yassl_int.hpp

这个文件是windows mysql源码

/*
   Copyright (C) 2000-2007 MySQL AB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING. If not, write to the
   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
   MA  02110-1301  USA.
*/


/* yaSSL internal header defines SSL supporting types not specified in the
 * draft along with type conversion functions and openssl compatibility
 */


#ifndef yaSSL_INT_HPP
#define yaSSL_INT_HPP

#include "yassl_imp.hpp"
#include "yassl_error.hpp"
#include "crypto_wrapper.hpp"
#include "cert_wrapper.hpp"
#include "log.hpp"
#include "lock.hpp"
#include "openssl/ssl.h"  // ASN1_STRING and DH

// Check if _POSIX_THREADS should be forced
#if !defined(_POSIX_THREADS) && (defined(__NETWARE__) || defined(__hpux))
// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented
// Netware supports pthreads but does not announce it
#define _POSIX_THREADS
#endif

#ifdef _POSIX_THREADS
    #include <pthread.h>
#endif


namespace STL = STL_NAMESPACE;


namespace yaSSL {


// State Machine for Record Layer Protocol
enum RecordLayerState {
    recordNotReady = 0,         // fatal error, no more processing
    recordReady
};


// State Machine for HandShake Protocol
enum HandShakeState {
    handShakeNotReady = 0,      // fatal error, no more processing
    preHandshake,               // initial state
    inHandshake,                // handshake started
    handShakeReady              // handshake done
};


// client input HandShake state, use if HandShakeState == inHandShake
enum ClientState {
    serverNull = 0,
    serverHelloComplete,
    serverCertComplete,
    serverKeyExchangeComplete,
    serverHelloDoneComplete,
    serverFinishedComplete	
};


// server input HandShake state, use if HandShakeState == inHandShake
enum ServerState {
    clientNull = 0,
    clientHelloComplete,
    clientKeyExchangeComplete,
    clientFinishedComplete        
};


// client connect state for nonblocking restart
enum ConnectState {
    CONNECT_BEGIN = 0,
    CLIENT_HELLO_SENT,
    FIRST_REPLY_DONE,
    FINISHED_DONE,
    SECOND_REPLY_DONE
};


// server accpet state for nonblocking restart
enum AcceptState {
    ACCEPT_BEGIN = 0,
    ACCEPT_FIRST_REPLY_DONE,
    SERVER_HELLO_DONE,
    ACCEPT_SECOND_REPLY_DONE,
    ACCEPT_FINISHED_DONE,
    ACCEPT_THIRD_REPLY_DONE
};


// combines all states
class States {
    RecordLayerState recordLayer_;
    HandShakeState   handshakeLayer_;
    ClientState      clientState_;
    ServerState      serverState_;
    ConnectState     connectState_;
    AcceptState      acceptState_;
    char             errorString_[MAX_ERROR_SZ];
    YasslError       what_;
public:
    States();

    const RecordLayerState& getRecord()    const;
    const HandShakeState&   getHandShake() const;
    const ClientState&      getClient()    const;
    const ServerState&      getServer()    const;
    const ConnectState&     GetConnect()   const;
    const AcceptState&      GetAccept()    const;
    const char*             getString()    const;
          YasslError        What()         const;

    RecordLayerState& useRecord();
    HandShakeState&   useHandShake();
    ClientState&      useClient();
    ServerState&      useServer();
    ConnectState&     UseConnect();
    AcceptState&      UseAccept();
    char*             useString();
    void              SetError(YasslError);
private:
    States(const States&);              // hide copy
    States& operator=(const States&);   // and assign
};


// holds all factories
class sslFactory {
    MessageFactory      messageFactory_;        // creates new messages by type
    HandShakeFactory    handShakeFactory_;      // creates new handshake types
    ServerKeyFactory    serverKeyFactory_;      // creates new server key types
    ClientKeyFactory    clientKeyFactory_;      // creates new client key types

    sslFactory();                               // only GetSSL_Factory creates
public:
    const MessageFactory&   getMessage()   const;
    const HandShakeFactory& getHandShake() const;
    const ServerKeyFactory& getServerKey() const;
    const ClientKeyFactory& getClientKey() const;

    friend sslFactory& GetSSL_Factory();        // singleton creator
private:
    sslFactory(const sslFactory&);              // hide copy
    sslFactory& operator=(const sslFactory&);   // and assign   
};


#undef X509_NAME  // wincrypt.h clash

// openSSL X509 names
class X509_NAME {
    char* name_;
    size_t      sz_;
    ASN1_STRING entry_;
public:
    X509_NAME(const char*, size_t sz);
    ~X509_NAME();

    const char*  GetName() const;
    ASN1_STRING* GetEntry(int i);
    size_t       GetLength() const;
private:
    X509_NAME(const X509_NAME&);                // hide copy
    X509_NAME& operator=(const X509_NAME&);     // and assign
};


class StringHolder {
    ASN1_STRING  asnString_;
public:
    StringHolder(const char* str, int sz);
    ~StringHolder();

    ASN1_STRING* GetString();
private:
    StringHolder(const StringHolder&);                // hide copy
    StringHolder& operator=(const StringHolder&);     // and assign
};


// openSSL X509
class X509 {
    X509_NAME issuer_;
    X509_NAME subject_;
    StringHolder beforeDate_;   // not valid before
    StringHolder afterDate_;    // not valid after
public:
    X509(const char* i, size_t, const char* s, size_t,
         const char* b, int, const char* a, int);
    ~X509() {}

    X509_NAME* GetIssuer();
    X509_NAME* GetSubject();

    ASN1_STRING* GetBefore();
    ASN1_STRING* GetAfter();

private:
    X509(const X509&);              // hide copy
    X509& operator=(const X509&);   // and assign
};


// openSSL bignum
struct BIGNUM {
    /*
      gcc 2.96 fix: because of two Integer classes (yaSSL::Integer and
      TaoCrypt::Integer), we need to explicitly state the namespace
      here to let gcc 2.96 deduce the correct type.
    */
    yaSSL::Integer int_;
    void assign(const byte* b, uint s) { int_.assign(b,s); }
};


// openSSL session
class SSL_SESSION {
    opaque      sessionID_[ID_LEN];
    opaque      master_secret_[SECRET_LEN];
    Cipher      suite_[SUITE_LEN];
    uint        bornOn_;                        // create time in seconds
    uint        timeout_;                       // timeout in seconds
    RandomPool& random_;                        // will clean master secret
    X509*       peerX509_;
public:
    explicit SSL_SESSION(RandomPool&);
    SSL_SESSION(const SSL&, RandomPool&);
    ~SSL_SESSION();

    const opaque* GetID()      const;
    const opaque* GetSecret()  const;
    const Cipher* GetSuite()   const;
          uint    GetBornOn()  const;
          uint    GetTimeOut() const;
          X509*   GetPeerX509() const;
          void    SetTimeOut(uint);

    SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption
private:
    SSL_SESSION(const SSL_SESSION&);            // hide copy

    void CopyX509(X509*);
};


// holds all sessions
class Sessions {
    STL::list<SSL_SESSION*> list_;
    RandomPool random_;                 // for session cleaning
    Mutex      mutex_;                  // no-op for single threaded

    Sessions() {}                       // only GetSessions can create
public: 
    SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0);
    void         add(const SSL&);
    void         remove(const opaque*);

    ~Sessions();

    friend Sessions& GetSessions(); // singleton creator
private:
    Sessions(const Sessions&);              // hide copy
    Sessions& operator=(const Sessions&);   // and assign
};


#ifdef _POSIX_THREADS
    typedef pthread_t THREAD_ID_T;
#else
    typedef DWORD     THREAD_ID_T;
#endif

// thread error data
struct ThreadError {
    THREAD_ID_T threadID_;
    int         errorID_;
};


// holds all errors
class Errors {
    STL::list<ThreadError> list_;
    Mutex                  mutex_;

    Errors() {}                         // only GetErrors can create
public:
    int  Lookup(bool peek);             // self lookup
    void Add(int);              
    void Remove();                      // remove self

    ~Errors() {}

    friend Errors& GetErrors(); // singleton creator
private:
    Errors(const Errors&);              // hide copy
    Errors& operator=(const Errors);    // and assign
};


Sessions&   GetSessions();      // forward singletons
sslFactory& GetSSL_Factory();
Errors&     GetErrors();


// openSSL method and context types
class SSL_METHOD {
    ProtocolVersion version_;
    ConnectionEnd   side_;
    bool            verifyPeer_;    // request or send certificate
    bool            verifyNone_;    // whether to verify certificate
    bool            failNoCert_;
    bool            multipleProtocol_;  // for SSLv23 compatibility
public:
    SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv,
               bool multipleProtocol = false);

    ProtocolVersion getVersion() const;
    ConnectionEnd   getSide()    const;

    void setVerifyPeer();
    void setVerifyNone();
    void setFailNoCert();