mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek 2012-05-18 15:33:54 -07:00
commit 8bf2d13f89
11 changed files with 111 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README
View File

@ -34,7 +34,26 @@ before calling SSL_new(); Though it's not recommended.
*** end Note ***
CyaSSL Release 2.0.8 (2/24/2012)
CyaSSL Release 2.2.0 (5/18/2012)
Release 2.2.0 CyaSSL has bug fixes and a few new features including:
- Initial CRL support (--enable-crl)
- Initial OCSP support (--enable-ocsp)
- Add static ECDH suites
- SHA-384 support
- ECC client certificate support
- Add medium session cache size (1055 sessions)
- Updated unit tests
- Protection against mutex reinitialization
The CyaSSL manual is available at:
http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
and comments about the new features please check the manual.
***************CyaSSL Release 2.0.8 (2/24/2012)
Release 2.0.8 CyaSSL has bug fixes and a few new features including:
- A fix for malicious certificates pointed out by Remi Gacogne (thanks)

4
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([cyassl],[2.1.7],[http://www.yassl.com])
AC_INIT([cyassl],[2.2.0],[http://www.yassl.com])
AC_CONFIG_AUX_DIR(config)
@ -25,7 +25,7 @@ AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
CYASSL_LIBRARY_VERSION=3:0:0
CYASSL_LIBRARY_VERSION=3:1:0
# | | |
# +------+ | +---+
# | | |

3
ctaocrypt/src/asn.c
View File

@ -4821,8 +4821,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz)
if (GetBasicDate(buff, &idx, dcrl->nextDate, sz) < 0)
return ASN_PARSE_E;
if (idx != dcrl->sigIndex) {
if (idx != dcrl->sigIndex && buff[idx] != CRL_EXTENSIONS) {
if (GetSequence(buff, &idx, &len, sz) < 0)
return ASN_PARSE_E;

7
ctaocrypt/test/test.c
View File

@ -1685,6 +1685,9 @@ int openssl_test()
testVector a, b, c, d, e, f;
byte hash[SHA_DIGEST_SIZE*4]; /* max size */
(void)e;
(void)f;
a.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
@ -1758,7 +1761,7 @@ int openssl_test()
#endif /* CYASSL_SHA384 */
#ifdef CYASSL_SHA384
#ifdef CYASSL_SHA512
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
@ -1779,7 +1782,7 @@ int openssl_test()
if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)
return -80;
#endif /* CYASSL_SHA384 */
#endif /* CYASSL_SHA512 */
if (RAND_bytes(hash, sizeof(hash)) != 1)

2
cyassl/crl.h
View File

@ -35,7 +35,7 @@ typedef struct CYASSL_CRL CYASSL_CRL;
CYASSL_LOCAL int InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
CYASSL_LOCAL void FreeCRL(CYASSL_CRL*);
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type);
CYASSL_LOCAL int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
CYASSL_LOCAL int BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
CYASSL_LOCAL int CheckCertCRL(CYASSL_CRL*, DecodedCert*);

1
cyassl/ctaocrypt/asn.h
View File

@ -62,6 +62,7 @@ enum ASN_Tags {
ASN_SET = 0x11,
ASN_UTC_TIME = 0x17,
ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
ASN_LONG_LENGTH = 0x80
};

7
cyassl/openssl/ssl.h
View File

@ -34,6 +34,13 @@
extern "C" {
#endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
typedef CYASSL SSL;
typedef CYASSL_SESSION SSL_SESSION;

15
cyassl/ssl.h
View File

@ -43,12 +43,6 @@
#define CYASSL_VERSION LIBCYASSL_VERSION_STRING
#endif
#ifdef _WIN32
/* wincrypt.h clashes */
#undef X509_NAME
#undef OCSP_REQUEST
#undef OCSP_RESPONSE
#endif
#ifdef __cplusplus
@ -789,19 +783,22 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
const char* d);
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
int format);
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
int sz);
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,int);
CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
int);
CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int);
CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int);
CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);

2
examples/client/client.c
View File

@ -209,7 +209,7 @@ void client_test(void* args)
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
if (argc != 3)

6
src/crl.c
View File

@ -250,7 +250,7 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
{
struct dirent* entry;
DIR* dir;
@ -293,6 +293,10 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type)
}
}
if (monitor) {
CYASSL_MSG("monitor path requested");
}
return SSL_SUCCESS;
}

79
src/ssl.c
View File

@ -1332,6 +1332,10 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
if (ret == 0)
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
#ifdef HAVE_CRL
if (ret == 0 && cm->crlEnabled)
ret = CheckCertCRL(cm->crl, &cert);
#endif
}
FreeDecodedCert(&cert);
@ -1379,18 +1383,19 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
}
/* turn on CRL if off and compiled in, set options */
int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
{
int ret = SSL_SUCCESS;
(void)options;
CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
#ifndef HAVE_CRL
return NOT_COMPILED_IN;
#else
#ifdef HAVE_CRL
if (cm->crl == NULL) {
cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
DYNAMIC_TYPE_CRL);
@ -1407,9 +1412,11 @@ int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
cm->crlEnabled = 1;
if (options & CYASSL_CRL_CHECKALL)
cm->crlCheckAll = 1;
#else
ret = NOT_COMPILED_IN;
#endif
return SSL_SUCCESS;
return ret;
}
@ -1428,6 +1435,43 @@ int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
#ifdef HAVE_CRL
/* check CRL if enabled, SSL_SUCCESS */
int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
{
int ret;
DecodedCert cert;
CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
if (cm == NULL)
return BAD_FUNC_ARG;
if (cm->crlEnabled == 0)
return SSL_SUCCESS;
InitDecodedCert(&cert, der, sz, NULL);
ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
if (ret != 0) {
CYASSL_MSG("ParseCert failed");
return ret;
}
else {
ret = CheckCertCRL(cm->crl, &cert);
if (ret != 0) {
CYASSL_MSG("CheckCertCRL failed");
}
}
FreeDecodedCert(&cert);
if (ret == 0)
return SSL_SUCCESS; /* convert */
return ret;
}
int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
{
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
@ -1441,7 +1485,7 @@ int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
int type)
int type, int monitor)
{
CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
if (cm == NULL)
@ -1454,7 +1498,7 @@ int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
}
}
return LoadCRL(cm->crl, path, type);
return LoadCRL(cm->crl, path, type, monitor);
}
@ -1478,11 +1522,11 @@ int CyaSSL_DisableCRL(CYASSL* ssl)
}
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type)
int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
{
CYASSL_ENTER("CyaSSL_LoadCRL");
if (ssl)
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type);
return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
else
return BAD_FUNC_ARG;
}
@ -1518,11 +1562,11 @@ int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
}
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type)
int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
{
CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
if (ctx)
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type);
return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
else
return BAD_FUNC_ARG;
}
@ -5947,7 +5991,7 @@ static int initGlobalRNG = 0;
{
CYASSL_MSG("CyaSSL_BN_clear_free");
return CyaSSL_BN_free(bn);
CyaSSL_BN_free(bn);
}
@ -6822,6 +6866,8 @@ static int initGlobalRNG = 0;
CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
(void)rsa;
(void)bits;
(void)cb;
(void)bn;
@ -6835,10 +6881,6 @@ static int initGlobalRNG = 0;
CYASSL_MSG("MakeRsaKey failed");
return -1;
}
#else
CYASSL_MSG("No Key Gen built in");
return -1;
#endif
if (SetRsaExternal(rsa) < 0) {
CYASSL_MSG("SetRsaExternal failed");
@ -6848,6 +6890,11 @@ static int initGlobalRNG = 0;
rsa->inSet = 1;
return 1; /* success */
#else
CYASSL_MSG("No Key Gen built in");
return -1;
#endif
}
@ -7176,7 +7223,6 @@ static int initGlobalRNG = 0;
default:
CYASSL_MSG("Bad digest id value");
return NULL;
}
return NULL;
@ -7367,7 +7413,6 @@ static int initGlobalRNG = 0;
default: {
CYASSL_MSG("bad type");
return 0;
}
}
return 0;