TEMPLATE_HEADER
typename LR::Data LR::solveNormalEqn( Coordinate & c, Neighbors & nset ){
if( y.size().rows != Basis::size ){
A.resize( Basis::size, Basis::size );
y.resize( Basis::size, 1);
}
// find bounds for points
Coordinate lb = nset[0].point, rb = nset[0].point, tmp;
for( int j = 0; j < Coordinate::Dims ; j++ ){
for( int i = 1; i < nset.size(); i++ ){
lb[j] = fmin(nset[i].point[j],lb[j]);
rb[j] = fmax(nset[i].point[j],rb[j]);
}
}
// compute weights
std::vector<double> weights(nset.size());
wfunc(weights,nset);
// store values for A
A = 0;
for(int j = 0; j < Basis::size; j++ ){
for( int k = j; k < Basis::size; k++ ){
for( int i = 0; i < nset.size(); i++ ){
scale(lb,rb,nset[i].point,tmp);
A(j,k) += basis(k, tmp)*basis(j, tmp)*weights[i];
}
}
}
// store values for y
y = 0;
for(int j = 0; j < Basis::size; j++ ){
for( int i = 0; i < nset.size(); i++ ){
scale(lb,rb,nset[i].point,tmp);
y[j] += basis(j, tmp)*weights[i]*nset[i].data;
}
}
// solve system of equations
la::solve(A,y,coef);
// compute point
Data output = 0;
for( int i = 0; i < Basis::size; i++ ){
scale(lb,rb,c,tmp);
output += coef[i]*basis(i,tmp);
}
return output;
}
/*ARGSUSED1*/
void key (unsigned char key, int x, int y) {
switch (key) {
case 'b': bfunc(); break;
case 'c': cfunc(); break;
case 'l': lfunc(); break;
case 't': tfunc(); break;
case 'f': ffunc(); break;
case 'n': nfunc(); break;
case 'u': ufunc(); break;
case 'U': Ufunc(); break;
case 'p': pfunc(); break;
case 'P': Pfunc(); break;
case 'w': wfunc(); break;
case 'x': xfunc(); break;
case 'X': Xfunc(); break;
case 'y': yfunc(); break;
case '\033': exit(EXIT_SUCCESS); break;
default: break;
}
}
int tls_bio(ACL_SOCKET fd, int timeout, TLS_SESS_STATE *TLScontext,
int (*hsfunc) (SSL *),
int (*rfunc) (SSL *, void *, int),
int (*wfunc) (SSL *, const void *, int),
void *buf, int num)
{
const char *myname = "tls_bio";
int status = 0;
int err;
int retval = 0;
int biop_retval;
int done;
/*
* If necessary, retry the SSL handshake or read/write operation after
* handling any pending network I/O.
*/
for (done = 0; done == 0; /* void */ ) {
if (hsfunc) {
#if 1
status = hsfunc(TLScontext->con);
#else
status = SSL_do_handshake(TLScontext->con);
#endif
} else if (rfunc)
status = rfunc(TLScontext->con, buf, num);
else if (wfunc)
status = wfunc(TLScontext->con, buf, num);
else
acl_msg_panic("%s: nothing to do here", myname);
err = SSL_get_error(TLScontext->con, status);
#if (OPENSSL_VERSION_NUMBER <= 0x0090581fL)
/*
* There is a bug up to and including OpenSSL-0.9.5a: if an error
* occurs while checking the peers certificate due to some
* certificate error (e.g. as happend with a RSA-padding error), the
* error is put onto the error stack. If verification is not
* enforced, this error should be ignored, but the error-queue is not
* cleared, so we can find this error here. The bug has been fixed on
* May 28, 2000.
*
* This bug so far has only manifested as 4800:error:0407006A:rsa
* routines:RSA_padding_check_PKCS1_type_1:block type is not
* 01:rsa_pk1.c:100: 4800:error:04067072:rsa
* routines:RSA_EAY_PUBLIC_DECRYPT:padding check
* failed:rsa_eay.c:396: 4800:error:0D079006:asn1 encoding
* routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: so
* that we specifically test for this error. We print the errors to
* the logfile and automatically clear the error queue. Then we retry
* to get another error code. We cannot do better, since we can only
* retrieve the last entry of the error-queue without actually
* cleaning it on the way.
*
* This workaround is secure, as verify_result is set to "failed"
* anyway.
*/
if (err == SSL_ERROR_SSL) {
if (ERR_peek_error() == 0x0407006AL) {
tls_print_errors();
acl_msg_info("OpenSSL <= 0.9.5a workaround called: certificate errors ignored");
err = SSL_get_error(TLScontext->con, status);
}
}
#endif
/*
* Find out if we must retry the operation and/or if there is pending
* network I/O.
*
* XXX If we're the first to invoke SSL_shutdown(), then the operation
* isn't really complete when the call returns. We could hide that
* anomaly here and repeat the call.
*/
switch (err) {
case SSL_ERROR_NONE: /* success */
retval = status;
done = 1;
/* FALLTHROUGH */
case SSL_ERROR_WANT_WRITE: /* flush/update buffers */
case SSL_ERROR_WANT_READ:
biop_retval = network_biopair_interop(fd, timeout, TLScontext->network_bio);
if (biop_retval < 0)
return (-1); /* network read/write error */
break;
/*
* With tls_timed_read() and tls_timed_write() the caller is the
* VSTREAM library module which is unaware of TLS, so we log the
* TLS error stack here. In a better world, each VSTREAM I/O
* object would provide an error reporting method in addition to
* the timed_read and timed_write methods, so that we would not
* need to have ad-hoc code like this.
*/
case SSL_ERROR_SSL:
if (rfunc || wfunc)
tls_print_errors();
/* FALLTHROUGH */
default:
retval = status;
done = 1;
break;
}
}
return (retval);
}
int _WS_handshake(int sockfd)
{
int sz = 0, len, idx;
int ret = -1, save_errno = EPROTO;
char *last, *start, *end;
long flags;
char handshake[4096], response[4096],
path[1024], prefix[5] = "", scheme[10] = "ws", host[1024],
origin[1024], key1[100], key2[100], key3[9], chksum[17];
static void * (*rfunc)(), * (*wfunc)();
if (!rfunc) rfunc = (void *(*)()) dlsym(RTLD_NEXT, "recv");
if (!wfunc) wfunc = (void *(*)()) dlsym(RTLD_NEXT, "send");
DEBUG("_WS_handshake starting\n");
/* Disable NONBLOCK if set */
flags = fcntl(sockfd, F_GETFL, 0);
if (flags & O_NONBLOCK) {
fcntl(sockfd, F_SETFL, flags^O_NONBLOCK);
}
while (1) {
len = (int) rfunc(sockfd, handshake+sz, 4095, 0);
if (len < 1) {
ret = len;
save_errno = errno;
break;
}
sz += len;
handshake[sz] = '\x00';
if (sz < 4) {
// Not enough yet
continue;
}
if (strstr(handshake, "GET ") != handshake) {
// We got something but it wasn't a WebSockets client
break;
}
last = strstr(handshake, "\r\n\r\n");
if (! last) {
continue;
}
if (! strstr(handshake, "Upgrade: WebSocket\r\n")) {
MSG("Invalid WebSockets handshake\n");
break;
}
// Now parse out the data
start = handshake+4;
end = strstr(start, " HTTP/1.1");
if (!end) { break; }
snprintf(path, end-start+1, "%s", start);
start = strstr(handshake, "\r\nHost: ");
if (!start) { break; }
start += 8;
end = strstr(start, "\r\n");
snprintf(host, end-start+1, "%s", start);
start = strstr(handshake, "\r\nOrigin: ");
if (!start) { break; }
start += 10;
end = strstr(start, "\r\n");
snprintf(origin, end-start+1, "%s", start);
start = strstr(handshake, "\r\n\r\n") + 4;
if (strlen(start) == 8) {
sprintf(prefix, "Sec-");
snprintf(key3, 8+1, "%s", start);
start = strstr(handshake, "\r\nSec-WebSocket-Key1: ");
if (!start) { break; }
start += 22;
end = strstr(start, "\r\n");
snprintf(key1, end-start+1, "%s", start);
start = strstr(handshake, "\r\nSec-WebSocket-Key2: ");
if (!start) { break; }
start += 22;
end = strstr(start, "\r\n");
snprintf(key2, end-start+1, "%s", start);
_WS_gen_md5(key1, key2, key3, chksum);
//DEBUG("Got handshake (v76): %s\n", handshake);
MSG("Got handshake (v76)\n");
} else {
sprintf(prefix, "");
sprintf(key1, "");
sprintf(key2, "");
sprintf(key3, "");
sprintf(chksum, "");
//DEBUG("Got handshake (v75): %s\n", handshake);
MSG("Got handshake (v75)\n");
}
sprintf(response, _WS_response, prefix, origin, prefix, scheme,
host, path, prefix, chksum);
//DEBUG("Handshake response: %s\n", response);
wfunc(sockfd, response, strlen(response), 0);
save_errno = 0;
ret = 0;
break;
}
/* Re-enable NONBLOCK if it was set */
if (flags & O_NONBLOCK) {
fcntl(sockfd, F_SETFL, flags);
}
errno = save_errno;
return ret;
}
int tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
int (*hsfunc) (SSL *),
int (*rfunc) (SSL *, void *, int),
int (*wfunc) (SSL *, const void *, int),
void *buf, int num)
{
const char *myname = "tls_bio";
int status;
int err;
int enable_deadline;
struct timeval time_left; /* amount of time left */
struct timeval time_deadline; /* time of deadline */
struct timeval time_now; /* time after SSL_mumble() call */
/*
* Compensation for interface mis-match: With VSTREAMs, timeout <= 0
* means wait forever; with the read/write_wait() calls below, we need to
* specify timeout < 0 instead.
*
* Safety: no time limit means no deadline.
*/
if (timeout <= 0) {
timeout = -1;
enable_deadline = 0;
}
/*
* Deadline management is simpler than with VSTREAMs, because we don't
* need to decrement a per-stream time limit. We just work within the
* budget that is available for this tls_bio() call.
*/
else {
enable_deadline =
vstream_fstat(TLScontext->stream, VSTREAM_FLAG_DEADLINE);
if (enable_deadline) {
GETTIMEOFDAY(&time_deadline);
time_deadline.tv_sec += timeout;
}
}
/*
* If necessary, retry the SSL handshake or read/write operation after
* handling any pending network I/O.
*/
for (;;) {
if (hsfunc)
status = hsfunc(TLScontext->con);
else if (rfunc)
status = rfunc(TLScontext->con, buf, num);
else if (wfunc)
status = wfunc(TLScontext->con, buf, num);
else
msg_panic("%s: nothing to do here", myname);
err = SSL_get_error(TLScontext->con, status);
#if (OPENSSL_VERSION_NUMBER <= 0x0090581fL)
/*
* There is a bug up to and including OpenSSL-0.9.5a: if an error
* occurs while checking the peers certificate due to some
* certificate error (e.g. as happend with a RSA-padding error), the
* error is put onto the error stack. If verification is not
* enforced, this error should be ignored, but the error-queue is not
* cleared, so we can find this error here. The bug has been fixed on
* May 28, 2000.
*
* This bug so far has only manifested as 4800:error:0407006A:rsa
* routines:RSA_padding_check_PKCS1_type_1:block type is not
* 01:rsa_pk1.c:100: 4800:error:04067072:rsa
* routines:RSA_EAY_PUBLIC_DECRYPT:padding check
* failed:rsa_eay.c:396: 4800:error:0D079006:asn1 encoding
* routines:ASN1_verify:bad get asn1 object call:a_verify.c:109: so
* that we specifically test for this error. We print the errors to
* the logfile and automatically clear the error queue. Then we retry
* to get another error code. We cannot do better, since we can only
* retrieve the last entry of the error-queue without actually
* cleaning it on the way.
*
* This workaround is secure, as verify_result is set to "failed"
* anyway.
*/
if (err == SSL_ERROR_SSL) {
if (ERR_peek_error() == 0x0407006AL) {
tls_print_errors();
msg_info("OpenSSL <= 0.9.5a workaround called: certificate errors ignored");
err = SSL_get_error(TLScontext->con, status);
}
}
#endif
/*
* Correspondence between SSL_ERROR_* error codes and tls_bio_(read,
* write, accept, connect, shutdown) return values (for brevity:
* retval).
*
* SSL_ERROR_NONE corresponds with retval > 0. With SSL_(read, write)
* this is the number of plaintext bytes sent or received. With
* SSL_(accept, connect, shutdown) this means that the operation was
* completed successfully.
*
* SSL_ERROR_WANT_(WRITE, READ) start a new loop iteration, or force
* (retval = -1, errno = ETIMEDOUT) when the time limit is exceeded.
*
* All other SSL_ERROR_* cases correspond with retval <= 0. With
* SSL_(read, write, accept, connect) retval == 0 means that the
* remote party either closed the network connection or that it
* requested TLS shutdown; with SSL_shutdown() retval == 0 means that
* our own shutdown request is in progress. With all operations
* retval < 0 means that there was an error. In the latter case,
* SSL_ERROR_SYSCALL means that error details are returned via the
* errno value.
*
* Find out if we must retry the operation and/or if there is pending
* network I/O.
*
* XXX If we're the first to invoke SSL_shutdown(), then the operation
* isn't really complete when the call returns. We could hide that
* anomaly here and repeat the call.
*/
switch (err) {
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
if (enable_deadline) {
GETTIMEOFDAY(&time_now);
timersub(&time_deadline, &time_now, &time_left);
timeout = time_left.tv_sec + (time_left.tv_usec > 0);
if (timeout <= 0) {
errno = ETIMEDOUT;
return (-1);
}
}
if (err == SSL_ERROR_WANT_WRITE) {
if (write_wait(fd, timeout) < 0)
return (-1); /* timeout error */
} else {
if (read_wait(fd, timeout) < 0)
return (-1); /* timeout error */
}
break;
/*
* Unhandled cases: SSL_ERROR_WANT_(ACCEPT, CONNECT, X509_LOOKUP)
* etc. Historically, Postfix silently treated these as ordinary
* I/O errors so we don't really know how common they are. For
* now, we just log a warning.
*/
default:
msg_warn("%s: unexpected SSL_ERROR code %d", myname, err);
/* FALLTHROUGH */
/*
* With tls_timed_read() and tls_timed_write() the caller is the
* VSTREAM library module which is unaware of TLS, so we log the
* TLS error stack here. In a better world, each VSTREAM I/O
* object would provide an error reporting method in addition to
* the timed_read and timed_write methods, so that we would not
* need to have ad-hoc code like this.
*/
case SSL_ERROR_SSL:
if (rfunc || wfunc)
tls_print_errors();
/* FALLTHROUGH */
case SSL_ERROR_ZERO_RETURN:
case SSL_ERROR_NONE:
errno = 0; /* avoid bogus warnings */
/* FALLTHROUGH */
case SSL_ERROR_SYSCALL:
return (status);
}
}
}
