mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crl stage 2

Browse Source
This commit is contained in:
toddouska 2012-05-16 17:04:56 -07:00
parent 32095795f2
commit 3ec2b9dbbc
16 changed files with 881 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.am
View File

@ -39,6 +39,7 @@ EXTRA_DIST+= cyassl.sln
include cyassl/include.am
include certs/include.am
include certs/crl/include.am
include doc/include.am
include swig/include.am

41
certs/crl/crl.pem Normal file
View File

@ -0,0 +1,41 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: May 15 23:51:25 2012 GMT
Next Update: Jun 14 23:51:25 2012 GMT
CRL extensions:
X509v3 CRL Number:
4
Revoked Certificates:
Serial Number: 02
Revocation Date: May 4 17:06:05 2012 GMT
Signature Algorithm: sha1WithRSAEncryption
aa:e4:44:9b:6b:c9:0b:d3:6f:ba:09:3d:90:93:ae:96:86:73:
f6:90:28:ba:93:3b:95:0c:91:c9:10:53:f1:15:fd:43:9a:ba:
4e:dc:8e:e8:10:4d:d8:8b:be:a8:a2:12:4c:19:c1:13:9f:3c:
fe:54:60:32:b7:45:77:17:2a:40:f2:16:52:9e:68:fe:be:03:
99:9c:b1:d3:4b:be:87:5b:f4:12:3c:9e:3d:59:c8:b9:a2:2c:
78:94:9c:cd:b0:17:d0:b3:bd:86:99:2b:1d:38:b5:03:d8:d1:
0d:8f:1a:8c:97:ff:87:01:4f:91:22:30:c2:a5:10:bb:e3:fb:
31:b7:44:8a:5a:82:e1:e5:30:69:84:d1:4b:c2:d3:07:bf:21:
d5:33:2d:ad:4b:e4:6f:83:c1:66:16:74:31:7d:f9:d6:1e:10:
66:fd:7d:ad:66:3c:32:cc:a3:98:75:63:16:5c:df:e1:37:3d:
e9:08:d2:7b:05:dd:4c:31:92:53:0c:f1:ea:8e:be:31:d1:eb:
ac:37:a8:cd:c4:30:c5:91:cc:38:a3:55:4a:51:01:39:cf:7d:
50:57:d2:f2:47:4a:1d:7f:3a:32:16:89:e8:5a:1b:f8:64:33:
48:e5:b8:ef:ba:2e:f3:52:7e:ba:28:0e:9b:f7:07:b8:b6:38:
f9:d0:dd:78
-----BEGIN X509 CRL-----
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE1MjM1MTI1WhcNMTIw
NjE0MjM1MTI1WjAUMBICAQIXDTEyMDUwNDE3MDYwNVqgDjAMMAoGA1UdFAQDAgEE
MA0GCSqGSIb3DQEBBQUAA4IBAQCq5ESba8kL02+6CT2Qk66WhnP2kCi6kzuVDJHJ
EFPxFf1DmrpO3I7oEE3Yi76oohJMGcETnzz+VGAyt0V3FypA8hZSnmj+vgOZnLHT
S76HW/QSPJ49Wci5oix4lJzNsBfQs72GmSsdOLUD2NENjxqMl/+HAU+RIjDCpRC7
4/sxt0SKWoLh5TBphNFLwtMHvyHVMy2tS+Rvg8FmFnQxffnWHhBm/X2tZjwyzKOY
dWMWXN/hNz3pCNJ7Bd1MMZJTDPHqjr4x0eusN6jNxDDFkcw4o1VKUQE5z31QV9Ly
R0odfzoyFonoWhv4ZDNI5bjvui7zUn66KA6b9we4tjj50N14
-----END X509 CRL-----

9
certs/crl/include.am Normal file
View File

@ -0,0 +1,9 @@
# vim:ft=automake
# All paths should be given relative to the root
#
certs_DATA+= \
certs/crl/crl.pem
EXTRA_DIST+= ${certs_DATA}

276
ctaocrypt/src/asn.c
View File

@ -355,6 +355,8 @@ static int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
{
word32 idx = *inOutIdx;
CYASSL_ENTER("GetMyVersion");
if (input[idx++] != ASN_INTEGER)
return ASN_PARSE_E;
@ -398,6 +400,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
{
word32 idx = *inOutIdx;
CYASSL_ENTER("GetExplicitVersion");
if (input[idx++] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
*inOutIdx = ++idx; /* eat header */
return GetMyVersion(input, inOutIdx, version);
@ -446,7 +449,9 @@ static int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
word32 i = *inOutIdx;
byte b;
*oid = 0;
CYASSL_ENTER("GetAlgoId");
if (GetSequence(input, &i, &length, maxIdx) < 0)
return ASN_PARSE_E;
@ -1250,8 +1255,6 @@ static int GetName(DecodedCert* cert, int nameType)
char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
word32 idx = 0;
InitSha(&sha);
if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
CYASSL_MSG("Trying optional prefix...");
@ -1265,6 +1268,13 @@ static int GetName(DecodedCert* cert, int nameType)
if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
return ASN_PARSE_E;
InitSha(&sha);
ShaUpdate(&sha, &cert->source[cert->srcIdx], length);
if (nameType == ISSUER)
ShaFinal(&sha, cert->issuerHash);
else
ShaFinal(&sha, cert->subjectHash);
length += cert->srcIdx;
while (cert->srcIdx < (word32)length) {
@ -1395,7 +1405,6 @@ static int GetName(DecodedCert* cert, int nameType)
idx += strLen;
}
ShaUpdate(&sha, &cert->source[cert->srcIdx], strLen);
cert->srcIdx += strLen;
}
else {
@ -1450,11 +1459,6 @@ static int GetName(DecodedCert* cert, int nameType)
}
full[idx++] = 0;
if (nameType == ISSUER)
ShaFinal(&sha, cert->issuerHash);
else
ShaFinal(&sha, cert->subjectHash);
return 0;
}
@ -4169,3 +4173,257 @@ int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
}
#endif
#ifdef HAVE_CRL
/* initialize decoded CRL */
void InitDecodedCRL(DecodedCRL* dcrl)
{
CYASSL_MSG("InitDecodedCRL");
dcrl->certBegin = 0;
dcrl->sigIndex = 0;
dcrl->sigLength = 0;
dcrl->signatureOID = 0;
dcrl->certs = NULL;
dcrl->totalCerts = 0;
}
/* free decoded CRL resources */
void FreeDecodedCRL(DecodedCRL* dcrl)
{
RevokedCert* tmp = dcrl->certs;
CYASSL_MSG("FreeDecodedCRL");
while(tmp) {
RevokedCert* next = tmp->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
tmp = next;
}
}
/* store SHA1 hash of NAME */
static int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx)
{
Sha sha;
int length; /* length of all distinguished names */
CYASSL_ENTER("GetNameHash");
if (source[*idx] == ASN_OBJECT_ID) {
CYASSL_MSG("Trying optional prefix...");
if (GetLength(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
*idx += length;
CYASSL_MSG("Got optional prefix");
}
if (GetSequence(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
InitSha(&sha);
ShaUpdate(&sha, &source[*idx], length);
ShaFinal(&sha, hash);
*idx += length;
return 0;
}
/* Get raw Date only, no processing, 0 on success */
static int GetBasicDate(const byte* source, word32* idx, byte* date, int maxIdx)
{
int length;
byte b = source[*idx];
CYASSL_ENTER("GetBasicDate");
*idx += 1;
if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME)
return ASN_TIME_E;
if (GetLength(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE)
return ASN_DATE_SZ_E;
XMEMCPY(date, &source[*idx], length);
*idx += length;
return 0;
}
/* Get Revoked Cert list, 0 on success */
static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
int maxIdx)
{
int len;
byte b;
RevokedCert* rc;
CYASSL_ENTER("GetRevoked");
if (GetSequence(buff, idx, &len, maxIdx) < 0)
return ASN_PARSE_E;
/* get serial number */
b = buff[*idx];
*idx += 1;
if (b != ASN_INTEGER) {
CYASSL_MSG("Expecting Integer");
return ASN_PARSE_E;
}
if (GetLength(buff, idx, &len, maxIdx) < 0)
return ASN_PARSE_E;
if (len > EXTERNAL_SERIAL_SIZE) {
CYASSL_MSG("Serial Size too big");
return ASN_PARSE_E;
}
rc = XMALLOC(sizeof(RevokedCert), NULL, DYNAMIC_TYPE_CRL);
if (rc == NULL) {
CYASSL_MSG("Alloc Revoked Cert failed");
return MEMORY_E;
}
XMEMCPY(rc->serialNumber, &buff[*idx], len);
rc->serialSz = len;
/* add to list */
rc->next = dcrl->certs;
dcrl->certs = rc;
dcrl->totalCerts++;
*idx += len;
/* get date */
b = buff[*idx];
*idx += 1;
if (b != ASN_UTC_TIME && b != ASN_GENERALIZED_TIME) {
CYASSL_MSG("Expecting Date");
return ASN_PARSE_E;
}
if (GetLength(buff, idx, &len, maxIdx) < 0)
return ASN_PARSE_E;
/* skip for now */
*idx += len;
return 0;
}
/* Get CRL Signature, 0 on success */
static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl,
int maxIdx)
{
int length;
byte b;
CYASSL_ENTER("GetCRL_Signature");
b = source[*idx];
*idx += 1;
if (b != ASN_BIT_STRING)
return ASN_BITSTR_E;
if (GetLength(source, idx, &length, maxIdx) < 0)
return ASN_PARSE_E;
dcrl->sigLength = length;
b = source[*idx];
*idx += 1;
if (b != 0x00)
return ASN_EXPECT_0_E;
dcrl->sigLength--;
dcrl->signature = (byte*)&source[*idx];
*idx += dcrl->sigLength;
return 0;
}
/* prase crl buffer into decoded state, 0 on success */
int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz)
{
int version, len;
word32 oid, idx = 0;
Md5 md5;
CYASSL_MSG("ParseCRL");
/* raw crl hash */
InitMd5(&md5);
Md5Update(&md5, buff, sz);
Md5Final(&md5, dcrl->crlHash);
if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E;
dcrl->certBegin = idx;
if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E;
dcrl->sigIndex = len + idx;
/* may have version */
if (buff[idx] == ASN_INTEGER) {
if (GetMyVersion(buff, &idx, &version) < 0)
return ASN_PARSE_E;
}
if (GetAlgoId(buff, &idx, &oid, sz) < 0)
return ASN_PARSE_E;
if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0)
return ASN_PARSE_E;
if (GetBasicDate(buff, &idx, dcrl->lastDate, sz) < 0)
return ASN_PARSE_E;
if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0)
return ASN_PARSE_E;
if (idx != dcrl->sigIndex) {
if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E;
len += idx;
while (idx < len) {
if (GetRevoked(buff, &idx, dcrl, sz) < 0)
return ASN_PARSE_E;
}
}
if (idx != dcrl->sigIndex)
idx = dcrl->sigIndex; /* skip extensions */
if (GetAlgoId(buff, &idx, &dcrl->signatureOID, sz) < 0)
return ASN_PARSE_E;
if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)
return ASN_PARSE_E;
return 0;
}
#endif /* HAVE_CRL */

17
cyassl/crl.h
View File

@ -19,12 +19,12 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifdef HAVE_CRL
#ifndef CYASSL_CRL_H
#define CYASSL_CRL_H
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ssl.h>
#include <cyassl/ctaocrypt/asn.h>
#ifdef __cplusplus
extern "C" {
@ -32,14 +32,12 @@
typedef struct CYASSL_CRL CYASSL_CRL;
CYASSL_LOCAL int InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
CYASSL_LOCAL void FreeCRL(CYASSL_CRL*);
struct CYASSL_CRL {
byte enabled; /* are we on */
byte watchingPEM; /* are we monitoring PEM dir */
byte watchingDER; /* are we monitoring DER dir *
byte checkAll; /* always leaf, but all ? */
};
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type);
CYASSL_LOCAL int BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*);
#ifdef __cplusplus
@ -47,4 +45,3 @@ struct CYASSL_CRL {
#endif
#endif /* CYASSL_CRL_H */
#endif /* HAVE_CRL */

36
cyassl/ctaocrypt/asn.h
View File

@ -28,6 +28,7 @@
#include <cyassl/ctaocrypt/dh.h>
#include <cyassl/ctaocrypt/dsa.h>
#include <cyassl/ctaocrypt/sha.h>
#include <cyassl/ctaocrypt/md5.h>
#include <cyassl/ctaocrypt/asn_public.h> /* public interface */
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h>
@ -374,6 +375,41 @@ CYASSL_LOCAL int EncodeOcspRequest(DecodedCert*, byte*, word32);
#endif /* HAVE_OCSP */
#ifdef HAVE_CRL
typedef struct RevokedCert RevokedCert;
struct RevokedCert {
byte serialNumber[EXTERNAL_SERIAL_SIZE];
int serialSz;
RevokedCert* next;
};
typedef struct DecodedCRL DecodedCRL;
struct DecodedCRL {
word32 certBegin; /* offset to start of cert */
word32 sigIndex; /* offset to start of signature */
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
byte* signature; /* pointer into raw source, not owned */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, long sz);
CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
#endif /* HAVE_CRL */
#ifdef __cplusplus
} /* extern "C" */
#endif

1
cyassl/ctaocrypt/asn_public.h
View File

@ -39,6 +39,7 @@ enum CertType {
CERT_TYPE = 0,
PRIVATEKEY_TYPE,
DH_PARAM_TYPE,
CRL_TYPE,
CA_TYPE
};

5
cyassl/ctaocrypt/types.h
View File

@ -202,7 +202,10 @@ enum {
DYNAMIC_TYPE_WRITEV = 19,
DYNAMIC_TYPE_OPENSSL = 20,
DYNAMIC_TYPE_DSA = 21,
DYNAMIC_TYPE_CERT_MANAGER = 22
DYNAMIC_TYPE_CRL = 22,
DYNAMIC_TYPE_REVOKED = 23,
DYNAMIC_TYPE_CRL_ENTRY = 24,
DYNAMIC_TYPE_CERT_MANAGER = 25
};
/* stack protection */

6
cyassl/error.h
View File

@ -92,14 +92,16 @@ enum CyaSSL_ErrorCodes {
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -260,
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
CRL_MISSING = -262, /* CRL Not loaded */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -270, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -271, /* can't match cipher suite */
MATCH_SUITE_ERROR = -271 /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
OCSP_CERT_REVOKED = -272
};

36
cyassl/internal.h
View File

@ -25,6 +25,7 @@
#include <cyassl/ssl.h>
#include <cyassl/crl.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/random.h>
#include <cyassl/ctaocrypt/des3.h>
@ -622,12 +623,39 @@ CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
typedef struct CRL_Entry CRL_Entry;
/* Complete CRL */
struct CRL_Entry {
CRL_Entry* next; /* next entry */
byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
byte crlHash[MD5_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
};
/* CyaSSL CRL controller */
struct CYASSL_CRL {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
CRL_Entry* crlList; /* our CRL list */
CyaSSL_Mutex crlLock; /* CRL list lock */
};
/* CyaSSL Certificate Manager */
struct CYASSL_CERT_MANAGER {
Signer* caList; /* the CA signer list */
CyaSSL_Mutex caLock; /* CA list lock */
CallbackCACache caCacheCallback; /* CA cache addition callback */
void* heap; /* heap helper */
CYASSL_CRL* crl; /* CRL checker */
byte crlEnabled; /* is CRL on ? */
byte crlCheckAll; /* always leaf, but all ? */
CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
};
@ -1137,6 +1165,14 @@ typedef struct EncryptedInfo {
CYASSL_CTX* ctx; /* CTX owner */
} EncryptedInfo;
CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
buffer* der, void* heap, EncryptedInfo* info,
int* eccKey);
CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
int type, CYASSL* ssl, int userChain,
CYASSL_CRL* crl);
#ifdef CYASSL_CALLBACKS
CYASSL_LOCAL

17
cyassl/ssl.h
View File

@ -429,6 +429,8 @@ enum {
OCSP_RESPONSE = 8,
OCSP_BASICRESP = 16,
CYASSL_CRL_CHECKALL = 1,
ASN1_GENERALIZEDTIME = 4,
SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
@ -776,6 +778,7 @@ CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
int, const char*);
typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
typedef void (*CbMissingCRL)(const char* url);
CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
@ -787,6 +790,20 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
const char* d);
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
int format);
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,int);
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int);
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int);
#ifdef CYASSL_CALLBACKS

1
cyassl/test.h
View File

@ -109,6 +109,7 @@ static const char* ntruKey = "./certs/ntru-key.raw";
static const char* dhParam = "./certs/dh2048.pem";
static const char* cliEccKey = "./certs/ecc-client-key.pem";
static const char* cliEccCert = "./certs/client-ecc-cert.pem";
static const char* crlPemDir = "./certs/crl";
typedef struct tcp_ready {
int ready; /* predicate */

5
examples/client/client.c
View File

@ -136,6 +136,7 @@ void client_test(void* args)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
if (argc == 3) {
/* ./client server securePort */
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */
@ -206,6 +207,10 @@ void client_test(void* args)
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM);
#endif
if (argc != 3)
CyaSSL_check_domain_name(ssl, "www.yassl.com");
#ifdef NON_BLOCKING

251
src/crl.c
View File

@ -26,12 +26,261 @@
#ifdef HAVE_CRL
#include <cyassl/crl.h>
#include <cyassl/internal.h>
#include <cyassl/error.h>
#include <dirent.h>
#include <string.h>
/* Initialze CRL members */
int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
{
CYASSL_ENTER("InitCRL");
crl->cm = cm;
crl->crlList = NULL;
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_ERROR;
return 0;
}
/* Initialze CRL Entry */
static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
{
CYASSL_ENTER("FreeCRL_Entry");
XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(crle->crlHash, dcrl->crlHash, MD5_DIGEST_SIZE);
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
crle->certs = dcrl->certs; /* take ownsership */
dcrl->certs = NULL;
crle->totalCerts = dcrl->totalCerts;
return 0;
}
/* Free all CRL Entry resources */
static void FreeCRL_Entry(CRL_Entry* crle)
{
RevokedCert* tmp = crle->certs;
CYASSL_ENTER("FreeCRL_Entry");
while(tmp) {
RevokedCert* next = tmp->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
tmp = next;
}
}
/* Free all CRL resources */
void FreeCRL(CYASSL_CRL* crl)
{
CRL_Entry* tmp = crl->crlList;
CYASSL_ENTER("FreeCRL");
while(tmp) {
CRL_Entry* next = tmp->next;
FreeCRL_Entry(tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
tmp = next;
}
FreeMutex(&crl->crlLock);
}
/* Is the cert ok with CRL, return 0 on success */
int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
{
CRL_Entry* crle;
int foundEntry = 0;
int revoked = 0;
int ret = 0;
CYASSL_ENTER("CheckCertCRL");
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
return BAD_MUTEX_ERROR;
}
crle = crl->crlList;
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
CYASSL_MSG("Found CRL Entry on list");
foundEntry = 1;
break;
}
crle = crle->next;
}
if (foundEntry) {
RevokedCert* rc = crle->certs;
while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
CYASSL_MSG("Cert revoked");
revoked = 1;
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
}
UnLockMutex(&crl->crlLock);
if (foundEntry == 0) {
CYASSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
if (crl->cm->cbMissingCRL)
crl->cm->cbMissingCRL(NULL);
}
return ret;
}
/* Add Decoded CRL, 0 on success */
static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
{
CRL_Entry* crle;
CYASSL_ENTER("AddCRL");
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
CYASSL_MSG("alloc CRL Entry failed");
return -1;
}
if (InitCRL_Entry(crle, dcrl) < 0) {
CYASSL_MSG("Init CRL Entry failed");
return -1;
}
if (LockMutex(&crl->crlLock) != 0) {
CYASSL_MSG("LockMutex failed");
FreeCRL_Entry(crle);
return BAD_MUTEX_ERROR;
}
crle->next = crl->crlList;
crl->crlList = crle;
UnLockMutex(&crl->crlLock);
return 0;
}
/* Load CRL File of type, SSL_SUCCESS on ok */
int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
{
int ret = SSL_SUCCESS;
const byte* myBuffer = buff; /* if DER ok, otherwise switch */
buffer der;
DecodedCRL dcrl;
der.buffer = NULL;
CYASSL_ENTER("BufferLoadCRL");
if (crl == NULL || buff == NULL || sz == 0)
return BAD_FUNC_ARG;
if (type == SSL_FILETYPE_PEM) {
int eccKey = 0; /* not used */
EncryptedInfo info;
info.ctx = NULL;
ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
if (ret == 0) {
myBuffer = der.buffer;
sz = der.length;
}
else {
CYASSL_MSG("Pem to Der failed");
return -1;
}
}
InitDecodedCRL(&dcrl);
ret = ParseCRL(&dcrl, myBuffer, sz);
if (ret != 0) {
CYASSL_MSG("ParseCRL error");
}
else {
ret = AddCRL(crl, &dcrl);
if (ret != 0)
CYASSL_MSG("AddCRL error");
}
FreeDecodedCRL(&dcrl);
if (der.buffer)
XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
if (ret == 0)
return SSL_SUCCESS; /* convert */
return ret;
}
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
{
struct dirent* entry;
DIR* dir;
int ret = SSL_SUCCESS;
CYASSL_ENTER("LoadCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
dir = opendir(path);
if (dir == NULL) {
CYASSL_MSG("opendir path crl load failed");
return BAD_PATH_ERROR;
}
while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
if (entry->d_type & DT_REG) {
char name[MAX_FILENAME_SZ];
if (type == SSL_FILETYPE_PEM) {
if (strstr(entry->d_name, ".pem") == NULL) {
CYASSL_MSG("not .pem file, skipping");
continue;
}
}
else {
if (strstr(entry->d_name, ".der") == NULL &&
strstr(entry->d_name, ".crl") == NULL) {
CYASSL_MSG("not .der or .crl file, skipping");
continue;
}
}
XMEMSET(name, 0, sizeof(name));
XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl);
}
}
return SSL_SUCCESS;
}
#endif /* HAVE_CRL */

27
src/internal.c
View File

@ -1696,12 +1696,23 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
#ifdef HAVE_OCSP
if (CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert) == CERT_REVOKED) {
CYASSL_MSG("\tOCSP Lookup returned revoked");
ret = OCSP_CERT_REVOKED;
fatal = 0;
}
CYASSL_MSG("\tOCSP Lookup returned revoked");
ret = OCSP_CERT_REVOKED;
fatal = 0;
}
#endif
#ifdef HAVE_CRL
if (ssl->ctx->cm->crlEnabled) {
ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
if (ret != 0) {
CYASSL_MSG("\tCRL check not ok");
fatal = 0;
}
}
#endif /* HAVE_CRL */
#ifdef OPENSSL_EXTRA
/* set X509 format for peer cert even if fatal */
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
@ -3509,6 +3520,14 @@ void SetErrorString(int error, char* str)
XSTRNCPY(str, "OCSP Cert revoked", max);
break;
case CRL_CERT_REVOKED:
XSTRNCPY(str, "CRL Cert revoked", max);
break;
case CRL_MISSING:
XSTRNCPY(str, "CRL missing, not loaded", max);
break;
default :
XSTRNCPY(str, "unknown error number", max);
}

202
src/ssl.c
View File

@ -375,6 +375,10 @@ CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
cm->caList = NULL;
cm->heap = NULL;
cm->caCacheCallback = NULL;
cm->crl = NULL;
cm->crlEnabled = 0;
cm->crlCheckAll = 0;
cm->cbMissingCRL = NULL;
if (InitMutex(&cm->caLock) != 0) {
CYASSL_MSG("Bad mutex init");
@ -392,6 +396,10 @@ void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
CYASSL_ENTER("CyaSSL_CertManagerFree");
if (cm) {
#ifdef HAVE_CRL
if (cm->crl)
FreeCRL(cm->crl);
#endif
FreeSigners(cm->caList, NULL);
FreeMutex(&cm->caLock);
XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
@ -629,7 +637,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
/* Remove PEM header/footer, convert to ASN1, store any encrypted data
info->consumed tracks of PEM bytes consumed in case multiple parts */
static int PemToDer(const unsigned char* buff, long sz, int type,
int PemToDer(const unsigned char* buff, long sz, int type,
buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
{
char header[PEM_LINE_LEN];
@ -655,6 +663,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header));
XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer));
dynamicType = DYNAMIC_TYPE_KEY;
} else if (type == CRL_TYPE) {
XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header));
XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer));
dynamicType = DYNAMIC_TYPE_CRL;
} else {
XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer));
@ -1144,8 +1156,8 @@ static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
/* process a file with name fname into ctx of format and type
userChain specifies a user certificate chain to pass during handshake */
static int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
CYASSL* ssl, int userChain)
int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
CYASSL* ssl, int userChain, CYASSL_CRL* crl)
{
byte staticBuffer[FILE_BUFFER_SIZE];
byte* myBuffer = staticBuffer;
@ -1174,6 +1186,8 @@ static int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
else {
if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
else if (type == CRL_TYPE)
ret = BufferLoadCRL(crl, myBuffer, sz, format);
else
ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
userChain);
@ -1199,7 +1213,7 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
return SSL_FAILURE;
if (file)
ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0);
ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
if (ret == SSL_SUCCESS && path) {
/* try to load each regular file in path */
@ -1224,7 +1238,8 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
XSTRNCAT(name, "\\", 2);
XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
NULL);
}
} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
@ -1246,7 +1261,8 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
XSTRNCAT(name, "/", 1);
XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0);
ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
NULL);
}
}
closedir(dir);
@ -1356,6 +1372,146 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
}
/* turn on CRL if off and compiled in, set options */
int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
{
CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
#ifndef HAVE_CRL
return NOT_COMPILED_IN;
#else
if (cm->crl == NULL) {
cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
DYNAMIC_TYPE_CRL);
if (cm->crl == NULL)
return MEMORY_E;
if (InitCRL(cm->crl, cm) != 0) {
CYASSL_MSG("Init CRL failed");
FreeCRL(cm->crl);
cm->crl = NULL;
return SSL_FAILURE;
}
}
cm->crlEnabled = 1;
if (options & CYASSL_CRL_CHECKALL)
cm->crlCheckAll = 1;
#endif
return SSL_SUCCESS;
}
int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
{
CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
cm->crlEnabled = 0;
return SSL_SUCCESS;
}
#ifdef HAVE_CRL
int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
{
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
cm->cbMissingCRL = cb;
return SSL_SUCCESS;
}
int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
int type)
{
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
if (cm->crl == NULL) {
if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
CYASSL_MSG("Enable CRL failed");
return -1;
}
}
return LoadCRL(cm->crl, path, type);
}
int CyaSSL_EnableCRL(CYASSL* ssl, int options)
{
CYASSL_ENTER("CyaSSL_EnableCRL");
if (ssl)
return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
else
return BAD_FUNC_ARG;
}
int CyaSSL_DisableCRL(CYASSL* ssl)
{
CYASSL_ENTER("CyaSSL_DisableCRL");
if (ssl)
return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
else
return BAD_FUNC_ARG;
}
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type)
{
CYASSL_ENTER("CyaSSL_LoadCRL");
if (ssl)
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type);
else
return BAD_FUNC_ARG;
}
int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
{
CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
if (ctx)
return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
else
return BAD_FUNC_ARG;
}
int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
{
CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
if (ctx)
return CyaSSL_CertManagerDisableCRL(ctx->cm);
else
return BAD_FUNC_ARG;
}
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type)
{
CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
if (ctx)
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type);
else
return BAD_FUNC_ARG;
}
#endif /* HAVE_CRL */
#ifdef CYASSL_DER_LOAD
/* Add format parameter to allow DER load of CA files */
@ -1366,7 +1522,7 @@ int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
if (ctx == NULL || file == NULL)
return SSL_FAILURE;
if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1436,7 +1592,7 @@ int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
int format)
{
CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1446,7 +1602,8 @@ int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
{
CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0) == SSL_SUCCESS)
if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1457,7 +1614,8 @@ int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1) == SSL_SUCCESS)
if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1470,7 +1628,8 @@ int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_certificate_file");
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0) == SSL_SUCCESS)
if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1480,7 +1639,7 @@ int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0)
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
@ -1492,7 +1651,7 @@ int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
{
/* procces up to MAX_CHAIN_DEPTH plus subject cert */
CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1)
if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
@ -1652,7 +1811,7 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
{
CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0)
if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
== SSL_SUCCESS) {
ctx->haveNTRU = 1;
return SSL_SUCCESS;
@ -1671,7 +1830,8 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
int format)
{
CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
if (ProcessFile(ctx, file,format,PRIVATEKEY_TYPE,NULL,0) == SSL_SUCCESS)
if (ProcessFile(ctx, file,format,PRIVATEKEY_TYPE,NULL,0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
return SSL_FAILURE;
@ -1680,7 +1840,7 @@ int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
{
CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0)
if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
== SSL_SUCCESS)
return SSL_SUCCESS;
@ -2857,7 +3017,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
ssl->options.haveNTRU, ssl->options.haveECDSA,
ssl->optoins.haveStaticECC, ssl->ctx->method->side);
ssl->options.haveStaticECC, ssl->ctx->method->side);
}
@ -5868,7 +6028,7 @@ static int initGlobalRNG = 0;
if (bn == NULL || bn->internal == NULL)
return 0;
if (mp_cmp_d((mp_int*)bn->internal, 1) == 0);
if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
return 1;
return 0;
@ -5888,7 +6048,6 @@ static int initGlobalRNG = 0;
int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
{
int ret;
CYASSL_MSG("CyaSSL_BN_cmp");
if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
@ -5997,7 +6156,6 @@ static int initGlobalRNG = 0;
{
byte decoded[1024];
word32 decSz = sizeof(decoded);
int ret;
CYASSL_MSG("CyaSSL_BN_hex2bn");
@ -6288,7 +6446,6 @@ static int initGlobalRNG = 0;
word32 pubSz = sizeof(pub);
word32 privSz = sizeof(priv);
word32 keySz;
int ret;
CYASSL_MSG("CyaSSL_DH_compute_key");
@ -6692,7 +6849,6 @@ static int initGlobalRNG = 0;
int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
CYASSL_DSA* dsa)
{
word32 signSz;
RNG tmpRNG;
RNG* rng = &tmpRNG;
@ -6779,7 +6935,7 @@ static int initGlobalRNG = 0;
}
signSz = EncodeSignature(encodedSig, m, mLen, type);
if (signSz < 0) {
if (signSz == 0) {
CYASSL_MSG("Bad Encode Signature");
return 0;
}