Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Release 8.6

  • Loading branch information...
commit a98bd0716f2770db412dfe91221e34977320ebd9 1 parent 4d7196f
@hsleisink authored
Showing with 9,468 additions and 2,379 deletions.
  1. +28 −28 CMakeFiles.txt
  2. +6 −8 CMakeLists.txt
  3. +21 −8 ChangeLog
  4. +0 −1  INSTALL
  5. +0 −1  config.h.in
  6. +1 −1  config/index.xslt
  7. +2 −0  config/php-fcgi.conf.in
  8. +0 −47 extra/config.h
  9. +1 −1  extra/debian/copyright
  10. +1 −1  extra/debian/hiawatha.dsc
  11. +1 −1  extra/debian/init.d/hiawatha
  12. +1 −1  extra/debian/init.d/php-fcgi
  13. +22 −35 extra/index.html
  14. +4 −0 extra/macosx/Conclusion.txt
  15. +21 −0 extra/macosx/Distribution.xml
  16. +0 −1  extra/macosx/Introduction.txt
  17. +0 −3  extra/macosx/Readme.txt
  18. +3 −0  extra/macosx/Welcome.txt
  19. +0 −1  extra/macosx/hiawatha.pmdoc/01root-contents.xml
  20. +0 −1  extra/macosx/hiawatha.pmdoc/01root.xml
  21. BIN  extra/macosx/hiawatha.pmdoc/hiawatha_logo.png
  22. +0 −1  extra/macosx/hiawatha.pmdoc/index.xml
  23. +1 −1  extra/make_debian_package
  24. +4 −17 extra/make_macosx_package
  25. +2 −2 extra/make_windows_package
  26. +0 −4 man/cgi-wrapper.1.in
  27. +36 −33 man/hiawatha.1.in
  28. +3 −0  man/php-fcgi.1.in
  29. +1 −1  man/ssi-cgi.1
  30. +5 −1 man/wigwam.1
  31. +13 −7 polarssl/CMakeLists.txt
  32. +74 −0 polarssl/ChangeLog
  33. +9 −2 polarssl/include/polarssl/aes.h
  34. +8 −6 polarssl/include/polarssl/asn1.h
  35. +46 −0 polarssl/include/polarssl/asn1write.h
  36. +71 −28 polarssl/include/polarssl/bignum.h
  37. +161 −0 polarssl/include/polarssl/blowfish.h
  38. +123 −23 polarssl/include/polarssl/bn_mul.h
  39. +13 −6 polarssl/include/polarssl/cipher.h
  40. +17 −1 polarssl/include/polarssl/cipher_wrap.h
  41. +174 −29 polarssl/include/polarssl/config.h
  42. +1 −1  polarssl/include/polarssl/debug.h
  43. +9 −2 polarssl/include/polarssl/des.h
  44. +91 −0 polarssl/include/polarssl/dhm.h
  45. +7 −3 polarssl/include/polarssl/error.h
  46. +142 −0 polarssl/include/polarssl/gcm.h
  47. +1 −1  polarssl/include/polarssl/havege.h
  48. +9 −2 polarssl/include/polarssl/md4.h
  49. +9 −2 polarssl/include/polarssl/md5.h
  50. +1 −1  polarssl/include/polarssl/net.h
  51. +9 −1 polarssl/include/polarssl/padlock.h
  52. +80 −0 polarssl/include/polarssl/pbkdf2.h
  53. +35 −0 polarssl/include/polarssl/pkcs11.h
  54. +7 −0 polarssl/include/polarssl/rsa.h
  55. +9 −2 polarssl/include/polarssl/sha1.h
  56. +9 −2 polarssl/include/polarssl/sha2.h
  57. +6 −6 polarssl/include/polarssl/sha4.h
  58. +495 −117 polarssl/include/polarssl/ssl.h
  59. +116 −0 polarssl/include/polarssl/ssl_cache.h
  60. +5 −5 polarssl/include/polarssl/version.h
  61. +42 −4 polarssl/include/polarssl/x509.h
  62. +46 −0 polarssl/include/polarssl/x509write.h
  63. +14 −2 polarssl/library/CMakeLists.txt
  64. +25 −9 polarssl/library/Makefile
  65. +126 −113 polarssl/library/aes.c
  66. +241 −0 polarssl/library/asn1write.c
  67. +9 −2 polarssl/library/base64.c
  68. +35 −10 polarssl/library/bignum.c
  69. +629 −0 polarssl/library/blowfish.c
  70. +23 −26 polarssl/library/camellia.c
  71. +81 −7 polarssl/library/cipher.c
  72. +166 −7 polarssl/library/cipher_wrap.c
  73. +8 −12 polarssl/library/ctr_drbg.c
  74. +2 −2 polarssl/library/debug.c
  75. +41 −41 polarssl/library/des.c
  76. +7 −7 polarssl/library/dhm.c
  77. +45 −1 polarssl/library/error.c
  78. +624 −0 polarssl/library/gcm.c
  79. +37 −37 polarssl/library/md4.c
  80. +37 −37 polarssl/library/md5.c
  81. +18 −0 polarssl/library/md_wrap.c
  82. +15 −5 polarssl/library/net.c
  83. +6 −6 polarssl/library/padlock.c
  84. +215 −0 polarssl/library/pbkdf2.c
  85. +74 −24 polarssl/library/rsa.c
  86. +38 −38 polarssl/library/sha1.c
  87. +42 −42 polarssl/library/sha2.c
  88. +14 −14 polarssl/library/sha4.c
  89. +180 −0 polarssl/library/ssl_cache.c
  90. +614 −137 polarssl/library/ssl_cli.c
  91. +684 −365 polarssl/library/ssl_srv.c
  92. +2,068 −567 polarssl/library/ssl_tls.c
  93. +67 −26 polarssl/library/timing.c
  94. +487 −106 polarssl/library/x509parse.c
  95. +287 −0 polarssl/library/x509write.c
  96. +13 −13 polarssl/library/xtea.c
  97. +12 −0 polarssl/upgrade
  98. +1 −1  src/cache.c
  99. +1 −1  src/cgi.c
  100. +4 −0 src/client.c
  101. +1 −1  src/envir.c
  102. +73 −33 src/hiawatha.c
  103. +2 −2 src/http.c
  104. +5 −2 src/httpauth.c
  105. +1 −1  src/libfs.c
  106. +1 −1  src/libip.c
  107. +162 −57 src/libssl.c
  108. +7 −5 src/libssl.h
  109. +35 −67 src/libstr.c
  110. +1 −1  src/libstr.h
  111. +6 −3 src/log.c
  112. +1 −1  src/log.h
  113. +1 −1  src/mimetype.c
  114. +1 −1  src/monitor.c
  115. +1 −1  src/php-fcgi.c
  116. +19 −2 src/rproxy.c
  117. +4 −3 src/rproxy.h
  118. +2 −2 src/send.c
  119. +51 −35 src/serverconfig.c
  120. +11 −6 src/serverconfig.h
  121. +4 −1 src/session.c
  122. +2 −1  src/session.h
  123. +34 −6 src/target.c
  124. +36 −32 src/toolkit.c
  125. +3 −3 src/toolkit.h
  126. +8 −3 src/wigwam.c
  127. +4 −0 src/xslt.c
View
56 CMakeFiles.txt
@@ -19,42 +19,42 @@ set(hiawatha_src
src/httpauth.c
src/libfs.c
src/libip.c
- src/liblist.c
- src/libssl.c
- src/libstr.c
- src/log.c
- src/mimetype.c
- src/monitor.c
+ src/liblist.c
+ src/libssl.c
+ src/libstr.c
+ src/log.c
+ src/mimetype.c
+ src/monitor.c
src/rproxy.c
- src/send.c
- src/serverconfig.c
- src/session.c
- src/target.c
+ src/send.c
+ src/serverconfig.c
+ src/session.c
+ src/target.c
src/tomahawk.c
- src/toolkit.c
- src/userconfig.c
- src/xslt.c
+ src/toolkit.c
+ src/userconfig.c
+ src/xslt.c
)
if(NOT ENABLE_SSL)
- set(hiawatha_src ${hiawatha_src} polarssl/library/md5.c)
+ set(hiawatha_src ${hiawatha_src} polarssl/library/base64.c polarssl/library/md5.c)
endif()
# php-fcgi sources
set(php_fcgi_src
- src/alternative.c
- src/libip.c
- src/liblist.c
- src/libstr.c
- src/php-fcgi.c
- src/userconfig.c
+ src/alternative.c
+ src/libip.c
+ src/liblist.c
+ src/libstr.c
+ src/php-fcgi.c
+ src/userconfig.c
)
# ssi-cgi sources
set(ssi_cgi_src
- src/alternative.c
+ src/alternative.c
src/libfs.c
- src/libip.c
- src/liblist.c
+ src/libip.c
+ src/liblist.c
src/libstr.c
src/ssi-cgi.c
)
@@ -62,13 +62,13 @@ set(ssi_cgi_src
# wigwam sources
set(wigwam_src
src/alternative.c
- src/libfs.c
+ src/libfs.c
src/libip.c
- src/libstr.c
- src/liblist.c
- src/toolkit.c
+ src/libstr.c
+ src/liblist.c
+ src/toolkit.c
src/wigwam.c
- polarssl/library/md5.c
+ polarssl/library/md5.c
)
# configuration files
View
14 CMakeLists.txt
@@ -1,9 +1,12 @@
cmake_minimum_required(VERSION 2.8.4)
project(Hiawatha C)
+# Compiler
+set(CMAKE_C_FLAGS "-Wall -Wextra")
+set(CMAKE_BUILD_TYPE "RelWithDebInfo")
+
# Options
option(ENABLE_CACHE "Enable cache support in Hiawatha." on)
-option(ENABLE_CHROOT "Enable chroot support in Hiawatha." off)
option(ENABLE_DEBUG "Enable debug information (for development only)." off)
option(ENABLE_IPV6 "Enable IPv6 support in Hiawatha." on)
option(ENABLE_MONITOR "Enable support for the Hiawatha Monitor." off)
@@ -26,7 +29,7 @@ include(cmake/CopyIfNotExists.cmake)
# Settings
set(HIAWATHA_VERSION_MAJOR 8)
-set(HIAWATHA_VERSION_MINOR 5)
+set(HIAWATHA_VERSION_MINOR 6)
set(HIAWATHA_VERSION_PATCH 0)
string(TOLOWER ${CMAKE_PROJECT_NAME} PROJECT_NAME)
if(${HIAWATHA_VERSION_PATCH} EQUAL 0)
@@ -42,10 +45,8 @@ set(LOG_DIR ${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/log/hiawatha CACHE STRING "Log d
set(PID_DIR ${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/run CACHE STRING "PID directory")
set(WEBROOT_DIR ${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/www/hiawatha CACHE STRING "Webroot directory")
set(WORK_DIR ${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/hiawatha CACHE STRING "Work directory")
-set(CMAKE_BUILD_TYPE "RelWithDebInfo")
-set(CMAKE_C_FLAGS "-Wall -Wextra")
-# Compiler options
+# Compiler directives
check_include_file(crypt.h HAVE_CRYPT_H)
check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
check_include_files("sys/types.h;netinet/in.h" HAVE_NETINET_IN_H)
@@ -132,9 +133,6 @@ install(TARGETS hiawatha php-fcgi wigwam DESTINATION ${CMAKE_INSTALL_SBINDIR})
install(TARGETS cgi-wrapper DESTINATION ${CMAKE_INSTALL_SBINDIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE SETUID)
install(TARGETS ssi-cgi DESTINATION ${CMAKE_INSTALL_BINDIR})
-if(ENABLE_CHROOT)
- install(PROGRAMS extra/newroot DESTINATION ${CMAKE_INSTALL_SBINDIR})
-endif()
foreach(configfile ${config_files})
install(CODE "copy_if_not_exists(\"${CMAKE_SOURCE_DIR}/${configfile}\" \"${CONFIG_DIR}\")")
View
29 ChangeLog
@@ -1,3 +1,16 @@
+hiawatha (8.6) stable; urgency=low
+
+ * PolarSSL updated to version 1.2. Added support for TLS 1.2 and
+ secure renegotiation.
+ * Added support for Server Name Indication.
+ * MinSSLversion option added.
+ * ServerRoot option removed.
+ * Improved MacOS X package building script.
+ * Marked php-fcgi as deprecated. Use php-fpm instead.
+ * Small bugfixes and improvements.
+
+ -- Hugo Leisink <hugo@leisink.net> Wed, 31 Oct 2012 19:10:32 +0100
+
hiawatha (8.5) stable; urgency=low
* Improved Reverse Proxy.
@@ -7,9 +20,9 @@ hiawatha (8.5) stable; urgency=low
authentication but user not in right group.
* Small improvements.
* Bugfix: replaced select() with poll() to prevent crashes in case of
- large amount of simultaneous connections.
+ large amount of simultaneous connections. Thanks to Peter Bex.
- -- Hugo Leisink <hugo@leisink.net> Mon, 3 Sep 2012 19:39:12 +0200
+ -- Hugo Leisink <hugo@leisink.net> Sun, 9 Sep 2012 11:39:12 +0200
hiawatha (8.4) stable; urgency=low
@@ -36,7 +49,7 @@ hiawatha (8.3) stable; urgency=low
* ReverseProxy option added.
* PolarSSL updated to version 1.1.3.
-
+
-- Hugo Leisink <hugo@leisink.net> Wed, 23 May 2012 18:11:56 +0200
hiawatha (8.2) stable; urgency=low
@@ -139,7 +152,7 @@ hiawatha (7.4) stable; urgency=medium
* Bugfix: usage of HideProxy caused Hiawatha to refuse new connections
after ConnectionsTotal connections.
* Bugfix: memory leak in XSLT module.
-
+
-- Hugo Leisink <hugo@leisink.net> Mon, 8 Nov 2010 20:58:54 +0100
hiawatha (7.3) stable; urgency=low
@@ -448,7 +461,7 @@ hiawatha (5.10) stable; urgency=low
* Improved CGI support for Windows version (Cygwin).
* Throttle configuration merged into httpd.conf.
* EnablePathInfo option added.
- * Workaround for syntax-bug in php-fcgi.conf (comma in GIDs conflicts
+ * Workaround for syntax-bug in php-fcgi.conf (comma in GIDs conflicts
with comma before PHP configuration file).
* Improved ErrorHandler.
* Small improvements.
@@ -501,7 +514,7 @@ hiawatha (5.7) stable; urgency=medium
-- Hugo Leisink <hugo@leisink.net> Sun, 4 Mar 2007 08:43:28 +0100
hiawatha (5.6) stable; urgency=low
-
+
* Chrooted FastCGI server support.
* Configuration reading routine rewritten. Angle bracket sections
are no longer available. Only curly bracket sections can be used.
@@ -716,7 +729,7 @@ hiawatha (3.4) stable; urgency=low
* BSD autoconf errors fixed (Thanks to Sander Niemeijer).
-- Hugo Leisink <hugo@leisink.net> Sun, 23 Jan 2005 22:36:13 +0100
-
+
hiawatha (3.3) stable; urgency=low
* CGIhandler option added (PHPextension, PHPprogram and ExecutePHP options
@@ -940,7 +953,7 @@ hiawatha (1.6.1) stable; urgency=medium
-- Hugo Leisink <hugo@leisink.net> Tue, 26 Jan 2004 10:13:26 +0100
hiawatha (1.6) stable; urgency=low
-
+
* URL checked for special characters (%20 = ' ', etc).
* Remarks on every line in configuration file allowed.
* Added some MIME-types.
View
1  INSTALL
@@ -12,7 +12,6 @@ Use the following commands to compile and install Hiawatha. This will install Hi
The following options for cmake are available. Default value is in uppercase.
-DENABLE_CACHE=ON|off Enable internal cache support.
- -DENABLE_CHROOT=on|OFF Enable chroot support.
-DENABLE_DEBUG=on|OFF Enable debug information (for development only).
-DENABLE_IPV6=ON|off Enable IPv6 support.
-DENABLE_MONITOR=on|OFF Enable support for the Hiawatha Monitor.
View
1  config.h.in
@@ -17,7 +17,6 @@
/* Hiawatha modules
*/
#cmakedefine ENABLE_CACHE ${ENABLE_CACHE}
-#cmakedefine ENABLE_CHROOT ${ENABLE_CHROOT}
#cmakedefine ENABLE_DEBUG ${ENABLE_DEBUG}
#cmakedefine ENABLE_IPV6 ${ENABLE_IPV6}
#cmakedefine ENABLE_LOADCHECK ${ENABLE_LOADCHECK}
View
2  config/index.xslt
@@ -20,7 +20,7 @@
letter-spacing:5px;
}
- table.list {
+ table.list {
width:100%;
padding:20px;
border-spacing:0;
View
2  config/php-fcgi.conf.in
@@ -1,5 +1,7 @@
# PHP FastCGI configuration
+# !! Warning, this tool is deprecated. Use php-fpm instead.
+
# Path to PID-file.
# PidFile = <filename>
#
View
47 extra/config.h
@@ -1,47 +0,0 @@
-/* Directory settings
- */
-#define CONFIG_DIR "/etc/hiawatha"
-#define LOG_DIR "/var/log/hiawatha"
-#define PID_DIR "/var/run"
-#define SBIN_DIR "/usr/sbin"
-#define VERSION "8.5"
-#define WEBROOT_DIR "/var/www/hiawatha"
-#define WORK_DIR "/var/lib/hiawatha"
-
-/* Settings
- */
-#define _GNU_SOURCE 1
-/* #undef CYGWIN */
-/* #undef CIFS */
-
-/* Hiawatha modules
- */
-#define ENABLE_CACHE ON
-/* #undef ENABLE_CHROOT */
-/* #undef ENABLE_DEBUG */
-#define ENABLE_IPV6 ON
-#define ENABLE_LOADCHECK ON
-#define ENABLE_MONITOR on
-#define ENABLE_RPROXY ON
-#define ENABLE_SSL ON
-#define ENABLE_TOMAHAWK on
-#define ENABLE_TOOLKIT ON
-#define ENABLE_XSLT ON
-
-/* Includes
- */
-#define HAVE_CRYPT_H 1
-#define HAVE_ARPA_INET_H 1
-#define HAVE_NETINET_IN_H 1
-#define HAVE_NETINET_TCP_H 1
-/* #undef HAVE_RPCSVC_CRYPT_H */
-
-/* Functions
- */
-#define HAVE_SETENV 1
-#define HAVE_UNSETENV 1
-#define HAVE_CLEARENV 1
-#define HAVE_STRCASECMP 1
-#define HAVE_STRNCASECMP 1
-/* #undef HAVE_STRNSTR */
-#define HAVE_STRCASESTR 1
View
2  extra/debian/copyright
@@ -1,5 +1,5 @@
Hiawatha is written by Hugo Leisink <hugo@hiawatha-webserver.org>.
-
+
It was downloaded from: http://www.hiawatha-webserver.org/
Copyright (C) 2012 Hugo Leisink <hugo@leisink.net>
View
2  extra/debian/hiawatha.dsc
@@ -2,7 +2,7 @@ Format: 3.0 (native)
Source: hiawatha
Binary: hiawatha
Architecture: any
-Version: <VERSION>
+Version: <VERSION>
Maintainer: Hugo Leisink <hugo@leisink.net>
Homepage: http://www.hiawatha-webserver.org/
Standards-Version: 3.6.2
View
2  extra/debian/init.d/hiawatha
@@ -69,7 +69,7 @@ function stop_hiawatha {
rm -f ${PIDFILE}
echo -e "Hiawatha${NORMAL}"
- else
+ else
echo -e "${YELLOW}Hiawatha is not running${NORMAL}"
fi
}
View
2  extra/debian/init.d/php-fcgi
@@ -44,7 +44,7 @@ function stop_php_fcgi {
echo -en "Stopping FastCGI server: "${GREEN}
${PHP_FCGI} -q -k
echo -e "PHP"${NORMAL}
- else
+ else
echo -e ${YELLOW}"FastCGI server is not running"${NORMAL}
fi
}
View
57 extra/index.html
@@ -1,48 +1,35 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
+
<head>
-<base href="http://www.hiawatha-webserver.org/" />
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<base href="http://www.hiawatha-webserver.org/">
<title>Hiawatha webserver</title>
-<link rel="stylesheet" type="text/css" href="/css/includes/layout_hiawatha.css" title="Hiawatha webserver" />
+<style type="text/css">
+ body { background-color:#d0d0d0; font-family:sans-serif; }
+ div.box { background-color:#f8f8f8; width:675px; margin:20px auto 50px; padding:50px; border-radius:10px; border:1px solid #808080; box-shadow:8px 15px 20px #404040 }
+ img.logo { float:right; margin:-10px 0 0 30px }
+ h1 { margin:0; font-size:24px }
+ h2 { margin-top:40px; font-size:20px; font-weight:normal; border-bottom:1px solid #ff9040 }
+ p { font-size:14px }
+ a { color:#6060d0; text-decoration:none }
+ a:hover { text-decoration:underline }
+</style>
</head>
<body>
-<div class="header">
- <div class="wrapper">
- <div class="menu"><ul>
- <li><a href="/about">About</a></li>
- <li><a href="/support">Support</a></li>
- <li><a href="/weblog">Weblog</a></li>
- </ul></div>
- </div>
-</div>
+<div class="box">
+ <img src="/logo.png" class="logo" alt="Hiawatha webserver logo">
-<div class="title">
- <div class="wrapper">
- </div>
-</div>
+ <h1>Installation successful</h1>
+ <p>Congratulations! The Hiawatha webserver has successfully been installed on this computer. For more information about this webserver, visit the <a href="/">Hiawatha website</a>.</p>
+ <p>Please, give some feedback about your Hiawatha experiences at the <a href="/forum">Hiawatha forum</a>.</p>
-<div class="page">
- <div class="wrapper">
- <div class="content">
- <img src="/logo.png" class="logo" alt="Hiawatha webserver logo" />
- <h1>Installation successful</h1>
- <p>Congratulations! The Hiawatha webserver has successfully been installed on this computer. For more information about this webserver, visit the <a href="/">Hiawatha website</a>.</p>
- <p>Please, give some feedback about your Hiawatha experiences at the <a href="/forum">Hiawatha forum</a>.</p>
- <h2>Hiawatha Monitor</h2>
- <p>Use the <a href="/monitor">Hiawatha Monitor</a> to keep track of all your websites served by Hiawatha.</p>
- <h2>Banshee PHP framework</h2>
- <p>About to create a new website? Use the <a href="http://www.banshee-php.org/">Banshee PHP framework</a> for improved website security.</p>
- </div>
-
- <br clear="both" />
- </div>
-</div>
+ <h2>Hiawatha Monitor</h2>
+ <p>Use the <a href="/monitor">Hiawatha Monitor</a> to keep track of all your websites served by Hiawatha.</p>
-<div class="footer">
- <div class="wrapper">
- <div class="copyright">Copyright &#169; by Hugo Leisink. All rights reserved.<br />Built upon the <a href="http://www.banshee-php.org/" target="_blank">Banshee PHP framework</a>.</div>
- </div>
+ <h2>Banshee PHP framework</h2>
+ <p>About to create a new website? Use the <a href="http://www.banshee-php.org/">Banshee PHP framework</a> for improved website security.</p>
</div>
</body>
View
4 extra/macosx/Conclusion.txt
@@ -0,0 +1,4 @@
+For information about how to configure and use the Hiawatha webserver, type 'man hiawatha' in a Terminal window or visit http://www.hiawatha-webserver.org/
+
+Thanks for using my software. Hope you enjoy it!
+- Hugo Leisink
View
21 extra/macosx/Distribution.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<installer-gui-script minSpecVersion="1">
+ <title>Hiawatha webserver</title>
+ <background file="hiawatha_logo.png" mime-type="image/png" alignment="bottomleft" />
+ <welcome file="Welcome.txt" mime-type="text/plain" />
+ <license file="License.txt" mime-type="text/plain" />
+ <conclusion file="Conclusion.txt" mime-type="text/plain" />
+
+ <pkg-ref id="org.hiawatha-webserver.httpd" />
+ <options customize="never" require-scripts="false" />
+ <choices-outline>
+ <line choice="default">
+ <line choice="org.hiawatha-webserver.httpd" />
+ </line>
+ </choices-outline>
+ <choice id="default" />
+ <choice id="org.hiawatha-webserver.httpd" visible="false">
+ <pkg-ref id="org.hiawatha-webserver.httpd" />
+ </choice>
+ <pkg-ref id="org.hiawatha-webserver.httpd" version="8.5" onConclusion="none">hiawatha.pkg</pkg-ref>
+</installer-gui-script>
View
1  extra/macosx/Introduction.txt
@@ -1 +0,0 @@
-Welcome to the Hiawatha webserver installer. You will be guided through the steps necessary to install this software.
View
3  extra/macosx/Readme.txt
@@ -1,3 +0,0 @@
-Hiawatha is an advanced and secure webserver for Unix.
-
-After the installation, see the hiawatha(1) manualpage for information about how to configure and use the Hiawatha webserver.
View
3  extra/macosx/Welcome.txt
@@ -0,0 +1,3 @@
+This will install the Hiawatha webserver on your computer in the directory /usr/local.
+
+You will be guided through the steps necessary to install this software.
View
1  extra/macosx/hiawatha.pmdoc/01root-contents.xml
@@ -1 +0,0 @@
-<pkg-contents spec="1.12"><f n="root" o="root" g="wheel" p="16877" pt="{BASEDIR}/build/root" m="false" t="file"><f n="etc" o="root" g="wheel" p="16877"><f n="hiawatha" o="root" g="wheel" p="16877"><f n="cgi-wrapper.conf" o="root" g="wheel" p="33188"/><f n="hiawatha.conf" o="root" g="wheel" p="33188"/><f n="index.xslt" o="root" g="wheel" p="33188"/><f n="mimetype.conf" o="root" g="wheel" p="33188"/><f n="php-fcgi.conf" o="root" g="wheel" p="33188"/><mod>group</mod><mod>owner</mod></f></f><f n="Library" o="root" g="admin" p="17405"><f n="LaunchDaemons" o="root" g="wheel" p="16877"><f n="org.hiawatha-webserver.httpd.plist" o="root" g="wheel" p="33261"/></f><f n="PreferencePanes" o="root" g="wheel" p="16877"><f n="HiawathaWebserver.prefPane" o="root" g="wheel" p="16877"><f n="Contents" o="root" g="wheel" p="16877"><f n="Info.plist" o="root" g="wheel" p="33188"/><f n="MacOS" o="root" g="wheel" p="16877"><f n="HiawathaWebserver" o="root" g="wheel" p="33261"/></f><f n="Resources" o="root" g="wheel" p="16877"><f n="English.lproj" o="root" g="wheel" p="16877"><f n="HiawathaWebserverPref.nib" o="root" g="wheel" p="33188"/><f n="InfoPlist.strings" o="root" g="wheel" p="33188"/></f><f n="hiawatha_logo.png" o="root" g="wheel" p="33188"/><f n="HiawathaWebserverPref.tiff" o="root" g="wheel" p="33188"/></f></f></f></f></f><f n="share" o="root" g="admin" p="16877"><f n="man" o="root" g="admin" p="16877"><f n="man1" o="root" g="admin" p="16877"><f n="cgi-wrapper.1" o="hugo" g="staff" p="33188"/><f n="hiawatha.1" o="hugo" g="staff" p="33188"/><f n="php-fcgi.1" o="hugo" g="staff" p="33188"/><f n="ssi-cgi.1" o="hugo" g="staff" p="33188"/><f n="wigwam.1" o="hugo" g="staff" p="33188"/></f></f></f><f n="usr" o="root" g="wheel" p="16877"><f n="bin" o="root" g="wheel" p="16877"><f n="ssi-cgi" o="root" g="wheel" p="33261"/></f><f n="lib" o="root" g="wheel" p="16877"><f n="hiawatha" o="root" g="wheel" p="16877"><f n="libpolarssl.1.1.0.dylib" o="root" g="wheel" p="33261"/><f n="libpolarssl.1.dylib" o="root" g="wheel" p="33261"/><f n="libpolarssl.dylib" o="root" g="wheel" p="33261"/></f></f><f n="sbin" o="root" g="wheel" p="16877"><f n="cgi-wrapper" o="root" g="wheel" p="35309"/><f n="hiawatha" o="root" g="wheel" p="33261"/><f n="php-fcgi" o="root" g="wheel" p="33261"/><f n="wigwam" o="root" g="wheel" p="33261"/></f></f><f n="var" o="root" g="wheel" p="16877"><f n="www" o="root" g="wheel" p="16877"><f n="hiawatha" o="root" g="wheel" p="16877"><f n="index.html" o="root" g="wheel" p="33188"/></f></f></f><mod>group</mod><mod>owner</mod></f></pkg-contents>
View
1  extra/macosx/hiawatha.pmdoc/01root.xml
@@ -1 +0,0 @@
-<pkgref spec="1.12" uuid="24BB8EDA-5541-4D4D-8892-71A6B169DB29"><config><identifier>Hiawatha</identifier><version>{VERSION}</version><description></description><post-install type="none"/><requireAuthorization/><installFrom relative="true" mod="true">{BASEDIR}/build/root</installFrom><installTo relocatable="true">/</installTo><flags><followSymbolicLinks/><discardResourceForks/></flags><packageStore type="internal"></packageStore><mod>installTo</mod><mod>relocatable</mod><mod>installFrom.path</mod><mod>identifier</mod><mod>parent</mod><mod>version</mod><mod>installFrom.isRelativeType</mod></config><contents><file-list>01root-contents.xml</file-list><component id="com.yourcompany.prefpanel" path="{BASEDIR}/build/root/Library/PreferencePanes/HiawathaWebserver.prefPane" version="1.0"/><filter>/CVS$</filter><filter>/\.svn$</filter><filter>/\.cvsignore$</filter><filter>/\.cvspass$</filter><filter>/\.DS_Store$</filter></contents></pkgref>
View
BIN  extra/macosx/hiawatha.pmdoc/hiawatha_logo.png
Deleted file not rendered
View
1  extra/macosx/hiawatha.pmdoc/index.xml
@@ -1 +0,0 @@
-<pkmkdoc spec="1.12"><properties><title>Hiawatha</title><build>{BASEDIR}/hiawatha-{VERSION}.mpkg</build><organization>org.leisink.projects</organization><userSees ui="both"/><min-target os="2"/><domain anywhere="true"/></properties><distribution><versions min-spec="1.000000"/><scripts></scripts></distribution><description>An advanced and secure webserver</description><contents><choice title="root" id="choice0" starts_selected="true" starts_enabled="true" starts_hidden="false"><pkgref id="Hiawatha"/></choice></contents><resources bg-scale="none" bg-align="bottomleft"><locale lang="en"><resource mod="true" type="background">{BASEDIR}/extra/macosx/hiawatha_logo.png</resource><resource type="license">{BASEDIR}/extra/macosx/License.txt</resource><resource type="readme">{BASEDIR}/extra/macosx/Readme.txt</resource><resource type="welcome">{BASEDIR}/extra/macosx/Introduction.txt</resource></locale></resources><flags/><item type="file">01root.xml</item><mod>properties.customizeOption</mod><mod>properties.systemDomain</mod></pkmkdoc>
View
2  extra/make_debian_package
@@ -8,7 +8,7 @@ fi
# Checking for packages required for building a Debian package
#
echo "-- Checking for required packages"
-packages="gcc libc6-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev zlib1g-dev"
+packages="make gcc libc6-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev zlib1g-dev"
missing=""
for package in ${packages}; do
installed=`dpkg -l ${package} | tail -1 | cut -b1-2`
View
21 extra/make_macosx_package
@@ -8,7 +8,7 @@ fi
# Checking for tools required for building a MacOS X package
#
echo "-- Checking for required tools"
-tools="/usr/bin/gcc /Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker /usr/bin/hdiutil"
+tools="/usr/bin/gcc /usr/bin/pkgbuild /usr/bin/productbuild /usr/bin/hdiutil"
missing=""
for tool in ${tools}; do
if [ ! -f ${tool} ]; then
@@ -23,7 +23,6 @@ fi
# Setup build directory
#
cd `dirname $0`/..
-pwd=`pwd | awk '{gsub(/\//,"\\\\/");print}'`
if [ -d build ]; then
rm -rf build
fi
@@ -44,23 +43,11 @@ cp -r ../extra/macosx/HiawathaWebserver.prefPane root/Library/PreferencePanes
mkdir -p root/Library/LaunchDaemons
cp ../extra/macosx/org.hiawatha-webserver.httpd.plist root/Library/LaunchDaemons
-if [ -d hiawatha.pmdoc ]; then
- rm -rf hiawatha.pmdoc
-fi
-mkdir hiawatha.pmdoc
-cp ../extra/macosx/hiawatha.pmdoc/*.png hiawatha.pmdoc
-version=`grep VERSION config.h | cut -f2 -d'"'`
-for file in `ls ../extra/macosx/hiawatha.pmdoc/*.xml`; do
- file=`basename ${file}`
- cat ../extra/macosx/hiawatha.pmdoc/${file} | \
- sed s/\{BASEDIR\}/${pwd}/g | \
- sed s/\{VERSION\}/${version}/g > \
- hiawatha.pmdoc/${file}
-done
echo "-- Building package"
cp -r ../extra/macosx/diskimage .
-/Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker \
- --doc hiawatha.pmdoc --out diskimage/hiawatha-${version}.pkg
+version=`grep VERSION config.h | cut -f2 -d'"'`
+pkgbuild --root root --version ${version} --identifier org.hiawatha-webserver.httpd hiawatha.pkg
+productbuild --distribution ../extra/macosx/Distribution.xml --resources ../extra/macosx diskimage/hiawatha-${version}.pkg
echo "-- Buiding disk image"
hdiutil create ../"Hiawatha ${version}".dmg -srcfolder diskimage -volname "Hiawatha ${version}" -ov
View
4 extra/make_windows_package
@@ -8,7 +8,7 @@ fi
# Checking for tools required for building a Windows package
#
echo "-- Checking for required tools"
-tools="/usr/bin/cat /usr/bin/gcc /usr/bin/man /usr/bin/ps2pdf /usr/bin/unix2dos /usr/bin/zip"
+tools="/usr/bin/cmake /usr/bin/make /usr/bin/cat /usr/bin/gcc /usr/bin/man /usr/bin/ps2pdf /usr/bin/unix2dos /usr/bin/zip /usr/bin/cygrunsrv"
missing=""
for tool in ${tools}; do
if [ ! -f ${tool} ]; then
@@ -55,7 +55,7 @@ mkdir ${dir}/wwwroot
cp hiawatha.exe ${dir}/Hiawatha/bin
cp ssi-cgi.exe ${dir}/Hiawatha/bin
cp wigwam.exe ${dir}/Hiawatha/bin
-cp polarssl/library/cygpolarssl-1.dll ${dir}/Hiawatha/bin
+cp polarssl/library/cygpolarssl-2.dll ${dir}/Hiawatha/bin
strip ${dir}/Hiawatha/bin/*.exe
files="cygcrypt-0.dll cyggcc_s-1.dll cygrunsrv.exe cygiconv-2.dll cygwin1.dll cygxml2-2.dll cygxslt-1.dll cygz.dll"
View
4 man/cgi-wrapper.1.in
@@ -40,10 +40,6 @@ Using "CGIwrapId = some_id" and "Wrap = some_id;~hugo;hugo" is the same as using
Most of the parameters in cgi-wrapper.conf are already present in hiawatha.conf. The reason why they have to be specified again and why they are not being passed on by Hiawatha, is that when Hiawatha has a vulnerability, because of a bug in an external library of course :), the CGI-wrapper can't be used to execute every program on the disk. So it is done for a security reason.
-.SH CHROOT
-Tip: use the 'newroot' utility to copy/link binaries, such as 'bash' or 'php-cgi', to a chroot directory.
-
-
.SH SEE ALSO
The CGI-wrapper is part of the Hiawatha webserver. See hiawatha(1) for more information about Hiawatha.
View
69 man/hiawatha.1.in
@@ -124,7 +124,7 @@ Size of Hiawatha's internal file cache. Maximum is 50 (megabytes).
Default = 10, example: CacheSize = 15
.br
-(requires that Hiawatha was not compiled with --disable-cache)
+(requires that Hiawatha was not compiled with -DENABLE_CACHE=off)
.TP
.B CacheMaxFilesize = <size in kilobytes>
Maximum size of a file Hiawatha will store in its internal cache.
@@ -132,7 +132,7 @@ Maximum size of a file Hiawatha will store in its internal cache.
Default = 256, example: CacheMaxFilesize = 128
.br
-(requires that Hiawatha was not compiled with --disable-cache)
+(requires that Hiawatha was not compiled with -DENABLE_CACHE=off)
.TP
.B CacheMinFilesize = <size in bytes>
Minimum size of a file Hiawatha will store in its internal cache.
@@ -140,7 +140,7 @@ Minimum size of a file Hiawatha will store in its internal cache.
Default = 1, example: CacheMaxFilesize = 512
.br
-(requires that Hiawatha was not compiled with --disable-cache)
+(requires that Hiawatha was not compiled with -DENABLE_CACHE=off)
.TP
.B CGIextension = <extension>[, <extension>, ...]
Default extension of a CGI program.
@@ -222,6 +222,11 @@ The location of the mimetype configurationfile. It the path is omitted, Hiawatha
.br
Default = mimetype.conf, example: MimetypeConfig = /etc/mime.types
.TP
+.B MinSSLversion = SSL3.0|TLS1.0|TLS1.1|TLS1.2
+Specify the minimum SSL version Hiawatha accepts for HTTPS connections.
+.br
+Default = SSL3.0, Example: MinSSLversion = TLS1.1
+.TP
.B MonitorServer = <ip-address>
Specify the IP address of the monitor server. This enables logging of statistical information.
.br
@@ -264,14 +269,6 @@ The userid and groupid(s) the server will change to. If only a userid is specifi
.br
Default = 65534:65534, example: ServerId = www-data
.TP
-.B ServerRoot = <directory>
-Rootdirectory for the webserver. Hiawatha will chroot() to this directory after reading the configurationfile and writing the PID file. Cannot be used in combination with UserWebsites. Only use this option when you know what you are doing!
-.br
-Example: ServerRoot = /var/www
-.br
-
-(requires that Hiawatha was compiled with -DENABLE_CHROOT=on)
-.TP
.B ServerString = <text>
The text behind 'Server:' in the HTTP header of a response. Use 'none' to completely remove the Server string from the HTTP header.
@@ -295,8 +292,8 @@ Example: Throttle = audio/mpeg:30
.br
Throttle = .mp:50
.TP
-.B Tomahawk = <portnumber>, <MD5 hash of password>
-The port and the password for Tomahawk. You can use telnet to connect to Tomahawk (localhost:<portnumber>). Once connected to Tomahawk, type 'help' for more information.
+.B Tomahawk = <port number>, <MD5 hash of password>
+The port and the password for Tomahawk. You can use telnet to connect to Tomahawk (localhost:<port number>). Once connected to Tomahawk, type 'help' for more information.
.br
Example: Tomahawk = 81,41d0c72bd73afaa2c207064d81d5a3d9
.br
@@ -325,10 +322,10 @@ Default = no, example: WrapUserCGI = yes
.\" ==========[ Binding configuration ]========================================
.SH BINDING CONFIGURATION
-A binding is where a client connects to (a port opened on an interface).
+A binding is where a client can connect to (a port on a network interface).
.TP
.B BindingId = <binding_id>
-The binding ID can be used to bind a virtual host to an interface (see RequiredBinding for more information).
+The binding ID can be used to hook a virtual host to a binding (see RequiredBinding for more information).
.br
Example: BindingId = LAN
.TP
@@ -342,8 +339,8 @@ Enable the TRACE HTTP request method for this binding.
.br
Default = no, example: EnableTRACE = yes
.TP
-.B Interface = <ip-address>
-The address of an interface that must be binded.
+.B Interface = <IP address>
+The IP address of the interface that must be binded.
.br
Default = 0.0.0.0 (IPv4), example: Interface = 192.168.0.1
.TP
@@ -362,8 +359,8 @@ The maximum size of a PUT request entity in megabytes the webserver is allowed t
.br
Default = 1, example: MaxUploadSize = 15
.TP
-.B Port = <portnumber>
-The portnumber that will be used for the binding. This is a required option.
+.B Port = <port number>
+The port number that will be used for the binding. This is a required option.
.br
Example: Port = 80
.TP
@@ -373,7 +370,7 @@ Use the CA certificates in this file to authenticate users. Users without a cert
Example: RequiredCA = /etc/ssl/cacert.pem, /etc/ssl/cacrl.pem
.br
-(requires that Hiawatha was not compiled with --disable-ssl)
+(requires that Hiawatha was not compiled with -DENABLE_SSL=off)
.TP
.B SSLcertFile = <SSL private key and certificate file>
Encrypt the connections of the current binding with the SSL private key and certificate in the specified file. Intermediate certificates also go in this file. Make sure the order matches the SSL chain order: host certificate first, CA certificate last.
@@ -381,7 +378,7 @@ Encrypt the connections of the current binding with the SSL private key and cert
Example: SSLcertFile = my_domain.pem
.br
-(requires that Hiawatha was not compiled with --disable-ssl)
+(requires that Hiawatha was not compiled with -DENABLE_SSL=off)
.TP
.B TimeForRequest = [<time1>, ]<time2>
Maximum time in seconds for a client to send its HTTP request. time1 is for the first request, time2 is for the following requests (Keep-Alive time). If time2 is omitted, time1 is used for all requests.
@@ -493,7 +490,7 @@ If the requested file has no extension, treat it as if the extension was equal t
Example: NoExtension = cgi
.TP
.B PasswordFile = ((basic|digest):<passwordfile>)|none[,<groupfile>]
-File which contains the username and password necessary to access this directory. You can create or updated this file with htpasswd(1). The format of the lines in the passwordfile for Basic HTTP authentication is:
+File which contains the username and password necessary to access this directory. You can create or updated this file with wigwam(1). The format of the lines in the passwordfile for Basic HTTP authentication is:
.br
<username>:<password encrypted with crypt(3)>[:user defined fields: ...]
.br
@@ -523,10 +520,13 @@ Prevent cross-site scripting via the URL by replacing a less-then, greater-then,
Default = no, example: PreventXSS = yes
.TP
.B RequiredBinding = <binding_id>[, <binding_id>, ...]
-Bind a virtual host to one or more interfaces (see chapter BINDING CONFIGURATION for more information). The virtual host can now only be reached via the binded interfaces.
+By default, a virtual host can be visited via all bindings. Via this opion, you can specify via which bindings a virtual host can be visited (see chapter BINDING CONFIGURATION for more information).
.br
Example: RequiredBinding = LAN
.TP
+.B RequiredCA = ...
+Use this option if you want to make use of the SNI capabilities of Hiawatha. See the RequiredCA option in the BINDING CONFIGURATION chapter for more information.
+.TP
.B RequiredGroup = <groupname>[, <groupname>, ...]
The <groupname> is the name of the group a user must be a member of to have access (see PasswordFile for more information).
.br
@@ -538,7 +538,7 @@ Specify that a domain must be visited with a SSL connection. If it is visited vi
Default = no, example: RequireSSL = yes
.br
-(requires that Hiawatha was not compiled with --disable-ssl)
+(requires that Hiawatha was not compiled with -DENABLE_SSL=off)
.TP
.B ReverseProxy <pattern> http[s]://<hostname>[:<port>][/<path>]
Forward the request with URLs that match the regular expression <pattern> to another webserver, where <path> is placed before the original URL. Note that the reverse proxy selection comes before the URL toolkit handling. When <hostname> is an IP address, the value of the Host HTTP header is unchanged. Otherwise, it is replaced with the value of <hostname>.
@@ -561,7 +561,10 @@ Return a directory listing in HTML format for a directory request when the start
Default = no, example: ShowIndex = /etc/hiawatha/index.xslt
.br
-(requires that Hiawatha was not compiled with --disable-xslt)
+(requires that Hiawatha was not compiled with -DENABLE_XSLT=off)
+.TP
+.B SSLcertFile = ...
+Use this option if you want to make use of the SNI capabilities of Hiawatha. See the SSLcertFile option in the BINDING CONFIGURATION chapter for more information.
.TP
.B StartFile = <filename>
The file which will be send to the browser when a directory is requested.
@@ -593,7 +596,7 @@ Perform special operations, like rewriting via regular expressions, on the URL (
.br
Example: UseToolkit = my_toolkit
-(requires that Hiawatha was not compiled with --disable-toolkit)
+(requires that Hiawatha was not compiled with -DENABLE_TOOLKIT=off)
.TP
.B UseXSLT = yes|no
Activate XSL transformations (see chapter XSLT for more information).
@@ -601,7 +604,7 @@ Activate XSL transformations (see chapter XSLT for more information).
Default = no, example: UseXSLT = yes
.br
-(requires that Hiawatha was not compiled with --disable-xslt)
+(requires that Hiawatha was not compiled with -DENABLE_XSLT=off)
.TP
.B VolatileObject = <filename with full path>
This file will be completely read into the memory before it is send. Because of this, the file can not be greater than 1MB. Use this option for files that change rapidly, such as webcam pictures.
@@ -693,7 +696,7 @@ and
.SH FASTCGI CONFIGURATION
This chapter explains how to use one or more FastCGI servers. Use the 'php-fcgi' tool to start PHP as a FastCGI daemon.
.TP
-.B ConnectTo = <ip-address>:<portnumber>|<path>[, <ip-address>:<portnumber>|<path>, ...]
+.B ConnectTo = <ip-address>:<port number>|<path>[, <ip-address>:<port number>|<path>, ...]
The IP-address and TCP port or UNIX socket Hiawatha must connect to to reach the FastCGI server.
.br
Example: ConnectTo = 127.0.0.1:2004 (IPv4)
@@ -722,7 +725,7 @@ Default = 15, example: SessionTimeout = 30
.\" ==========[ URL toolkit configuration ]====================================
.SH URL TOOLKIT
-How to use the URL toolkit is explained in this chapter. To use URL toolkits, Hiawatha should not have been compiled with --disable-toolkit.
+How to use the URL toolkit is explained in this chapter. To use URL toolkits, Hiawatha should not have been compiled with -DENABLE_TOOLKIT=off.
.TP
.B Call <toolkit_id>
Execute toolkit section <toolkit_id> and continue in the current section.
@@ -826,7 +829,7 @@ Perform an action when the client is connection via a SSL secured connection.
.br
.B Skip <lines>
.br
-
+ Skip the next following <number> lines (ToolkitId excluded).
.TP
The original URL is stored in the environment variable SCRIPT_URL. Before using URL toolkit rules, use the tool 'wigwam' to verify the result of your rules (see wigwam(1) for more information).
@@ -871,7 +874,7 @@ If a XML file is requested, Hiawatha can do a XSL transformation when a XSLT she
.\" ==========[ CGI cache ]====================================================
.SH CGI OUTPUT CACHE
-Hiawatha can cache the output of CGI applications. When and for how long is determined by the application itself. It can use the following CGI headers to control the caching of its output. This feature requires that Hiawatha was not compiled with --disable-cache.
+Hiawatha can cache the output of CGI applications. When and for how long is determined by the application itself. It can use the following CGI headers to control the caching of its output. This feature requires that Hiawatha was not compiled with -DENABLE_CACHE=off.
.TP
.B X-Hiawatha-Cache: <seconds>
.br
@@ -931,7 +934,7 @@ Specify the mimetypes of files in /etc/hiawatha/mimetypes.conf.
Example: image/jpeg jpg jpeg jpe
.SH EXTRA
-.TP
+.TP
.B gzip Content-Encoding support
Hiawatha has gzip Content-Encoding support is a unique way. Other webservers with gzip Content-Encoding support will compress a file everytime this file is requested, over and over again. Compression is only usefull for large files. Since most of the large files on a website are JPEG files and JPEG files are hard to compress, most of the compression done by such webservers is a waste of CPU power.
@@ -949,7 +952,7 @@ Close all open logfiles.
Unban all IP addresses.
.TP
.B USR2
-Clear the internal cache (requires that Hiawatha was not compiled with --disable-cache).
+Clear the internal cache (requires that Hiawatha was not compiled with -DENABLE_CACHE=off).
.SH FILES
.B /usr/sbin/hiawatha
View
3  man/php-fcgi.1.in
@@ -6,6 +6,9 @@
.SH NAME
php-fcgi - start PHP as FastCGI daemon
+.br
+Warning, this tool is deprecated. Use php-fpm instead.
+
.SH SYNOPSIS
.B php-fcgi
View
2  man/ssi-cgi.1
@@ -19,7 +19,7 @@ SSI parser which works like a CGI application.
.SH SSI COMMANDS
-SSI commands have the following format: <!--#command parameter="value"-->. This chapter shows all the available SSI commands and their parameters in ssi-cgi.
+SSI commands have the following format: <!--#command parameter="value"-->. This chapter shows all the available SSI commands and their parameters in ssi-cgi.
.TP
.B config
Use the config command to control the output.
View
6 man/wigwam.1
@@ -9,10 +9,14 @@ wigwam - check the Hiawatha webserver configuration for non-critical errors
.SH SYNOPSIS
.B wigwam
+-b <username>: create password file entry for basic HTTP authentication.
+.br
[-c <path>] [-h] [-t [<toolkit_id> ...]] [-q] [-v]
.br
-c path: path to where the configrationfiles are located.
.br
+-d <username> <realm>: create password file entry for digest HTTP authentication.
+.br
-h: show help and exit.
.br
-q: don't print the test results.
@@ -30,7 +34,7 @@ Wigwam is a configuration validation tool for the Hiawatha webserver. Use it to
With the option -t, you can use Wigwam to test your URL toolkit rules. When testing URL toolkit rules, you should only enter the part after the hostname in the URL. For example, if you want to test the URL "http://www.mydomain.com/index.php?key=value", you should enter "/index.php?key=value". A result shown as "old: <URL>" means nothing has been changed. When a toolkit rule has been applied, the result is shown as "new: <URL>".
.br
-To use URL toolkit testing, Hiawatha must have been compiled without --disable-toolkit. Use 'hiawatha -v' for compile information.
+To use URL toolkit testing, Hiawatha must no have been compiled with -DENABLE_TOOLKIT=off. Use 'hiawatha -v' for compile information.
.SH SEE ALSO
View
20 polarssl/CMakeLists.txt
@@ -4,9 +4,9 @@ project(POLARSSL C)
enable_testing()
if(CMAKE_COMPILER_IS_GNUCC)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -W -Wdeclaration-after-statement")
- set(CMAKE_C_FLAGS_DEBUG "-g -O0")
- set(CMAKE_C_FLAGS_COVERAGE "-g -O0 -fprofile-arcs -ftest-coverage -lgcov")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
+ set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
+ set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
@@ -17,6 +17,8 @@ endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
+option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
+
if(LIB_INSTALL_DIR)
else()
set(LIB_INSTALL_DIR lib)
@@ -24,8 +26,12 @@ endif()
include_directories(include/)
-add_subdirectory(library)
+if(ENABLE_ZLIB_SUPPORT)
+ find_package(ZLIB)
-ADD_CUSTOM_TARGET(apidoc
- COMMAND doxygen doxygen/polarssl.doxyfile
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+ if(ZLIB_FOUND)
+ include_directories(ZLIB_INCLUDE_DIR)
+ endif(ZLIB_FOUND)
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_subdirectory(library)
View
74 polarssl/ChangeLog
@@ -1,5 +1,79 @@
PolarSSL ChangeLog
+= Version 1.2.0 released 2012-10-31
+Features
+ * Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
+ ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
+ default!
+ * Added support for wildcard certificates
+ * Added support for multi-domain certificates through the X509 Subject
+ Alternative Name extension
+ * Added preliminary ASN.1 buffer writing support
+ * Added preliminary X509 Certificate Request writing support
+ * Added key_app_writer example application
+ * Added cert_req example application
+ * Added base Galois Counter Mode (GCM) for AES
+ * Added TLS 1.2 support (RFC 5246)
+ * Added GCM suites to TLS 1.2 (RFC 5288)
+ * Added commandline error code convertor (util/strerror)
+ * Added support for Hardware Acceleration hooking in SSL/TLS
+ * Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and
+ example application (programs/ssl/o_p_test) (requires OpenSSL)
+ * Added X509 CA Path support
+ * Added Thumb assembly optimizations
+ * Added DEFLATE compression support as per RFC3749 (requires zlib)
+ * Added blowfish algorithm (Generic and cipher layer)
+ * Added PKCS#5 PBKDF2 key derivation function
+ * Added Secure Renegotiation (RFC 5746)
+ * Added predefined DHM groups from RFC 5114
+ * Added simple SSL session cache implementation
+ * Added ServerName extension parsing (SNI) at server side
+ * Added option to add minimum accepted SSL/TLS protocol version
+
+Changes
+ * Removed redundant POLARSSL_DEBUG_MSG define
+ * AES code only check for Padlock once
+ * Fixed const-correctness mpi_get_bit()
+ * Documentation for mpi_lsb() and mpi_msb()
+ * Moved out_msg to out_hdr + 32 to support hardware acceleration
+ * Changed certificate verify behaviour to comply with RFC 6125 section 6.3
+ to not match CN if subjectAltName extension is present (Closes ticket #56)
+ * Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
+ POLARSSL_MODE_CFB, to also handle different block size CFB modes.
+ * Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
+ * Revamped session resumption handling
+ * Generalized external private key implementation handling (like PKCS#11)
+ in SSL/TLS
+ * Revamped x509_verify() and the SSL f_vrfy callback implementations
+ * Moved from unsigned long to fixed width uint32_t types throughout code
+ * Renamed ciphersuites naming scheme to IANA reserved names
+
+Bugfix
+ * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
+ Hui Dong)
+ * Fixed potential heap corruption in x509_name allocation
+ * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
+ * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
+ #52)
+ * Handle encryption with private key and decryption with public key as per
+ RFC 2313
+ * Handle empty certificate subject names
+ * Prevent reading over buffer boundaries on X509 certificate parsing
+ * mpi_add_abs() now correctly handles adding short numbers to long numbers
+ with carry rollover (found by Ruslan Yushchenko)
+ * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
+ * Fixed MPI assembly for SPARC64 platform
+
+Security
+ * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
+ Vanderbeken)
+
+= Version 1.1.4 released on 2012-05-31
+Bugfix
+ * Correctly handle empty SSL/TLS packets (Found by James Yonan)
+ * Fixed potential heap corruption in x509_name allocation
+ * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
+
= Version 1.1.3 released on 2012-04-29
Bugfix
* Fixed random MPI generation to not generate more size than requested.
View
11 polarssl/include/polarssl/aes.h
@@ -29,6 +29,13 @@
#include <string.h>
+#ifdef _MSC_VER
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
@@ -41,8 +48,8 @@
typedef struct
{
int nr; /*!< number of rounds */
- unsigned long *rk; /*!< AES round keys */
- unsigned long buf[68]; /*!< unaligned data */
+ uint32_t *rk; /*!< AES round keys */
+ uint32_t buf[68]; /*!< unaligned data */
}
aes_context;
View
14 polarssl/include/polarssl/asn1.h
@@ -47,12 +47,14 @@
* ASN1 is a standard to specify data structures.
* \{
*/
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 /**< Out of data when parsing an ASN1 data structure. */
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 /**< ASN1 tag was of an unexpected value. */
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Error when trying to determine the length or invalid length. */
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Actual length differs from expected length. */
-#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Data is invalid. (not used) */
-#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x001E /**< Memory allocation failed */
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */
+#define POLARSSL_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x006A /**< Memory allocation failed */
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */
+
/* \} name */
/**
View
46 polarssl/include/polarssl/asn1write.h
@@ -0,0 +1,46 @@
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ * Copyright (C) 2006-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_ASN1_WRITE_H
+#define POLARSSL_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define ASN1_CHK_ADD(g, f) if( ( ret = f ) < 0 ) return( ret ); else g += ret
+
+int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
+int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
+int asn1_write_null( unsigned char **p, unsigned char *start );
+int asn1_write_oid( unsigned char **p, unsigned char *start, char *oid );
+int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, char *algorithm_oid );
+int asn1_write_int( unsigned char **p, unsigned char *start, int val );
+int asn1_write_printable_string( unsigned char **p, unsigned char *start,
+ char *text );
+int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+ char *text );
+
+#endif /* POLARSSL_ASN1_WRITE_H */
View
99 polarssl/include/polarssl/bignum.h
@@ -32,6 +32,17 @@
#include "config.h"
+#ifdef _MSC_VER
+#include <basetsd.h>
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef UINT64 uint64_t;
+#else
+#include <inttypes.h>
+#endif
+
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */
@@ -61,7 +72,7 @@
/*
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits )
+ * ( Default: 512 bytes => 4096 bits, Maximum: 1024 bytes => 8192 bits )
*
* Note: Calculations can results temporarily in larger MPIs. So the number
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
@@ -70,14 +81,26 @@
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
/*
- * When reading from files with mpi_read_file() the buffer should have space
+ * When reading from files with mpi_read_file() and writing to files with
+ * mpi_write_file() the buffer should have space
* for a (short) label, the MPI (in the provided radix), the newline
* characters and the '\0'.
*
* By default we assume at least a 10 char label, a minimum radix of 10
* (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of POLARSSL_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ * POLARSSL_MPI_RW_BUFFER_SIZE = ceil(POLARSSL_MPI_MAX_BITS / ln(10) * ln(2)) +
+ * LabelSize + 6
*/
-#define POLARSSL_MPI_READ_BUFFER_SIZE 1250
+#define POLARSSL_MPI_MAX_BITS_SCALE100 ( 100 * POLARSSL_MPI_MAX_BITS )
+#define LN_2_DIV_LN_10_SCALE100 332
+#define POLARSSL_MPI_RW_BUFFER_SIZE ( ((POLARSSL_MPI_MAX_BITS_SCALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
/*
* Define the base integer type, architecture-wise
@@ -85,34 +108,45 @@
#if defined(POLARSSL_HAVE_INT8)
typedef signed char t_sint;
typedef unsigned char t_uint;
-typedef unsigned short t_udbl;
+typedef uint16_t t_udbl;
+#define POLARSSL_HAVE_UDBL
#else
#if defined(POLARSSL_HAVE_INT16)
-typedef signed short t_sint;
-typedef unsigned short t_uint;
-typedef unsigned long t_udbl;
+typedef int16_t t_sint;
+typedef uint16_t t_uint;
+typedef uint32_t t_udbl;
+#define POLARSSL_HAVE_UDBL
#else
- typedef signed long t_sint;
- typedef unsigned long t_uint;
- #if defined(_MSC_VER) && defined(_M_IX86)
- typedef unsigned __int64 t_udbl;
+ #if ( defined(__MSC_VER) && defined(_M_AMD64) )
+ typedef int64_t t_sint;
+ typedef uint64_t t_uint;
#else
- #if defined(__GNUC__) && ( \
- defined(__amd64__) || defined(__x86_64__) || \
- defined(__ppc64__) || defined(__powerpc64__) || \
- defined(__ia64__) || defined(__alpha__) || \
- (defined(__sparc__) && defined(__arch64__)) || \
- defined(__s390x__) )
- typedef unsigned int t_udbl __attribute__((mode(TI)));
- #define POLARSSL_HAVE_LONGLONG
+ #if ( defined(__GNUC__) && ( \
+ defined(__amd64__) || defined(__x86_64__) || \
+ defined(__ppc64__) || defined(__powerpc64__) || \
+ defined(__ia64__) || defined(__alpha__) || \
+ (defined(__sparc__) && defined(__arch64__)) || \
+ defined(__s390x__) ) )
+ typedef int64_t t_sint;
+ typedef uint64_t t_uint;
+ typedef unsigned int t_udbl __attribute__((mode(TI)));
+ #define POLARSSL_HAVE_UDBL
#else
- #if defined(POLARSSL_HAVE_LONGLONG)
- typedef unsigned long long t_udbl;
- #endif
+ typedef int32_t t_sint;
+ typedef uint32_t t_uint;
+ #if ( defined(_MSC_VER) && defined(_M_IX86) )
+ typedef uint64_t t_udbl;
+ #define POLARSSL_HAVE_UDBL
+ #else
+ #if defined( POLARSSL_HAVE_LONGLONG )
+ typedef unsigned long long t_udbl;
+ #define POLARSSL_HAVE_UDBL
+ #endif
+ #endif
#endif
#endif
-#endif
-#endif
+#endif /* POLARSSL_HAVE_INT16 */
+#endif /* POLARSSL_HAVE_INT8 */
/**
* \brief MPI structure
@@ -192,7 +226,7 @@ int mpi_lset( mpi *X, t_sint z );
*
* \return Either a 0 or a 1
*/
-int mpi_get_bit( mpi *X, size_t pos );
+int mpi_get_bit( const mpi *X, size_t pos );
/*
* \brief Set a bit of X to a specific value of 0 or 1
@@ -211,14 +245,20 @@ int mpi_get_bit( mpi *X, size_t pos );
int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
/**
- * \brief Return the number of least significant bits
+ * \brief Return the number of zero-bits before the least significant
+ * '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
*
* \param X MPI to use
*/
size_t mpi_lsb( const mpi *X );
/**
- * \brief Return the number of most significant bits
+ * \brief Return the number of bits up to and including the most
+ * significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
*
* \param X MPI to use
*/
@@ -259,6 +299,7 @@ int mpi_read_string( mpi *X, int radix, const char *s );
*/
int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
+#if defined(POLARSSL_FS_IO)
/**
* \brief Read X from an opened file
*
@@ -285,6 +326,7 @@ int mpi_read_file( mpi *X, int radix, FILE *fin );
* \note Set fout == NULL to print X on the console.
*/
int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
+#endif /* POLARSSL_FS_IO */
/**
* \brief Import X from unsigned binary data, big endian
@@ -537,7 +579,8 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
+ * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even or if
+ * E is negative
*
* \note _RR is used to avoid re-computing R*R mod N across
* multiple calls, which speeds up things a bit. It can
View
161 polarssl/include/polarssl/blowfish.h
@@ -0,0 +1,161 @@
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ * Copyright (C) 2012-2012, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_BLOWFISH_H
+#define POLARSSL_BLOWFISH_H
+
+#include <string.h>
+
+#ifdef _MSC_VER
+#include <basetsd.h>
+typedef UINT32 uint32_t;
+#else
+#include <inttypes.h>
+#endif
+
+#define BLOWFISH_ENCRYPT 1
+#define BLOWFISH_DECRYPT 0
+#define BLOWFISH_MAX_KEY 448
+#define BLOWFISH_MIN_KEY 32
+#define BLOWFISH_ROUNDS 16 /* when increasing this value, make sure to extend the initialisation vectors */
+#define BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
+
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
+
+/**
+ * \brief Blowfish context structure
+ */
+typedef struct
+{
+ uint32_t P[BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
+ uint32_t S[4][256]; /*!< key dependent S-boxes */
+}
+blowfish_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Blowfish key schedule
+ *
+ * \param ctx Blowfish context to be initialized
+ * \param key encryption key
+ * \param keysize must be between 32 and 448 bits
+ *
+ * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned int keysize );
+
+/**
+ * \brief Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param input 8-byte input block
+ * \param output 8-byte output block
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_ecb( blowfish_context *ctx,
+ int mode,
+ const unsigned char input[BLOWFISH_BLOCKSIZE],
+ unsigned char output[BLOWFISH_BLOCKSIZE] );
+
+/**
+ * \brief Blowfish-CBC buffer encryption/decryption
+ * Length should be a multiple of the block
+ * size (8 bytes)
+ *
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param length length of the input data
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int blowfish_crypt_cbc( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+
+/**
+ * \brief Blowfish CFB buffer encryption/decryption.
+ *
+ * both
+ * \param ctx Blowfish context
+ * \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param length length of the input data
+ * \param iv_off offset in IV (updated after use)
+ * \param iv initialization vector (updated after use)
+ * \param input buffer holding the input data
+ * \param output buffer holding the output data
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_cfb64( blowfish_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+
+/*
+ * \brief Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param length The length of the data
+ * \param nc_off The offset in the current stream_block (for resuming
+ * within current cipher stream). The offset pointer to
+ * should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block The saved stream-block for resuming. Is overwritten
+ * by the function.
+ * \param input The input data stream
+ * \param output The output data stream
+ *
+ * \return 0 if successful
+ */
+int blowfish_crypt_ctr( blowfish_context *ctx,
+ size_t length,
+ size_t *nc_off,
+ unsigned char nonce_counter[BLOWFISH_BLOCKSIZE],
+ unsigned char stream_block[BLOWFISH_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* blowfish.h */
View
146 polarssl/include/polarssl/bn_mul.h
@@ -395,32 +395,82 @@
#endif /* PPC32 */
#endif /* PPC64 */
-#if defined(__sparc__)
+#if defined(__sparc__) && defined(__sparc64__)
#define MULADDC_INIT \
- asm( "ld %0, %%o0 " :: "m" (s)); \
- asm( "ld %0, %%o1 " :: "m" (d)); \
- asm( "ld %0, %%o2 " :: "m" (c)); \
- asm( "ld %0, %%o3 " :: "m" (b));
+ asm( \
+ " \
+ ldx %3, %%o0; \
+ ldx %4, %%o1; \
+ ld %5, %%o2; \
+ ld %6, %%o3; \
+ "
#define MULADDC_CORE \
- asm( "ld [%o0], %o4 " ); \
- asm( "inc 4, %o0 " ); \
- asm( "ld [%o1], %o5 " ); \
- asm( "umul %o3, %o4, %o4 " ); \
- asm( "addcc %o4, %o2, %o4 " ); \
- asm( "rd %y, %g1 " ); \
- asm( "addx %g1, 0, %g1 " ); \
- asm( "addcc %o4, %o5, %o4 " ); \
- asm( "st %o4, [%o1] " ); \
- asm( "addx %g1, 0, %o2 " ); \
- asm( "inc 4, %o1 " );
+ " \
+ ld [%%o0], %%o4; \
+ inc 4, %%o0; \
+ ld [%%o1], %%o5; \
+ umul %%o3, %%o4, %%o4; \
+ addcc %%o4, %%o2, %%o4; \
+ rd %%y, %%g1; \
+ addx %%g1, 0, %%g1; \
+ addcc %%o4, %%o5, %%o4; \
+ st %%o4, [%%o1]; \
+ addx %%g1, 0, %%o2; \
+ inc 4, %%o1; \
+ "
#define MULADDC_STOP \
- asm( "st %%o2, %0 " : "=m" (c)); \
- asm( "st %%o1, %0 " : "=m" (d)); \
- asm( "st %%o0, %0 " : "=m" (s) :: \
- "g1", "o0", "o1", "o2", "o3", "o4", "o5" );
+ " \
+ st %%o2, %0; \
+ stx %%o1, %1; \
+ stx %%o0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "g1", "o0", "o1", "o2", "o3", "o4", \
+ "o5" \
+ );
+#endif /* SPARCv9 */
+
+#if defined(__sparc__) && !defined(__sparc64__)
+
+#define MULADDC_INIT \
+ asm( \
+ " \
+ ld %3, %%o0; \
+ ld %4, %%o1; \
+ ld %5, %%o2; \
+ ld %6, %%o3; \
+ "
+
+#define MULADDC_CORE \
+ " \
+ ld [%%o0], %%o4; \
+ inc 4, %%o0; \
+ ld [%%o1], %%o5; \
+ umul %%o3, %%o4, %%o4; \
+ addcc %%o4, %%o2, %%o4; \
+ rd %%y, %%g1; \
+ addx %%g1, 0, %%g1; \
+ addcc %%o4, %%o5, %%o4; \
+ st %%o4, [%%o1]; \
+ addx %%g1, 0, %%o2; \
+ inc 4, %%o1; \
+ "
+
+#define MULADDC_STOP \
+ " \
+ st %%o2, %0; \
+ st %%o1, %1; \
+ st %%o0, %2; \
+ " \
+ : "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "g1", "o0", "o1", "o2", "o3", "o4", \
+ "o5" \
+ );
#endif /* SPARCv8 */
@@ -498,7 +548,57 @@
#if defined(__arm__)
-#if !defined(__thumb__)
+#if defined(__thumb__)
+
+#define MULADDC_INIT \
+ asm( "ldr r0, %0 " :: "m" (s)); \
+ asm( "ldr r1, %0 " :: "m" (d)); \
+ asm( "ldr r2, %0 " :: "m" (c)); \
+ asm( "ldr r3, %0 " :: "m" (b)); \
+ asm( "lsr r7, r3, #16 " ); \
+ asm( "mov r9, r7 " ); \
+ asm( "lsl r7, r3, #16 " ); \
+ asm( "lsr r7, r7, #16 " ); \
+ asm( "mov r8, r7 " );
+
+#define MULADDC_CORE \
+ asm( "ldmia r0!, {r6} " ); \
+ asm( "lsr r7, r6, #16 " ); \
+ asm( "lsl r6, r6, #16 " ); \
+ asm( "lsr r6, r6, #16 " ); \
+ asm( "mov r4, r8 " ); \
+ asm( "mul r4, r6 " ); \
+ asm( "mov r3, r9 " ); \
+ asm( "mul r6, r3 " ); \
+ asm( "mov r5, r9 " ); \
+ asm( "mul r5, r7 " ); \
+ asm( "mov r3, r8 " ); \
+ asm( "mul r7, r3 " ); \
+ asm( "lsr r3, r6, #16 " ); \
+ asm( "add r5, r5, r3 " ); \
+ asm( "lsr r3, r7, #16 " ); \
+ asm( "add r5, r5, r3 " ); \
+ asm( "add r4, r4, r2 " ); \
+ asm( "mov r2, #0 " ); \
+ asm( "adc r5, r2 " ); \
+ asm( "lsl r3, r6, #16 " ); \
+ asm( "add r4, r4, r3 " ); \
+ asm( "adc r5, r2 " ); \
+ asm( "lsl r3, r7, #16 " ); \
+ asm( "add r4, r4, r3 " ); \
+ asm( "adc r5, r2 " ); \
+ asm( "ldr r3, [r1] " ); \
+ asm( "add r4, r4, r3 " ); \
+ asm( "adc r2, r5 " ); \
+ asm( "stmia r1!, {r4} " );
+
+#define MULADDC_STOP \
+ asm( "str r2, %0 " : "=m" (c)); \
+ asm( "str r1, %0 " : "=m" (d)); \
+ asm( "str r0, %0 " : "=m" (s) :: \
+ "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" );
+
+#else
#define MULADDC_INIT \
asm( "ldr r0, %0 " :: "m" (s)); \
@@ -693,7 +793,7 @@
#endif /* POLARSSL_HAVE_ASM */
#if !defined(MULADDC_CORE)
-#if defined(POLARSSL_HAVE_LONGLONG)
+#if defined(POLARSSL_HAVE_UDBL)
#define MULADDC_INIT \
{ \
@@ -701,7 +801,7 @@
t_uint r0, r1;
#define MULADDC_CORE \
- r = *(s++) * (t_udbl) b; \
+ r = *(s++) * (t_udbl) b; \
r0 = r; \
r1 = r >> biL; \
r0 += c; r1 += (r0 < c); \
View
19 polarssl/include/polarssl/cipher.h
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -48,14 +48,17 @@
typedef enum {
POLARSSL_CIPHER_ID_NONE = 0,
+ POLARSSL_CIPHER_ID_NULL,
POLARSSL_CIPHER_ID_AES,
POLARSSL_CIPHER_ID_DES,
POLARSSL_CIPHER_ID_3DES,
POLARSSL_CIPHER_ID_CAMELLIA,
+ POLARSSL_CIPHER_ID_BLOWFISH,
} cipher_id_t;
typedef enum {
POLARSSL_CIPHER_NONE = 0,
+ POLARSSL_CIPHER_NULL,
POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC,
@@ -76,13 +79,17 @@ typedef enum {
POLARSSL_CIPHER_CAMELLIA_256_CTR,
POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_CBC,
- POLARSSL_CIPHER_DES_EDE3_CBC
+ POLARSSL_CIPHER_DES_EDE3_CBC,
+ POLARSSL_CIPHER_BLOWFISH_CBC,
+ POLARSSL_CIPHER_BLOWFISH_CFB64,
+ POLARSSL_CIPHER_BLOWFISH_CTR,
} cipher_type_t;
typedef enum {
POLARSSL_MODE_NONE = 0,
+ POLARSSL_MODE_NULL,
POLARSSL_MODE_CBC,
- POLARSSL_MODE_CFB128,
+ POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_CTR,
} cipher_mode_t;
@@ -118,8 +125,8 @@ typedef struct {
int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output );
- /** Encrypt using CFB128 */
- int (*cfb128_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
+ /** Encrypt using CFB (Full length) */
+ int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input, unsigned char *output );
/** Encrypt using CTR */
@@ -313,7 +320,7 @@ static inline int cipher_get_iv_size( const cipher_context_t *ctx )
static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
- return 0;
+ return POLARSSL_CIPHER_NONE;
return ctx->cipher_info->type;
}
View
18 polarssl/include/polarssl/cipher_wrap.h
@@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -84,6 +84,22 @@ extern const cipher_info_t des_ede3_cbc_info;
#endif /* defined(POLARSSL_DES_C) */
+#if defined(POLARSSL_BLOWFISH_C)
+extern const cipher_info_t blowfish_cbc_info;
+
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+extern const cipher_info_t blowfish_cfb64_info;
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+extern const cipher_info_t blowfish_ctr_info;
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* defined(POLARSSL_BLOWFISH_C) */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+extern const cipher_info_t null_cipher_info;
+#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
+
#ifdef __cplusplus
}
#endif
View
203 polarssl/include/polarssl/config.h
@@ -3,7 +3,7 @@
*
* \brief Configuration options (set of defines)
*
- * Copyright (C) 2006-2011, Brainspark B.V.
+ * Copyright (C) 2006-2012, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -63,11 +63,10 @@
/**
* \def POLARSSL_HAVE_LONGLONG
*
- * The compiler supports the use of long long.
- *
- * Uncomment if the compiler supports long long.
-#define POLARSSL_HAVE_LONGLONG
+ * The compiler supports the 'long long' type.
+ * (Only used on 32-bit platforms)
*/
+#define POLARSSL_HAVE_LONGLONG
/**
* \def POLARSSL_HAVE_ASM
@@ -89,7 +88,7 @@
/**
* \def POLARSSL_HAVE_SSE2
*
- * CPI supports SSE2 instruction set.
+ * CPU supports SSE2 instruction set.
*
* Uncomment if the CPU supports SSE2 (IA-32 specific).
*
@@ -130,13 +129,36 @@
#define POLARSSL_CIPHER_MODE_CTR
/**
- * \def POLARSSL_DEBUG_MSG
+ * \def POLARSSL_CIPHER_NULL_CIPHER
*
- * Requires: POLARSSL_DEBUG_C
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
*
- * Enable all SSL/TLS debugging messages.
+ * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ * TLS_RSA_WITH_NULL_MD5
+ * TLS_RSA_WITH_NULL_SHA
+ * TLS_RSA_WITH_NULL_SHA256
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+#define POLARSSL_CIPHER_NULL_CIPHER
+ */
+
+/**
+ * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels without virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ * TLS_RSA_WITH_DES_CBC_SHA
+ * TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/
-#define POLARSSL_DEBUG_MSG
/**
* \def POLARSSL_GENPRIME
@@ -206,6 +228,16 @@
#define POLARSSL_SELF_TEST
/**
+ * \def POLARSSL_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+#define POLARSSL_SSL_HW_RECORD_ACCEL
+ */
+
+/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
@@ -215,6 +247,22 @@
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
+
+/**
+ * \def POLARSSL_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * Used in: library/ssl_tls.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+#define POLARSSL_ZLIB_SUPPORT
+ */
/* \} name */
/**
@@ -234,10 +282,18 @@
* library/pem.c
* library/ctr_drbg.c
*
- * This module enables the following ciphersuites:
- * SSL_RSA_AES_128_SHA
- * SSL_RSA_AES_256_SHA
- * SSL_EDH_RSA_AES_256_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_WITH_AES_128_CBC_SHA
+ * TLS_RSA_WITH_AES_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ * TLS_RSA_WITH_AES_128_GCM_SHA256
+ * TLS_RSA_WITH_AES_256_GCM_SHA384
*/
#define POLARSSL_AES_C
@@ -250,8 +306,8 @@
* Caller: library/ssl_tls.c
*
* This module enables the following ciphersuites:
- * SSL_RSA_RC4_128_MD5
- * SSL_RSA_RC4_128_SHA
+ * TLS_RSA_WITH_RC4_128_MD5
+ * TLS_RSA_WITH_RC4_128_SHA
*/
#define POLARSSL_ARC4_C
@@ -266,6 +322,15 @@
#define POLARSSL_ASN1_PARSE_C
/**
+ * \def POLARSSL_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module: library/asn1write.c
+ */
+#define POLARSSL_ASN1_WRITE_C
+
+/**
* \def POLARSSL_BASE64_C
*
* Enable the Base64 module.
@@ -293,6 +358,15 @@
#define POLARSSL_BIGNUM_C
/**
+ * \def POLARSSL_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module: library/blowfish.c
+ */
+#define POLARSSL_BLOWFISH_C
+
+/**
* \def POLARSSL_CAMELLIA_C
*
* Enable the Camellia block cipher.
@@ -300,10 +374,16 @@
* Module: library/camellia.c
* Caller: library/ssl_tls.c
*
- * This module enabled the following cipher suites:
- * SSL_RSA_CAMELLIA_128_SHA
- * SSL_RSA_CAMELLIA_256_SHA
- * SSL_EDH_RSA_CAMELLIA_256_SHA
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
*/
#define POLARSSL_CAMELLIA_C