Commit ee41dd77 authored by unknown's avatar unknown

Import patch from yaSSL

 - avoid allocating memory for each call to 'EVP_md5' and 
   'EVP_des_ede3_cbc' which were not released until server was stopped
 - Those functions are used from the SQL function 'des_encrypt' and
   'des_decrypt'.


extra/yassl/include/openssl/ssl.h:
  Import patch yassl.diff
extra/yassl/include/yassl_int.hpp:
  Import patch yassl.diff
extra/yassl/src/ssl.cpp:
  Import patch yassl.diff
extra/yassl/src/template_instnt.cpp:
  Import patch yassl.diff
extra/yassl/src/yassl_int.cpp:
  Import patch yassl.diff
parent 8487afee
...@@ -377,11 +377,9 @@ char* SSL_state_string_long(SSL*); ...@@ -377,11 +377,9 @@ char* SSL_state_string_long(SSL*);
/* EVP stuff, des and md5, different file? */ /* EVP stuff, des and md5, different file? */
typedef struct Digest Digest; typedef char EVP_MD;
typedef Digest EVP_MD;
typedef struct BulkCipher BulkCipher; typedef char EVP_CIPHER;
typedef BulkCipher EVP_CIPHER;
typedef struct EVP_PKEY EVP_PKEY; typedef struct EVP_PKEY EVP_PKEY;
......
...@@ -127,25 +127,6 @@ private: ...@@ -127,25 +127,6 @@ private:
}; };
// hold add crypt references provided to callers
class CryptProvider {
mySTL::list<Digest*> digestList_;
mySTL::list<BulkCipher*> cipherList_;
CryptProvider() {} // only GetCryptProvider creates
public:
~CryptProvider();
Digest* NewMd5();
BulkCipher* NewDesEde();
friend CryptProvider& GetCryptProvider();
private:
CryptProvider(const CryptProvider&); // hide copy
CryptProvider& operator=(const CryptProvider&); // and assign
};
CryptProvider& GetCryptProvider();
#undef X509_NAME // wincrypt.h clash #undef X509_NAME // wincrypt.h clash
// openSSL X509 names // openSSL X509 names
......
...@@ -811,25 +811,34 @@ const char* X509_verify_cert_error_string(long /* error */) ...@@ -811,25 +811,34 @@ const char* X509_verify_cert_error_string(long /* error */)
const EVP_MD* EVP_md5(void) const EVP_MD* EVP_md5(void)
{ {
return GetCryptProvider().NewMd5(); static const char* type = "MD5";
return type;
} }
const EVP_CIPHER* EVP_des_ede3_cbc(void) const EVP_CIPHER* EVP_des_ede3_cbc(void)
{ {
return GetCryptProvider().NewDesEde(); static const char* type = "DES_EDE3_CBC";
return type;
} }
int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt, int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
const byte* data, int sz, int count, byte* key, byte* iv) const byte* data, int sz, int count, byte* key, byte* iv)
{ {
EVP_MD* myMD = const_cast<EVP_MD*>(md); // only support MD5 for now
uint digestSz = myMD->get_digestSize(); if (strncmp(md, "MD5", 3)) return 0;
// only support DES_EDE3_CBC for now
if (strncmp(type, "DES_EDE3_CBC", 12)) return 0;
yaSSL::MD5 myMD;
uint digestSz = myMD.get_digestSize();
byte digest[SHA_LEN]; // max size byte digest[SHA_LEN]; // max size
int keyLen = type->get_keySize(); yaSSL::DES_EDE cipher;
int ivLen = type->get_ivSize(); int keyLen = cipher.get_keySize();
int ivLen = cipher.get_ivSize();
int keyLeft = keyLen; int keyLeft = keyLen;
int ivLeft = ivLen; int ivLeft = ivLen;
int keyOutput = 0; int keyOutput = 0;
...@@ -838,17 +847,17 @@ int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt, ...@@ -838,17 +847,17 @@ int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
int digestLeft = digestSz; int digestLeft = digestSz;
// D_(i - 1) // D_(i - 1)
if (keyOutput) // first time D_0 is empty if (keyOutput) // first time D_0 is empty
myMD->update(digest, digestSz); myMD.update(digest, digestSz);
// data // data
myMD->update(data, sz); myMD.update(data, sz);
// salt // salt
if (salt) if (salt)
myMD->update(salt, EVP_SALT_SZ); myMD.update(salt, EVP_SALT_SZ);
myMD->get_digest(digest); myMD.get_digest(digest);
// count // count
for (int j = 1; j < count; j++) { for (int j = 1; j < count; j++) {
myMD->update(digest, digestSz); myMD.update(digest, digestSz);
myMD->get_digest(digest); myMD.get_digest(digest);
} }
if (keyLeft) { if (keyLeft) {
......
...@@ -86,7 +86,6 @@ template void ysDelete<X509>(X509*); ...@@ -86,7 +86,6 @@ template void ysDelete<X509>(X509*);
template void ysDelete<Message>(Message*); template void ysDelete<Message>(Message*);
template void ysDelete<sslFactory>(sslFactory*); template void ysDelete<sslFactory>(sslFactory*);
template void ysDelete<Sessions>(Sessions*); template void ysDelete<Sessions>(Sessions*);
template void ysDelete<CryptProvider>(CryptProvider*);
template void ysArrayDelete<unsigned char>(unsigned char*); template void ysArrayDelete<unsigned char>(unsigned char*);
template void ysArrayDelete<char>(char*); template void ysArrayDelete<char>(char*);
} }
......
...@@ -1382,38 +1382,6 @@ sslFactory& GetSSL_Factory() ...@@ -1382,38 +1382,6 @@ sslFactory& GetSSL_Factory()
} }
static CryptProvider* cryptProviderInstance = 0;
CryptProvider& GetCryptProvider()
{
if (!cryptProviderInstance)
cryptProviderInstance = NEW_YS CryptProvider;
return *cryptProviderInstance;
}
CryptProvider::~CryptProvider()
{
mySTL::for_each(digestList_.begin(), digestList_.end(), del_ptr_zero());
mySTL::for_each(cipherList_.begin(), cipherList_.end(), del_ptr_zero());
}
Digest* CryptProvider::NewMd5()
{
Digest* ptr = NEW_YS MD5();
digestList_.push_back(ptr);
return ptr;
}
BulkCipher* CryptProvider::NewDesEde()
{
BulkCipher* ptr = NEW_YS DES_EDE();
cipherList_.push_back(ptr);
return ptr;
}
typedef Mutex::Lock Lock; typedef Mutex::Lock Lock;
...@@ -2106,12 +2074,10 @@ ASN1_STRING* StringHolder::GetString() ...@@ -2106,12 +2074,10 @@ ASN1_STRING* StringHolder::GetString()
extern "C" void yaSSL_CleanUp() extern "C" void yaSSL_CleanUp()
{ {
TaoCrypt::CleanUp(); TaoCrypt::CleanUp();
yaSSL::ysDelete(yaSSL::cryptProviderInstance);
yaSSL::ysDelete(yaSSL::sslFactoryInstance); yaSSL::ysDelete(yaSSL::sslFactoryInstance);
yaSSL::ysDelete(yaSSL::sessionsInstance); yaSSL::ysDelete(yaSSL::sessionsInstance);
// In case user calls more than once, prevent seg fault // In case user calls more than once, prevent seg fault
yaSSL::cryptProviderInstance = 0;
yaSSL::sslFactoryInstance = 0; yaSSL::sslFactoryInstance = 0;
yaSSL::sessionsInstance = 0; yaSSL::sessionsInstance = 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment