arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

dir changes - things are broken at the moment

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@116 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2007-08-29 09:15:39 +00:00
parent a1bfbe6b07
commit f9ee197cff
40 changed files with 432 additions and 901 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -33,6 +33,7 @@ RELEASE=axTLS-$(VERSION)
# standard version
target:
$(MAKE) -C crypto
$(MAKE) -C ssl
ifdef CONFIG_AXHTTPD
$(MAKE) -C httpd
@ -100,6 +101,7 @@ test:
# tidy up things
clean::
@cd crypto; $(MAKE) clean
@cd ssl; $(MAKE) clean
@cd httpd; $(MAKE) clean
@cd samples; $(MAKE) clean

8
bindings/csharp/axTLS.cs
View File

@ -95,9 +95,10 @@ namespace axTLS
*/
public byte[] GetSessionId()
{
byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE);
byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
byte[] result = new byte[sess_id_size];
Marshal.Copy(ptr, result, 0, sess_id_size);
return result;
}
@ -470,7 +471,8 @@ namespace axTLS
public SSL Connect(Socket s, byte[] session_id)
{
int client_fd = s.Handle.ToInt32();
return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id));
return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id,
session_id ? null : session_id.Length));
}
}
}

33
bindings/java/Makefile
View File

@ -16,18 +16,20 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
include ../../config/makefile.java.conf
AXTLS_HOME=../..
include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
include $(AXTLS_HOME)/config/makefile.java.conf
all: lib jar
JAR=../../$(STAGE)/axtls.jar
JAR=$(AXTLS_HOME)/$(STAGE)/axtls.jar
ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsj.dll
TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsj.dll
else
TARGET=../../$(STAGE)/libaxtlsj.so
TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsj.so
endif
lib: $(TARGET)
@ -46,32 +48,19 @@ JAVA_FILES= \
OBJ=axTLSj_wrap.o
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
ifdef CONFIG_PLATFORM_WIN32
CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
include ../../config/makefile.post
include $(AXTLS_HOME)/config/makefile.post
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
else # Not Win32
ifdef CONFIG_PLATFORM_CYGWIN
SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
endif
CFLAGS += -I$(SSL_HOME)
CFLAGS += -I$(CONFIG_HOME)
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls
$(LD) $(LDFLAGS) -L $(AXTLS_HOME)/$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls
endif
jar: $(OBJ) $(JAR)

24
bindings/lua/Makefile
View File

@ -16,36 +16,36 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
AXTLS_HOME=../..
include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
all: lib
ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsl.dll
TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.dll
else
TARGET=../../$(STAGE)/axtlsl.so
TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.so
endif
ifneq ($(MAKECMDGOALS), clean)
lib: $(TARGET)
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
OBJ:=axTLSl_wrap.o
include ../../config/makefile.post
include $(AXTLS_HOME)/config/makefile.post
# there are a few static functions that aren't used
CFLAGS += -funit-at-a-time
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L$(AXTLS_HOME)/$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
CFLAGS += -I $(CONFIG_LUA_CORE)/include
else
CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`" /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
CFLAGS += /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)

30
bindings/perl/Makefile
View File

@ -16,15 +16,17 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../../config/.config
include ../../config/makefile.conf
AXTLS_HOME=../..
include $(AXTLS_HOME)/config/.config
include $(AXTLS_HOME)/config/makefile.conf
all: lib
ifdef CONFIG_PLATFORM_WIN32
TARGET=../../$(STAGE)/axtlsp.dll
TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsp.dll
else
TARGET=../../$(STAGE)/libaxtlsp.so
TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsp.so
endif
ifneq ($(MAKECMDGOALS), clean)
@ -46,11 +48,8 @@ test_perl:
endif
lib: $(TARGET)
AXTLS_HOME=../..
SSL_HOME=$(AXTLS_HOME)/ssl
CONFIG_HOME=$(AXTLS_HOME)/config
OBJ:=axTLSp_wrap.o
include ../../config/makefile.post
include $(AXTLS_HOME)/config/makefile.post
ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
@ -60,22 +59,21 @@ ifndef CONFIG_PLATFORM_WIN32 # Linux/Unix/Cygwin
# work.
#
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
$(LD) $(LDFLAGS) -L$(AXTLS_HOME)/$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
ifdef CONFIG_PLATFORM_CYGWIN
cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll
cd $(AXTLS_HOME)/$(STAGE); ln -sf $(notdir $@) axtlsp.dll
endif
@install axtlsp.pm ../../$(STAGE)
@install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
CFLAGS += -D_GNU_SOURCE -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
CFLAGS += -D_GNU_SOURCE -I$(PERL5_CORE)
else
CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
CFLAGS += /I"$(PERL5_CORE)"
LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)"
LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
$(TARGET) : $(OBJ)
$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
install axtlsp.pm ../../$(STAGE)
install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
endif # WIN32
clean::
@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm
@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend $(AXTLS_HOME)/$(STAGE)/axtlsp.pm

12
bindings/vbnet/axTLSvb.vb
View File

@ -46,9 +46,11 @@ Namespace axTLSvb
End Function
Public Function GetSessionId() As Byte()
Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE)
Dim sess_id_size As Integer = axtls.ssl_get_session_id_size(m_ssl)
Dim result(sess_id_size) As Byte
Marshal.Copy(ptr, result, 0, sess_id_size)
Return result
End Function
@ -170,9 +172,11 @@ Namespace axTLSvb
End Sub
Public Function Connect(ByVal s As Socket, _
ByVal session_id As Byte()) As SSL
ByVal session_id As Byte(), _
ByVal sess_id_size As Integer) As SSL
Dim client_fd As Integer = s.Handle.ToInt32()
Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id))
Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id, _
sess_id_size))
End Function
End Class

2
config/makefile.conf
View File

@ -71,7 +71,7 @@ else # Not Win32
-include .depend
CFLAGS += -I../config
CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
LD=$(CC)
# Solaris

33
crypto/Makefile Normal file
View File

@ -0,0 +1,33 @@
#
# Copyright(C) 2007 Cameron Rich
#
# This library is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
include ../config/.config
include ../config/makefile.conf
AXTLS_HOME=..
OBJ=\
aes.o \
hmac.o \
md5.o \
rc4.o \
sha1.o
all: $(OBJ)
include ../config/makefile.post

0
ssl/aes.c → crypto/aes.c
View File

129
crypto/crypto.h Normal file
View File

@ -0,0 +1,129 @@
/*
* Copyright(C) 2006 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file crypto.h
*/
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
#ifdef __cplusplus
extern "C" {
#endif
#include "os_port.h"
/**************************************************************************
* AES declarations
**************************************************************************/
#define AES_MAXROUNDS 14
#define AES_BLOCKSIZE 16
#define AES_IV_SIZE 16
typedef struct aes_key_st
{
uint16_t rounds;
uint16_t key_size;
uint32_t ks[(AES_MAXROUNDS+1)*8];
uint8_t iv[AES_IV_SIZE];
} AES_CTX;
typedef enum
{
AES_MODE_128,
AES_MODE_256
} AES_MODE;
void AES_set_key(AES_CTX *ctx, const uint8_t *key,
const uint8_t *iv, AES_MODE mode);
void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
uint8_t *out, int length);
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
void AES_convert_key(AES_CTX *ctx);
/**************************************************************************
* RC4 declarations
**************************************************************************/
typedef struct
{
uint8_t x, y, m[256];
} RC4_CTX;
void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
/**************************************************************************
* SHA1 declarations
**************************************************************************/
#define SHA1_SIZE 20
/*
* This structure will hold context information for the SHA-1
* hashing operation
*/
typedef struct
{
uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
uint32_t Length_Low; /* Message length in bits */
uint32_t Length_High; /* Message length in bits */
uint16_t Message_Block_Index; /* Index into message block array */
uint8_t Message_Block[64]; /* 512-bit message blocks */
} SHA1_CTX;
void SHA1_Init(SHA1_CTX *);
void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
void SHA1_Final(uint8_t *digest, SHA1_CTX *);
/**************************************************************************
* MD5 declarations
**************************************************************************/
/* MD5 context. */
#define MD5_SIZE 16
typedef struct
{
uint32_t state[4]; /* state (ABCD) */
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
uint8_t buffer[64]; /* input buffer */
} MD5_CTX;
EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
/**************************************************************************
* HMAC declarations
**************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif

32
ssl/hmac.c → crypto/hmac.c
View File

@ -45,14 +45,14 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
k_opad[i] ^= 0x5c;
}
MD5Init(&context);
MD5Update(&context, k_ipad, 64);
MD5Update(&context, msg, length);
MD5Final(&context, digest);
MD5Init(&context);
MD5Update(&context, k_opad, 64);
MD5Update(&context, digest, MD5_SIZE);
MD5Final(&context, digest);
MD5_Init(&context);
MD5_Update(&context, k_ipad, 64);
MD5_Update(&context, msg, length);
MD5_Final(digest, &context);
MD5_Init(&context);
MD5_Update(&context, k_opad, 64);
MD5_Update(&context, digest, MD5_SIZE);
MD5_Final(digest, &context);
}
/**
@ -77,12 +77,12 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
k_opad[i] ^= 0x5c;
}
SHA1Init(&context);
SHA1Update(&context, k_ipad, 64);
SHA1Update(&context, msg, length);
SHA1Final(&context, digest);
SHA1Init(&context);
SHA1Update(&context, k_opad, 64);
SHA1Update(&context, digest, SHA1_SIZE);
SHA1Final(&context, digest);
SHA1_Init(&context);
SHA1_Update(&context, k_ipad, 64);
SHA1_Update(&context, msg, length);
SHA1_Final(digest, &context);
SHA1_Init(&context);
SHA1_Update(&context, k_opad, 64);
SHA1_Update(&context, digest, SHA1_SIZE);
SHA1_Final(digest, &context);
}

10
ssl/md5.c → crypto/md5.c
View File

@ -90,7 +90,7 @@ static const uint8_t PADDING[64] =
/**
* MD5 initialization - begins an MD5 operation, writing a new ctx.
*/
EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
{
ctx->count[0] = ctx->count[1] = 0;
@ -105,7 +105,7 @@ EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
/**
* Accepts an array of octets as the next portion of the message.
*/
EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
{
uint32_t x;
int i, partLen;
@ -141,7 +141,7 @@ EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
/**
* Return the 128-bit message digest into the user's array
*/
EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
{
uint8_t bits[8];
uint32_t x, padLen;
@ -153,10 +153,10 @@ EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
*/
x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
padLen = (x < 56) ? (56 - x) : (120 - x);
MD5Update(ctx, PADDING, padLen);
MD5_Update(ctx, PADDING, padLen);
/* Append length (before padding) */
MD5Update(ctx, bits, 8);
MD5_Update(ctx, bits, 8);
/* Store state in digest */
Encode(digest, ctx->state, MD5_SIZE);

0
ssl/rc4.c → crypto/rc4.c
View File

6
ssl/sha1.c → crypto/sha1.c
View File

@ -37,7 +37,7 @@ static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
/**
* Initialize the SHA1 context
*/
void SHA1Init(SHA1_CTX *ctx)
void SHA1_Init(SHA1_CTX *ctx)
{
ctx->Length_Low = 0;
ctx->Length_High = 0;
@ -52,7 +52,7 @@ void SHA1Init(SHA1_CTX *ctx)
/**
* Accepts an array of octets as the next portion of the message.
*/
void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
{
while (len--)
{
@ -72,7 +72,7 @@ void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
/**
* Return the 160-bit message digest into the user's array
*/
void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
{
int i;

2
docsrc/axTLS.dox
View File

@ -1005,7 +1005,7 @@ INCLUDE_FILE_PATTERNS =
# undefined via #undef or recursively expanded use the := operator
# instead of the = operator.
PREDEFINED = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL=""
PREDEFINED = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
# this tag can be used to specify a list of macro names that should be expanded.

2
httpd/Makefile
View File

@ -37,7 +37,7 @@ else
LIBS=-L../$(STAGE) -laxtls
endif
CFLAGS += -I../ssl
AXTLS_HOME=..
ifdef CONFIG_HTTP_BUILD_LUA
lua: kepler-1.1

8
httpd/htpasswd.c
View File

@ -112,10 +112,10 @@ int main(int argc, char *argv[])
RNG_terminate();
base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
MD5Init(&ctx);
MD5Update(&ctx, md5_salt, MD5_SIZE);
MD5Update(&ctx, (uint8_t *)pw, strlen(pw));
MD5Final(&ctx, md5_pass);
MD5_Init(&ctx);
MD5_Update(&ctx, md5_salt, MD5_SIZE);
MD5_Update(&ctx, (uint8_t *)pw, strlen(pw));
MD5_Final(md5_pass, &ctx);
base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
printf("Add the following to your '.htpasswd' file\n");

8
httpd/proc.c
View File

@ -903,10 +903,10 @@ static int check_digest(char *salt, const char *msg_passwd)
return -1;
/* very simple MD5 crypt algorithm, but then the salt we use is large */
MD5Init(&ctx);
MD5Update(&ctx, b256_salt, salt_size); /* process the salt */
MD5Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd));
MD5Final(&ctx, md5_result);
MD5_Init(&ctx);
MD5_Update(&ctx, b256_salt, salt_size); /* process the salt */
MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd));
MD5_Final(md5_result, &ctx);
return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
}

2
samples/c/Makefile
View File

@ -30,7 +30,7 @@ TARGET=../../$(STAGE)/axssl
endif # cygwin
LIBS=../../$(STAGE)
CFLAGS += -I../../ssl -I../../config
CFLAGS += -I../../crypto -I../../ssl -I../../config
else
TARGET=../../$(STAGE)/axssl.exe
CFLAGS += /I"..\..\ssl" /I"..\..\config"

8
samples/c/axssl.c
View File

@ -607,7 +607,8 @@ static void do_client(int argc, char *argv[])
{
while (reconnect--)
{
ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
sizeof(session_id));
if ((res = ssl_handshake_status(ssl)) != SSL_OK)
{
if (!quiet)
@ -635,7 +636,7 @@ static void do_client(int argc, char *argv[])
}
else
{
ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
}
/* check the return status */
@ -854,9 +855,10 @@ static void display_session_id(SSL *ssl)
{
int i;
const uint8_t *session_id = ssl_get_session_id(ssl);
int sess_id_size = ssl_get_session_id_size(ssl);
printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
for (i = 0; i < sess_id_size; i++)
{
printf("%02x", session_id[i]);
}

3
samples/csharp/axssl.cs
View File

@ -508,7 +508,8 @@ public class axssl
{
while (reconnect-- > 0)
{
ssl = ssl_ctx.Connect(client_sock, session_id);
ssl = ssl_ctx.Connect(client_sock, session_id,
axtls.SSL_SESSION_ID_SIZE);
if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
{

7
samples/lua/axssl.lua
View File

@ -429,10 +429,12 @@ function do_client(build_mode)
-- Try session resumption?
if reconnect ~= 0 then
local session_id = nil
local sess_id_size = 0
while reconnect > 0 do
reconnect = reconnect - 1
ssl = axtlsl.ssl_client_new(ssl_ctx,
client_sock:getfd(), session_id)
client_sock:getfd(), session_id, sess_id_size)
res = axtlsl.ssl_handshake_status(ssl)
if res ~= axtlsl.SSL_OK then
@ -443,6 +445,7 @@ function do_client(build_mode)
display_session_id(ssl)
session_id = axtlsl.ssl_get_session_id(ssl)
sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
if reconnect > 0 then
axtlsl.ssl_free(ssl)
@ -452,7 +455,7 @@ function do_client(build_mode)
end
else
ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil)
ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
end
-- check the return status

7
samples/perl/axssl.pl
View File

@ -411,9 +411,12 @@ sub do_client
if ($reconnect)
{
my $session_id = undef;
my $sess_id_size = 0;
while ($reconnect--)
{
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock,
$session_id, $sess_id_size);
$res = axtlsp::ssl_handshake_status($ssl);
if ($res != $axtlsp::SSL_OK)
@ -439,7 +442,7 @@ sub do_client
}
else
{
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
$ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
}
# check the return status

13
ssl/Makefile
View File

@ -48,20 +48,23 @@ endif
libs: $(TARGET1) $(TARGET2)
AXTLS_HOME=..
OBJ=\
aes.o \
../crypto/aes.o \
asn1.o \
x509.o \
bigint.o \
crypto_misc.o \
hmac.o \
../crypto/hmac.o \
os_port.o \
loader.o \
md5.o \
../crypto/md5.o \
openssl.o \
p12.o \
rsa.o \
rc4.o \
sha1.o \
../crypto/rc4.o \
../crypto/sha1.o \
tls1.o \
tls1_svr.o \
tls1_clnt.o

425
ssl/asn1.c
View File

@ -19,22 +19,19 @@
/**
* @file asn1.c
*
* Some primitive asn methods for extraction rsa modulus information. It also
* is used for retrieving information from X.509 certificates.
* Some primitive asn methods for extraction ASN.1 data.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "os_port.h"
#include "crypto.h"
#include "crypto_misc.h"
#define SIG_OID_PREFIX_SIZE 8
#define SIG_TYPE_MD2 0x02
#define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05
/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
{
@ -44,7 +41,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
/* CN, O, OU */
static const uint8_t g_dn_types[] = { 3, 10, 11 };
static int get_asn1_length(const uint8_t *buf, int *offset)
int get_asn1_length(const uint8_t *buf, int *offset)
{
int len, i;
@ -209,7 +206,7 @@ end_utc_time:
/**
* Get the version type of a certificate (which we don't actually care about)
*/
static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK;
@ -225,7 +222,7 @@ end_version:
/**
* Retrieve the notbefore and notafter certificate times.
*/
static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
@ -281,7 +278,7 @@ end_pnt_str:
/**
* Get the subject name (or the issuer) of a certificate.
*/
static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
int asn1_name(const uint8_t *cert, int *offset, char *dn[])
{
int ret = X509_NOT_OK;
int dn_type;
@ -332,7 +329,7 @@ end_name:
/**
* Read the modulus and public exponent of a certificate.
*/
static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK, mod_len, pub_len;
uint8_t *modulus, *pub_exp;
@ -364,7 +361,7 @@ end_pub_key:
/**
* Read the signature of the certificate.
*/
static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK;
@ -417,7 +414,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
* Compare 2 distinguished names for equality
* @return 0 if a match
*/
static int asn1_compare_dn(char * const dn1[], char * const dn2[])
int asn1_compare_dn(char * const dn1[], char * const dn2[])
{
int i;
@ -432,34 +429,13 @@ static int asn1_compare_dn(char * const dn1[], char * const dn2[])
return 0; /* all good */
}
/**
* Retrieve the signature from a certificate.
*/
const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
{
int offset = 0;
const uint8_t *ptr = NULL;
if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
goto end_get_sig;
if (asn1_sig[offset++] != ASN1_OCTET_STRING)
goto end_get_sig;
*len = get_asn1_length(asn1_sig, &offset);
ptr = &asn1_sig[offset]; /* all ok */
end_get_sig:
return ptr;
}
#endif
/**
* Read the signature type of the certificate. We only support RSA-MD5 and
* RSA-SHA1 signature types.
*/
static int asn1_signature_type(const uint8_t *cert,
int asn1_signature_type(const uint8_t *cert,
int *offset, X509_CTX *x509_ctx)
{
int ret = X509_NOT_OK, len;
@ -482,382 +458,3 @@ end_check_sig:
return ret;
}
/**
* Construct a new x509 object.
* @return 0 if ok. < 0 if there was a problem.
*/
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
{
int begin_tbs, end_tbs;
int ret = X509_NOT_OK, offset = 0, cert_size = 0;
X509_CTX *x509_ctx;
BI_CTX *bi_ctx;
*ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
x509_ctx = *ctx;
/* get the certificate size */
asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
begin_tbs = offset; /* start of the tbs */
end_tbs = begin_tbs; /* work out the end of the tbs */
asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
{
if (asn1_version(cert, &offset, x509_ctx))
goto end_cert;
}
if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
goto end_cert;
/* make sure the signature is ok */
if (asn1_signature_type(cert, &offset, x509_ctx))
{
ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
goto end_cert;
}
if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
asn1_validity(cert, &offset, x509_ctx) ||
asn1_name(cert, &offset, x509_ctx->cert_dn) ||
asn1_public_key(cert, &offset, x509_ctx))
goto end_cert;
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm (either SHA1 or MD5) */
if (x509_ctx->sig_type == SIG_TYPE_MD5)
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5Final(&md5_ctx, md5_dgst);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1Init(&sha_ctx);
SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1Final(&sha_ctx, sha_dgst);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
offset = end_tbs; /* skip the v3 data */
if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
asn1_signature(cert, &offset, x509_ctx))
goto end_cert;
#endif
if (len)
{
*len = cert_size;
}
ret = X509_OK;
end_cert:
#ifdef CONFIG_SSL_FULL_MODE
if (ret)
{
printf("Error: Invalid X509 ASN.1 file\n");
}
#endif
return ret;
}
/**
* Free an X.509 object's resources.
*/
void x509_free(X509_CTX *x509_ctx)
{
X509_CTX *next;
int i;
if (x509_ctx == NULL) /* if already null, then don't bother */
return;
for (i = 0; i < X509_NUM_DN_TYPES; i++)
{
free(x509_ctx->ca_cert_dn[i]);
free(x509_ctx->cert_dn[i]);
}
free(x509_ctx->signature);
#ifdef CONFIG_SSL_CERT_VERIFICATION
if (x509_ctx->digest)
{
bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
}
#endif
RSA_free(x509_ctx->rsa_ctx);
next = x509_ctx->next;
free(x509_ctx);
x509_free(next); /* clear the chain */
}
#ifdef CONFIG_SSL_CERT_VERIFICATION
/**
* Do some basic checks on the certificate chain.
*
* Certificate verification consists of a number of checks:
* - A root certificate exists in the certificate store.
* - The date of the certificate is after the start date.
* - The date of the certificate is before the finish date.
* - The certificate chain is valid.
* - That the certificate(s) are not self-signed.
* - The signature of the certificate is valid.
*/
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
{
int ret = X509_OK, i = 0;
bigint *cert_sig;
X509_CTX *next_cert = NULL;
BI_CTX *ctx;
bigint *mod, *expn;
struct timeval tv;
int match_ca_cert = 0;
if (cert == NULL || ca_cert_ctx == NULL)
{
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
goto end_verify;
}
/* last cert in the chain - look for a trusted cert */
if (cert->next == NULL)
{
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{
if (asn1_compare_dn(cert->ca_cert_dn,
ca_cert_ctx->cert[i]->cert_dn) == 0)
{
match_ca_cert = 1;
break;
}
i++;
}
if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{
next_cert = ca_cert_ctx->cert[i];
}
else /* trusted cert not found */
{
ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
goto end_verify;
}
}
else
{
next_cert = cert->next;
}
gettimeofday(&tv, NULL);
/* check the not before date */
if (tv.tv_sec < cert->not_before)
{
ret = X509_VFY_ERROR_NOT_YET_VALID;
goto end_verify;
}
/* check the not after date */
if (tv.tv_sec > cert->not_after)
{
ret = X509_VFY_ERROR_EXPIRED;
goto end_verify;
}
/* check the chain integrity */
if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
{
ret = X509_VFY_ERROR_INVALID_CHAIN;
goto end_verify;
}
/* check for self-signing */
if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
{
ret = X509_VFY_ERROR_SELF_SIGNED;
goto end_verify;
}
/* check the signature */
ctx = cert->rsa_ctx->bi_ctx;
mod = next_cert->rsa_ctx->m;
expn = next_cert->rsa_ctx->e;
cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len,
bi_clone(ctx, mod), bi_clone(ctx, expn));
if (cert_sig)
{
ret = cert->digest ? /* check the signature */
bi_compare(cert_sig, cert->digest) :
X509_VFY_ERROR_UNSUPPORTED_DIGEST;
bi_free(ctx, cert_sig);
if (ret)
goto end_verify;
}
else
{
ret = X509_VFY_ERROR_BAD_SIGNATURE;
goto end_verify;
}
/* go down the certificate chain using recursion. */
if (ret == 0 && cert->next)
{
ret = x509_verify(ca_cert_ctx, next_cert);
}
end_verify:
return ret;
}
#endif
#if defined (CONFIG_SSL_FULL_MODE)
/**
* Used for diagnostics.
*/
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
{
if (cert == NULL)
return;
printf("---------------- CERT DEBUG ----------------\n");
printf("* CA Cert Distinguished Name\n");
if (cert->ca_cert_dn[X509_COMMON_NAME])
{
printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
}
if (cert->ca_cert_dn[X509_ORGANIZATION])
{
printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
}
if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
{
printf("Organizational Unit (OU): %s\n",
cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
}
printf("* Cert Distinguished Name\n");
if (cert->cert_dn[X509_COMMON_NAME])
{
printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
}
if (cert->cert_dn[X509_ORGANIZATION])
{
printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
}
if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
{
printf("Organizational Unit (OU): %s\n",
cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
}
printf("Not Before:\t\t%s", ctime(&cert->not_before));
printf("Not After:\t\t%s", ctime(&cert->not_after));
printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
printf("Sig Type:\t\t");
switch (cert->sig_type)
{
case SIG_TYPE_MD5:
printf("MD5\n");
break;
case SIG_TYPE_SHA1:
printf("SHA1\n");
break;
case SIG_TYPE_MD2:
printf("MD2\n");
break;
default:
printf("Unrecognized: %d\n", cert->sig_type);
break;
}
printf("Verify:\t\t\t");
if (ca_cert_ctx)
{
x509_display_error(x509_verify(ca_cert_ctx, cert));
}
printf("\n");
#if 0
print_blob("Signature", cert->signature, cert->sig_len);
bi_print("Modulus", cert->rsa_ctx->m);
bi_print("Pub Exp", cert->rsa_ctx->e);
#endif
if (ca_cert_ctx)
{
x509_print(ca_cert_ctx, cert->next);
}
}
void x509_display_error(int error)
{
switch (error)
{
case X509_NOT_OK:
printf("X509 not ok");
break;
case X509_VFY_ERROR_NO_TRUSTED_CERT:
printf("No trusted cert is available");
break;
case X509_VFY_ERROR_BAD_SIGNATURE:
printf("Bad signature");
break;
case X509_VFY_ERROR_NOT_YET_VALID:
printf("Cert is not yet valid");
break;
case X509_VFY_ERROR_EXPIRED:
printf("Cert has expired");
break;
case X509_VFY_ERROR_SELF_SIGNED:
printf("Cert is self-signed");
break;
case X509_VFY_ERROR_INVALID_CHAIN:
printf("Chain is invalid (check order of certs)");
break;
case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
printf("Unsupported digest");
break;
case X509_INVALID_PRIV_KEY:
printf("Invalid private key");
break;
}
}
#endif /* CONFIG_SSL_FULL_MODE */

44
ssl/bigint.c
View File

@ -54,7 +54,6 @@
#include <stdio.h>
#include <time.h>
#include "bigint.h"
#include "crypto.h"
static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
@ -1366,6 +1365,7 @@ static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
* @param ctx [in] The bigint session context.
* @param bi [in] The bigint on which to perform the mod power operation.
* @param biexp [in] The bigint exponent.
* @return The result of the mod exponentiation operation
* @see bi_set_mod().
*/
bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
@ -1467,6 +1467,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
* @param bi [in] The bigint to perform the exp/mod.
* @param bim [in] The temporary modulus.
* @param biexp [in] The bigint exponent.
* @return The result of the mod exponentiation operation
* @see bi_set_mod().
*/
bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
@ -1493,4 +1494,45 @@ bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
return biR;
}
#endif
#ifdef CONFIG_BIGINT_CRT
/**
* @Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
*
* @param ctx [in] The bigint session context.
* @param bi [in] The bigint to perform the exp/mod.
* @param dP [in] CRT's dP bigint
* @param dQ [in] CRT's dQ bigint
* @param p [in] CRT's p bigint
* @param q [in] CRT's q bigint
* @param qInv [in] CRT's qInv bigint
* @return The result of the CRT operation
*/
bigint *bi_crt(BI_CTX *ctx, bigint *bi,
bigint *dP, bigint *dQ,
bigint *p, bigint *q, bigint *qInv)
{
bigint *m1, *m2, *h;
/* Montgomery has a condition the 0 < x, y < m and these products violate
* that condition. So disable Montgomery when using CRT */
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 1;
#endif
ctx->mod_offset = BIGINT_P_OFFSET;
m1 = bi_mod_power(ctx, bi_copy(bi), dP);
ctx->mod_offset = BIGINT_Q_OFFSET;
m2 = bi_mod_power(ctx, bi, dQ);
h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
h = bi_multiply(ctx, h, qInv);
ctx->mod_offset = BIGINT_P_OFFSET;
h = bi_residue(ctx, h);
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 0; /* reset for any further operation */
#endif
return bi_add(ctx, m2, bi_multiply(ctx, q, h));
}
#endif
/** @} */

7
ssl/bigint.h
View File

@ -90,4 +90,11 @@ bigint *bi_square(BI_CTX *ctx, bigint *bi);
#define bi_square(A, B) bi_multiply(A, bi_copy(B), B)
#endif
#ifdef CONFIG_BIGINT_CRT
bigint *bi_crt(BI_CTX *ctx, bigint *bi,
bigint *dP, bigint *dQ,
bigint *p, bigint *q,
bigint *qInv);
#endif
#endif

285
ssl/crypto.h
View File

@ -1,285 +0,0 @@
/*
* Copyright(C) 2006 Cameron Rich
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file crypto.h
*/
#ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H
#ifdef __cplusplus
extern "C" {
#endif
#include "bigint.h"
/**************************************************************************
* AES declarations
**************************************************************************/
#define AES_MAXROUNDS 14
#define AES_BLOCKSIZE 16
#define AES_IV_SIZE 16
typedef struct aes_key_st
{
uint16_t rounds;
uint16_t key_size;
uint32_t ks[(AES_MAXROUNDS+1)*8];
uint8_t iv[AES_IV_SIZE];
} AES_CTX;
typedef enum
{
AES_MODE_128,
AES_MODE_256
} AES_MODE;
void AES_set_key(AES_CTX *ctx, const uint8_t *key,
const uint8_t *iv, AES_MODE mode);
void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
uint8_t *out, int length);
void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
void AES_convert_key(AES_CTX *ctx);
/**************************************************************************
* RC4 declarations
**************************************************************************/
typedef struct
{
uint8_t x, y, m[256];
} RC4_CTX;
void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
/**************************************************************************
* SHA1 declarations
**************************************************************************/
#define SHA1_SIZE 20
/*
* This structure will hold context information for the SHA-1
* hashing operation
*/
typedef struct
{
uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
uint32_t Length_Low; /* Message length in bits */
uint32_t Length_High; /* Message length in bits */
uint16_t Message_Block_Index; /* Index into message block array */
uint8_t Message_Block[64]; /* 512-bit message blocks */
} SHA1_CTX;
void SHA1Init(SHA1_CTX *);
void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
void SHA1Final(SHA1_CTX *, uint8_t *digest);
/**************************************************************************
* MD5 declarations
**************************************************************************/
/* MD5 context. */
#define MD5_SIZE 16
typedef struct
{
uint32_t state[4]; /* state (ABCD) */
uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
uint8_t buffer[64]; /* input buffer */
} MD5_CTX;
EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
/**************************************************************************
* HMAC declarations
**************************************************************************/
void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
/**************************************************************************
* RNG declarations
**************************************************************************/
EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
EXP_FUNC void STDCALL RNG_terminate(void);
EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
/**************************************************************************
* RSA declarations
**************************************************************************/
typedef struct
{
bigint *m; /* modulus */
bigint *e; /* public exponent */
bigint *d; /* private exponent */
#ifdef CONFIG_BIGINT_CRT
bigint *p; /* p as in m = pq */
bigint *q; /* q as in m = pq */
bigint *dP; /* d mod (p-1) */
bigint *dQ; /* d mod (q-1) */
bigint *qInv; /* q^-1 mod p */
#endif
int num_octets;
BI_CTX *bi_ctx;
} RSA_CTX;
void RSA_priv_key_new(RSA_CTX **rsa_ctx,
const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len,
const uint8_t *priv_exp, int priv_len
#ifdef CONFIG_BIGINT_CRT
, const uint8_t *p, int p_len,
const uint8_t *q, int q_len,
const uint8_t *dP, int dP_len,
const uint8_t *dQ, int dQ_len,
const uint8_t *qInv, int qInv_len
#endif
);
void RSA_pub_key_new(RSA_CTX **rsa_ctx,
const uint8_t *modulus, int mod_len,
const uint8_t *pub_exp, int pub_len);
void RSA_free(RSA_CTX *ctx);
int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
int is_decryption);
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
#ifdef CONFIG_SSL_CERT_VERIFICATION
bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
bigint *modulus, bigint *pub_exp);
bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
uint8_t *out_data, int is_signing);
void RSA_print(const RSA_CTX *ctx);
#endif
/**************************************************************************
* ASN1 declarations
**************************************************************************/
#define X509_OK 0
#define X509_NOT_OK -1
#define X509_VFY_ERROR_NO_TRUSTED_CERT -2
#define X509_VFY_ERROR_BAD_SIGNATURE -3
#define X509_VFY_ERROR_NOT_YET_VALID -4
#define X509_VFY_ERROR_EXPIRED -5
#define X509_VFY_ERROR_SELF_SIGNED -6
#define X509_VFY_ERROR_INVALID_CHAIN -7
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9
/*
* The Distinguished Name
*/
#define X509_NUM_DN_TYPES 3
#define X509_COMMON_NAME 0
#define X509_ORGANIZATION 1
#define X509_ORGANIZATIONAL_TYPE 2
#define ASN1_INTEGER 0x02
#define ASN1_BIT_STRING 0x03
#define ASN1_OCTET_STRING 0x04
#define ASN1_NULL 0x05
#define ASN1_OID 0x06
#define ASN1_PRINTABLE_STR 0x13
#define ASN1_TELETEX_STR 0x14
#define ASN1_IA5_STR 0x16
#define ASN1_UTC_TIME 0x17
#define ASN1_SEQUENCE 0x30
#define ASN1_SET 0x31
#define ASN1_IMPLICIT_TAG 0x80
#define ASN1_EXPLICIT_TAG 0xa0
#define SALT_SIZE 8
struct _x509_ctx
{
char *ca_cert_dn[X509_NUM_DN_TYPES];
char *cert_dn[X509_NUM_DN_TYPES];
#if defined(_WIN32_WCE)
long not_before;
long not_after;
#else
time_t not_before;
time_t not_after;
#endif
uint8_t *signature;
uint16_t sig_len;
uint8_t sig_type;
RSA_CTX *rsa_ctx;
bigint *digest;
struct _x509_ctx *next;
};
typedef struct _x509_ctx X509_CTX;
#ifdef CONFIG_SSL_CERT_VERIFICATION
typedef struct
{
X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
} CA_CERT_CTX;
#endif
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
void x509_free(X509_CTX *x509_ctx);
#ifdef CONFIG_SSL_CERT_VERIFICATION
int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
#endif
#ifdef CONFIG_SSL_FULL_MODE
void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
void x509_display_error(int error);
#endif
/**************************************************************************
* MISC declarations
**************************************************************************/
extern const char * const unsupported_str;
typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
int key_len, uint8_t *digest);
int get_file(const char *filename, uint8_t **buf);
#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
#else
#define print_blob(...)
#endif
EXP_FUNC int STDCALL base64_decode(const char *in, int len,
uint8_t *out, int *outlen);
#ifdef __cplusplus
}
#endif
#endif

2
ssl/crypto_misc.c
View File

@ -24,7 +24,7 @@
#include <string.h>
#include <stdarg.h>
#include <stdio.h>
#include "crypto.h"
#include "crypto_misc.h"
#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
#include "wincrypt.h"
#endif

18
ssl/loader.c
View File

@ -250,18 +250,18 @@ static int pem_decrypt(const char *where, const char *end,
goto error;
/* work out the key */
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5Update(&md5_ctx, iv, SALT_SIZE);
MD5Final(&md5_ctx, key);
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5_Update(&md5_ctx, iv, SALT_SIZE);
MD5_Final(key, &md5_ctx);
if (is_aes_256)
{
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, key, MD5_SIZE);
MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5Update(&md5_ctx, iv, SALT_SIZE);
MD5Final(&md5_ctx, &key[MD5_SIZE]);
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, key, MD5_SIZE);
MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
MD5_Update(&md5_ctx, iv, SALT_SIZE);
MD5_Final(&key[MD5_SIZE], &md5_ctx);
}
/* decrypt using the key/iv */

14
ssl/p12.c
View File

@ -190,16 +190,16 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
}
/* get the key - no IV since we are using RC4 */
SHA1Init(&sha_ctx);
SHA1Update(&sha_ctx, d, sizeof(d));
SHA1Update(&sha_ctx, p, sizeof(p));
SHA1Final(&sha_ctx, Ai);
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, d, sizeof(d));
SHA1_Update(&sha_ctx, p, sizeof(p));
SHA1_Final(Ai, &sha_ctx);
for (i = 1; i < iter; i++)
{
SHA1Init(&sha_ctx);
SHA1Update(&sha_ctx, Ai, SHA1_SIZE);
SHA1Final(&sha_ctx, Ai);
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
SHA1_Final(Ai, &sha_ctx);
}
/* do the decryption */

42
ssl/rsa.c
View File

@ -25,11 +25,7 @@
#include <string.h>
#include <time.h>
#include <stdlib.h>
#include "crypto.h"
#ifdef CONFIG_BIGINT_CRT
static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
#endif
#include "crypto_misc.h"
void RSA_priv_key_new(RSA_CTX **ctx,
const uint8_t *modulus, int mod_len,
@ -180,7 +176,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
{
#ifdef CONFIG_BIGINT_CRT
return bi_crt(c, bi_msg);
return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
#else
BI_CTX *ctx = c->bi_ctx;
ctx->mod_offset = BIGINT_M_OFFSET;
@ -188,39 +184,6 @@ bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
#endif
}
#ifdef CONFIG_BIGINT_CRT
/**
* Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
* This should really be in bigint.c (and was at one stage), but needs
* access to the RSA_CTX context...
*/
static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
{
BI_CTX *ctx = rsa->bi_ctx;
bigint *m1, *m2, *h;
/* Montgomery has a condition the 0 < x, y < m and these products violate
* that condition. So disable Montgomery when using CRT */
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 1;
#endif
ctx->mod_offset = BIGINT_P_OFFSET;
m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
ctx->mod_offset = BIGINT_Q_OFFSET;
m2 = bi_mod_power(ctx, bi, rsa->dQ);
h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
h = bi_multiply(ctx, h, rsa->qInv);
ctx->mod_offset = BIGINT_P_OFFSET;
h = bi_residue(ctx, h);
#if defined(CONFIG_BIGINT_MONTGOMERY)
ctx->use_classical = 0; /* reset for any further operation */
#endif
return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
}
#endif
#ifdef CONFIG_SSL_FULL_MODE
/**
* Used for diagnostics.
@ -294,7 +257,6 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
int i, size;
bigint *decrypted_bi, *dat_bi;
bigint *bir = NULL;
block = (uint8_t *)malloc(sig_len);
/* decrypt */

14
ssl/ssl.h
View File

@ -56,7 +56,7 @@ extern "C" {
#endif
#include <time.h>
#include "crypto.h"
//#include "crypto.h"
/* need to predefine before ssl_lib.h gets to it */
#define SSL_SESSION_ID_SIZE 32
@ -221,10 +221,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
* @param session_id [in] A 32 byte session id for session resumption. This
* can be null if no session resumption is being used or required. This option
* is not used in skeleton mode.
* @param sess_id_size The size of the session id (max 32)
* @return An SSL object reference. Use ssl_handshake_status() to check
* if a handshake succeeded.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
/**
* @brief Free any used resources on this connection.
@ -286,6 +287,15 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
*/
EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
/**
* @brief Get the session id size for a handshake.
*
* This will be 32 for a ssl server and may be something else for a ssl client.
* @param ssl [in] An SSL object reference.
* @return The number of valid bytes in a handshaking sequence
*/
EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
/**
* @brief Return the cipher id (in the SSL form).
* @param ssl [in] An SSL object reference.

2
ssl/test/Makefile
View File

@ -33,7 +33,7 @@ ifndef CONFIG_PLATFORM_WIN32
performance: ../../$(STAGE)/perf_bigint
ssltesting: ../../$(STAGE)/ssltest
LIBS=../../$(STAGE)
CFLAGS += -I../../ssl -I../../config
CFLAGS += -I../../ssl -I../../config -I../../crypto
../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls

30
ssl/test/ssltest.c
View File

@ -250,9 +250,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
"A9993E364706816ABA3E25717850C26C9CD0D89D");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
SHA1Init(&ctx);
SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1Final(&ctx, digest);
SHA1_Init(&ctx);
SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
@ -268,9 +268,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
"84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
SHA1Init(&ctx);
SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1Final(&ctx, digest);
SHA1_Init(&ctx);
SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA1_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
@ -304,9 +304,9 @@ static int MD5_test(BI_CTX *bi_ctx)
"900150983CD24FB0D6963F7D28E17F72");
bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
MD5Init(&ctx);
MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5Final(&ctx, digest);
MD5_Init(&ctx);
MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
@ -322,9 +322,9 @@ static int MD5_test(BI_CTX *bi_ctx)
bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
MD5Init(&ctx);
MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5Final(&ctx, digest);
MD5_Init(&ctx);
MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
MD5_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
@ -1250,7 +1250,7 @@ static int SSL_client_test(
goto client_test_exit;
}
ssl = ssl_client_new(*ssl_ctx, client_fd, session_id);
ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
/* check the return status */
if ((ret = ssl_handshake_status(ssl)))
@ -1469,7 +1469,7 @@ static void do_basic(void)
"../ssl/test/axTLS.ca_x509.cer", NULL))
goto error;
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL);
ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
/* check the return status */
if (ssl_handshake_status(ssl_clnt))
@ -1588,7 +1588,7 @@ void do_multi_clnt(multi_t *multi_data)
goto client_test_exit;
sleep(1);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL);
ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
if ((res = ssl_handshake_status(ssl)))
{

24
ssl/tls1.c
View File

@ -834,14 +834,14 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
q += strlen(label);
}
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
MD5Final(&md5_ctx, q);
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
MD5_Final(q, &md5_ctx);
q += MD5_SIZE;
SHA1Init(&sha1_ctx);
SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
SHA1Final(&sha1_ctx, q);
SHA1_Init(&sha1_ctx);
SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
SHA1_Final(q, &sha1_ctx);
q += SHA1_SIZE;
if (label)
@ -1532,8 +1532,8 @@ int send_certificate(SSL *ssl)
* Find if an existing session has the same session id. If so, use the
* master secret from this session for session resumption.
*/
SSL_SESS *ssl_session_update(int max_sessions,
SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id)
SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
SSL *ssl, const uint8_t *session_id)
{
time_t tm = time(NULL);
time_t oldest_sess_time = tm;
@ -1641,6 +1641,14 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
return ssl->session_id;
}
/*
* Get the session id size for a handshake.
*/
EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
{
return ssl->sess_id_size;
}
/*
* Return the cipher id (in the SSL form).
*/

3
ssl/tls1.h
View File

@ -29,6 +29,8 @@ extern "C" {
#endif
#include "version.h"
#include "crypto.h"
#include "crypto_misc.h"
/* Mutexing definitions */
#if defined(CONFIG_SSL_CTX_MUTEXING)
@ -156,6 +158,7 @@ struct _SSL
uint8_t record_type;
uint8_t chain_length;
uint8_t cipher;
uint8_t sess_id_size;
int16_t next_state;
int16_t hs_status;
uint8_t *all_pkts;

38
ssl/tls1_clnt.c
View File

@ -35,7 +35,8 @@ static int send_cert_verify(SSL *ssl);
/*
* Establish a new SSL connection to an SSL server.
*/
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
uint8_t *session_id, uint8_t sess_id_size)
{
SSL *ssl;
int ret;
@ -45,7 +46,14 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uin
if (session_id && ssl_ctx->num_sessions)
{
memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE);
if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
{
ssl_free(ssl);
return NULL;
}
memcpy(ssl->session_id, session_id, sess_id_size);
ssl->sess_id_size = sess_id_size;
SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
}
@ -176,11 +184,11 @@ static int send_client_hello(SSL *ssl)
offset = 6 + SSL_RANDOM_SIZE;
/* give session resumption a go */
if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially bu user */
if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */
{
buf[offset++] = SSL_SESSION_ID_SIZE;
memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE);
offset += SSL_SESSION_ID_SIZE;
buf[offset++] = ssl->sess_id_size;
memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
offset += ssl->sess_id_size;
CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */
}
else
@ -216,7 +224,7 @@ static int process_server_hello(SSL *ssl)
int offset;
int version = (buf[4] << 4) + buf[5];
int num_sessions = ssl->ssl_ctx->num_sessions;
uint8_t session_id_length;
uint8_t sess_id_size;
int ret = SSL_OK;
/* check that we are talking to a TLSv1 server */
@ -226,17 +234,25 @@ static int process_server_hello(SSL *ssl)
/* get the server random value */
memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
session_id_length = buf[offset++];
sess_id_size = buf[offset++];
if (num_sessions)
{
ssl->session = ssl_session_update(num_sessions,
ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
memcpy(ssl->session->session_id, &buf[offset], session_id_length);
memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
/* pad the rest with 0's */
if (sess_id_size < SSL_SESSION_ID_SIZE)
{
memset(&ssl->session->session_id[sess_id_size], 0,
SSL_SESSION_ID_SIZE-sess_id_size);
}
}
memcpy(ssl->session_id, &buf[offset], session_id_length);
offset += session_id_length;
memcpy(ssl->session_id, &buf[offset], sess_id_size);
ssl->sess_id_size = sess_id_size;
offset += sess_id_size;
/* get the real cipher we are using */
ssl->cipher = buf[++offset];

2
ssl/tls1_svr.c
View File

@ -311,12 +311,14 @@ static int send_server_hello(SSL *ssl)
/* retrieve id from session cache */
memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
ssl->sess_id_size = SSL_SESSION_ID_SIZE;
}
else /* generate our own session id */
#endif
{
get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
ssl->sess_id_size = SSL_SESSION_ID_SIZE;
#ifndef CONFIG_SSL_SKELETON_MODE
/* store id in session cache */

2
www/index.html
View File

File diff suppressed because one or more lines are too long