mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
toddouska 2012-07-30 11:59:11 -07:00
commit 3401bba8a2
11 changed files with 326 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
configure.ac
View File

@ -341,6 +341,26 @@ fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# MD2
AC_ARG_ENABLE(md2,
[ --enable-md2 Enable CyaSSL MD2 support (default: disabled)],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# RIPEMD
AC_ARG_ENABLE(ripemd,
[ --enable-ripemd Enable CyaSSL RIPEMD-160 support (default: disabled)],

20
ctaocrypt/src/asn.c
View File

@ -32,6 +32,7 @@
#include <cyassl/ctaocrypt/coding.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/pwdbased.h>
#include <cyassl/ctaocrypt/des3.h>
@ -1058,6 +1059,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0;
cert->subjectCN = 0;
cert->subjectCNLen = 0;
cert->subjectCNStored = 0;
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */
@ -1099,7 +1101,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
void FreeDecodedCert(DecodedCert* cert)
{
if (cert->subjectCNLen == 0) /* 0 means no longer pointer to raw, we own */
if (cert->subjectCNStored == 1)
XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (cert->pubKeyStored == 1)
XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
@ -1362,10 +1364,6 @@ static int GetName(DecodedCert* cert, int nameType)
cert->maxIdx) < 0)
return ASN_PARSE_E;
if (strLen == 0) {
CYASSL_MSG("Zero length name");
return ASN_PARSE_E;
}
if (strLen > (int)(ASN_NAME_MAX - idx))
return ASN_PARSE_E;
@ -1950,6 +1948,16 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
typeH = MD5h;
digestSz = MD5_DIGEST_SIZE;
}
#ifdef CYASSL_MD2
else if (sigOID == CTC_MD2wRSA) {
Md2 md2;
InitMd2(&md2);
Md2Update(&md2, buf, bufSz);
Md2Final(&md2, digest);
typeH = MD2h;
digestSz = MD2_DIGEST_SIZE;
}
#endif
else if (sigOID == CTC_SHAwRSA ||
sigOID == CTC_SHAwDSA ||
sigOID == CTC_SHAwECDSA) {
@ -2331,7 +2339,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
XMEMCPY(ptr, cert->subjectCN, cert->subjectCNLen);
ptr[cert->subjectCNLen] = '\0';
cert->subjectCN = ptr;
cert->subjectCNLen = 0;
cert->subjectCNStored = 1;
}
if (cert->keyOID == RSAk && cert->pubKeySize > 0) {

129
ctaocrypt/src/md2.c Normal file
View File

@ -0,0 +1,129 @@
/* md2.c
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef CYASSL_MD2
#include <cyassl/ctaocrypt/md2.h>
#ifdef NO_INLINE
#include <cyassl/ctaocrypt/misc.h>
#else
#include <ctaocrypt/src/misc.c>
#endif
void InitMd2(Md2* md2)
{
XMEMSET(md2->X, 0, MD2_X_SIZE);
XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
md2->count = 0;
}
void Md2Update(Md2* md2, const byte* data, word32 len)
{
static const byte S[256] =
{
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};
while (len) {
word32 L = (MD2_PAD_SIZE - md2->count) < len ?
(MD2_PAD_SIZE - md2->count) : len;
XMEMCPY(md2->buffer + md2->count, data, L);
md2->count += L;
data += L;
len -= L;
if (md2->count == MD2_PAD_SIZE) {
int i;
byte t;
md2->count = 0;
XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
t = md2->C[15];
for(i = 0; i < MD2_PAD_SIZE; i++) {
md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
t = md2->C[i] ^= S[md2->buffer[i] ^ t];
}
t=0;
for(i = 0; i < 18; i++) {
int j;
for(j = 0; j < MD2_X_SIZE; j += 8) {
t = md2->X[j+0] ^= S[t];
t = md2->X[j+1] ^= S[t];
t = md2->X[j+2] ^= S[t];
t = md2->X[j+3] ^= S[t];
t = md2->X[j+4] ^= S[t];
t = md2->X[j+5] ^= S[t];
t = md2->X[j+6] ^= S[t];
t = md2->X[j+7] ^= S[t];
}
t = (t + i) & 0xFF;
}
}
}
}
void Md2Final(Md2* md2, byte* hash)
{
byte padding[MD2_BLOCK_SIZE];
word32 padLen = MD2_PAD_SIZE - md2->count;
word32 i;
for (i = 0; i < padLen; i++)
padding[i] = (byte)padLen;
Md2Update(md2, padding, padLen);
Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
InitMd2(md2);
}
#endif /* CYASSL_MD2 */

86
ctaocrypt/test/test.c
View File

@ -32,6 +32,7 @@
#else
#include <cyassl/ctaocrypt/asn_public.h>
#endif
#include <cyassl/ctaocrypt/md2.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/md4.h>
#include <cyassl/ctaocrypt/sha.h>
@ -86,6 +87,7 @@ typedef struct testVector {
size_t outLen;
} testVector;
int md2_test();
int md5_test();
int md4_test();
int sha_test();
@ -149,6 +151,13 @@ void ctaocrypt_test(void* args)
else
printf( "MD5 test passed!\n");
#ifdef CYASSL_MD2
if ( (ret = md2_test()) )
err_sys("MD2 test failed!\n", ret);
else
printf( "MD2 test passed!\n");
#endif
#ifndef NO_MD4
if ( (ret = md4_test()) )
err_sys("MD4 test failed!\n", ret);
@ -309,6 +318,83 @@ void ctaocrypt_test(void* args)
#endif /* NO_MAIN_DRIVER */
#ifdef CYASSL_MD2
int md2_test()
{
Md2 md2;
byte hash[MD2_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md2[7];
int times = sizeof(test_md2) / sizeof(testVector), i;
a.input = "";
a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
"\x27\x73";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "a";
b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
"\xb5\xd1";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
c.input = "abc";
c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
"\xd6\xbb";
c.inLen = strlen(c.input);
c.outLen = strlen(c.output);
d.input = "message digest";
d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
"\x06\xb0";
d.inLen = strlen(d.input);
d.outLen = strlen(d.output);
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
"\x94\x0b";
e.inLen = strlen(e.input);
e.outLen = strlen(e.output);
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
"\x38\xcd";
f.inLen = strlen(f.input);
f.outLen = strlen(f.output);
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
"\xef\xd8";
g.inLen = strlen(g.input);
g.outLen = strlen(g.output);
test_md2[0] = a;
test_md2[1] = b;
test_md2[2] = c;
test_md2[3] = d;
test_md2[4] = e;
test_md2[5] = f;
test_md2[6] = g;
InitMd2(&md2);
for (i = 0; i < times; ++i) {
Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
Md2Final(&md2, hash);
if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
return -155 - i;
}
return 0;
}
#endif
int md5_test()
{
Md5 md5;

1
cyassl/ctaocrypt/asn.h
View File

@ -221,6 +221,7 @@ struct DecodedCert {
byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen;
int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
int verify; /* Default to yes, but could be off */

1
cyassl/ctaocrypt/include.am
View File

@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
cyassl/ctaocrypt/hc128.h \
cyassl/ctaocrypt/hmac.h \
cyassl/ctaocrypt/integer.h \
cyassl/ctaocrypt/md2.h \
cyassl/ctaocrypt/md4.h \
cyassl/ctaocrypt/md5.h \
cyassl/ctaocrypt/misc.h \

64
cyassl/ctaocrypt/md2.h Normal file
View File

@ -0,0 +1,64 @@
/* md2.h
*
* Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef CYASSL_MD2
#ifndef CTAO_CRYPT_MD2_H
#define CTAO_CRYPT_MD2_H
#include <cyassl/ctaocrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* in bytes */
enum {
MD2 = 6, /* hash type unique */
MD2_BLOCK_SIZE = 16,
MD2_DIGEST_SIZE = 16,
MD2_PAD_SIZE = 16,
MD2_X_SIZE = 48
};
/* Md2 digest */
typedef struct Md2 {
word32 count; /* bytes % PAD_SIZE */
byte X[MD2_X_SIZE];
byte C[MD2_BLOCK_SIZE];
byte buffer[MD2_BLOCK_SIZE];
} Md2;
CYASSL_API void InitMd2(Md2*);
CYASSL_API void Md2Update(Md2*, const byte*, word32);
CYASSL_API void Md2Final(Md2*, byte*);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_MD2_H */
#endif /* CYASSL_MD2 */

1
cyassl/error.h
View File

@ -100,6 +100,7 @@ enum CyaSSL_ErrorCodes {
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */

2
cyassl/internal.h
View File

@ -447,7 +447,7 @@ enum Misc {
MAX_EX_DATA = 3, /* allow for three items of ex_data */
MAX_CHAIN_DEPTH = 9, /* max cert chain peer depth, FORTRESS option */
#else
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
MAX_CHAIN_DEPTH = 6, /* max cert chain peer depth */
#endif
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */

4
src/include.am
View File

@ -36,6 +36,10 @@ if BUILD_AESNI
src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s
endif
if BUILD_MD2
src_libcyassl_la_SOURCES += ctaocrypt/src/md2.c
endif
if BUILD_RIPEMD
src_libcyassl_la_SOURCES += ctaocrypt/src/ripemd.c
endif

6
src/internal.c
View File

@ -1686,7 +1686,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
word32 certSz;
if (totalCerts >= MAX_CHAIN_DEPTH)
return BUFFER_E;
return MAX_CHAIN_ERROR;
c24to32(&input[i], &certSz);
i += CERT_HEADER_SZ;
@ -3777,6 +3777,10 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "OCSP Responder lookup fail", max);
break;
case MAX_CHAIN_ERROR:
XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
break;
default :
XSTRNCPY(str, "unknown error number", max);
}