This commit is contained in:
Takashi Kojo 2014-03-11 09:55:57 +09:00
commit 8ea2eec773
54 changed files with 1150 additions and 794 deletions

2
.gitignore vendored
View File

@ -41,6 +41,8 @@ output
mcapi/test
testsuite/testsuite
tests/unit
testsuite/testsuite.test
tests/unit.test
testsuite/*.der
testsuite/*.pem
testsuite/*.raw

View File

@ -76,8 +76,10 @@ if USE_VALGRIND
TESTS_ENVIRONMENT=./valgrind-error.sh
endif
TEST_EXTENSIONS=.test
TESTS += $(check_PROGRAMS)
test: check
tests/unit.log: testsuite/testsuite.log
DISTCLEANFILES+= cyassl-config

24
README
View File

@ -35,11 +35,33 @@ before calling SSL_new(); Though it's not recommended.
*** end Notes ***
CyaSSL Release 2.9.0 (X/XX/XXXX)
CyaSSL Release 2.9.0 (02/07/2014)
Release 2.9.0 CyaSSL has bug fixes and new features including:
- Freescale Kinetis RNGB support
- Freescale Kinetis mmCAU support
- TLS Hello extensions
- ECC
- Secure Renegotiation (null)
- Truncated HMAC
- SCEP support
- PKCS #7 Enveloped data and signed data
- PKCS #10 Certificate Signing Request generation
- DTLS sliding window
- OCSP Improvements
- API change to integrate into Certificate Manager
- IPv4/IPv6 agnostic
- example client/server support for OCSP
- OCSP nonces are optional
- GMAC hashing
- Windows build additions
- Windows CYGWIN build fixes
- Updated test certificates
- Microchip MPLAB Harmony support
- Update autoconf scripts
- Additional X.509 inspection functions
- ECC encrypt/decrypt primitives
- ECC Certificate generation
The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
K53 Sub-Family Reference Manual:

View File

@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT
Next Update: Dec 14 21:32:30 2013 GMT
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
87
No Revoked Certificates.
3
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: sha1WithRSAEncryption
0f:16:d2:d6:62:f8:c0:db:b2:2c:de:9d:0a:10:72:0e:85:6e:
25:1d:38:20:1b:d5:66:d9:d3:9e:0e:a6:9e:e8:60:20:1c:b5:
c9:ab:09:c3:a5:d5:c3:91:a3:9a:ff:44:40:68:da:7b:da:4a:
3c:15:17:89:0a:49:b9:af:b2:ac:f0:e2:b5:0e:4d:c0:22:d7:
5e:c1:02:9e:f3:95:20:62:7c:88:d9:32:97:12:04:1a:6f:8c:
d8:7b:9f:0c:1e:91:fe:98:52:17:de:f2:ee:7c:66:e7:db:91:
99:7a:f7:09:c9:15:16:3d:a2:1c:13:af:ad:e0:70:b8:6b:e5:
dc:8e:f8:b5:ec:ff:f7:88:1b:ce:46:eb:22:ff:10:2f:ea:53:
f0:86:62:1a:ab:6f:4d:05:45:e8:5c:ba:b5:8d:0d:38:72:cd:
df:a1:74:31:bb:ad:68:7d:56:be:d8:7e:7a:f5:ef:52:be:14:
5c:6d:ed:b4:2a:c9:ab:97:ba:e8:93:c5:6b:79:66:c7:52:a8:
0d:62:dc:cb:e2:4c:e6:53:f4:c3:5c:ce:47:0f:39:46:9a:cb:
82:d9:98:7d:69:41:aa:ac:6a:7a:e9:02:c9:9b:77:59:7f:6a:
90:54:10:8a:45:c7:49:5f:ca:be:66:6a:20:e1:cd:e8:10:09:
30:7e:16:44
36:33:8d:75:7a:2c:40:dc:e2:64:71:de:1d:06:b4:0e:d3:98:
63:05:79:84:53:76:9b:aa:51:70:a1:3a:ab:12:f7:da:69:70:
34:5b:4d:08:01:a6:3b:16:25:ac:3d:11:0c:80:94:bc:dc:b5:
51:7c:84:11:65:d7:d2:24:16:f5:ac:11:0b:ea:72:62:4a:cb:
83:c1:6c:96:ec:6b:ce:1f:26:88:89:8a:74:90:fb:d3:67:91:
8c:f7:ef:0e:ca:81:39:22:89:1a:52:75:d0:13:ba:ee:83:0c:
61:e9:b4:d8:f1:3f:80:77:29:d2:bb:7e:81:29:a8:fb:1f:ad:
92:91:bd:e9:b8:29:3f:a3:ec:44:b5:09:e5:03:3c:1b:2d:df:
4c:27:45:94:da:be:50:dd:b9:78:3f:1f:92:92:59:a5:ad:5a:
ef:95:71:ff:ca:ff:db:70:53:17:aa:00:40:9b:4c:ff:fb:be:
73:7a:8e:0f:07:9b:b9:14:fd:a4:b4:d7:79:4b:3e:ff:c6:90:
ef:91:2e:a2:f3:ee:4b:1f:16:47:2a:a3:39:f9:b5:fd:74:fa:
8f:c4:15:8d:77:7f:46:78:6f:ba:a5:4e:bc:63:8f:39:63:c9:
68:3d:8f:02:3a:4a:d0:d5:c4:47:6a:2c:4d:6c:d5:e2:a7:5f:
35:ba:65:e4
-----BEGIN X509 CRL-----
MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
MIIB/jCB5wIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIx
NDIxMzIzMFqgDjAMMAoGA1UdFAQDAgFXMA0GCSqGSIb3DQEBBQUAA4IBAQAPFtLW
YvjA27Is3p0KEHIOhW4lHTggG9Vm2dOeDqae6GAgHLXJqwnDpdXDkaOa/0RAaNp7
2ko8FReJCkm5r7Ks8OK1Dk3AItdewQKe85UgYnyI2TKXEgQab4zYe58MHpH+mFIX
3vLufGbn25GZevcJyRUWPaIcE6+t4HC4a+Xcjvi17P/3iBvORusi/xAv6lPwhmIa
q29NBUXoXLq1jQ04cs3foXQxu61ofVa+2H569e9SvhRcbe20Ksmrl7rok8VreWbH
UqgNYtzL4kzmU/TDXM5HDzlGmsuC2Zh9aUGqrGp66QLJm3dZf2qQVBCKRcdJX8q+
Zmog4c3oEAkwfhZE
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIw
NzIwMTQwNlowFDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBAzAN
BgkqhkiG9w0BAQUFAAOCAQEANjONdXosQNziZHHeHQa0DtOYYwV5hFN2m6pRcKE6
qxL32mlwNFtNCAGmOxYlrD0RDICUvNy1UXyEEWXX0iQW9awRC+pyYkrLg8Fsluxr
zh8miImKdJD702eRjPfvDsqBOSKJGlJ10BO67oMMYem02PE/gHcp0rt+gSmo+x+t
kpG96bgpP6PsRLUJ5QM8Gy3fTCdFlNq+UN25eD8fkpJZpa1a75Vx/8r/23BTF6oA
QJtM//u+c3qODwebuRT9pLTXeUs+/8aQ75EuovPuSx8WRyqjOfm1/XT6j8QVjXd/
RnhvuqVOvGOPOWPJaD2PAjpK0NXER2osTWzV4qdfNbpl5A==
-----END X509 CRL-----

View File

@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT
Next Update: Dec 14 21:32:30 2013 GMT
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
85
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
4d:9c:63:22:02:91:fe:52:35:93:7c:b6:5b:e8:86:5a:29:a2:
4d:9a:bc:d9:16:e0:8a:04:90:4d:ae:21:00:be:9c:81:5b:68:
6e:90:1a:fd:1a:37:70:85:50:f2:02:87:1c:38:f4:ef:9d:41:
f5:4f:53:66:d4:c0:22:80:00:82:7a:09:42:49:c3:1c:c9:4c:
9f:92:f9:66:f4:21:1f:24:67:4f:83:6a:bd:3a:19:f1:04:99:
ea:30:05:bf:a7:3d:bf:71:ac:3e:3a:ba:2a:c5:05:12:53:eb:
5c:6f:ed:2d:4b:c0:f5:00:e1:95:45:c9:62:b5:89:66:4b:2b:
01:fc:66:29:a3:0a:9a:05:ae:f7:9f:51:2a:9c:3b:18:03:ed:
c4:7c:33:62:93:30:49:ab:c4:d1:07:f4:18:ac:96:24:1e:c2:
fa:37:ed:82:db:06:66:8d:fb:25:93:35:7b:39:88:e8:8e:70:
e9:c8:be:00:c4:f7:a7:67:83:f8:3d:af:8b:71:5b:25:3b:1d:
56:cd:d0:15:86:31:d1:cb:57:3a:00:b5:1c:7c:3e:99:44:ce:
bc:89:a7:78:37:50:ed:a1:b6:16:cd:72:20:c9:1f:60:b2:8a:
c5:62:30:26:f0:aa:b6:73:ca:8e:d6:ba:31:0a:21:a2:6e:40:
4b:66:30:11
4b:c1:68:4f:80:01:0e:ab:ff:c1:8f:5e:e5:3c:01:7a:fd:9c:
bb:21:b3:68:73:7c:e9:dc:c5:70:a8:fd:1b:74:27:c2:9e:7d:
11:9c:95:b9:fb:73:ac:50:bb:b7:4a:5e:f1:f3:44:b4:7c:b5:
21:0f:32:48:2e:b2:03:95:a7:09:6b:25:87:c3:1d:9c:3f:8f:
69:91:30:fb:e5:a1:b2:26:1a:ed:8f:73:06:2d:bd:bc:72:f4:
b8:bd:63:61:90:c7:91:2b:68:52:51:47:0d:d6:a1:79:b8:4b:
bc:30:57:94:fa:b7:49:80:1a:1f:4d:aa:a3:8b:cd:8f:5d:8e:
ad:8b:d6:d1:5b:c1:cf:f2:0c:60:22:19:87:42:db:42:8b:aa:
47:36:4d:20:eb:cb:72:ce:4b:48:1b:f3:4d:0b:e0:f8:58:27:
65:60:e7:97:50:83:a9:80:58:62:a8:02:ac:4e:37:79:42:47:
65:aa:55:ca:7c:9a:9c:bf:6c:36:89:f3:f7:60:d3:30:be:d4:
ce:f1:af:41:7e:02:75:6e:82:86:96:b9:16:07:15:29:c0:65:
4d:2f:13:4f:01:ec:47:f1:af:36:0a:d6:a1:dc:81:57:18:2d:
00:7b:d4:49:88:c0:61:81:0e:cd:a7:39:6a:53:2a:7c:91:3d:
ac:62:8d:49
-----BEGIN X509 CRL-----
MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx
MjE0MjEzMjMwWqAOMAwwCgYDVR0UBAMCAVUwDQYJKoZIhvcNAQEFBQADggEBAE2c
YyICkf5SNZN8tlvohlopok2avNkW4IoEkE2uIQC+nIFbaG6QGv0aN3CFUPIChxw4
9O+dQfVPU2bUwCKAAIJ6CUJJwxzJTJ+S+Wb0IR8kZ0+Dar06GfEEmeowBb+nPb9x
rD46uirFBRJT61xv7S1LwPUA4ZVFyWK1iWZLKwH8ZimjCpoFrvefUSqcOxgD7cR8
M2KTMEmrxNEH9BisliQewvo37YLbBmaN+yWTNXs5iOiOcOnIvgDE96dng/g9r4tx
WyU7HVbN0BWGMdHLVzoAtRx8PplEzryJp3g3UO2hthbNciDJH2CyisViMCbwqrZz
yo7WujEKIaJuQEtmMBE=
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
MjA3MjAxNDA2WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAEvB
aE+AAQ6r/8GPXuU8AXr9nLshs2hzfOncxXCo/Rt0J8KefRGclbn7c6xQu7dKXvHz
RLR8tSEPMkgusgOVpwlrJYfDHZw/j2mRMPvlobImGu2PcwYtvbxy9Li9Y2GQx5Er
aFJRRw3WoXm4S7wwV5T6t0mAGh9NqqOLzY9djq2L1tFbwc/yDGAiGYdC20KLqkc2
TSDry3LOS0gb800L4PhYJ2Vg55dQg6mAWGKoAqxON3lCR2WqVcp8mpy/bDaJ8/dg
0zC+1M7xr0F+AnVugoaWuRYHFSnAZU0vE08B7EfxrzYK1qHcgVcYLQB71EmIwGGB
Ds2nOWpTKnyRPaxijUk=
-----END X509 CRL-----

View File

@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT
Next Update: Dec 14 21:32:30 2013 GMT
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
86
2
Revoked Certificates:
Serial Number: 02
Revocation Date: Jun 17 21:32:30 2013 GMT
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: sha1WithRSAEncryption
87:3b:bb:ac:6b:1a:e8:96:87:6f:a3:8e:39:77:28:01:a7:ea:
76:36:c2:48:e2:41:02:3f:f3:f7:64:09:60:91:87:9e:57:74:
38:a0:c3:20:47:7d:82:4b:2c:34:23:fe:66:dc:2b:3e:8a:a1:
d9:e3:06:ec:75:0f:b1:ef:32:e2:28:ab:7d:40:2c:82:59:74:
c9:95:b5:62:a6:6a:8e:34:e6:f6:f8:91:ff:aa:c1:21:93:79:
cb:6f:dc:be:94:21:b1:c8:dd:9e:b8:fe:ad:e8:50:6e:0d:76:
92:32:54:51:96:cd:c7:be:d2:0f:6f:63:69:5f:b3:28:c1:57:
0e:61:f7:62:81:9f:ea:e7:a5:14:89:41:56:63:46:da:bc:d8:
e0:78:44:c6:c7:1a:ab:1b:f1:0b:59:d5:4e:6d:14:bc:16:c2:
02:43:06:0b:f4:16:6e:26:8c:36:09:61:0c:53:3f:72:85:64:
33:4d:bf:70:44:c8:23:83:c3:51:98:a8:14:f7:b2:03:a1:7b:
72:48:4d:24:d0:a8:a9:22:3d:9b:94:bf:24:24:01:6f:2e:4b:
2b:21:24:8f:64:46:20:79:45:b3:45:1a:4f:93:10:e1:8d:04:
4c:8d:83:63:96:9f:28:c5:37:0f:10:8e:02:9b:4d:96:8b:ea:
a3:31:88:9f
10:5d:b1:d0:79:d2:8a:15:2d:40:0b:44:d6:d9:df:58:73:eb:
55:2c:81:fe:e1:7b:62:48:8f:34:c5:06:51:e5:e8:50:70:8c:
12:ba:e3:6e:fe:7d:0d:ce:44:08:9d:dc:d9:57:43:6c:54:12:
82:d4:ed:6c:71:e5:74:44:bd:d1:a8:98:96:63:8b:68:5f:d2:
87:28:dd:99:4f:aa:ba:8e:18:9e:c4:4f:69:9e:66:13:03:28:
5f:3c:35:01:15:77:22:7c:ed:c5:4a:67:44:af:85:7f:df:8a:
fd:49:8b:e1:be:52:e3:ca:e8:ae:a3:ad:07:91:2c:51:c6:28:
5f:26:17:14:39:5d:4e:21:9f:11:6f:c4:a2:ef:ef:b8:ec:27:
af:45:ad:b9:ed:e0:14:09:60:a0:50:ee:dd:f7:b1:3e:58:c4:
0d:e8:b5:0b:a9:0d:98:ad:7c:74:ab:1c:d6:fa:c8:7d:e7:5a:
3b:91:23:d5:62:ba:d4:e4:be:58:78:fe:09:ba:63:f6:9e:2c:
3f:93:c2:fe:de:c5:00:21:50:39:91:ac:71:e6:fc:4a:37:a4:
e4:e9:5e:e7:ac:8d:95:21:d6:76:aa:10:a8:3c:28:3e:ef:1c:
64:58:e9:1e:f6:7e:54:f3:cb:bb:ed:6f:5d:27:5a:b1:4b:91:
8e:8c:67:7d
-----BEGIN X509 CRL-----
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx
MjE0MjEzMjMwWjAUMBICAQIXDTEzMDYxNzIxMzIzMFqgDjAMMAoGA1UdFAQDAgFW
MA0GCSqGSIb3DQEBBQUAA4IBAQCHO7usaxrolodvo445dygBp+p2NsJI4kECP/P3
ZAlgkYeeV3Q4oMMgR32CSyw0I/5m3Cs+iqHZ4wbsdQ+x7zLiKKt9QCyCWXTJlbVi
pmqONOb2+JH/qsEhk3nLb9y+lCGxyN2euP6t6FBuDXaSMlRRls3HvtIPb2NpX7Mo
wVcOYfdigZ/q56UUiUFWY0bavNjgeETGxxqrG/ELWdVObRS8FsICQwYL9BZuJow2
CWEMUz9yhWQzTb9wRMgjg8NRmKgU97IDoXtySE0k0KipIj2blL8kJAFvLksrISSP
ZEYgeUWzRRpPkxDhjQRMjYNjlp8oxTcPEI4Cm02Wi+qjMYif
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
MjA3MjAxNDA2WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEC
MA0GCSqGSIb3DQEBBQUAA4IBAQAQXbHQedKKFS1AC0TW2d9Yc+tVLIH+4XtiSI80
xQZR5ehQcIwSuuNu/n0NzkQIndzZV0NsVBKC1O1sceV0RL3RqJiWY4toX9KHKN2Z
T6q6jhiexE9pnmYTAyhfPDUBFXcifO3FSmdEr4V/34r9SYvhvlLjyuiuo60HkSxR
xihfJhcUOV1OIZ8Rb8Si7++47CevRa257eAUCWCgUO7d97E+WMQN6LULqQ2YrXx0
qxzW+sh951o7kSPVYrrU5L5YeP4JumP2niw/k8L+3sUAIVA5kaxx5vxKN6Tk6V7n
rI2VIdZ2qhCoPCg+7xxkWOke9n5U88u77W9dJ1qxS5GOjGd9
-----END X509 CRL-----

View File

@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT
Next Update: Dec 14 21:32:30 2013 GMT
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
88
No Revoked Certificates.
4
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1
30:45:02:21:00:eb:6e:1b:5d:f9:43:f9:67:5b:4e:d1:6d:30:
c7:c1:57:a3:e6:25:af:87:7a:77:8d:d9:89:47:1d:a4:64:0e:
21:02:20:11:20:49:d5:84:47:fa:12:61:46:ec:b6:db:0e:d0:
9d:3d:95:24:4f:a3:43:ab:d0:ad:dd:d9:61:b7:49:e2:5e
30:44:02:20:10:95:f9:c8:20:bc:7d:ce:79:6d:35:23:4c:82:
8c:f5:8b:d1:4f:69:a9:5e:70:97:dd:bb:c2:67:13:46:b0:47:
02:20:4f:1f:43:c2:cc:63:1c:6e:26:89:2d:e7:ce:69:45:6d:
fb:8f:53:cd:1f:84:0f:93:fe:83:91:69:f2:91:c6:f9
-----BEGIN X509 CRL-----
MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
MIIBNTCB3gIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
ARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIxNDIxMzIzMFqg
DjAMMAoGA1UdFAQDAgFYMAkGByqGSM49BAEDSAAwRQIhAOtuG135Q/lnW07RbTDH
wVej5iWvh3p3jdmJRx2kZA4hAiARIEnVhEf6EmFG7LbbDtCdPZUkT6NDq9Ct3dlh
t0niXg==
ARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIwNzIwMTQwNlow
FDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBBDAJBgcqhkjOPQQB
A0cAMEQCIBCV+cggvH3OeW01I0yCjPWL0U9pqV5wl927wmcTRrBHAiBPH0PCzGMc
biaJLefOaUVt+49TzR+ED5P+g5Fp8pHG+Q==
-----END X509 CRL-----

View File

@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT
Next Update: Dec 14 21:32:30 2013 GMT
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
89
No Revoked Certificates.
5
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:0c:78:df:c4:4b:8b:e0:70:15:4f:f6:7d:82:d6:
0d:dd:a5:a0:e2:6a:95:4b:2b:6b:29:14:15:ba:51:0d:e3:1f:
02:20:2b:4b:1d:7c:9d:2f:5a:01:3d:9b:c1:94:cd:10:86:fe:
e2:9d:a0:b2:3c:97:10:ba:a6:56:43:78:b3:92:9b:0b
30:44:02:20:2a:2a:2c:ff:8a:0f:6a:74:57:b8:41:a8:5a:5c:
8c:7d:c1:7d:b1:76:a3:db:ff:22:1a:69:cd:80:8d:d5:e4:2a:
02:20:2d:51:3e:01:5b:79:6c:f4:89:89:63:46:0b:65:44:46:
59:2d:42:3e:ba:a8:6d:08:4a:20:1f:9a:06:cc:a9:65
-----BEGIN X509 CRL-----
MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
MIIBNzCB4AIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMxMjE0MjEzMjMw
WqAOMAwwCgYDVR0UBAMCAVkwCQYHKoZIzj0EAQNHADBEAiAMeN/ES4vgcBVP9n2C
1g3dpaDiapVLK2spFBW6UQ3jHwIgK0sdfJ0vWgE9m8GUzRCG/uKdoLI8lxC6plZD
eLOSmws=
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUwMjA3MjAxNDA2
WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEFMAkGByqGSM49
BAEDRwAwRAIgKios/4oPanRXuEGoWlyMfcF9sXaj2/8iGmnNgI3V5CoCIC1RPgFb
eWz0iYljRgtlREZZLUI+uqhtCEogH5oGzKll
-----END X509 CRL-----

View File

@ -5,7 +5,7 @@
# caCrl
openssl ca -gencrl -crldays 180 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
openssl ca -gencrl -crldays 365 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# metadata
openssl crl -in crl.pem -text > tmp
@ -17,7 +17,7 @@ cp crl.pem ~/cyassl/certs/crl/crl.pem
openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# caCrl server revoked generation
openssl ca -gencrl -crldays 180 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
openssl ca -gencrl -crldays 365 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# metadata
openssl crl -in crl.revoked -text > tmp
@ -29,7 +29,7 @@ cp crl.revoked ~/cyassl/certs/crl/crl.revoked
cp blank.index.txt demoCA/index.txt
# cliCrl
openssl ca -gencrl -crldays 180 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
openssl ca -gencrl -crldays 365 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
# metadata
openssl crl -in cliCrl.pem -text > tmp
@ -38,7 +38,7 @@ mv tmp cliCrl.pem
cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
# eccCliCRL
openssl ca -gencrl -crldays 180 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
openssl ca -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
# metadata
openssl crl -in eccCliCRL.pem -text > tmp
@ -47,7 +47,7 @@ mv tmp eccCliCRL.pem
cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
# eccSrvCRL
openssl ca -gencrl -crldays 180 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
openssl ca -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
# metadata
openssl crl -in eccSrvCRL.pem -text > tmp

View File

@ -6,12 +6,10 @@
#
#
AC_INIT([cyassl],[2.8.6],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
AC_INIT([cyassl],[2.9.1],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux])
# using $targget_cpu to only turn on fastmath by default on x86_64
AC_CANONICAL_TARGET
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
@ -33,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
CYASSL_LIBRARY_VERSION=5:2:0
CYASSL_LIBRARY_VERSION=5:3:0
# | | |
# +------+ | +---+
# | | |
@ -104,7 +102,7 @@ OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
# Thread local storage
AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"], [:])
# DEBUG
AX_DEBUG
@ -987,6 +985,19 @@ fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# PWDBASED
AC_ARG_ENABLE([pwdbased],
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
@ -996,9 +1007,9 @@ AC_ARG_ENABLE([pwdbased],
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes"
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
# opensslextra needs pwdbased
# opensslextra and webserver needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
@ -1042,19 +1053,6 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# Filesystem Build
AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: enabled)],
@ -1226,16 +1224,16 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
fi
# Elliptic Curves Extensions
AC_ARG_ENABLE([ellipticcurves],
[ --enable-ellipticcurves Enable Elliptic Curves (default: disabled)],
[ ENABLED_ELLIPTIC_CURVES=$enableval ],
[ ENABLED_ELLIPTIC_CURVES=no ]
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
[ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)],
[ ENABLED_SUPPORTED_CURVES=$enableval ],
[ ENABLED_SUPPORTED_CURVES=no ]
)
if test "x$ENABLED_ELLIPTIC_CURVES" = "xyes"
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ELLIPTIC_CURVES"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
fi
# TLS Extensions
@ -1251,8 +1249,8 @@ then
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_RENEGOTIATION_INDICATION=yes
ENABLED_ELLIPTIC_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_ELLIPTIC_CURVES"
ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_SUPPORTED_CURVES"
fi
# PKCS7
@ -1340,10 +1338,39 @@ then
fi
# Certificate Service Support
AC_ARG_ENABLE([certservice],
[ --enable-certservice Enable cert service (default: disabled)],
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
# Requires ecc,certgen, and opensslextra make sure on
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DCYASSL_CERT_GEN"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DCYASSL_HAVE_CERT_SERVICE"
fi
# set fastmath default
FASTMATH_DEFAULT=no
if test "$target_cpu" = "x86_64"
if test "$host_cpu" = "x86_64"
then
FASTMATH_DEFAULT=yes
fi
@ -1398,7 +1425,6 @@ AC_ARG_ENABLE([examples],
[ ENABLED_EXAMPLES=yes ]
)
AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now
@ -1527,16 +1553,6 @@ then
fi
LIB_SOCKET_NSL
AC_ARG_ENABLE([gcc-hardening],
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
[if test x$enableval = xyes; then
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
AM_CFLAGS="$AM_CFLAGS -fwrapv -fPIE -Wstack-protector"
AM_CFLAGS="$AM_CFLAGS --param ssp-buffer-size=1"
LDFLAGS="$LDFLAGS -pie"
fi])
AX_HARDEN_CC_COMPILER_FLAGS
# link to ws2_32 if on mingw
@ -1624,9 +1640,9 @@ echo ""
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC_VERSION"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX_VERSION"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * LIB Flags: $LIB"
@ -1689,7 +1705,7 @@ echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Elliptic Curves: $ENABLED_ELLIPTIC_CURVES"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP"

View File

@ -219,27 +219,27 @@ int benchmark_test(void *args)
#ifdef BENCH_EMBEDDED
const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */
const char blockType[] = "kB"; /* used in printf output */
const int ntimes = 1; /* public key iterations */
const int genTimes = 5;
const int agreeTimes = 5;
static const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */
static const char blockType[] = "kB"; /* used in printf output */
static const int ntimes = 1; /* public key iterations */
static const int genTimes = 5;
static const int agreeTimes = 5;
#else
const int numBlocks = 5;
const char blockType[] = "megs";
const int ntimes = 100;
const int genTimes = 100;
const int agreeTimes = 100;
static const int numBlocks = 5;
static const char blockType[] = "megs";
static const int ntimes = 100;
static const int genTimes = 100;
static const int agreeTimes = 100;
#endif
const byte key[] =
static const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
static const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
@ -250,11 +250,11 @@ const byte iv[] =
/* use kB instead of mB for embedded benchmarking */
#ifdef BENCH_EMBEDDED
byte plain [1024];
byte cipher[1024];
static byte plain [1024];
static byte cipher[1024];
#else
byte plain [1024*1024];
byte cipher[1024*1024];
static byte plain [1024*1024];
static byte cipher[1024*1024];
#endif
@ -294,8 +294,10 @@ void bench_aes(int show)
#endif
byte additional[13];
byte tag[16];
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
static byte additional[13];
static byte tag[16];
#endif
#ifdef HAVE_AESGCM
@ -675,7 +677,7 @@ void bench_blake2(void)
#if !defined(NO_RSA) || !defined(NO_DH) \
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
RNG rng;
static RNG rng;
#endif
#ifndef NO_RSA
@ -684,7 +686,7 @@ RNG rng;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
defined(CYASSL_MDK_SHELL)
static char *certRSAname = "certs/rsa2048.der" ;
void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
/* set by shell command */
#elif defined(CYASSL_MDK_SHELL)
/* nothing */
@ -798,7 +800,7 @@ void bench_dh(void)
int i, ret;
byte tmp[1024];
size_t bytes;
word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;
word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
byte pub[256]; /* for 2048 bit */
byte priv[256]; /* for 2048 bit */
@ -954,7 +956,7 @@ void bench_eccKeyAgree(void)
byte shared[1024];
byte sig[1024];
byte digest[32];
word32 x;
word32 x = 0;
ecc_init(&genKey);
ecc_init(&genKey2);
@ -996,7 +998,7 @@ void bench_eccKeyAgree(void)
/* make dummy digest */
for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = i;
digest[i] = (byte)i;
start = current_time(1);

View File

@ -318,6 +318,36 @@ __asm__( \
#define LOOP_START \
mu = c[x] * mp
#ifdef __thumb__
#define INNERMUL \
__asm__( \
" LDR r0,%1 \n\t" \
" ADDS r0,r0,%0 \n\t" \
" ITE CS \n\t" \
" MOVCS %0,#1 \n\t" \
" MOVCC %0,#0 \n\t" \
" UMLAL r0,%0,%3,%4 \n\t" \
" STR r0,%1 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"m"(_c[0]):"r0","cc");
#define PROPCARRY \
__asm__( \
" LDR r0,%1 \n\t" \
" ADDS r0,r0,%0 \n\t" \
" STR r0,%1 \n\t" \
" ITE CS \n\t" \
" MOVCS %0,#1 \n\t" \
" MOVCC %0,#0 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"m"(_c[0]):"r0","cc");
/* TAO thumb mode uses ite (if then else) to detect carry directly
* fixed unmatched constraint warning by changing 1 to m */
#else /* __thumb__ */
#define INNERMUL \
__asm__( \
" LDR r0,%1 \n\t" \
@ -337,6 +367,8 @@ __asm__( \
" MOVCC %0,#0 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");
#endif /* __thumb__ */
#elif defined(TFM_PPC32)
/* PPC32 */
@ -725,9 +757,11 @@ __asm__( \
#define SQRADDSC(i, j) \
__asm__( \
" UMULL %0,%1,%6,%7 \n\t" \
" UMULL %0,%1,%3,%4 \n\t" \
" SUB %2,%2,%2 \n\t" \
:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "cc");
:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "r"(i), "r"(j) : "cc");
/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
#define SQRADDAC(i, j) \
__asm__( \

View File

@ -1519,8 +1519,9 @@ static int GetKey(DecodedCert* cert)
XMEMCPY(cert->publicKey, keyBlob, keyLen);
cert->pubKeyStored = 1;
cert->pubKeySize = keyLen;
return 0;
}
break;
#endif /* HAVE_NTRU */
#ifdef HAVE_ECC
case ECDSAk:
@ -1566,14 +1567,13 @@ static int GetKey(DecodedCert* cert)
cert->pubKeySize = length;
cert->srcIdx += length;
return 0;
}
break;
#endif /* HAVE_ECC */
default:
return ASN_UNKNOWN_OID_E;
}
return 0;
}
@ -3084,6 +3084,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
{
word32 idx = 0;
int length = 0;
byte b;
word32 oid;
CYASSL_ENTER("DecodeAuthInfo");
@ -3091,35 +3092,26 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
/* Unwrap the list of AIAs */
if (GetSequence(input, &idx, &length, sz) < 0) return;
/* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0) return;
while (idx < (word32)sz) {
/* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0) return;
oid = 0;
if (GetObjectId(input, &idx, &oid, sz) < 0) return;
oid = 0;
if (GetObjectId(input, &idx, &oid, sz) < 0) return;
/* Only supporting URIs right now. */
if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI))
{
idx++;
/* Only supporting URIs right now. */
b = input[idx++];
if (GetLength(input, &idx, &length, sz) < 0) return;
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) &&
oid == AIA_OCSP_OID)
{
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
break;
}
idx += length;
}
else
{
/* Skip anything else. */
idx++;
if (GetLength(input, &idx, &length, sz) < 0) return;
idx += length;
}
if (idx < (word32)sz)
{
CYASSL_MSG("\tThere are more Authority Information Access records, "
"but we only use first one.");
}
return;
}
@ -3224,11 +3216,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
length--;
if (length == 2) {
cert->extKeyUsage = (input[idx] << 8) | input[idx+1];
cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]);
cert->extKeyUsage >>= unusedBits;
}
else if (length == 1)
cert->extKeyUsage = (input[idx] << 1);
cert->extKeyUsage = (word16)(input[idx] << 1);
return;
}
@ -3290,9 +3282,7 @@ static void DecodeCertExtensions(DecodedCert* cert)
byte* input = cert->extensions;
int length;
word32 oid;
byte critical;
(void)critical;
byte critical = 0;
CYASSL_ENTER("DecodeCertExtensions");
@ -3405,7 +3395,6 @@ static void DecodeCertExtensions(DecodedCert* cert)
}
idx += length;
}
(void)critical;
CYASSL_LEAVE("DecodeCertExtensions", 0);
return;
@ -3432,7 +3421,8 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
cert->subjectCNStored = 1;
}
if (cert->keyOID == RSAk && cert->pubKeySize > 0) {
if (cert->keyOID == RSAk &&
cert->publicKey != NULL && cert->pubKeySize > 0) {
ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (ptr == NULL)

View File

@ -95,9 +95,9 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
b1 = (e1 << 2) | (e2 >> 4);
b2 = ((e2 & 0xF) << 4) | (e3 >> 2);
b3 = ((e3 & 0x3) << 6) | e4;
b1 = (byte)((e1 << 2) | (e2 >> 4));
b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
b3 = (byte)(((e3 & 0x3) << 6) | e4);
out[i++] = b1;
if (!pad3)
@ -251,8 +251,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
/* encoded idx */
byte e1 = b1 >> 2;
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4);
byte e3 = ((b2 & 0xF) << 2) | (b3 >> 6);
byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
byte e3 = (byte)(((b2 & 0xF) << 2) | (b3 >> 6));
byte e4 = b3 & 0x3F;
/* store */
@ -281,8 +281,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
byte b2 = (twoBytes) ? in[j++] : 0;
byte e1 = b1 >> 2;
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4);
byte e3 = (b2 & 0xF) << 2;
byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
byte e3 = (byte)((b2 & 0xF) << 2);
ret = CEscape(escaped, e1, out, &i, *outLen, 0);
if (ret == 0)
@ -375,7 +375,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
if (b == BAD || b2 == BAD)
return ASN_INPUT_E;
out[outIdx++] = (b << 4) | b2;
out[outIdx++] = (byte)((b << 4) | b2);
inLen -= 2;
}

View File

@ -633,7 +633,7 @@ static const int bytebit[] = {
0200,0100,040,020,010,04,02,01
};
const word32 Spbox[8][64] = {
static const word32 Spbox[8][64] = {
{
0x01010400,0x00000000,0x00010000,0x01010404,
0x01010004,0x00010404,0x00000004,0x00010000,

View File

@ -971,7 +971,8 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
mp_int mu;
mp_digit mp;
unsigned long buf;
int first, bitbuf, bitcpy, bitcnt, mode, digidx;
int first = 1, bitbuf = 0, bitcpy = 0, bitcnt = 0, mode = 0,
digidx = 0;
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
return ECC_BAD_ARG_E;

View File

@ -86,7 +86,6 @@ static int InitHmac(Hmac* hmac, int type)
default:
return BAD_FUNC_ARG;
break;
}
return 0;

View File

@ -161,7 +161,7 @@ void Md4Update(Md4* md4, const byte* data, word32 len)
if (md4->buffLen == MD4_BLOCK_SIZE) {
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif
Transform(md4);
AddLength(md4, MD4_BLOCK_SIZE);
@ -185,7 +185,7 @@ void Md4Final(Md4* md4, byte* hash)
md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif
Transform(md4);
md4->buffLen = 0;
@ -199,7 +199,7 @@ void Md4Final(Md4* md4, byte* hash)
/* store lengths */
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));

View File

@ -300,7 +300,7 @@ void Md5Update(Md5* md5, const byte* data, word32 len)
if (md5->buffLen == MD5_BLOCK_SIZE) {
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
XTRANSFORM(md5, local);
AddLength(md5, MD5_BLOCK_SIZE);
@ -324,7 +324,7 @@ void Md5Final(Md5* md5, byte* hash)
md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
XTRANSFORM(md5, local);
md5->buffLen = 0;
@ -338,7 +338,7 @@ void Md5Final(Md5* md5, byte* hash)
/* store lengths */
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));

View File

@ -146,15 +146,6 @@ STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
#endif /* WORD64_AVAILABLE */
STATIC INLINE void ByteReverseBytes(byte* out, const byte* in, word32 byteCount)
{
word32* op = (word32*)out;
const word32* ip = (const word32*)in;
ByteReverseWords(op, ip, byteCount);
}
STATIC INLINE void XorWords(word* r, const word* a, word32 n)
{
word32 i;
@ -163,13 +154,16 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
}
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
{
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
else {
word32 i;
for (i = 0; i < count; i++) buf[i] ^= mask[i];
byte* b = (byte*)buf;
const byte* m = (const byte*)mask;
for (i = 0; i < count; i++) b[i] ^= m[i];
}
}
#undef STATIC

View File

@ -631,6 +631,18 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(CYASSL_TYTO)
int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
for (i = 0; i < sz; i++ )
output[i] = rand_gen();
return 0;
}
#elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific GenerateSeed() here"

View File

@ -295,7 +295,8 @@ void RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) {
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
ByteReverseWords(ripemd->buffer, ripemd->buffer,
RIPEMD_BLOCK_SIZE);
#endif
Transform(ripemd);
AddLength(ripemd, RIPEMD_BLOCK_SIZE);
@ -319,7 +320,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen;
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
#endif
Transform(ripemd);
ripemd->buffLen = 0;
@ -333,7 +334,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
/* store lengths */
#ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32));

View File

@ -311,7 +311,7 @@ void ShaUpdate(Sha* sha, const byte* data, word32 len)
if (sha->buffLen == SHA_BLOCK_SIZE) {
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif
XTRANSFORM(sha, local);
AddLength(sha, SHA_BLOCK_SIZE);
@ -335,7 +335,7 @@ void ShaFinal(Sha* sha, byte* hash)
sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif
XTRANSFORM(sha, local);
sha->buffLen = 0;
@ -349,7 +349,7 @@ void ShaFinal(Sha* sha, byte* hash)
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
@ -357,8 +357,9 @@ void ShaFinal(Sha* sha, byte* hash)
#ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */
ByteReverseBytes(&local[SHA_PAD_SIZE], &local[SHA_PAD_SIZE],
2 * sizeof(word32));
ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif
XTRANSFORM(sha, local);

View File

@ -167,7 +167,8 @@ void Sha256Update(Sha256* sha256, const byte* data, word32 len)
if (sha256->buffLen == SHA256_BLOCK_SIZE) {
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
ByteReverseWords(sha256->buffer, sha256->buffer,
SHA256_BLOCK_SIZE);
#endif
XTRANSFORM(sha256, local);
AddLength(sha256, SHA256_BLOCK_SIZE);
@ -191,7 +192,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
XTRANSFORM(sha256, local);
sha256->buffLen = 0;
@ -205,7 +206,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
@ -214,8 +215,9 @@ void Sha256Final(Sha256* sha256, byte* hash)
#ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */
ByteReverseBytes(&local[SHA256_PAD_SIZE], &local[SHA256_PAD_SIZE],
2 * sizeof(word32));
ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif
XTRANSFORM(sha256, local);

View File

@ -2402,7 +2402,7 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
#ifdef HAVE_ECC
/* chars used in radix conversions */
const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
static int fp_read_radix(fp_int *a, const char *str, int radix)
{

View File

@ -121,7 +121,9 @@
#define printf dc_log_printf
#endif
#include "ctaocrypt/test/test.h"
#ifndef CYASSL_TYTO
#include "ctaocrypt/test/test.h"
#endif
typedef struct testVector {
@ -2410,10 +2412,6 @@ int camellia_test(void)
{CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
};
if ((sizeof(pte) != CAMELLIA_BLOCK_SIZE) ||
(sizeof(ptc) != CAMELLIA_BLOCK_SIZE))
return -113;
testsSz = sizeof(testVectors)/sizeof(test_vector_t);
for (i = 0; i < testsSz; i++) {
CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
@ -3786,7 +3784,7 @@ int ecc_test(void)
/* test DSA sign hash */
for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = i;
digest[i] = (byte)i;
x = sizeof(sig);
ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);

View File

@ -227,6 +227,11 @@ enum SepHardwareName_Sum {
HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
};
enum AuthInfo_Sum {
AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
};
enum VerifyType {
NO_VERIFY = 0,

View File

@ -42,13 +42,11 @@ CYASSL_LOCAL
word32 ByteReverseWord32(word32);
CYASSL_LOCAL
void ByteReverseWords(word32*, const word32*, word32);
CYASSL_LOCAL
void ByteReverseBytes(byte*, const byte*, word32);
CYASSL_LOCAL
void XorWords(word*, const word*, word32);
CYASSL_LOCAL
void xorbuf(byte*, const byte*, word32);
void xorbuf(void*, const void*, word32);
#ifdef WORD64_AVAILABLE
CYASSL_LOCAL

View File

@ -111,6 +111,77 @@ CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
/* filesystem abstraction layer, used by ssl.c */
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
#endif /* NO_FILESYSTEM */
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@ -167,13 +167,25 @@
#define NO_FILESYSTEM
#define CYASSL_USER_IO
#define NO_DEV_RANDOM
#define HAVE_HKDF
#define NO_MAIN_DRIVER
#define CYASSL_LWIP
/* ECC and optimizations */
#define FREESCALE_MMCAU 1
#define HAVE_ECC
#define HAVE_ECC_ENCRYPT
#define ECC_SHAMIR
#define HAVE_HKDF
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define TFM_ECC256
#define TFM_ARM
#define ECC_SHAMIR
#define FP_ECC
#define FP_ENTRIES 2
#define FP_LUT 4
#define FP_MAX_BITS 512
/* remove features */
#define NO_OLD_TLS
#define NO_MD4
#define NO_RABBIT

View File

@ -211,7 +211,9 @@ enum {
#endif
#ifndef CTYPE_USER
#include <ctype.h>
#ifndef CYASSL_TYTO
#include <ctype.h>
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP)
#define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c))

View File

@ -599,7 +599,9 @@ enum Misc {
COOKIE_SZ = 20, /* use a 20 byte cookie */
SUITE_LEN = 2, /* cipher suite sz length */
ENUM_LEN = 1, /* always a byte */
OPAQUE16_LEN = 2, /* always 2 bytes */
OPAQUE8_LEN = 1, /* 1 byte */
OPAQUE16_LEN = 2, /* 2 bytes */
OPAQUE24_LEN = 3, /* 3 bytes */
COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */
SERVER_ID_LEN = 20, /* server session id length */
@ -1004,6 +1006,7 @@ struct OCSP_Entry {
struct CYASSL_OCSP {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OCSP_Entry* ocspList; /* OCSP response list */
CyaSSL_Mutex ocspLock; /* OCSP list lock */
};
#ifndef MAX_DATE_SIZE
@ -1182,7 +1185,7 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
#ifdef HAVE_SUPPORTED_CURVES
typedef struct EllipticCurve {
word16 name; /* CurveNames */
@ -1190,14 +1193,14 @@ typedef struct EllipticCurve {
} EllipticCurve;
CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name);
CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
#ifndef NO_CYASSL_SERVER
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
byte second);
#endif
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_TLS_EXTENSIONS */

View File

@ -619,7 +619,7 @@ enum {
/* extras end */
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* CyaSSL extension, provide last error from SSL_get_error
since not using thread storage error queue */
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
@ -824,8 +824,10 @@ CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
#ifndef NO_FILESYSTEM
CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
#ifndef NO_STDIO_FILESYSTEM
CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
#endif
CYASSL_API CYASSL_X509*
CyaSSL_X509_load_certificate_file(const char* fname, int format);
#endif
@ -1244,7 +1246,7 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
#endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES
#ifdef HAVE_SUPPORTED_CURVES
enum {
CYASSL_ECC_SECP160R1 = 0x10,
@ -1257,12 +1259,12 @@ enum {
#ifndef NO_CYASSL_CLIENT
CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name);
CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx,
CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name);
CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx,
unsigned short name);
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_SUPPORTED_CURVES */
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
@ -1287,9 +1289,13 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
#ifdef CYASSL_HAVE_WOLFSCEP
CYASSL_API void CyaSSL_wolfSCEP(void);
CYASSL_API void CyaSSL_wolfSCEP(void);
#endif /* CYASSL_HAVE_WOLFSCEP */
#ifdef CYASSL_HAVE_CERT_SERVICE
CYASSL_API void CyaSSL_cert_service(void);
#endif
#ifdef __cplusplus
} /* extern "C" */

View File

@ -167,8 +167,8 @@
#define crlPemDir "./certs/crl"
typedef struct tcp_ready {
int ready; /* predicate */
int port;
word16 ready; /* predicate */
word16 port;
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_t mutex;
pthread_cond_t cond;
@ -290,7 +290,7 @@ static INLINE int mygetopt(int argc, char** argv, const char* optstring)
}
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
{
@ -566,7 +566,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
#endif /* !CYASSL_MDK_ARM */
static INLINE void tcp_listen(SOCKET_T* sockfd, int* port, int useAnyAddr,
static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
int udp)
{
SOCKADDR_IN_T addr;
@ -628,7 +628,7 @@ static INLINE int udp_read_connect(SOCKET_T sockfd)
}
static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
int useAnyAddr, int port, func_args* args)
int useAnyAddr, word16 port, func_args* args)
{
SOCKADDR_IN_T addr;
@ -679,7 +679,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
}
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
func_args* args, int port, int useAnyAddr,
func_args* args, word16 port, int useAnyAddr,
int udp)
{
SOCKADDR_IN_T client;
@ -1154,7 +1154,8 @@ static INLINE int CurrentDir(const char* str)
if (ptr == NULL)
return;
mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
mt = (memoryTrack*)ptr;
--mt; /* same as minus sizeof(memoryTrack), removes header */
#ifdef DO_MEM_STATS
ourMemStats.currentBytes -= mt->u.hint.thisSize;
@ -1170,7 +1171,8 @@ static INLINE int CurrentDir(const char* str)
if (ptr) {
/* if realloc is bigger, don't overread old ptr */
memoryTrack* mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
memoryTrack* mt = (memoryTrack*)ptr;
--mt; /* same as minus sizeof(memoryTrack), removes header */
if (mt->u.hint.thisSize < sz)
sz = mt->u.hint.thisSize;

View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBCYASSL_VERSION_STRING "2.8.6"
#define LIBCYASSL_VERSION_HEX 0x02008006
#define LIBCYASSL_VERSION_STRING "2.9.1"
#define LIBCYASSL_VERSION_HEX 0x02009001
#ifdef __cplusplus
}

View File

@ -137,7 +137,7 @@ static void Usage(void)
#ifdef HAVE_SNI
printf("-S <str> Use Host Name Indication\n");
#endif
#ifdef HAVE_MAXFRAGMENT
#ifdef HAVE_MAX_FRAGMENT
printf("-L <num> Use Maximum Fragment Length [1-5]\n");
#endif
#ifdef HAVE_TRUNCATED_HMAC
@ -178,7 +178,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int input;
int msgSz = (int)strlen(msg);
int port = yasslPort;
word16 port = yasslPort;
char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com";
@ -296,7 +296,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
break;
case 'p' :
port = atoi(myoptarg);
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
@ -495,7 +495,7 @@ SWITCH_STAT {
useClientCert = 0;
}
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

View File

@ -60,7 +60,7 @@ void echoclient_test(void* args)
int sendSz;
int argc = 0;
char** argv = 0;
int port = yasslPort;
word16 port = yasslPort;
((func_args*)args)->return_code = -1; /* error state */
@ -139,7 +139,7 @@ void echoclient_test(void* args)
#endif
}
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

View File

@ -48,7 +48,7 @@
#define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, int port)
static void SignalReady(void* args, word16 port)
{
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
/* signal ready to tcp_accept */
@ -76,7 +76,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int outCreated = 0;
int shutDown = 0;
int useAnyAddr = 0;
int port = yasslPort;
word16 port = yasslPort;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@ -125,7 +125,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

View File

@ -153,7 +153,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
int port = yasslPort;
word16 port = yasslPort;
int usePsk = 0;
int doDTLS = 0;
int useNtruKey = 0;
@ -230,7 +230,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
break;
case 'p' :
port = atoi(myoptarg);
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
@ -374,7 +374,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx);
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif

View File

@ -51,9 +51,7 @@ AC_DEFUN([AX_DEBUG],
[AS_HELP_STRING([--enable-debug],
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],
[ax_enable_debug=yes
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])
AX_ADD_AM_MACRO([--debug],[AM_YFLAGS])
AX_ADD_AM_MACRO([-D_GLIBCXX_DEBUG],[AM_CPPFLAGS])],
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])],
[ax_enable_debug=no
AC_SUBST([MCHECK])
AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])])

View File

@ -117,10 +117,11 @@
AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cflags_extra])
dnl Anything below this comment please keep sorted.
AS_IF([test "$CC" = "clang"],[],[
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra])
@ -156,6 +157,7 @@
AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-fPIE],,[$ax_append_compile_cflags_extra])
AC_LANG_POP
])
@ -185,10 +187,11 @@
])
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cxxflags_extra])
dnl Anything below this comment please keep sorted.
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra])

View File

@ -44,7 +44,23 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 10
#serial 11
# Define m4_ifblank and m4_ifnblank macros from introduced in
# autotools 2.64 m4sugar.m4 if using an earlier autotools.
ifdef([m4_ifblank], [], [
m4_define([m4_ifblank],
[m4_if(m4_translit([[$1]], [ ][ ][
]), [], [$2], [$3])])
])
ifdef([m4_ifnblank], [], [
m4_define([m4_ifnblank],
[m4_if(m4_translit([[$1]], [ ][ ][
]), [], [$3], [$2])])
])
AC_DEFUN([AX_TLS], [
AC_MSG_CHECKING(for thread local storage (TLS) class)

View File

@ -4,7 +4,15 @@ Version: @VERSION@
Release: 1
License: GPLv2
Group: System Environment/Libraries
BuildRequires: bison
BuildRequires: gcc
BuildRequires: glibc
BuildRequires: glibc-common
BuildRequires: glibc-devel
BuildRequires: glibc-headers
BuildRequires: make
BuildRequires: pkgconfig
BuildRequires: sed
BuildRequires: tar
URL: http://www.yassl.com/yaSSL/Home.html
Packager: Brian Aker <brian@tangent.org>
@ -61,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libcyassl.la
%{_libdir}/libcyassl.so
%{_libdir}/libcyassl.so.5
%{_libdir}/libcyassl.so.5.0.2
%{_libdir}/libcyassl.so.5.0.3
%files devel
%defattr(-,root,root,-)
@ -96,6 +104,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/ctaocrypt/misc.h
%{_includedir}/cyassl/ctaocrypt/mpi_class.h
%{_includedir}/cyassl/ctaocrypt/mpi_superclass.h
%{_includedir}/cyassl/ctaocrypt/pkcs7.h
%{_includedir}/cyassl/ctaocrypt/port.h
%{_includedir}/cyassl/ctaocrypt/pwdbased.h
%{_includedir}/cyassl/ctaocrypt/rabbit.h
%{_includedir}/cyassl/ctaocrypt/random.h
@ -109,7 +119,6 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/ctaocrypt/types.h
%{_includedir}/cyassl/ctaocrypt/visibility.h
%{_includedir}/cyassl/error.h
%{_includedir}/cyassl/internal.h
%{_includedir}/cyassl/ocsp.h
%{_includedir}/cyassl/openssl/asn1.h
%{_includedir}/cyassl/openssl/bio.h
@ -152,5 +161,5 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/cyassl.pc
%changelog
* Fri Oct 20 2012 Brian Aker <brian@tangent.org> - 0.1-1
* Fri Oct 20 2012 Brian Aker <brian@tangent.org>
- Initial package

View File

@ -79,8 +79,7 @@ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#ifndef NO_CYASSL_SERVER
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32,
word32);
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32);
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
#if !defined(NO_RSA) || defined(HAVE_ECC)
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
@ -232,7 +231,7 @@ static INLINE void c24to32(const word24 u24, word32* u32)
/* convert opaque to 16 bit integer */
static INLINE void ato16(const byte* c, word16* u16)
{
*u16 = (c[0] << 8) | (c[1]);
*u16 = (word16) ((c[0] << 8) | (c[1]));
}
@ -368,7 +367,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ctx->eccTempKeySz = ECDHE_SIZE;
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ctx->passwd_cb = 0;
ctx->userdata = 0;
#endif /* OPENSSL_EXTRA */
@ -2827,7 +2826,7 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
#endif
/* verify record type here as well */
switch ((enum ContentType)rh->type) {
switch (rh->type) {
case handshake:
case change_cipher_spec:
case application_data:
@ -3732,7 +3731,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
CYASSL_ENTER("DoHandShakeMsgType");
/* make sure can read the message */
if (*inOutIdx + size > totalSz)
return INCOMPLETE_DATA;
HashInput(ssl, input + *inOutIdx, size);
#ifdef CYASSL_CALLBACKS
/* add name later, add on record and handshake header part back on */
if (ssl->toInfoOn) {
@ -3829,12 +3833,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
#ifndef NO_CYASSL_SERVER
case client_hello:
CYASSL_MSG("processing client hello");
ret = DoClientHello(ssl, input, inOutIdx, totalSz, size);
ret = DoClientHello(ssl, input, inOutIdx, size);
break;
case client_key_exchange:
CYASSL_MSG("processing client key exchange");
ret = DoClientKeyExchange(ssl, input, inOutIdx, totalSz);
ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
break;
#if !defined(NO_RSA) || defined(HAVE_ECC)
@ -3849,6 +3853,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
default:
CYASSL_MSG("Unknown handshake message type");
ret = UNKNOWN_HANDSHAKE_TYPE;
break;
}
CYASSL_LEAVE("DoHandShakeMsgType()", ret);
@ -3859,18 +3864,15 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
word32 totalSz)
{
byte type;
byte type;
word32 size;
int ret = 0;
int ret = 0;
CYASSL_ENTER("DoHandShakeMsg()");
if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
return PARSE_ERROR;
if (*inOutIdx + size > totalSz)
return INCOMPLETE_DATA;
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
CYASSL_LEAVE("DoHandShakeMsg()", ret);
@ -3945,7 +3947,6 @@ static int DtlsMsgDrain(CYASSL* ssl)
{
DtlsMsg* item = ssl->dtls_msg_list;
int ret = 0;
word32 idx = 0;
/* While there is an item in the store list, and it is the expected
* message, and it is complete, and there hasn't been an error in the
@ -3954,6 +3955,7 @@ static int DtlsMsgDrain(CYASSL* ssl)
ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
item->fragSz == item->sz &&
ret == 0) {
word32 idx = 0;
ssl->keys.dtls_expected_peer_handshake_number++;
ret = DoHandShakeMsgType(ssl, item->msg,
&idx, item->type, item->sz, item->sz);
@ -4141,8 +4143,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
if (ssl->options.dtls) {
c16toa(ssl->keys.dtls_epoch, additional);
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
}
#endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
@ -4163,8 +4167,9 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
additional, AEAD_AUTH_DATA_SZ);
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break;
}
break;
#endif
#ifdef HAVE_CAMELLIA
@ -4181,7 +4186,6 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
#ifdef BUILD_RABBIT
case cyassl_rabbit:
return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
break;
#endif
#ifdef HAVE_NULL_CIPHER
@ -4278,7 +4282,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
/* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa(ssl->keys.dtls_state.curEpoch, additional);
#endif
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
@ -4318,7 +4327,6 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_RABBIT
case cyassl_rabbit:
return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
break;
#endif
#ifdef HAVE_NULL_CIPHER
@ -4711,7 +4719,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
#endif
level = input[(*inOutIdx)++];
code = (int)input[(*inOutIdx)++];
code = input[(*inOutIdx)++];
ssl->alert_history.last_rx.code = code;
ssl->alert_history.last_rx.level = level;
*type = code;
@ -4870,7 +4878,7 @@ int ProcessReply(CYASSL* ssl)
#endif
for (;;) {
switch ((processReply)ssl->options.processReply) {
switch (ssl->options.processReply) {
/* in the CYASSL_SERVER case, get the first byte for detecting
* old client hello */
@ -4912,7 +4920,7 @@ int ProcessReply(CYASSL* ssl)
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
b1 =
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
ssl->curSize = ((b0 & 0x7f) << 8) | b1;
ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
}
else {
ssl->options.processReply = getRecordLayerHeader;
@ -5193,6 +5201,7 @@ int ProcessReply(CYASSL* ssl)
ssl->options.processReply = doProcessInit;
continue;
}
default:
CYASSL_MSG("Bad process input state, programming error");
return INPUT_CASE_ERROR;
@ -6370,7 +6379,7 @@ void SetErrorString(int error, char* str)
/* be sure to add to cipher_name_idx too !!!! */
const char* const cipher_names[] =
static const char* const cipher_names[] =
{
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
"RC4-SHA",
@ -6689,7 +6698,7 @@ const char* const cipher_names[] =
/* cipher suite number that matches above name table */
int cipher_name_idx[] =
static int cipher_name_idx[] =
{
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
@ -7470,29 +7479,38 @@ static void PickHashSigAlgo(CYASSL* ssl,
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 helloSz)
{
byte b;
byte compression;
byte b;
ProtocolVersion pv;
word32 i = *inOutIdx;
word32 begin = i;
byte compression;
word32 i = *inOutIdx;
word32 begin = i;
#ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
#endif
XMEMCPY(&pv, input + i, sizeof(pv));
i += (word32)sizeof(pv);
/* protocol version, random and session id length check */
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* protocol version */
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
i += OPAQUE16_LEN;
if (pv.minor > ssl->version.minor) {
CYASSL_MSG("Server using higher version, fatal error");
return VERSION_ERROR;
}
else if (pv.minor < ssl->version.minor) {
CYASSL_MSG("server using lower version");
if (!ssl->options.downgrade) {
CYASSL_MSG(" no downgrade allowed, fatal error");
return VERSION_ERROR;
}
else if (pv.minor == SSLv3_MINOR) {
if (pv.minor == SSLv3_MINOR) {
/* turn off tls */
CYASSL_MSG(" downgrading to SSLv3");
ssl->options.tls = 0;
@ -7510,14 +7528,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->version.minor = TLSv1_1_MINOR;
}
}
/* random */
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
i += RAN_LEN;
/* session id */
b = input[i++];
if (b) {
if (b == ID_LEN) {
if ((i - begin) + ID_LEN > helloSz)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
i += b;
i += ID_LEN;
ssl->options.haveSessionId = 1;
}
else if (b) {
CYASSL_MSG("Invalid session ID size");
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
}
/* suite and compression */
if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
ssl->options.cipherSuite0 = input[i++];
ssl->options.cipherSuite = input[i++];
compression = input[i++];
@ -7528,17 +7563,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
*inOutIdx = i;
/* tls extensions */
if ( (i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS
if (IsTLS(ssl)) {
int ret = 0;
int ret = 0;
word16 totalExtSz;
Suites clSuites; /* just for compatibility right now */
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
ato16(&input[i], &totalExtSz);
i += LENGTH_SZ;
if (totalExtSz > helloSz + begin - i)
return INCOMPLETE_DATA;
i += OPAQUE16_LEN;
if ((i - begin) + totalExtSz > helloSz)
return BUFFER_ERROR;
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
totalExtSz, 0, &clSuites)))
@ -7549,7 +7590,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
else
#endif
*inOutIdx = begin + helloSz; /* skip extensions */
*inOutIdx = begin + helloSz; /* skip extensions */
}
ssl->options.serverState = SERVER_HELLO_COMPLETE;
@ -7558,7 +7599,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session.sessionID, ID_LEN) == 0) {
if (SetCipherSpecs(ssl) == 0) {
int ret = -1;
int ret = -1;
XMEMCPY(ssl->arrays->masterSecret,
ssl->session.masterSecret, SECRET_LEN);
#ifdef NO_OLD_TLS
@ -7572,6 +7614,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = DeriveKeys(ssl);
#endif
ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
return ret;
}
else {
@ -7589,6 +7632,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
DtlsPoolReset(ssl);
}
#endif
return SetCipherSpecs(ssl);
}
@ -7828,8 +7872,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* rsa */
if (sigAlgo == rsa_sa_algo)
{
int ret;
byte* out;
int ret = 0;
byte* out = NULL;
byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS
@ -7891,12 +7935,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig,
if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig,
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
return VERIFY_SIGN_ERROR;
}
else {
if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0)
if (ret != sizeof(hash) || !out || XMEMCMP(out,
hash, sizeof(hash)) != 0)
return VERIFY_SIGN_ERROR;
}
} else
@ -9774,7 +9819,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
}
#ifdef HAVE_ELLIPTIC_CURVES
#ifdef HAVE_SUPPORTED_CURVES
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
CYASSL_MSG("Don't have matching curves");
return 0;
@ -9995,32 +10040,37 @@ static void PickHashSigAlgo(CYASSL* ssl,
static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 totalSz, word32 helloSz)
word32 helloSz)
{
byte b;
byte b;
ProtocolVersion pv;
Suites clSuites;
word32 i = *inOutIdx;
word32 begin = i;
word32 i = *inOutIdx;
word32 begin = i;
#ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
#endif
/* make sure can read up to session */
if (i + sizeof(pv) + RAN_LEN + ENUM_LEN > totalSz)
return INCOMPLETE_DATA;
XMEMCPY(&pv, input + i, sizeof(pv));
/* protocol version, random and session id length check */
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* protocol version */
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */
i += (word32)sizeof(pv);
i += OPAQUE16_LEN;
if (ssl->version.minor > pv.minor) {
byte haveRSA = 0;
byte havePSK = 0;
if (!ssl->options.downgrade) {
CYASSL_MSG("Client trying to connect with lesser version");
return VERSION_ERROR;
}
if (pv.minor == SSLv3_MINOR) {
/* turn off tls */
CYASSL_MSG(" downgrading to SSLv3");
@ -10049,6 +10099,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ssl->options.side);
}
/* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
i += RAN_LEN;
@ -10062,79 +10113,105 @@ static void PickHashSigAlgo(CYASSL* ssl,
printf("\n");
}
#endif
/* session id */
b = input[i++];
if (b) {
if (i + ID_LEN > totalSz)
return INCOMPLETE_DATA;
if (b == ID_LEN) {
if ((i - begin) + ID_LEN > helloSz)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
i += b;
ssl->options.resuming= 1; /* client wants to resume */
i += ID_LEN;
ssl->options.resuming = 1; /* client wants to resume */
CYASSL_MSG("Client wants to resume session");
}
else if (b) {
CYASSL_MSG("Invalid session ID size");
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
}
#ifdef CYASSL_DTLS
/* cookie */
if (ssl->options.dtls) {
if ((i - begin) + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
b = input[i++];
if (b) {
byte cookie[MAX_COOKIE_LEN];
if (b > MAX_COOKIE_LEN)
return BUFFER_ERROR;
if (i + b > totalSz)
return INCOMPLETE_DATA;
if ((i - begin) + b > helloSz)
return BUFFER_ERROR;
if (ssl->ctx->CBIOCookie == NULL) {
CYASSL_MSG("Your Cookie callback is null, please set");
return COOKIE_ERROR;
}
if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
ssl->IOCB_CookieCtx) != COOKIE_SZ)
|| (b != COOKIE_SZ)
|| (XMEMCMP(cookie, input + i, b) != 0)) {
return COOKIE_ERROR;
}
i += b;
}
}
#endif
if (i + LENGTH_SZ > totalSz)
return INCOMPLETE_DATA;
/* suites */
ato16(&input[i], &clSuites.suiteSz);
i += 2;
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
ato16(&input[i], &clSuites.suiteSz);
i += OPAQUE16_LEN;
/* suites and compression length check */
if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* suites and comp len */
if (i + clSuites.suiteSz + ENUM_LEN > totalSz)
return INCOMPLETE_DATA;
if (clSuites.suiteSz > MAX_SUITE_SZ)
return BUFFER_ERROR;
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
i += clSuites.suiteSz;
clSuites.hashSigAlgoSz = 0;
b = input[i++]; /* comp len */
if (i + b > totalSz)
return INCOMPLETE_DATA;
/* compression length */
b = input[i++];
if ((i - begin) + b > helloSz)
return BUFFER_ERROR;
if (ssl->options.usingCompression) {
int match = 0;
while (b--) {
byte comp = input[i++];
if (comp == ZLIB_COMPRESSION)
match = 1;
}
if (!match) {
CYASSL_MSG("Not matching compression, turning off");
ssl->options.usingCompression = 0; /* turn off */
}
}
else
i += b; /* ignore, since we're not on */
i += b; /* ignore, since we're not on */
*inOutIdx = i;
if ( (i - begin) < helloSz) {
/* tls extensions */
if ((i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS
if (IsTLS(ssl)) {
int ret = 0;
@ -10144,10 +10221,14 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* Process the hello extension. Skip unsupported. */
word16 totalExtSz;
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
ato16(&input[i], &totalExtSz);
i += LENGTH_SZ;
if (totalExtSz > helloSz + begin - i)
return INCOMPLETE_DATA;
i += OPAQUE16_LEN;
if ((i - begin) + totalExtSz > helloSz)
return BUFFER_ERROR;
#ifdef HAVE_TLS_EXTENSIONS
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
@ -10158,19 +10239,24 @@ static void PickHashSigAlgo(CYASSL* ssl,
#else
while (totalExtSz) {
word16 extId, extSz;
if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
return BUFFER_ERROR;
ato16(&input[i], &extId);
i += LENGTH_SZ;
i += OPAQUE16_LEN;
ato16(&input[i], &extSz);
i += EXT_ID_SZ;
if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ)
return INCOMPLETE_DATA;
i += OPAQUE16_LEN;
if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
return BUFFER_ERROR;
if (extId == HELLO_EXT_SIG_ALGO) {
ato16(&input[i], &clSuites.hashSigAlgoSz);
i += LENGTH_SZ;
if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ)
return INCOMPLETE_DATA;
i += OPAQUE16_LEN;
if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
return BUFFER_ERROR;
XMEMCPY(clSuites.hashSigAlgo, &input[i],
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
@ -10179,27 +10265,29 @@ static void PickHashSigAlgo(CYASSL* ssl,
else
i += extSz;
totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz;
totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
}
#endif
*inOutIdx = i;
}
else
*inOutIdx = begin + helloSz; /* skip extensions */
*inOutIdx = begin + helloSz; /* skip extensions */
}
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */
if (ssl->options.resuming && (!ssl->options.dtls ||
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
int ret = -1;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) {
CYASSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0;
} else {
}
else {
if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE;
@ -10265,8 +10353,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* RSA */
#ifndef NO_RSA
if (ssl->peerRsaKeyPresent != 0) {
byte* out;
int outLen;
byte* out = NULL;
int outLen = 0;
byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS
@ -10317,12 +10405,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,
if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
ret = 0; /* verified */
}
else {
if (outLen == FINISHED_SZ && XMEMCMP(out,
if (outLen == FINISHED_SZ && out && XMEMCMP(out,
&ssl->certHashes, FINISHED_SZ) == 0)
ret = 0; /* verified */
}
@ -10476,18 +10564,19 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
#endif
static int DoClientKeyExchange(CYASSL* ssl, byte* input,
word32* inOutIdx, word32 totalSz)
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx,
word32 size)
{
int ret = 0;
word32 length = 0;
byte* out = NULL;
word32 begin = *inOutIdx;
(void)length; /* shut up compiler warnings */
(void)out;
(void)input;
(void)inOutIdx;
(void)totalSz;
(void)size;
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
CYASSL_MSG("Client sending keyexchange at wrong time");
@ -10516,15 +10605,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
{
word32 idx = 0;
RsaKey key;
byte* tmp = 0;
byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS
#ifndef NO_RSA
if (ssl->ctx->RsaDecCb)
doUserRsa = 1;
#endif /* NO_RSA */
#endif /*HAVE_PK_CALLBACKS */
if (ssl->ctx->RsaDecCb)
doUserRsa = 1;
#endif
InitRsaKey(&key, ssl->heap);
@ -10540,28 +10626,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (ssl->options.tls) {
word16 check;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
ato16(input + *inOutIdx, &check);
if ((word32)check != length) {
*inOutIdx += OPAQUE16_LEN;
if ((word32) check != length) {
CYASSL_MSG("RSA explicit size doesn't match");
FreeRsaKey(&key);
return RSA_PRIVATE_ERROR;
}
(*inOutIdx) += 2;
}
tmp = input + *inOutIdx;
*inOutIdx += length;
if (*inOutIdx > totalSz) {
if ((*inOutIdx - begin) + length > size) {
CYASSL_MSG("RSA message too big");
FreeRsaKey(&key);
return INCOMPLETE_DATA;
return BUFFER_ERROR;
}
if (doUserRsa) {
#ifdef HAVE_PK_CALLBACKS
#ifndef NO_RSA
ret = ssl->ctx->RsaDecCb(ssl,
tmp, length, &out,
input + *inOutIdx, length, &out,
ssl->buffers.key.buffer,
ssl->buffers.key.length,
ssl->RsaDecCtx);
@ -10569,9 +10658,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif /*HAVE_PK_CALLBACKS */
}
else {
ret = RsaPrivateDecryptInline(tmp, length, &out, &key);
ret = RsaPrivateDecryptInline(input + *inOutIdx, length,
&out, &key);
}
*inOutIdx += length;
if (ret == SECRET_LEN) {
XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
if (ssl->arrays->preMasterSecret[0] !=
@ -10597,36 +10689,46 @@ static void PickHashSigAlgo(CYASSL* ssl,
byte* pms = ssl->arrays->preMasterSecret;
word16 ci_sz;
ato16(&input[*inOutIdx], &ci_sz);
*inOutIdx += LENGTH_SZ;
if (ci_sz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz);
ato16(input + *inOutIdx, &ci_sz);
*inOutIdx += OPAQUE16_LEN;
if (ci_sz > MAX_PSK_ID_LEN)
return CLIENT_ID_ERROR;
if ((*inOutIdx - begin) + ci_sz > size)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
*inOutIdx += ci_sz;
if (ci_sz < MAX_PSK_ID_LEN)
ssl->arrays->client_identity[ci_sz] = 0;
else
ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0;
ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
return PSK_KEY_ERROR;
/* make psk pre master secret */
/* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += 2;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz;
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += 2;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ret = MakeMasterSecret(ssl);
/* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0;
@ -10636,26 +10738,34 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef HAVE_NTRU
case ntru_kea:
{
word32 rc;
word16 cipherLen;
word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
byte* tmp;
if (!ssl->buffers.key.buffer)
return NO_PRIVATE_KEY;
ato16(&input[*inOutIdx], &cipherLen);
*inOutIdx += LENGTH_SZ;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
ato16(input + *inOutIdx, &cipherLen);
*inOutIdx += OPAQUE16_LEN;
if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
return NTRU_KEY_ERROR;
tmp = input + *inOutIdx;
rc = crypto_ntru_decrypt((word16)ssl->buffers.key.length,
ssl->buffers.key.buffer, cipherLen, tmp, &plainLen,
ssl->arrays->preMasterSecret);
if ((*inOutIdx - begin) + cipherLen > size)
return BUFFER_ERROR;
if (rc != NTRU_OK || plainLen != SECRET_LEN)
if (NTRU_OK != crypto_ntru_decrypt(
(word16) ssl->buffers.key.length,
ssl->buffers.key.buffer, cipherLen,
input + *inOutIdx, &plainLen,
ssl->arrays->preMasterSecret))
return NTRU_DECRYPT_ERROR;
if (plainLen != SECRET_LEN)
return NTRU_DECRYPT_ERROR;
*inOutIdx += cipherLen;
ssl->arrays->preMasterSz = plainLen;
@ -10666,18 +10776,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef HAVE_ECC
case ecc_diffie_hellman_kea:
{
word32 size;
word32 bLength = input[*inOutIdx]; /* one byte length */
*inOutIdx += 1;
if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
return BUFFER_ERROR;
ret = ecc_import_x963(&input[*inOutIdx],
bLength, ssl->peerEccKey);
if (ret != 0)
length = input[*inOutIdx];
*inOutIdx += OPAQUE8_LEN;
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey))
return ECC_PEERKEY_ERROR;
*inOutIdx += bLength;
*inOutIdx += length;
ssl->peerEccKeyPresent = 1;
size = sizeof(ssl->arrays->preMasterSecret);
length = sizeof(ssl->arrays->preMasterSecret);
if (ssl->specs.static_ecdh) {
ecc_key staticKey;
word32 i = 0;
@ -10685,17 +10800,21 @@ static void PickHashSigAlgo(CYASSL* ssl,
ecc_init(&staticKey);
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
&staticKey, ssl->buffers.key.length);
if (ret == 0)
ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
ssl->arrays->preMasterSecret, &size);
ssl->arrays->preMasterSecret, &length);
ecc_free(&staticKey);
}
else
else
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
ssl->arrays->preMasterSecret, &size);
ssl->arrays->preMasterSecret, &length);
if (ret != 0)
return ECC_SHARED_ERROR;
ssl->arrays->preMasterSz = size;
ssl->arrays->preMasterSz = length;
ret = MakeMasterSecret(ssl);
}
break;
@ -10703,15 +10822,17 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef OPENSSL_EXTRA
case diffie_hellman_kea:
{
byte* clientPub;
word16 clientPubSz;
DhKey dhKey;
ato16(&input[*inOutIdx], &clientPubSz);
*inOutIdx += LENGTH_SZ;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
clientPub = &input[*inOutIdx];
*inOutIdx += clientPubSz;
ato16(input + *inOutIdx, &clientPubSz);
*inOutIdx += OPAQUE16_LEN;
if ((*inOutIdx - begin) + clientPubSz > size)
return BUFFER_ERROR;
InitDhKey(&dhKey);
ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
@ -10723,8 +10844,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
&ssl->arrays->preMasterSz,
ssl->buffers.serverDH_Priv.buffer,
ssl->buffers.serverDH_Priv.length,
clientPub, clientPubSz);
input + *inOutIdx, clientPubSz);
FreeDhKey(&dhKey);
*inOutIdx += clientPubSz;
if (ret == 0)
ret = MakeMasterSecret(ssl);
}
@ -10737,6 +10861,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
break;
}
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
@ -10753,5 +10878,3 @@ static void PickHashSigAlgo(CYASSL* ssl,
}
#endif /* NO_CYASSL_SERVER */

View File

@ -37,6 +37,8 @@ int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
CYASSL_ENTER("InitOCSP");
XMEMSET(ocsp, 0, sizeof(*ocsp));
ocsp->cm = cm;
if (InitMutex(&ocsp->ocspLock) != 0)
return BAD_MUTEX_E;
return 0;
}
@ -46,11 +48,9 @@ static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
{
CYASSL_ENTER("InitOCSP_Entry");
ocspe->next = NULL;
XMEMSET(ocspe, 0, sizeof(*ocspe));
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
ocspe->status = NULL;
ocspe->totalStatus = 0;
return 0;
}
@ -83,96 +83,21 @@ void FreeOCSP(CYASSL_OCSP* ocsp, int dynamic)
tmp = next;
}
FreeMutex(&ocsp->ocspLock);
if (dynamic)
XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
}
static OCSP_Entry* find_ocsp_entry(CYASSL_OCSP* ocsp, DecodedCert* cert)
{
OCSP_Entry* entry = ocsp->ocspList;
while (entry)
{
if (XMEMCMP(entry->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(entry->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
{
CYASSL_MSG("Found OCSP responder");
break;
}
else
{
entry = entry->next;
}
}
if (entry == NULL)
{
CYASSL_MSG("Add a new OCSP entry");
entry = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (entry != NULL)
{
InitOCSP_Entry(entry, cert);
entry->next = ocsp->ocspList;
ocsp->ocspList = entry;
}
}
return entry;
}
static CertStatus* find_cert_status(OCSP_Entry* ocspe, DecodedCert* cert)
{
CertStatus* stat = ocspe->status;
while (stat)
{
if(stat->serialSz == cert->serialSz &&
(XMEMCMP(stat->serial, cert->serial, cert->serialSz) == 0))
{
break;
}
else
{
stat = stat->next;
}
}
if (stat == NULL)
{
stat = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (stat != NULL)
{
XMEMCPY(stat->serial, cert->serial, cert->serialSz);
stat->serialSz = cert->serialSz;
stat->status = -1;
stat->nextDate[0] = 0;
ocspe->totalStatus++;
stat->next = ocspe->status;
ocspe->status = stat;
}
}
return stat;
}
static int xstat2err(int stat)
{
switch (stat) {
case CERT_GOOD:
return 0;
break;
case CERT_REVOKED:
return OCSP_CERT_REVOKED;
break;
default:
return OCSP_CERT_UNKNOWN;
break;
}
}
@ -184,46 +109,73 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
byte* ocspRespBuf = NULL;
OcspRequest ocspRequest;
OcspResponse ocspResponse;
int result = 0;
int result = -1;
OCSP_Entry* ocspe;
CertStatus* certStatus;
CertStatus* certStatus = NULL;
CertStatus newStatus;
const char *url;
int urlSz;
CYASSL_ENTER("CheckCertOCSP");
ocspe = find_ocsp_entry(ocsp, cert);
if (LockMutex(&ocsp->ocspLock) != 0) {
CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
ocspe = ocsp->ocspList;
while (ocspe) {
if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
break;
else
ocspe = ocspe->next;
}
if (ocspe == NULL) {
CYASSL_MSG("alloc OCSP entry failed");
return MEMORY_ERROR;
ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (ocspe != NULL) {
InitOCSP_Entry(ocspe, cert);
ocspe->next = ocsp->ocspList;
ocsp->ocspList = ocspe;
}
else {
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
}
else {
certStatus = ocspe->status;
while (certStatus) {
if (certStatus->serialSz == cert->serialSz &&
XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0)
break;
else
certStatus = certStatus->next;
}
}
certStatus = find_cert_status(ocspe, cert);
if (certStatus == NULL)
{
CYASSL_MSG("alloc OCSP cert status failed");
return MEMORY_ERROR;
}
if (certStatus->status != -1)
{
if (certStatus != NULL) {
if (!ValidateDate(certStatus->thisDate,
certStatus->thisDateFormat, BEFORE) ||
(certStatus->nextDate[0] == 0) ||
!ValidateDate(certStatus->nextDate,
certStatus->nextDateFormat, AFTER))
{
certStatus->nextDateFormat, AFTER)) {
CYASSL_MSG("\tinvalid status date, looking up cert");
certStatus->status = -1;
}
else
{
CYASSL_MSG("\tusing cached status");
else {
result = xstat2err(certStatus->status);
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", result);
return result;
}
}
UnLockMutex(&ocsp->ocspLock);
if (ocsp->cm->ocspUseOverrideURL) {
url = ocsp->cm->ocspOverrideURL;
if (url != NULL && url[0] != '\0')
@ -236,57 +188,82 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
urlSz = cert->extAuthInfoSz;
}
else {
CYASSL_MSG("\tcert doesn't have extAuthInfo, assuming CERT_GOOD");
/* cert doesn't have extAuthInfo, assuming CERT_GOOD */
return 0;
}
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
if (ocspReqBuf == NULL) {
CYASSL_MSG("\talloc OCSP request buffer failed");
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
ocspReqBuf, ocspReqSz);
ocspReqSz = EncodeOcspRequest(&ocspRequest);
if (ocsp->cm->ocspIOCb) {
if (ocsp->cm->ocspIOCb)
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
ocspReqBuf, ocspReqSz, &ocspRespBuf);
}
ocspReqBuf, ocspReqSz, &ocspRespBuf);
if (result >= 0 && ocspRespBuf) {
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result);
XMEMSET(&newStatus, 0, sizeof(CertStatus));
InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result);
OcspResponseDecode(&ocspResponse);
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) {
CYASSL_MSG("OCSP Responder failure");
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL)
result = OCSP_LOOKUP_FAIL;
} else {
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0)
{
else {
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) {
result = xstat2err(ocspResponse.status->status);
if (LockMutex(&ocsp->ocspLock) != 0)
result = BAD_MUTEX_E;
else {
if (certStatus != NULL)
/* Replace existing certificate entry with updated */
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
else {
/* Save new certificate entry */
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (certStatus != NULL) {
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
certStatus->next = ocspe->status;
ocspe->status = certStatus;
ocspe->totalStatus++;
}
}
UnLockMutex(&ocsp->ocspLock);
}
}
else
{
CYASSL_MSG("OCSP Response incorrect for Request");
result = OCSP_LOOKUP_FAIL;
}
}
}
else {
else
result = OCSP_LOOKUP_FAIL;
}
if (ocspReqBuf != NULL) {
if (ocspReqBuf != NULL)
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
}
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb) {
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
}
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
CYASSL_LEAVE("CheckCertOCSP", result);
return result;
}
#else /* HAVE_OCSP */
#ifdef _MSC_VER
/* 4206 warning for blank file */
#pragma warning(disable: 4206)
#endif
#endif /* HAVE_OCSP */

View File

@ -962,12 +962,13 @@ int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
/* Check IP Header for IPV4, TCP, and a registered server address */
/* returns 0 on success, -1 on error */
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
{
int version = IP_V(iphdr);
TraceIP(iphdr);
Trace(IP_CHECK_STR);
if (version != IPV4) {
SetError(BAD_IPVER_STR, error, NULL, 0);
return -1;
@ -988,6 +989,9 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
info->src = iphdr->src;
info->dst = iphdr->dst;
if (info->total == 0)
info->total = length; /* reassembled may be off */
return 0;
}
@ -1138,7 +1142,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
input += TICKET_HINT_LEN; /* skip over hint */
*sslBytes -= TICKET_HINT_LEN;
len = (input[0] << 8) | input[1];
len = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
@ -1232,8 +1236,10 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
doResume = 1;
if (session->ticketID && doResume) {
/* use ticketID to retrieve from session */
/* use ticketID to retrieve from session, prefer over sessionID */
XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
session->sslServer->options.haveSessionId = 1; /* may not have
actual sessionID */
}
if (doResume ) {
@ -1345,7 +1351,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (input[0] << 8) | input[1];
len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read suites + comp len */
@ -1378,7 +1384,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
len = (input[0] << 8) | input[1];
len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN;
*sslBytes -= SUITE_LEN;
/* make sure can read through all extensions */
@ -1396,7 +1402,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
input += EXT_TYPE_SZ;
*sslBytes -= EXT_TYPE_SZ;
extLen = (input[0] << 8) | input[1];
extLen = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ;
@ -1696,8 +1702,8 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
InitSession(session);
session->server = ipInfo->dst;
session->client = ipInfo->src;
session->srvPort = tcpInfo->dstPort;
session->cliPort = tcpInfo->srcPort;
session->srvPort = (word16)tcpInfo->dstPort;
session->cliPort = (word16)tcpInfo->srcPort;
session->cliSeqStart = tcpInfo->sequence;
session->cliExpected = 1; /* relative */
session->lastUsed= time(NULL);
@ -1777,8 +1783,8 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
}
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
*rhSize);
if (ret < 0) {
(word16)*rhSize);
if (ret < 0 && ret != MATCH_SUITE_ERROR) {
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
@ -1856,20 +1862,24 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
{
TraceHeader();
TracePacket();
/* ip header */
if (length < IP_HDR_SZ) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1;
}
if (CheckIpHdr((IpHdr*)packet, ipInfo, error) != 0)
if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1;
/* tcp header */
if (length < (ipInfo->length + TCP_HDR_SZ)) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1;
}
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
return -1;
/* setup */
*sslFrame = packet + ipInfo->length + tcpInfo->length;
if (*sslFrame > packet + length) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
@ -2314,6 +2324,10 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
session->sslServer : session->sslClient;
doMessage:
notEnough = 0;
if (sslBytes < 0) {
SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
if (sslBytes >= RECORD_HEADER_SZ) {
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);

128
src/ssl.c
View File

@ -623,27 +623,53 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
#endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES
#ifdef HAVE_SUPPORTED_CURVES
#ifndef NO_CYASSL_CLIENT
int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name)
int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ssl->extensions, name);
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ssl->extensions, name);
}
int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name)
int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ctx->extensions, name);
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ctx->extensions, name);
}
#endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_SUPPORTED_CURVES */
#ifndef CYASSL_LEANPSK
@ -1167,7 +1193,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
info.consumed = 0;
der.buffer = NULL;
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
if (pass) {
info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
if (info.ctx == NULL)
@ -1205,7 +1231,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
{
@ -1589,13 +1615,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
/* uses session mutex */
#endif /* NO_CLIENT_CACHE */
/* for persistance, if changes to layout need to increment and modify
save_session_cache() and restore_session_cache and memory versions too */
#define CYASSL_CACHE_VERSION 2
#endif /* NO_SESSION_CACHE */
@ -1808,7 +1829,7 @@ int CyaSSL_Init(void)
}
}
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
if (pkcs8Enc) {
int passwordSz;
char password[80];
@ -2231,71 +2252,6 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
/* process a file with name fname into ctx of format and type
userChain specifies a user certificate chain to pass during handshake */
@ -3494,6 +3450,10 @@ int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
#if defined(PERSIST_SESSION_CACHE)
/* for persistance, if changes to layout need to increment and modify
save_session_cache() and restore_session_cache and memory versions too */
#define CYASSL_CACHE_VERSION 2
/* Session Cache Header information */
typedef struct {
int version; /* cache layout version id */
@ -7916,6 +7876,8 @@ CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
#ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
{
CYASSL_X509* newX509 = NULL;
@ -7945,6 +7907,8 @@ CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
return newX509;
}
#endif /* NO_STDIO_FILESYSTEM */
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
{
byte staticBuffer[FILE_BUFFER_SIZE];
@ -11377,3 +11341,9 @@ void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
void CyaSSL_wolfSCEP(void) {}
#endif
#ifdef CYASSL_HAVE_CERT_SERVICE
/* Used by autoconf to see if cert service is available */
void CyaSSL_cert_service(void) {}
#endif

View File

@ -608,7 +608,6 @@ static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
default: /* invalid type */
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
return BAD_FUNC_ARG;
break;
}
sni->type = type;
@ -721,46 +720,38 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
if (!extension)
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
if (!extension || !extension->data) {
if (!isRequest) {
CYASSL_MSG("Unexpected SNI response from server");
}
if (!extension || !extension->data)
return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
SNI response from server. */
return 0; /* not using SNI */
}
if (!isRequest) {
if (length) {
CYASSL_MSG("SNI response should be empty!");
}
return 0; /* nothing to do */
}
if (!isRequest)
return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
Nothing else to do. */
#ifndef NO_CYASSL_SERVER
if (OPAQUE16_LEN > length)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
ato16(input, &size);
offset += OPAQUE16_LEN;
/* validating sni list length */
if (length != OPAQUE16_LEN + size)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
for (size = 0; offset < length; offset += size) {
SNI *sni;
byte type = input[offset++];
if (offset + OPAQUE16_LEN > length)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
ato16(input + offset, &size);
offset += OPAQUE16_LEN;
if (offset + size > length)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
continue; /* not using this SNI type */
@ -905,34 +896,34 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += HANDSHAKE_HEADER_SZ;
if (offset + len32 > helloSz)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
/* client hello */
offset += VERSION_SZ + RAN_LEN; /* version, random */
if (helloSz < offset + clientHello[offset])
return INCOMPLETE_DATA;
return BUFFER_ERROR;
offset += ENUM_LEN + clientHello[offset]; /* skip session id */
/* cypher suites */
if (helloSz < offset + OPAQUE16_LEN)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
ato16(clientHello + offset, &len16);
offset += OPAQUE16_LEN;
if (helloSz < offset + len16)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
offset += len16; /* skip cypher suites */
/* compression methods */
if (helloSz < offset + 1)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
if (helloSz < offset + clientHello[offset])
return INCOMPLETE_DATA;
return BUFFER_ERROR;
offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
@ -944,7 +935,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN;
if (helloSz < offset + len16)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
word16 extType;
@ -957,7 +948,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN;
if (helloSz < offset + extLen)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
if (extType != SERVER_NAME_INDICATION) {
offset += extLen; /* skip extension */
@ -968,7 +959,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN;
if (helloSz < offset + listLen)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
while (listLen > ENUM_LEN + OPAQUE16_LEN) {
byte sniType = clientHello[offset++];
@ -978,7 +969,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN;
if (helloSz < offset + sniLen)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
if (sniType != type) {
offset += sniLen;
@ -1028,7 +1019,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest)
{
if (length != ENUM_LEN)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
switch (*input) {
case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
@ -1135,7 +1126,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest)
{
if (length != 0 || input == NULL)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
#ifndef NO_CYASSL_SERVER
if (isRequest) {
@ -1160,7 +1151,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
#ifdef HAVE_SUPPORTED_CURVES
#ifndef HAVE_ECC
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
@ -1258,21 +1249,21 @@ static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
(void) isRequest; /* shut up compiler! */
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
ato16(input, &offset);
/* validating curve list length */
if (length != OPAQUE16_LEN + offset)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
while (offset) {
ato16(input + offset, &name);
offset -= OPAQUE16_LEN;
r = TLSX_UseEllipticCurve(&ssl->extensions, name);
r = TLSX_UseSupportedCurve(&ssl->extensions, name);
if (r) return r; /* throw error */
if (r != SSL_SUCCESS) return r; /* throw error */
}
return 0;
@ -1300,6 +1291,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
default: continue; /* unsupported curve */
}
switch (second) {
@ -1371,7 +1363,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
#endif /* NO_CYASSL_SERVER */
int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
{
TLSX* extension = NULL;
EllipticCurve* curve = NULL;
@ -1380,19 +1372,6 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
if (extensions == NULL)
return BAD_FUNC_ARG;
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
return ret;
@ -1456,7 +1435,7 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
#define EC_PARSE(a, b, c, d) 0
#define EC_VALIDATE_REQUEST(a, b)
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_SUPPORTED_CURVES */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
{
@ -1717,7 +1696,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
word16 size;
if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
ato16(input + offset, &type);
offset += HELLO_EXT_TYPE_SZ;
@ -1726,7 +1705,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
offset += OPAQUE16_LEN;
if (offset + size > length)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
switch (type) {
case SERVER_NAME_INDICATION:
@ -1760,7 +1739,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
ato16(input + offset, &suites->hashSigAlgoSz);
if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
return INCOMPLETE_DATA;
return BUFFER_ERROR;
XMEMCPY(suites->hashSigAlgo,
input + offset + OPAQUE16_LEN,
@ -1788,7 +1767,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_ELLIPTIC_CURVES)
|| defined(HAVE_SUPPORTED_CURVES)
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."

View File

@ -44,7 +44,9 @@ static int test_CyaSSL_CTX_load_verify_locations(void);
#ifndef NO_RSA
static int test_server_CyaSSL_new(void);
static int test_client_CyaSSL_new(void);
#ifndef SINGLE_THREADED
static int test_CyaSSL_read_write(void);
#endif /* SINGLE_THREADED */
#endif /* NO_RSA */
#endif /* NO_FILESYSTEM */
#ifdef HAVE_SNI
@ -56,9 +58,9 @@ static void test_CyaSSL_UseMaxFragment(void);
#ifdef HAVE_TRUNCATED_HMAC
static void test_CyaSSL_UseTruncatedHMAC(void);
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
static void test_CyaSSL_UseEllipticCurve(void);
#endif /* HAVE_ELLIPTIC_CURVES */
#ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseSupportedCurve(void);
#endif /* HAVE_SUPPORTED_CURVES */
/* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name);
@ -107,7 +109,9 @@ int ApiTest(void)
#ifndef NO_RSA
test_server_CyaSSL_new();
test_client_CyaSSL_new();
#ifndef SINGLE_THREADED
test_CyaSSL_read_write();
#endif /* SINGLE_THREADED */
#endif /* NO_RSA */
#endif /* NO_FILESYSTEM */
#ifdef HAVE_SNI
@ -119,9 +123,9 @@ int ApiTest(void)
#ifdef HAVE_TRUNCATED_HMAC
test_CyaSSL_UseTruncatedHMAC();
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
test_CyaSSL_UseEllipticCurve();
#endif /* HAVE_ELLIPTIC_CURVES */
#ifdef HAVE_SUPPORTED_CURVES
test_CyaSSL_UseSupportedCurve();
#endif /* HAVE_SUPPORTED_CURVES */
test_CyaSSL_Cleanup();
printf(" End API Tests\n");
@ -542,8 +546,8 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
}
#endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES
static void test_CyaSSL_UseEllipticCurve(void)
#ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseSupportedCurve(void)
{
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx);
@ -553,21 +557,21 @@ static void test_CyaSSL_UseEllipticCurve(void)
#ifndef NO_CYASSL_CLIENT
/* error cases */
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(ctx, 0));
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(1, CyaSSL_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseEllipticCurve(ssl, 0));
AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(1, CyaSSL_CTX_UseEllipticCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseEllipticCurve(ssl, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
#endif
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
}
#endif /* HAVE_ELLIPTIC_CURVES */
#endif /* HAVE_SUPPORTED_CURVES */
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
@ -892,6 +896,8 @@ int test_client_CyaSSL_new(void)
}
#ifndef SINGLE_THREADED
static int test_CyaSSL_read_write(void)
{
/* The unit testing for read and write shall happen simutaneously, since
@ -923,6 +929,7 @@ static int test_CyaSSL_read_write(void)
InitTcpReady(&ready);
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args);
@ -942,7 +949,7 @@ static int test_CyaSSL_read_write(void)
FreeTcpReady(&ready);
return test_result;
};
}
#endif
@ -950,6 +957,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port = yasslPort;
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
@ -963,6 +971,11 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
method = CyaSSLv23_server_method();
ctx = CyaSSL_CTX_new(method);
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
@ -990,7 +1003,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
goto done;
}
ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0);
CloseSocket(sockfd);
CyaSSL_set_fd(ssl, clientfd);
@ -1074,7 +1087,7 @@ void test_client_nofail(void* args)
goto done2;
}
tcp_connect(&sockfd, yasslIP, yasslPort, 0);
tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
@ -1139,7 +1152,7 @@ void run_cyassl_client(void* args)
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
tcp_connect(&sfd, yasslIP, yasslPort, 0);
tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sfd);
@ -1178,6 +1191,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
CYASSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port = yasslPort;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
@ -1186,6 +1200,11 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
((func_args*)args)->return_code = TEST_FAIL;
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
@ -1207,7 +1226,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
ssl = CyaSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, yasslPort, 0, 0);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0);
CloseSocket(sfd);
CyaSSL_set_fd(ssl, cfd);
@ -1268,6 +1287,7 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
/* RUN Server side */
InitTcpReady(&ready);
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_cyassl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
@ -1278,4 +1298,6 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
FreeTcpReady(&ready);
}
#endif /* SINGLE_THREADED*/
#endif /* NO_FILESYSTEM */

View File

@ -4,20 +4,20 @@
if BUILD_EXAMPLES
check_PROGRAMS += tests/unit
noinst_PROGRAMS += tests/unit
tests_unit_SOURCES = \
check_PROGRAMS += tests/unit.test
noinst_PROGRAMS += tests/unit.test
tests_unit_test_SOURCES = \
tests/unit.c \
tests/api.c \
tests/suites.c \
tests/hash.c \
examples/client/client.c \
examples/server/server.c
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
tests_unit_LDADD = src/libcyassl.la
tests_unit_DEPENDENCIES = src/libcyassl.la
tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
tests_unit_test_LDADD = src/libcyassl.la
tests_unit_test_DEPENDENCIES = src/libcyassl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-dtls.conf
DISTCLEANFILES+= tests/.libs/unit
DISTCLEANFILES+= tests/.libs/unit.test

View File

@ -36,18 +36,20 @@
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#define VERSION_TOO_OLD -124
#ifdef NO_OLD_TLS
#define VERSION_TOO_OLD -124
#endif
#include "examples/client/client.h"
#include "examples/server/server.h"
CYASSL_CTX* cipherSuiteCtx = NULL;
char nonblockFlag[] = "-N";
char noVerifyFlag[] = "-d";
char portFlag[] = "-p";
char flagSep[] = " ";
char svrPort[] = "0";
static CYASSL_CTX* cipherSuiteCtx = NULL;
static char nonblockFlag[] = "-N";
static char noVerifyFlag[] = "-d";
static char portFlag[] = "-p";
static char flagSep[] = " ";
static char svrPort[] = "0";
#ifdef NO_OLD_TLS
@ -80,8 +82,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
int valid = 0;
const char* find = "-l ";
char* begin = strstr(line, find);
char* end;
const char* begin = strstr(line, find);
const char* end;
suite[0] = '\0';

View File

@ -42,10 +42,12 @@ int main(int argc, char** argv)
return ret;
}
#ifndef SINGLE_THREADED
if ( (ret = SuiteTest()) != 0){
printf("suite test failed with %d\n", ret);
return ret;
}
#endif
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
@ -55,9 +57,12 @@ int main(int argc, char** argv)
}
void wait_tcp_ready(func_args* args)
{
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
#ifdef SINGLE_THREADED
(void)args;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_lock(&args->signal->mutex);
if (!args->signal->ready)
@ -73,7 +78,11 @@ void wait_tcp_ready(func_args* args)
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
{
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
#ifdef SINGLE_THREADED
(void)fun;
(void)args;
(void)thread;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_create(thread, 0, fun, args);
return;
#else
@ -84,7 +93,9 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
void join_thread(THREAD_TYPE thread)
{
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
#ifdef SINGLE_THREADED
(void)thread;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_join(thread, 0);
#else
int res = WaitForSingleObject((HANDLE)thread, INFINITE);
@ -99,7 +110,8 @@ void InitTcpReady(tcp_ready* ready)
{
ready->ready = 0;
ready->port = 0;
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
#ifdef SINGLE_THREADED
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#endif
@ -108,10 +120,13 @@ void InitTcpReady(tcp_ready* ready)
void FreeTcpReady(tcp_ready* ready)
{
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
#ifdef SINGLE_THREADED
(void)ready;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_destroy(&ready->mutex);
pthread_cond_destroy(&ready->cond);
#else
(void)ready;
#endif
}

View File

@ -4,22 +4,22 @@
if BUILD_EXAMPLES
check_PROGRAMS += testsuite/testsuite
noinst_PROGRAMS += testsuite/testsuite
testsuite_testsuite_SOURCES = \
check_PROGRAMS += testsuite/testsuite.test
noinst_PROGRAMS += testsuite/testsuite.test
testsuite_testsuite_test_SOURCES = \
ctaocrypt/test/test.c \
examples/client/client.c \
examples/echoclient/echoclient.c \
examples/echoserver/echoserver.c \
examples/server/server.c \
testsuite/testsuite.c
testsuite_testsuite_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
testsuite_testsuite_LDADD = src/libcyassl.la
testsuite_testsuite_DEPENDENCIES = src/libcyassl.la
testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
testsuite_testsuite_test_LDADD = src/libcyassl.la
testsuite_testsuite_test_DEPENDENCIES = src/libcyassl.la
endif
EXTRA_DIST += testsuite/testsuite.sln
EXTRA_DIST += testsuite/testsuite-ntru.vcproj
EXTRA_DIST += testsuite/testsuite.vcproj
EXTRA_DIST += input
EXTRA_DIST += quit
DISTCLEANFILES+= testsuite/.libs/testsuite
DISTCLEANFILES+= testsuite/.libs/testsuite.test

View File

@ -25,22 +25,18 @@
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h>
#include <cyassl/ctaocrypt/sha256.h>
#include "ctaocrypt/test/test.h"
#ifdef SINGLE_THREADED
#error testsuite needs threads to run, please run ctaocrypt/test, \
and the examples/ individually
#endif
#ifndef SINGLE_THREADED
#include <cyassl/openssl/ssl.h>
#include <cyassl/ctaocrypt/sha256.h>
#include "examples/echoclient/echoclient.h"
#include "examples/echoserver/echoserver.h"
#include "examples/server/server.h"
#include "examples/client/client.h"
#include "ctaocrypt/test/test.h"
void file_test(const char* file, byte* hash);
@ -52,9 +48,9 @@ enum {
};
#ifndef USE_WINDOWS_API
const char outputName[] = "/tmp/output";
static const char outputName[] = "/tmp/output";
#else
const char outputName[] = "output";
static const char outputName[] = "output";
#endif
@ -117,7 +113,7 @@ int main(int argc, char** argv)
myArgv[1] = argc1;
myArgv[2] = argc2;
echo_args.argc = NUMARGS;
echo_args.argc = 3;
echo_args.argv = myArgv;
strcpy(echo_args.argv[0], "echoclient");
@ -171,10 +167,16 @@ void simple_test(func_args* args)
THREAD_TYPE serverThread;
func_args svrArgs;
char *svrArgv[NUMARGS];
char *svrArgv[9];
char argc0s[32];
char argc1s[32];
char argc2s[32];
char argc3s[32];
char argc4s[32];
char argc5s[32];
char argc6s[32];
char argc7s[32];
char argc8s[32];
func_args cliArgs;
char *cliArgv[NUMARGS];
@ -185,6 +187,12 @@ void simple_test(func_args* args)
svrArgv[0] = argc0s;
svrArgv[1] = argc1s;
svrArgv[2] = argc2s;
svrArgv[3] = argc3s;
svrArgv[4] = argc4s;
svrArgv[5] = argc5s;
svrArgv[6] = argc6s;
svrArgv[7] = argc7s;
svrArgv[8] = argc8s;
cliArgv[0] = argc0c;
cliArgv[1] = argc1c;
cliArgv[2] = argc2c;
@ -198,9 +206,16 @@ void simple_test(func_args* args)
strcpy(svrArgs.argv[0], "SimpleServer");
#if !defined(USE_WINDOWS_API) && !defined(CYASSL_SNIFFER)
svrArgs.argc = NUMARGS;
strcpy(svrArgs.argv[1], "-p");
strcpy(svrArgs.argv[2], "0");
strcpy(svrArgs.argv[svrArgs.argc++], "-p");
strcpy(svrArgs.argv[svrArgs.argc++], "0");
#endif
#ifdef HAVE_NTRU
strcpy(svrArgs.argv[svrArgs.argc++], "-d");
strcpy(svrArgs.argv[svrArgs.argc++], "-n");
strcpy(svrArgs.argv[svrArgs.argc++], "-c");
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-cert.pem");
strcpy(svrArgs.argv[svrArgs.argc++], "-k");
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-key.raw");
#endif
/* Set the last arg later, when it is known. */
@ -317,3 +332,35 @@ void file_test(const char* file, byte* check)
}
#else /* SINGLE_THREADED */
int myoptind = 0;
char* myoptarg = NULL;
int main(int argc, char** argv)
{
func_args server_args;
server_args.argc = argc;
server_args.argv = argv;
if (CurrentDir("testsuite") || CurrentDir("_build"))
ChangeDirBack(1);
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3); /* Xcode->Preferences->Locations->Locations*/
/* Derived Data Advanced -> Custom */
/* Relative to Workspace, Build/Products */
/* Debug or Release */
ctaocrypt_test(&server_args);
if (server_args.return_code != 0) return server_args.return_code;
printf("\nAll tests passed!\n");
return EXIT_SUCCESS;
}
#endif /* SINGLE_THREADED */