7c7d7d67cefc52cf9706d370186423de45980a45
15 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Przemysław Czerpak
|
7c7d7d67ce |
2025-12-23 00:42 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
Some checks failed
linux-ci / ubuntu-ci (clang, normal) (push) Has been cancelled
linux-ci / ubuntu-ci (clang, strict) (push) Has been cancelled
linux-ci / ubuntu-ci (gcc, normal) (push) Has been cancelled
linux-ci / ubuntu-ci (gcc, strict) (push) Has been cancelled
macos-ci / macos-ci (clang, normal) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:freebsd version:14.0], strict) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:omnios version:r151046], normal) (push) Has been cancelled
macos-ci / macos-ci (clang, strict) (push) Has been cancelled
macos-ci / macos-ci (gcc, normal) (push) Has been cancelled
macos-ci / macos-ci (gcc, strict) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:freebsd version:14.2], normal) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:omnios version:r151046], strict) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:solaris version:11.4], normal) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:solaris version:11.4], strict) (push) Has been cancelled
windows-ci / windows-ci (bcc, x86, normal) (push) Has been cancelled
windows-ci / windows-ci (bcc, x86, strict) (push) Has been cancelled
windows-ci / windows-ci (clang, x86_64, normal) (push) Has been cancelled
windows-ci / windows-ci (clang, x86_64, strict) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:freebsd version:14.2], strict) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:netbsd version:10.0], normal) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:netbsd version:10.0], strict) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:openbsd version:7.6], normal) (push) Has been cancelled
vm1-ci / vm1-ci (clang, map[name:openbsd version:7.6], strict) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:freebsd version:14.2], normal) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:freebsd version:14.2], strict) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:netbsd version:10.0], normal) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:netbsd version:10.0], strict) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:openbsd version:7.6], normal) (push) Has been cancelled
vm1-ci / vm1-ci (gcc, map[name:openbsd version:7.6], strict) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:freebsd version:14.0], normal) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:freebsd version:14.0], strict) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:omnios version:r151046], normal) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:omnios version:r151046], strict) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:solaris version:11.4], normal) (push) Has been cancelled
vm2-ci / vm2-ci (clang, map[name:solaris version:11.4], strict) (push) Has been cancelled
vm2-ci / vm2-ci (gcc, map[name:freebsd version:14.0], normal) (push) Has been cancelled
windows-ci / windows-ci (mingw64, x86, normal) (push) Has been cancelled
windows-ci / windows-ci (mingw64, x86, strict) (push) Has been cancelled
windows-ci / windows-ci (mingw64, x86_64, normal) (push) Has been cancelled
windows-ci / windows-ci (mingw64, x86_64, strict) (push) Has been cancelled
* contrib/hbssl/d2i.c
* contrib/hbssl/hbssl.hbx
* added new PRG function which converts ASN.1 DER SEQUENCE (RFC 3279) to
IEEE P1363 Fixed Field Concatenation ( R || S ):
D2I_ECDSA_SIG_RS( <cSigDER> ) -> <cSigRS>
* src/rtl/vfile.c
* comment formatting
|
||
|
Przemysław Czerpak
|
ddf295b16b |
2025-12-21 10:45 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/evppkey.c
+ added new PRG functions:
EVP_PKEY_CTX_get_RSA_PSS_saltlen( <pKeyCTX>, @<nSaltLen> )
-> <nRetCode>
EVP_PKEY_CTX_set_RSA_PSS_saltlen( <pKeyCTX>, <nSaltLen> )
-> <nRetCode>
EVP_PKEY_CTX_get_signature_md( <pKeyCTX>, @<nEvpHash> )
-> <nRetCode>
EVP_PKEY_CTX_set_signature_md( <pKeyCTX>, <nEvpHash> | <cEvpHash> )
-> <nRetCode>
EVP_PKEY_sign_init( <pKeyCTX> ) -> <nRetCode>
EVP_PKEY_sign( <pKeyCTX>, @<cSignature>, <cData> ) -> <nRetCode>
EVP_PKEY_verify_init( <pKeyCTX> ) -> <nRetCode>
EVP_PKEY_verify( <pKeyCTX>, <cSignature>, <cData> ) -> <nRetCode>
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/x509.c
+ added new PRG function:
X509_get_serialNumber( <pX509> ) -> <nSerialNum>
* src/rtl/base64d.c
* indenting
; question: With small modification we can add support for base64url
encoding (with additional parameter passed to hb_base64encode())
and decoding (can be done automatically by hb_base64decode()).
Do you think it's worth to do or it's such simple thing that
we should keep the code clean and user can make necessary
conversions themselves.
|
||
|
Przemysław Czerpak
|
24b2f28431 |
2025-12-10 16:29 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/evpmd.c
* contrib/hbssl/hbssl.h
* moved hb_EVP_MD_ptr_to_id() function from static to public area
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/hbssl.hbm
+ contrib/hbssl/d2i.c
* added new functions to extract asynchronous keys and certificates
from DER data:
D2I_PUBKEY( <cDER> ) -> <pEVPKey>
D2I_RSAPUBLICKEY( <cDER> ) -> <pRSAKey>
D2I_X509( <cDER> ) -> <pX509Cert>
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/evppkey.c
+ added new functions to get/set RSA asymmetric keys parameters
encapsulated in EVP_PKEY structures:
EVP_PKEY_CTX_get_RSA_padding()
EVP_PKEY_CTX_set_RSA_padding()
EVP_PKEY_CTX_get_RSA_OAEP_md()
EVP_PKEY_CTX_set_RSA_OAEP_md()
EVP_PKEY_CTX_get_RSA_MGF1_md()
EVP_PKEY_CTX_set_RSA_MGF1_md()
* src/common/hbdate.c
* accept up to 9 fractional digits (nanoseconds) in timestamp strings
though only first three ones (milliseconds) are significant.
Recently some tools begin to generate such timestamp values and
Harbour had problems with decoding them correctly.
* src/compiler/hbmain.c
+ allow to pass file name for source code compiled by hb_compileFromBuf()
It works like in all other versions of hb_compile*() functions - it's
enough to pass it as argument without option prefix (option prefix
is "-" on all platforms and also "/" on DOS, OS2, MS-Win).
Please remember that first parameter after control ones is used as
compiler name in generated output messages regardless of its option
prefix.
|
||
|
Przemysław Czerpak
|
f5a3c980fc |
2025-01-28 11:34 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/bio.c
! fixed BIO_set_conn_int_port() to work with OpenSSL >= 1.1
(emulation with BIO_set_conn_port())
! fixed BIO_get_conn_ip() to work with OpenSSL >= 1.1
(emulation with BIO_get_conn_address() and BIO_ADDR_hostname_string())
+ added BIO_get_conn_address(), it returns HB_SOCKET compatible array
with address
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/sslctx.c
+ added new function SSL_CTX_use_RSAPrivateKey()
! respect OPENSSL_NO_RSA macro in other SSL_CTX_use_RSA*() functions
* contrib/hbssl/evp.c
! use EVP_CIPHER_key_length() and EVP_CIPHER_iv_length() in
EVP_BytesToKey() to detect the exact key and iv length.
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
* contrib/hbssl/rsa.c
* removed hb_RSA_par_remove() function, use RSA_up_ref() instead
* contrib/hbssl/hbssl.h
* contrib/hbssl/x509.c
* contrib/hbssl/pem.c
* contrib/hbssl/ssl.c
* removed 2-nd parameter ( HB_BOOL fRelease ) from hb_X509_ret(),
use X509_up_ref() instead
* contrib/hbssl/pem.c
* respect OPENSSL_NO_DSA, OPENSSL_NO_DH and OPENSSL_NO_RSA macros
* contrib/hbssl/ssl_sock.c
* added casting to pacify SSL_set_fd() warning and updated link with
description of the problem
|
||
|
Przemysław Czerpak
|
74322e702c |
2023-11-22 09:06 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/hbssl.h
+ contrib/hbssl/rsa.c
+ added PRG functions for RSA encryption/decryption:
RSA_size( <pKey> ) -> <nCipherBlockSize>
RSA_public_encrypt( <pKey>, <cData>, @<cDataEnc> ;
[, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
-> <nSize> > 0 | <nError> <= 0
RSA_private_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ;
[, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
-> <nSize> > 0 | <nError> <= 0
RSA_private_encrypt( <pKey>, <cData>, @<cDataEnc> ;
[, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
-> <nSize> > 0 | <nError> <= 0
RSA_public_decrypt( <pKey>, <cDataEnc>, @<cDataDec> ;
[, <nPadding> = HB_RSA_PKCS1_PADDING ] ) ;
-> <nSize> > 0 | <nError> <= 0
+ added C functions for manipulating RSA keys inside HB_ITEMs:
HB_BOOL hb_RSA_is( int iParam );
RSA * hb_RSA_par( int iParam );
void hb_RSA_ret( RSA * rsa );
* contrib/hbssl/pem.c
+ added support for RSA keys.
Now the following PRG functions return RSA key which can be passed to
RSA_* functions:
PEM_READ_BIO_RSAPRIVATEKEY()
PEM_READ_BIO_RSAPUBLICKEY()
PEM_READ_BIO_RSA_PUBKEY()
* contrib/hbssl/evppkey.c
+ added functions for EVP_PKEY encryption/decryption:
EVP_PKEY_base_id( <pKey> ) -> <nType>
EVP_PKEY_CTX_new( <pKey> ) -> <pKeyCTX>
EVP_PKEY_encrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error)
EVP_PKEY_encrypt( <pKeyCTX>, @<cDataEnc>, <cData> ) ;
-> <nSize> > 0 | <nError> <= 0
EVP_PKEY_decrypt_init( <pKeyCTX> ) -> <nResult> (1 - OK, <=0 - Error)
EVP_PKEY_decrypt( <pKeyCTX>, @<cDataDec>, <cDataEnc> ) ;
-> <nSize> > 0 | <nError> <= 0
Above functions can be used with keys loaded by:
PEM_READ_PRIVATEKEY()
PEM_READ_PUBKEY()
In OpenSSL 3.0 typed functions like *RSA*, *DSA*, *DH*, ... are
depreciated and common for different methods EVP ones should be
used instead.
+ added support for RSA encryption/decryption in above functions in
OpenSSL libraries prior 1.0.0 which do not have EVP_PKEY_CTX. RSA
support is emulated by direct calls to RSA_* functions so now for
RSA it's possible to use new functions with old OpenSSL libraries.
* contrib/hbssl/hbssl.ch
+ added constants for RSA padding: HB_RSA_*_PADDING
+ added constants for EVP PKEY types: HB_EVP_PKEY_*
* contrib/hbssl/hbssl.hbx
+ added new functions
|
||
|
Przemysław Czerpak
|
611a7ac281 |
2018-11-16 16:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/bio.c
* contrib/hbssl/err.c
* contrib/hbssl/evp.c
* contrib/hbssl/evpciph.c
* contrib/hbssl/evpenc.c
* contrib/hbssl/evpmd.c
* contrib/hbssl/evppkey.c
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
* contrib/hbssl/rand.c
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_hb.c
* contrib/hbssl/ssl_inet.c
* contrib/hbssl/ssl_sock.c
* contrib/hbssl/sslciph.c
* contrib/hbssl/sslctx.c
* contrib/hbssl/sslsess.c
* contrib/hbssl/x509.c
* synced with Viktor's 3.4 branch and updated to OpenSSL 1.1
* include/hbsocket.h
* src/rtl/hbsocket.c
+ added new C function:
HB_U16 hb_socketNToHS( HB_U16 netshort )
* include/hbapiitm.h
* src/vm/itemapi.c
+ added new C functions:
const char * hb_itemGetCRef( PHB_ITEM pItem, void ** phRef,
HB_SIZE * pnLen );
void hb_itemFreeCRef( void * hRef );
hb_itemGetCRef() locks string inside character item so it cannot be
released when item is cleared an hb_itemFreeCRef() unlocks it and
free if item holding it was cleared.
|
||
|
maurilio
|
9183c2a865 |
2018-05-11 12:23 UTC+0200 maurilio (maurilio.longo@libero.it)
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/ssl.c
+ Added function SSL_set_tlsext_host_name() which is needed to access
a virtual host when using HTTPS.
See https://en.wikipedia.org/wiki/Server_Name_Indication
+ Added function SSL_set_verify().
* src/rtl/fstemp.c
! hb_fsTempName() was not returning a valid temp name on OS/2
|
||
|
Przemysław Czerpak
|
0b8990ede5 |
2016-11-16 16:10 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.h
* contrib/hbssl/evppkey.c
+ added new C function
void hb_EVP_PKEY_ret( EVP_PKEY * pkey );
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
+ added new PRG functions:
PEM_READ_PRIVATEKEY()
PEM_READ_PUBKEY()
* contrib/hbssl/ssl_sock.c
! added missing HB_SOCKET_ERR_TIMEOUT setting in hb_ssl_socketRead()
! fixed cleared to early SSL error code in hb_ssl_socketWrite()
* contrib/hbssl/tests/inetssl.prg
! interrupt test program if server thread stops
* load server certificates before listen socket is created
* src/rdd/dbfnsx/dbfnsx1.c
! code cleanup to pacify warnings in new GCC versions
* src/rtl/filesys.c
! check if child's fork() was executed successfully
* src/rtl/hbproces.c
! use hb_fsCloseRaw() instead of close() in hb_fsProcessExec() to avoid
lost handles when close() operation is interrupted by signal.
! repeat waitpid() calls interrupted by signal
|
||
|
Przemysław Czerpak
|
4cce9c8403 |
2016-07-18 20:32 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
* contrib/hbssl/x509.c
+ added new prg functions: PEM_READ_X509(), PEM_READ_X509_AUX() and
X509_get_PubKey()
* src/debug/dbgmenu.prg
! fixed wrong method name :ToggleBreakPoint() -> BreakPointToggle()
Thanks to Viktor.
* src/rtl/gtwin/gtwin.c
* hardcoded some LEFT_ALT + <key> to return K_ALT_* value instead of
national characters, i.e. in EL keyboard layout. Please test it.
I cannot check it in my MS-Windows version.
|
||
|
Przemysław Czerpak
|
05bbf52617 |
2016-01-13 11:08 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* include/hbsocket.h
* src/rtl/hbsockhb.c
+ added new C function:
HB_BOOL hb_sockexItemReplace( PHB_ITEM pItem, PHB_SOCKEX pSock );
* contrib/hbssl/ssl_sock.c
+ replace passed socket structure to hb_socketNewSSL_connect() and
hb_socketNewSSL_accept() with new one using SSL filter if it was
passed by reference, current syntax is:
hb_socketNewSSL_connect( [@]<pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL>
hb_socketNewSSL_accept( [@]<pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL>
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
+ contrib/hbssl/ssl_hbcon.prg
+ added new PRG functions which can be used for fast initialization of
SSL connection:
hb_SSL_new() -> <pSSL>
hb_SSL_connect_inet( <pSocket>, [ <nTimeOut> ], [ @<cInfo> ] )
-> <lConnected>
hb_SSL_connect_socket( <pSocket>, [ <nTimeOut> ], [ @<cInfo> ] )
-> <lConnected>
They do not need any addiitonal initialization code and can be called
as first and the only SSL functions in user code.
* contrib/hbtip/mail.prg
! fixed bug reported by Lorenzo - thanks
* use hb_MemoWrit() in :detachFile() to honor Harbour File IO API
* cleanup
* src/common/hbffind.c
* src/rtl/gtos2/gtos2.c
* src/rtl/hbproces.c
* cleaned DosAllocMem() flags
* src/common/hbfsapi.c
* src/rtl/hbproces.c
* pacified OS2 GCC warnings
* config/global.mk
* show information about HB_MT build parameter if set by user
|
||
|
Przemysław Czerpak
|
41b8ecb6c7 |
2015-08-26 15:51 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* include/hbsocket.h
* src/rtl/hbsockhb.c
+ added socket filters to standard socket API.
At C level hb_sockex*() function with PHB_SOCKEX handler can be
used to operate on socket filters. At PRG level standard hb_socket*()
functions can be used.
The following things has been changed in PRG hb_socket*() functions:
hb_socketErorrString() can accept <pSocket> as 1-st or 2-nd parameter
and redirect call to socket filter errorStr() method.
hb_socketClose() executes automatically shutdown() for connected
sockets - it is important in windows only where without explicit
call to shutdown() before close transmitted data can be lost.
hb_socketSend() and hb_socketRecv() can be redirected to filter
streams if filter set such redirection. If filter does not redirect
them then they operate on raw sockets. If hb_socketSend() is
redirected then sent data is flushed automatically.
The following new PRG functions has been added:
Add/replace socket filter:
hb_socketSetFilter( <pSocket>, [<cFilterName>], [<hParams>] )
-> <pSocket> | NIL
<cFilterName> is filter name, It's possible to set many filters
in single hb_socketSetFilter() call separating filter names
with "|" character, i.e.:
pSock := hb_socketSetFilter( pSock, "ZSOCK|BFSOCK", hParams )
<hParams> is hash array with initialization parameters used by
given socket filter. The core implementation recognize the
following settings:
"readahead" - numeric value with size of read ahead buffer
"flush" - numeric value with auto flush parameter (for more
information look at hb_socketAutoFlush() below)
"redir" - logical value which can be use to enable/disable
hb_socketSend() and hb_socketRecv() redirection
to filter stream.
Return filter name used by socket:
hb_socketGetFilter( <pSocket> ) -> <cFilterName>
Read from socket stream:
hb_socketRead( <pSocket>, @<cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nRead>
this function is similar to hb_socketRecv() but is always
redirected to socket stream filters.
Write to socket stream:
hb_socketWrite( <pSocket>, <cData>, [<nLen> = Len( cData )],
[<nTimeout> = FOREVER] ) -> <nWritten>
this function is similar to hb_socketSend() but it is always
redirected to socket stream filters. Written data is not flushed
by default and it should be flushed explicitly by hb_socketFlush().
Automatic flushing can be enabled by hb_socketAutoFlush() function.
Flush data written to socket:
hb_socketFlush( <pSocket>, [<nTimeout> = FOREVER], [<lSync>] )
-> <nNotFlushed>
<lSync> parameter is logical value which can be used to force
special synchronization method in some filters. Usually users
do not have to use it in normal code.
Enable/disable automatic flushing of written data.
hb_socketAutoFlush( <pSocket>, [ <nTimeout> ] ) -> <nTimeout>
<nTimeout> is timeout for automatic flush operation on written
data in milliseconds. <nTimeout> = -1 means wait forever and
<nTimeout> = 0 disables auto flush.
automatic flushing can help in adopting existing code anyhow it
may strongly reduce the performance in some filters, i.e.
compression filters like ZSOCK have to add special data to the
stream after each flush operation so it's suggested to call
flush explicitly when we want to force delivering written data
to the peer.
* include/hbznet.h
* src/rtl/hbznet.c
+ added ZNET socket filter - compressed and encrypted streams are
compatible with hb_znet*() streams. The old hb_znet*() interface
is obsolete for pure socket communication and if not used as
hb_inet*() filter then should be replaced by hb_sockex*() in
user programs.
ZNET socket filter can be created by new PRG functions:
hb_socketNewZNet( <pSocket>, [<cPass>], [<nCompressionLevel>], ;
[<nStrategy>] ) -> <pSocket> | NIL
or by standard socket API with "ZNET" as filter name.
ZNET filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
ZNET filter always disables any other filters and operates on raw
socket.
Please remember that it's optional module. If programmer does not
use hb_socketNewZNet() explicitly and prefers using hb_socketNew()
then he should force linking this module by REQUEST hb_socketNewZNet
+ added fSync parameter to hb_znetFlush()
[INCOMPATIBLE]
* src/rtl/hbinet.c
* call flush filter function before socket is closed
* src/rtl/Makefile
+ src/rtl/hbzsock.c
+ added ZSOCK socket filter - ZLIB and GZIP compression for socket
streams.
ZSOCK socket filter can be created by new PRG functions:
hb_socketNewZSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "ZSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewZSock
ZSOCK filter can be used with other filters.
ZSOCK filter recognize the following settings in initialization
hash array:
"zlib" - numeric compression level (HB_ZLIB_COMPRESSION_*)
"zs" - numeric ZLIB compression strategy (HB_ZLIB_STRATEGY_*)
"zin" - logical value which allow to enable/disable ZLIB
decompression on input stream (default)
"gzin" - logical value which allow to enable/disable GZIP
decompression on input stream - it's possible to
enable both ZLIB and GZIP decompression together
so both streams can be decompress
"zout" - logical value which allow to enable/disable ZLIB
compression on output stream (default)
"gzout" - logical value which allow to enable/disable GZIP
compression on output stream - if both "zout" and
"gzout" are enabled GZIP compression is used.
* src/rtl/Makefile
+ src/rtl/hbbfsock.c
+ added BFSOCK socket filter - BlowFish input and output stream
encryption in CTR mode.
BFSOCK socket filter can be created by new PRG functions:
hb_socketNewBFSock( <pSocket>, [<hParams>] ) -> <pSocket> | NIL
or by standard socket API with "BFSOCK" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewBFSock
BFSOCK filter can be used with other filters, i.e. with ZSOCK.
Please only remember that good encryption algorithms have to
generate data which cannot be compressed so using "BFSOCK|ZSOCK"
only wastes resources and correct filter order is "ZSOCK|BFSOCK".
BFSOCK filter recognize the following settings in initialization
hash array:
"key" or "pass" - string with encryption password
"iv" - string with initialization vector for CTR mode
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.h
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_inet.c
+ contrib/hbssl/ssl_sock.c
+ added SSL socket filter
SSL socket filter can be created by new PRG functions:
hb_socketNewSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
hb_socketNewSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
-> <pSocketSSL> | NIL
or by standard socket API with "SSL" as filter name.
Programmers using hb_socketNew() can force linking this module by
REQUEST hb_socketNewSSL_connect
or
REQUEST hb_socketNewSSL_accept
SSL filter always disables any other filters and operates on raw
socket.
SSL filter recognize the following settings in initialization hash
array:
"ctx" or "key" - pointer SSL item <pSSL>
"timeout" - timeout (numeric)
"client" - logical value indicating client mode (SSL_connect())
"server" - logical value indicating server mode (SSL_accept())
* contrib/hbssl/tests/inetssl.prg
! cleaned typo in local function name
* contrib/hbnetio/netiocli.c
* contrib/hbnetio/netiosrv.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets and hb_znet*()
* contrib/hbtcpio/tcpio.c
* use new Harbour extended socket API (hb_sockex*()) instead of
raw sockets
+ implemented hb_fileFlush()
|
||
|
Przemysław Czerpak
|
c8a04734fd |
2015-02-20 11:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/bio.c
* contrib/hbssl/err.c
* contrib/hbssl/evpciph.c
* contrib/hbssl/evpmd.c
* contrib/hbssl/hbssl.ch
* contrib/hbssl/hbssl.hbc
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/pem.c
* contrib/hbssl/rand.c
* contrib/hbssl/ssl.c
* contrib/hbssl/ssl_hb.c
* contrib/hbssl/sslctx.c
* contrib/hbssl/x509.c
; synced with Viktor's branch:
* favor openssl over libressl on darwin (2015-01-22 03:24 UTC+0100)
* build against libressl on darwin, if installed
(2015-01-22 03:24 UTC+0100)
* deleted custom openssl option 'OPENSSL_NO_SEED' on darwin.
(2015-01-22 03:24 UTC+0100)
+ AES/GCM ciphers added (couldn't make them work)
(2014-12-26 01:53 UTC+0100)
+ added BIO_GET_CONN_INT_PORT()
It's now fixed in OpenSSL, available in hbssl with OpenSSL 1.0.1 or upper
(2014-03-03 00:45 UTC+0100)
! BIO object is now GC collected, solving the leak and hopefully
some remaining memory problems around BIO_NEW_MEM_BUF()
(2014-02-26 04:54 UTC+0100)
! SSL_SET_BIO(): fixed 3rd parameter
(2014-02-26 04:54 UTC+0100)
! BIO_NEW_MEM_BUF(): fixed potential use-after-free.
(2014-02-24 16:02)
* formating and comments
|
||
|
Przemysław Czerpak
|
7886f9f0ea |
2015-02-10 17:23 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* include/hbznet.h
* src/rtl/hbinet.c
+ added new C function hb_znetInetTimeout()
* minor cleanup (local variables localization)
* contrib/hbssl/hbssl.hbm
* contrib/hbssl/hbssl.hbx
+ contrib/hbssl/ssl_inet.c
+ added support for SSL/TLS encryption in hb_inet*() sockets.
To enable SSL/TLS encryption on such socket it's enough to
call hb_inetSSL_connect() or hb_inetSSL_accept() passing as
1-st parameter hb_inet socket item with already established
connection and in in the 2-nd parameter SSL item. The peer
should call second function. In general hb_inetSSL_connect()
should be called by client and hb_inetSSL_accept() by server.
To use hb_inetSSL_accept() it's necessary to also set
certificated (at least self ;-)) encryption keys. See the
example I committed to test directory.
The exact syntax of new functions is:
hb_inetSSL_connect( <pSocket>, <pSSL> [, <nTimeout> ] )
hb_inetSSL_accept( <pSocket>, <pSSL> [, <nTimeout> ] )
To use hb_inet*() functions to connect with SSL/TLS server
Harbour users only have to call hb_inetSSL_connect() after
setting connection, i.e.:
IF !Empty( sock := hb_inetConnect( cServer, nPort ) )
ssl_ctx := SSL_CTX_new()
IF hb_inetSSL_connect( sock, SSL_new( ssl_ctx ) ) == 1
// SSL connection established
// now user can use all hb_inet*() functions is
// the same way as for raw TCP connections and
// all parameters like timeouts are fully supported
// but transmission is encrypted.
[...]
ENDIF
ENDIF
It's not longer necessary to use SSL_set_fd() + SSL_connect()
and then SSL_read() / SSL_write() / hb_SSL_read_line() /
hb_SSL_read_all().
BTW hb_SSL_read_line() and hb_SSL_read_all() in HBSSL library
are broken and have to be fixed.
TODO: Now HBTIP library can be nicely simplified and additional
code for SSL/TLS read/write operations removed. It's
enough to once call hb_inetSSL_connect() if SSL/TLS
encryption is needed.
+ contrib/hbssl/tests/inetssl.prg
+ added test code for hb_inet*() SSL/TLS connections.
It's client and server example which also generates self
certificated encryption keys running openssl command.
If this code is linked with non console GT then user
should generated certificates himself (see comment in
LoadCertificates() function for more information).
|
||
|
Viktor Szakats
|
3c4a9c46a3 | fixed casing inconsistencies | ||
|
vszakats
|
a4a357a18b |
2013-03-15 11:12 UTC+0100 Viktor Szakats (harbour syenar.net)
* /harbour/* -> /*
* moved whole Harbour source tree one level up to
avoid single 'harbour' top dir
|