arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

added aborts to malloc and other system calls

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@62 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-02-17 00:42:57 +00:00
parent 00fe6bca27
commit 61fd249441
34 changed files with 381 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CHANGELOG
View File

@ -1,15 +1,18 @@
Changes since 1.0.0
* AES should now work on 16bit processors (there was an alignment problem)
* AES should now work on 16bit processors (there was an alignment problem).
* Various freed objects are cleared before freeing.
* Header files now installed in /usr/local/include/axTLS
* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris)
* Header files now installed in /usr/local/include/axTLS.
* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris).
* removed "-noextern" option in Swig. Fixed some other warnings in Win32.
* SSLCTX changed to SSL_CTX (to be consistent with openssl).
axhttpd Changes
* main.c now becomes axhttpd.c
* Header file issue fixed (in mime_types.c)
* chroot() now used for better security
* Basic authentication implemented (with .htpasswd)
* HTTP Port protection implemented (with .htaccess)
* Directory access protection implemented (with .htaccess)
* main.c now becomes axhttpd.c.
* Header file issue fixed (in mime_types.c).
* chroot() now used for better security.
* Basic authentication implemented (with .htpasswd).
* SSL access/denial protection implemented (with .htaccess).
* Directory access protection implemented (with .htaccess).
* Can now have more than one CGI file extension in mconf.
* "If-Modified-Since" request now handled properly.

4
bindings/Makefile
View File

@ -47,13 +47,13 @@ java/axTLSj.i: ../ssl/ssl.h
@perl ./generate_SWIG_interface.pl -java
java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java)
@cd java; swig -java -package axTLSj -noextern axTLSj.i; $(MAKE)
@cd java; swig -java -package axTLSj axTLSj.i; $(MAKE)
perl/axTLSp.i: ../ssl/ssl.h
@perl ./generate_SWIG_interface.pl -perl
perl/axTLSp_wrap.c: perl/axTLSp.i
@cd perl; swig -perl5 -noextern axTLSp.i; $(MAKE)
@cd perl; swig -perl5 axTLSp.i; $(MAKE)
clean::
$(MAKE) -C csharp clean

2
bindings/generate_SWIG_interface.pl
View File

@ -154,7 +154,7 @@ print DATA_OUT << "END";
#ifdef SWIGJAVA
%apply long { SSL * };
%apply long { SSLCTX * };
%apply long { SSL_CTX * };
%apply long { SSLObjLoader * };
/* allow "unsigned char []" to become "byte[]" */

6
bindings/generate_interface.pl
View File

@ -56,7 +56,7 @@ sub transformSignature
$line =~ s/uint8_t \* ?/byte[] /g;
$line =~ s/uint8_t ?/byte /g;
$line =~ s/const char \* ?/string /g;
$line =~ s/SSLCTX \* ?/IntPtr /g;
$line =~ s/SSL_CTX \* ?/IntPtr /g;
$line =~ s/SSLObjLoader \* ?/IntPtr /g;
$line =~ s/SSL \* ?/IntPtr /g;
$line =~ s/\(void\)/()/g;
@ -74,7 +74,7 @@ sub transformSignature
$signature_ret_type =~ s/const uint8_t \*/As IntPtr/;
$signature_ret_type =~ s/const char \*/As String/;
$signature_ret_type =~ s/SSLCTX \*/As IntPtr/;
$signature_ret_type =~ s/SSL_CTX \*/As IntPtr/;
$signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/;
$signature_ret_type =~ s/SSL \*/As IntPtr/;
$signature_ret_type =~ s/uint8_t/As Byte/;
@ -89,7 +89,7 @@ sub transformSignature
$line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
$line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
$line =~ s/SSLCTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
$line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;

42
config/axhttpd.aip
View File

@ -22,18 +22,9 @@
<ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
<ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
<ROW Directory="index_files_DIR" Directory_Parent="www_DIR" DefaultDir="index_~1|index_files"/>
<ROW Directory="prop_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="prop-b~1|prop-base"/>
<ROW Directory="prop_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="prop-b~1|prop-base"/>
<ROW Directory="props_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="props"/>
<ROW Directory="props_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="props"/>
<ROW Directory="prot_DIR" Directory_Parent="test_dir_DIR" DefaultDir="prot"/>
<ROW Directory="svn_2_DIR" Directory_Parent="another_dir_DIR" DefaultDir="svn~1|.svn"/>
<ROW Directory="no_ssl_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_ssl"/>
<ROW Directory="ssl_only_DIR" Directory_Parent="test_dir_DIR" DefaultDir="ssl_only"/>
<ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
<ROW Directory="text_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="text-b~1|text-base"/>
<ROW Directory="text_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="text-b~1|text-base"/>
<ROW Directory="tmp_2_DIR" Directory_Parent="svn_2_DIR" DefaultDir="tmp"/>
<ROW Directory="wcprops_4_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="wcprops"/>
<ROW Directory="wcprops_5_DIR" Directory_Parent="svn_2_DIR" DefaultDir="wcprops"/>
<ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
@ -49,19 +40,12 @@
<ROW Component="crypto_2600des.gif_1" ComponentId="{F3B3E37C-D940-4899-B312-0E244D6AF720}" Directory_="index_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif_1" FullKeyPath="APPDIR\www\index_files"/>
<ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
<ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
<ROW Component="htaccess" ComponentId="{A21FC953-B7B4-42EA-8F21-422969557D40}" Directory_="prot_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\prot"/>
<ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
<ROW Component="htaccess_1" ComponentId="{83B45D66-AD6D-4E9B-8DC8-7910708E1F3A}" Directory_="ssl_only_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\ssl_only"/>
<ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
<ROW Component="prop_base_2" ComponentId="{A3E2975E-C55F-458E-8443-23556A498DE8}" Directory_="prop_base_4_DIR" Attributes="0"/>
<ROW Component="prop_base_3" ComponentId="{84D4F8F9-D8C8-40A2-AC98-0D18C7ACC15D}" Directory_="prop_base_5_DIR" Attributes="0"/>
<ROW Component="props_2" ComponentId="{1EC8919C-173D-4A2E-8356-E054BD661F2B}" Directory_="props_4_DIR" Attributes="0"/>
<ROW Component="props_3" ComponentId="{1FA958FF-6FF6-4128-9424-4036DC68CE9F}" Directory_="props_5_DIR" Attributes="0"/>
<ROW Component="text_base_2" ComponentId="{C99C78FE-D567-463B-84AC-F09280EC233A}" Directory_="text_base_4_DIR" Attributes="0"/>
<ROW Component="text_base_3" ComponentId="{C7C7D550-84BA-4B7E-83ED-526D903CD774}" Directory_="text_base_5_DIR" Attributes="0"/>
<ROW Component="wcprops_2" ComponentId="{3974F3F6-9377-4343-9230-782F1DD91BFF}" Directory_="wcprops_4_DIR" Attributes="0"/>
<ROW Component="wcprops_3" ComponentId="{0A686253-B608-4CB2-A709-3A1E124C42CB}" Directory_="wcprops_5_DIR" Attributes="0"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
<ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 prop_base_2 props_2 text_base_2 prop_base_3 props_3 text_base_3 wcprops_2 wcprops_3 health.sh htpasswd.exe another_dir htaccess"/>
<ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 health.sh htpasswd.exe another_dir htaccess htaccess_1"/>
<ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
@ -87,11 +71,13 @@
<ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="25"/>
<ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
<ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="27"/>
<ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\prot\.htaccess" SelfReg="false" Sequence="31"/>
<ROW File="htpasswd" Component_="htaccess" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\prot\.htpasswd" SelfReg="false" Sequence="32"/>
<ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="31"/>
<ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htaccess" SelfReg="false" Sequence="33"/>
<ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htpasswd" SelfReg="false" Sequence="34"/>
<ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="30"/>
<ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
<ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\prot\index.html" SelfReg="false" Sequence="33"/>
<ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="32"/>
<ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\ssl_only\index.html" SelfReg="false" Sequence="35"/>
<ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="26"/>
<ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
<ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="28"/>
@ -127,14 +113,6 @@
<ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
<ROW Directory_="prop_base_4_DIR" Component_="prop_base_2"/>
<ROW Directory_="props_4_DIR" Component_="props_2"/>
<ROW Directory_="text_base_4_DIR" Component_="text_base_2"/>
<ROW Directory_="prop_base_5_DIR" Component_="prop_base_3"/>
<ROW Directory_="props_5_DIR" Component_="props_3"/>
<ROW Directory_="text_base_5_DIR" Component_="text_base_3"/>
<ROW Directory_="wcprops_4_DIR" Component_="wcprops_2"/>
<ROW Directory_="wcprops_5_DIR" Component_="wcprops_3"/>
<ROW Directory_="another_dir_DIR" Component_="another_dir"/>
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">

3
config/makefile.conf
View File

@ -57,7 +57,8 @@ endif
CC=cl.exe
LD=link.exe
CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c
CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c
#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c
LDFLAGS=/nologo /subsystem:console /machine:I386
LDSHARED = /dll
AR=lib /nologo

14
httpd/Config.in
View File

@ -74,6 +74,12 @@ config CONFIG_HTTP_DIRECTORIES
help
Enable directory listing.
config CONFIG_HTTP_HAS_AUTHORIZATION
bool "Enable authorization"
default n
help
Pages/directories can have passwords associated with them.
config CONFIG_HTTP_PERM_CHECK
bool "Permissions Check"
default n
@ -81,12 +87,6 @@ config CONFIG_HTTP_PERM_CHECK
Enable permissions checking on the directories before reading the
files in them.
config CONFIG_HTTP_HAS_AUTHORIZATION
bool "Enable authorization"
default n
help
Pages/directories can have passwords associated with them.
config CONFIG_HTTP_HAS_IPV6
bool "Enable IPv6"
default n
@ -98,8 +98,6 @@ config CONFIG_HTTP_HAS_IPV6
config CONFIG_HTTP_ALL_MIME_TYPES
bool "Use all mime types"
default y if CONFIG_SSL_FULL_MODE
default n if !CONFIG_SSL_FULL_MODE
help
Use the full list of supported mime types.

3
httpd/Makefile
View File

@ -63,7 +63,8 @@ endif
OBJ= \
axhttpd.o \
proc.o \
mime_types.o
mime_types.o \
tdate_parse.o
include ../config/makefile.post

35
httpd/README
View File

@ -4,6 +4,10 @@ axhttpd is a small embedded web server using the axTLS library.
It is based originally on the web server written by Doug Currie which is at:
http://www.hcsw.org/awhttpd.
*****************************************************************************
* axhttpd Features *
*****************************************************************************
Basic Authentication
====================
@ -16,30 +20,49 @@ utility program htpasswd is included to help manually edit .htpasswd files.
The encryption of this password uses a proprietary algorithm due to the
dependency of many crypt libraries on DES.
An example is in /test_dir/prot (username 'abcd', password is '1234').
An example is in /test_dir/ssl_only (username 'abcd', password is '1234').
Note: This is an mconf configuration option.
HTTP Port Protection
SSL Protection
====================
Directories/files can be accessed using the 'http' or 'https' uri prefix. If
normal http access for a directory needs to be disabled, then put
"SSLRequireSSL" into a '.htaccess' file in the directory to be protected.
An example is in /test_dir/prot.
Conversely, use "SSLDenySSL" to deny access to directories via SSL.
An example is in /test_dir/ssl_only and /test_dir/no_ssl.
Entire directories can be denied access with a "Deny all" directive
(regardless of SSL or authentication).
CGI
===
chroot() is now used for added security. However this has the impact of
removing the regular filesystem, so any CGI applications no longer have the
usual access.
usual access (to things like /bin, /lib etc).
So any executables and libraries need to be copied into webroot (under /bin
and /lib).
So any executables and libraries need to be copied into webroot.
Failure to do so will result in mystical blank screens (and probably hundreds
of axhttpd instances being created...).
Directory Listing
=================
An mconf option. Allow the files in directories to be displayed.
Permissions Checking
=====================
An mconf option. This will display the various file permissions to standard
output of files in web root.
Other Features
==============
Check the help options in mconf for all the other features used.

20
httpd/axhttp.h
View File

@ -71,7 +71,7 @@ struct connstruct
char databuf[BLOCKSIZE];
uint8_t is_ssl;
uint8_t close_when_done;
uint8_t modified_since;
time_t if_modified_since;
#if defined(CONFIG_HTTP_HAS_CGI)
char cgiargs[MAXREQUESTLENGTH];
@ -88,7 +88,7 @@ struct serverstruct
struct serverstruct *next;
int sd;
int is_ssl;
SSLCTX *ssl_ctx;
SSL_CTX *ssl_ctx;
};
#if defined(CONFIG_HTTP_HAS_CGI)
@ -99,7 +99,7 @@ struct cgiextstruct
};
#endif
// Global prototypes
/* global prototypes */
extern struct serverstruct *servers;
extern struct connstruct *usedconns;
extern struct connstruct *freeconns;
@ -107,20 +107,26 @@ extern struct connstruct *freeconns;
extern struct cgiextstruct *cgiexts;
#endif
// conn.c prototypes
/* conn.c prototypes */
void removeconnection(struct connstruct *cn);
// proc.c prototypes
/* proc.c prototypes */
void procdodir(struct connstruct *cn);
void procreadhead(struct connstruct *cn);
void procsendhead(struct connstruct *cn);
void procreadfile(struct connstruct *cn);
void procsendfile(struct connstruct *cn);
// misc.c prototypes
/* misc.c prototypes */
char *my_strncpy(char *dest, const char *src, size_t n);
int isdir(const char *name);
// mime_types.c prototypes
/* mime_types.c prototypes */
void mime_init(void);
const char *getmimetype(const char *fn);
/* tdate prototypes */
void tdate_init(void);
time_t tdate_parse(const char* str);

2
httpd/axhttpd.c
View File

@ -120,6 +120,7 @@ int main(int argc, char *argv[])
signal(SIGINT, sigint_cleanup);
signal(SIGTERM, die);
mime_init();
tdate_init();
for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++)
{
@ -587,7 +588,6 @@ static void addconnection(int sd, char *ip, int is_ssl)
tp->state = STATE_WANT_TO_READ_HEAD;
tp->reqtype = TYPE_GET;
tp->close_when_done = 0;
tp->modified_since = 0;
tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
}

32
httpd/proc.c
View File

@ -67,7 +67,6 @@ static int procheadelem(struct connstruct *cn, char *buf)
*delim = 0;
value = delim+1;
/* printf("name: %s, value: %s\n", buf, value); */
if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
strcmp(buf, "POST") == 0)
{
@ -89,6 +88,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
}
my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
cn->if_modified_since = -1;
#if defined(CONFIG_HTTP_HAS_CGI)
if ((cgi_delim = strchr(value, '?')))
{
@ -113,8 +113,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
}
else if (strcmp(buf, "If-Modified-Since:") == 0)
{
/* TODO: parse this date properly with getdate() or similar */
cn->modified_since = 1;
cn->if_modified_since = tdate_parse(value);
}
#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
else if (strcmp(buf, "Authorization:") == 0 &&
@ -408,13 +407,13 @@ void procsendhead(struct connstruct *cn)
strcpy(date, ctime(&now));
if (cn->modified_since)
/* has the file been read before? */
if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 ||
cn->if_modified_since >= stbuf.st_mtime))
{
/* file has already been read before */
snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
"axhttpd V%s\nDate: %s\n", VERSION, date);
special_write(cn, buf, strlen(buf));
cn->modified_since = 0;
cn->state = STATE_WANT_TO_READ_HEAD;
return;
}
@ -442,7 +441,7 @@ void procsendhead(struct connstruct *cn)
"Content-Type: %s\nContent-Length: %ld\n"
"Date: %sLast-Modified: %s\n", VERSION,
getmimetype(cn->actualfile), (long) stbuf.st_size,
date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */
date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
special_write(cn, buf, strlen(buf));
@ -977,15 +976,13 @@ static int htaccess_check(struct connstruct *cn)
while (fgets(line, sizeof(line), fp) != NULL)
{
if (!cn->is_ssl && strstr(line, "SSLRequireSSL"))
if (strstr(line, "Deny all") || /* access to this dir denied */
/* Access will be denied unless SSL is active */
(!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
/* Access will be denied if SSL is active */
(cn->is_ssl && strstr(line, "SSLDenySSL")))
{
ret = -1; /* SSL port access required */
break;
}
if (strstr(line, "Deny all"))
{
ret = -1; /* access to this dir denied */
ret = -1;
break;
}
}
@ -996,7 +993,7 @@ static int htaccess_check(struct connstruct *cn)
static void send_error(struct connstruct *cn, int err)
{
char buf[1024];
char buf[MAXREQUESTLENGTH];
char *title;
char *text;
@ -1016,7 +1013,7 @@ static void send_error(struct connstruct *cn, int err)
break;
}
sprintf(buf, "HTTP/1.1 %d %s\n"
snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
"Content-Type: text/html\n"
"Cache-Control: no-cache,no-store\n"
"Connection: close\n\n"
@ -1026,4 +1023,3 @@ static void send_error(struct connstruct *cn, int err)
special_write(cn, buf, strlen(buf));
removeconnection(cn);
}

107
httpd/tdate_parse.c Normal file
View File

@ -0,0 +1,107 @@
/*
* Copyright(C) 2007 Cameron Rich
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <sys/types.h>
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "axhttp.h"
struct day_mon_map
{
const char* s;
uint8_t l;
};
static struct day_mon_map wday_tab[] =
{
{ "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 },
{ "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 },
};
static struct day_mon_map mon_tab[] =
{
{ "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 },
{ "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 },
{ "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 },
};
static int day_mon_map_compare(const char *v1, const char *v2)
{
return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s);
}
void tdate_init(void)
{
qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map),
sizeof(struct day_mon_map),
(int (*)(const void *, const void *))day_mon_map_compare);
qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map),
sizeof(struct day_mon_map),
(int (*)(const void *, const void *))day_mon_map_compare);
}
static int8_t day_mon_map_search(const char* str,
const struct day_mon_map* tab, int n)
{
struct day_mon_map *search = bsearch(&str, tab, n,
sizeof(struct day_mon_map),
(int (*)(const void *, const void *))day_mon_map_compare);
return search ? search->l : -1;
}
time_t tdate_parse(const char* str)
{
struct tm tm;
char str_mon[4], str_wday[4];
int tm_sec, tm_min, tm_hour, tm_mday, tm_year;
/* Initialize. */
memset(&tm, 0, sizeof(struct tm));
/* wdy, DD mth YY HH:MM:SS GMT */
if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min,
&tm_sec) == 7) ||
/* wdy mth DD HH:MM:SS YY */
(sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d",
str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec,
&tm_year) == 7))
{
int8_t tm_wday = day_mon_map_search(str_wday, wday_tab,
sizeof(wday_tab)/sizeof(struct day_mon_map));
int8_t tm_mon = day_mon_map_search(str_mon, mon_tab,
sizeof(mon_tab)/sizeof(struct day_mon_map));
if (tm_wday < 0 || tm_mon < 0)
return -1;
tm.tm_wday = tm_wday;
tm.tm_mon = tm_mon;
tm.tm_mday = tm_mday;
tm.tm_hour = tm_hour;
tm.tm_min = tm_min;
tm.tm_sec = tm_sec;
tm.tm_year = tm_year - 1900;
return mktime(&tm);
}
return -1; /* error */
}

4
samples/c/axssl.c
View File

@ -87,7 +87,7 @@ static void do_server(int argc, char *argv[])
uint16_t port = 4433;
uint32_t options = SSL_DISPLAY_CERTS;
int client_fd;
SSLCTX *ssl_ctx;
SSL_CTX *ssl_ctx;
int server_fd, client_len, res = 0;
#ifndef CONFIG_SSL_SKELETON_MODE
char *private_key_file = NULL;
@ -416,7 +416,7 @@ static void do_client(int argc, char *argv[])
struct hostent *hostent;
int reconnect = 0;
uint32_t sin_addr;
SSLCTX *ssl_ctx;
SSL_CTX *ssl_ctx;
SSL *ssl = NULL;
int quiet = 0;
int cert_index = 0, ca_cert_index = 0;

12
ssl/Config.in
View File

@ -210,18 +210,18 @@ config CONFIG_SSL_MAX_CERTS
The default is to allow one certificate + 1 certificate in the chain
(which may be the certificate authority certificate).
config CONFIG_SSLCTX_MUTEXING
bool "Enable SSLCTX mutexing"
config CONFIG_SSL_CTX_MUTEXING
bool "Enable SSL_CTX mutexing"
default n
help
Normally mutexing is not required - each SSLCTX object can deal with
many SSL objects (as long as each SSLCTX object is using a single
Normally mutexing is not required - each SSL_CTX object can deal with
many SSL objects (as long as each SSL_CTX object is using a single
thread).
If the SSLCTX object is not thread safe e.g. the case where a
If the SSL_CTX object is not thread safe e.g. the case where a
new thread is created for each SSL object, then mutexing is required.
Select y when a mutex on the SSLCTX object is required.
Select y when a mutex on the SSL_CTX object is required.
config CONFIG_USE_DEV_URANDOM
bool "Use /dev/urandom"

5
ssl/Makefile
View File

@ -54,6 +54,7 @@ OBJ=\
bigint.o \
crypto_misc.o \
hmac.o \
os_port.o \
loader.o \
md5.o \
p12.o \
@ -64,10 +65,6 @@ OBJ=\
tls1_svr.o \
tls1_clnt.o
ifdef CONFIG_PLATFORM_WIN32
OBJ+=os_port.o
endif
include ../config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin

4
ssl/asn1.c
View File

@ -270,9 +270,9 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
(*offset)++;
len = get_asn1_length(buf, offset);
*str = (char *)malloc(len+1); /* allow for null */
*str = (char *)malloc(len+1); /* allow for null */
memcpy(*str, &buf[*offset], len);
(*str)[len] = 0; /* null terminate */
(*str)[len] = 0; /* null terminate */
*offset += len;
end_pnt_str:
return len;

3
ssl/bigint.c
View File

@ -77,8 +77,9 @@ static void check(const bigint *bi);
*/
BI_CTX *bi_initialize(void)
{
BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
BI_CTX *ctx;
ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
ctx->active_list = NULL;
ctx->active_count = 0;
ctx->free_list = NULL;

19
ssl/loader.c
View File

@ -32,17 +32,17 @@
#include "ssl.h"
static int do_obj(SSLCTX *ssl_ctx, int obj_type,
static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_HAS_PEM
static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type,
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password);
#endif
/*
* Load a file into memory that is in binary DER (or ascii PEM) format.
*/
EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type,
EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
const char *filename, const char *password)
{
#ifndef CONFIG_SSL_SKELETON_MODE
@ -57,6 +57,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type,
}
ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
ssl_obj->len = get_file(filename, &ssl_obj->buf);
if (ssl_obj->len <= 0)
@ -90,12 +91,13 @@ error:
/*
* Transfer binary data into the object loader.
*/
EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type,
EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type,
const uint8_t *data, int len, const char *password)
{
int ret;
SSLObjLoader *ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
SSLObjLoader *ssl_obj;
ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
ssl_obj->buf = (uint8_t *)malloc(len);
memcpy(ssl_obj->buf, data, len);
ssl_obj->len = len;
@ -107,7 +109,7 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type,
/*
* Actually work out what we are doing
*/
static int do_obj(SSLCTX *ssl_ctx, int obj_type,
static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password)
{
int ret = SSL_OK;
@ -277,7 +279,7 @@ error:
/**
* Take a base64 blob of data and turn it into its proper ASN.1 form.
*/
static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
int remain, const char *password)
{
int ret = SSL_OK;
@ -293,6 +295,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
remain -= (int)(end-start);
start += strlen(begins[i]);
pem_size = (int)(end-start);
ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
/* 4/3 bigger than what we need but so what */
@ -357,7 +360,7 @@ error:
/*
* Load a file into memory that is in ASCII PEM format.
*/
static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type,
static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
SSLObjLoader *ssl_obj, const char *password)
{
uint8_t *start;

66
ssl/os_port.c
View File

@ -21,15 +21,15 @@
*
* OS specific functions.
*/
#ifdef WIN32
#include <time.h>
#include <stdlib.h>
#include "os_port.h"
#ifdef WIN32
/**
* gettimeofday() not in Win32
*/
EXP_FUNC void gettimeofday(struct timeval* t, void* timezone)
EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
{
#if defined(_WIN32_WCE)
t->tv_sec = time(NULL);
@ -45,7 +45,7 @@ EXP_FUNC void gettimeofday(struct timeval* t, void* timezone)
/**
* strcasecmp() not in Win32
*/
EXP_FUNC int strcasecmp(const char *s1, const char *s2)
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
{
while (tolower(*s1) == tolower(*s2++))
{
@ -59,3 +59,61 @@ EXP_FUNC int strcasecmp(const char *s1, const char *s2)
}
#endif
#undef malloc
#undef realloc
#undef calloc
#undef open
#undef fopen
/* some functions that call abort() on failure */
EXP_FUNC void * STDCALL ax_malloc(size_t s)
{
void *x;
if ((x = malloc(s)) == NULL)
abort();
return x;
}
EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
{
void *x;
if ((x = realloc(y, s)) == NULL)
abort();
return x;
}
EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
{
void *x;
if ((x = calloc(n, s)) == NULL)
abort();
return x;
}
EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type)
{
FILE *f;
if ((f = fopen(name, type)) == NULL)
abort();
return f;
}
EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
{
int x;
if ((x = open(pathname, flags)) < 0)
abort();
return x;
}

43
ssl/os_port.h
View File

@ -29,6 +29,8 @@
extern "C" {
#endif
#include <stdio.h>
#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
#define STDCALL __stdcall
#define EXP_FUNC __declspec(dllexport)
@ -72,7 +74,7 @@ extern "C" {
#define random() rand()
#define getpid() _getpid()
#define snprintf _snprintf
#define open(A,B) _open(A,B)
//#define open(A,B) _open(A,B)
#define dup2(A,B) _dup2(A,B)
#define unlink(A) _unlink(A)
#define close(A) _close(A)
@ -80,9 +82,11 @@ extern "C" {
#define write(A,B,C) _write(A,B,C)
#define sleep(A) Sleep(A*1000)
#define usleep(A) Sleep(A/1000)
#define lseek(A,B,C) _lseek(A,B,C)
#define strdup(A) _strdup(A)
#define chroot(A) _chdir(A)
#ifndef lseek
#define lseek(A,B,C) _lseek(A,B,C)
#endif
/* This fix gets around a problem where a win32 application on a cygwin xterm
doesn't display regular output (until a certain buffer limit) - but it works
@ -99,19 +103,17 @@ extern "C" {
#pragma comment(lib, "AdvAPI32.lib")
#endif
#define uint8_t unsigned char
#define uint16_t unsigned short
#ifndef INT16
typedef signed short INT16;
#endif
typedef UINT8 uint8_t;
typedef INT8 int8_t;
typedef UINT16 uint16_t;
typedef INT16 int16_t;
typedef UINT32 uint32_t;
typedef INT32 int32_t;
typedef UINT64 uint64_t;
typedef INT64 int64_t;
#define int16_t INT16
#define uint32_t UINT32
#define uint64_t UINT64
#define int64_t INT64
extern EXP_FUNC void gettimeofday(struct timeval* t,void* timezone);
extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
#else /* Not Win32 */
@ -140,6 +142,19 @@ extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
#endif /* Not Win32 */
/* some functions to mutate the way these work */
#define malloc(A) ax_malloc(A)
#define realloc(A,B) ax_realloc(A,B)
#define calloc(A,B) ax_calloc(A,B)
#define fopen(A,B) ax_fopen(A,B)
#define open(A,B) ax_open(A,B)
EXP_FUNC void * STDCALL ax_malloc(size_t s);
EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
EXP_FUNC FILE * STDCALL fopen(const char *name, const char *type);
EXP_FUNC int STDCALL open(const char *pathname, int flags);
#ifdef __cplusplus
}
#endif

9
ssl/p12.c
View File

@ -65,14 +65,14 @@ static char *make_uni_pass(const char *password, int *uni_pass_len);
static int p8_decrypt(const char *uni_pass, int uni_pass_len,
const uint8_t *salt, int iter,
uint8_t *priv_key, int priv_key_len, int id);
static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key);
static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
static int get_pbe_params(uint8_t *buf, int *offset,
const uint8_t **salt, int *iterations);
/*
* Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
*/
int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
{
uint8_t *buf = ssl_obj->buf;
int len, offset = 0;
@ -120,7 +120,7 @@ error:
/*
* Take the unencrypted pkcs8 and turn it into a private key
*/
static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key)
static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
{
uint8_t *buf = priv_key;
int len, offset = 0;
@ -218,7 +218,7 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
* Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
* and keys.
*/
int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
{
uint8_t *buf = ssl_obj->buf;
int all_ok = 0, len, iterations, auth_safes_start,
@ -273,6 +273,7 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
auth_safes_len = auth_safes_end - auth_safes_start;
auth_safes = malloc(auth_safes_len);
memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||

6
ssl/rsa.c
View File

@ -72,7 +72,7 @@ void RSA_pub_key_new(RSA_CTX **ctx,
{
RSA_CTX *rsa_ctx;
BI_CTX *bi_ctx = bi_initialize();
*ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX)); /* reset to all 0 */
*ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
rsa_ctx = *ctx;
rsa_ctx->bi_ctx = bi_ctx;
rsa_ctx->num_octets = (mod_len & 0xFFF0);
@ -290,11 +290,13 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
bigint *modulus, bigint *pub_exp)
{
uint8_t *block = (uint8_t *)malloc(sig_len);
uint8_t *block;
int i, size;
bigint *decrypted_bi, *dat_bi;
bigint *bir = NULL;
block = (uint8_t *)malloc(sig_len);
/* decrypt */
dat_bi = bi_import(ctx, sig, sig_len);
ctx->mod_offset = BIGINT_M_OFFSET;

20
ssl/ssl.h
View File

@ -156,10 +156,10 @@ extern "C" {
* different context needs to be be used.
*
* There are two threading models supported - a single thread with one
* SSLCTX can support any number of SSL connections - and multiple threads can
* support one SSLCTX object each (the default). But if a single SSLCTX
* SSL_CTX can support any number of SSL connections - and multiple threads can
* support one SSL_CTX object each (the default). But if a single SSL_CTX
* object uses many SSL objects in individual threads, then the
* CONFIG_SSLCTX_MUTEXING option needs to be configured.
* CONFIG_SSL_CTX_MUTEXING option needs to be configured.
*
* @param options [in] Any particular options. At present the options
* supported are:
@ -185,7 +185,7 @@ extern "C" {
* is not used in skeleton mode.
* @return A client/server context.
*/
EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
/**
* @brief Remove a client/server context.
@ -194,7 +194,7 @@ EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
* sent a "Close Notify" alert (if possible).
* @param ssl_ctx [in] The client/server context.
*/
EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx);
EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
/**
* @brief (server only) Establish a new SSL connection to an SSL client.
@ -205,7 +205,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx);
* @param client_fd [in] The client's file descriptor.
* @return An SSL object reference.
*/
EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd);
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
/**
* @brief (client only) Establish a new SSL connection to an SSL server.
@ -223,7 +223,7 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd);
* @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id);
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
/**
* @brief Free any used resources on this connection.
@ -272,7 +272,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
* @return A reference to the SSL object. Returns null if the object could not
* be found.
*/
EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd);
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
/**
* @brief Get the session id for a handshake.
@ -395,7 +395,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
* @return SSL_OK if all ok
* @note Not available in skeleton build mode.
*/
EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *filename, const char *password);
EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
/**
* @brief Process binary data.
@ -410,7 +410,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *fil
* @return SSL_OK if all ok
* @see ssl_obj_load for more details on obj_type.
*/
EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
/**
* @brief Return the axTLS library version as a string.

18
ssl/test/ssltest.c
View File

@ -528,7 +528,7 @@ static int cert_tests(void)
{
int res = -1, len;
X509_CTX *x509_ctx;
SSLCTX *ssl_ctx;
SSL_CTX *ssl_ctx;
uint8_t *buf;
/* check a bunch of 3rd party certificates */
@ -728,7 +728,7 @@ static int SSL_server_test(
int axolotls_option)
{
int server_fd, ret = 0;
SSLCTX *ssl_ctx = NULL;
SSL_CTX *ssl_ctx = NULL;
struct sockaddr_in client_addr;
uint8_t *read_buf;
int clnt_len = sizeof(client_addr);
@ -1151,7 +1151,7 @@ static void do_server(server_t *svr)
static int SSL_client_test(
const char *test,
SSLCTX **ssl_ctx,
SSL_CTX **ssl_ctx,
const char *openssl_option,
CLNT_SESSION_RESUME_CTX *sess_resume,
uint32_t client_options,
@ -1332,7 +1332,7 @@ client_test_exit:
int SSL_client_tests(void)
{
int ret = -1;
SSLCTX *ssl_ctx = NULL;
SSL_CTX *ssl_ctx = NULL;
CLNT_SESSION_RESUME_CTX sess_resume;
memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
@ -1455,7 +1455,7 @@ static void do_basic(void)
{
int client_fd;
SSL *ssl_clnt;
SSLCTX *ssl_clnt_ctx = ssl_ctx_new(
SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
usleep(200000); /* allow server to start */
@ -1489,7 +1489,7 @@ error:
static int SSL_basic_test(void)
{
int server_fd, client_fd, ret = 0, size = 0, offset = 0;
SSLCTX *ssl_svr_ctx = NULL;
SSL_CTX *ssl_svr_ctx = NULL;
struct sockaddr_in client_addr;
uint8_t *read_buf;
int clnt_len = sizeof(client_addr);
@ -1570,7 +1570,7 @@ error:
typedef struct
{
SSLCTX *ssl_clnt_ctx;
SSL_CTX *ssl_clnt_ctx;
int port;
int thread_id;
} multi_t;
@ -1645,8 +1645,8 @@ error:
int multi_thread_test(void)
{
int server_fd;
SSLCTX *ssl_server_ctx;
SSLCTX *ssl_clnt_ctx;
SSL_CTX *ssl_server_ctx;
SSL_CTX *ssl_clnt_ctx;
pthread_t clnt_threads[NUM_THREADS];
pthread_t svr_threads[NUM_THREADS];
int i, res = 0;

20
ssl/tls1.c
View File

@ -157,9 +157,9 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,
/**
* Establish a new client/server context.
*/
EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
{
SSLCTX *ssl_ctx = (SSLCTX *)calloc(1, sizeof (SSLCTX));
SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
ssl_ctx->options = options;
#ifndef CONFIG_SSL_SKELETON_MODE
ssl_ctx->num_sessions = num_sessions;
@ -195,7 +195,7 @@ EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
/*
* Remove a client/server context.
*/
EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
{
SSL *ssl;
int i;
@ -243,7 +243,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
*/
EXP_FUNC void STDCALL ssl_free(SSL *ssl)
{
SSLCTX *ssl_ctx;
SSL_CTX *ssl_ctx;
if (ssl == NULL) /* just ignore null pointers */
return;
@ -338,7 +338,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
/**
* Add a certificate to the certificate chain.
*/
int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
SSL_CERT *ssl_cert;
@ -383,7 +383,7 @@ error:
/**
* Add a certificate authority.
*/
int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_ERROR_NO_CERT_DEFINED;
int i = 0;
@ -464,7 +464,7 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
/*
* Find an ssl object based on the client's file descriptor.
*/
EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd)
EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
{
SSL *ssl;
@ -535,7 +535,7 @@ static const cipher_info_t *get_cipher_info(uint8_t cipher)
/*
* Get a new ssl context for a new connection.
*/
SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
{
SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
ssl->ssl_ctx = ssl_ctx;
@ -573,7 +573,7 @@ SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
/*
* Add a private key to a context.
*/
int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj)
int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
{
int ret = SSL_OK;
@ -2014,7 +2014,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
#ifdef CONFIG_BINDINGS
#if !defined(CONFIG_SSL_ENABLE_CLIENT)
EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx,
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx,
int client_fd, const uint8_t *session_id)
{
printf(unsupported_str);

25
ssl/tls1.h
View File

@ -31,7 +31,7 @@ extern "C" {
#include "version.h"
/* Mutexing definitions */
#if defined(CONFIG_SSLCTX_MUTEXING)
#if defined(CONFIG_SSL_CTX_MUTEXING)
#if defined(WIN32)
#define SSL_CTX_MUTEX_TYPE HANDLE
#define SSL_CTX_MUTEX_INIT(A) A=CreateMutex(0, FALSE, 0)
@ -172,7 +172,7 @@ struct _SSL
struct _SSL *next; /* doubly linked list */
struct _SSL *prev;
SSL_CERT *certs;
struct _SSLCTX *ssl_ctx; /* back reference to a clnt/svr ctx */
struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
#ifndef CONFIG_SSL_SKELETON_MODE
uint16_t session_index;
SSL_SESS *session;
@ -194,7 +194,7 @@ struct _SSL
typedef struct _SSL SSL;
struct _SSLCTX
struct _SSL_CTX
{
uint32_t options;
uint8_t chain_length;
@ -209,16 +209,19 @@ struct _SSLCTX
uint16_t num_sessions;
SSL_SESS **ssl_sessions;
#endif
#ifdef CONFIG_SSLCTX_MUTEXING
#ifdef CONFIG_SSL_CTX_MUTEXING
SSL_CTX_MUTEX_TYPE mutex;
#endif
};
typedef struct _SSLCTX SSLCTX;
typedef struct _SSL_CTX SSL_CTX;
/* backwards compatibility */
typedef struct _SSL_CTX SSLCTX;
extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd);
SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
int send_packet(SSL *ssl, uint8_t protocol,
const uint8_t *in, int length);
int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
@ -233,13 +236,13 @@ int send_change_cipher_spec(SSL *ssl);
void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
void add_packet(SSL *ssl, const uint8_t *pkt, int len);
int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj);
int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
void ssl_obj_free(SSLObjLoader *ssl_obj);
int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
#ifdef CONFIG_SSL_CERT_VERIFICATION
int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
#endif
#ifdef CONFIG_SSL_ENABLE_CLIENT

2
ssl/tls1_clnt.c
View File

@ -35,7 +35,7 @@ static int send_cert_verify(SSL *ssl);
/*
* Establish a new SSL connection to an SSL server.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id)
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
{
int ret;
SSL *ssl = ssl_new(ssl_ctx, client_fd);

2
ssl/tls1_svr.c
View File

@ -37,7 +37,7 @@ static int process_cert_verify(SSL *ssl);
/*
* Establish a new SSL connection to an SSL client.
*/
EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd)
EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
{
SSL *ssl = ssl_new(ssl_ctx, client_fd);
ssl->next_state = HS_CLIENT_HELLO;

1
www/test_dir/prot/.htaccess → www/test_dir/no_http/.htaccess
View File

@ -1,2 +1 @@
SSLRequireSSL

1
www/test_dir/prot/.htpasswd → www/test_dir/no_http/.htpasswd
View File

@ -1,3 +1,2 @@
abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw==

2
www/test_dir/prot/index.html → www/test_dir/no_http/index.html
View File

@ -3,4 +3,4 @@
<body>
Looks like you got to this directory.
</body>
</htm>
</html>

1
www/test_dir/no_ssl/.htaccess Normal file
View File

@ -0,0 +1 @@
SSLDenySSL

6
www/test_dir/no_ssl/index.html Normal file
View File

@ -0,0 +1,6 @@
<html>
<head><title>axhttpd is running</title></head>
<body>
Looks like you got to this directory.
</body>
</html>