Commit ee41dd77 authored by unknown's avatar unknown

Import patch from yaSSL

 - avoid allocating memory for each call to 'EVP_md5' and 
   'EVP_des_ede3_cbc' which were not released until server was stopped
 - Those functions are used from the SQL function 'des_encrypt' and
   'des_decrypt'.


extra/yassl/include/openssl/ssl.h:
  Import patch yassl.diff
extra/yassl/include/yassl_int.hpp:
  Import patch yassl.diff
extra/yassl/src/ssl.cpp:
  Import patch yassl.diff
extra/yassl/src/template_instnt.cpp:
  Import patch yassl.diff
extra/yassl/src/yassl_int.cpp:
  Import patch yassl.diff
parent 8487afee
......@@ -377,11 +377,9 @@ char* SSL_state_string_long(SSL*);
/* EVP stuff, des and md5, different file? */
typedef struct Digest Digest;
typedef Digest EVP_MD;
typedef char EVP_MD;
typedef struct BulkCipher BulkCipher;
typedef BulkCipher EVP_CIPHER;
typedef char EVP_CIPHER;
typedef struct EVP_PKEY EVP_PKEY;
......
......@@ -127,25 +127,6 @@ private:
};
// hold add crypt references provided to callers
class CryptProvider {
mySTL::list<Digest*> digestList_;
mySTL::list<BulkCipher*> cipherList_;
CryptProvider() {} // only GetCryptProvider creates
public:
~CryptProvider();
Digest* NewMd5();
BulkCipher* NewDesEde();
friend CryptProvider& GetCryptProvider();
private:
CryptProvider(const CryptProvider&); // hide copy
CryptProvider& operator=(const CryptProvider&); // and assign
};
CryptProvider& GetCryptProvider();
#undef X509_NAME // wincrypt.h clash
// openSSL X509 names
......
......@@ -811,25 +811,34 @@ const char* X509_verify_cert_error_string(long /* error */)
const EVP_MD* EVP_md5(void)
{
return GetCryptProvider().NewMd5();
static const char* type = "MD5";
return type;
}
const EVP_CIPHER* EVP_des_ede3_cbc(void)
{
return GetCryptProvider().NewDesEde();
static const char* type = "DES_EDE3_CBC";
return type;
}
int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
const byte* data, int sz, int count, byte* key, byte* iv)
{
EVP_MD* myMD = const_cast<EVP_MD*>(md);
uint digestSz = myMD->get_digestSize();
// only support MD5 for now
if (strncmp(md, "MD5", 3)) return 0;
// only support DES_EDE3_CBC for now
if (strncmp(type, "DES_EDE3_CBC", 12)) return 0;
yaSSL::MD5 myMD;
uint digestSz = myMD.get_digestSize();
byte digest[SHA_LEN]; // max size
int keyLen = type->get_keySize();
int ivLen = type->get_ivSize();
yaSSL::DES_EDE cipher;
int keyLen = cipher.get_keySize();
int ivLen = cipher.get_ivSize();
int keyLeft = keyLen;
int ivLeft = ivLen;
int keyOutput = 0;
......@@ -838,17 +847,17 @@ int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
int digestLeft = digestSz;
// D_(i - 1)
if (keyOutput) // first time D_0 is empty
myMD->update(digest, digestSz);
myMD.update(digest, digestSz);
// data
myMD->update(data, sz);
myMD.update(data, sz);
// salt
if (salt)
myMD->update(salt, EVP_SALT_SZ);
myMD->get_digest(digest);
myMD.update(salt, EVP_SALT_SZ);
myMD.get_digest(digest);
// count
for (int j = 1; j < count; j++) {
myMD->update(digest, digestSz);
myMD->get_digest(digest);
myMD.update(digest, digestSz);
myMD.get_digest(digest);
}
if (keyLeft) {
......
......@@ -86,7 +86,6 @@ template void ysDelete<X509>(X509*);
template void ysDelete<Message>(Message*);
template void ysDelete<sslFactory>(sslFactory*);
template void ysDelete<Sessions>(Sessions*);
template void ysDelete<CryptProvider>(CryptProvider*);
template void ysArrayDelete<unsigned char>(unsigned char*);
template void ysArrayDelete<char>(char*);
}
......
......@@ -1382,38 +1382,6 @@ sslFactory& GetSSL_Factory()
}
static CryptProvider* cryptProviderInstance = 0;
CryptProvider& GetCryptProvider()
{
if (!cryptProviderInstance)
cryptProviderInstance = NEW_YS CryptProvider;
return *cryptProviderInstance;
}
CryptProvider::~CryptProvider()
{
mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
}
Digest* CryptProvider::NewMd5()
{
Digest* ptr = NEW_YS MD5();
digestList_.push_back(ptr);
return ptr;
}
BulkCipher* CryptProvider::NewDesEde()
{
BulkCipher* ptr = NEW_YS DES_EDE();
cipherList_.push_back(ptr);
return ptr;
}
typedef Mutex::Lock Lock;
......@@ -2106,12 +2074,10 @@ ASN1_STRING* StringHolder::GetString()
extern "C" void yaSSL_CleanUp()
{
TaoCrypt::CleanUp();
yaSSL::ysDelete(yaSSL::cryptProviderInstance);
yaSSL::ysDelete(yaSSL::sslFactoryInstance);
yaSSL::ysDelete(yaSSL::sessionsInstance);
// In case user calls more than once, prevent seg fault
yaSSL::cryptProviderInstance = 0;
yaSSL::sslFactoryInstance = 0;
yaSSL::sessionsInstance = 0;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment