); /* need to call once to load library (session cache) */ +int FreeCyaSSL(void); /* call when done to free session cache mutex */ + +int CyaSSL_Debugging_ON(void); /* turn logging on, only if compiled in */ +void CyaSSL_Debugging_OFF(void); /* turn logging off */ + +int CyaSSL_set_compression(SSL* ssl); /* turn on CyaSSL data compression */ + +int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU + private key blob */ +X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl); /* get CyaSSL peer X509_CHAIN */ +int CyaSSL_get_chain_count(X509_CHAIN* chain); /* peer chain count */ +int CyaSSL_get_chain_length(X509_CHAIN*, int idx); /* index cert length */ +unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx); /* index cert */ +int CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx, unsigned char* buffer, + int inLen, int* outLen); /* get index cert in PEM */ +const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* session); + +#ifndef _WIN32 + #ifndef NO_WRITEV + #include <sys/uio.h> + /* allow writev style writing */ + int CyaSSL_writev(SSL* ssl, const struct iovec* iov, int iovcnt); + #endif +#endif + +#if defined(NO_FILESYSTEM) || defined(MICRIUM) + +int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*, long, int); +int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int); +int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*, long, int); +int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,const unsigned char*,long); + +#endif /* NO_FILESYSTEM || MICRIUM */ + + +/* I/O callbacks */ +typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx); +typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx); + +void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv); +void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend); + +void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx); +void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx); + + +#ifdef CYASSL_CALLBACKS + +/* used internally by CyaSSL while OpenSSL types aren't */ +#include "cyassl_callbacks.h" + +typedef int (*HandShakeCallBack)(HandShakeInfo*); +typedef int (*TimeoutCallBack)(TimeoutInfo*); + +/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack + for diagnostics */ +int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval); +int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval); + +#endif /* CYASSL_CALLBACKS */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CyaSSL_openssl_h__ */ diff --git a/release/src/router/cyassl/include/openssl/stack.h b/release/src/router/cyassl/include/openssl/stack.h new file mode 100644 index 00000000..374c1fcd --- /dev/null +++ b/release/src/router/cyassl/include/openssl/stack.h @@ -0,0 +1,2 @@ +/* stack.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ui.h b/release/src/router/cyassl/include/openssl/ui.h new file mode 100644 index 00000000..a2539303 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ui.h @@ -0,0 +1,2 @@ +/* ui.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/x509.h b/release/src/router/cyassl/include/openssl/x509.h new file mode 100644 index 00000000..2d1da248 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/x509.h @@ -0,0 +1,3 @@ +/* x509.h for openssl */ + +#include "openssl/ssl.h" diff --git a/release/src/router/cyassl/include/openssl/x509v3.h b/release/src/router/cyassl/include/openssl/x509v3.h new file mode 100644 index 00000000..77828a33 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/x509v3.h @@ -0,0 +1,2 @@ +/* x509v3.h for openssl */ + |