diff --git a/CHANGELOG b/CHANGELOG index 4b88744c1..568d44076 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,15 +1,18 @@ Changes since 1.0.0 -* AES should now work on 16bit processors (there was an alignment problem) +* AES should now work on 16bit processors (there was an alignment problem). * Various freed objects are cleared before freeing. -* Header files now installed in /usr/local/include/axTLS -* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris) +* Header files now installed in /usr/local/include/axTLS. +* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris). +* removed "-noextern" option in Swig. Fixed some other warnings in Win32. +* SSLCTX changed to SSL_CTX (to be consistent with openssl). axhttpd Changes -* main.c now becomes axhttpd.c -* Header file issue fixed (in mime_types.c) -* chroot() now used for better security -* Basic authentication implemented (with .htpasswd) -* HTTP Port protection implemented (with .htaccess) -* Directory access protection implemented (with .htaccess) - +* main.c now becomes axhttpd.c. +* Header file issue fixed (in mime_types.c). +* chroot() now used for better security. +* Basic authentication implemented (with .htpasswd). +* SSL access/denial protection implemented (with .htaccess). +* Directory access protection implemented (with .htaccess). +* Can now have more than one CGI file extension in mconf. +* "If-Modified-Since" request now handled properly. diff --git a/bindings/Makefile b/bindings/Makefile index 322b37080..19c896d2c 100644 --- a/bindings/Makefile +++ b/bindings/Makefile @@ -47,13 +47,13 @@ java/axTLSj.i: ../ssl/ssl.h @perl ./generate_SWIG_interface.pl -java java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java) - @cd java; swig -java -package axTLSj -noextern axTLSj.i; $(MAKE) + @cd java; swig -java -package axTLSj axTLSj.i; $(MAKE) perl/axTLSp.i: ../ssl/ssl.h @perl ./generate_SWIG_interface.pl -perl perl/axTLSp_wrap.c: perl/axTLSp.i - @cd perl; swig -perl5 -noextern axTLSp.i; $(MAKE) + @cd perl; swig -perl5 axTLSp.i; $(MAKE) clean:: $(MAKE) -C csharp clean diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl index 3732a1d38..c5a7916b7 100755 --- a/bindings/generate_SWIG_interface.pl +++ b/bindings/generate_SWIG_interface.pl @@ -154,7 +154,7 @@ print DATA_OUT << "END"; #ifdef SWIGJAVA %apply long { SSL * }; -%apply long { SSLCTX * }; +%apply long { SSL_CTX * }; %apply long { SSLObjLoader * }; /* allow "unsigned char []" to become "byte[]" */ diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl index 193b5adf4..8110d80d0 100755 --- a/bindings/generate_interface.pl +++ b/bindings/generate_interface.pl @@ -56,7 +56,7 @@ sub transformSignature $line =~ s/uint8_t \* ?/byte[] /g; $line =~ s/uint8_t ?/byte /g; $line =~ s/const char \* ?/string /g; - $line =~ s/SSLCTX \* ?/IntPtr /g; + $line =~ s/SSL_CTX \* ?/IntPtr /g; $line =~ s/SSLObjLoader \* ?/IntPtr /g; $line =~ s/SSL \* ?/IntPtr /g; $line =~ s/\(void\)/()/g; @@ -74,7 +74,7 @@ sub transformSignature $signature_ret_type =~ s/const uint8_t \*/As IntPtr/; $signature_ret_type =~ s/const char \*/As String/; - $signature_ret_type =~ s/SSLCTX \*/As IntPtr/; + $signature_ret_type =~ s/SSL_CTX \*/As IntPtr/; $signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/; $signature_ret_type =~ s/SSL \*/As IntPtr/; $signature_ret_type =~ s/uint8_t/As Byte/; @@ -89,7 +89,7 @@ sub transformSignature $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g; $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g; $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g; - $line =~ s/SSLCTX \* ?(\w+)/ByVal $1 As IntPtr/g; + $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g; $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g; diff --git a/config/axhttpd.aip b/config/axhttpd.aip index 959385677..d252672c4 100755 --- a/config/axhttpd.aip +++ b/config/axhttpd.aip @@ -22,18 +22,9 @@ - - - - - - + + - - - - - @@ -49,19 +40,12 @@ - + + - - - - - - - - - + @@ -87,11 +71,13 @@ - - + + + - + + @@ -127,14 +113,6 @@ - - - - - - - - diff --git a/config/makefile.conf b/config/makefile.conf index 58f66f60d..ffdf33d88 100644 --- a/config/makefile.conf +++ b/config/makefile.conf @@ -57,7 +57,8 @@ endif CC=cl.exe LD=link.exe -CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c +CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c +#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c LDFLAGS=/nologo /subsystem:console /machine:I386 LDSHARED = /dll AR=lib /nologo diff --git a/httpd/Config.in b/httpd/Config.in index 417106e59..2dfe558f1 100644 --- a/httpd/Config.in +++ b/httpd/Config.in @@ -74,6 +74,12 @@ config CONFIG_HTTP_DIRECTORIES help Enable directory listing. +config CONFIG_HTTP_HAS_AUTHORIZATION + bool "Enable authorization" + default n + help + Pages/directories can have passwords associated with them. + config CONFIG_HTTP_PERM_CHECK bool "Permissions Check" default n @@ -81,12 +87,6 @@ config CONFIG_HTTP_PERM_CHECK Enable permissions checking on the directories before reading the files in them. -config CONFIG_HTTP_HAS_AUTHORIZATION - bool "Enable authorization" - default n - help - Pages/directories can have passwords associated with them. - config CONFIG_HTTP_HAS_IPV6 bool "Enable IPv6" default n @@ -98,8 +98,6 @@ config CONFIG_HTTP_HAS_IPV6 config CONFIG_HTTP_ALL_MIME_TYPES bool "Use all mime types" - default y if CONFIG_SSL_FULL_MODE - default n if !CONFIG_SSL_FULL_MODE help Use the full list of supported mime types. diff --git a/httpd/Makefile b/httpd/Makefile index e86cd5505..d20f1b2b1 100644 --- a/httpd/Makefile +++ b/httpd/Makefile @@ -63,7 +63,8 @@ endif OBJ= \ axhttpd.o \ proc.o \ - mime_types.o + mime_types.o \ + tdate_parse.o include ../config/makefile.post diff --git a/httpd/README b/httpd/README index ede9af275..e74f66de0 100644 --- a/httpd/README +++ b/httpd/README @@ -4,6 +4,10 @@ axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at: http://www.hcsw.org/awhttpd. +***************************************************************************** +* axhttpd Features * +***************************************************************************** + Basic Authentication ==================== @@ -16,30 +20,49 @@ utility program htpasswd is included to help manually edit .htpasswd files. The encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. -An example is in /test_dir/prot (username 'abcd', password is '1234'). +An example is in /test_dir/ssl_only (username 'abcd', password is '1234'). Note: This is an mconf configuration option. -HTTP Port Protection +SSL Protection ==================== Directories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put "SSLRequireSSL" into a '.htaccess' file in the directory to be protected. -An example is in /test_dir/prot. +Conversely, use "SSLDenySSL" to deny access to directories via SSL. + +An example is in /test_dir/ssl_only and /test_dir/no_ssl. + +Entire directories can be denied access with a "Deny all" directive +(regardless of SSL or authentication). CGI === chroot() is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the -usual access. +usual access (to things like /bin, /lib etc). -So any executables and libraries need to be copied into webroot (under /bin -and /lib). +So any executables and libraries need to be copied into webroot. Failure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...). +Directory Listing +================= + +An mconf option. Allow the files in directories to be displayed. + +Permissions Checking +===================== + +An mconf option. This will display the various file permissions to standard +output of files in web root. + +Other Features +============== + +Check the help options in mconf for all the other features used. diff --git a/httpd/axhttp.h b/httpd/axhttp.h index 229ad8397..4804d5654 100644 --- a/httpd/axhttp.h +++ b/httpd/axhttp.h @@ -71,7 +71,7 @@ struct connstruct char databuf[BLOCKSIZE]; uint8_t is_ssl; uint8_t close_when_done; - uint8_t modified_since; + time_t if_modified_since; #if defined(CONFIG_HTTP_HAS_CGI) char cgiargs[MAXREQUESTLENGTH]; @@ -88,7 +88,7 @@ struct serverstruct struct serverstruct *next; int sd; int is_ssl; - SSLCTX *ssl_ctx; + SSL_CTX *ssl_ctx; }; #if defined(CONFIG_HTTP_HAS_CGI) @@ -99,7 +99,7 @@ struct cgiextstruct }; #endif -// Global prototypes +/* global prototypes */ extern struct serverstruct *servers; extern struct connstruct *usedconns; extern struct connstruct *freeconns; @@ -107,20 +107,26 @@ extern struct connstruct *freeconns; extern struct cgiextstruct *cgiexts; #endif -// conn.c prototypes +/* conn.c prototypes */ void removeconnection(struct connstruct *cn); -// proc.c prototypes +/* proc.c prototypes */ void procdodir(struct connstruct *cn); void procreadhead(struct connstruct *cn); void procsendhead(struct connstruct *cn); void procreadfile(struct connstruct *cn); void procsendfile(struct connstruct *cn); -// misc.c prototypes + +/* misc.c prototypes */ char *my_strncpy(char *dest, const char *src, size_t n); int isdir(const char *name); -// mime_types.c prototypes +/* mime_types.c prototypes */ void mime_init(void); const char *getmimetype(const char *fn); + +/* tdate prototypes */ +void tdate_init(void); +time_t tdate_parse(const char* str); + diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c index bca16f83f..a8f70e45e 100644 --- a/httpd/axhttpd.c +++ b/httpd/axhttpd.c @@ -120,6 +120,7 @@ int main(int argc, char *argv[]) signal(SIGINT, sigint_cleanup); signal(SIGTERM, die); mime_init(); + tdate_init(); for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) { @@ -587,7 +588,6 @@ static void addconnection(int sd, char *ip, int is_ssl) tp->state = STATE_WANT_TO_READ_HEAD; tp->reqtype = TYPE_GET; tp->close_when_done = 0; - tp->modified_since = 0; tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT; } diff --git a/httpd/proc.c b/httpd/proc.c index d6f6788a7..9f70fbbaa 100644 --- a/httpd/proc.c +++ b/httpd/proc.c @@ -67,7 +67,6 @@ static int procheadelem(struct connstruct *cn, char *buf) *delim = 0; value = delim+1; - /* printf("name: %s, value: %s\n", buf, value); */ if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 || strcmp(buf, "POST") == 0) { @@ -89,6 +88,7 @@ static int procheadelem(struct connstruct *cn, char *buf) } my_strncpy(cn->filereq, value, MAXREQUESTLENGTH); + cn->if_modified_since = -1; #if defined(CONFIG_HTTP_HAS_CGI) if ((cgi_delim = strchr(value, '?'))) { @@ -113,8 +113,7 @@ static int procheadelem(struct connstruct *cn, char *buf) } else if (strcmp(buf, "If-Modified-Since:") == 0) { - /* TODO: parse this date properly with getdate() or similar */ - cn->modified_since = 1; + cn->if_modified_since = tdate_parse(value); } #ifdef CONFIG_HTTP_HAS_AUTHORIZATION else if (strcmp(buf, "Authorization:") == 0 && @@ -408,13 +407,13 @@ void procsendhead(struct connstruct *cn) strcpy(date, ctime(&now)); - if (cn->modified_since) + /* has the file been read before? */ + if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || + cn->if_modified_since >= stbuf.st_mtime)) { - /* file has already been read before */ snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: " "axhttpd V%s\nDate: %s\n", VERSION, date); special_write(cn, buf, strlen(buf)); - cn->modified_since = 0; cn->state = STATE_WANT_TO_READ_HEAD; return; } @@ -442,7 +441,7 @@ void procsendhead(struct connstruct *cn) "Content-Type: %s\nContent-Length: %ld\n" "Date: %sLast-Modified: %s\n", VERSION, getmimetype(cn->actualfile), (long) stbuf.st_size, - date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */ + date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */ special_write(cn, buf, strlen(buf)); @@ -977,15 +976,13 @@ static int htaccess_check(struct connstruct *cn) while (fgets(line, sizeof(line), fp) != NULL) { - if (!cn->is_ssl && strstr(line, "SSLRequireSSL")) + if (strstr(line, "Deny all") || /* access to this dir denied */ + /* Access will be denied unless SSL is active */ + (!cn->is_ssl && strstr(line, "SSLRequireSSL")) || + /* Access will be denied if SSL is active */ + (cn->is_ssl && strstr(line, "SSLDenySSL"))) { - ret = -1; /* SSL port access required */ - break; - } - - if (strstr(line, "Deny all")) - { - ret = -1; /* access to this dir denied */ + ret = -1; break; } } @@ -996,7 +993,7 @@ static int htaccess_check(struct connstruct *cn) static void send_error(struct connstruct *cn, int err) { - char buf[1024]; + char buf[MAXREQUESTLENGTH]; char *title; char *text; @@ -1016,7 +1013,7 @@ static void send_error(struct connstruct *cn, int err) break; } - sprintf(buf, "HTTP/1.1 %d %s\n" + snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n" "Content-Type: text/html\n" "Cache-Control: no-cache,no-store\n" "Connection: close\n\n" @@ -1026,4 +1023,3 @@ static void send_error(struct connstruct *cn, int err) special_write(cn, buf, strlen(buf)); removeconnection(cn); } - diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c new file mode 100644 index 000000000..a6cadc77e --- /dev/null +++ b/httpd/tdate_parse.c @@ -0,0 +1,107 @@ +/* + * Copyright(C) 2007 Cameron Rich + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include +#include +#include +#include +#include "axhttp.h" + +struct day_mon_map +{ + const char* s; + uint8_t l; +}; + +static struct day_mon_map wday_tab[] = +{ + { "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 }, + { "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 }, +}; + +static struct day_mon_map mon_tab[] = +{ + { "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 }, + { "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 }, + { "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 }, +}; + +static int day_mon_map_compare(const char *v1, const char *v2) +{ + return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s); +} + +void tdate_init(void) +{ + qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map), + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); + qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map), + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); +} + +static int8_t day_mon_map_search(const char* str, + const struct day_mon_map* tab, int n) +{ + struct day_mon_map *search = bsearch(&str, tab, n, + sizeof(struct day_mon_map), + (int (*)(const void *, const void *))day_mon_map_compare); + return search ? search->l : -1; +} + +time_t tdate_parse(const char* str) +{ + struct tm tm; + char str_mon[4], str_wday[4]; + int tm_sec, tm_min, tm_hour, tm_mday, tm_year; + + /* Initialize. */ + memset(&tm, 0, sizeof(struct tm)); + + /* wdy, DD mth YY HH:MM:SS GMT */ + if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT", + str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min, + &tm_sec) == 7) || + /* wdy mth DD HH:MM:SS YY */ + (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d", + str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec, + &tm_year) == 7)) + { + int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, + sizeof(wday_tab)/sizeof(struct day_mon_map)); + int8_t tm_mon = day_mon_map_search(str_mon, mon_tab, + sizeof(mon_tab)/sizeof(struct day_mon_map)); + + if (tm_wday < 0 || tm_mon < 0) + return -1; + + tm.tm_wday = tm_wday; + tm.tm_mon = tm_mon; + tm.tm_mday = tm_mday; + tm.tm_hour = tm_hour; + tm.tm_min = tm_min; + tm.tm_sec = tm_sec; + tm.tm_year = tm_year - 1900; + return mktime(&tm); + } + + return -1; /* error */ +} diff --git a/samples/c/axssl.c b/samples/c/axssl.c index 6dd794d67..e11eb1c9f 100644 --- a/samples/c/axssl.c +++ b/samples/c/axssl.c @@ -87,7 +87,7 @@ static void do_server(int argc, char *argv[]) uint16_t port = 4433; uint32_t options = SSL_DISPLAY_CERTS; int client_fd; - SSLCTX *ssl_ctx; + SSL_CTX *ssl_ctx; int server_fd, client_len, res = 0; #ifndef CONFIG_SSL_SKELETON_MODE char *private_key_file = NULL; @@ -416,7 +416,7 @@ static void do_client(int argc, char *argv[]) struct hostent *hostent; int reconnect = 0; uint32_t sin_addr; - SSLCTX *ssl_ctx; + SSL_CTX *ssl_ctx; SSL *ssl = NULL; int quiet = 0; int cert_index = 0, ca_cert_index = 0; diff --git a/ssl/Config.in b/ssl/Config.in index 76b7f49c0..f79d71be8 100644 --- a/ssl/Config.in +++ b/ssl/Config.in @@ -210,18 +210,18 @@ config CONFIG_SSL_MAX_CERTS The default is to allow one certificate + 1 certificate in the chain (which may be the certificate authority certificate). -config CONFIG_SSLCTX_MUTEXING - bool "Enable SSLCTX mutexing" +config CONFIG_SSL_CTX_MUTEXING + bool "Enable SSL_CTX mutexing" default n help - Normally mutexing is not required - each SSLCTX object can deal with - many SSL objects (as long as each SSLCTX object is using a single + Normally mutexing is not required - each SSL_CTX object can deal with + many SSL objects (as long as each SSL_CTX object is using a single thread). - If the SSLCTX object is not thread safe e.g. the case where a + If the SSL_CTX object is not thread safe e.g. the case where a new thread is created for each SSL object, then mutexing is required. - Select y when a mutex on the SSLCTX object is required. + Select y when a mutex on the SSL_CTX object is required. config CONFIG_USE_DEV_URANDOM bool "Use /dev/urandom" diff --git a/ssl/Makefile b/ssl/Makefile index 4ef5e347b..873d19f7f 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -54,6 +54,7 @@ OBJ=\ bigint.o \ crypto_misc.o \ hmac.o \ + os_port.o \ loader.o \ md5.o \ p12.o \ @@ -64,10 +65,6 @@ OBJ=\ tls1_svr.o \ tls1_clnt.o -ifdef CONFIG_PLATFORM_WIN32 -OBJ+=os_port.o -endif - include ../config/makefile.post ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin diff --git a/ssl/asn1.c b/ssl/asn1.c index 44d2adf09..45b910b9a 100644 --- a/ssl/asn1.c +++ b/ssl/asn1.c @@ -270,9 +270,9 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str) (*offset)++; len = get_asn1_length(buf, offset); - *str = (char *)malloc(len+1); /* allow for null */ + *str = (char *)malloc(len+1); /* allow for null */ memcpy(*str, &buf[*offset], len); - (*str)[len] = 0; /* null terminate */ + (*str)[len] = 0; /* null terminate */ *offset += len; end_pnt_str: return len; diff --git a/ssl/bigint.c b/ssl/bigint.c index 56c94e37b..e64375f80 100644 --- a/ssl/bigint.c +++ b/ssl/bigint.c @@ -77,8 +77,9 @@ static void check(const bigint *bi); */ BI_CTX *bi_initialize(void) { - BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX)); - + BI_CTX *ctx; + + ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX)); ctx->active_list = NULL; ctx->active_count = 0; ctx->free_list = NULL; diff --git a/ssl/loader.c b/ssl/loader.c index dd7d17234..b33299897 100644 --- a/ssl/loader.c +++ b/ssl/loader.c @@ -32,17 +32,17 @@ #include "ssl.h" -static int do_obj(SSLCTX *ssl_ctx, int obj_type, +static int do_obj(SSL_CTX *ssl_ctx, int obj_type, SSLObjLoader *ssl_obj, const char *password); #ifdef CONFIG_SSL_HAS_PEM -static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, +static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, SSLObjLoader *ssl_obj, const char *password); #endif /* * Load a file into memory that is in binary DER (or ascii PEM) format. */ -EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, +EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password) { #ifndef CONFIG_SSL_SKELETON_MODE @@ -57,6 +57,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, } ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); + ssl_obj->len = get_file(filename, &ssl_obj->buf); if (ssl_obj->len <= 0) @@ -90,12 +91,13 @@ error: /* * Transfer binary data into the object loader. */ -EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type, +EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, const uint8_t *data, int len, const char *password) { int ret; - SSLObjLoader *ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); + SSLObjLoader *ssl_obj; + ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); ssl_obj->buf = (uint8_t *)malloc(len); memcpy(ssl_obj->buf, data, len); ssl_obj->len = len; @@ -107,7 +109,7 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type, /* * Actually work out what we are doing */ -static int do_obj(SSLCTX *ssl_ctx, int obj_type, +static int do_obj(SSL_CTX *ssl_ctx, int obj_type, SSLObjLoader *ssl_obj, const char *password) { int ret = SSL_OK; @@ -277,7 +279,7 @@ error: /** * Take a base64 blob of data and turn it into its proper ASN.1 form. */ -static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where, +static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where, int remain, const char *password) { int ret = SSL_OK; @@ -293,6 +295,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where, remain -= (int)(end-start); start += strlen(begins[i]); pem_size = (int)(end-start); + ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader)); /* 4/3 bigger than what we need but so what */ @@ -357,7 +360,7 @@ error: /* * Load a file into memory that is in ASCII PEM format. */ -static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, +static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, SSLObjLoader *ssl_obj, const char *password) { uint8_t *start; diff --git a/ssl/os_port.c b/ssl/os_port.c index 56e6e3a06..109321e29 100644 --- a/ssl/os_port.c +++ b/ssl/os_port.c @@ -21,15 +21,15 @@ * * OS specific functions. */ -#ifdef WIN32 - #include +#include #include "os_port.h" +#ifdef WIN32 /** * gettimeofday() not in Win32 */ -EXP_FUNC void gettimeofday(struct timeval* t, void* timezone) +EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone) { #if defined(_WIN32_WCE) t->tv_sec = time(NULL); @@ -45,7 +45,7 @@ EXP_FUNC void gettimeofday(struct timeval* t, void* timezone) /** * strcasecmp() not in Win32 */ -EXP_FUNC int strcasecmp(const char *s1, const char *s2) +EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2) { while (tolower(*s1) == tolower(*s2++)) { @@ -59,3 +59,61 @@ EXP_FUNC int strcasecmp(const char *s1, const char *s2) } #endif + +#undef malloc +#undef realloc +#undef calloc +#undef open +#undef fopen + +/* some functions that call abort() on failure */ +EXP_FUNC void * STDCALL ax_malloc(size_t s) +{ + void *x; + + if ((x = malloc(s)) == NULL) + abort(); + + return x; +} + +EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s) +{ + void *x; + + if ((x = realloc(y, s)) == NULL) + abort(); + + return x; +} + +EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s) +{ + void *x; + + if ((x = calloc(n, s)) == NULL) + abort(); + + return x; +} + +EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type) +{ + FILE *f; + + if ((f = fopen(name, type)) == NULL) + abort(); + + return f; +} + +EXP_FUNC int STDCALL ax_open(const char *pathname, int flags) +{ + int x; + + if ((x = open(pathname, flags)) < 0) + abort(); + + return x; +} + diff --git a/ssl/os_port.h b/ssl/os_port.h index 89eeb6b16..32e790291 100644 --- a/ssl/os_port.h +++ b/ssl/os_port.h @@ -29,6 +29,8 @@ extern "C" { #endif +#include + #if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN) #define STDCALL __stdcall #define EXP_FUNC __declspec(dllexport) @@ -72,7 +74,7 @@ extern "C" { #define random() rand() #define getpid() _getpid() #define snprintf _snprintf -#define open(A,B) _open(A,B) +//#define open(A,B) _open(A,B) #define dup2(A,B) _dup2(A,B) #define unlink(A) _unlink(A) #define close(A) _close(A) @@ -80,9 +82,11 @@ extern "C" { #define write(A,B,C) _write(A,B,C) #define sleep(A) Sleep(A*1000) #define usleep(A) Sleep(A/1000) -#define lseek(A,B,C) _lseek(A,B,C) #define strdup(A) _strdup(A) #define chroot(A) _chdir(A) +#ifndef lseek +#define lseek(A,B,C) _lseek(A,B,C) +#endif /* This fix gets around a problem where a win32 application on a cygwin xterm doesn't display regular output (until a certain buffer limit) - but it works @@ -99,19 +103,17 @@ extern "C" { #pragma comment(lib, "AdvAPI32.lib") #endif -#define uint8_t unsigned char -#define uint16_t unsigned short -#ifndef INT16 -typedef signed short INT16; -#endif +typedef UINT8 uint8_t; +typedef INT8 int8_t; +typedef UINT16 uint16_t; +typedef INT16 int16_t; +typedef UINT32 uint32_t; +typedef INT32 int32_t; +typedef UINT64 uint64_t; +typedef INT64 int64_t; -#define int16_t INT16 -#define uint32_t UINT32 -#define uint64_t UINT64 -#define int64_t INT64 - -extern EXP_FUNC void gettimeofday(struct timeval* t,void* timezone); -extern EXP_FUNC int strcasecmp(const char *s1, const char *s2); +EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone); +EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2); #else /* Not Win32 */ @@ -140,6 +142,19 @@ extern EXP_FUNC int strcasecmp(const char *s1, const char *s2); #endif /* Not Win32 */ +/* some functions to mutate the way these work */ +#define malloc(A) ax_malloc(A) +#define realloc(A,B) ax_realloc(A,B) +#define calloc(A,B) ax_calloc(A,B) +#define fopen(A,B) ax_fopen(A,B) +#define open(A,B) ax_open(A,B) + +EXP_FUNC void * STDCALL ax_malloc(size_t s); +EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s); +EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s); +EXP_FUNC FILE * STDCALL fopen(const char *name, const char *type); +EXP_FUNC int STDCALL open(const char *pathname, int flags); + #ifdef __cplusplus } #endif diff --git a/ssl/p12.c b/ssl/p12.c index fe0b82c71..7e99bbc5c 100644 --- a/ssl/p12.c +++ b/ssl/p12.c @@ -65,14 +65,14 @@ static char *make_uni_pass(const char *password, int *uni_pass_len); static int p8_decrypt(const char *uni_pass, int uni_pass_len, const uint8_t *salt, int iter, uint8_t *priv_key, int priv_key_len, int id); -static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key); +static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key); static int get_pbe_params(uint8_t *buf, int *offset, const uint8_t **salt, int *iterations); /* * Take a raw pkcs8 block and then decrypt it and turn it into a normal key. */ -int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) +int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) { uint8_t *buf = ssl_obj->buf; int len, offset = 0; @@ -120,7 +120,7 @@ error: /* * Take the unencrypted pkcs8 and turn it into a private key */ -static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key) +static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key) { uint8_t *buf = priv_key; int len, offset = 0; @@ -218,7 +218,7 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len, * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s) * and keys. */ -int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) +int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) { uint8_t *buf = ssl_obj->buf; int all_ok = 0, len, iterations, auth_safes_start, @@ -273,6 +273,7 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) auth_safes_len = auth_safes_end - auth_safes_start; auth_safes = malloc(auth_safes_len); + memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len); if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || diff --git a/ssl/rsa.c b/ssl/rsa.c index ec856dfb6..6f5c8a44a 100644 --- a/ssl/rsa.c +++ b/ssl/rsa.c @@ -72,7 +72,7 @@ void RSA_pub_key_new(RSA_CTX **ctx, { RSA_CTX *rsa_ctx; BI_CTX *bi_ctx = bi_initialize(); - *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX)); /* reset to all 0 */ + *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX)); rsa_ctx = *ctx; rsa_ctx->bi_ctx = bi_ctx; rsa_ctx->num_octets = (mod_len & 0xFFF0); @@ -290,11 +290,13 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, bigint *modulus, bigint *pub_exp) { - uint8_t *block = (uint8_t *)malloc(sig_len); + uint8_t *block; int i, size; bigint *decrypted_bi, *dat_bi; bigint *bir = NULL; + block = (uint8_t *)malloc(sig_len); + /* decrypt */ dat_bi = bi_import(ctx, sig, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; diff --git a/ssl/ssl.h b/ssl/ssl.h index 9621ec578..3e366c44d 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -156,10 +156,10 @@ extern "C" { * different context needs to be be used. * * There are two threading models supported - a single thread with one - * SSLCTX can support any number of SSL connections - and multiple threads can - * support one SSLCTX object each (the default). But if a single SSLCTX + * SSL_CTX can support any number of SSL connections - and multiple threads can + * support one SSL_CTX object each (the default). But if a single SSL_CTX * object uses many SSL objects in individual threads, then the - * CONFIG_SSLCTX_MUTEXING option needs to be configured. + * CONFIG_SSL_CTX_MUTEXING option needs to be configured. * * @param options [in] Any particular options. At present the options * supported are: @@ -185,7 +185,7 @@ extern "C" { * is not used in skeleton mode. * @return A client/server context. */ -EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); +EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); /** * @brief Remove a client/server context. @@ -194,7 +194,7 @@ EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions); * sent a "Close Notify" alert (if possible). * @param ssl_ctx [in] The client/server context. */ -EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx); +EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx); /** * @brief (server only) Establish a new SSL connection to an SSL client. @@ -205,7 +205,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx); * @param client_fd [in] The client's file descriptor. * @return An SSL object reference. */ -EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd); +EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd); /** * @brief (client only) Establish a new SSL connection to an SSL server. @@ -223,7 +223,7 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd); * @return An SSL object reference. Use ssl_handshake_status() to check * if a handshake succeeded. */ -EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id); +EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id); /** * @brief Free any used resources on this connection. @@ -272,7 +272,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len); * @return A reference to the SSL object. Returns null if the object could not * be found. */ -EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd); +EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd); /** * @brief Get the session id for a handshake. @@ -395,7 +395,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl); * @return SSL_OK if all ok * @note Not available in skeleton build mode. */ -EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *filename, const char *password); +EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password); /** * @brief Process binary data. @@ -410,7 +410,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *fil * @return SSL_OK if all ok * @see ssl_obj_load for more details on obj_type. */ -EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password); +EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password); /** * @brief Return the axTLS library version as a string. diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c index 557118ba4..55ad891c9 100644 --- a/ssl/test/ssltest.c +++ b/ssl/test/ssltest.c @@ -528,7 +528,7 @@ static int cert_tests(void) { int res = -1, len; X509_CTX *x509_ctx; - SSLCTX *ssl_ctx; + SSL_CTX *ssl_ctx; uint8_t *buf; /* check a bunch of 3rd party certificates */ @@ -728,7 +728,7 @@ static int SSL_server_test( int axolotls_option) { int server_fd, ret = 0; - SSLCTX *ssl_ctx = NULL; + SSL_CTX *ssl_ctx = NULL; struct sockaddr_in client_addr; uint8_t *read_buf; int clnt_len = sizeof(client_addr); @@ -1151,7 +1151,7 @@ static void do_server(server_t *svr) static int SSL_client_test( const char *test, - SSLCTX **ssl_ctx, + SSL_CTX **ssl_ctx, const char *openssl_option, CLNT_SESSION_RESUME_CTX *sess_resume, uint32_t client_options, @@ -1332,7 +1332,7 @@ client_test_exit: int SSL_client_tests(void) { int ret = -1; - SSLCTX *ssl_ctx = NULL; + SSL_CTX *ssl_ctx = NULL; CLNT_SESSION_RESUME_CTX sess_resume; memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX)); @@ -1455,7 +1455,7 @@ static void do_basic(void) { int client_fd; SSL *ssl_clnt; - SSLCTX *ssl_clnt_ctx = ssl_ctx_new( + SSL_CTX *ssl_clnt_ctx = ssl_ctx_new( DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS); usleep(200000); /* allow server to start */ @@ -1489,7 +1489,7 @@ error: static int SSL_basic_test(void) { int server_fd, client_fd, ret = 0, size = 0, offset = 0; - SSLCTX *ssl_svr_ctx = NULL; + SSL_CTX *ssl_svr_ctx = NULL; struct sockaddr_in client_addr; uint8_t *read_buf; int clnt_len = sizeof(client_addr); @@ -1570,7 +1570,7 @@ error: typedef struct { - SSLCTX *ssl_clnt_ctx; + SSL_CTX *ssl_clnt_ctx; int port; int thread_id; } multi_t; @@ -1645,8 +1645,8 @@ error: int multi_thread_test(void) { int server_fd; - SSLCTX *ssl_server_ctx; - SSLCTX *ssl_clnt_ctx; + SSL_CTX *ssl_server_ctx; + SSL_CTX *ssl_clnt_ctx; pthread_t clnt_threads[NUM_THREADS]; pthread_t svr_threads[NUM_THREADS]; int i, res = 0; diff --git a/ssl/tls1.c b/ssl/tls1.c index ccd28df87..6a9294fea 100644 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -157,9 +157,9 @@ void DISPLAY_BYTES(SSL *ssl, const char *format, /** * Establish a new client/server context. */ -EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions) +EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions) { - SSLCTX *ssl_ctx = (SSLCTX *)calloc(1, sizeof (SSLCTX)); + SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX)); ssl_ctx->options = options; #ifndef CONFIG_SSL_SKELETON_MODE ssl_ctx->num_sessions = num_sessions; @@ -195,7 +195,7 @@ EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions) /* * Remove a client/server context. */ -EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx) +EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx) { SSL *ssl; int i; @@ -243,7 +243,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx) */ EXP_FUNC void STDCALL ssl_free(SSL *ssl) { - SSLCTX *ssl_ctx; + SSL_CTX *ssl_ctx; if (ssl == NULL) /* just ignore null pointers */ return; @@ -338,7 +338,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len) /** * Add a certificate to the certificate chain. */ -int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len) +int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) { int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0; SSL_CERT *ssl_cert; @@ -383,7 +383,7 @@ error: /** * Add a certificate authority. */ -int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len) +int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) { int ret = SSL_ERROR_NO_CERT_DEFINED; int i = 0; @@ -464,7 +464,7 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component) /* * Find an ssl object based on the client's file descriptor. */ -EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd) +EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd) { SSL *ssl; @@ -535,7 +535,7 @@ static const cipher_info_t *get_cipher_info(uint8_t cipher) /* * Get a new ssl context for a new connection. */ -SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd) +SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd) { SSL *ssl = (SSL *)calloc(1, sizeof(SSL)); ssl->ssl_ctx = ssl_ctx; @@ -573,7 +573,7 @@ SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd) /* * Add a private key to a context. */ -int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj) +int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj) { int ret = SSL_OK; @@ -2014,7 +2014,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {} #ifdef CONFIG_BINDINGS #if !defined(CONFIG_SSL_ENABLE_CLIENT) -EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, +EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id) { printf(unsupported_str); diff --git a/ssl/tls1.h b/ssl/tls1.h index f21d9a6cd..bb2b4d4b3 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -31,7 +31,7 @@ extern "C" { #include "version.h" /* Mutexing definitions */ -#if defined(CONFIG_SSLCTX_MUTEXING) +#if defined(CONFIG_SSL_CTX_MUTEXING) #if defined(WIN32) #define SSL_CTX_MUTEX_TYPE HANDLE #define SSL_CTX_MUTEX_INIT(A) A=CreateMutex(0, FALSE, 0) @@ -172,7 +172,7 @@ struct _SSL struct _SSL *next; /* doubly linked list */ struct _SSL *prev; SSL_CERT *certs; - struct _SSLCTX *ssl_ctx; /* back reference to a clnt/svr ctx */ + struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ #ifndef CONFIG_SSL_SKELETON_MODE uint16_t session_index; SSL_SESS *session; @@ -194,7 +194,7 @@ struct _SSL typedef struct _SSL SSL; -struct _SSLCTX +struct _SSL_CTX { uint32_t options; uint8_t chain_length; @@ -209,16 +209,19 @@ struct _SSLCTX uint16_t num_sessions; SSL_SESS **ssl_sessions; #endif -#ifdef CONFIG_SSLCTX_MUTEXING +#ifdef CONFIG_SSL_CTX_MUTEXING SSL_CTX_MUTEX_TYPE mutex; #endif }; -typedef struct _SSLCTX SSLCTX; +typedef struct _SSL_CTX SSL_CTX; + +/* backwards compatibility */ +typedef struct _SSL_CTX SSLCTX; extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; -SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd); +SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd); int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length); int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); @@ -233,13 +236,13 @@ int send_change_cipher_spec(SSL *ssl); void finished_digest(SSL *ssl, const char *label, uint8_t *digest); void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); void add_packet(SSL *ssl, const uint8_t *pkt, int len); -int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len); -int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj); +int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); +int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); void ssl_obj_free(SSLObjLoader *ssl_obj); -int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); -int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); +int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); +int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); #ifdef CONFIG_SSL_CERT_VERIFICATION -int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len); +int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); #endif #ifdef CONFIG_SSL_ENABLE_CLIENT diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c index 7dc9c4d43..b3d5a52fb 100644 --- a/ssl/tls1_clnt.c +++ b/ssl/tls1_clnt.c @@ -35,7 +35,7 @@ static int send_cert_verify(SSL *ssl); /* * Establish a new SSL connection to an SSL server. */ -EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id) +EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id) { int ret; SSL *ssl = ssl_new(ssl_ctx, client_fd); diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c index 9ad3a98d8..d5593e0f8 100644 --- a/ssl/tls1_svr.c +++ b/ssl/tls1_svr.c @@ -37,7 +37,7 @@ static int process_cert_verify(SSL *ssl); /* * Establish a new SSL connection to an SSL client. */ -EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd) +EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd) { SSL *ssl = ssl_new(ssl_ctx, client_fd); ssl->next_state = HS_CLIENT_HELLO; diff --git a/www/test_dir/prot/.htaccess b/www/test_dir/no_http/.htaccess similarity index 93% rename from www/test_dir/prot/.htaccess rename to www/test_dir/no_http/.htaccess index a8cf5665e..3e20076a2 100644 --- a/www/test_dir/prot/.htaccess +++ b/www/test_dir/no_http/.htaccess @@ -1,2 +1 @@ SSLRequireSSL - diff --git a/www/test_dir/prot/.htpasswd b/www/test_dir/no_http/.htpasswd similarity index 99% rename from www/test_dir/prot/.htpasswd rename to www/test_dir/no_http/.htpasswd index 333d9173c..0471b0140 100644 --- a/www/test_dir/prot/.htpasswd +++ b/www/test_dir/no_http/.htpasswd @@ -1,3 +1,2 @@ abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ== yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw== - diff --git a/www/test_dir/prot/index.html b/www/test_dir/no_http/index.html similarity index 93% rename from www/test_dir/prot/index.html rename to www/test_dir/no_http/index.html index 65f23bce6..8b86eba8e 100644 --- a/www/test_dir/prot/index.html +++ b/www/test_dir/no_http/index.html @@ -3,4 +3,4 @@ Looks like you got to this directory. - + diff --git a/www/test_dir/no_ssl/.htaccess b/www/test_dir/no_ssl/.htaccess new file mode 100644 index 000000000..d980d265a --- /dev/null +++ b/www/test_dir/no_ssl/.htaccess @@ -0,0 +1 @@ +SSLDenySSL diff --git a/www/test_dir/no_ssl/index.html b/www/test_dir/no_ssl/index.html new file mode 100644 index 000000000..8b86eba8e --- /dev/null +++ b/www/test_dir/no_ssl/index.html @@ -0,0 +1,6 @@ + +axhttpd is running + +Looks like you got to this directory. + +