31 #include "runtime.hpp"
32 #include "openssl/ssl.h"
33 #include "handshake.hpp"
34 #include "yassl_int.hpp"
39 #include "helpers.hpp"
45 #include <sys/types.h>
55 int read_file(SSL_CTX* ctx,
const char*
file,
int format, CertType
type)
57 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
58 return SSL_BAD_FILETYPE;
60 if (file == NULL || !file[0])
63 FILE* input = fopen(file,
"rb");
70 while ( (ptr = PemToDer(input, Cert)) )
79 x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
81 if (format == SSL_FILETYPE_ASN1) {
82 fseek(input, 0, SEEK_END);
83 long sz = ftell(input);
86 size_t bytes = fread(x->use_buffer(), sz, 1, input);
94 x = PemToDer(input, type, &info);
102 pem_password_cb cb = ctx->GetPasswordCb();
107 int passwordSz = cb(password,
sizeof(password), 0,
109 byte key[AES_256_KEY_SZ];
115 memcpy(info.iv, source.get_buffer(), min((uint)
sizeof(info.iv),
117 EVP_BytesToKey(info.name,
"MD5", info.iv, (byte*)password,
118 passwordSz, 1, key, iv);
121 if (strncmp(info.name,
"DES-CBC", 7) == 0)
122 cipher.reset(NEW_YS DES);
123 else if (strncmp(info.name,
"DES-EDE3-CBC", 13) == 0)
124 cipher.reset(NEW_YS DES_EDE);
125 else if (strncmp(info.name,
"AES-128-CBC", 13) == 0)
126 cipher.reset(NEW_YS AES(AES_128_KEY_SZ));
127 else if (strncmp(info.name,
"AES-192-CBC", 13) == 0)
128 cipher.reset(NEW_YS AES(AES_192_KEY_SZ));
129 else if (strncmp(info.name,
"AES-256-CBC", 13) == 0)
130 cipher.reset(NEW_YS AES(AES_256_KEY_SZ));
135 cipher->set_decryptKey(key, info.iv);
137 cipher->decrypt(newx->use_buffer(), x->get_buffer(),
152 SSL_METHOD* SSLv3_method()
154 return SSLv3_client_method();
158 SSL_METHOD* SSLv3_server_method()
160 return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,0));
164 SSL_METHOD* SSLv3_client_method()
166 return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,0));
170 SSL_METHOD* TLSv1_server_method()
172 return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1));
176 SSL_METHOD* TLSv1_client_method()
178 return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1));
182 SSL_METHOD* TLSv1_1_server_method()
184 return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
188 SSL_METHOD* TLSv1_1_client_method()
190 return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
194 SSL_METHOD* SSLv23_server_method()
197 return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2),
true);
201 SSL_METHOD* SSLv23_client_method()
206 return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2),
true);
210 SSL_CTX* SSL_CTX_new(SSL_METHOD* method)
212 return NEW_YS SSL_CTX(method);
216 void SSL_CTX_free(SSL_CTX* ctx)
222 SSL* SSL_new(SSL_CTX* ctx)
224 return NEW_YS SSL(ctx);
228 void SSL_free(SSL* ssl)
234 int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
236 ssl->useSocket().set_fd(fd);
241 YASSL_SOCKET_T SSL_get_fd(
const SSL* ssl)
243 return ssl->getSocket().get_fd();
248 int SSL_connect(SSL* ssl)
250 if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
251 ssl->SetError(no_error);
253 if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
255 ssl->SetError(no_error);
256 ssl->SendWriteBuffered();
257 if (!ssl->GetError())
258 ssl->useStates().UseConnect() =
259 ConnectState(ssl->getStates().GetConnect() + 1);
262 ClientState neededState;
264 switch (ssl->getStates().GetConnect()) {
267 sendClientHello(*ssl);
268 if (!ssl->GetError())
269 ssl->useStates().UseConnect() = CLIENT_HELLO_SENT;
271 case CLIENT_HELLO_SENT :
272 neededState = ssl->getSecurity().get_resuming() ?
273 serverFinishedComplete : serverHelloDoneComplete;
274 while (ssl->getStates().getClient() < neededState) {
275 if (ssl->GetError())
break;
278 if (neededState == serverFinishedComplete)
279 if (!ssl->getSecurity().get_resuming())
280 neededState = serverHelloDoneComplete;
282 if (!ssl->GetError())
283 ssl->useStates().UseConnect() = FIRST_REPLY_DONE;
285 case FIRST_REPLY_DONE :
286 if(ssl->getCrypto().get_certManager().sendVerify())
287 sendCertificate(*ssl);
289 if (!ssl->getSecurity().get_resuming())
290 sendClientKeyExchange(*ssl);
292 if(ssl->getCrypto().get_certManager().sendVerify())
293 sendCertificateVerify(*ssl);
295 sendChangeCipher(*ssl);
296 sendFinished(*ssl, client_end);
299 if (!ssl->GetError())
300 ssl->useStates().UseConnect() = FINISHED_DONE;
303 if (!ssl->getSecurity().get_resuming())
304 while (ssl->getStates().getClient() < serverFinishedComplete) {
305 if (ssl->GetError())
break;
308 if (!ssl->GetError())
309 ssl->useStates().UseConnect() = SECOND_REPLY_DONE;
311 case SECOND_REPLY_DONE :
312 ssl->verifyState(serverFinishedComplete);
313 ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
315 if (ssl->GetError()) {
316 GetErrors().Add(ssl->GetError());
317 return SSL_FATAL_ERROR;
322 return SSL_FATAL_ERROR;
327 int SSL_write(SSL* ssl,
const void* buffer,
int sz)
329 return sendData(*ssl, buffer, sz);
333 int SSL_read(SSL* ssl,
void* buffer,
int sz)
335 Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
336 return receiveData(*ssl, data);
340 int SSL_accept(SSL* ssl)
342 if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
343 ssl->SetError(no_error);
345 if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
347 ssl->SetError(no_error);
348 ssl->SendWriteBuffered();
349 if (!ssl->GetError())
350 ssl->useStates().UseAccept() =
351 AcceptState(ssl->getStates().GetAccept() + 1);
354 switch (ssl->getStates().GetAccept()) {
358 if (!ssl->GetError())
359 ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE;
361 case ACCEPT_FIRST_REPLY_DONE :
362 sendServerHello(*ssl);
364 if (!ssl->getSecurity().get_resuming()) {
365 sendCertificate(*ssl);
367 if (ssl->getSecurity().get_connection().send_server_key_)
368 sendServerKeyExchange(*ssl);
370 if(ssl->getCrypto().get_certManager().verifyPeer())
371 sendCertificateRequest(*ssl);
373 sendServerHelloDone(*ssl);
377 if (!ssl->GetError())
378 ssl->useStates().UseAccept() = SERVER_HELLO_DONE;
380 case SERVER_HELLO_DONE :
381 if (!ssl->getSecurity().get_resuming()) {
382 while (ssl->getStates().getServer() < clientFinishedComplete) {
383 if (ssl->GetError())
break;
387 if (!ssl->GetError())
388 ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE;
390 case ACCEPT_SECOND_REPLY_DONE :
391 sendChangeCipher(*ssl);
392 sendFinished(*ssl, server_end);
395 if (!ssl->GetError())
396 ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE;
398 case ACCEPT_FINISHED_DONE :
399 if (ssl->getSecurity().get_resuming()) {
400 while (ssl->getStates().getServer() < clientFinishedComplete) {
401 if (ssl->GetError())
break;
405 if (!ssl->GetError())
406 ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE;
408 case ACCEPT_THIRD_REPLY_DONE :
409 ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
411 if (ssl->GetError()) {
412 GetErrors().Add(ssl->GetError());
413 return SSL_FATAL_ERROR;
418 return SSL_FATAL_ERROR;
423 int SSL_do_handshake(SSL* ssl)
425 if (ssl->getSecurity().get_parms().entity_ == client_end)
426 return SSL_connect(ssl);
428 return SSL_accept(ssl);
432 int SSL_clear(SSL* ssl)
434 GetErrors().Remove();
440 int SSL_shutdown(SSL* ssl)
442 if (!ssl->GetQuietShutdown()) {
443 Alert alert(warning, close_notify);
444 sendAlert(*ssl, alert);
446 ssl->useLog().ShowTCP(ssl->getSocket().get_fd(),
true);
448 GetErrors().Remove();
454 void SSL_set_quiet_shutdown(SSL *ssl,
int mode)
456 ssl->SetQuietShutdown(mode != 0);
460 int SSL_get_quiet_shutdown(SSL *ssl)
462 return ssl->GetQuietShutdown();
467 long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx,
long mode)
469 if (mode == SSL_SESS_CACHE_OFF)
470 ctx->SetSessionCacheOff();
472 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
473 ctx->SetSessionCacheFlushOff();
479 SSL_SESSION* SSL_get_session(SSL* ssl)
481 if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
484 return GetSessions().lookup(
485 ssl->getSecurity().get_connection().sessionID_);
489 int SSL_set_session(SSL* ssl, SSL_SESSION* session)
491 if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
494 ssl->set_session(session);
499 int SSL_session_reused(SSL* ssl)
501 return ssl->getSecurity().get_resuming();
505 long SSL_SESSION_set_timeout(SSL_SESSION* sess,
long t)
508 return SSL_ERROR_NONE;
515 long SSL_get_default_timeout(SSL* )
517 return DEFAULT_TIMEOUT;
521 void SSL_flush_sessions(SSL_CTX *ctx,
long )
523 if (ctx->GetSessionCacheOff())
526 GetSessions().Flush();
530 const char* SSL_get_cipher_name(SSL* ssl)
532 return SSL_get_cipher(ssl);
536 const char* SSL_get_cipher(SSL* ssl)
538 return ssl->getSecurity().get_parms().cipher_name_;
543 char* SSL_get_shared_ciphers(SSL* ,
char*
buf,
int len)
545 return strncpy(buf,
"Not Implemented, SSLv2 only", len);
549 const char* SSL_get_cipher_list(SSL* ssl,
int priority)
551 if (priority < 0 || priority >= MAX_CIPHERS)
554 if (ssl->getSecurity().get_parms().cipher_list_[priority][0])
555 return ssl->getSecurity().get_parms().cipher_list_[priority];
561 int SSL_CTX_set_cipher_list(SSL_CTX* ctx,
const char* list)
563 if (ctx->SetCipherList(list))
570 const char* SSL_get_version(SSL* ssl)
572 static const char* version3 =
"SSLv3";
573 static const char* version31 =
"TLSv1";
575 return ssl->isTLS() ? version31 : version3;
578 const char* SSLeay_version(
int)
580 static const char* version =
"SSLeay yaSSL compatibility";
585 int SSL_get_error(SSL* ssl,
int )
587 return ssl->getStates().What();
597 int SSL_set_compression(SSL* ssl)
599 return ssl->SetCompression();
604 X509* SSL_get_peer_certificate(SSL* ssl)
606 return ssl->getCrypto().get_certManager().get_peerX509();
610 void X509_free(X509* )
619 return ctx->current_cert;
631 return ctx->error_depth;
637 char* X509_NAME_oneline(X509_NAME*
name,
char* buffer,
int sz)
639 if (!name->GetName())
return buffer;
641 int len = (int)strlen(name->GetName()) + 1;
642 int copySz = min(len, sz);
645 buffer = (
char*)malloc(len);
646 if (!buffer)
return buffer;
653 memcpy(buffer, name->GetName(), copySz - 1);
654 buffer[copySz - 1] = 0;
660 X509_NAME* X509_get_issuer_name(X509* x)
662 return x->GetIssuer();
666 X509_NAME* X509_get_subject_name(X509* x)
668 return x->GetSubject();
672 void SSL_load_error_strings()
676 void SSL_set_connect_state(SSL*)
682 void SSL_set_accept_state(SSL* ssl)
684 ssl->useSecurity().use_parms().entity_ = server_end;
688 long SSL_get_verify_result(SSL*)
695 long SSL_CTX_sess_set_cache_size(SSL_CTX* ,
long )
702 long SSL_CTX_get_session_cache_mode(SSL_CTX*)
709 long SSL_CTX_set_tmp_dh(SSL_CTX* ctx,
DH* dh)
718 int SSL_CTX_use_certificate_file(SSL_CTX* ctx,
const char* file,
int format)
720 return read_file(ctx, file, format, Cert);
724 int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx,
const char* file,
int format)
726 return read_file(ctx, file, format, PrivateKey);
730 void SSL_CTX_set_verify(SSL_CTX* ctx,
int mode, VerifyCallback vc)
732 if (mode & SSL_VERIFY_PEER)
733 ctx->setVerifyPeer();
735 if (mode == SSL_VERIFY_NONE)
736 ctx->setVerifyNone();
738 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
739 ctx->setFailNoCert();
741 ctx->setVerifyCallback(vc);
745 int SSL_CTX_load_verify_locations(SSL_CTX* ctx,
const char* file,
748 int ret = SSL_FAILURE;
749 const int HALF_PATH = 128;
751 if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA);
753 if (ret == SSL_SUCCESS && path) {
757 WIN32_FIND_DATA FindFileData;
760 char name[MAX_PATH + 1];
761 strncpy(name, path, MAX_PATH - 3);
762 strncat(name,
"\\*", 3);
764 hFind = FindFirstFile(name, &FindFileData);
765 if (hFind == INVALID_HANDLE_VALUE)
return SSL_BAD_PATH;
768 if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
769 strncpy(name, path, MAX_PATH - 2 - HALF_PATH);
770 strncat(name,
"\\", 2);
771 strncat(name, FindFileData.cFileName, HALF_PATH);
772 ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
774 }
while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData));
780 const int MAX_PATH = 260;
782 DIR* dir = opendir(path);
783 if (!dir)
return SSL_BAD_PATH;
785 struct dirent*
entry;
787 char name[MAX_PATH + 1];
789 while (ret == SSL_SUCCESS && (entry = readdir(dir))) {
790 strncpy(name, path, MAX_PATH - 1 - HALF_PATH);
791 strncat(name,
"/", 1);
792 strncat(name, entry->d_name, HALF_PATH);
793 if (stat(name, &
buf) < 0)
return SSL_BAD_STAT;
795 if (S_ISREG(
buf.st_mode))
796 ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
808 int SSL_CTX_set_default_verify_paths(SSL_CTX* )
811 return SSL_NOT_IMPLEMENTED;
815 int SSL_CTX_set_session_id_context(SSL_CTX*,
const unsigned char*,
823 int SSL_CTX_check_private_key(SSL_CTX* )
826 return SSL_NOT_IMPLEMENTED;
831 long SSL_CTX_sess_accept(SSL_CTX* ctx)
833 return ctx->GetStats().accept_;
837 long SSL_CTX_sess_connect(SSL_CTX* ctx)
839 return ctx->GetStats().connect_;
843 long SSL_CTX_sess_accept_good(SSL_CTX* ctx)
845 return ctx->GetStats().acceptGood_;
849 long SSL_CTX_sess_connect_good(SSL_CTX* ctx)
851 return ctx->GetStats().connectGood_;
855 long SSL_CTX_sess_accept_renegotiate(SSL_CTX* ctx)
857 return ctx->GetStats().acceptRenegotiate_;
861 long SSL_CTX_sess_connect_renegotiate(SSL_CTX* ctx)
863 return ctx->GetStats().connectRenegotiate_;
867 long SSL_CTX_sess_hits(SSL_CTX* ctx)
869 return ctx->GetStats().hits_;
873 long SSL_CTX_sess_cb_hits(SSL_CTX* ctx)
875 return ctx->GetStats().cbHits_;
879 long SSL_CTX_sess_cache_full(SSL_CTX* ctx)
881 return ctx->GetStats().cacheFull_;
885 long SSL_CTX_sess_misses(SSL_CTX* ctx)
887 return ctx->GetStats().misses_;
891 long SSL_CTX_sess_timeouts(SSL_CTX* ctx)
893 return ctx->GetStats().timeouts_;
897 long SSL_CTX_sess_number(SSL_CTX* ctx)
899 return ctx->GetStats().number_;
903 long SSL_CTX_sess_get_cache_size(SSL_CTX* ctx)
905 return ctx->GetStats().getCacheSize_;
910 int SSL_CTX_get_verify_mode(SSL_CTX* ctx)
912 return ctx->GetStats().verifyMode_;
916 int SSL_get_verify_mode(SSL* ssl)
918 return ssl->getSecurity().GetContext()->GetStats().verifyMode_;
922 int SSL_CTX_get_verify_depth(SSL_CTX* ctx)
924 return ctx->GetStats().verifyDepth_;
928 int SSL_get_verify_depth(SSL* ssl)
930 return ssl->getSecurity().GetContext()->GetStats().verifyDepth_;
934 long SSL_CTX_set_options(SSL_CTX*,
long)
941 void SSL_CTX_set_info_callback(SSL_CTX*,
void (*)())
947 void OpenSSL_add_all_algorithms()
951 int SSL_library_init()
976 BIGNUM* BN_bin2bn(
const unsigned char* num,
int sz, BIGNUM* retVal)
978 bool created =
false;
983 bn.reset(NEW_YS BIGNUM);
987 retVal->assign(num, sz);
996 unsigned long ERR_get_error_line_data(
const char**,
int*,
const char**,
int *)
1003 void ERR_print_errors_fp(FILE* )
1010 char* ERR_error_string(
unsigned long errNumber,
char* buffer)
1012 static char*
msg = (
char*)
"Please supply a buffer for error string";
1015 SetErrorString(YasslError(errNumber), buffer);
1023 const char* X509_verify_cert_error_string(
long )
1026 static const char* msg =
"Not Implemented";
1031 const EVP_MD* EVP_md5(
void)
1033 static const char* type =
"MD5";
1038 const EVP_CIPHER* EVP_des_ede3_cbc(
void)
1040 static const char* type =
"DES-EDE3-CBC";
1045 int EVP_BytesToKey(
const EVP_CIPHER* type,
const EVP_MD* md,
const byte* salt,
1046 const byte* data,
int sz,
int count, byte* key, byte* iv)
1049 if (strncmp(md,
"MD5", 3))
return 0;
1055 if (strncmp(type,
"DES-CBC", 7) == 0) {
1056 keyLen = DES_KEY_SZ;
1059 else if (strncmp(type,
"DES-EDE3-CBC", 12) == 0) {
1060 keyLen = DES_EDE_KEY_SZ;
1063 else if (strncmp(type,
"AES-128-CBC", 11) == 0) {
1064 keyLen = AES_128_KEY_SZ;
1067 else if (strncmp(type,
"AES-192-CBC", 11) == 0) {
1068 keyLen = AES_192_KEY_SZ;
1071 else if (strncmp(type,
"AES-256-CBC", 11) == 0) {
1072 keyLen = AES_256_KEY_SZ;
1079 uint digestSz = myMD.get_digestSize();
1080 byte digest[SHA_LEN];
1082 int keyLeft = keyLen;
1086 while (keyOutput < (keyLen + ivLen)) {
1087 int digestLeft = digestSz;
1090 myMD.update(digest, digestSz);
1092 myMD.update(data, sz);
1095 myMD.update(salt, EVP_SALT_SZ);
1096 myMD.get_digest(digest);
1098 for (
int j = 1; j < count; j++) {
1099 myMD.update(digest, digestSz);
1100 myMD.get_digest(digest);
1104 int store = min(keyLeft, static_cast<int>(digestSz));
1105 memcpy(&key[keyLen - keyLeft], digest, store);
1109 digestLeft -= store;
1112 if (ivLeft && digestLeft) {
1113 int store = min(ivLeft, digestLeft);
1114 memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store);
1125 void DES_set_key_unchecked(const_DES_cblock* key, DES_key_schedule* schedule)
1127 memcpy(schedule, key,
sizeof(const_DES_cblock));
1131 void DES_ede3_cbc_encrypt(
const byte* input, byte* output,
long sz,
1132 DES_key_schedule* ks1, DES_key_schedule* ks2,
1133 DES_key_schedule* ks3, DES_cblock* ivec,
int enc)
1136 byte key[DES_EDE_KEY_SZ];
1138 memcpy(key, *ks1, DES_BLOCK);
1139 memcpy(&key[DES_BLOCK], *ks2, DES_BLOCK);
1140 memcpy(&key[DES_BLOCK * 2], *ks3, DES_BLOCK);
1143 des.set_encryptKey(key, *ivec);
1144 des.encrypt(output, input, sz);
1147 des.set_decryptKey(key, *ivec);
1148 des.decrypt(output, input, sz);
1160 int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
1162 memcpy(schedule, key,
sizeof(const_DES_cblock));
1167 void DES_set_odd_parity(DES_cblock* key)
1173 void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
1174 DES_key_schedule* key,
int enc)
1179 des.set_encryptKey(*key, 0);
1180 des.encrypt(*output, *input, DES_BLOCK);
1183 des.set_decryptKey(*key, 0);
1184 des.decrypt(*output, *input, DES_BLOCK);
1189 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx,
void* userdata)
1191 ctx->SetUserData(userdata);
1195 X509* SSL_get_certificate(SSL* ssl)
1197 return ssl->getCrypto().get_certManager().get_selfX509();
1201 EVP_PKEY* SSL_get_privatekey(SSL* ssl)
1208 void SSL_SESSION_free(SSL_SESSION* session)
1215 EVP_PKEY* X509_get_pubkey(X509* x)
1222 int EVP_PKEY_copy_parameters(EVP_PKEY*
to,
const EVP_PKEY* from)
1229 void EVP_PKEY_free(EVP_PKEY* pkey)
1235 void ERR_error_string_n(
unsigned long e,
char *
buf,
size_t len)
1237 if (len) ERR_error_string(e, buf);
1241 void ERR_free_strings(
void)
1247 void EVP_cleanup(
void)
1253 ASN1_TIME* X509_get_notBefore(X509* x)
1255 if (x)
return x->GetBefore();
1260 ASN1_TIME* X509_get_notAfter(X509* x)
1262 if (x)
return x->GetAfter();
1267 SSL_METHOD* SSLv2_client_method(
void)
1273 SSL_SESSION* SSL_get1_session(SSL* ssl)
1275 return SSL_get_session(ssl);
1301 if (x)
return x->data;
1308 if (x)
return x->length;
1315 if (x)
return x->type;
1320 int X509_NAME_get_index_by_NID(X509_NAME* name,
int nid,
int lastpos)
1323 const char* start = &name->GetName()[lastpos + 1];
1326 case NID_commonName:
1327 const char* found = strstr(start,
"/CN=");
1330 idx = found - start + lastpos + 1;
1348 return name->GetEntry(loc);
1353 int ASN1_STRING_to_UTF8(
unsigned char** out,
ASN1_STRING* in)
1357 *out = (
unsigned char*)malloc(in->length + 1);
1359 memcpy(*out, in->data, in->length);
1360 (*out)[in->length] = 0;
1366 void* X509_get_ext_d2i(X509* x,
int nid,
int* crit,
int* idx)
1376 typedef char ok[
sizeof(md4->buffer) >=
sizeof(
TaoCrypt::MD4) ? 1 : -1];
1385 void MD4_Update(
MD4_CTX* md4,
const void* data,
unsigned long sz)
1388 static_cast<const byte*>(data),
static_cast<unsigned int>(sz));
1392 void MD4_Final(
unsigned char* hash,
MD4_CTX* md4)
1401 typedef char ok[
sizeof(md5->buffer) >=
sizeof(
TaoCrypt::MD5) ? 1 : -1];
1410 void MD5_Update(
MD5_CTX* md5,
const void* data,
unsigned long sz)
1413 static_cast<const byte*>(data),
static_cast<unsigned int>(sz));
1417 void MD5_Final(
unsigned char* hash,
MD5_CTX* md5)
1423 int RAND_bytes(
unsigned char* buf,
int num)
1427 if (ran.GetError())
return 0;
1434 int SSL_peek(SSL* ssl,
void* buffer,
int sz)
1436 Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
1437 return receiveData(*ssl, data,
true);
1441 int SSL_pending(SSL* ssl)
1445 SSL_peek(ssl, &c, 1);
1447 return ssl->bufferedData();
1451 void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
1453 ctx->SetPasswordCb(cb);
1457 int SSLeay_add_ssl_algorithms()
1463 void ERR_remove_state(
unsigned long)
1465 GetErrors().Remove();
1469 int ERR_GET_REASON(
int l)
1475 unsigned long err_helper(
bool peek =
false)
1477 int ysError = GetErrors().Lookup(peek);
1481 case TaoCrypt::SIG_OTHER_E:
1482 return CERTFICATE_ERROR;
1492 unsigned long ERR_peek_error()
1494 return err_helper(
true);
1498 unsigned long ERR_get_error()
1500 return err_helper();
1512 const char* RAND_file_name(
char*,
size_t)
1519 int RAND_write_file(
const char*)
1526 int RAND_load_file(
const char*,
long)
1539 RSA* RSA_generate_key(
int,
unsigned long,
void(*)(
int,
int,
void*),
void*)
1546 int X509_LOOKUP_add_dir(X509_LOOKUP*,
const char*,
long)
1553 int X509_LOOKUP_load_file(X509_LOOKUP*,
const char*,
long)
1560 X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(
void)
1567 X509_LOOKUP_METHOD* X509_LOOKUP_file(
void)
1574 X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*)
1588 X509_STORE* X509_STORE_new(
void)
1594 char* SSL_alert_type_string_long(
int)
1601 char* SSL_alert_desc_string_long(
int)
1608 char* SSL_state_string_long(SSL*)
1615 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*,
int,
int))
1621 long SSL_CTX_set_timeout(SSL_CTX*,
long)
1628 int SSL_CTX_use_certificate_chain_file(SSL_CTX*,
const char*)
1635 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*,
const char*,
int)
1642 int SSL_set_rfd(SSL*,
int)
1648 int SSL_set_wfd(SSL*,
int)
1654 int SSL_want_read(SSL*)
1660 int SSL_want_write(SSL*)
1666 void SSL_set_shutdown(SSL*,
int)
1672 SSL_CIPHER* SSL_get_current_cipher(SSL*)
1679 char* SSL_CIPHER_description(SSL_CIPHER*,
char*,
int)
1689 char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time,
char *buf,
size_t len)
1692 static const char *month_names[12]=
1694 "Jan",
"Feb",
"Mar",
"Apr",
"May",
"Jun",
1695 "Jul",
"Aug",
"Sep",
"Oct",
"Nov",
"Dec"
1698 TaoCrypt::ASN1_TIME_extract(time->data, time->type, &t);
1699 snprintf(buf, len,
"%s %2d %02d:%02d:%02d %d GMT",
1700 month_names[t.tm_mon], t.tm_mday, t.tm_hour, t.tm_min,
1701 t.tm_sec, t.tm_year + 1900);
1706 void yaSSL_transport_set_ptr(SSL *ssl,
void *ptr)
1708 ssl->useSocket().set_transport_ptr(ptr);
1712 void yaSSL_transport_set_recv_function(SSL *ssl, yaSSL_recv_func_t func)
1714 ssl->useSocket().set_transport_recv_function(func);
1718 void yaSSL_transport_set_send_function(SSL *ssl, yaSSL_send_func_t func)
1720 ssl->useSocket().set_transport_send_function(func);