diff options
Diffstat (limited to 'release/src/router/cyassl/include')
38 files changed, 3274 insertions, 0 deletions
diff --git a/release/src/router/cyassl/include/cyassl_error.h b/release/src/router/cyassl/include/cyassl_error.h new file mode 100644 index 00000000..02eab690 --- /dev/null +++ b/release/src/router/cyassl/include/cyassl_error.h @@ -0,0 +1,117 @@ +/* cyassl_error.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_ERROR_H +#define CYASSL_ERROR_H + +#include "error.h" /* CTaoCrypt errors */ + +#ifdef __cplusplus + extern "C" { +#endif + +enum CyaSSL_ErrorCodes { + PREFIX_ERROR = -202, /* bad index to key rounds */ + MEMORY_ERROR = -203, /* out of memory */ + VERIFY_FINISHED_ERROR = -204, /* verify problem on finished */ + VERIFY_MAC_ERROR = -205, /* verify mac problem */ + PARSE_ERROR = -206, /* parse error on header */ + UNKNOWN_HANDSHAKE_TYPE = -207, /* weird handshake type */ + SOCKET_ERROR_E = -208, /* error state on socket */ + SOCKET_NODATA = -209, /* expected data, not there */ + INCOMPLETE_DATA = -210, /* don't have enough data to + complete task */ + UNKNOWN_RECORD_TYPE = -211, /* unknown type in record hdr */ + DECRYPT_ERROR = -212, /* error during decryption */ + FATAL_ERROR = -213, /* revcd alert fatal error */ + ENCRYPT_ERROR = -214, /* error during encryption */ + FREAD_ERROR = -215, /* fread problem */ + NO_PEER_KEY = -216, /* need peer's key */ + NO_PRIVATE_KEY = -217, /* need the private key */ + RSA_PRIVATE_ERROR = -218, /* error during rsa priv op */ + BUILD_MSG_ERROR = -220, /* build message failure */ + + BAD_HELLO = -221, /* client hello malformed */ + DOMAIN_NAME_MISMATCH = -222, /* peer subject name mismatch */ + WANT_READ = -223, /* want read, call again */ + NOT_READY_ERROR = -224, /* handshake layer not ready */ + PMS_VERSION_ERROR = -225, /* pre m secret version error */ + VERSION_ERROR = -226, /* record layer version error */ + WANT_WRITE = -227, /* want write, call again */ + BUFFER_ERROR = -228, /* malformed buffer input */ + VERIFY_CERT_ERROR = -229, /* verify cert error */ + VERIFY_SIGN_ERROR = -230, /* verify sign error */ + CLIENT_ID_ERROR = -231, /* psk client identity error */ + SERVER_HINT_ERROR = -232, /* psk server hint error */ + PSK_KEY_ERROR = -233, /* psk key error */ + ZLIB_INIT_ERROR = -234, /* zlib init error */ + ZLIB_COMPRESS_ERROR = -235, /* zlib compression error */ + ZLIB_DECOMPRESS_ERROR = -236, /* zlib decompression error */ + + GETTIME_ERROR = -237, /* gettimeofday failed ??? */ + GETITIMER_ERROR = -238, /* getitimer failed ??? */ + SIGACT_ERROR = -239, /* sigaction failed ??? */ + SETITIMER_ERROR = -240, /* setitimer failed ??? */ + LENGTH_ERROR = -241, /* record layer length error */ + PEER_KEY_ERROR = -242, /* cant decode peer key */ + ZERO_RETURN = -243, /* peer sent close notify */ + SIDE_ERROR = -244, /* wrong client/server type */ + NO_PEER_CERT = -245, /* peer didn't send key */ + NTRU_KEY_ERROR = -246, /* NTRU key error */ + NTRU_DRBG_ERROR = -247, /* NTRU drbg error */ + NTRU_ENCRYPT_ERROR = -248, /* NTRU encrypt error */ + NTRU_DECRYPT_ERROR = -249, /* NTRU decrypt error */ + ECC_CURVETYPE_ERROR = -250, /* Bad ECC Curve Type */ + ECC_CURVE_ERROR = -251, /* Bad ECC Curve */ + ECC_PEERKEY_ERROR = -252, /* Bad Peer ECC Key */ + ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */ + ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */ + ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */ + /* add strings to SetErrorString !!!!! */ + + /* begin negotiation parameter errors */ + UNSUPPORTED_SUITE = -260, /* unsupported cipher suite */ + MATCH_SUITE_ERROR = -261 /* can't match cipher suite */ + /* end negotiation parameter errors only 10 for now */ + /* add strings to SetErrorString !!!!! */ +}; + + +#ifdef CYASSL_CALLBACKS + enum { + MIN_PARAM_ERR = UNSUPPORTED_SUITE, + MAX_PARAM_ERR = MIN_PARAM_ERR - 10 + }; +#endif + + +void SetErrorString(int error, char* buffer); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CyaSSL_ERROR_H */ + diff --git a/release/src/router/cyassl/include/cyassl_int.h b/release/src/router/cyassl/include/cyassl_int.h new file mode 100644 index 00000000..68423755 --- /dev/null +++ b/release/src/router/cyassl/include/cyassl_int.h @@ -0,0 +1,1225 @@ +/* cyassl_int.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_INT_H +#define CYASSL_INT_H + + +#include "types.h" +#include "random.h" +#include "des3.h" +#include "hc128.h" +#include "rabbit.h" +#include "asn.h" +#include "ctc_md5.h" +#include "ctc_aes.h" +#ifdef HAVE_ECC + #include "ctc_ecc.h" +#endif +#ifndef NO_SHA256 + #include "sha256.h" +#endif + +#ifdef CYASSL_CALLBACKS + #include "cyassl_callbacks.h" + #include <signal.h> +#endif + +#ifdef USE_WINDOWS_API + #include <windows.h> +#elif defined(THREADX) + #ifndef SINGLE_THREADED + #include "tx_api.h" + #endif +#elif defined(MICRIUM) + /* do nothing, just don't pick Unix */ +#else + #ifndef SINGLE_THREADED + #define CYASSL_PTHREADS + #include <pthread.h> + #endif + #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) + #include <unistd.h> /* for close of BIO */ + #endif +#endif + +#ifdef HAVE_LIBZ + #include "zlib.h" +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef NO_AES + #if !defined (ALIGN16) + #define ALIGN16 + #endif +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +#ifdef USE_WINDOWS_API + typedef unsigned int SOCKET_T; +#else + typedef int SOCKET_T; +#endif + + +typedef byte word24[3]; + +/* Define or comment out the cipher suites you'd like to be compiled in + make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined + + When adding cipher suites, add name to cipher_names, idx to cipher_name_idx +*/ +#ifndef NO_RC4 + #define BUILD_SSL_RSA_WITH_RC4_128_SHA + #define BUILD_SSL_RSA_WITH_RC4_128_MD5 + #if !defined(NO_TLS) && defined(HAVE_NTRU) + #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA + #endif +#endif + +#ifndef NO_DES3 + #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA + #if !defined(NO_TLS) && defined(HAVE_NTRU) + #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA + #endif +#endif + +#if !defined(NO_AES) && !defined(NO_TLS) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #if !defined (NO_PSK) + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA + #endif + #if defined(HAVE_NTRU) + #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA + #endif +#endif + +#if !defined(NO_HC128) && !defined(NO_TLS) + #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 + #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA +#endif + +#if !defined(NO_RABBIT) && !defined(NO_TLS) + #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA +#endif + +#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA) + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA +#endif + +#if defined(HAVE_ECC) && !defined(NO_TLS) + #if !defined(NO_AES) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #endif + #if !defined(NO_RC4) + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif + #if !defined(NO_DES3) + #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif +#endif + + +#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ + defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) + #define BUILD_ARC4 +#endif + +#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) + #define BUILD_DES3 +#endif + +#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ + defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) + #define BUILD_AES +#endif + +#if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \ + defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5) + #define BUILD_HC128 +#endif + +#if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA) + #define BUILD_RABBIT +#endif + +#ifdef NO_DES3 + #define DES_BLOCK_SIZE 8 +#endif + +#ifdef NO_AES + #define AES_BLOCK_SIZE 16 +#endif + + +/* actual cipher values, 2nd byte */ +enum { + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, + TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, + SSL_RSA_WITH_RC4_128_SHA = 0x05, + SSL_RSA_WITH_RC4_128_MD5 = 0x04, + SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, + + /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08, + + /* CyaSSL extension - eSTREAM */ + TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB, + TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC, + TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD, + + /* CyaSSL extension - NTRU */ + TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65, + TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66, + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67, + TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68 +}; + + +enum Misc { + SERVER_END = 0, + CLIENT_END, + + ECC_BYTE = 0xC0, /* ECC first cipher suite byte */ + + SEND_CERT = 1, + SEND_BLANK_CERT = 2, + + DTLS_MAJOR = 0xfe, /* DTLS major version number */ + DTLS_MINOR = 0xff, /* DTLS minor version number */ + SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ + SSLv3_MINOR = 0, /* TLSv1 minor version number */ + TLSv1_MINOR = 1, /* TLSv1 minor version number */ + TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ + TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ + NO_COMPRESSION = 0, + ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */ + SECRET_LEN = 48, /* pre RSA and all master */ + ENCRYPT_LEN = 256, /* allow 2048 bit static buffer */ + SIZEOF_SENDER = 4, /* clnt or srvr */ + FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE, + MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ + MAX_UDP_SIZE = 1400, /* don't exceed MTU */ + MAX_MSG_EXTRA = 68, /* max added to msg, mac + pad */ + MAX_COMP_EXTRA = 1024, /* max compression extra */ + MAX_MTU = 1500, /* max expected MTU */ + MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */ + MAX_STR_VERSION = 8, /* string rep of protocol version */ + + PAD_MD5 = 48, /* pad length for finished */ + PAD_SHA = 40, /* pad length for finished */ + PEM_LINE_LEN = 80, /* PEM line max + fudge */ + LENGTH_SZ = 2, /* length field for HMAC, data only */ + VERSION_SZ = 2, /* length of proctocol version */ + SEQ_SZ = 8, /* 64 bit sequence number */ + BYTE3_LEN = 3, /* up to 24 bit byte lengths */ + ALERT_SIZE = 2, /* level + description */ + REQUEST_HEADER = 2, /* always use 2 bytes */ + VERIFY_HEADER = 2, /* always use 2 bytes */ + + MAX_SUITE_SZ = 200, /* 100 suites for now! */ + RAN_LEN = 32, /* random length */ + SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ + ID_LEN = 32, /* session id length */ + MAX_COOKIE_LEN = 32, /* max dtls cookie size */ + SUITE_LEN = 2, /* cipher suite sz length */ + ENUM_LEN = 1, /* always a byte */ + COMP_LEN = 1, /* compression length */ + CURVE_LEN = 2, /* ecc named curve length */ + + HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + RECORD_HEADER_SZ = 5, /* type + version + len(2) */ + CERT_HEADER_SZ = 3, /* always 3 bytes */ + REQ_HEADER_SZ = 2, /* cert request header sz */ + HINT_LEN_SZ = 2, /* length of hint size field */ + + DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ + DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ + DTLS_RECORD_EXTRA = 8, /* diff from normal */ + + FINISHED_LABEL_SZ = 15, /* TLS finished label size */ + TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ + MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ + KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ + MAX_PRF_HALF = 128, /* Maximum half secret len */ + MAX_PRF_LABSEED = 80, /* Maximum label + seed len */ + MAX_PRF_DIG = 148, /* Maximum digest len */ + MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ + SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + + RC4_KEY_SIZE = 16, /* always 128bit */ + DES_KEY_SIZE = 8, /* des */ + DES3_KEY_SIZE = 24, /* 3 des ede */ + DES_IV_SIZE = DES_BLOCK_SIZE, + AES_256_KEY_SIZE = 32, /* for 256 bit */ + AES_192_KEY_SIZE = 24, /* for 192 bit */ + AES_IV_SIZE = 16, /* always block size */ + AES_128_KEY_SIZE = 16, /* for 128 bit */ + + HC_128_KEY_SIZE = 16, /* 128 bits */ + HC_128_IV_SIZE = 16, /* also 128 bits */ + + RABBIT_KEY_SIZE = 16, /* 128 bits */ + RABBIT_IV_SIZE = 8, /* 64 bits for iv */ + + EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ + + ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */ + MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */ + + MAX_HELLO_SZ = 128, /* max client or server hello */ + MAX_CERT_VERIFY_SZ = 1024, /* max */ + CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ + MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ + DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */ + + MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ + MAX_PSK_KEY_LEN = 64, /* max psk key supported */ + + MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */ + MAX_X509_SIZE = 2048, /* max static x509 buffer size */ + FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, + will use dynamic buffer if not big enough */ + + MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ + MAX_NTRU_BITS = 256, /* max symmetric bit strength */ + NO_SNIFF = 0, /* not sniffing */ + SNIFF = 1, /* currently sniffing */ + + HASH_SIG_SIZE = 2, /* default SHA1 RSA */ + + NO_COPY = 0, /* should we copy static buffer for write */ + COPY = 1 /* should we copy static buffer for write */ +}; + + +/* states */ +enum states { + NULL_STATE = 0, + + SERVER_HELLOVERIFYREQUEST_COMPLETE, + SERVER_HELLO_COMPLETE, + SERVER_CERT_COMPLETE, + SERVER_KEYEXCHANGE_COMPLETE, + SERVER_HELLODONE_COMPLETE, + SERVER_FINISHED_COMPLETE, + + CLIENT_HELLO_COMPLETE, + CLIENT_KEYEXCHANGE_COMPLETE, + CLIENT_FINISHED_COMPLETE, + + HANDSHAKE_DONE +}; + + +#ifndef SSL_TYPES_DEFINED + typedef struct SSL_METHOD SSL_METHOD; + typedef struct SSL_CTX SSL_CTX; + typedef struct SSL_SESSION SSL_SESSION; + typedef struct SSL_CIPHER SSL_CIPHER; + typedef struct SSL SSL; + typedef struct X509 X509; + typedef struct X509_CHAIN X509_CHAIN; + typedef struct BIO BIO; + typedef struct BIO_METHOD BIO_METHOD; + + #undef X509_NAME + typedef struct X509_NAME X509_NAME; + + typedef struct X509_STORE_CTX { + int error; + int error_depth; + X509* current_cert; /* stunnel dereference */ + char* domain; /* subject CN domain name */ + } X509_STORE_CTX; + + + typedef int (*pem_password_cb)(char*, int, int, void*); + typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx); + typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx); + typedef int (*VerifyCallback)(int, X509_STORE_CTX*); + + /* make sure external "C" linkage for C++ programs with callbacks */ + void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv); + void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend); + + void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx); + void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx); +#endif /* SSL_TYPES_DEFINED */ + + +/* SSL Version */ +typedef struct ProtocolVersion { + byte major; + byte minor; +} ProtocolVersion; + + +ProtocolVersion MakeSSLv3(void); +ProtocolVersion MakeTLSv1(void); +ProtocolVersion MakeTLSv1_1(void); +ProtocolVersion MakeTLSv1_2(void); + +#ifdef CYASSL_DTLS + ProtocolVersion MakeDTLSv1(void); +#endif + + +enum BIO_TYPE { + BIO_BUFFER = 1, + BIO_SOCKET = 2, + BIO_SSL = 3 +}; + + +/* OpenSSL BIO_METHOD type */ +struct BIO_METHOD { + byte type; /* method type */ +}; + + +/* OpenSSL BIO type */ +struct BIO { + byte type; /* method type */ + byte close; /* close flag */ + byte eof; /* eof flag */ + SSL* ssl; /* possible associated ssl */ + int fd; /* possible file descriptor */ + BIO* prev; /* previous in chain */ + BIO* next; /* next in chain */ +}; + + +/* OpenSSL method type */ +struct SSL_METHOD { + ProtocolVersion version; + int side; /* connection side, server or client */ + int verifyPeer; /* request or send certificate */ + int verifyNone; /* whether to verify certificate */ + int failNoCert; /* fail if no certificate */ + int downgrade; /* whether to downgrade version, default no */ +}; + + +/* defautls to client */ +void InitSSL_Method(SSL_METHOD*, ProtocolVersion); + +/* for sniffer */ +int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff); +int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx); + + +/* CyaSSL buffer type */ +typedef struct buffer { + word32 length; + byte* buffer; +} buffer; + + +enum { + FORCED_FREE = 1, + NO_FORCED_FREE = 0 +}; + + +/* only use compression extra if using compression */ +#ifdef HAVE_LIBZ + #define COMP_EXTRA MAX_COMP_EXTRA +#else + #define COMP_EXTRA 0 +#endif + +/* only the sniffer needs space in the buffer for an extra MTU record */ +#ifdef CYASSL_SNIFFER + #define MTU_EXTRA MAX_MTU +#else + #define MTU_EXTRA 0 +#endif + +/* give user option to use 16K static buffers, sniffer needs them too */ +#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_SNIFFER) + #define RECORD_SIZE MAX_RECORD_SIZE +#else + #ifdef CYASSL_DTLS + #define RECORD_SIZE 1500 + #else + #define RECORD_SIZE 128 + #endif +#endif + + +/* user option to turn off 16K output option */ +/* if using small static buffers (default) and SSL_write tries to write data + larger than the record we have, dynamically get it, unless user says only + write in static buffer chuncks */ +#ifndef STATIC_CHUNKS_ONLY + #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE +#else + #define OUTPUT_RECORD_SIZE RECORD_SIZE +#endif + +/* CyaSSL input buffer + + RFC 2246: + + length + The length (in bytes) of the following TLSPlaintext.fragment. + The length should not exceed 2^14. +*/ +#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ + MTU_EXTRA + MAX_MSG_EXTRA + +typedef struct { + word32 length; /* total buffer length used */ + word32 idx; /* idx to part of length already consumed */ + byte* buffer; /* place holder for static or dynamic buffer */ + ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; + word32 bufferSize; /* current buffer size */ + byte dynamicFlag; /* dynamic memory currently in use */ +} bufferStatic; + +/* Cipher Suites holder */ +typedef struct Suites { + int setSuites; /* user set suites from default */ + byte suites[MAX_SUITE_SZ]; + word16 suiteSz; /* suite length in bytes */ +} Suites; + + +void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int); +int SetCipherList(SSL_CTX* ctx, const char* list); + +#ifndef PSK_TYPES_DEFINED + typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + typedef unsigned int (*psk_server_callback)(SSL*, const char*, + unsigned char*, unsigned int); +#endif /* PSK_TYPES_DEFINED */ + + +#ifndef CYASSL_USER_IO + /* default IO callbacks */ + int EmbedReceive(char *buf, int sz, void *ctx); + int EmbedSend(char *buf, int sz, void *ctx); +#endif + +#ifdef CYASSL_DTLS + int IsUDP(void*); +#endif + + +/* OpenSSL Cipher type just points back to SSL */ +struct SSL_CIPHER { + SSL* ssl; +}; + + +/* OpenSSL context type */ +struct SSL_CTX { + SSL_METHOD* method; + buffer certificate; + buffer privateKey; + Signer* caList; /* SSL_CTX owns this, SSL will reference */ + Suites suites; + void* heap; /* for user memory overrides */ + byte verifyPeer; + byte verifyNone; + byte failNoCert; + byte sessionCacheOff; + byte sessionCacheFlushOff; + byte sendVerify; /* for client side */ + byte haveDH; /* server DH parms set by user */ + byte haveNTRU; /* server private NTRU key loaded */ + byte haveECDSA; /* server private ECDSA key loaded */ + byte partialWrite; /* only one msg per write call */ + byte quietShutdown; /* don't send close notify */ + CallbackIORecv CBIORecv; + CallbackIOSend CBIOSend; + VerifyCallback verifyCallback; /* cert verification callback */ +#ifndef NO_PSK + byte havePSK; /* psk key set by user */ + psk_client_callback client_psk_cb; /* client callback */ + psk_server_callback server_psk_cb; /* server callback */ + char server_hint[MAX_PSK_ID_LEN]; +#endif /* NO_PSK */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + pem_password_cb passwd_cb; + void* userdata; +#endif /* OPENSSL_EXTRA */ +}; + + +void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*); +void FreeSSL_Ctx(SSL_CTX*); +void SSL_CtxResourceFree(SSL_CTX*); + +int DeriveTlsKeys(SSL* ssl); +int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx, + word32 inSz, word16 sz); + +/* All cipher suite related info */ +typedef struct CipherSpecs { + byte bulk_cipher_algorithm; + byte cipher_type; /* block or stream */ + byte mac_algorithm; + byte kea; /* key exchange algo */ + byte sig_algo; + byte hash_size; + byte pad_size; + word16 key_size; + word16 iv_size; + word16 block_size; +} CipherSpecs; + + + +/* Supported Ciphers from page 43 */ +enum BulkCipherAlgorithm { + cipher_null, + rc4, + rc2, + des, + triple_des, /* leading 3 (3des) not valid identifier */ + des40, + idea, + aes, + hc128, /* CyaSSL extensions */ + rabbit +}; + + +/* Supported Message Authentication Codes from page 43 */ +enum MACAlgorithm { + no_mac = 0, + md5_mac, + sha_mac, + sha224_mac, + sha256_mac, + sha384_mac, + sha512_mac, + rmd_mac +}; + + +/* Supported Key Exchange Protocols */ +enum KeyExchangeAlgorithm { + no_kea = 0, + rsa_kea, + diffie_hellman_kea, + fortezza_kea, + psk_kea, + ntru_kea, + ecc_diffie_hellman_kea +}; + + +/* Supported Authentication Schemes */ +enum SignatureAlgorithm { + anonymous_sa_algo = 0, + rsa_sa_algo, + dsa_sa_algo, + ecc_dsa_sa_algo +}; + + +/* Supprted ECC Curve Types */ +enum EccCurves { + named_curve = 3 +}; + + +/* Supprted ECC Named Curves */ +enum EccNamedCurves { + secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */ + secp384r1 = 0x18, + secp521r1 = 0x19, + + secp160r1 = 0x10, + secp192r1 = 0x13, /* Openssl also call it prime192v1 */ + secp224r1 = 0x15 +}; + + +/* Valid client certificate request types from page 27 */ +enum ClientCertificateType { + rsa_sign = 1, + dss_sign = 2, + rsa_fixed_dh = 3, + dss_fixed_dh = 4, + rsa_ephemeral_dh = 5, + dss_ephemeral_dh = 6, + fortezza_kea_cert = 20 +}; + + +enum CipherType { stream, block }; + + +/* keys and secrets */ +typedef struct Keys { + byte client_write_MAC_secret[SHA_DIGEST_SIZE]; /* max sizes */ + byte server_write_MAC_secret[SHA_DIGEST_SIZE]; + byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ + byte server_write_key[AES_256_KEY_SIZE]; + byte client_write_IV[AES_IV_SIZE]; /* max sizes */ + byte server_write_IV[AES_IV_SIZE]; + + word32 peer_sequence_number; + word32 sequence_number; + +#ifdef CYASSL_DTLS + word32 dtls_sequence_number; + word32 dtls_peer_sequence_number; + word16 dtls_handshake_number; + word16 dtls_epoch; + word16 dtls_peer_epoch; +#endif + + word32 encryptSz; /* last size of encrypted data */ + byte encryptionOn; /* true after change cipher spec */ +} Keys; + + +/* cipher for now */ +typedef union { +#ifdef BUILD_ARC4 + Arc4 arc4; +#endif +#ifdef BUILD_DES3 + Des3 des3; +#endif +#ifdef BUILD_AES + Aes aes; +#endif +#ifdef BUILD_HC128 + HC128 hc128; +#endif +#ifdef BUILD_RABBIT + Rabbit rabbit; +#endif +} Ciphers; + + +/* hashes type */ +typedef struct Hashes { + byte md5[MD5_DIGEST_SIZE]; + byte sha[SHA_DIGEST_SIZE]; +} Hashes; + + +/* Static x509 buffer */ +typedef struct x509_buffer { + int length; /* actual size */ + byte buffer[MAX_X509_SIZE]; /* max static cert size */ +} x509_buffer; + + +/* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ +struct X509_CHAIN { + int count; /* total number in chain */ + x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ +}; + + +/* openSSL session type */ +struct SSL_SESSION { + byte sessionID[ID_LEN]; + byte masterSecret[SECRET_LEN]; + word32 bornOn; /* create time in seconds */ + word32 timeout; /* timeout in seconds */ +#ifdef SESSION_CERTS + X509_CHAIN chain; /* peer cert chain, static */ + ProtocolVersion version; + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* 2nd byte, actual suite */ +#endif +}; + + +SSL_SESSION* GetSession(SSL*, byte*); +int SetSession(SSL*, SSL_SESSION*); + +typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int); + + +/* client connect state for nonblocking restart */ +enum ConnectState { + CONNECT_BEGIN = 0, + CLIENT_HELLO_SENT, + HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ + HELLO_AGAIN_REPLY, + FIRST_REPLY_DONE, + FIRST_REPLY_FIRST, + FIRST_REPLY_SECOND, + FIRST_REPLY_THIRD, + FIRST_REPLY_FOURTH, + FINISHED_DONE, + SECOND_REPLY_DONE +}; + + +/* server accpet state for nonblocking restart */ +enum AcceptState { + ACCEPT_BEGIN = 0, + ACCEPT_CLIENT_HELLO_DONE, + HELLO_VERIFY_SENT, + ACCEPT_FIRST_REPLY_DONE, + SERVER_HELLO_SENT, + CERT_SENT, + KEY_EXCHANGE_SENT, + CERT_REQ_SENT, + SERVER_HELLO_DONE, + ACCEPT_SECOND_REPLY_DONE, + CHANGE_CIPHER_SENT, + ACCEPT_FINISHED_DONE, + ACCEPT_THIRD_REPLY_DONE +}; + + +typedef struct Buffers { + buffer certificate; /* SSL_CTX owns */ + buffer key; /* SSL_CTX owns */ + buffer domainName; /* for client check */ + buffer serverDH_P; + buffer serverDH_G; + buffer serverDH_Pub; + buffer serverDH_Priv; + bufferStatic inputBuffer; + bufferStatic outputBuffer; + buffer clearOutputBuffer; + int prevSent; /* previous plain text bytes sent + when got WANT_WRITE */ + int plainSz; /* plain text bytes in buffer to send + when got WANT_WRITE */ +} Buffers; + + +typedef struct Options { + byte sessionCacheOff; + byte sessionCacheFlushOff; + byte cipherSuite0; /* first byte, normally 0 */ + byte cipherSuite; /* second byte, actual suite */ + byte serverState; + byte clientState; + byte handShakeState; + byte side; /* client or server end */ + byte verifyPeer; + byte verifyNone; + byte failNoCert; + byte downgrade; /* allow downgrade of versions */ + byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */ + byte resuming; + byte tls; /* using TLS ? */ + byte tls1_1; /* using TLSv1.1+ ? */ + byte dtls; /* using datagrams ? */ + byte connReset; /* has the peer reset */ + byte isClosed; /* if we consider conn closed */ + byte closeNotify; /* we've recieved a close notify */ + byte sentNotify; /* we've sent a close notify */ + byte connectState; /* nonblocking resume */ + byte acceptState; /* nonblocking resume */ + byte usingCompression; /* are we using compression */ + byte haveDH; /* server DH parms set by user */ + byte haveNTRU; /* server NTRU private key loaded */ + byte haveECDSA; /* server ECDSA private key loaded */ + byte havePeerCert; /* do we have peer's cert */ + byte usingPSK_cipher; /* whether we're using psk as cipher */ + byte sendAlertState; /* nonblocking resume */ + byte processReply; /* nonblocking resume */ + byte partialWrite; /* only one msg per write call */ + byte quietShutdown; /* don't send close notify */ +#ifndef NO_PSK + byte havePSK; /* psk key set by user */ + psk_client_callback client_psk_cb; + psk_server_callback server_psk_cb; +#endif /* NO_PSK */ +} Options; + + +typedef struct Arrays { + byte clientRandom[RAN_LEN]; + byte serverRandom[RAN_LEN]; + byte sessionID[ID_LEN]; + byte preMasterSecret[ENCRYPT_LEN]; + byte masterSecret[SECRET_LEN]; +#ifdef CYASSL_DTLS + byte cookie[MAX_COOKIE_LEN]; +#endif +#ifndef NO_PSK + char client_identity[MAX_PSK_ID_LEN]; + char server_hint[MAX_PSK_ID_LEN]; + byte psk_key[MAX_PSK_KEY_LEN]; + word32 psk_keySz; /* acutal size */ +#endif + word32 preMasterSz; /* differs for DH, actual size */ +} Arrays; + + +#undef X509_NAME + +struct X509_NAME { + char name[ASN_NAME_MAX]; + int sz; +}; + + +struct X509 { + X509_NAME issuer; + X509_NAME subject; +}; + + +/* record layer header for PlainText, Compressed, and CipherText */ +typedef struct RecordLayerHeader { + byte type; + ProtocolVersion version; + byte length[2]; +} RecordLayerHeader; + + +/* record layer header for DTLS PlainText, Compressed, and CipherText */ +typedef struct DtlsRecordLayerHeader { + byte type; + ProtocolVersion version; + byte epoch[2]; /* increment on cipher state change */ + byte sequence_number[6]; /* per record */ + byte length[2]; +} DtlsRecordLayerHeader; + + +/* OpenSSL ssl type */ +struct SSL { + SSL_CTX* ctx; + int error; + ProtocolVersion version; /* negotiated version */ + ProtocolVersion chVersion; /* client hello version */ + Suites suites; + Ciphers encrypt; + Ciphers decrypt; + CipherSpecs specs; + Keys keys; + int rfd; /* read file descriptor */ + int wfd; /* write file descriptor */ + BIO* biord; /* socket bio read to free/close */ + BIO* biowr; /* socket bio write to free/close */ + void* IOCB_ReadCtx; + void* IOCB_WriteCtx; + RNG rng; + Md5 hashMd5; /* md5 hash of handshake msgs */ + Sha hashSha; /* sha hash of handshake msgs */ +#ifndef NO_SHA256 + Sha256 hashSha256; /* sha256 hash of handshake msgs */ +#endif + Hashes verifyHashes; + Hashes certHashes; /* for cert verify */ + Signer* caList; /* SSL_CTX owns */ + Buffers buffers; + Options options; + Arrays arrays; + SSL_SESSION session; + RsaKey peerRsaKey; + byte peerRsaKeyPresent; +#ifdef HAVE_NTRU + word16 peerNtruKeyLen; + byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; + byte peerNtruKeyPresent; +#endif +#ifdef HAVE_ECC + ecc_key peerEccKey; /* peer's ECDHE key */ + byte peerEccKeyPresent; + ecc_key peerEccDsaKey; /* peer's ECDSA key */ + byte peerEccDsaKeyPresent; + ecc_key eccTempKey; /* private ECDHE key */ + byte eccTempKeyPresent; + ecc_key eccDsaKey; /* private ECDSA key */ + byte eccDsaKeyPresent; +#endif + hmacfp hmac; + void* heap; /* for user overrides */ + RecordLayerHeader curRL; + word16 curSize; + SSL_CIPHER cipher; +#ifdef HAVE_LIBZ + z_stream c_stream; /* compression stream */ + z_stream d_stream; /* decompression stream */ + byte didStreamInit; /* for stream init and end */ +#endif +#ifdef CYASSL_CALLBACKS + HandShakeInfo handShakeInfo; /* info saved during handshake */ + TimeoutInfo timeoutInfo; /* info saved during handshake */ + byte hsInfoOn; /* track handshake info */ + byte toInfoOn; /* track timeout info */ +#endif +#ifdef OPENSSL_EXTRA + X509 peerCert; /* X509 peer cert */ +#endif +}; + + +int InitSSL(SSL*, SSL_CTX*); +void FreeSSL(SSL*); +void SSL_ResourceFree(SSL*); + + +enum { + IV_SZ = 32, /* max iv sz */ + NAME_SZ = 80, /* max one line */ +}; + + +typedef struct EncryptedInfo { + char name[NAME_SZ]; + byte iv[IV_SZ]; + word32 ivSz; + byte set; +} EncryptedInfo; + + +#ifdef CYASSL_CALLBACKS + void InitHandShakeInfo(HandShakeInfo*); + void FinishHandShakeInfo(HandShakeInfo*, const SSL*); + void AddPacketName(const char*, HandShakeInfo*); + + void InitTimeoutInfo(TimeoutInfo*); + void FreeTimeoutInfo(TimeoutInfo*, void*); + void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); + void AddLateName(const char*, TimeoutInfo*); + void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); +#endif + + +/* Record Layer Header identifier from page 12 */ +enum ContentType { + no_type = 0, + change_cipher_spec = 20, + alert = 21, + handshake = 22, + application_data = 23 +}; + + +/* handshake header, same for each message type, pgs 20/21 */ +typedef struct HandShakeHeader { + byte type; + word24 length; +} HandShakeHeader; + + +/* DTLS handshake header, same for each message type */ +typedef struct DtlsHandShakeHeader { + byte type; + word24 length; + byte message_seq[2]; /* start at 0, restransmit gets same # */ + word24 fragment_offset; /* bytes in previous fragments */ + word24 fragment_length; /* length of this fragment */ +} DtlsHandShakeHeader; + + +enum HandShakeType { + no_shake = -1, + hello_request = 0, + client_hello = 1, + server_hello = 2, + hello_verify_request = 3, /* DTLS addition */ + certificate = 11, + server_key_exchange = 12, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20 +}; + + +/* Valid Alert types from page 16/17 */ +enum AlertDescription { + close_notify = 0, + unexpected_message = 10, + bad_record_mac = 20, + decompression_failure = 30, + handshake_failure = 40, + no_certificate = 41, + bad_certificate = 42, + unsupported_certificate = 43, + certificate_revoked = 44, + certificate_expired = 45, + certificate_unknown = 46, + illegal_parameter = 47, + decrypt_error = 51 +}; + + +/* I/O Callback default errors */ +enum IOerrors { + IO_ERR_GENERAL = -1, /* general unexpected err, not in below group */ + IO_ERR_WANT_READ = -2, /* need to call read again */ + IO_ERR_WANT_WRITE = -2, /* need to call write again */ + IO_ERR_CONN_RST = -3, /* connection reset */ + IO_ERR_ISR = -4, /* interrupt */ + IO_ERR_CONN_CLOSE = -5 /* connection closed or epipe */ +}; + + +enum AlertLevel { + alert_warning = 1, + alert_fatal = 2 +}; + + +static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; +static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; + +static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; +static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; + + +/* internal functions */ +int SendChangeCipher(SSL*); +int SendData(SSL*, const void*, int); +int SendCertificate(SSL*); +int SendCertificateRequest(SSL*); +int SendServerKeyExchange(SSL*); +int SendBuffered(SSL*); +int ReceiveData(SSL*, byte*, int); +int SendFinished(SSL*); +int SendAlert(SSL*, int, int); +int ProcessReply(SSL*); + +int SetCipherSpecs(SSL*); +int MakeMasterSecret(SSL*); + +int AddSession(SSL*); +int DeriveKeys(SSL* ssl); +int StoreKeys(SSL* ssl, const byte* keyData); + +int IsTLS(const SSL* ssl); +int IsAtLeastTLSv1_2(const SSL* ssl); + +void ShrinkInputBuffer(SSL* ssl, int forcedFree); +void ShrinkOutputBuffer(SSL* ssl); + +#ifndef NO_CYASSL_CLIENT + int SendClientHello(SSL*); + int SendClientKeyExchange(SSL*); + int SendCertificateVerify(SSL*); +#endif /* NO_CYASSL_CLIENT */ + +#ifndef NO_CYASSL_SERVER + int SendServerHello(SSL*); + int SendServerHelloDone(SSL*); + #ifdef CYASSL_DTLS + int SendHelloVerifyRequest(SSL*); + #endif +#endif /* NO_CYASSL_SERVER */ + + +#ifndef NO_TLS + + +#endif /* NO_TLS */ + + + +typedef double timer_d; + +timer_d Timer(void); +word32 LowResTimer(void); + + +#ifdef SINGLE_THREADED + typedef int CyaSSL_Mutex; +#else /* MULTI_THREADED */ + #ifdef USE_WINDOWS_API + typedef CRITICAL_SECTION CyaSSL_Mutex; + #elif defined(CYASSL_PTHREADS) + typedef pthread_mutex_t CyaSSL_Mutex; + #elif defined(THREADX) + typedef TX_MUTEX CyaSSL_Mutex; + #elif defined(MICRIUM) + typedef OS_MUTEX CyaSSL_Mutex; + #else + #error Need a mutex type in multithreaded mode + #endif /* USE_WINDOWS_API */ +#endif /* SINGLE_THREADED */ + +int InitMutex(CyaSSL_Mutex*); +int FreeMutex(CyaSSL_Mutex*); +int LockMutex(CyaSSL_Mutex*); +int UnLockMutex(CyaSSL_Mutex*); + + +#ifdef DEBUG_CYASSL + + void CYASSL_ENTER(const char* msg); + void CYASSL_LEAVE(const char* msg, int ret); + + void CYASSL_ERROR(int); + void CYASSL_MSG(const char* msg); + +#else /* DEBUG_CYASSL */ + + #define CYASSL_ENTER(m) + #define CYASSL_LEAVE(m, r) + + #define CYASSL_ERROR(e) + #define CYASSL_MSG(m) + +#endif /* DEBUG_CYASSL */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CyaSSL_INT_H */ + diff --git a/release/src/router/cyassl/include/openssl/asn1.h b/release/src/router/cyassl/include/openssl/asn1.h new file mode 100644 index 00000000..3f34d7d2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/asn1.h @@ -0,0 +1,2 @@ +/* asn1.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/bio.h b/release/src/router/cyassl/include/openssl/bio.h new file mode 100644 index 00000000..bbdcc0f2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/bio.h @@ -0,0 +1,2 @@ +/* bio.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/bn.h b/release/src/router/cyassl/include/openssl/bn.h new file mode 100644 index 00000000..39770e99 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/bn.h @@ -0,0 +1,2 @@ +/* bn.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/conf.h b/release/src/router/cyassl/include/openssl/conf.h new file mode 100644 index 00000000..1e328cf4 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/conf.h @@ -0,0 +1,2 @@ +/* conf.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/crypto.h b/release/src/router/cyassl/include/openssl/crypto.h new file mode 100644 index 00000000..603943bc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/crypto.h @@ -0,0 +1,19 @@ +/* crypto.h for openSSL */ + +#ifndef CYASSL_CRYPTO_H_ +#define CYASSL_CRYPTO_H_ + +#ifdef YASSL_PREFIX +#include "prefix_crypto.h" +#endif + +const char* SSLeay_version(int type); +unsigned long SSLeay(void); + + +#define SSLEAY_VERSION 0x0090600fL +#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION + + +#endif /* header */ + diff --git a/release/src/router/cyassl/include/openssl/cyassl_callbacks.h b/release/src/router/cyassl/include/openssl/cyassl_callbacks.h new file mode 100644 index 00000000..87998aa2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/cyassl_callbacks.h @@ -0,0 +1,81 @@ +/* cyassl_callbacks.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_CALLBACKS_H +#define CYASSL_CALLBACKS_H + +#include <sys/time.h> + +#ifdef __cplusplus + extern "C" { +#endif + + +enum { /* CALLBACK CONTSTANTS */ + MAX_PACKETNAME_SZ = 24, + MAX_CIPHERNAME_SZ = 24, + MAX_TIMEOUT_NAME_SZ = 24, + MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */ + MAX_VALUE_SZ = 128, /* all handshake packets but Cert should + fit here */ +}; + + +typedef struct handShakeInfo_st { + char cipherName[MAX_CIPHERNAME_SZ + 1]; /* negotiated cipher */ + char packetNames[MAX_PACKETS_HANDSHAKE][MAX_PACKETNAME_SZ + 1]; + /* SSL packet names */ + int numberPackets; /* actual # of packets */ + int negotiationError; /* cipher/parameter err */ +} HandShakeInfo; + + +typedef struct timeval Timeval; + + +typedef struct packetInfo_st { + char packetName[MAX_PACKETNAME_SZ + 1]; /* SSL packet name */ + Timeval timestamp; /* when it occured */ + unsigned char value[MAX_VALUE_SZ]; /* if fits, it's here */ + unsigned char* bufferValue; /* otherwise here (non 0) */ + int valueSz; /* sz of value or buffer */ +} PacketInfo; + + +typedef struct timeoutInfo_st { + char timeoutName[MAX_TIMEOUT_NAME_SZ + 1]; /* timeout Name */ + int flags; /* for future use */ + int numberPackets; /* actual # of packets */ + PacketInfo packets[MAX_PACKETS_HANDSHAKE]; /* list of all packets */ + Timeval timeoutValue; /* timer that caused it */ +} TimeoutInfo; + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CyaSSL_CALLBACKS_H */ + diff --git a/release/src/router/cyassl/include/openssl/cyassl_test.h b/release/src/router/cyassl/include/openssl/cyassl_test.h new file mode 100644 index 00000000..555f3e19 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/cyassl_test.h @@ -0,0 +1,563 @@ +/* cyassl_test.h */ + +#ifndef CyaSSL_TEST_H +#define CyaSSL_TEST_H + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <ctype.h> +#include "types.h" + +#ifdef USE_WINDOWS_API + #include <winsock2.h> + #include <process.h> + #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ + #include <ws2tcpip.h> + #include <wspiapi.h> + #endif + #define SOCKET_T int +#else + #include <string.h> + #include <unistd.h> + #include <netdb.h> + #include <netinet/in.h> + #include <netinet/tcp.h> + #include <arpa/inet.h> + #include <sys/ioctl.h> + #include <sys/time.h> + #include <sys/types.h> + #include <sys/socket.h> + #include <pthread.h> + #ifdef NON_BLOCKING + #include <fcntl.h> + #endif + #ifdef TEST_IPV6 + #include <netdb.h> + #endif + #define SOCKET_T unsigned int +#endif /* USE_WINDOWS_API */ + +#ifdef _MSC_VER + /* disable conversion warning */ + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable:4244 4996) +#endif + +#if defined(__MACH__) || defined(USE_WINDOWS_API) + #ifndef _SOCKLEN_T + typedef int socklen_t; + #endif +#endif + + +/* HPUX doesn't use socklent_t for third parameter to accept */ +#if !defined(__hpux__) + typedef socklen_t* ACCEPT_THIRD_T; +#else + typedef int* ACCEPT_THIRD_T; +#endif + + +#ifdef USE_WINDOWS_API + #define CloseSocket(s) closesocket(s) + #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); } +#else + #define CloseSocket(s) close(s) + #define StartTCP() +#endif + + +#ifdef SINGLE_THREADED + typedef unsigned int THREAD_RETURN; + typedef void* THREAD_TYPE; + #define CYASSL_API +#else + #ifndef _POSIX_THREADS + typedef unsigned int THREAD_RETURN; + typedef HANDLE THREAD_TYPE; + #define CYASSL_API __stdcall + #else + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define CYASSL_API + #endif +#endif + + +#ifdef TEST_IPV6 + typedef struct sockaddr_in6 SOCKADDR_IN_T; + #define AF_INET_V AF_INET6 +#else + typedef struct sockaddr_in SOCKADDR_IN_T; + #define AF_INET_V AF_INET +#endif + + +#ifndef NO_MAIN_DRIVER + const char* caCert = "../../certs/ca-cert.pem"; + const char* eccCert = "../../certs/server-ecc.pem"; + const char* eccKey = "../../certs/ecc-key.pem"; + const char* svrCert = "../../certs/server-cert.pem"; + const char* svrKey = "../../certs/server-key.pem"; + const char* cliCert = "../../certs/client-cert.pem"; + const char* cliKey = "../../certs/client-key.pem"; + const char* ntruCert = "../../certs/ntru-cert.pem"; + const char* ntruKey = "../../certs/ntru-key.raw"; +#else + static const char* caCert = "../certs/ca-cert.pem"; + static const char* eccCert = "../certs/server-ecc.pem"; + static const char* eccKey = "../certs/ecc-key.pem"; + static const char* svrCert = "../certs/server-cert.pem"; + static const char* svrKey = "../certs/server-key.pem"; + static const char* cliCert = "../certs/client-cert.pem"; + static const char* cliKey = "../certs/client-key.pem"; + static const char* ntruCert = "../certs/ntru-cert.pem"; + static const char* ntruKey = "../certs/ntru-key.raw"; +#endif + +typedef struct tcp_ready { + int ready; /* predicate */ +#ifdef _POSIX_THREADS + pthread_mutex_t mutex; + pthread_cond_t cond; +#endif +} tcp_ready; + + +void InitTcpReady(); +void FreeTcpReady(); + + +typedef struct func_args { + int argc; + char** argv; + int return_code; + tcp_ready* signal; +} func_args; + + +typedef THREAD_RETURN CYASSL_API THREAD_FUNC(void*); + +void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); +void join_thread(THREAD_TYPE); + +/* yaSSL */ +static const char* const yasslIP = "127.0.0.1"; +static const word16 yasslPort = 11111; + + +static INLINE void err_sys(const char* msg) +{ + printf("yassl error: %s\n", msg); + exit(EXIT_FAILURE); +} + + +#ifdef OPENSSL_EXTRA + +static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) +{ + strncpy(passwd, "yassl123", sz); + return 8; +} + +#endif + + +static INLINE void showPeer(SSL* ssl) +{ +#ifdef OPENSSL_EXTRA + + SSL_CIPHER* cipher; + X509* peer = SSL_get_peer_certificate(ssl); + if (peer) { + char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); + char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); + + printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, + subject); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + } + else + printf("peer has no cert!\n"); + printf("SSL version is %s\n", SSL_get_version(ssl)); + + cipher = SSL_get_current_cipher(ssl); + printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher)); +#endif + +#ifdef SESSION_CERTS + { + X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl); + int count = CyaSSL_get_chain_count(chain); + int i; + + for (i = 0; i < count; i++) { + int length; + unsigned char buffer[3072]; + + CyaSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length); + buffer[length] = 0; + printf("cert %d has length %d data = \n%s\n", i, length, buffer); + } + } +#endif + +} + + +static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr, + const char* peer, word16 port) +{ +#ifndef TEST_IPV6 + const char* host = peer; + + /* peer could be in human readable form */ + if (peer != INADDR_ANY && isalpha(peer[0])) { + struct hostent* entry = gethostbyname(peer); + + if (entry) { + struct sockaddr_in tmp; + memset(&tmp, 0, sizeof(struct sockaddr_in)); + memcpy(&tmp.sin_addr.s_addr, entry->h_addr_list[0], + entry->h_length); + host = inet_ntoa(tmp.sin_addr); + } + else + err_sys("no entry for host"); + } +#endif + +#ifdef CYASSL_DTLS + *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0); +#else + *sockfd = socket(AF_INET_V, SOCK_STREAM, 0); +#endif + memset(addr, 0, sizeof(SOCKADDR_IN_T)); + +#ifndef TEST_IPV6 + addr->sin_family = AF_INET_V; + addr->sin_port = htons(port); + if (host == INADDR_ANY) + addr->sin_addr.s_addr = INADDR_ANY; + else + addr->sin_addr.s_addr = inet_addr(host); +#else + addr->sin6_family = AF_INET_V; + addr->sin6_port = htons(port); + addr->sin6_addr = in6addr_loopback; +#endif + +#ifndef USE_WINDOWS_API +#ifdef SO_NOSIGPIPE + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); + if (res < 0) + err_sys("setsockopt SO_NOSIGPIPE failed\n"); + } +#endif + +#if defined(TCP_NODELAY) && !defined(CYASSL_DTLS) + { + int on = 1; + socklen_t len = sizeof(on); + int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); + if (res < 0) + err_sys("setsockopt TCP_NODELAY failed\n"); + } +#endif +#endif /* USE_WINDOWS_API */ +} + + +static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) +{ + SOCKADDR_IN_T addr; + tcp_socket(sockfd, &addr, ip, port); + + if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp connect failed"); +} + + +static INLINE void tcp_listen(SOCKET_T* sockfd) +{ + SOCKADDR_IN_T addr; + + /* don't use INADDR_ANY by default, firewall may block, make user switch + on */ +#ifdef USE_ANY_ADDR + tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort); +#else + tcp_socket(sockfd, &addr, yasslIP, yasslPort); +#endif + +#ifndef USE_WINDOWS_API + { + int on = 1; + socklen_t len = sizeof(on); + setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); +#ifndef CYASSL_DTLS + if (listen(*sockfd, 5) != 0) + err_sys("tcp listen failed"); +#endif +} + + +static INLINE int udp_read_connect(SOCKET_T sockfd) +{ + SOCKADDR_IN_T cliaddr; + byte b[1500]; + int n; + socklen_t len = sizeof(cliaddr); + + n = recvfrom(sockfd, b, sizeof(b), MSG_PEEK, (struct sockaddr*)&cliaddr, + &len); + if (n > 0) { + if (connect(sockfd, (const struct sockaddr*)&cliaddr, + sizeof(cliaddr)) != 0) + err_sys("udp connect failed"); + } + else + err_sys("recvfrom failed"); + + return sockfd; +} + +static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) +{ + SOCKADDR_IN_T addr; + + tcp_socket(sockfd, &addr, yasslIP, yasslPort); + + +#ifndef USE_WINDOWS_API + { + int on = 1; + socklen_t len = sizeof(on); + setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); + } +#endif + + if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) + err_sys("tcp bind failed"); + +#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) + /* signal ready to accept data */ + { + tcp_ready* ready = args->signal; + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } +#endif + + *clientfd = udp_read_connect(*sockfd); +} + +static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) +{ + SOCKADDR_IN_T client; + socklen_t client_len = sizeof(client); + + #ifdef CYASSL_DTLS + udp_accept(sockfd, clientfd, args); + return; + #endif + + tcp_listen(sockfd); + +#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) + /* signal ready to tcp_accept */ + { + tcp_ready* ready = args->signal; + pthread_mutex_lock(&ready->mutex); + ready->ready = 1; + pthread_cond_signal(&ready->cond); + pthread_mutex_unlock(&ready->mutex); + } +#endif + + *clientfd = accept(*sockfd, (struct sockaddr*)&client, + (ACCEPT_THIRD_T)&client_len); + if (*clientfd == -1) + err_sys("tcp accept failed"); +} + + +static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) +{ +#ifdef NON_BLOCKING + #ifdef USE_WINDOWS_API + unsigned long blocking = 1; + int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); + #else + int flags = fcntl(*sockfd, F_GETFL, 0); + int ret = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); + #endif +#endif +} + + +#ifndef NO_PSK + +static INLINE unsigned int my_psk_client_cb(SSL* ssl, const char* hint, + char* identity, unsigned int id_max_len, unsigned char* key, + unsigned int key_max_len) +{ + /* identity is OpenSSL testing default for openssl s_client, keep same */ + strncpy(identity, "Client_identity", id_max_len); + + + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 26; + key[1] = 43; + key[2] = 60; + key[3] = 77; + + return 4; /* length of key in octets or 0 for error */ +} + + +static INLINE unsigned int my_psk_server_cb(SSL* ssl, const char* identity, + unsigned char* key, unsigned int key_max_len) +{ + /* identity is OpenSSL testing default for openssl s_client, keep same */ + if (strncmp(identity, "Client_identity", 15) != 0) + return 0; + + /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using + unsigned binary */ + key[0] = 26; + key[1] = 43; + key[2] = 60; + key[3] = 77; + + return 4; /* length of key in octets or 0 for error */ +} + +#endif /* NO_PSK */ + + +#ifdef USE_WINDOWS_API + + #define WIN32_LEAN_AND_MEAN + #include <windows.h> + + static INLINE double current_time() + { + static int init = 0; + static LARGE_INTEGER freq; + + LARGE_INTEGER count; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + + return (double)count.QuadPart / freq.QuadPart; + } + +#else + + #include <sys/time.h> + + static INLINE double current_time() + { + struct timeval tv; + gettimeofday(&tv, 0); + + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; + } + +#endif /* USE_WINDOWS_API */ + + +#ifdef NO_FILESYSTEM + + enum { + CYASSL_CA = 1, + CYASSL_CERT = 2, + CYASSL_KEY = 3 + }; + + static INLINE void load_buffer(SSL_CTX* ctx, const char* fname, int type) + { + /* test buffer load */ + long sz = 0; + byte buff[4096]; + FILE* file = fopen(fname, "rb"); + + if (!file) + err_sys("can't open file for buffer load"); + fseek(file, 0, SEEK_END); + sz = ftell(file); + rewind(file); + fread(buff, sizeof(buff), 1, file); + + if (type == CYASSL_CA) { + if (CyaSSL_CTX_load_verify_buffer(ctx, buff, sz, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load buffer ca file"); + } + else if (type == CYASSL_CERT) { + if (CyaSSL_CTX_use_certificate_buffer(ctx, buff, sz, + SSL_FILETYPE_PEM) != SSL_SUCCESS) + err_sys("can't load buffer cert file"); + } + else if (type == CYASSL_KEY) { + if (CyaSSL_CTX_use_PrivateKey_buffer(ctx, buff, sz, + SSL_FILETYPE_PEM) != SSL_SUCCESS) + err_sys("can't load buffer key file"); + } + } + +#endif /* NO_FILESYSTEM */ + +#ifdef VERIFY_CALLBACK + +static int myVerify(int preverify, X509_STORE_CTX* store) +{ + char buffer[80]; + + printf("In verification callback, error = %d, %s\n", store->error, + ERR_error_string(store->error, buffer)); +#ifdef OPENSSL_EXTRA + X509* peer = store->current_cert; + if (peer) { + char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); + char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); + + printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, + subject); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); + } + else + printf("peer has no cert!\n"); +#endif + printf("Subject's domain name is %s\n", store->domain); + + printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n"); + return 1; +} + +#endif /* VERIFY_CALLBACK */ + + +#endif /* CyaSSL_TEST_H */ + diff --git a/release/src/router/cyassl/include/openssl/des.h b/release/src/router/cyassl/include/openssl/des.h new file mode 100644 index 00000000..b74409b2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/des.h @@ -0,0 +1,70 @@ +/* des.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* des.h defines mini des openssl compatibility layer + * + */ + + + +#ifndef CYASSL_DES_H_ +#define CYASSL_DES_H_ + +#ifdef YASSL_PREFIX +#include "prefix_des.h" +#endif + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ DES_cblock const_DES_cblock; +typedef DES_cblock DES_key_schedule; + + +enum { + DES_ENCRYPT = 1, + DES_DECRYPT = 0 +}; + + +void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*); +int DES_key_sched(const_DES_cblock* key, DES_key_schedule* schedule); +void DES_cbc_encrypt(const unsigned char* input, unsigned char* output, + long length, DES_key_schedule* schedule, DES_cblock* ivec, + int enc); +void DES_ncbc_encrypt(const unsigned char* input, unsigned char* output, + long length, DES_key_schedule* schedule, DES_cblock* ivec, + int enc); + + +void DES_set_odd_parity(DES_cblock*); +void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_DES_H_ */ diff --git a/release/src/router/cyassl/include/openssl/dh.h b/release/src/router/cyassl/include/openssl/dh.h new file mode 100644 index 00000000..f3a6a7fc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/dh.h @@ -0,0 +1,2 @@ +/* dh.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/dsa.h b/release/src/router/cyassl/include/openssl/dsa.h new file mode 100644 index 00000000..756f8ea2 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/dsa.h @@ -0,0 +1,2 @@ +/* dsa.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ec.h b/release/src/router/cyassl/include/openssl/ec.h new file mode 100644 index 00000000..5ffdaf6e --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ec.h @@ -0,0 +1,2 @@ +/* ec.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ecdsa.h b/release/src/router/cyassl/include/openssl/ecdsa.h new file mode 100644 index 00000000..f3cf0de3 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ecdsa.h @@ -0,0 +1,2 @@ +/* ecdsa.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/engine.h b/release/src/router/cyassl/include/openssl/engine.h new file mode 100644 index 00000000..39952fca --- /dev/null +++ b/release/src/router/cyassl/include/openssl/engine.h @@ -0,0 +1,5 @@ +/* engine.h for libcurl */ + +#undef HAVE_OPENSSL_ENGINE_H + + diff --git a/release/src/router/cyassl/include/openssl/err.h b/release/src/router/cyassl/include/openssl/err.h new file mode 100644 index 00000000..7e7f1eb7 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/err.h @@ -0,0 +1,2 @@ +/* err.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/evp.h b/release/src/router/cyassl/include/openssl/evp.h new file mode 100644 index 00000000..a795dcab --- /dev/null +++ b/release/src/router/cyassl/include/openssl/evp.h @@ -0,0 +1,79 @@ +/* evp.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* evp.h defines mini evp openssl compatibility layer + * + */ + + + +#ifndef CYASSL_EVP_H_ +#define CYASSL_EVP_H_ + +#ifdef YASSL_PREFIX +#include "prefix_evp.h" +#endif + +#include "md5.h" +#include "sha.h" + + +#ifdef __cplusplus + extern "C" { +#endif + +typedef char EVP_MD; +typedef char EVP_CIPHER; + +const EVP_MD* EVP_md5(void); +const EVP_MD* EVP_sha1(void); + + +typedef union { + MD5_CTX md5; + SHA_CTX sha; +} Hasher; + + +typedef struct EVP_MD_CTX { + unsigned char macType; /* md5 or sha for now */ + Hasher hash; +} EVP_MD_CTX; + + +void EVP_MD_CTX_init(EVP_MD_CTX* ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX* ctx); + +int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type); +int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* data, size_t sz); +int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); +int EVP_DigestFinal_ex(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); + +int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const unsigned char*, + const unsigned char*, int, int, unsigned char*, unsigned char*); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_EVP_H_ */ diff --git a/release/src/router/cyassl/include/openssl/hmac.h b/release/src/router/cyassl/include/openssl/hmac.h new file mode 100644 index 00000000..10cff93f --- /dev/null +++ b/release/src/router/cyassl/include/openssl/hmac.h @@ -0,0 +1,51 @@ +/* hmac.h + * + * Copyright (C) 2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* hmac.h defines mini hamc openssl compatibility layer + * + */ + + + +#ifndef CYASSL_HMAC_H_ +#define CYASSL_HMAC_H_ + +#ifdef YASSL_PREFIX +#include "prefix_hmac.h" +#endif + +unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, + const unsigned char* d, int n, unsigned char* md, unsigned int* md_len); + + +#ifdef __cplusplus + extern "C" { +#endif + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_HMAC_H_ */ diff --git a/release/src/router/cyassl/include/openssl/lhash.h b/release/src/router/cyassl/include/openssl/lhash.h new file mode 100644 index 00000000..01f8535f --- /dev/null +++ b/release/src/router/cyassl/include/openssl/lhash.h @@ -0,0 +1,2 @@ +/* lhash.h for openSSL */ + diff --git a/release/src/router/cyassl/include/openssl/md4.h b/release/src/router/cyassl/include/openssl/md4.h new file mode 100644 index 00000000..2e99f977 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/md4.h @@ -0,0 +1 @@ +/* md4.h for libcurl */ diff --git a/release/src/router/cyassl/include/openssl/md5.h b/release/src/router/cyassl/include/openssl/md5.h new file mode 100644 index 00000000..467db4cc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/md5.h @@ -0,0 +1,32 @@ +/* md5.h for openssl */ + + +#ifndef CYASSL_MD5_H_ +#define CYASSL_MD5_H_ + +#ifdef YASSL_PREFIX +#include "prefix_md5.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct MD5_CTX { + int holder[24]; /* big enough to hold ctaocrypt md5, but check on init */ +} MD5_CTX; + +void MD5_Init(MD5_CTX*); +void MD5_Update(MD5_CTX*, const void*, unsigned long); +void MD5_Final(unsigned char*, MD5_CTX*); + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_MD5_H_ */ + diff --git a/release/src/router/cyassl/include/openssl/ocsp.h b/release/src/router/cyassl/include/openssl/ocsp.h new file mode 100644 index 00000000..7463eec9 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ocsp.h @@ -0,0 +1 @@ +/* ocsp.h for libcurl */ diff --git a/release/src/router/cyassl/include/openssl/opensslconf.h b/release/src/router/cyassl/include/openssl/opensslconf.h new file mode 100644 index 00000000..ac6b55bc --- /dev/null +++ b/release/src/router/cyassl/include/openssl/opensslconf.h @@ -0,0 +1,8 @@ +/* opensslconf.h for openSSL */ + + +#ifndef OPENSSL_THREADS + #define OPENSSL_THREADS +#endif + + diff --git a/release/src/router/cyassl/include/openssl/opensslv.h b/release/src/router/cyassl/include/openssl/opensslv.h new file mode 100644 index 00000000..bdcc805e --- /dev/null +++ b/release/src/router/cyassl/include/openssl/opensslv.h @@ -0,0 +1,12 @@ +/* opensslv.h compatibility */ + +#ifndef CYASSL_OPENSSLV_H_ +#define CYASSL_OPENSSLV_H_ + + +/* api version compatibility */ +#define OPENSSL_VERSION_NUMBER 0x0090410fL + + +#endif /* header */ + diff --git a/release/src/router/cyassl/include/openssl/ossl_typ.h b/release/src/router/cyassl/include/openssl/ossl_typ.h new file mode 100644 index 00000000..65b00c72 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ossl_typ.h @@ -0,0 +1,2 @@ +/* ossl_typ.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/pem.h b/release/src/router/cyassl/include/openssl/pem.h new file mode 100644 index 00000000..fe7cab88 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/pem.h @@ -0,0 +1,2 @@ +/* pem.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/pkcs12.h b/release/src/router/cyassl/include/openssl/pkcs12.h new file mode 100644 index 00000000..544b6f09 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/pkcs12.h @@ -0,0 +1,2 @@ +/* pkcs12.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/rand.h b/release/src/router/cyassl/include/openssl/rand.h new file mode 100644 index 00000000..ba818729 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/rand.h @@ -0,0 +1,4 @@ +/* rand.h for openSSL */ + +#include "openssl/ssl.h" + diff --git a/release/src/router/cyassl/include/openssl/rsa.h b/release/src/router/cyassl/include/openssl/rsa.h new file mode 100644 index 00000000..55038c13 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/rsa.h @@ -0,0 +1,10 @@ +/* rsa.h for openSSL */ + + +#ifndef CYASSL_RSA_H_ +#define CYASSL_RSA_H_ + +enum { RSA_F4 = 1 }; + + +#endif /* header */ diff --git a/release/src/router/cyassl/include/openssl/sha.h b/release/src/router/cyassl/include/openssl/sha.h new file mode 100644 index 00000000..501274f4 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/sha.h @@ -0,0 +1,32 @@ +/* sha.h for openssl */ + + +#ifndef CYASSL_SHA_H_ +#define CYASSL_SHA_H_ + +#ifdef YASSL_PREFIX +#include "prefix_sha.h" +#endif + +#ifdef __cplusplus + extern "C" { +#endif + + +typedef struct SHA_CTX { + int holder[24]; /* big enough to hold ctaocrypt sha, but check on init */ +} SHA_CTX; + +void SHA_Init(SHA_CTX*); +void SHA_Update(SHA_CTX*, const void*, unsigned long); +void SHA_Final(unsigned char*, SHA_CTX*); + + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CYASSL_SHA_H_ */ + diff --git a/release/src/router/cyassl/include/openssl/ssl.h b/release/src/router/cyassl/include/openssl/ssl.h new file mode 100644 index 00000000..1ae308d8 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ssl.h @@ -0,0 +1,677 @@ +/* ssl.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +/* ssl.h defines openssl compatibility layer + * + */ + + + +#ifndef CYASSL_OPENSSL_H_ +#define CYASSL_OPENSSL_H_ + +#include "os_settings.h" /* for users not using preprocessor flags */ + +#ifndef NO_FILESYSTEM + #include <stdio.h> /* ERR_print fp */ +#endif + +#ifdef YASSL_PREFIX + #include "prefix_ssl.h" +#endif + +#define CYASSL_VERSION "1.9.0" + +#undef X509_NAME /* wincrypt.h clash */ + +#ifdef __cplusplus + extern "C" { +#endif + + + +typedef struct SSL SSL; +typedef struct SSL_SESSION SSL_SESSION; +typedef struct SSL_METHOD SSL_METHOD; +typedef struct SSL_CTX SSL_CTX; + +typedef struct X509 X509; +typedef struct X509_NAME X509_NAME; +typedef struct X509_CHAIN X509_CHAIN; + + +/* redeclare guard */ +#define SSL_TYPES_DEFINED + + + + +typedef struct EVP_PKEY EVP_PKEY; +typedef struct RSA RSA; +typedef struct BIO BIO; +typedef struct BIO_METHOD BIO_METHOD; +typedef struct SSL_CIPHER SSL_CIPHER; +typedef struct X509_LOOKUP X509_LOOKUP; +typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD; +typedef struct X509_CRL X509_CRL; +typedef struct X509_EXTENSION X509_EXTENSION; +typedef struct ASN1_TIME ASN1_TIME; +typedef struct ASN1_INTEGER ASN1_INTEGER; +typedef struct ASN1_OBJECT ASN1_OBJECT; +typedef struct ASN1_STRING ASN1_STRING; +typedef struct CRYPTO_dynlock_value CRYPTO_dynlock_value; + +#define ASN1_UTCTIME ASN1_TIME + +typedef struct MD4_CTX { + int buffer[32]; /* big enough to hold, check size in Init */ +} MD4_CTX; + + +typedef struct COMP_METHOD { + int type; /* stunnel dereference */ +} COMP_METHOD; + + +typedef struct X509_STORE { + int cache; /* stunnel dereference */ +} X509_STORE; + + +typedef struct X509_REVOKED { + ASN1_INTEGER* serialNumber; /* stunnel dereference */ +} X509_REVOKED; + + +typedef struct X509_OBJECT { + union { + char* ptr; + X509_CRL* crl; /* stunnel dereference */ + } data; +} X509_OBJECT; + + +/* in cyassl_int.h too, change there !! */ +typedef struct X509_STORE_CTX { + int error; + int error_depth; + X509* current_cert; /* stunnel dereference */ + char* domain; /* subject CN domain name */ + /* in cyassl_int.h too, change there !! */ +} X509_STORE_CTX; + + +SSL_METHOD *SSLv3_server_method(void); +SSL_METHOD *SSLv3_client_method(void); +SSL_METHOD *TLSv1_server_method(void); +SSL_METHOD *TLSv1_client_method(void); +SSL_METHOD *TLSv1_1_server_method(void); +SSL_METHOD *TLSv1_1_client_method(void); +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); + +#ifdef CYASSL_DTLS + SSL_METHOD *DTLSv1_client_method(void); + SSL_METHOD *DTLSv1_server_method(void); +#endif + +#ifndef NO_FILESYSTEM + +int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int); +int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int); +int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int); + +#ifdef CYASSL_DER_LOAD + int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int); +#endif + +#ifdef HAVE_NTRU + int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU + private key blob */ +#endif + +int CyaSSL_PemCertToDer(const char*, unsigned char*, int); + +#endif /* NO_FILESYSTEM */ + +SSL_CTX* SSL_CTX_new(SSL_METHOD*); +SSL* SSL_new(SSL_CTX*); +int SSL_set_fd (SSL*, int); +int SSL_get_fd(const SSL*); +int SSL_connect(SSL*); /* please see note at top of README + if you get an error from connect */ +int SSL_write(SSL*, const void*, int); +int SSL_read(SSL*, void*, int); +int SSL_accept(SSL*); +void SSL_CTX_free(SSL_CTX*); +void SSL_free(SSL*); +int SSL_shutdown(SSL*); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int); + +int SSL_get_error(SSL*, int); + +int SSL_set_session(SSL *ssl, SSL_SESSION *session); +SSL_SESSION* SSL_get_session(SSL* ssl); +void SSL_flush_sessions(SSL_CTX *ctx, long tm); + + +typedef int (*VerifyCallback)(int, X509_STORE_CTX*); +typedef int (*pem_password_cb)(char*, int, int, void*); + +void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback); + + +int SSL_pending(SSL*); + + +void SSL_load_error_strings(void); +int SSL_library_init(void); +long SSL_CTX_set_session_cache_mode(SSL_CTX*, long); + +/* only supports full name from cipher_name[] delimited by : */ +int SSL_CTX_set_cipher_list(SSL_CTX*, const char*); + +char* ERR_error_string(unsigned long,char*); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); + + +/* extras */ + +#define STACK_OF(x) x + +int SSL_set_ex_data(SSL*, int, void*); +int SSL_get_shutdown(const SSL*); +int SSL_set_rfd(SSL*, int); +int SSL_set_wfd(SSL*, int); +void SSL_set_shutdown(SSL*, int); +int SSL_set_session_id_context(SSL*, const unsigned char*, unsigned int); +void SSL_set_connect_state(SSL*); +void SSL_set_accept_state(SSL*); +int SSL_session_reused(SSL*); +void SSL_SESSION_free(SSL_SESSION* session); + +const char* SSL_get_version(SSL*); +SSL_CIPHER* SSL_get_current_cipher(SSL*); +char* SSL_CIPHER_description(SSL_CIPHER*, char*, int); +const char* SSL_CIPHER_get_name(const SSL_CIPHER* cipher); +SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ + +void X509_free(X509*); +void OPENSSL_free(void*); + +int OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); + +SSL_METHOD* SSLv23_client_method(void); +SSL_METHOD* SSLv2_client_method(void); +SSL_METHOD* SSLv2_server_method(void); + +void MD4_Init(MD4_CTX*); +void MD4_Update(MD4_CTX*, const void*, size_t); +void MD4_Final(unsigned char*, MD4_CTX*); + +BIO* BIO_new(BIO_METHOD*); +int BIO_free(BIO*); +int BIO_free_all(BIO*); +int BIO_read(BIO*, void*, int); +int BIO_write(BIO*, const void*, int); +BIO* BIO_push(BIO*, BIO* append); +BIO* BIO_pop(BIO*); +int BIO_flush(BIO*); +int BIO_pending(BIO*); + +BIO_METHOD* BIO_f_buffer(void); +long BIO_set_write_buffer_size(BIO*, long size); +BIO_METHOD* BIO_f_ssl(void); +BIO* BIO_new_socket(int sfd, int flag); +void SSL_set_bio(SSL*, BIO* rd, BIO* wr); +int BIO_eof(BIO*); +long BIO_set_ssl(BIO*, SSL*, int flag); + +BIO_METHOD* BIO_s_mem(void); +BIO_METHOD* BIO_f_base64(void); +void BIO_set_flags(BIO*, int); + +void OpenSSL_add_all_algorithms(void); +int SSLeay_add_ssl_algorithms(void); +int SSLeay_add_all_algorithms(void); + +void RAND_screen(void); +const char* RAND_file_name(char*, size_t); +int RAND_write_file(const char*); +int RAND_load_file(const char*, long); +int RAND_egd(const char*); + +COMP_METHOD* COMP_zlib(void); +COMP_METHOD* COMP_rle(void); +int SSL_COMP_add_compression_method(int, void*); + +int SSL_get_ex_new_index(long, void*, void*, void*, void*); + +void CRYPTO_set_id_callback(unsigned long (*f)(void)); +void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int)); +void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)(const char*, + int)); +void CRYPTO_set_dynlock_lock_callback(void (*f)(int, CRYPTO_dynlock_value*, + const char*, int)); +void CRYPTO_set_dynlock_destroy_callback(void (*f)(CRYPTO_dynlock_value*, + const char*, int)); + +X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*); +int X509_STORE_CTX_get_error(X509_STORE_CTX*); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*); + +char* X509_NAME_oneline(X509_NAME*, char*, int); +X509_NAME* X509_get_issuer_name(X509*); +X509_NAME* X509_get_subject_name(X509*); +const char* X509_verify_cert_error_string(long); + +int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long); +int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long); +X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD* X509_LOOKUP_file(void); + +X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*); +X509_STORE* X509_STORE_new(void); +int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, + X509_OBJECT*); +int X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*, STACK_OF(X509)*); +void X509_STORE_CTX_cleanup(X509_STORE_CTX*); + +ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*); +ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*); + +EVP_PKEY* X509_get_pubkey(X509*); +int X509_CRL_verify(X509_CRL*, EVP_PKEY*); +void X509_STORE_CTX_set_error(X509_STORE_CTX*, int); +void X509_OBJECT_free_contents(X509_OBJECT*); +void EVP_PKEY_free(EVP_PKEY*); +int X509_cmp_current_time(const ASN1_TIME*); +int sk_X509_REVOKED_num(X509_REVOKED*); + +X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*); +X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int); + +ASN1_INTEGER* X509_get_serialNumber(X509*); + +int ASN1_TIME_print(BIO*, const ASN1_TIME*); + +int ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*); +long ASN1_INTEGER_get(const ASN1_INTEGER*); + +STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*); + +void SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*); +void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int); +int SSL_get_ex_data_X509_STORE_CTX_idx(void); +void* SSL_get_ex_data(const SSL*, int); + +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); +void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb); + + +long SSL_CTX_set_timeout(SSL_CTX*, long); +void SSL_CTX_set_info_callback(SSL_CTX*, void (*)()); + +unsigned long ERR_peek_error(void); +int ERR_GET_REASON(int); + +char* SSL_alert_type_string_long(int); +char* SSL_alert_desc_string_long(int); +char* SSL_state_string_long(SSL*); + +void RSA_free(RSA*); +RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int)); + +int PEM_def_callback(char*, int num, int w, void* key); + +long SSL_CTX_sess_accept(SSL_CTX*); +long SSL_CTX_sess_connect(SSL_CTX*); +long SSL_CTX_sess_accept_good(SSL_CTX*); +long SSL_CTX_sess_connect_good(SSL_CTX*); +long SSL_CTX_sess_accept_renegotiate(SSL_CTX*); +long SSL_CTX_sess_connect_renegotiate(SSL_CTX*); +long SSL_CTX_sess_hits(SSL_CTX*); +long SSL_CTX_sess_cb_hits(SSL_CTX*); +long SSL_CTX_sess_cache_full(SSL_CTX*); +long SSL_CTX_sess_misses(SSL_CTX*); +long SSL_CTX_sess_timeouts(SSL_CTX*); +long SSL_CTX_sess_number(SSL_CTX*); +long SSL_CTX_sess_get_cache_size(SSL_CTX*); + + +#define SSL_DEFAULT_CIPHER_LIST "" /* default all */ +#define RSA_F4 0x10001L + +enum { + OCSP_NOCERTS = 1, + OCSP_NOINTERN = 2, + OCSP_NOSIGS = 4, + OCSP_NOCHAIN = 8, + OCSP_NOVERIFY = 16, + OCSP_NOEXPLICIT = 32, + OCSP_NOCASIGN = 64, + OCSP_NODELEGATED = 128, + OCSP_NOCHECKS = 256, + OCSP_TRUSTOTHER = 512, + OCSP_RESPID_KEY = 1024, + OCSP_NOTIME = 2048, + + OCSP_CERTID = 2, + OCSP_REQUEST = 4, + OCSP_RESPONSE = 8, + OCSP_BASICRESP = 16, + + ASN1_GENERALIZEDTIME = 4, + + SSL_OP_MICROSOFT_SESS_ID_BUG = 1, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 6, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7, + SSL_OP_TLS_D5_BUG = 8, + SSL_OP_TLS_BLOCK_PADDING_BUG = 9, + SSL_OP_TLS_ROLLBACK_BUG = 10, + SSL_OP_ALL = 11, + SSL_OP_EPHEMERAL_RSA = 12, + SSL_OP_NO_SSLv3 = 13, + SSL_OP_NO_TLSv1 = 14, + SSL_OP_PKCS1_CHECK_1 = 15, + SSL_OP_PKCS1_CHECK_2 = 16, + SSL_OP_NETSCAPE_CA_DN_BUG = 17, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18, + SSL_OP_SINGLE_DH_USE = 19, + SSL_OP_NO_TICKET = 20, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21, + SSL_OP_NO_QUERY_MTU = 22, + SSL_OP_COOKIE_EXCHANGE = 23, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24, + SSL_OP_SINGLE_ECDH_USE = 25, + SSL_OP_CIPHER_SERVER_PREFERENCE = 26, + + SSL_MAX_SSL_SESSION_ID_LENGTH = 32, + + EVP_R_BAD_DECRYPT = 2, + + SSL_CB_LOOP = 4, + SSL_ST_CONNECT = 5, + SSL_ST_ACCEPT = 6, + SSL_CB_ALERT = 7, + SSL_CB_READ = 8, + SSL_CB_HANDSHAKE_DONE = 9, + + SSL_MODE_ENABLE_PARTIAL_WRITE = 2, + + BIO_FLAGS_BASE64_NO_NL = 1, + BIO_CLOSE = 1, + BIO_NOCLOSE = 0, + + NID_undef = 0, + + X509_FILETYPE_PEM = 8, + X509_LU_X509 = 9, + X509_LU_CRL = 12, + + X509_V_ERR_CRL_SIGNATURE_FAILURE = 13, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14, + X509_V_ERR_CRL_HAS_EXPIRED = 15, + X509_V_ERR_CERT_REVOKED = 16, + X509_V_ERR_CERT_CHAIN_TOO_LONG = 17, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 18, + X509_V_ERR_CERT_NOT_YET_VALID = 19, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, + X509_V_ERR_CERT_HAS_EXPIRED = 21, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, + + X509_V_OK = 0, + + CRYPTO_LOCK = 1, + CRYPTO_NUM_LOCKS = 10, + +}; + +/* extras end */ + +#ifndef NO_FILESYSTEM +/* CyaSSL extension, provide last error from SSL_get_error + since not using thread storage error queue */ +void ERR_print_errors_fp(FILE*, int err); +#endif + +enum { /* ssl Constants */ + SSL_ERROR_NONE = 0, /* for most functions */ + SSL_FAILURE = 0, /* for some functions */ + SSL_SUCCESS = 1, + + SSL_BAD_CERTTYPE = -8, + SSL_BAD_STAT = -7, + SSL_BAD_PATH = -6, + SSL_BAD_FILETYPE = -5, + SSL_BAD_FILE = -4, + SSL_NOT_IMPLEMENTED = -3, + SSL_UNKNOWN = -2, + SSL_FATAL_ERROR = -1, + + SSL_FILETYPE_ASN1 = 2, + SSL_FILETYPE_PEM = 1, + SSL_FILETYPE_DEFAULT = 2, /* ASN1 */ + SSL_FILETYPE_RAW = 3, /* NTRU raw key blob */ + + SSL_VERIFY_NONE = 0, + SSL_VERIFY_PEER = 1, + SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, + SSL_VERIFY_CLIENT_ONCE = 4, + + SSL_SESS_CACHE_OFF = 30, + SSL_SESS_CACHE_CLIENT = 31, + SSL_SESS_CACHE_SERVER = 32, + SSL_SESS_CACHE_BOTH = 33, + SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, + + SSL_ERROR_WANT_READ = 2, + SSL_ERROR_WANT_WRITE = 3, + SSL_ERROR_WANT_CONNECT = 7, + SSL_ERROR_WANT_ACCEPT = 8, + SSL_ERROR_SYSCALL = 5, + SSL_ERROR_WANT_X509_LOOKUP = 83, + SSL_ERROR_ZERO_RETURN = 6, + SSL_ERROR_SSL = 85, + + SSL_SENT_SHUTDOWN = 1, + SSL_RECEIVED_SHUTDOWN = 2, + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, + SSL_OP_NO_SSLv2 = 8, + + SSL_R_SSL_HANDSHAKE_FAILURE = 101, + SSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, + SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, + SSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, + + PEM_BUFSIZE = 1024, +}; + + +#ifndef NO_PSK + typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*, + unsigned int, unsigned char*, unsigned int); + void SSL_CTX_set_psk_client_callback(SSL_CTX*, psk_client_callback); + void SSL_set_psk_client_callback(SSL*, psk_client_callback); + + const char* SSL_get_psk_identity_hint(const SSL*); + const char* SSL_get_psk_identity(const SSL*); + + int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*); + int SSL_use_psk_identity_hint(SSL*, const char*); + + typedef unsigned int (*psk_server_callback)(SSL*, const char*, + unsigned char*, unsigned int); + void SSL_CTX_set_psk_server_callback(SSL_CTX*, psk_server_callback); + void SSL_set_psk_server_callback(SSL*, psk_server_callback); + + #define PSK_TYPES_DEFINED +#endif /* NO_PSK */ + + +/* extra begins */ + +enum { /* ERR Constants */ + ERR_TXT_STRING = 1, +}; + +unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); + +unsigned long ERR_get_error(void); +void ERR_clear_error(void); + + +int RAND_status(void); +int RAND_bytes(unsigned char* buf, int num); +SSL_METHOD *SSLv23_server_method(void); +long SSL_CTX_set_options(SSL_CTX*, long); +int SSL_CTX_check_private_key(SSL_CTX*); + + +void ERR_free_strings(void); +void ERR_remove_state(unsigned long); +void EVP_cleanup(void); + +void CRYPTO_cleanup_all_ex_data(void); +long SSL_CTX_set_mode(SSL_CTX* ctx, long mode); +long SSL_CTX_get_mode(SSL_CTX* ctx); +void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m); + +long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); + +int SSL_CTX_set_default_verify_paths(SSL_CTX*); +int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*, + unsigned int); + +X509* SSL_get_peer_certificate(SSL* ssl); + +int SSL_want_read(SSL*); +int SSL_want_write(SSL*); + +int BIO_printf(BIO*, const char*, ...); +int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*); + +int sk_num(X509_REVOKED*); +void* sk_value(X509_REVOKED*, int); + +/* stunnel 4.28 needs */ +void* SSL_CTX_get_ex_data(const SSL_CTX*, int); +int SSL_CTX_set_ex_data(SSL_CTX*, int, void*); +void SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*, unsigned char*, + int, int*)); +void SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*, SSL_SESSION*)); +void SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*, SSL_SESSION*)); + +int i2d_SSL_SESSION(SSL_SESSION*, unsigned char**); +SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**, long); + +long SSL_SESSION_get_timeout(const SSL_SESSION*); +long SSL_SESSION_get_time(const SSL_SESSION*); +int SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + +/* extra ends */ + + +/* CyaSSL extensions */ + +/* call before SSL_connect, if verifying will add name check to + date check and signature check */ +int CyaSSL_check_domain_name(SSL* ssl, const char* dn); + +int InitCyaSSL(void); /* need to call once to load library (session cache) */ +int FreeCyaSSL(void); /* call when done to free session cache mutex */ + +int CyaSSL_Debugging_ON(void); /* turn logging on, only if compiled in */ +void CyaSSL_Debugging_OFF(void); /* turn logging off */ + +int CyaSSL_set_compression(SSL* ssl); /* turn on CyaSSL data compression */ + +int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU + private key blob */ +X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl); /* get CyaSSL peer X509_CHAIN */ +int CyaSSL_get_chain_count(X509_CHAIN* chain); /* peer chain count */ +int CyaSSL_get_chain_length(X509_CHAIN*, int idx); /* index cert length */ +unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx); /* index cert */ +int CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx, unsigned char* buffer, + int inLen, int* outLen); /* get index cert in PEM */ +const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* session); + +#ifndef _WIN32 + #ifndef NO_WRITEV + #include <sys/uio.h> + /* allow writev style writing */ + int CyaSSL_writev(SSL* ssl, const struct iovec* iov, int iovcnt); + #endif +#endif + +#if defined(NO_FILESYSTEM) || defined(MICRIUM) + +int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*, long, int); +int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int); +int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*, long, int); +int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,const unsigned char*,long); + +#endif /* NO_FILESYSTEM || MICRIUM */ + + +/* I/O callbacks */ +typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx); +typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx); + +void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv); +void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend); + +void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx); +void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx); + + +#ifdef CYASSL_CALLBACKS + +/* used internally by CyaSSL while OpenSSL types aren't */ +#include "cyassl_callbacks.h" + +typedef int (*HandShakeCallBack)(HandShakeInfo*); +typedef int (*TimeoutCallBack)(TimeoutInfo*); + +/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack + for diagnostics */ +int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval); +int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval); + +#endif /* CYASSL_CALLBACKS */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CyaSSL_openssl_h__ */ diff --git a/release/src/router/cyassl/include/openssl/stack.h b/release/src/router/cyassl/include/openssl/stack.h new file mode 100644 index 00000000..374c1fcd --- /dev/null +++ b/release/src/router/cyassl/include/openssl/stack.h @@ -0,0 +1,2 @@ +/* stack.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/ui.h b/release/src/router/cyassl/include/openssl/ui.h new file mode 100644 index 00000000..a2539303 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/ui.h @@ -0,0 +1,2 @@ +/* ui.h for openssl */ + diff --git a/release/src/router/cyassl/include/openssl/x509.h b/release/src/router/cyassl/include/openssl/x509.h new file mode 100644 index 00000000..2d1da248 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/x509.h @@ -0,0 +1,3 @@ +/* x509.h for openssl */ + +#include "openssl/ssl.h" diff --git a/release/src/router/cyassl/include/openssl/x509v3.h b/release/src/router/cyassl/include/openssl/x509v3.h new file mode 100644 index 00000000..77828a33 --- /dev/null +++ b/release/src/router/cyassl/include/openssl/x509v3.h @@ -0,0 +1,2 @@ +/* x509v3.h for openssl */ + diff --git a/release/src/router/cyassl/include/sniffer.h b/release/src/router/cyassl/include/sniffer.h new file mode 100644 index 00000000..40aa15b4 --- /dev/null +++ b/release/src/router/cyassl/include/sniffer.h @@ -0,0 +1,72 @@ +/* sniffer.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_SNIFFER_H +#define CYASSL_SNIFFER_H + + +#ifdef _WIN32 + #ifdef SSL_SNIFFER_EXPORTS + #define SSL_SNIFFER_API __declspec(dllexport) + #else + #define SSL_SNIFFER_API __declspec(dllimport) + #endif +#else + #define SSL_SNIFFER_API +#endif /* _WIN32 */ + + +#ifdef __cplusplus + extern "C" { +#endif + + + +SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, + const char* keyFile, int keyType, + const char* password, char* error); + +SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, + unsigned char* data, char* error); + +SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); + + +void ssl_InitSniffer(void); + +void ssl_FreeSniffer(void); + + +/* ssl_SetPrivateKey keyTypes */ +enum { + FILETYPE_PEM = 1, + FILETYPE_DER = 2, +}; + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* CyaSSL_SNIFFER_H */ + diff --git a/release/src/router/cyassl/include/sniffer_error.h b/release/src/router/cyassl/include/sniffer_error.h new file mode 100644 index 00000000..7157ee12 --- /dev/null +++ b/release/src/router/cyassl/include/sniffer_error.h @@ -0,0 +1,102 @@ +/* sniffer_error.h + * + * Copyright (C) 2006-2011 Sawtooth Consulting Ltd. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + + +#ifndef CYASSL_SNIFFER_ERROR_H +#define CYASSL_SNIFFER_ERROR_H + +/* need to have errors as #defines since .rc files can't handle enums */ +/* need to start at 1 and go in order for same reason */ + +#define MEMORY_STR 1 +#define NEW_SERVER_STR 2 +#define IP_CHECK_STR 3 +#define SERVER_NOT_REG_STR 4 +#define TCP_CHECK_STR 5 +#define SERVER_PORT_NOT_REG_STR 6 +#define RSA_DECRYPT_STR 7 +#define RSA_DECODE_STR 8 +#define BAD_CIPHER_SPEC_STR 9 +#define SERVER_HELLO_INPUT_STR 10 + +#define BAD_SESSION_RESUME_STR 11 +#define SERVER_DID_RESUMPTION_STR 12 +#define CLIENT_HELLO_INPUT_STR 13 +#define CLIENT_RESUME_TRY_STR 14 +#define HANDSHAKE_INPUT_STR 15 +#define GOT_HELLO_VERIFY_STR 16 +#define GOT_SERVER_HELLO_STR 17 +#define GOT_CERT_REQ_STR 18 +#define GOT_SERVER_KEY_EX_STR 19 +#define GOT_CERT_STR 20 + +#define GOT_SERVER_HELLO_DONE_STR 21 +#define GOT_FINISHED_STR 22 +#define GOT_CLIENT_HELLO_STR 23 +#define GOT_CLIENT_KEY_EX_STR 24 +#define GOT_CERT_VER_STR 25 +#define GOT_UNKNOWN_HANDSHAKE_STR 26 +#define NEW_SESSION_STR 27 +#define BAD_NEW_SSL_STR 28 +#define GOT_PACKET_STR 29 +#define NO_DATA_STR 30 + +#define BAD_SESSION_STR 31 +#define GOT_OLD_CLIENT_HELLO_STR 32 +#define OLD_CLIENT_INPUT_STR 33 +#define OLD_CLIENT_OK_STR 34 +#define BAD_OLD_CLIENT_STR 35 +#define BAD_RECORD_HDR_STR 36 +#define RECORD_INPUT_STR 37 +#define GOT_HANDSHAKE_STR 38 +#define BAD_HANDSHAKE_STR 39 +#define GOT_CHANGE_CIPHER_STR 40 + +#define GOT_APP_DATA_STR 41 +#define BAD_APP_DATA_STR 42 +#define GOT_ALERT_STR 43 +#define ANOTHER_MSG_STR 44 +#define REMOVE_SESSION_STR 45 +#define KEY_FILE_STR 46 +#define BAD_IPVER_STR 47 +#define BAD_PROTO_STR 48 +#define PACKET_HDR_SHORT_STR 49 +#define GOT_UNKNOWN_RECORD_STR 50 + +#define BAD_TRACE_FILE_STR 51 +#define FATAL_ERROR_STR 52 +#define PARTIAL_INPUT_STR 53 +#define BUFFER_ERROR_STR 54 +#define PARTIAL_ADD_STR 55 +#define DUPLICATE_STR 56 +#define OUT_OF_ORDER_STR 57 +#define OVERLAP_DUPLICATE_STR 58 +#define OVERLAP_REASSEMBLY_BEGIN_STR 59 + +#define OVERLAP_REASSEMBLY_END_STR 60 +#define MISSED_CLIENT_HELLO_STR 61 + +/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ + + +#endif /* CyaSSL_SNIFFER_ERROR_H */ + diff --git a/release/src/router/cyassl/include/sniffer_error.rc b/release/src/router/cyassl/include/sniffer_error.rc new file mode 100644 index 00000000..89b12e2e --- /dev/null +++ b/release/src/router/cyassl/include/sniffer_error.rc @@ -0,0 +1,78 @@ + +STRINGTABLE +{ + 1, "Out of Memory" + 2, "New SSL Sniffer Server Registered" + 3, "Checking IP Header" + 4, "SSL Sniffer Server Not Registered" + 5, "Checking TCP Header" + + 6, "SSL Sniffer Server Port Not Registered" + 7, "RSA Private Decrypt Error" + 8, "RSA Private Decode Error" + 9, "Set Cipher Spec Error" + 10, "Server Hello Input Malformed" + + 11, "Couldn't Resume Session Error" + 12, "Server Did Resumption" + 13, "Client Hello Input Malformed" + 14, "Client Trying to Resume" + 15, "Handshake Input Malformed" + + 16, "Got Hello Verify msg" + 17, "Got Server Hello msg" + 18, "Got Cert Request msg" + 19, "Got Server Key Exchange msg" + 20, "Got Cert msg" + + 21, "Got Server Hello Done msg" + 22, "Got Finished msg" + 23, "Got Client Hello msg" + 24, "Got Client Key Exchange msg" + 25, "Got Cert Verify msg" + + 26, "Got Unknown Handshake msg" + 27, "New SSL Sniffer Session created" + 28, "Couldn't create new SSL" + 29, "Got a Packet to decode" + 30, "No data present" + + 31, "Session Not Found" + 32, "Got an Old Client Hello msg" + 33, "Old Client Hello Input Malformed" + 34, "Old Client Hello OK" + 35, "Bad Old Client Hello" + + 36, "Bad Record Header" + 37, "Record Header Input Malformed" + 38, "Got a HandShake msg" + 39, "Bad HandShake msg" + 40, "Got a Change Cipher Spec msg" + + 41, "Got Application Data msg" + 42, "Bad Application Data" + 43, "Got an Alert msg" + 44, "Another msg to Process" + 45, "Removing Session From Table" + + 46, "Bad Key File" + 47, "Wrong IP Version" + 48, "Wrong Protocol type" + 49, "Packet Short for header processing" + 50, "Got Unknown Record Type" + + 51, "Can't Open Trace File" + 52, "Session in Fatal Error State" + 53, "Partial SSL record received" + 54, "Buffer Error, malformed input" + 55, "Added to Partial Input" + + 56, "Received a Duplicate Packet" + 57, "Received an Out of Order Packet" + 58, "Received an Overlap Duplicate Packet" + 59, "Received an Overlap Reassembly Begin Duplicate Packet" + 60, "Received an Overlap Reassembly End Duplicate Packet" + + 61, "Missed the Client Hello Entirely" +} + |