From 5ac03256db0fe4ca7e3ad1117d096c3a76368b76 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 9 Jan 2015 09:46:07 +0100 Subject: backported CyaSSL/OpenSSL support for internal webserver instead of MatrixSSL --- .../src/router/matrixssl/examples/CAcertSrv.der | Bin 663 -> 0 bytes .../src/router/matrixssl/examples/CAcertSrv.pem | 16 - release/src/router/matrixssl/examples/Makefile | 103 -- release/src/router/matrixssl/examples/certSrv.der | Bin 644 -> 0 bytes release/src/router/matrixssl/examples/certSrv.p12 | Bin 1806 -> 0 bytes release/src/router/matrixssl/examples/certSrv.pem | 16 - .../src/router/matrixssl/examples/httpsClient.c | 379 -------- .../src/router/matrixssl/examples/httpsClient.sln | 28 - .../router/matrixssl/examples/httpsClient.vcproj | 181 ---- .../src/router/matrixssl/examples/httpsReflector.c | 331 ------- .../router/matrixssl/examples/httpsReflector.sln | 28 - .../matrixssl/examples/httpsReflector.vcproj | 181 ---- .../src/router/matrixssl/examples/privkeySrv.der | Bin 608 -> 0 bytes .../src/router/matrixssl/examples/privkeySrv.pem | 15 - release/src/router/matrixssl/examples/sslSocket.c | 1025 -------------------- release/src/router/matrixssl/examples/sslSocket.h | 166 ---- 16 files changed, 2469 deletions(-) delete mode 100644 release/src/router/matrixssl/examples/CAcertSrv.der delete mode 100644 release/src/router/matrixssl/examples/CAcertSrv.pem delete mode 100644 release/src/router/matrixssl/examples/Makefile delete mode 100644 release/src/router/matrixssl/examples/certSrv.der delete mode 100644 release/src/router/matrixssl/examples/certSrv.p12 delete mode 100644 release/src/router/matrixssl/examples/certSrv.pem delete mode 100644 release/src/router/matrixssl/examples/httpsClient.c delete mode 100644 release/src/router/matrixssl/examples/httpsClient.sln delete mode 100644 release/src/router/matrixssl/examples/httpsClient.vcproj delete mode 100644 release/src/router/matrixssl/examples/httpsReflector.c delete mode 100644 release/src/router/matrixssl/examples/httpsReflector.sln delete mode 100644 release/src/router/matrixssl/examples/httpsReflector.vcproj delete mode 100644 release/src/router/matrixssl/examples/privkeySrv.der delete mode 100644 release/src/router/matrixssl/examples/privkeySrv.pem delete mode 100644 release/src/router/matrixssl/examples/sslSocket.c delete mode 100644 release/src/router/matrixssl/examples/sslSocket.h (limited to 'release/src/router/matrixssl/examples') diff --git a/release/src/router/matrixssl/examples/CAcertSrv.der b/release/src/router/matrixssl/examples/CAcertSrv.der deleted file mode 100644 index f1d984a0..00000000 Binary files a/release/src/router/matrixssl/examples/CAcertSrv.der and /dev/null differ diff --git a/release/src/router/matrixssl/examples/CAcertSrv.pem b/release/src/router/matrixssl/examples/CAcertSrv.pem deleted file mode 100644 index 19f29467..00000000 --- a/release/src/router/matrixssl/examples/CAcertSrv.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICkzCCAfygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgzEqMCgGA1UEAwwhU2Vy -dmVyIHNhbXBsZSBDQSBTZWxmLXNpZ25lZCBDZXJ0MQswCQYDVQQGDAJVUzELMAkG -A1UECAwCV0ExETAPBgNVBAcMCEJlbGxldnVlMRkwFwYDVQQKDBBQZWVyU2VjIE5l -dHdvcmtzMQ0wCwYDVQQLDARUZXN0MB4XDTA3MDMyNzExMDUxNloXDTEwMDMyNjEx -MDUxNlowgYMxKjAoBgNVBAMMIVNlcnZlciBzYW1wbGUgQ0EgU2VsZi1zaWduZWQg -Q2VydDELMAkGA1UEBgwCVVMxCzAJBgNVBAgMAldBMREwDwYDVQQHDAhCZWxsZXZ1 -ZTEZMBcGA1UECgwQUGVlclNlYyBOZXR3b3JrczENMAsGA1UECwwEVGVzdDCBnjAN -BgkqhkiG9w0BAQEFAAOBjAAwgYgCgYCtnwbUbG+AY3B2fIIqm0M7L1/KntbalXPN -jIONjLsxzHDPIKwuEs1t66A7sr6oHSqeTQWREE5VFX3IMjUPlJaq2OqFzbRhNYuB -ZmtIkVEi5jnNHujYKR6mxmDLjzJJZXj6lqfzUUb67VSBin3vTmGs/OWqom2h7fng -is8Aq78HFwIDAQABoxYwFDASBgNVHRMBAQEECDAGAQEBAgEBMA0GCSqGSIb3DQEB -BQUAA4GBAHdDhkO4tYRVKP5T1VtGBL0ys3M6dY1i+LyOrwZAfKi7BxjnVkct0Hs5 -sKD4dff/mQl2eRgU0WMcQ32mPIW6Z6Tw/CCySFmr1fzK+axGRSqs2IW7X7r+zxh5 -AbFWUAAdhRujmCodAXI6DwJ4U/27ZPzOf5RmS7+IhDhvd5kiFH1h ------END CERTIFICATE----- diff --git a/release/src/router/matrixssl/examples/Makefile b/release/src/router/matrixssl/examples/Makefile deleted file mode 100644 index 067d41b2..00000000 --- a/release/src/router/matrixssl/examples/Makefile +++ /dev/null @@ -1,103 +0,0 @@ -# -# MatrixSSL example applications makefile -# 'make' builds debug (Default). -# 'make gold' builds optimized. -# -# Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved -# - -CC = gcc -O = .o -SO = .so -A = .a -E = - -LIBRARIES = ../src/libmatrixssl$(SO) -STATICS = ../src/libmatrixsslstatic$(A) - -REF_EXE = httpsReflector$(E) -REF_OBJS = httpsReflector$(O) sslSocket$(O) - -CLIENT_EXE = httpsClient$(E) -CLIENT_OBJS = httpsClient$(O) sslSocket$(O) - -# -# This is set by the debug target below -# -ifdef MATRIXSSL_DEBUG -DFLAGS = -g -Wall -DDEBUG -else -#DFLAGS = -Os -DFLAGS = -O3 -endif - -ifdef MATRIXSSL_PROFILE -DFLAGS += -g -pg -endif - -debug: - @$(MAKE) compile "MATRIXSSL_DEBUG = 1" - -profile: - @$(MAKE) compile "MATRIXSSL_PROFILE = 1" - -gold: - @$(MAKE) compile - -default: debug - -# -# Override variables for compilation on x86-64 (AMD64, Nacona, etc) -# -ifeq ($(shell uname -m),x86_64) -DFLAGS += -march=k8 -fPIC -DFP_64BIT -DTFM_X86_64 -DRDTSC -endif - -# -# Compile options -# -CFLAGS = $(DFLAGS) -DLINUX -LDFLAGS = -lc - -# -# Override variables for compilation on Mac OS X (Darwin) -# -ifeq ($(shell uname),Darwin) -CC = cc -SO = .dylib -CFLAGS += -DOSX -isystem -I/usr/include -LDFLAGS = -MACLINK = ln -f $(LIBRARIES) . -endif - -# -# Override variables for compilation on uClinux (example only) -# -ifdef UCLINUX -CC = /opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -STRIP = /opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-strip -endif - -all: compile - -compile: $(REF_OBJS) $(REF_EXE) $(CLIENT_OBJS) $(CLIENT_EXE) - -# -# Manual dependencies -# -*.o: ../matrixSsl.h Makefile - -$(REF_EXE):$(REF_OBJS) - $(CC) -o $@ $^ $(LDFLAGS) $(LIBRARIES) - $(MACLINK) - -$(CLIENT_EXE):$(CLIENT_OBJS) - $(CC) -o $@ $^ $(LDFLAGS) $(LIBRARIES) - -# -# Clean up all generated files -# -clean: - rm -f $(REF_EXE) $(REF_OBJS) \ - $(CLIENT_EXE) $(CLIENT_OBJS) \ - *$(SO) diff --git a/release/src/router/matrixssl/examples/certSrv.der b/release/src/router/matrixssl/examples/certSrv.der deleted file mode 100644 index 98750117..00000000 Binary files a/release/src/router/matrixssl/examples/certSrv.der and /dev/null differ diff --git a/release/src/router/matrixssl/examples/certSrv.p12 b/release/src/router/matrixssl/examples/certSrv.p12 deleted file mode 100644 index 2e700236..00000000 Binary files a/release/src/router/matrixssl/examples/certSrv.p12 and /dev/null differ diff --git a/release/src/router/matrixssl/examples/certSrv.pem b/release/src/router/matrixssl/examples/certSrv.pem deleted file mode 100644 index 78f5347a..00000000 --- a/release/src/router/matrixssl/examples/certSrv.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICgDCCAemgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgzEqMCgGA1UEAwwhU2Vy -dmVyIHNhbXBsZSBDQSBTZWxmLXNpZ25lZCBDZXJ0MQswCQYDVQQGDAJVUzELMAkG -A1UECAwCV0ExETAPBgNVBAcMCEJlbGxldnVlMRkwFwYDVQQKDBBQZWVyU2VjIE5l -dHdvcmtzMQ0wCwYDVQQLDARUZXN0MB4XDTA3MDMyNzExMjM0N1oXDTEwMDMyNjEx -MjM0N1owdDEbMBkGA1UEAwwSU2FtcGxlIFNlcnZlciBDZXJ0MQswCQYDVQQGDAJV -UzELMAkGA1UECAwCV0ExETAPBgNVBAcMCEJlbGxldnVlMRkwFwYDVQQKDBBQZWVy -U2VjIE5ldHdvcmtzMQ0wCwYDVQQLDARUZXN0MIGeMA0GCSqGSIb3DQEBAQUAA4GM -ADCBiAKBgMJURjMddBE+9fl68WLgJcnKLtq4S19IRR/Z4v3dHN7+5unX4u20/0kA -/bJlUO/ECg7yI3fQCXWwVIQIUwdZ0InEFIFap97a2UXGnTCzh2P9E6sUhm5TYplw -WU7T+0d3rjnvJ/gM7AdGaE+9a1eGeGWAU8YsYXq5p+DRngiG+l/RAgMBAAGjEzAR -MA8GA1UdEwEBAQQFMAMBAQAwDQYJKoZIhvcNAQEFBQADgYEAfN48d21i22+hrXf6 -6cCzxtwsy/lmmIspntINfSxuFZlIFuksn8BMK0bUJI9ridVnlDzT9Gps2osz8jWS -4TduY7hUcZxTcFO4y1/YNqvy2HqDsXgYKnjo8pEZrERp51CoLL1qBUqsHfQ6Ujf6 -t3KkgkM1sPqm39Y0pzMEmILjbB0= ------END CERTIFICATE----- diff --git a/release/src/router/matrixssl/examples/httpsClient.c b/release/src/router/matrixssl/examples/httpsClient.c deleted file mode 100644 index 5b3c1970..00000000 --- a/release/src/router/matrixssl/examples/httpsClient.c +++ /dev/null @@ -1,379 +0,0 @@ -/* - * httpClient.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Simple example program for MatrixSSL - * Sends a HTTPS request and echos the response back to the sender. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include -#include -#ifndef WINCE - #include -#endif - -/******************************************************************************/ - -#include "sslSocket.h" - -/******************************************************************************/ - -#define HTTPS_PORT 4433 -#define HTTPS_IP "127.0.0.1" - -static char CAfile[] = "CAcertSrv.pem"; - - -#define ITERATIONS 100 /* How many individual connections to make */ -#define REQUESTS 10 /* How many requests per each connection */ -#define REUSE 0 /* 0 if session resumption disabled */ - -#define ENFORCE_CERT_VALIDATION 1 /* 0 to allow connection without validation */ - - -static const char request[] = "GET / HTTP/1.0\r\n" - "User-Agent: MatrixSSL httpClient\r\n" - "Accept: */*\r\n" - "\r\n"; - -static const char requestAgain[] = "GET /again HTTP/1.0\r\n" - "User-Agent: MatrixSSL httpClient\r\n" - "Accept: */*\r\n" - "\r\n"; - -static const char quitString[] = "GET /quit"; - -/* - Callback that is registered to receive server certificate - information for custom validation -*/ -static int certChecker(sslCertInfo_t *cert, void *arg); - -/******************************************************************************/ -/* - Example ssl client that connects to a server and sends https messages -*/ -#if VXWORKS -int _httpsClient(char *arg1) -#elif WINCE -int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, - LPWSTR lpCmdLine, int nCmdShow) -#else -int main(int argc, char **argv) -#endif -{ - sslSessionId_t *sessionId; - sslConn_t *conn; - sslKeys_t *keys; - WSADATA wsaData; - SOCKET fd; - short cipherSuite; - unsigned char *ip, *c, *requestBuf; - unsigned char buf[1024]; - int iterations, requests, connectAgain, status; - int quit, rc, bytes, i, j, err; - time_t t0, t1; -#if REUSE - int anonStatus; -#endif -#if VXWORKS - int argc; - char **argv; - parseCmdLineArgs(arg1, &argc, &argv); -#endif /* VXWORKS */ - -#if WINCE - int argc; - char **argv; - char args[256]; - -/* - * parseCmdLineArgs expects an ASCII string and CE is unicoded, so convert - * the command line. args will get hacked up, so you can't pass in a - * static string. - */ - WideCharToMultiByte(CP_ACP, 0, lpCmdLine, -1, args, 256, NULL, NULL); - -/* - * Parse the command line into an argv array. This allocs memory, so - * we have to free argv when we're done. - */ - parseCmdLineArgs(args, &argc, &argv); -#endif /* WINCE */ - - conn = NULL; -/* - First (optional) argument is ip address to connect to (port is hardcoded) - Second (optional) argument is number of iterations to perform - Third (optional) argument is number of keepalive HTTP requests - Fourth (optional) argument is cipher suite number to use (0 for any) -*/ - ip = HTTPS_IP; - iterations = ITERATIONS; - requests = REQUESTS; - cipherSuite = 0x0000; - if (argc > 1) { - ip = argv[1]; - if (argc > 2) { - iterations = atoi(argv[2]); - socketAssert(iterations > 0); - if (argc > 3) { - requests = atoi(argv[3]); - socketAssert(requests > 0); - if (argc > 4) { - cipherSuite = (short)atoi(argv[4]); - } - } - } - } -/* - Initialize Windows sockets (no-op on other platforms) -*/ - WSAStartup(MAKEWORD(1,1), &wsaData); -/* - Initialize the MatrixSSL Library, and read in the certificate file - used to validate the server. -*/ - if (matrixSslOpen() < 0) { - fprintf(stderr, "matrixSslOpen failed, exiting..."); - } - sessionId = NULL; - if (matrixSslReadKeys(&keys, NULL, NULL, NULL, CAfile) < 0) { - goto promptAndExit; - } -/* - Intialize loop control variables -*/ - quit = 0; - connectAgain = 1; - i = 1; -/* - Just reuse the requestBuf and malloc to largest possible message size -*/ - requestBuf = malloc(sizeof(requestAgain)); - t0 = time(0); -/* - Main ITERATIONS loop -*/ - while (!quit && (i < iterations)) { -/* - sslConnect uses port and ip address to connect to SSL server. - Generates a new session -*/ - if (connectAgain) { - if ((fd = socketConnect(ip, HTTPS_PORT, &err)) == INVALID_SOCKET) { - fprintf(stdout, "Error connecting to server %s:%d\n", ip, HTTPS_PORT); - matrixSslFreeKeys(keys); - goto promptAndExit; - } - if (sslConnect(&conn, fd, keys, sessionId, cipherSuite, certChecker) < 0) { - quit = 1; - socketShutdown(fd); - fprintf(stderr, "Error connecting to %s:%d\n", ip, HTTPS_PORT); - continue; - } - i++; - connectAgain = 0; - j = 1; - } - if (conn == NULL) { - quit++; - continue; - } -/* - Copy the HTTP request header into the buffer, based of whether or - not we want httpReflector to keep the socket open or not -*/ - if (j == requests) { - bytes = (int)strlen(request); - memcpy(requestBuf, request, bytes); - } else { - bytes = (int)strlen(requestAgain); - memcpy(requestBuf, requestAgain, bytes); - } -/* - Send request. - < 0 return indicates an error. - 0 return indicates not all data was sent and we must retry - > 0 indicates that all requested bytes were sent -*/ -writeMore: - rc = sslWrite(conn, requestBuf, bytes, &status); - if (rc < 0) { - fprintf(stdout, "Internal sslWrite error\n"); - socketShutdown(conn->fd); - sslFreeConnection(&conn); - continue; - } else if (rc == 0) { - goto writeMore; - } -/* - Read response - < 0 return indicates an error. - 0 return indicates an EOF or CLOSE_NOTIFY in this situation - > 0 indicates that some bytes were read. Keep reading until we see - the /r/n/r/n from the response header. There may be data following - this header, but we don't try too hard to read it for this example. -*/ - c = buf; -readMore: - if ((rc = sslRead(conn, c, sizeof(buf) - (int)(c - buf), &status)) > 0) { - c += rc; - if (c - buf < 4 || memcmp(c - 4, "\r\n\r\n", 4) != 0) { - goto readMore; - } - } else { - if (rc < 0) { - fprintf(stdout, "sslRead error. dropping connection.\n"); - } - if (rc < 0 || status == SSLSOCKET_EOF || - status == SSLSOCKET_CLOSE_NOTIFY) { - socketShutdown(conn->fd); - sslFreeConnection(&conn); - continue; - } - goto readMore; - } -/* - Determine if we want to do a pipelined HTTP request/response -*/ - if (j++ < requests) { - fprintf(stdout, "R"); - fflush(stdout); - continue; - } else { - fprintf(stdout, "C"); - fflush(stdout); - } -/* - Reuse the session. Comment out these two lines to test the entire - public key renegotiation each iteration -*/ -#if REUSE - matrixSslFreeSessionId(sessionId); - matrixSslGetSessionId(conn->ssl, &sessionId); -/* - This example shows how a user might want to limit a client to - resuming handshakes only with authenticated servers. In this - example, the client will force any non-authenticated (anonymous) - server to go through a complete handshake each time. This is - strictly an example of one policy decision an implementation - might wish to make. -*/ - matrixSslGetAnonStatus(conn->ssl, &anonStatus); - if (anonStatus) { - matrixSslFreeSessionId(sessionId); - sessionId = NULL; - } -#endif -/* - Send a closure alert for clean shutdown of remote SSL connection - This is for good form, some implementations just close the socket -*/ - sslWriteClosureAlert(conn); -/* - Session done. Connect again if more iterations remaining -*/ - socketShutdown(conn->fd); - sslFreeConnection(&conn); - connectAgain = 1; - } - - t1 = time(0); - free(requestBuf); - matrixSslFreeSessionId(sessionId); - if (conn && conn->ssl) { - socketShutdown(conn->fd); - sslFreeConnection(&conn); - } - fprintf(stdout, "\n%d connections in %d seconds (%f c/s)\n", - i, (int)(t1 - t0), (double)i / (t1 - t0)); - fprintf(stdout, "\n%d requests in %d seconds (%f r/s)\n", - i * requests, (int)(t1 - t0), - (double)(i * requests) / (t1 - t0)); -/* - Close listening socket, free remaining items -*/ - matrixSslFreeKeys(keys); - matrixSslClose(); - WSACleanup(); -promptAndExit: - fprintf(stdout, "Press return to exit...\n"); - getchar(); - -#if WINCE || VXWORKS - if (argv) { - free((void*) argv); - } -#endif /* WINCE */ - return 0; -} - -/******************************************************************************/ -/* - Stub for a user-level certificate validator. Just using - the default validation value here. -*/ -static int certChecker(sslCertInfo_t *cert, void *arg) -{ - sslCertInfo_t *next; - sslKeys_t *keys; -/* - Make sure we are checking the last cert in the chain -*/ - next = cert; - keys = arg; - while (next->next != NULL) { - next = next->next; - } -#if ENFORCE_CERT_VALIDATION -/* - This case passes the true RSA authentication status through -*/ - return next->verified; -#else -/* - This case passes an authenticated server through, but flags a - non-authenticated server correctly. The user can call the - matrixSslGetAnonStatus later to see the status of this connection. -*/ - if (next->verified != 1) { - return SSL_ALLOW_ANON_CONNECTION; - } - return next->verified; -#endif /* ENFORCE_CERT_VALIDATION */ -} - -/******************************************************************************/ - - - - - - - - diff --git a/release/src/router/matrixssl/examples/httpsClient.sln b/release/src/router/matrixssl/examples/httpsClient.sln deleted file mode 100644 index 706d85db..00000000 --- a/release/src/router/matrixssl/examples/httpsClient.sln +++ /dev/null @@ -1,28 +0,0 @@ -Microsoft Visual Studio Solution File, Format Version 10.00 -# Visual C++ Express 2008 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "httpsClient", "httpsClient.vcproj", "{FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}" - ProjectSection(ProjectDependencies) = postProject - {8DBF200C-313A-485B-97D8-892158882E16} = {8DBF200C-313A-485B-97D8-892158882E16} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "matrixSsl", "..\src\matrixSsl.vcproj", "{8DBF200C-313A-485B-97D8-892158882E16}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Release|Win32 = Release|Win32 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Debug|Win32.ActiveCfg = Debug|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Debug|Win32.Build.0 = Debug|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Release|Win32.ActiveCfg = Release|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Release|Win32.Build.0 = Release|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Debug|Win32.ActiveCfg = Debug|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Debug|Win32.Build.0 = Debug|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Release|Win32.ActiveCfg = Release|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Release|Win32.Build.0 = Release|Win32 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/release/src/router/matrixssl/examples/httpsClient.vcproj b/release/src/router/matrixssl/examples/httpsClient.vcproj deleted file mode 100644 index c903857b..00000000 --- a/release/src/router/matrixssl/examples/httpsClient.vcproj +++ /dev/null @@ -1,181 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/release/src/router/matrixssl/examples/httpsReflector.c b/release/src/router/matrixssl/examples/httpsReflector.c deleted file mode 100644 index 4a901dfc..00000000 --- a/release/src/router/matrixssl/examples/httpsReflector.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * httpReflector.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Simple example program for MatrixSSL - * Accepts a HTTPS request and echos the response back to the sender. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include -#include -#include - -/******************************************************************************/ - -#include "sslSocket.h" - -#define HTTPS_PORT 4433 -static char keyfile[] = "privkeySrv.pem"; -static char certfile[] = "certSrv.pem"; - -static const char responseHdr[] = "HTTP/1.0 200 OK\r\n" - "Server: PeerSec Networks MatrixSSL\r\n" - "Pragma: no-cache\r\n" - "Cache-Control: no-cache\r\n" - "Content-type: text/plain\r\n" - "\r\n" - "PeerSec Networks\n" - "Successful MatrixSSL request:\n"; - -static const char quitString[] = "GET /quit"; -static const char againString[] = "GET /again"; - - - -/******************************************************************************/ -/* - Helper framework for testing matrixSslReadKeysMem -*/ -#define USE_MEM_CERTS 0 -#if USE_MEM_CERTS -#include -static int32 getFileBin(char *fileName, unsigned char **bin, int32 *binLen); -#endif - -/******************************************************************************/ -/* - This example application acts as an https server that accepts incoming - client requests and reflects incoming data back to that client. -*/ -#if VXWORKS -int _httpsReflector(char *arg1) -#elif WINCE -int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, - LPWSTR lpCmdLine, int nCmdShow) -#else -int main(int argc, char **argv) -#endif -{ - sslConn_t *cp; - sslKeys_t *keys; - SOCKET listenfd, fd; - WSADATA wsaData; - unsigned char buf[1024]; - unsigned char *response, *c; - int responseHdrLen, acceptAgain, flags; - int bytes, status, quit, again, rc, err; -#if USE_MEM_CERTS - unsigned char *servBin, *servKeyBin, *caBin; - int servBinLen, caBinLen, servKeyBinLen; -#endif - - cp = NULL; -/* - Initialize Windows sockets (no-op on other platforms) -*/ - WSAStartup(MAKEWORD(1,1), &wsaData); -/* - Initialize the MatrixSSL Library, and read in the public key (certificate) - and private key. -*/ - if (matrixSslOpen() < 0) { - fprintf(stderr, "matrixSslOpen failed, exiting..."); - } - -#if USE_MEM_CERTS -/* - Example of DER binary certs for matrixSslReadKeysMem -*/ - getFileBin("certSrv.der", &servBin, &servBinLen); - getFileBin("privkeySrv.der", &servKeyBin, &servKeyBinLen); - getFileBin("CAcertCln.der", &caBin, &caBinLen); - - matrixSslReadKeysMem(&keys, servBin, servBinLen, - servKeyBin, servKeyBinLen, caBin, caBinLen); - - free(servBin); - free(servKeyBin); - free(caBin); -#else -/* - Standard PEM files -*/ - if (matrixSslReadKeys(&keys, certfile, keyfile, NULL, NULL) < 0) { - fprintf(stderr, "Error reading or parsing %s or %s.\n", - certfile, keyfile); - goto promptAndExit; - } -#endif /* USE_MEM_CERTS */ - fprintf(stdout, - "Run httpsClient or type https://127.0.0.1:%d into your local Web browser.\n", - HTTPS_PORT); -/* - Create the listen socket -*/ - if ((listenfd = socketListen(HTTPS_PORT, &err)) == INVALID_SOCKET) { - fprintf(stderr, "Cannot listen on port %d\n", HTTPS_PORT); - goto promptAndExit; - } -/* - Set blocking or not on the listen socket -*/ - setSocketBlock(listenfd); -/* - Loop control initalization -*/ - quit = 0; - again = 0; - flags = 0; - - acceptAgain = 1; -/* - Main connection loop -*/ - while (!quit) { - - if (acceptAgain) { -/* - sslAccept creates a new server session -*/ - /* TODO - deadlock on blocking socket accept. Should disable blocking here */ - if ((fd = socketAccept(listenfd, &err)) == INVALID_SOCKET) { - fprintf(stdout, "Error accepting connection: %d\n", err); - continue; - } - if ((rc = sslAccept(&cp, fd, keys, NULL, flags)) != 0) { - socketShutdown(fd); - continue; - } - - flags = 0; - acceptAgain = 0; - } -/* - Read response - < 0 return indicates an error. - 0 return indicates an EOF or CLOSE_NOTIFY in this situation - > 0 indicates that some bytes were read. Keep reading until we see - the /r/n/r/n from the GET request. We don't actually parse the request, - we just echo it back. -*/ - c = buf; -readMore: - if ((rc = sslRead(cp, c, sizeof(buf) - (int)(c - buf), &status)) > 0) { - c += rc; - if (c - buf < 4 || memcmp(c - 4, "\r\n\r\n", 4) != 0) { - goto readMore; - } - } else { - if (rc < 0) { - fprintf(stdout, "sslRead error. dropping connection.\n"); - } - if (rc < 0 || status == SSLSOCKET_EOF || - status == SSLSOCKET_CLOSE_NOTIFY) { - socketShutdown(cp->fd); - sslFreeConnection(&cp); - acceptAgain = 1; - continue; - } - goto readMore; - } -/* - Done reading. If the incoming data starts with the quitString, - quit the application after this request -*/ - if (memcmp(buf, quitString, min(c - buf, - (int)strlen(quitString))) == 0) { - quit++; - fprintf(stdout, "Q"); - } -/* - If the incoming data starts with the againString, - we are getting a pipeline request on the same session. Don't - close and wait for new connection in this case. -*/ - if (memcmp(buf, againString, - min(c - buf, (int)strlen(againString))) == 0) { - again++; - fprintf(stdout, "A"); - } else { - fprintf(stdout, "R"); - again = 0; - } -/* - Copy the canned response header and decoded data from socket as the - response (reflector) -*/ - responseHdrLen = (int)strlen(responseHdr); - bytes = responseHdrLen + (int)(c - buf); - response = malloc(bytes); - memcpy(response, responseHdr, responseHdrLen); - memcpy(response + responseHdrLen, buf, c - buf); -/* - Send response. - < 0 return indicates an error. - 0 return indicates not all data was sent and we must retry - > 0 indicates that all requested bytes were sent -*/ -writeMore: - rc = sslWrite(cp, response, bytes, &status); - if (rc < 0) { - free(response); - fprintf(stdout, "Internal sslWrite error\n"); - socketShutdown(cp->fd); - sslFreeConnection(&cp); - continue; - } else if (rc == 0) { - goto writeMore; - } - free(response); -/* - If we saw an /again request, loop up and process another pipelined - HTTP request. The /again request is supported in the httpsClient - example code. -*/ - if (again) { - continue; - } -/* - Send a closure alert for clean shutdown of remote SSL connection - This is for good form, some implementations just close the socket -*/ - sslWriteClosureAlert(cp); -/* - Close the socket and wait for next connection (new session) -*/ - socketShutdown(cp->fd); - sslFreeConnection(&cp); - acceptAgain = 1; - } -/* - Close listening socket, free remaining items -*/ - if (cp && cp->ssl) { - socketShutdown(cp->fd); - sslFreeConnection(&cp); - } - socketShutdown(listenfd); - - matrixSslFreeKeys(keys); - matrixSslClose(); - WSACleanup(); -promptAndExit: - fprintf(stdout, "\n\nPress return to exit...\n"); - getchar(); - return 0; -} - - - -#if USE_MEM_CERTS -static int32 getFileBin(char *fileName, unsigned char **bin, - int32 *binLen) -{ - FILE *fp; - struct stat fstat; - size_t tmp = 0; - - *binLen = 0; - *bin = NULL; - - if (fileName == NULL) { - return -1; - } - if ((stat(fileName, &fstat) != 0) || (fp = fopen(fileName, "rb")) == NULL) { - return -7; /* FILE_NOT_FOUND */ - } - - *bin = malloc(fstat.st_size); - if (*bin == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - while (((tmp = fread(*bin + *binLen, sizeof(char), 512, fp)) > 0) && - (*binLen < fstat.st_size)) { - *binLen += (int32)tmp; - } - fclose(fp); - return 0; -} -#endif - -/******************************************************************************/ - - - - - - diff --git a/release/src/router/matrixssl/examples/httpsReflector.sln b/release/src/router/matrixssl/examples/httpsReflector.sln deleted file mode 100644 index cf279484..00000000 --- a/release/src/router/matrixssl/examples/httpsReflector.sln +++ /dev/null @@ -1,28 +0,0 @@ -Microsoft Visual Studio Solution File, Format Version 10.00 -# Visual C++ Express 2008 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "httpsReflector", "httpsReflector.vcproj", "{FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}" - ProjectSection(ProjectDependencies) = postProject - {8DBF200C-313A-485B-97D8-892158882E16} = {8DBF200C-313A-485B-97D8-892158882E16} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "matrixSsl", "..\src\matrixSsl.vcproj", "{8DBF200C-313A-485B-97D8-892158882E16}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Release|Win32 = Release|Win32 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Debug|Win32.ActiveCfg = Debug|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Debug|Win32.Build.0 = Debug|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Release|Win32.ActiveCfg = Release|Win32 - {FEB5FEAA-EF6D-42E6-847B-AB015B9A2E68}.Release|Win32.Build.0 = Release|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Debug|Win32.ActiveCfg = Debug|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Debug|Win32.Build.0 = Debug|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Release|Win32.ActiveCfg = Release|Win32 - {8DBF200C-313A-485B-97D8-892158882E16}.Release|Win32.Build.0 = Release|Win32 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/release/src/router/matrixssl/examples/httpsReflector.vcproj b/release/src/router/matrixssl/examples/httpsReflector.vcproj deleted file mode 100644 index 267370c2..00000000 --- a/release/src/router/matrixssl/examples/httpsReflector.vcproj +++ /dev/null @@ -1,181 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/release/src/router/matrixssl/examples/privkeySrv.der b/release/src/router/matrixssl/examples/privkeySrv.der deleted file mode 100644 index 3a4e2d33..00000000 Binary files a/release/src/router/matrixssl/examples/privkeySrv.der and /dev/null differ diff --git a/release/src/router/matrixssl/examples/privkeySrv.pem b/release/src/router/matrixssl/examples/privkeySrv.pem deleted file mode 100644 index 59b71336..00000000 --- a/release/src/router/matrixssl/examples/privkeySrv.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWAIBAAKBgMJURjMddBE+9fl68WLgJcnKLtq4S19IRR/Z4v3dHN7+5unX4u20 -/0kA/bJlUO/ECg7yI3fQCXWwVIQIUwdZ0InEFIFap97a2UXGnTCzh2P9E6sUhm5T -YplwWU7T+0d3rjnvJ/gM7AdGaE+9a1eGeGWAU8YsYXq5p+DRngiG+l/RAgMBAAEC -gYBdHr4e61u9keKTwJ6gJ1HkTu7B33M6vupk12enB8g4cYRchReYmdWE+aUYUeWF -Z3b8b3qghL+rtinhtQ14ZckADXUgfrDo2apZfdADMss0lU0iWF7h1fZDBVJ9WgjX -Vw+7124E+bFS3fZr2mIyUWZ1iqfv5TvteUKfxDwgA+SxCwJA2goO3tcdBNXda18g -rHIP6H3nrMc/5s08sVk9jdfsyebmx6fMjVg2xlqcP1kfn71iL401VL1RYXhAikju -YERVOwJA5Cl2/Svkj8XHjwvjiYs7RUolnvbsz/nvGuX5/yGUArCvLGSPllWiACap -w9dVOvWyj064F2SfE/KHZZBa1KmeYwJAZ6o2jb5qvpzL7DvLNhH4/Em4N454FEzq -GUvbly/dFdVhTfW6rE0Ppdj4xqmh/nm1T/RsMcDdC2F4Fgc8xqpWdwJA1FpTSKbF -f5qQdW6XQ7i2XXL5OM6Q8bCo/dv1paNW4noXT7X4fe8NbB6P+po71ThADGkzpXId -LK+ZnMmSAEQuCQJAenXA1w5FC1pnyAsOJ+7i58773MWifrd1FgRMWxgO2QBZQziG -MX6roKqzRUMUMpZ+6xQBCjiGqw5EamVBhEiJkQ== ------END RSA PRIVATE KEY----- diff --git a/release/src/router/matrixssl/examples/sslSocket.c b/release/src/router/matrixssl/examples/sslSocket.c deleted file mode 100644 index 39c51871..00000000 --- a/release/src/router/matrixssl/examples/sslSocket.c +++ /dev/null @@ -1,1025 +0,0 @@ -/* - * socketLayer.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Sample SSL socket layer for MatrixSSL example exectuables - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include -#include -#include "sslSocket.h" - -/******************************************************************************/ -/* - An EXAMPLE socket layer API for the MatrixSSL library. -*/ - -/******************************************************************************/ -/* - Server side. Set up a listen socket. This code is not specific to SSL. -*/ -SOCKET socketListen(short port, int *err) -{ - struct sockaddr_in addr; - SOCKET fd; - int rc; - - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - addr.sin_addr.s_addr = INADDR_ANY; - if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - fprintf(stderr, "Error creating listen socket\n"); - *err = getSocketError(); - return INVALID_SOCKET; - } -/* - Make sure the socket is not inherited by exec'd processes - Set the REUSE flag to minimize the number of sockets in TIME_WAIT -*/ - fcntl(fd, F_SETFD, FD_CLOEXEC); - rc = 1; - setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&rc, sizeof(rc)); - - if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { - fprintf(stderr, - "Can't bind socket. Port in use or insufficient privilege\n"); - *err = getSocketError(); - return INVALID_SOCKET; - } - if (listen(fd, SOMAXCONN) < 0) { - fprintf(stderr, "Error listening on socket\n"); - *err = getSocketError(); - return INVALID_SOCKET; - } - return fd; -} - -/******************************************************************************/ -/* - Server side. Accept a new socket connection off our listen socket. - This code is not specific to SSL. -*/ -SOCKET socketAccept(SOCKET listenfd, int *err) -{ - struct sockaddr_in addr; - SOCKET fd; - int len; -/* - Wait(blocking)/poll(non-blocking) for an incoming connection -*/ - len = sizeof(addr); - if ((fd = accept(listenfd, (struct sockaddr *)&addr, &len)) - == INVALID_SOCKET) { - *err = getSocketError(); - if (*err != WOULD_BLOCK) { - fprintf(stderr, "Error %d accepting new socket\n", *err); - } - return INVALID_SOCKET; - } -/* - fd is the newly accepted socket. Disable Nagle on this socket. - Set blocking mode as default -*/ -/* fprintf(stdout, "Connection received from %d.%d.%d.%d\n", - addr.sin_addr.S_un.S_un_b.s_b1, - addr.sin_addr.S_un.S_un_b.s_b2, - addr.sin_addr.S_un.S_un_b.s_b3, - addr.sin_addr.S_un.S_un_b.s_b4); -*/ - setSocketNodelay(fd); - setSocketBlock(fd); - return fd; -} - -/******************************************************************************/ -/* - Client side. Open a socket connection to a remote ip and port. - This code is not specific to SSL. -*/ -SOCKET socketConnect(char *ip, short port, int *err) -{ - struct sockaddr_in addr; - SOCKET fd; - int rc; - - if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - fprintf(stderr, "Error creating socket\n"); - *err = getSocketError(); - return INVALID_SOCKET; - } -/* - Make sure the socket is not inherited by exec'd processes - Set the REUSEADDR flag to minimize the number of sockets in TIME_WAIT -*/ - fcntl(fd, F_SETFD, FD_CLOEXEC); - rc = 1; - setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&rc, sizeof(rc)); - setSocketNodelay(fd); -/* - Turn on blocking mode for the connecting socket -*/ - setSocketBlock(fd); - - memset((char *) &addr, 0x0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - addr.sin_addr.s_addr = inet_addr(ip); - rc = connect(fd, (struct sockaddr *)&addr, sizeof(addr)); -#if WIN - if (rc != 0) { -#else - if (rc < 0) { -#endif - *err = getSocketError(); - return INVALID_SOCKET; - } - return fd; -} - -/******************************************************************************/ -/* - Server side. Accept an incomming SSL connection request. - 'conn' will be filled in with information about the accepted ssl connection - - return -1 on error, 0 on success, or WOULD_BLOCK for non-blocking sockets -*/ -int sslAccept(sslConn_t **cpp, SOCKET fd, sslKeys_t *keys, - int (*certValidator)(sslCertInfo_t *t, void *arg), int flags) -{ - sslConn_t *conn; - unsigned char buf[1024]; - int status, rc; -/* - Associate a new ssl session with this socket. The session represents - the state of the ssl protocol over this socket. Session caching is - handled automatically by this api. -*/ - conn = calloc(sizeof(sslConn_t), 1); - conn->fd = fd; - if (matrixSslNewSession(&conn->ssl, keys, NULL, - SSL_FLAGS_SERVER | flags) < 0) { - sslFreeConnection(&conn); - return -1; - } -/* - MatrixSSL doesn't provide buffers for data internally. Define them - here to support buffered reading and writing for non-blocking sockets. - Although it causes quite a bit more work, we support dynamically growing - the buffers as needed. Alternately, we could define 16K buffers here - and not worry about growing them. -*/ - memset(&conn->inbuf, 0x0, sizeof(sslBuf_t)); - conn->insock.size = 1024; - conn->insock.start = conn->insock.end = conn->insock.buf = - (unsigned char *)malloc(conn->insock.size); - conn->outsock.size = 1024; - conn->outsock.start = conn->outsock.end = conn->outsock.buf = - (unsigned char *)malloc(conn->outsock.size); - conn->inbuf.size = 0; - conn->inbuf.start = conn->inbuf.end = conn->inbuf.buf = NULL; - *cpp = conn; - -readMore: - rc = sslRead(conn, buf, sizeof(buf), &status); -/* - Reading handshake records should always return 0 bytes, we aren't - expecting any data yet. -*/ - if (rc == 0) { - if (status == SSLSOCKET_EOF || status == SSLSOCKET_CLOSE_NOTIFY) { - sslFreeConnection(&conn); - return -1; - } - if (matrixSslHandshakeIsComplete(conn->ssl) == 0) { - goto readMore; - } - } else if (rc > 0) { - socketAssert(0); - return -1; - } else { - fprintf(stderr, "sslRead error in sslAccept\n"); - sslFreeConnection(&conn); - return -1; - } - *cpp = conn; - - return 0; -} - -/******************************************************************************/ -/* - Client side. Make a socket connection and go through the SSL handshake - phase in blocking mode. The last parameter is an optional function - callback for user-level certificate validation. NULL if not needed. -*/ -int sslConnect(sslConn_t **cpp, SOCKET fd, sslKeys_t *keys, - sslSessionId_t *id, short cipherSuite, - int (*certValidator)(sslCertInfo_t *t, void *arg)) -{ - sslConn_t *conn; - -/* - Create a new SSL session for the new socket and register the - user certificate validator -*/ - conn = calloc(sizeof(sslConn_t), 1); - conn->fd = fd; - if (matrixSslNewSession(&conn->ssl, keys, id, 0) < 0) { - sslFreeConnection(&conn); - return -1; - } - matrixSslSetCertValidator(conn->ssl, certValidator, keys); - - *cpp = sslDoHandshake(conn, cipherSuite); - - if (*cpp == NULL) { - return -1; - } - return 0; -} - -/******************************************************************************/ -/* - Construct the initial HELLO message to send to the server and initiate - the SSL handshake. Can be used in the re-handshake scenario as well. -*/ -sslConn_t *sslDoHandshake(sslConn_t *conn, short cipherSuite) -{ - char buf[1024]; - int bytes, status, rc; - -/* - MatrixSSL doesn't provide buffers for data internally. Define them - here to support buffered reading and writing for non-blocking sockets. - Although it causes quite a bit more work, we support dynamically growing - the buffers as needed. Alternately, we could define 16K buffers here - and not worry about growing them. -*/ - conn->insock.size = 1024; - conn->insock.start = conn->insock.end = conn->insock.buf = - (unsigned char *)malloc(conn->insock.size); - conn->outsock.size = 1024; - conn->outsock.start = conn->outsock.end = conn->outsock.buf = - (unsigned char *)malloc(conn->outsock.size); - conn->inbuf.size = 0; - conn->inbuf.start = conn->inbuf.end = conn->inbuf.buf = NULL; - - bytes = matrixSslEncodeClientHello(conn->ssl, &conn->outsock, cipherSuite); - if (bytes < 0) { - socketAssert(bytes < 0); - goto error; - } -/* - Send the hello with a blocking write -*/ - if (psSocketWrite(conn->fd, &conn->outsock) < 0) { - fprintf(stdout, "Error in socketWrite\n"); - goto error; - } - conn->outsock.start = conn->outsock.end = conn->outsock.buf; -/* - Call sslRead to work through the handshake. Not actually expecting - data back, so the finished case is simply when the handshake is - complete. -*/ -readMore: - rc = sslRead(conn, buf, sizeof(buf), &status); -/* - Reading handshake records should always return 0 bytes, we aren't - expecting any data yet. -*/ - if (rc == 0) { - if (status == SSLSOCKET_EOF || status == SSLSOCKET_CLOSE_NOTIFY) { - goto error; - } - if (matrixSslHandshakeIsComplete(conn->ssl) == 0) { - goto readMore; - } - } else if (rc > 0) { - fprintf(stderr, "sslRead got %d data in sslDoHandshake %s\n", rc, buf); - goto readMore; - } else { - fprintf(stderr, "sslRead error in sslDoHandhake\n"); - goto error; - } - - return conn; - -error: - sslFreeConnection(&conn); - return NULL; -} - -/******************************************************************************/ -/* - An example socket sslRead implementation that handles the ssl handshake - transparently. Caller passes in allocated buf and length. - - Return codes are as follows: - - -1 return code is an error. If a socket level error, error code is - contained in status parameter. If using a non-blocking socket - implementation the caller should check for non-fatal errors such as - WOULD_BLOCK before closing the connection. A zero value - in status indicates an error with this routine. - - A positive integer return code is the number of bytes successfully read - into the supplied buffer. User can call sslRead again on the updated - buffer is there is more to be read. - - 0 return code indicates the read was successful, but there was no data - to be returned. If status is set to zero, this is a case internal - to the sslAccept and sslConnect functions that a handshake - message has been exchanged. If status is set to SOCKET_EOF - the connection has been closed by the other side. - -*/ -int sslRead(sslConn_t *cp, char *buf, int len, int *status) -{ - int bytes, rc, remaining; - unsigned char error, alertLevel, alertDescription, performRead; - - *status = 0; - - if (cp->ssl == NULL || len <= 0) { - return -1; - } -/* - If inbuf is valid, then we have previously decoded data that must be - returned, return as much as possible. Once all buffered data is - returned, free the inbuf. -*/ - if (cp->inbuf.buf) { - if (cp->inbuf.start < cp->inbuf.end) { - remaining = (int)(cp->inbuf.end - cp->inbuf.start); - bytes = (int)min(len, remaining); - memcpy(buf, cp->inbuf.start, bytes); - cp->inbuf.start += bytes; - return bytes; - } - free(cp->inbuf.buf); - cp->inbuf.buf = NULL; - } -/* - Pack the buffered socket data (if any) so that start is at zero. -*/ - if (cp->insock.buf < cp->insock.start) { - if (cp->insock.start == cp->insock.end) { - cp->insock.start = cp->insock.end = cp->insock.buf; - } else { - memmove(cp->insock.buf, cp->insock.start, cp->insock.end - cp->insock.start); - cp->insock.end -= (cp->insock.start - cp->insock.buf); - cp->insock.start = cp->insock.buf; - } - } -/* - Read up to as many bytes as there are remaining in the buffer. We could - Have encrypted data already cached in conn->insock, but might as well read more - if we can. -*/ - performRead = 0; -readMore: - if (cp->insock.end == cp->insock.start || performRead) { - performRead = 1; - bytes = recv(cp->fd, (char *)cp->insock.end, - (int)((cp->insock.buf + cp->insock.size) - cp->insock.end), MSG_NOSIGNAL); - if (bytes == SOCKET_ERROR) { - *status = getSocketError(); - return -1; - } - if (bytes == 0) { - *status = SSLSOCKET_EOF; - return 0; - } - cp->insock.end += bytes; - } -/* - Define a temporary sslBuf -*/ - cp->inbuf.start = cp->inbuf.end = cp->inbuf.buf = malloc(len); - cp->inbuf.size = len; -/* - Decode the data we just read from the socket -*/ -decodeMore: - error = 0; - alertLevel = 0; - alertDescription = 0; - - rc = matrixSslDecode(cp->ssl, &cp->insock, &cp->inbuf, &error, &alertLevel, - &alertDescription); - switch (rc) { -/* - Successfully decoded a record that did not return data or require a response. -*/ - case SSL_SUCCESS: - return 0; -/* - Successfully decoded an application data record, and placed in tmp buf -*/ - case SSL_PROCESS_DATA: -/* - Copy as much as we can from the temp buffer into the caller's buffer - and leave the remainder in conn->inbuf until the next call to read - It is possible that len > data in buffer if the encoded record - was longer than len, but the decoded record isn't! -*/ - rc = (int)(cp->inbuf.end - cp->inbuf.start); - rc = min(rc, len); - memcpy(buf, cp->inbuf.start, rc); - cp->inbuf.start += rc; - return rc; -/* - We've decoded a record that requires a response into tmp - If there is no data to be flushed in the out buffer, we can write out - the contents of the tmp buffer. Otherwise, we need to append the data - to the outgoing data buffer and flush it out. -*/ - case SSL_SEND_RESPONSE: - bytes = send(cp->fd, (char *)cp->inbuf.start, - (int)(cp->inbuf.end - cp->inbuf.start), MSG_NOSIGNAL); - if (bytes == SOCKET_ERROR) { - *status = getSocketError(); - if (*status != WOULD_BLOCK) { - fprintf(stdout, "Socket send error: %d\n", *status); - goto readError; - } - *status = 0; - } - cp->inbuf.start += bytes; - if (cp->inbuf.start < cp->inbuf.end) { -/* - This must be a non-blocking socket since it didn't all get sent - out and there was no error. We want to finish the send here - simply because we are likely in the SSL handshake. -*/ - setSocketBlock(cp->fd); - bytes = send(cp->fd, (char *)cp->inbuf.start, - (int)(cp->inbuf.end - cp->inbuf.start), MSG_NOSIGNAL); - if (bytes == SOCKET_ERROR) { - *status = getSocketError(); - goto readError; - } - cp->inbuf.start += bytes; - socketAssert(cp->inbuf.start == cp->inbuf.end); -/* - Can safely set back to non-blocking because we wouldn't - have got here if this socket wasn't non-blocking to begin with. -*/ - setSocketNonblock(cp->fd); - } - cp->inbuf.start = cp->inbuf.end = cp->inbuf.buf; - return 0; -/* - There was an error decoding the data, or encoding the out buffer. - There may be a response data in the out buffer, so try to send. - We try a single hail-mary send of the data, and then close the socket. - Since we're closing on error, we don't worry too much about a clean flush. -*/ - case SSL_ERROR: - fprintf(stderr, "SSL: Closing on protocol error %d\n", error); - if (cp->inbuf.start < cp->inbuf.end) { - setSocketNonblock(cp->fd); - bytes = send(cp->fd, (char *)cp->inbuf.start, - (int)(cp->inbuf.end - cp->inbuf.start), MSG_NOSIGNAL); - } - goto readError; -/* - We've decoded an alert. The level and description passed into - matrixSslDecode are filled in with the specifics. -*/ - case SSL_ALERT: - if (alertDescription == SSL_ALERT_CLOSE_NOTIFY) { - *status = SSLSOCKET_CLOSE_NOTIFY; - goto readZero; - } - fprintf(stderr, "SSL: Closing on client alert %d: %d\n", - alertLevel, alertDescription); - goto readError; -/* - We have a partial record, we need to read more data off the socket. - If we have a completely full conn->insock buffer, we'll need to grow it - here so that we CAN read more data when called the next time. -*/ - case SSL_PARTIAL: - if (cp->insock.start == cp->insock.buf && cp->insock.end == - (cp->insock.buf + cp->insock.size)) { - if (cp->insock.size > SSL_MAX_BUF_SIZE) { - goto readError; - } - cp->insock.size *= 2; - cp->insock.start = cp->insock.buf = - (unsigned char *)realloc(cp->insock.buf, cp->insock.size); - cp->insock.end = cp->insock.buf + (cp->insock.size / 2); - } - if (!performRead) { - performRead = 1; - free(cp->inbuf.buf); - cp->inbuf.buf = NULL; - goto readMore; - } else { - goto readZero; - } -/* - The out buffer is too small to fit the decoded or response - data. Increase the size of the buffer and call decode again -*/ - case SSL_FULL: - cp->inbuf.size *= 2; - if (cp->inbuf.buf != (unsigned char*)buf) { - free(cp->inbuf.buf); - cp->inbuf.buf = NULL; - } - cp->inbuf.start = cp->inbuf.end = cp->inbuf.buf = - (unsigned char *)malloc(cp->inbuf.size); - goto decodeMore; - } -/* - We consolidated some of the returns here because we must ensure - that conn->inbuf is cleared if pointing at caller's buffer, otherwise - it will be freed later on. -*/ -readZero: - if (cp->inbuf.buf == (unsigned char*)buf) { - cp->inbuf.buf = NULL; - } - return 0; -readError: - if (cp->inbuf.buf == (unsigned char*)buf) { - cp->inbuf.buf = NULL; - } - return -1; -} - -/******************************************************************************/ -/* - Example sslWrite functionality. Takes care of encoding the input buffer - and sending it out on the connection. - - Return codes are as follows: - - -1 return code is an error. If a socket level error, error code is - contained in status. If using a non-blocking socket - implementation the caller should check for non-fatal errors such as - WOULD_BLOCK before closing the connection. A zero value - in status indicates an error with this routine. - - A positive integer return value indicates the number of bytes succesfully - written on the connection. Should always match the len parameter. - - 0 return code indicates the write must be called again with the same - parameters. -*/ -int sslWrite(sslConn_t *cp, char *buf, int len, int *status) -{ - int rc; - - *status = 0; -/* - Pack the buffered socket data (if any) so that start is at zero. -*/ - if (cp->outsock.buf < cp->outsock.start) { - if (cp->outsock.start == cp->outsock.end) { - cp->outsock.start = cp->outsock.end = cp->outsock.buf; - } else { - memmove(cp->outsock.buf, cp->outsock.start, cp->outsock.end - cp->outsock.start); - cp->outsock.end -= (cp->outsock.start - cp->outsock.buf); - cp->outsock.start = cp->outsock.buf; - } - } -/* - If there is buffered output data, the caller must be trying to - send the same amount of data as last time. We don't support - sending additional data until the original buffered request has - been completely sent. -*/ - if (cp->outBufferCount > 0 && len != cp->outBufferCount) { - socketAssert(len != cp->outBufferCount); - return -1; - } -/* - If we don't have buffered data, encode the caller's data -*/ - if (cp->outBufferCount == 0) { -retryEncode: - rc = matrixSslEncode(cp->ssl, (unsigned char *)buf, len, &cp->outsock); - switch (rc) { - case SSL_ERROR: - return -1; - case SSL_FULL: - if (cp->outsock.size > SSL_MAX_BUF_SIZE) { - return -1; - } - cp->outsock.size *= 2; - cp->outsock.buf = - (unsigned char *)realloc(cp->outsock.buf, cp->outsock.size); - cp->outsock.end = cp->outsock.buf + (cp->outsock.end - cp->outsock.start); - cp->outsock.start = cp->outsock.buf; - goto retryEncode; - } - } -/* - We've got data to send. -*/ - rc = send(cp->fd, (char *)cp->outsock.start, - (int)(cp->outsock.end - cp->outsock.start), MSG_NOSIGNAL); - if (rc == SOCKET_ERROR) { - *status = getSocketError(); - return -1; - } - cp->outsock.start += rc; -/* - If we wrote it all return the length, otherwise remember the number of - bytes passed in, and return 0 to be called again later. -*/ - if (cp->outsock.start == cp->outsock.end) { - cp->outBufferCount = 0; - return len; - } - cp->outBufferCount = len; - return 0; -} - -/******************************************************************************/ -/* - Send a close alert -*/ -void sslWriteClosureAlert(sslConn_t *cp) -{ - if (cp != NULL) { - cp->outsock.start = cp->outsock.end = cp->outsock.buf; - matrixSslEncodeClosureAlert(cp->ssl, &cp->outsock); - setSocketNonblock(cp->fd); - send(cp->fd, cp->outsock.start, - (int)(cp->outsock.end - cp->outsock.start), MSG_NOSIGNAL); - } -} - -/******************************************************************************/ -/* - Server initiated rehandshake. Builds and sends the HELLO_REQUEST message -*/ -void sslRehandshake(sslConn_t *cp) -{ - matrixSslEncodeHelloRequest(cp->ssl, &cp->outsock); - psSocketWrite(cp->fd, &cp->outsock); - cp->outsock.start = cp->outsock.end = cp->outsock.buf; -} - -/******************************************************************************/ -/* - Close a seesion that was opened with sslAccept or sslConnect and - free the insock and outsock buffers -*/ -void sslFreeConnection(sslConn_t **cpp) -{ - sslConn_t *conn; - - conn = *cpp; - matrixSslDeleteSession(conn->ssl); - conn->ssl = NULL; - if (conn->insock.buf) { - free(conn->insock.buf); - conn->insock.buf = NULL; - } - if (conn->outsock.buf) { - free(conn->outsock.buf); - conn->outsock.buf = NULL; - } - if (conn->inbuf.buf) { - free(conn->inbuf.buf); - conn->inbuf.buf = NULL; - } - free(conn); - *cpp = NULL; -} - -/******************************************************************************/ -/* - free the insock and outsock buffers -*/ -void sslFreeConnectionBuffers(sslConn_t **cpp) -{ - sslConn_t *conn; - - conn = *cpp; - if (conn->insock.buf) { - free(conn->insock.buf); - conn->insock.buf = NULL; - } - if (conn->outsock.buf) { - free(conn->outsock.buf); - conn->outsock.buf = NULL; - } - if (conn->inbuf.buf) { - free(conn->inbuf.buf); - conn->inbuf.buf = NULL; - } -} - -/******************************************************************************/ -/* - Set the socket to non blocking mode and perform a few extra tricks - to make sure the socket closes down cross platform -*/ -void socketShutdown(SOCKET sock) -{ - char buf[32]; - - if (sock != INVALID_SOCKET) { - setSocketNonblock(sock); - if (shutdown(sock, 1) >= 0) { - while (recv(sock, buf, sizeof(buf), 0) > 0); - } - closesocket(sock); - } -} - -/******************************************************************************/ -/* - Perform a blocking write of data to a socket -*/ -int psSocketWrite(SOCKET sock, sslBuf_t *out) -{ - unsigned char *s; - int bytes; - - s = out->start; - while (out->start < out->end) { - bytes = send(sock, out->start, (int)(out->end - out->start), MSG_NOSIGNAL); - if (bytes == SOCKET_ERROR) { - return -1; - } - out->start += bytes; - } - return (int)(out->start - s); -} - -int psSocketRead(SOCKET sock, sslBuf_t **out, int *status) -{ - sslBuf_t *local; - char *c; - int bytes; - - local = *out; - c = local->start; - - bytes = recv(sock, c, (int)((local->buf + local->size) - local->end), MSG_NOSIGNAL); - if (bytes == SOCKET_ERROR) { - *status = getSocketError(); - return -1; - } - if (bytes == 0) { - *status = SSLSOCKET_EOF; - return 0; - } - local->end += bytes; - return bytes; -} - -/******************************************************************************/ -/* - Turn on socket blocking mode (and set CLOEXEC on LINUX for kicks). -*/ -void setSocketBlock(SOCKET sock) -{ -#if _WIN32 - int block = 0; - ioctlsocket(sock, FIONBIO, &block); -#elif LINUX - fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) & ~O_NONBLOCK); - fcntl(sock, F_SETFD, FD_CLOEXEC); -#endif -} - -/******************************************************************************/ -/* - Turn off socket blocking mode. -*/ -void setSocketNonblock(SOCKET sock) -{ -#if _WIN32 - int block = 1; - ioctlsocket(sock, FIONBIO, &block); -#elif LINUX - fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) | O_NONBLOCK); -#endif -} - -/******************************************************************************/ -/* - Disable the Nagle algorithm for less latency in RPC - http://www.faqs.org/rfcs/rfc896.html - http://www.w3.org/Protocols/HTTP/Performance/Nagle/ -*/ -void setSocketNodelay(SOCKET sock) -{ -#if _WIN32 - BOOL tmp = TRUE; -#else - int tmp = 1; -#endif /* WIN32 */ - setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&tmp, sizeof(tmp)); -} - -/******************************************************************************/ -/* - Set a breakpoint in this function to catch asserts. - This function is called whenever an assert is triggered. Useful because - VisualStudio often won't show the right line of code if DebugBreak() is - called directly, and abort() may not be desireable on LINUX. -*/ -void breakpoint() -{ - static int preventInline = 0; -#if _WIN32 - DebugBreak(); -#elif LINUX - abort(); -#endif -} - - -/******************************************************************************/ -/* - Parse an ASCII command line string. Assumes a NULL terminated space - separated list of command line arguments. Uses this info to create an argv - array. - - Notes: - handles double quotes - args gets hacked up! can't pass in static string! - not thread safe, so should be called b4 any thread creation - we currently hardcode argv[0] cause none of our apps need it - */ - -#if WINCE || VXWORKS - -void parseCmdLineArgs(char *args, int *pargc, char ***pargv) -{ - char **argv; - char *ptr; - int size, i; - -/* - * Figure out the number of elements in our argv array. - * We know we need an argv array of at least 3, since we have the - * program name, an argument, and a NULL in the array. - */ - for (size = 3, ptr = args; ptr && *ptr != '\0'; ptr++) { - if (isspace(*ptr)) { - size++; - while (isspace(*ptr)) { - ptr++; - } - if (*ptr == '\0') { - break; - } - } - } -/* - * This is called from main, so don't use psMalloc here or - * all the stats will be wrong. - */ - argv = (char**) malloc(size * sizeof(char*)); - *pargv = argv; - - for (i = 1, ptr = args; ptr && *ptr != '\0'; i++) { - while (isspace(*ptr)) { - ptr++; - } - if (*ptr == '\0') { - break; - } -/* - * Handle double quoted arguments. Treat everything within - * the double quote as one arg. - */ - if (*ptr == '"') { - ptr++; - argv[i] = ptr; - while ((*ptr != '\0') && (*ptr != '"')) { - ptr++; - } - } else { - argv[i] = ptr; - while (*ptr != '\0' && !isspace(*ptr)) { - ptr++; - } - } - if (*ptr != '\0') { - *ptr = '\0'; - ptr++; - } - } - argv[i] = NULL; - *pargc = i ; - - argv[0] = "PeerSec"; - for (ptr = argv[0]; *ptr; ptr++) { - if (*ptr == '\\') { - *ptr = '/'; - } - } -} -#endif /* WINCE || VXWORKS */ - -#ifdef WINCE - -/******************************************************************************/ -/* - The following functions implement a unixlike time() function for WINCE. - - NOTE: this code is copied from the os layer in win.c to expose it for use - in example applications. - */ - -static FILETIME YearToFileTime(WORD wYear) -{ - SYSTEMTIME sbase; - FILETIME fbase; - - sbase.wYear = wYear; - sbase.wMonth = 1; - sbase.wDayOfWeek = 1; //assumed - sbase.wDay = 1; - sbase.wHour = 0; - sbase.wMinute = 0; - sbase.wSecond = 0; - sbase.wMilliseconds = 0; - - SystemTimeToFileTime( &sbase, &fbase ); - - return fbase; -} - -time_t time() { - - __int64 time1, time2, iTimeDiff; - FILETIME fileTime1, fileTime2; - SYSTEMTIME sysTime; - -/* - Get 1970's filetime. -*/ - fileTime1 = YearToFileTime(1970); - -/* - Get the current filetime time. -*/ - GetSystemTime(&sysTime); - SystemTimeToFileTime(&sysTime, &fileTime2); - - -/* - Stuff the 2 FILETIMEs into their own __int64s. -*/ - time1 = fileTime1.dwHighDateTime; - time1 <<= 32; - time1 |= fileTime1.dwLowDateTime; - - time2 = fileTime2.dwHighDateTime; - time2 <<= 32; - time2 |= fileTime2.dwLowDateTime; - -/* - Get the difference of the two64-bit ints. - - This is he number of 100-nanosecond intervals since Jan. 1970. So - we divide by 10000 to get seconds. - */ - iTimeDiff = (time2 - time1) / 10000000; - return (int)iTimeDiff; -} -#endif /* WINCE */ - -/******************************************************************************/ - - - - - diff --git a/release/src/router/matrixssl/examples/sslSocket.h b/release/src/router/matrixssl/examples/sslSocket.h deleted file mode 100644 index ad383ef9..00000000 --- a/release/src/router/matrixssl/examples/sslSocket.h +++ /dev/null @@ -1,166 +0,0 @@ -/* - * socketLayer.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Sample SSL socket layer header for MatrixSSL - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_SSLSOCKET -#define _h_SSLSOCKET - -#ifdef __cplusplus -extern "C" { -#endif - -#include "../matrixSsl.h" - -/* - OS specific macros -*/ -#if WIN32 || WINCE - #include - #include - #define fcntl(A, B, C) - #define MSG_NOSIGNAL 0 - #define WOULD_BLOCK WSAEWOULDBLOCK - #define getSocketError() WSAGetLastError() -#elif LINUX - #include - #include - #include - #include -#ifdef OSX - #include - #define MSG_NOSIGNAL 0 -#endif /* OSX */ - #include - #include - #include - #include - #define SOCKET_ERROR -1 - #define getSocketError() errno - #define WOULD_BLOCK EAGAIN - #define closesocket close - #define MAKEWORD(A, B) - #define WSAStartup(A, B) - #define WSACleanup() - #define INVALID_SOCKET -1 - typedef int WSADATA; - typedef int SOCKET; -#elif VXWORKS - #include - #include - #include - #include - #include - #include - #define fcntl(A, B, C) ioctl(A, B, C) - #define SOCKET_ERROR -1 - #define getSocketError() errno - #define WOULD_BLOCK EAGAIN - #define closesocket close - #define MAKEWORD(A, B) - #define WSAStartup(A, B) - #define WSACleanup() - #define INVALID_SOCKET -1 - #define MSG_NOSIGNAL 0 - typedef int WSADATA; - typedef int SOCKET; -#endif /* OS macros */ - -extern void breakpoint(); -#define socketAssert(C) if (C) ; else {printf("%s:%d sslAssert(%s)\n",\ - __FILE__, __LINE__, #C); breakpoint(); } -#ifndef min -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#endif /* min */ - -/* - sslRead and sslWrite status values -*/ -#define SSLSOCKET_EOF 0x1 -#define SSLSOCKET_CLOSE_NOTIFY 0x2 - -/* - Connection structure -*/ -typedef struct { - ssl_t *ssl; - sslBuf_t inbuf; - sslBuf_t insock; - sslBuf_t outsock; - int outBufferCount; - SOCKET fd; -} sslConn_t; - -/* - Secure Socket apis -*/ -extern int sslConnect(sslConn_t **cp, SOCKET fd, sslKeys_t *keys, - sslSessionId_t *id, short cipherSuite, - int (*certValidator)(sslCertInfo_t *t, void *arg)); -extern int sslAccept(sslConn_t **cp, SOCKET fd, sslKeys_t *keys, - int (*certValidator)(sslCertInfo_t *t, void *arg), int flags); -extern void sslRehandshake(sslConn_t *cp); -extern sslConn_t *sslDoHandshake(sslConn_t *conn, short cipherSuite); -extern void sslFreeConnection(sslConn_t **cp); -extern void sslFreeConnectionBuffers(sslConn_t **cpp); - -extern int sslRead(sslConn_t *cp, char *buf, int len, int *status); -extern int sslWrite(sslConn_t *cp, char *buf, int len, int *status); -extern void sslWriteClosureAlert(sslConn_t *cp); - -/* - Socket apis -*/ -extern SOCKET socketListen(short port, int *err); -extern SOCKET socketAccept(SOCKET listenfd, int *err); -extern SOCKET socketConnect(char *ip, short port, int *err); -extern void socketShutdown(SOCKET sock); - -extern int psSocketRead(SOCKET sock, sslBuf_t **out, int *status); -extern int psSocketWrite(SOCKET sock, sslBuf_t *out); - -extern void setSocketBlock(SOCKET sock); -extern void setSocketNonblock(SOCKET sock); -extern void setSocketNodelay(SOCKET sock); - -#if WINCE || VXWORKS -extern void parseCmdLineArgs(char *args, int *pargc, char ***pargv); -#endif /* WINCE || VXWORKS */ - -#if WINCE -extern time_t time(); -#endif /* WINCE */ - -#ifdef __cplusplus -} -#endif - -#endif /* _h_SSLSOCKET */ - -/******************************************************************************/ -- cgit v1.2.3-54-g00ecf