Merge branch 'master' of github.com:cyassl/cyassl

2012-05-07 17:02:47 -07:00 · 2012-05-07 17:02:47 -07:00 · 5aad32eb28
commit 5aad32eb28
parent 7d1d277535 2a817adfcc
14 changed files with 1166 additions and 108 deletions
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@ -107,3 +107,51 @@ openssl dhparam -in dh2048.param -text > dh2048.pem
    make a new key
        openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem

+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2)  view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem  ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@ -202,6 +202,24 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
    word32 inIdx  = 0;
    word32 outIdx = 0;

+    if (inLen == 1 && *outLen && in) {
+        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+
+        /* sanity check */
+        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
+            return ASN_INPUT_E;
+
+        b  = hexDecode[b];
+
+        if (b == BAD)
+            return ASN_INPUT_E;
+        
+        out[outIdx++] = b;
+
+        *outLen = outIdx;
+        return 0;
+    }
+
    if (inLen % 2)
        return BAD_FUNC_ARG;

--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@ -3664,6 +3664,34 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 }


+/* set a 32-bit const */
+int mp_set_int (mp_int * a, unsigned long b)
+{
+  int     x, res;
+
+  mp_zero (a);
+  
+  /* set four bits at a time */
+  for (x = 0; x < 8; x++) {
+    /* shift the number up four bits */
+    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
+      return res;
+    }
+
+    /* OR in the top four bits of the source */
+    a->dp[0] |= (b >> 28) & 15;
+
+    /* shift the source up to the next four bits */
+    b <<= 4;
+
+    /* ensure that digits are not clamped off */
+    a->used += 1;
+  }
+  mp_clamp (a);
+  return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC)

 /* c = a * a (mod b) */
@ -4329,32 +4357,6 @@ LBL_U:mp_clear (&v);
 }


-/* set a 32-bit const */
-int mp_set_int (mp_int * a, unsigned long b)
-{
-  int     x, res;
-
-  mp_zero (a);
-  
-  /* set four bits at a time */
-  for (x = 0; x < 8; x++) {
-    /* shift the number up four bits */
-    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
-      return res;
-    }
-
-    /* OR in the top four bits of the source */
-    a->dp[0] |= (b >> 28) & 15;
-
-    /* shift the source up to the next four bits */
-    b <<= 4;
-
-    /* ensure that digits are not clamped off */
-    a->used += 1;
-  }
-  mp_clamp (a);
-  return MP_OKAY;
-}

 #endif /* CYASSL_KEY_GEN */

--- a/ctaocrypt/src/tfm.c
+++ b/ctaocrypt/src/tfm.c
@ -1962,6 +1962,14 @@ int mp_count_bits (mp_int* a)
 }


+/* fast math wrappers */
+int mp_set_int(fp_int *a, fp_digit b)
+{
+    fp_set(a, b);
+    return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined (HAVE_ECC)

 /* c = a * a (mod b) */
@ -1996,14 +2004,6 @@ void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  fp_isprime(fp_int *a);
 int  fp_cnt_lsb(fp_int *a);

-/* fast math wrappers */
-int mp_set_int(fp_int *a, fp_digit b)
-{
-    fp_set(a, b);
-    return MP_OKAY;
-}
-
-
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
    fp_gcd(a, b, c);
--- a/cyassl/ctaocrypt/integer.h
+++ b/cyassl/ctaocrypt/integer.h
@ -294,6 +294,7 @@ int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
 int  mp_2expt (mp_int * a, int b);
 int  mp_reduce_2k_setup(mp_int *a, mp_digit *d);
 int  mp_add_d (mp_int* a, mp_digit b, mp_int* c);
+int mp_set_int (mp_int * a, unsigned long b);
 /* end support added functions */

 /* added */
@ -309,7 +310,6 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,

 #ifdef CYASSL_KEY_GEN
    int mp_prime_is_prime (mp_int * a, int t, int *result);
-    int mp_set_int (mp_int * a, unsigned long b);
    int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
    int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
 #endif
--- a/cyassl/ctaocrypt/tfm.h
+++ b/cyassl/ctaocrypt/tfm.h
@ -650,6 +650,7 @@ int  mp_copy(fp_int* a, fp_int* b);
 int  mp_isodd(mp_int* a);
 int  mp_iszero(mp_int* a);
 int  mp_count_bits(mp_int *a);
+int  mp_set_int(fp_int *a, fp_digit b);

 #ifdef HAVE_ECC
    int mp_read_radix(mp_int* a, const char* str, int radix);
@ -667,7 +668,6 @@ int  mp_count_bits(mp_int *a);
 #endif

 #ifdef CYASSL_KEY_GEN
-int  mp_set_int(fp_int *a, fp_digit b);
 int  mp_gcd(fp_int *a, fp_int *b, fp_int *c);
 int  mp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  mp_prime_is_prime(mp_int* a, int t, int* result);
--- a/cyassl/ctaocrypt/types.h
+++ b/cyassl/ctaocrypt/types.h
@ -201,7 +201,8 @@ enum {
    DYNAMIC_TYPE_CTX        = 18,
    DYNAMIC_TYPE_WRITEV     = 19,
    DYNAMIC_TYPE_OPENSSL    = 20,
-    DYNAMIC_TYPE_CERT_MANAGER = 21 
+    DYNAMIC_TYPE_DSA        = 21,
+    DYNAMIC_TYPE_CERT_MANAGER = 22
 };

 /* stack protection */
--- a/cyassl/openssl/dh.h
+++ b/cyassl/openssl/dh.h
@ -21,6 +21,9 @@ typedef struct CYASSL_DH {
 	CYASSL_BIGNUM* g;
    CYASSL_BIGNUM* pub_key;      /* openssh deference g^x */
    CYASSL_BIGNUM* priv_key;     /* openssh deference x   */
+    void*          internal;     /* our DH */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 } CYASSL_DH;


--- a/cyassl/openssl/dsa.h
+++ b/cyassl/openssl/dsa.h
@ -19,8 +19,11 @@ struct CYASSL_DSA {
 	CYASSL_BIGNUM* p;
 	CYASSL_BIGNUM* q;
 	CYASSL_BIGNUM* g;
-	CYASSL_BIGNUM* pub_key;
-	CYASSL_BIGNUM* priv_key;
+	CYASSL_BIGNUM* pub_key;      /* our y */
+	CYASSL_BIGNUM* priv_key;     /* our x */
+    void*          internal;     /* our Dsa Key */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 };


@ -32,6 +35,8 @@ CYASSL_API int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA*, int bits,
                   unsigned char* seed, int seedLen, int* counterRet,
                   unsigned long* hRet, void* cb);

+CYASSL_API int CyaSSL_DSA_LoadDer(CYASSL_DSA*, const unsigned char*, int sz);
+
 #define DSA_new CyaSSL_DSA_new
 #define DSA_free CyaSSL_DSA_free

--- a/cyassl/openssl/evp.h
+++ b/cyassl/openssl/evp.h
@ -88,8 +88,8 @@ typedef union {


 typedef struct CYASSL_EVP_MD_CTX {
-    CYASSL_Hasher hash;
    unsigned char macType;
+    CYASSL_Hasher hash;
 } CYASSL_EVP_MD_CTX;


@ -120,11 +120,11 @@ enum {


 typedef struct CYASSL_EVP_CIPHER_CTX {
-    CYASSL_Cipher  cipher;
    int            keyLen;         /* user may set for variable */
-    unsigned char* iv;             /* working iv pointer into cipher */
    unsigned char  enc;            /* if encrypt side, then true */
    unsigned char  cipherType;
+    unsigned char  iv[64];         /* working iv pointer into cipher */
+    CYASSL_Cipher  cipher;
 } CYASSL_EVP_CIPHER_CTX;


@ -171,11 +171,15 @@ CYASSL_API CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY*);
 CYASSL_API void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx);
 CYASSL_API int   CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx);

-CYASSL_API int   CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+CYASSL_API void  CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
                                unsigned char* iv, int len);
-CYASSL_API int   CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
+CYASSL_API void  CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
                                unsigned char* iv, int len);

+CYASSL_API int  CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+CYASSL_API int  CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx);
+
+
 /* end OpenSSH compat */

 typedef CYASSL_EVP_MD         EVP_MD;
--- a/cyassl/openssl/hmac.h
+++ b/cyassl/openssl/hmac.h
@ -35,6 +35,7 @@
 #endif

 #include <cyassl/openssl/evp.h>
+#include <cyassl/ctaocrypt/hmac.h>

 #ifdef __cplusplus
    extern "C" {
@ -48,7 +49,8 @@ CYASSL_API unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md,


 typedef struct CYASSL_HMAC_CTX {
-    int stuff;    
+    Hmac hmac;
+    int  type;
 } CYASSL_HMAC_CTX;


--- a/cyassl/openssl/rsa.h
+++ b/cyassl/openssl/rsa.h
@ -51,6 +51,7 @@ CYASSL_API int CyaSSL_RSA_sign(int type, const unsigned char* m,
 CYASSL_API int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
                                  unsigned char* to, CYASSL_RSA*, int padding);
 CYASSL_API int CyaSSL_RSA_GenAdd(CYASSL_RSA*);
+CYASSL_API int CyaSSL_RSA_LoadDer(CYASSL_RSA*, const unsigned char*, int sz);


 #define RSA_new  CyaSSL_RSA_new
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@ -772,6 +772,9 @@ enum {
    CYASSL_CHAIN_CA = 2           /* added to cache from trusted chain */
 };

+CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
+                                  int, const char*);
+
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);

 CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);
--- a/src/ssl.c
+++ b/src/ssl.c