This commit is contained in:
commit
8ea2eec773
2
.gitignore
vendored
2
.gitignore
vendored
@ -41,6 +41,8 @@ output
|
|||||||
mcapi/test
|
mcapi/test
|
||||||
testsuite/testsuite
|
testsuite/testsuite
|
||||||
tests/unit
|
tests/unit
|
||||||
|
testsuite/testsuite.test
|
||||||
|
tests/unit.test
|
||||||
testsuite/*.der
|
testsuite/*.der
|
||||||
testsuite/*.pem
|
testsuite/*.pem
|
||||||
testsuite/*.raw
|
testsuite/*.raw
|
||||||
|
@ -76,8 +76,10 @@ if USE_VALGRIND
|
|||||||
TESTS_ENVIRONMENT=./valgrind-error.sh
|
TESTS_ENVIRONMENT=./valgrind-error.sh
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
TEST_EXTENSIONS=.test
|
||||||
TESTS += $(check_PROGRAMS)
|
TESTS += $(check_PROGRAMS)
|
||||||
test: check
|
test: check
|
||||||
|
tests/unit.log: testsuite/testsuite.log
|
||||||
|
|
||||||
DISTCLEANFILES+= cyassl-config
|
DISTCLEANFILES+= cyassl-config
|
||||||
|
|
||||||
|
24
README
24
README
@ -35,11 +35,33 @@ before calling SSL_new(); Though it's not recommended.
|
|||||||
*** end Notes ***
|
*** end Notes ***
|
||||||
|
|
||||||
|
|
||||||
CyaSSL Release 2.9.0 (X/XX/XXXX)
|
CyaSSL Release 2.9.0 (02/07/2014)
|
||||||
|
|
||||||
Release 2.9.0 CyaSSL has bug fixes and new features including:
|
Release 2.9.0 CyaSSL has bug fixes and new features including:
|
||||||
- Freescale Kinetis RNGB support
|
- Freescale Kinetis RNGB support
|
||||||
- Freescale Kinetis mmCAU support
|
- Freescale Kinetis mmCAU support
|
||||||
|
- TLS Hello extensions
|
||||||
|
- ECC
|
||||||
|
- Secure Renegotiation (null)
|
||||||
|
- Truncated HMAC
|
||||||
|
- SCEP support
|
||||||
|
- PKCS #7 Enveloped data and signed data
|
||||||
|
- PKCS #10 Certificate Signing Request generation
|
||||||
|
- DTLS sliding window
|
||||||
|
- OCSP Improvements
|
||||||
|
- API change to integrate into Certificate Manager
|
||||||
|
- IPv4/IPv6 agnostic
|
||||||
|
- example client/server support for OCSP
|
||||||
|
- OCSP nonces are optional
|
||||||
|
- GMAC hashing
|
||||||
|
- Windows build additions
|
||||||
|
- Windows CYGWIN build fixes
|
||||||
|
- Updated test certificates
|
||||||
|
- Microchip MPLAB Harmony support
|
||||||
|
- Update autoconf scripts
|
||||||
|
- Additional X.509 inspection functions
|
||||||
|
- ECC encrypt/decrypt primitives
|
||||||
|
- ECC Certificate generation
|
||||||
|
|
||||||
The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
|
The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
|
||||||
K53 Sub-Family Reference Manual:
|
K53 Sub-Family Reference Manual:
|
||||||
|
@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
|
|||||||
Version 2 (0x1)
|
Version 2 (0x1)
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
|
Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
Last Update: Jun 17 21:32:30 2013 GMT
|
Last Update: Feb 7 20:14:06 2014 GMT
|
||||||
Next Update: Dec 14 21:32:30 2013 GMT
|
Next Update: Feb 7 20:14:06 2015 GMT
|
||||||
CRL extensions:
|
CRL extensions:
|
||||||
X509v3 CRL Number:
|
X509v3 CRL Number:
|
||||||
87
|
3
|
||||||
No Revoked Certificates.
|
Revoked Certificates:
|
||||||
|
Serial Number: 02
|
||||||
|
Revocation Date: Feb 7 20:14:06 2014 GMT
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
0f:16:d2:d6:62:f8:c0:db:b2:2c:de:9d:0a:10:72:0e:85:6e:
|
36:33:8d:75:7a:2c:40:dc:e2:64:71:de:1d:06:b4:0e:d3:98:
|
||||||
25:1d:38:20:1b:d5:66:d9:d3:9e:0e:a6:9e:e8:60:20:1c:b5:
|
63:05:79:84:53:76:9b:aa:51:70:a1:3a:ab:12:f7:da:69:70:
|
||||||
c9:ab:09:c3:a5:d5:c3:91:a3:9a:ff:44:40:68:da:7b:da:4a:
|
34:5b:4d:08:01:a6:3b:16:25:ac:3d:11:0c:80:94:bc:dc:b5:
|
||||||
3c:15:17:89:0a:49:b9:af:b2:ac:f0:e2:b5:0e:4d:c0:22:d7:
|
51:7c:84:11:65:d7:d2:24:16:f5:ac:11:0b:ea:72:62:4a:cb:
|
||||||
5e:c1:02:9e:f3:95:20:62:7c:88:d9:32:97:12:04:1a:6f:8c:
|
83:c1:6c:96:ec:6b:ce:1f:26:88:89:8a:74:90:fb:d3:67:91:
|
||||||
d8:7b:9f:0c:1e:91:fe:98:52:17:de:f2:ee:7c:66:e7:db:91:
|
8c:f7:ef:0e:ca:81:39:22:89:1a:52:75:d0:13:ba:ee:83:0c:
|
||||||
99:7a:f7:09:c9:15:16:3d:a2:1c:13:af:ad:e0:70:b8:6b:e5:
|
61:e9:b4:d8:f1:3f:80:77:29:d2:bb:7e:81:29:a8:fb:1f:ad:
|
||||||
dc:8e:f8:b5:ec:ff:f7:88:1b:ce:46:eb:22:ff:10:2f:ea:53:
|
92:91:bd:e9:b8:29:3f:a3:ec:44:b5:09:e5:03:3c:1b:2d:df:
|
||||||
f0:86:62:1a:ab:6f:4d:05:45:e8:5c:ba:b5:8d:0d:38:72:cd:
|
4c:27:45:94:da:be:50:dd:b9:78:3f:1f:92:92:59:a5:ad:5a:
|
||||||
df:a1:74:31:bb:ad:68:7d:56:be:d8:7e:7a:f5:ef:52:be:14:
|
ef:95:71:ff:ca:ff:db:70:53:17:aa:00:40:9b:4c:ff:fb:be:
|
||||||
5c:6d:ed:b4:2a:c9:ab:97:ba:e8:93:c5:6b:79:66:c7:52:a8:
|
73:7a:8e:0f:07:9b:b9:14:fd:a4:b4:d7:79:4b:3e:ff:c6:90:
|
||||||
0d:62:dc:cb:e2:4c:e6:53:f4:c3:5c:ce:47:0f:39:46:9a:cb:
|
ef:91:2e:a2:f3:ee:4b:1f:16:47:2a:a3:39:f9:b5:fd:74:fa:
|
||||||
82:d9:98:7d:69:41:aa:ac:6a:7a:e9:02:c9:9b:77:59:7f:6a:
|
8f:c4:15:8d:77:7f:46:78:6f:ba:a5:4e:bc:63:8f:39:63:c9:
|
||||||
90:54:10:8a:45:c7:49:5f:ca:be:66:6a:20:e1:cd:e8:10:09:
|
68:3d:8f:02:3a:4a:d0:d5:c4:47:6a:2c:4d:6c:d5:e2:a7:5f:
|
||||||
30:7e:16:44
|
35:ba:65:e4
|
||||||
-----BEGIN X509 CRL-----
|
-----BEGIN X509 CRL-----
|
||||||
MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
|
MIIB/jCB5wIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
|
||||||
BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
|
BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
|
||||||
EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
|
EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
|
||||||
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIx
|
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIw
|
||||||
NDIxMzIzMFqgDjAMMAoGA1UdFAQDAgFXMA0GCSqGSIb3DQEBBQUAA4IBAQAPFtLW
|
NzIwMTQwNlowFDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBAzAN
|
||||||
YvjA27Is3p0KEHIOhW4lHTggG9Vm2dOeDqae6GAgHLXJqwnDpdXDkaOa/0RAaNp7
|
BgkqhkiG9w0BAQUFAAOCAQEANjONdXosQNziZHHeHQa0DtOYYwV5hFN2m6pRcKE6
|
||||||
2ko8FReJCkm5r7Ks8OK1Dk3AItdewQKe85UgYnyI2TKXEgQab4zYe58MHpH+mFIX
|
qxL32mlwNFtNCAGmOxYlrD0RDICUvNy1UXyEEWXX0iQW9awRC+pyYkrLg8Fsluxr
|
||||||
3vLufGbn25GZevcJyRUWPaIcE6+t4HC4a+Xcjvi17P/3iBvORusi/xAv6lPwhmIa
|
zh8miImKdJD702eRjPfvDsqBOSKJGlJ10BO67oMMYem02PE/gHcp0rt+gSmo+x+t
|
||||||
q29NBUXoXLq1jQ04cs3foXQxu61ofVa+2H569e9SvhRcbe20Ksmrl7rok8VreWbH
|
kpG96bgpP6PsRLUJ5QM8Gy3fTCdFlNq+UN25eD8fkpJZpa1a75Vx/8r/23BTF6oA
|
||||||
UqgNYtzL4kzmU/TDXM5HDzlGmsuC2Zh9aUGqrGp66QLJm3dZf2qQVBCKRcdJX8q+
|
QJtM//u+c3qODwebuRT9pLTXeUs+/8aQ75EuovPuSx8WRyqjOfm1/XT6j8QVjXd/
|
||||||
Zmog4c3oEAkwfhZE
|
RnhvuqVOvGOPOWPJaD2PAjpK0NXER2osTWzV4qdfNbpl5A==
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
|
|||||||
Version 2 (0x1)
|
Version 2 (0x1)
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
|
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
Last Update: Jun 17 21:32:30 2013 GMT
|
Last Update: Feb 7 20:14:06 2014 GMT
|
||||||
Next Update: Dec 14 21:32:30 2013 GMT
|
Next Update: Feb 7 20:14:06 2015 GMT
|
||||||
CRL extensions:
|
CRL extensions:
|
||||||
X509v3 CRL Number:
|
X509v3 CRL Number:
|
||||||
85
|
1
|
||||||
No Revoked Certificates.
|
No Revoked Certificates.
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
4d:9c:63:22:02:91:fe:52:35:93:7c:b6:5b:e8:86:5a:29:a2:
|
4b:c1:68:4f:80:01:0e:ab:ff:c1:8f:5e:e5:3c:01:7a:fd:9c:
|
||||||
4d:9a:bc:d9:16:e0:8a:04:90:4d:ae:21:00:be:9c:81:5b:68:
|
bb:21:b3:68:73:7c:e9:dc:c5:70:a8:fd:1b:74:27:c2:9e:7d:
|
||||||
6e:90:1a:fd:1a:37:70:85:50:f2:02:87:1c:38:f4:ef:9d:41:
|
11:9c:95:b9:fb:73:ac:50:bb:b7:4a:5e:f1:f3:44:b4:7c:b5:
|
||||||
f5:4f:53:66:d4:c0:22:80:00:82:7a:09:42:49:c3:1c:c9:4c:
|
21:0f:32:48:2e:b2:03:95:a7:09:6b:25:87:c3:1d:9c:3f:8f:
|
||||||
9f:92:f9:66:f4:21:1f:24:67:4f:83:6a:bd:3a:19:f1:04:99:
|
69:91:30:fb:e5:a1:b2:26:1a:ed:8f:73:06:2d:bd:bc:72:f4:
|
||||||
ea:30:05:bf:a7:3d:bf:71:ac:3e:3a:ba:2a:c5:05:12:53:eb:
|
b8:bd:63:61:90:c7:91:2b:68:52:51:47:0d:d6:a1:79:b8:4b:
|
||||||
5c:6f:ed:2d:4b:c0:f5:00:e1:95:45:c9:62:b5:89:66:4b:2b:
|
bc:30:57:94:fa:b7:49:80:1a:1f:4d:aa:a3:8b:cd:8f:5d:8e:
|
||||||
01:fc:66:29:a3:0a:9a:05:ae:f7:9f:51:2a:9c:3b:18:03:ed:
|
ad:8b:d6:d1:5b:c1:cf:f2:0c:60:22:19:87:42:db:42:8b:aa:
|
||||||
c4:7c:33:62:93:30:49:ab:c4:d1:07:f4:18:ac:96:24:1e:c2:
|
47:36:4d:20:eb:cb:72:ce:4b:48:1b:f3:4d:0b:e0:f8:58:27:
|
||||||
fa:37:ed:82:db:06:66:8d:fb:25:93:35:7b:39:88:e8:8e:70:
|
65:60:e7:97:50:83:a9:80:58:62:a8:02:ac:4e:37:79:42:47:
|
||||||
e9:c8:be:00:c4:f7:a7:67:83:f8:3d:af:8b:71:5b:25:3b:1d:
|
65:aa:55:ca:7c:9a:9c:bf:6c:36:89:f3:f7:60:d3:30:be:d4:
|
||||||
56:cd:d0:15:86:31:d1:cb:57:3a:00:b5:1c:7c:3e:99:44:ce:
|
ce:f1:af:41:7e:02:75:6e:82:86:96:b9:16:07:15:29:c0:65:
|
||||||
bc:89:a7:78:37:50:ed:a1:b6:16:cd:72:20:c9:1f:60:b2:8a:
|
4d:2f:13:4f:01:ec:47:f1:af:36:0a:d6:a1:dc:81:57:18:2d:
|
||||||
c5:62:30:26:f0:aa:b6:73:ca:8e:d6:ba:31:0a:21:a2:6e:40:
|
00:7b:d4:49:88:c0:61:81:0e:cd:a7:39:6a:53:2a:7c:91:3d:
|
||||||
4b:66:30:11
|
ac:62:8d:49
|
||||||
-----BEGIN X509 CRL-----
|
-----BEGIN X509 CRL-----
|
||||||
MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
|
MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||||
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
|
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
|
||||||
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
||||||
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx
|
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
|
||||||
MjE0MjEzMjMwWqAOMAwwCgYDVR0UBAMCAVUwDQYJKoZIhvcNAQEFBQADggEBAE2c
|
MjA3MjAxNDA2WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAEvB
|
||||||
YyICkf5SNZN8tlvohlopok2avNkW4IoEkE2uIQC+nIFbaG6QGv0aN3CFUPIChxw4
|
aE+AAQ6r/8GPXuU8AXr9nLshs2hzfOncxXCo/Rt0J8KefRGclbn7c6xQu7dKXvHz
|
||||||
9O+dQfVPU2bUwCKAAIJ6CUJJwxzJTJ+S+Wb0IR8kZ0+Dar06GfEEmeowBb+nPb9x
|
RLR8tSEPMkgusgOVpwlrJYfDHZw/j2mRMPvlobImGu2PcwYtvbxy9Li9Y2GQx5Er
|
||||||
rD46uirFBRJT61xv7S1LwPUA4ZVFyWK1iWZLKwH8ZimjCpoFrvefUSqcOxgD7cR8
|
aFJRRw3WoXm4S7wwV5T6t0mAGh9NqqOLzY9djq2L1tFbwc/yDGAiGYdC20KLqkc2
|
||||||
M2KTMEmrxNEH9BisliQewvo37YLbBmaN+yWTNXs5iOiOcOnIvgDE96dng/g9r4tx
|
TSDry3LOS0gb800L4PhYJ2Vg55dQg6mAWGKoAqxON3lCR2WqVcp8mpy/bDaJ8/dg
|
||||||
WyU7HVbN0BWGMdHLVzoAtRx8PplEzryJp3g3UO2hthbNciDJH2CyisViMCbwqrZz
|
0zC+1M7xr0F+AnVugoaWuRYHFSnAZU0vE08B7EfxrzYK1qHcgVcYLQB71EmIwGGB
|
||||||
yo7WujEKIaJuQEtmMBE=
|
Ds2nOWpTKnyRPaxijUk=
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
|
|||||||
Version 2 (0x1)
|
Version 2 (0x1)
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
|
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
Last Update: Jun 17 21:32:30 2013 GMT
|
Last Update: Feb 7 20:14:06 2014 GMT
|
||||||
Next Update: Dec 14 21:32:30 2013 GMT
|
Next Update: Feb 7 20:14:06 2015 GMT
|
||||||
CRL extensions:
|
CRL extensions:
|
||||||
X509v3 CRL Number:
|
X509v3 CRL Number:
|
||||||
86
|
2
|
||||||
Revoked Certificates:
|
Revoked Certificates:
|
||||||
Serial Number: 02
|
Serial Number: 02
|
||||||
Revocation Date: Jun 17 21:32:30 2013 GMT
|
Revocation Date: Feb 7 20:14:06 2014 GMT
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
87:3b:bb:ac:6b:1a:e8:96:87:6f:a3:8e:39:77:28:01:a7:ea:
|
10:5d:b1:d0:79:d2:8a:15:2d:40:0b:44:d6:d9:df:58:73:eb:
|
||||||
76:36:c2:48:e2:41:02:3f:f3:f7:64:09:60:91:87:9e:57:74:
|
55:2c:81:fe:e1:7b:62:48:8f:34:c5:06:51:e5:e8:50:70:8c:
|
||||||
38:a0:c3:20:47:7d:82:4b:2c:34:23:fe:66:dc:2b:3e:8a:a1:
|
12:ba:e3:6e:fe:7d:0d:ce:44:08:9d:dc:d9:57:43:6c:54:12:
|
||||||
d9:e3:06:ec:75:0f:b1:ef:32:e2:28:ab:7d:40:2c:82:59:74:
|
82:d4:ed:6c:71:e5:74:44:bd:d1:a8:98:96:63:8b:68:5f:d2:
|
||||||
c9:95:b5:62:a6:6a:8e:34:e6:f6:f8:91:ff:aa:c1:21:93:79:
|
87:28:dd:99:4f:aa:ba:8e:18:9e:c4:4f:69:9e:66:13:03:28:
|
||||||
cb:6f:dc:be:94:21:b1:c8:dd:9e:b8:fe:ad:e8:50:6e:0d:76:
|
5f:3c:35:01:15:77:22:7c:ed:c5:4a:67:44:af:85:7f:df:8a:
|
||||||
92:32:54:51:96:cd:c7:be:d2:0f:6f:63:69:5f:b3:28:c1:57:
|
fd:49:8b:e1:be:52:e3:ca:e8:ae:a3:ad:07:91:2c:51:c6:28:
|
||||||
0e:61:f7:62:81:9f:ea:e7:a5:14:89:41:56:63:46:da:bc:d8:
|
5f:26:17:14:39:5d:4e:21:9f:11:6f:c4:a2:ef:ef:b8:ec:27:
|
||||||
e0:78:44:c6:c7:1a:ab:1b:f1:0b:59:d5:4e:6d:14:bc:16:c2:
|
af:45:ad:b9:ed:e0:14:09:60:a0:50:ee:dd:f7:b1:3e:58:c4:
|
||||||
02:43:06:0b:f4:16:6e:26:8c:36:09:61:0c:53:3f:72:85:64:
|
0d:e8:b5:0b:a9:0d:98:ad:7c:74:ab:1c:d6:fa:c8:7d:e7:5a:
|
||||||
33:4d:bf:70:44:c8:23:83:c3:51:98:a8:14:f7:b2:03:a1:7b:
|
3b:91:23:d5:62:ba:d4:e4:be:58:78:fe:09:ba:63:f6:9e:2c:
|
||||||
72:48:4d:24:d0:a8:a9:22:3d:9b:94:bf:24:24:01:6f:2e:4b:
|
3f:93:c2:fe:de:c5:00:21:50:39:91:ac:71:e6:fc:4a:37:a4:
|
||||||
2b:21:24:8f:64:46:20:79:45:b3:45:1a:4f:93:10:e1:8d:04:
|
e4:e9:5e:e7:ac:8d:95:21:d6:76:aa:10:a8:3c:28:3e:ef:1c:
|
||||||
4c:8d:83:63:96:9f:28:c5:37:0f:10:8e:02:9b:4d:96:8b:ea:
|
64:58:e9:1e:f6:7e:54:f3:cb:bb:ed:6f:5d:27:5a:b1:4b:91:
|
||||||
a3:31:88:9f
|
8e:8c:67:7d
|
||||||
-----BEGIN X509 CRL-----
|
-----BEGIN X509 CRL-----
|
||||||
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
|
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||||
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
|
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
|
||||||
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
|
||||||
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx
|
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
|
||||||
MjE0MjEzMjMwWjAUMBICAQIXDTEzMDYxNzIxMzIzMFqgDjAMMAoGA1UdFAQDAgFW
|
MjA3MjAxNDA2WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEC
|
||||||
MA0GCSqGSIb3DQEBBQUAA4IBAQCHO7usaxrolodvo445dygBp+p2NsJI4kECP/P3
|
MA0GCSqGSIb3DQEBBQUAA4IBAQAQXbHQedKKFS1AC0TW2d9Yc+tVLIH+4XtiSI80
|
||||||
ZAlgkYeeV3Q4oMMgR32CSyw0I/5m3Cs+iqHZ4wbsdQ+x7zLiKKt9QCyCWXTJlbVi
|
xQZR5ehQcIwSuuNu/n0NzkQIndzZV0NsVBKC1O1sceV0RL3RqJiWY4toX9KHKN2Z
|
||||||
pmqONOb2+JH/qsEhk3nLb9y+lCGxyN2euP6t6FBuDXaSMlRRls3HvtIPb2NpX7Mo
|
T6q6jhiexE9pnmYTAyhfPDUBFXcifO3FSmdEr4V/34r9SYvhvlLjyuiuo60HkSxR
|
||||||
wVcOYfdigZ/q56UUiUFWY0bavNjgeETGxxqrG/ELWdVObRS8FsICQwYL9BZuJow2
|
xihfJhcUOV1OIZ8Rb8Si7++47CevRa257eAUCWCgUO7d97E+WMQN6LULqQ2YrXx0
|
||||||
CWEMUz9yhWQzTb9wRMgjg8NRmKgU97IDoXtySE0k0KipIj2blL8kJAFvLksrISSP
|
qxzW+sh951o7kSPVYrrU5L5YeP4JumP2niw/k8L+3sUAIVA5kaxx5vxKN6Tk6V7n
|
||||||
ZEYgeUWzRRpPkxDhjQRMjYNjlp8oxTcPEI4Cm02Wi+qjMYif
|
rI2VIdZ2qhCoPCg+7xxkWOke9n5U88u77W9dJ1qxS5GOjGd9
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
|
|||||||
Version 2 (0x1)
|
Version 2 (0x1)
|
||||||
Signature Algorithm: ecdsa-with-SHA1
|
Signature Algorithm: ecdsa-with-SHA1
|
||||||
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
|
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
Last Update: Jun 17 21:32:30 2013 GMT
|
Last Update: Feb 7 20:14:06 2014 GMT
|
||||||
Next Update: Dec 14 21:32:30 2013 GMT
|
Next Update: Feb 7 20:14:06 2015 GMT
|
||||||
CRL extensions:
|
CRL extensions:
|
||||||
X509v3 CRL Number:
|
X509v3 CRL Number:
|
||||||
88
|
4
|
||||||
No Revoked Certificates.
|
Revoked Certificates:
|
||||||
|
Serial Number: 02
|
||||||
|
Revocation Date: Feb 7 20:14:06 2014 GMT
|
||||||
Signature Algorithm: ecdsa-with-SHA1
|
Signature Algorithm: ecdsa-with-SHA1
|
||||||
30:45:02:21:00:eb:6e:1b:5d:f9:43:f9:67:5b:4e:d1:6d:30:
|
30:44:02:20:10:95:f9:c8:20:bc:7d:ce:79:6d:35:23:4c:82:
|
||||||
c7:c1:57:a3:e6:25:af:87:7a:77:8d:d9:89:47:1d:a4:64:0e:
|
8c:f5:8b:d1:4f:69:a9:5e:70:97:dd:bb:c2:67:13:46:b0:47:
|
||||||
21:02:20:11:20:49:d5:84:47:fa:12:61:46:ec:b6:db:0e:d0:
|
02:20:4f:1f:43:c2:cc:63:1c:6e:26:89:2d:e7:ce:69:45:6d:
|
||||||
9d:3d:95:24:4f:a3:43:ab:d0:ad:dd:d9:61:b7:49:e2:5e
|
fb:8f:53:cd:1f:84:0f:93:fe:83:91:69:f2:91:c6:f9
|
||||||
-----BEGIN X509 CRL-----
|
-----BEGIN X509 CRL-----
|
||||||
MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
|
MIIBNTCB3gIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
|
||||||
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
|
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
|
||||||
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
|
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
|
||||||
ARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIxNDIxMzIzMFqg
|
ARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIwNzIwMTQwNlow
|
||||||
DjAMMAoGA1UdFAQDAgFYMAkGByqGSM49BAEDSAAwRQIhAOtuG135Q/lnW07RbTDH
|
FDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBBDAJBgcqhkjOPQQB
|
||||||
wVej5iWvh3p3jdmJRx2kZA4hAiARIEnVhEf6EmFG7LbbDtCdPZUkT6NDq9Ct3dlh
|
A0cAMEQCIBCV+cggvH3OeW01I0yCjPWL0U9pqV5wl927wmcTRrBHAiBPH0PCzGMc
|
||||||
t0niXg==
|
biaJLefOaUVt+49TzR+ED5P+g5Fp8pHG+Q==
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
|
|||||||
Version 2 (0x1)
|
Version 2 (0x1)
|
||||||
Signature Algorithm: ecdsa-with-SHA1
|
Signature Algorithm: ecdsa-with-SHA1
|
||||||
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
|
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
|
||||||
Last Update: Jun 17 21:32:30 2013 GMT
|
Last Update: Feb 7 20:14:06 2014 GMT
|
||||||
Next Update: Dec 14 21:32:30 2013 GMT
|
Next Update: Feb 7 20:14:06 2015 GMT
|
||||||
CRL extensions:
|
CRL extensions:
|
||||||
X509v3 CRL Number:
|
X509v3 CRL Number:
|
||||||
89
|
5
|
||||||
No Revoked Certificates.
|
Revoked Certificates:
|
||||||
|
Serial Number: 02
|
||||||
|
Revocation Date: Feb 7 20:14:06 2014 GMT
|
||||||
Signature Algorithm: ecdsa-with-SHA1
|
Signature Algorithm: ecdsa-with-SHA1
|
||||||
30:44:02:20:0c:78:df:c4:4b:8b:e0:70:15:4f:f6:7d:82:d6:
|
30:44:02:20:2a:2a:2c:ff:8a:0f:6a:74:57:b8:41:a8:5a:5c:
|
||||||
0d:dd:a5:a0:e2:6a:95:4b:2b:6b:29:14:15:ba:51:0d:e3:1f:
|
8c:7d:c1:7d:b1:76:a3:db:ff:22:1a:69:cd:80:8d:d5:e4:2a:
|
||||||
02:20:2b:4b:1d:7c:9d:2f:5a:01:3d:9b:c1:94:cd:10:86:fe:
|
02:20:2d:51:3e:01:5b:79:6c:f4:89:89:63:46:0b:65:44:46:
|
||||||
e2:9d:a0:b2:3c:97:10:ba:a6:56:43:78:b3:92:9b:0b
|
59:2d:42:3e:ba:a8:6d:08:4a:20:1f:9a:06:cc:a9:65
|
||||||
-----BEGIN X509 CRL-----
|
-----BEGIN X509 CRL-----
|
||||||
MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
|
MIIBNzCB4AIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
|
||||||
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
|
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
|
||||||
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
|
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
|
||||||
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMxMjE0MjEzMjMw
|
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUwMjA3MjAxNDA2
|
||||||
WqAOMAwwCgYDVR0UBAMCAVkwCQYHKoZIzj0EAQNHADBEAiAMeN/ES4vgcBVP9n2C
|
WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEFMAkGByqGSM49
|
||||||
1g3dpaDiapVLK2spFBW6UQ3jHwIgK0sdfJ0vWgE9m8GUzRCG/uKdoLI8lxC6plZD
|
BAEDRwAwRAIgKios/4oPanRXuEGoWlyMfcF9sXaj2/8iGmnNgI3V5CoCIC1RPgFb
|
||||||
eLOSmws=
|
eWz0iYljRgtlREZZLUI+uqhtCEogH5oGzKll
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
|
|
||||||
# caCrl
|
# caCrl
|
||||||
openssl ca -gencrl -crldays 180 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
openssl ca -gencrl -crldays 365 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
||||||
|
|
||||||
# metadata
|
# metadata
|
||||||
openssl crl -in crl.pem -text > tmp
|
openssl crl -in crl.pem -text > tmp
|
||||||
@ -17,7 +17,7 @@ cp crl.pem ~/cyassl/certs/crl/crl.pem
|
|||||||
openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
||||||
|
|
||||||
# caCrl server revoked generation
|
# caCrl server revoked generation
|
||||||
openssl ca -gencrl -crldays 180 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
openssl ca -gencrl -crldays 365 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
|
||||||
|
|
||||||
# metadata
|
# metadata
|
||||||
openssl crl -in crl.revoked -text > tmp
|
openssl crl -in crl.revoked -text > tmp
|
||||||
@ -29,7 +29,7 @@ cp crl.revoked ~/cyassl/certs/crl/crl.revoked
|
|||||||
cp blank.index.txt demoCA/index.txt
|
cp blank.index.txt demoCA/index.txt
|
||||||
|
|
||||||
# cliCrl
|
# cliCrl
|
||||||
openssl ca -gencrl -crldays 180 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
|
openssl ca -gencrl -crldays 365 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
|
||||||
|
|
||||||
# metadata
|
# metadata
|
||||||
openssl crl -in cliCrl.pem -text > tmp
|
openssl crl -in cliCrl.pem -text > tmp
|
||||||
@ -38,7 +38,7 @@ mv tmp cliCrl.pem
|
|||||||
cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
|
cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
|
||||||
|
|
||||||
# eccCliCRL
|
# eccCliCRL
|
||||||
openssl ca -gencrl -crldays 180 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
|
openssl ca -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
|
||||||
|
|
||||||
# metadata
|
# metadata
|
||||||
openssl crl -in eccCliCRL.pem -text > tmp
|
openssl crl -in eccCliCRL.pem -text > tmp
|
||||||
@ -47,7 +47,7 @@ mv tmp eccCliCRL.pem
|
|||||||
cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
|
cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
|
||||||
|
|
||||||
# eccSrvCRL
|
# eccSrvCRL
|
||||||
openssl ca -gencrl -crldays 180 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
|
openssl ca -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
|
||||||
|
|
||||||
# metadata
|
# metadata
|
||||||
openssl crl -in eccSrvCRL.pem -text > tmp
|
openssl crl -in eccSrvCRL.pem -text > tmp
|
||||||
|
104
configure.ac
104
configure.ac
@ -6,12 +6,10 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
AC_INIT([cyassl],[2.8.6],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
|
AC_INIT([cyassl],[2.9.1],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
|
||||||
|
|
||||||
AC_CONFIG_AUX_DIR([build-aux])
|
AC_CONFIG_AUX_DIR([build-aux])
|
||||||
|
|
||||||
# using $targget_cpu to only turn on fastmath by default on x86_64
|
|
||||||
AC_CANONICAL_TARGET
|
|
||||||
AC_CANONICAL_HOST
|
AC_CANONICAL_HOST
|
||||||
AC_CANONICAL_BUILD
|
AC_CANONICAL_BUILD
|
||||||
|
|
||||||
@ -33,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
|
|||||||
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
|
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
|
||||||
|
|
||||||
#shared library versioning
|
#shared library versioning
|
||||||
CYASSL_LIBRARY_VERSION=5:2:0
|
CYASSL_LIBRARY_VERSION=5:3:0
|
||||||
# | | |
|
# | | |
|
||||||
# +------+ | +---+
|
# +------+ | +---+
|
||||||
# | | |
|
# | | |
|
||||||
@ -104,7 +102,7 @@ OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
|
|||||||
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
|
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
|
||||||
|
|
||||||
# Thread local storage
|
# Thread local storage
|
||||||
AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
|
AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"], [:])
|
||||||
|
|
||||||
# DEBUG
|
# DEBUG
|
||||||
AX_DEBUG
|
AX_DEBUG
|
||||||
@ -987,6 +985,19 @@ fi
|
|||||||
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
|
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
|
||||||
|
|
||||||
|
|
||||||
|
# Web Server Build
|
||||||
|
AC_ARG_ENABLE([webserver],
|
||||||
|
[ --enable-webserver Enable Web Server (default: disabled)],
|
||||||
|
[ ENABLED_WEBSERVER=$enableval ],
|
||||||
|
[ ENABLED_WEBSERVER=no ]
|
||||||
|
)
|
||||||
|
|
||||||
|
if test "$ENABLED_WEBSERVER" = "yes"
|
||||||
|
then
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# PWDBASED
|
# PWDBASED
|
||||||
AC_ARG_ENABLE([pwdbased],
|
AC_ARG_ENABLE([pwdbased],
|
||||||
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
|
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
|
||||||
@ -996,9 +1007,9 @@ AC_ARG_ENABLE([pwdbased],
|
|||||||
|
|
||||||
if test "$ENABLED_PWDBASED" = "no"
|
if test "$ENABLED_PWDBASED" = "no"
|
||||||
then
|
then
|
||||||
if test "$ENABLED_OPENSSLEXTRA" = "yes"
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
|
||||||
then
|
then
|
||||||
# opensslextra needs pwdbased
|
# opensslextra and webserver needs pwdbased
|
||||||
ENABLED_PWDBASED=yes
|
ENABLED_PWDBASED=yes
|
||||||
else
|
else
|
||||||
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
|
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
|
||||||
@ -1042,19 +1053,6 @@ fi
|
|||||||
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
|
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
|
||||||
|
|
||||||
|
|
||||||
# Web Server Build
|
|
||||||
AC_ARG_ENABLE([webserver],
|
|
||||||
[ --enable-webserver Enable Web Server (default: disabled)],
|
|
||||||
[ ENABLED_WEBSERVER=$enableval ],
|
|
||||||
[ ENABLED_WEBSERVER=no ]
|
|
||||||
)
|
|
||||||
|
|
||||||
if test "$ENABLED_WEBSERVER" = "yes"
|
|
||||||
then
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Filesystem Build
|
# Filesystem Build
|
||||||
AC_ARG_ENABLE([filesystem],
|
AC_ARG_ENABLE([filesystem],
|
||||||
[ --enable-filesystem Enable Filesystem support (default: enabled)],
|
[ --enable-filesystem Enable Filesystem support (default: enabled)],
|
||||||
@ -1226,16 +1224,16 @@ then
|
|||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Elliptic Curves Extensions
|
# Supported Elliptic Curves Extensions
|
||||||
AC_ARG_ENABLE([ellipticcurves],
|
AC_ARG_ENABLE([supportedcurves],
|
||||||
[ --enable-ellipticcurves Enable Elliptic Curves (default: disabled)],
|
[ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)],
|
||||||
[ ENABLED_ELLIPTIC_CURVES=$enableval ],
|
[ ENABLED_SUPPORTED_CURVES=$enableval ],
|
||||||
[ ENABLED_ELLIPTIC_CURVES=no ]
|
[ ENABLED_SUPPORTED_CURVES=no ]
|
||||||
)
|
)
|
||||||
|
|
||||||
if test "x$ENABLED_ELLIPTIC_CURVES" = "xyes"
|
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
|
||||||
then
|
then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ELLIPTIC_CURVES"
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# TLS Extensions
|
# TLS Extensions
|
||||||
@ -1251,8 +1249,8 @@ then
|
|||||||
ENABLED_MAX_FRAGMENT=yes
|
ENABLED_MAX_FRAGMENT=yes
|
||||||
ENABLED_TRUNCATED_HMAC=yes
|
ENABLED_TRUNCATED_HMAC=yes
|
||||||
ENABLED_RENEGOTIATION_INDICATION=yes
|
ENABLED_RENEGOTIATION_INDICATION=yes
|
||||||
ENABLED_ELLIPTIC_CURVES=yes
|
ENABLED_SUPPORTED_CURVES=yes
|
||||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_ELLIPTIC_CURVES"
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_SUPPORTED_CURVES"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# PKCS7
|
# PKCS7
|
||||||
@ -1340,10 +1338,39 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Certificate Service Support
|
||||||
|
AC_ARG_ENABLE([certservice],
|
||||||
|
[ --enable-certservice Enable cert service (default: disabled)],
|
||||||
|
[ ENABLED_CERT_SERVICE=$enableval ],
|
||||||
|
[ ENABLED_CERT_SERVICE=no ]
|
||||||
|
)
|
||||||
|
if test "$ENABLED_CERT_SERVICE" = "yes"
|
||||||
|
then
|
||||||
|
# Requires ecc,certgen, and opensslextra make sure on
|
||||||
|
if test "x$ENABLED_CERTGEN" = "xno"
|
||||||
|
then
|
||||||
|
ENABLED_CERTGEN="yes"
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DCYASSL_CERT_GEN"
|
||||||
|
fi
|
||||||
|
if test "x$ENABLED_ECC" = "xno"
|
||||||
|
then
|
||||||
|
ENABLED_ECC="yes"
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
|
||||||
|
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
|
||||||
|
fi
|
||||||
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
||||||
|
then
|
||||||
|
ENABLED_OPENSSLEXTRA="yes"
|
||||||
|
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
|
||||||
|
fi
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DCYASSL_HAVE_CERT_SERVICE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# set fastmath default
|
# set fastmath default
|
||||||
FASTMATH_DEFAULT=no
|
FASTMATH_DEFAULT=no
|
||||||
|
|
||||||
if test "$target_cpu" = "x86_64"
|
if test "$host_cpu" = "x86_64"
|
||||||
then
|
then
|
||||||
FASTMATH_DEFAULT=yes
|
FASTMATH_DEFAULT=yes
|
||||||
fi
|
fi
|
||||||
@ -1398,7 +1425,6 @@ AC_ARG_ENABLE([examples],
|
|||||||
[ ENABLED_EXAMPLES=yes ]
|
[ ENABLED_EXAMPLES=yes ]
|
||||||
)
|
)
|
||||||
|
|
||||||
AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"])
|
|
||||||
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
|
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
|
||||||
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
|
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
|
||||||
# certs still have sha signatures for now
|
# certs still have sha signatures for now
|
||||||
@ -1527,16 +1553,6 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
LIB_SOCKET_NSL
|
LIB_SOCKET_NSL
|
||||||
|
|
||||||
AC_ARG_ENABLE([gcc-hardening],
|
|
||||||
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
|
|
||||||
[if test x$enableval = xyes; then
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS -fwrapv -fPIE -Wstack-protector"
|
|
||||||
AM_CFLAGS="$AM_CFLAGS --param ssp-buffer-size=1"
|
|
||||||
LDFLAGS="$LDFLAGS -pie"
|
|
||||||
fi])
|
|
||||||
|
|
||||||
AX_HARDEN_CC_COMPILER_FLAGS
|
AX_HARDEN_CC_COMPILER_FLAGS
|
||||||
|
|
||||||
# link to ws2_32 if on mingw
|
# link to ws2_32 if on mingw
|
||||||
@ -1624,9 +1640,9 @@ echo ""
|
|||||||
echo " * Installation prefix: $prefix"
|
echo " * Installation prefix: $prefix"
|
||||||
echo " * System type: $host_vendor-$host_os"
|
echo " * System type: $host_vendor-$host_os"
|
||||||
echo " * Host CPU: $host_cpu"
|
echo " * Host CPU: $host_cpu"
|
||||||
echo " * C Compiler: $CC_VERSION"
|
echo " * C Compiler: $CC"
|
||||||
echo " * C Flags: $CFLAGS"
|
echo " * C Flags: $CFLAGS"
|
||||||
echo " * C++ Compiler: $CXX_VERSION"
|
echo " * C++ Compiler: $CXX"
|
||||||
echo " * C++ Flags: $CXXFLAGS"
|
echo " * C++ Flags: $CXXFLAGS"
|
||||||
echo " * CPP Flags: $CPPFLAGS"
|
echo " * CPP Flags: $CPPFLAGS"
|
||||||
echo " * LIB Flags: $LIB"
|
echo " * LIB Flags: $LIB"
|
||||||
@ -1689,7 +1705,7 @@ echo " * SNI: $ENABLED_SNI"
|
|||||||
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
|
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
|
||||||
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
|
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
|
||||||
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
|
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
|
||||||
echo " * Elliptic Curves: $ENABLED_ELLIPTIC_CURVES"
|
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
|
||||||
echo " * All TLS Extensions: $ENABLED_TLSX"
|
echo " * All TLS Extensions: $ENABLED_TLSX"
|
||||||
echo " * PKCS#7 $ENABLED_PKCS7"
|
echo " * PKCS#7 $ENABLED_PKCS7"
|
||||||
echo " * wolfSCEP $ENABLED_WOLFSCEP"
|
echo " * wolfSCEP $ENABLED_WOLFSCEP"
|
||||||
|
@ -219,27 +219,27 @@ int benchmark_test(void *args)
|
|||||||
|
|
||||||
|
|
||||||
#ifdef BENCH_EMBEDDED
|
#ifdef BENCH_EMBEDDED
|
||||||
const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */
|
static const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */
|
||||||
const char blockType[] = "kB"; /* used in printf output */
|
static const char blockType[] = "kB"; /* used in printf output */
|
||||||
const int ntimes = 1; /* public key iterations */
|
static const int ntimes = 1; /* public key iterations */
|
||||||
const int genTimes = 5;
|
static const int genTimes = 5;
|
||||||
const int agreeTimes = 5;
|
static const int agreeTimes = 5;
|
||||||
#else
|
#else
|
||||||
const int numBlocks = 5;
|
static const int numBlocks = 5;
|
||||||
const char blockType[] = "megs";
|
static const char blockType[] = "megs";
|
||||||
const int ntimes = 100;
|
static const int ntimes = 100;
|
||||||
const int genTimes = 100;
|
static const int genTimes = 100;
|
||||||
const int agreeTimes = 100;
|
static const int agreeTimes = 100;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
const byte key[] =
|
static const byte key[] =
|
||||||
{
|
{
|
||||||
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
|
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
|
||||||
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
|
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
|
||||||
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
|
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
|
||||||
};
|
};
|
||||||
|
|
||||||
const byte iv[] =
|
static const byte iv[] =
|
||||||
{
|
{
|
||||||
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
|
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
|
||||||
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
|
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
|
||||||
@ -250,11 +250,11 @@ const byte iv[] =
|
|||||||
|
|
||||||
/* use kB instead of mB for embedded benchmarking */
|
/* use kB instead of mB for embedded benchmarking */
|
||||||
#ifdef BENCH_EMBEDDED
|
#ifdef BENCH_EMBEDDED
|
||||||
byte plain [1024];
|
static byte plain [1024];
|
||||||
byte cipher[1024];
|
static byte cipher[1024];
|
||||||
#else
|
#else
|
||||||
byte plain [1024*1024];
|
static byte plain [1024*1024];
|
||||||
byte cipher[1024*1024];
|
static byte cipher[1024*1024];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
@ -294,8 +294,10 @@ void bench_aes(int show)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
byte additional[13];
|
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
|
||||||
byte tag[16];
|
static byte additional[13];
|
||||||
|
static byte tag[16];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#ifdef HAVE_AESGCM
|
#ifdef HAVE_AESGCM
|
||||||
@ -675,7 +677,7 @@ void bench_blake2(void)
|
|||||||
|
|
||||||
#if !defined(NO_RSA) || !defined(NO_DH) \
|
#if !defined(NO_RSA) || !defined(NO_DH) \
|
||||||
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
|
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
|
||||||
RNG rng;
|
static RNG rng;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
@ -684,7 +686,7 @@ RNG rng;
|
|||||||
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
|
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
|
||||||
defined(CYASSL_MDK_SHELL)
|
defined(CYASSL_MDK_SHELL)
|
||||||
static char *certRSAname = "certs/rsa2048.der" ;
|
static char *certRSAname = "certs/rsa2048.der" ;
|
||||||
void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
|
static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
|
||||||
/* set by shell command */
|
/* set by shell command */
|
||||||
#elif defined(CYASSL_MDK_SHELL)
|
#elif defined(CYASSL_MDK_SHELL)
|
||||||
/* nothing */
|
/* nothing */
|
||||||
@ -798,7 +800,7 @@ void bench_dh(void)
|
|||||||
int i, ret;
|
int i, ret;
|
||||||
byte tmp[1024];
|
byte tmp[1024];
|
||||||
size_t bytes;
|
size_t bytes;
|
||||||
word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;
|
word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
|
||||||
|
|
||||||
byte pub[256]; /* for 2048 bit */
|
byte pub[256]; /* for 2048 bit */
|
||||||
byte priv[256]; /* for 2048 bit */
|
byte priv[256]; /* for 2048 bit */
|
||||||
@ -954,7 +956,7 @@ void bench_eccKeyAgree(void)
|
|||||||
byte shared[1024];
|
byte shared[1024];
|
||||||
byte sig[1024];
|
byte sig[1024];
|
||||||
byte digest[32];
|
byte digest[32];
|
||||||
word32 x;
|
word32 x = 0;
|
||||||
|
|
||||||
ecc_init(&genKey);
|
ecc_init(&genKey);
|
||||||
ecc_init(&genKey2);
|
ecc_init(&genKey2);
|
||||||
@ -996,7 +998,7 @@ void bench_eccKeyAgree(void)
|
|||||||
|
|
||||||
/* make dummy digest */
|
/* make dummy digest */
|
||||||
for (i = 0; i < (int)sizeof(digest); i++)
|
for (i = 0; i < (int)sizeof(digest); i++)
|
||||||
digest[i] = i;
|
digest[i] = (byte)i;
|
||||||
|
|
||||||
|
|
||||||
start = current_time(1);
|
start = current_time(1);
|
||||||
|
@ -318,6 +318,36 @@ __asm__( \
|
|||||||
#define LOOP_START \
|
#define LOOP_START \
|
||||||
mu = c[x] * mp
|
mu = c[x] * mp
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef __thumb__
|
||||||
|
|
||||||
|
#define INNERMUL \
|
||||||
|
__asm__( \
|
||||||
|
" LDR r0,%1 \n\t" \
|
||||||
|
" ADDS r0,r0,%0 \n\t" \
|
||||||
|
" ITE CS \n\t" \
|
||||||
|
" MOVCS %0,#1 \n\t" \
|
||||||
|
" MOVCC %0,#0 \n\t" \
|
||||||
|
" UMLAL r0,%0,%3,%4 \n\t" \
|
||||||
|
" STR r0,%1 \n\t" \
|
||||||
|
:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"m"(_c[0]):"r0","cc");
|
||||||
|
|
||||||
|
#define PROPCARRY \
|
||||||
|
__asm__( \
|
||||||
|
" LDR r0,%1 \n\t" \
|
||||||
|
" ADDS r0,r0,%0 \n\t" \
|
||||||
|
" STR r0,%1 \n\t" \
|
||||||
|
" ITE CS \n\t" \
|
||||||
|
" MOVCS %0,#1 \n\t" \
|
||||||
|
" MOVCC %0,#0 \n\t" \
|
||||||
|
:"=r"(cy),"=m"(_c[0]):"0"(cy),"m"(_c[0]):"r0","cc");
|
||||||
|
|
||||||
|
|
||||||
|
/* TAO thumb mode uses ite (if then else) to detect carry directly
|
||||||
|
* fixed unmatched constraint warning by changing 1 to m */
|
||||||
|
|
||||||
|
#else /* __thumb__ */
|
||||||
|
|
||||||
#define INNERMUL \
|
#define INNERMUL \
|
||||||
__asm__( \
|
__asm__( \
|
||||||
" LDR r0,%1 \n\t" \
|
" LDR r0,%1 \n\t" \
|
||||||
@ -337,6 +367,8 @@ __asm__( \
|
|||||||
" MOVCC %0,#0 \n\t" \
|
" MOVCC %0,#0 \n\t" \
|
||||||
:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");
|
:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");
|
||||||
|
|
||||||
|
#endif /* __thumb__ */
|
||||||
|
|
||||||
#elif defined(TFM_PPC32)
|
#elif defined(TFM_PPC32)
|
||||||
|
|
||||||
/* PPC32 */
|
/* PPC32 */
|
||||||
@ -725,9 +757,11 @@ __asm__( \
|
|||||||
|
|
||||||
#define SQRADDSC(i, j) \
|
#define SQRADDSC(i, j) \
|
||||||
__asm__( \
|
__asm__( \
|
||||||
" UMULL %0,%1,%6,%7 \n\t" \
|
" UMULL %0,%1,%3,%4 \n\t" \
|
||||||
" SUB %2,%2,%2 \n\t" \
|
" SUB %2,%2,%2 \n\t" \
|
||||||
:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "cc");
|
:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "r"(i), "r"(j) : "cc");
|
||||||
|
|
||||||
|
/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
|
||||||
|
|
||||||
#define SQRADDAC(i, j) \
|
#define SQRADDAC(i, j) \
|
||||||
__asm__( \
|
__asm__( \
|
||||||
|
@ -1519,8 +1519,9 @@ static int GetKey(DecodedCert* cert)
|
|||||||
XMEMCPY(cert->publicKey, keyBlob, keyLen);
|
XMEMCPY(cert->publicKey, keyBlob, keyLen);
|
||||||
cert->pubKeyStored = 1;
|
cert->pubKeyStored = 1;
|
||||||
cert->pubKeySize = keyLen;
|
cert->pubKeySize = keyLen;
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
#endif /* HAVE_NTRU */
|
#endif /* HAVE_NTRU */
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
case ECDSAk:
|
case ECDSAk:
|
||||||
@ -1566,14 +1567,13 @@ static int GetKey(DecodedCert* cert)
|
|||||||
cert->pubKeySize = length;
|
cert->pubKeySize = length;
|
||||||
|
|
||||||
cert->srcIdx += length;
|
cert->srcIdx += length;
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
default:
|
default:
|
||||||
return ASN_UNKNOWN_OID_E;
|
return ASN_UNKNOWN_OID_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -3084,6 +3084,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
|
|||||||
{
|
{
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
int length = 0;
|
int length = 0;
|
||||||
|
byte b;
|
||||||
word32 oid;
|
word32 oid;
|
||||||
|
|
||||||
CYASSL_ENTER("DecodeAuthInfo");
|
CYASSL_ENTER("DecodeAuthInfo");
|
||||||
@ -3091,6 +3092,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
|
|||||||
/* Unwrap the list of AIAs */
|
/* Unwrap the list of AIAs */
|
||||||
if (GetSequence(input, &idx, &length, sz) < 0) return;
|
if (GetSequence(input, &idx, &length, sz) < 0) return;
|
||||||
|
|
||||||
|
while (idx < (word32)sz) {
|
||||||
/* Unwrap a single AIA */
|
/* Unwrap a single AIA */
|
||||||
if (GetSequence(input, &idx, &length, sz) < 0) return;
|
if (GetSequence(input, &idx, &length, sz) < 0) return;
|
||||||
|
|
||||||
@ -3098,29 +3100,19 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
|
|||||||
if (GetObjectId(input, &idx, &oid, sz) < 0) return;
|
if (GetObjectId(input, &idx, &oid, sz) < 0) return;
|
||||||
|
|
||||||
/* Only supporting URIs right now. */
|
/* Only supporting URIs right now. */
|
||||||
if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI))
|
b = input[idx++];
|
||||||
{
|
|
||||||
idx++;
|
|
||||||
if (GetLength(input, &idx, &length, sz) < 0) return;
|
if (GetLength(input, &idx, &length, sz) < 0) return;
|
||||||
|
|
||||||
|
if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) &&
|
||||||
|
oid == AIA_OCSP_OID)
|
||||||
|
{
|
||||||
cert->extAuthInfoSz = length;
|
cert->extAuthInfoSz = length;
|
||||||
cert->extAuthInfo = input + idx;
|
cert->extAuthInfo = input + idx;
|
||||||
idx += length;
|
break;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
/* Skip anything else. */
|
|
||||||
idx++;
|
|
||||||
if (GetLength(input, &idx, &length, sz) < 0) return;
|
|
||||||
idx += length;
|
idx += length;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (idx < (word32)sz)
|
|
||||||
{
|
|
||||||
CYASSL_MSG("\tThere are more Authority Information Access records, "
|
|
||||||
"but we only use first one.");
|
|
||||||
}
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3224,11 +3216,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
|
|||||||
length--;
|
length--;
|
||||||
|
|
||||||
if (length == 2) {
|
if (length == 2) {
|
||||||
cert->extKeyUsage = (input[idx] << 8) | input[idx+1];
|
cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]);
|
||||||
cert->extKeyUsage >>= unusedBits;
|
cert->extKeyUsage >>= unusedBits;
|
||||||
}
|
}
|
||||||
else if (length == 1)
|
else if (length == 1)
|
||||||
cert->extKeyUsage = (input[idx] << 1);
|
cert->extKeyUsage = (word16)(input[idx] << 1);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -3290,9 +3282,7 @@ static void DecodeCertExtensions(DecodedCert* cert)
|
|||||||
byte* input = cert->extensions;
|
byte* input = cert->extensions;
|
||||||
int length;
|
int length;
|
||||||
word32 oid;
|
word32 oid;
|
||||||
byte critical;
|
byte critical = 0;
|
||||||
|
|
||||||
(void)critical;
|
|
||||||
|
|
||||||
CYASSL_ENTER("DecodeCertExtensions");
|
CYASSL_ENTER("DecodeCertExtensions");
|
||||||
|
|
||||||
@ -3405,7 +3395,6 @@ static void DecodeCertExtensions(DecodedCert* cert)
|
|||||||
}
|
}
|
||||||
idx += length;
|
idx += length;
|
||||||
}
|
}
|
||||||
(void)critical;
|
|
||||||
|
|
||||||
CYASSL_LEAVE("DecodeCertExtensions", 0);
|
CYASSL_LEAVE("DecodeCertExtensions", 0);
|
||||||
return;
|
return;
|
||||||
@ -3432,7 +3421,8 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
|
|||||||
cert->subjectCNStored = 1;
|
cert->subjectCNStored = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cert->keyOID == RSAk && cert->pubKeySize > 0) {
|
if (cert->keyOID == RSAk &&
|
||||||
|
cert->publicKey != NULL && cert->pubKeySize > 0) {
|
||||||
ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap,
|
ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap,
|
||||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||||
if (ptr == NULL)
|
if (ptr == NULL)
|
||||||
|
@ -95,9 +95,9 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
|
|||||||
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
|
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
|
||||||
e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
|
e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
|
||||||
|
|
||||||
b1 = (e1 << 2) | (e2 >> 4);
|
b1 = (byte)((e1 << 2) | (e2 >> 4));
|
||||||
b2 = ((e2 & 0xF) << 4) | (e3 >> 2);
|
b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
|
||||||
b3 = ((e3 & 0x3) << 6) | e4;
|
b3 = (byte)(((e3 & 0x3) << 6) | e4);
|
||||||
|
|
||||||
out[i++] = b1;
|
out[i++] = b1;
|
||||||
if (!pad3)
|
if (!pad3)
|
||||||
@ -251,8 +251,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
|
|||||||
|
|
||||||
/* encoded idx */
|
/* encoded idx */
|
||||||
byte e1 = b1 >> 2;
|
byte e1 = b1 >> 2;
|
||||||
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4);
|
byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
|
||||||
byte e3 = ((b2 & 0xF) << 2) | (b3 >> 6);
|
byte e3 = (byte)(((b2 & 0xF) << 2) | (b3 >> 6));
|
||||||
byte e4 = b3 & 0x3F;
|
byte e4 = b3 & 0x3F;
|
||||||
|
|
||||||
/* store */
|
/* store */
|
||||||
@ -281,8 +281,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
|
|||||||
byte b2 = (twoBytes) ? in[j++] : 0;
|
byte b2 = (twoBytes) ? in[j++] : 0;
|
||||||
|
|
||||||
byte e1 = b1 >> 2;
|
byte e1 = b1 >> 2;
|
||||||
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4);
|
byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
|
||||||
byte e3 = (b2 & 0xF) << 2;
|
byte e3 = (byte)((b2 & 0xF) << 2);
|
||||||
|
|
||||||
ret = CEscape(escaped, e1, out, &i, *outLen, 0);
|
ret = CEscape(escaped, e1, out, &i, *outLen, 0);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
@ -375,7 +375,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
|
|||||||
if (b == BAD || b2 == BAD)
|
if (b == BAD || b2 == BAD)
|
||||||
return ASN_INPUT_E;
|
return ASN_INPUT_E;
|
||||||
|
|
||||||
out[outIdx++] = (b << 4) | b2;
|
out[outIdx++] = (byte)((b << 4) | b2);
|
||||||
inLen -= 2;
|
inLen -= 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -633,7 +633,7 @@ static const int bytebit[] = {
|
|||||||
0200,0100,040,020,010,04,02,01
|
0200,0100,040,020,010,04,02,01
|
||||||
};
|
};
|
||||||
|
|
||||||
const word32 Spbox[8][64] = {
|
static const word32 Spbox[8][64] = {
|
||||||
{
|
{
|
||||||
0x01010400,0x00000000,0x00010000,0x01010404,
|
0x01010400,0x00000000,0x00010000,0x01010404,
|
||||||
0x01010004,0x00010404,0x00000004,0x00010000,
|
0x01010004,0x00010404,0x00000004,0x00010000,
|
||||||
|
@ -971,7 +971,8 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
|
|||||||
mp_int mu;
|
mp_int mu;
|
||||||
mp_digit mp;
|
mp_digit mp;
|
||||||
unsigned long buf;
|
unsigned long buf;
|
||||||
int first, bitbuf, bitcpy, bitcnt, mode, digidx;
|
int first = 1, bitbuf = 0, bitcpy = 0, bitcnt = 0, mode = 0,
|
||||||
|
digidx = 0;
|
||||||
|
|
||||||
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
|
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
|
||||||
return ECC_BAD_ARG_E;
|
return ECC_BAD_ARG_E;
|
||||||
|
@ -86,7 +86,6 @@ static int InitHmac(Hmac* hmac, int type)
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -161,7 +161,7 @@ void Md4Update(Md4* md4, const byte* data, word32 len)
|
|||||||
|
|
||||||
if (md4->buffLen == MD4_BLOCK_SIZE) {
|
if (md4->buffLen == MD4_BLOCK_SIZE) {
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
|
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
Transform(md4);
|
Transform(md4);
|
||||||
AddLength(md4, MD4_BLOCK_SIZE);
|
AddLength(md4, MD4_BLOCK_SIZE);
|
||||||
@ -185,7 +185,7 @@ void Md4Final(Md4* md4, byte* hash)
|
|||||||
md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
|
md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
|
||||||
|
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
|
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
Transform(md4);
|
Transform(md4);
|
||||||
md4->buffLen = 0;
|
md4->buffLen = 0;
|
||||||
@ -199,7 +199,7 @@ void Md4Final(Md4* md4, byte* hash)
|
|||||||
|
|
||||||
/* store lengths */
|
/* store lengths */
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, MD4_BLOCK_SIZE);
|
ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
/* ! length ordering dependent on digest endian type ! */
|
/* ! length ordering dependent on digest endian type ! */
|
||||||
XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
|
XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));
|
||||||
|
@ -300,7 +300,7 @@ void Md5Update(Md5* md5, const byte* data, word32 len)
|
|||||||
|
|
||||||
if (md5->buffLen == MD5_BLOCK_SIZE) {
|
if (md5->buffLen == MD5_BLOCK_SIZE) {
|
||||||
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
|
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(md5, local);
|
XTRANSFORM(md5, local);
|
||||||
AddLength(md5, MD5_BLOCK_SIZE);
|
AddLength(md5, MD5_BLOCK_SIZE);
|
||||||
@ -324,7 +324,7 @@ void Md5Final(Md5* md5, byte* hash)
|
|||||||
md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
|
md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
|
||||||
|
|
||||||
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
|
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(md5, local);
|
XTRANSFORM(md5, local);
|
||||||
md5->buffLen = 0;
|
md5->buffLen = 0;
|
||||||
@ -338,7 +338,7 @@ void Md5Final(Md5* md5, byte* hash)
|
|||||||
|
|
||||||
/* store lengths */
|
/* store lengths */
|
||||||
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, MD5_BLOCK_SIZE);
|
ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
/* ! length ordering dependent on digest endian type ! */
|
/* ! length ordering dependent on digest endian type ! */
|
||||||
XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
|
XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
|
||||||
|
@ -146,15 +146,6 @@ STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
|
|||||||
#endif /* WORD64_AVAILABLE */
|
#endif /* WORD64_AVAILABLE */
|
||||||
|
|
||||||
|
|
||||||
STATIC INLINE void ByteReverseBytes(byte* out, const byte* in, word32 byteCount)
|
|
||||||
{
|
|
||||||
word32* op = (word32*)out;
|
|
||||||
const word32* ip = (const word32*)in;
|
|
||||||
|
|
||||||
ByteReverseWords(op, ip, byteCount);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
STATIC INLINE void XorWords(word* r, const word* a, word32 n)
|
STATIC INLINE void XorWords(word* r, const word* a, word32 n)
|
||||||
{
|
{
|
||||||
word32 i;
|
word32 i;
|
||||||
@ -163,13 +154,16 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
|
STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
||||||
{
|
{
|
||||||
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
|
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
|
||||||
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
|
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
|
||||||
else {
|
else {
|
||||||
word32 i;
|
word32 i;
|
||||||
for (i = 0; i < count; i++) buf[i] ^= mask[i];
|
byte* b = (byte*)buf;
|
||||||
|
const byte* m = (const byte*)mask;
|
||||||
|
|
||||||
|
for (i = 0; i < count; i++) b[i] ^= m[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#undef STATIC
|
#undef STATIC
|
||||||
|
@ -631,6 +631,18 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#elif defined(CYASSL_TYTO)
|
||||||
|
|
||||||
|
int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for (i = 0; i < sz; i++ )
|
||||||
|
output[i] = rand_gen();
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
#elif defined(NO_DEV_RANDOM)
|
#elif defined(NO_DEV_RANDOM)
|
||||||
|
|
||||||
#error "you need to write an os specific GenerateSeed() here"
|
#error "you need to write an os specific GenerateSeed() here"
|
||||||
|
@ -295,7 +295,8 @@ void RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
|
|||||||
|
|
||||||
if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) {
|
if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) {
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
|
ByteReverseWords(ripemd->buffer, ripemd->buffer,
|
||||||
|
RIPEMD_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
Transform(ripemd);
|
Transform(ripemd);
|
||||||
AddLength(ripemd, RIPEMD_BLOCK_SIZE);
|
AddLength(ripemd, RIPEMD_BLOCK_SIZE);
|
||||||
@ -319,7 +320,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
|
|||||||
ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen;
|
ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen;
|
||||||
|
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
|
ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
Transform(ripemd);
|
Transform(ripemd);
|
||||||
ripemd->buffLen = 0;
|
ripemd->buffLen = 0;
|
||||||
@ -333,7 +334,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
|
|||||||
|
|
||||||
/* store lengths */
|
/* store lengths */
|
||||||
#ifdef BIG_ENDIAN_ORDER
|
#ifdef BIG_ENDIAN_ORDER
|
||||||
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE);
|
ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
/* ! length ordering dependent on digest endian type ! */
|
/* ! length ordering dependent on digest endian type ! */
|
||||||
XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32));
|
XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32));
|
||||||
|
@ -311,7 +311,7 @@ void ShaUpdate(Sha* sha, const byte* data, word32 len)
|
|||||||
|
|
||||||
if (sha->buffLen == SHA_BLOCK_SIZE) {
|
if (sha->buffLen == SHA_BLOCK_SIZE) {
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
|
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(sha, local);
|
XTRANSFORM(sha, local);
|
||||||
AddLength(sha, SHA_BLOCK_SIZE);
|
AddLength(sha, SHA_BLOCK_SIZE);
|
||||||
@ -335,7 +335,7 @@ void ShaFinal(Sha* sha, byte* hash)
|
|||||||
sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
|
sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
|
||||||
|
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
|
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(sha, local);
|
XTRANSFORM(sha, local);
|
||||||
sha->buffLen = 0;
|
sha->buffLen = 0;
|
||||||
@ -349,7 +349,7 @@ void ShaFinal(Sha* sha, byte* hash)
|
|||||||
|
|
||||||
/* store lengths */
|
/* store lengths */
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA_BLOCK_SIZE);
|
ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
/* ! length ordering dependent on digest endian type ! */
|
/* ! length ordering dependent on digest endian type ! */
|
||||||
XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
|
XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
|
||||||
@ -357,7 +357,8 @@ void ShaFinal(Sha* sha, byte* hash)
|
|||||||
|
|
||||||
#ifdef FREESCALE_MMCAU
|
#ifdef FREESCALE_MMCAU
|
||||||
/* Kinetis requires only these bytes reversed */
|
/* Kinetis requires only these bytes reversed */
|
||||||
ByteReverseBytes(&local[SHA_PAD_SIZE], &local[SHA_PAD_SIZE],
|
ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
|
||||||
|
&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
|
||||||
2 * sizeof(word32));
|
2 * sizeof(word32));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -167,7 +167,8 @@ void Sha256Update(Sha256* sha256, const byte* data, word32 len)
|
|||||||
|
|
||||||
if (sha256->buffLen == SHA256_BLOCK_SIZE) {
|
if (sha256->buffLen == SHA256_BLOCK_SIZE) {
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
|
ByteReverseWords(sha256->buffer, sha256->buffer,
|
||||||
|
SHA256_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(sha256, local);
|
XTRANSFORM(sha256, local);
|
||||||
AddLength(sha256, SHA256_BLOCK_SIZE);
|
AddLength(sha256, SHA256_BLOCK_SIZE);
|
||||||
@ -191,7 +192,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
|
|||||||
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
|
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
|
||||||
|
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
|
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
XTRANSFORM(sha256, local);
|
XTRANSFORM(sha256, local);
|
||||||
sha256->buffLen = 0;
|
sha256->buffLen = 0;
|
||||||
@ -205,7 +206,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
|
|||||||
|
|
||||||
/* store lengths */
|
/* store lengths */
|
||||||
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
|
||||||
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE);
|
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
/* ! length ordering dependent on digest endian type ! */
|
/* ! length ordering dependent on digest endian type ! */
|
||||||
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
|
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
|
||||||
@ -214,7 +215,8 @@ void Sha256Final(Sha256* sha256, byte* hash)
|
|||||||
|
|
||||||
#ifdef FREESCALE_MMCAU
|
#ifdef FREESCALE_MMCAU
|
||||||
/* Kinetis requires only these bytes reversed */
|
/* Kinetis requires only these bytes reversed */
|
||||||
ByteReverseBytes(&local[SHA256_PAD_SIZE], &local[SHA256_PAD_SIZE],
|
ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
|
||||||
|
&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
|
||||||
2 * sizeof(word32));
|
2 * sizeof(word32));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2402,7 +2402,7 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
|
|||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
|
|
||||||
/* chars used in radix conversions */
|
/* chars used in radix conversions */
|
||||||
const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
|
static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
|
||||||
|
|
||||||
static int fp_read_radix(fp_int *a, const char *str, int radix)
|
static int fp_read_radix(fp_int *a, const char *str, int radix)
|
||||||
{
|
{
|
||||||
|
@ -121,7 +121,9 @@
|
|||||||
#define printf dc_log_printf
|
#define printf dc_log_printf
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef CYASSL_TYTO
|
||||||
#include "ctaocrypt/test/test.h"
|
#include "ctaocrypt/test/test.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
typedef struct testVector {
|
typedef struct testVector {
|
||||||
@ -2410,10 +2412,6 @@ int camellia_test(void)
|
|||||||
{CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
|
{CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
|
||||||
};
|
};
|
||||||
|
|
||||||
if ((sizeof(pte) != CAMELLIA_BLOCK_SIZE) ||
|
|
||||||
(sizeof(ptc) != CAMELLIA_BLOCK_SIZE))
|
|
||||||
return -113;
|
|
||||||
|
|
||||||
testsSz = sizeof(testVectors)/sizeof(test_vector_t);
|
testsSz = sizeof(testVectors)/sizeof(test_vector_t);
|
||||||
for (i = 0; i < testsSz; i++) {
|
for (i = 0; i < testsSz; i++) {
|
||||||
CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
|
CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
|
||||||
@ -3786,7 +3784,7 @@ int ecc_test(void)
|
|||||||
|
|
||||||
/* test DSA sign hash */
|
/* test DSA sign hash */
|
||||||
for (i = 0; i < (int)sizeof(digest); i++)
|
for (i = 0; i < (int)sizeof(digest); i++)
|
||||||
digest[i] = i;
|
digest[i] = (byte)i;
|
||||||
|
|
||||||
x = sizeof(sig);
|
x = sizeof(sig);
|
||||||
ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
|
ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);
|
||||||
|
@ -227,6 +227,11 @@ enum SepHardwareName_Sum {
|
|||||||
HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
|
HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
|
||||||
};
|
};
|
||||||
|
|
||||||
|
enum AuthInfo_Sum {
|
||||||
|
AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
|
||||||
|
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
enum VerifyType {
|
enum VerifyType {
|
||||||
NO_VERIFY = 0,
|
NO_VERIFY = 0,
|
||||||
|
@ -42,13 +42,11 @@ CYASSL_LOCAL
|
|||||||
word32 ByteReverseWord32(word32);
|
word32 ByteReverseWord32(word32);
|
||||||
CYASSL_LOCAL
|
CYASSL_LOCAL
|
||||||
void ByteReverseWords(word32*, const word32*, word32);
|
void ByteReverseWords(word32*, const word32*, word32);
|
||||||
CYASSL_LOCAL
|
|
||||||
void ByteReverseBytes(byte*, const byte*, word32);
|
|
||||||
|
|
||||||
CYASSL_LOCAL
|
CYASSL_LOCAL
|
||||||
void XorWords(word*, const word*, word32);
|
void XorWords(word*, const word*, word32);
|
||||||
CYASSL_LOCAL
|
CYASSL_LOCAL
|
||||||
void xorbuf(byte*, const byte*, word32);
|
void xorbuf(void*, const void*, word32);
|
||||||
|
|
||||||
#ifdef WORD64_AVAILABLE
|
#ifdef WORD64_AVAILABLE
|
||||||
CYASSL_LOCAL
|
CYASSL_LOCAL
|
||||||
|
@ -111,6 +111,77 @@ CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
|
|||||||
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
|
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
|
||||||
|
|
||||||
|
|
||||||
|
/* filesystem abstraction layer, used by ssl.c */
|
||||||
|
#ifndef NO_FILESYSTEM
|
||||||
|
|
||||||
|
#if defined(EBSNET)
|
||||||
|
#define XFILE int
|
||||||
|
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
|
||||||
|
#define XFSEEK vf_lseek
|
||||||
|
#define XFTELL vf_tell
|
||||||
|
#define XREWIND vf_rewind
|
||||||
|
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
|
||||||
|
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
|
||||||
|
#define XFCLOSE vf_close
|
||||||
|
#define XSEEK_END VSEEK_END
|
||||||
|
#define XBADFILE -1
|
||||||
|
#elif defined(LSR_FS)
|
||||||
|
#include <fs.h>
|
||||||
|
#define XFILE struct fs_file*
|
||||||
|
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
|
||||||
|
#define XFSEEK(F, O, W) (void)F
|
||||||
|
#define XFTELL(F) (F)->len
|
||||||
|
#define XREWIND(F) (void)F
|
||||||
|
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
|
||||||
|
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
|
||||||
|
#define XFCLOSE fs_close
|
||||||
|
#define XSEEK_END 0
|
||||||
|
#define XBADFILE NULL
|
||||||
|
#elif defined(FREESCALE_MQX)
|
||||||
|
#define XFILE MQX_FILE_PTR
|
||||||
|
#define XFOPEN fopen
|
||||||
|
#define XFSEEK fseek
|
||||||
|
#define XFTELL ftell
|
||||||
|
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
|
||||||
|
#define XFREAD fread
|
||||||
|
#define XFWRITE fwrite
|
||||||
|
#define XFCLOSE fclose
|
||||||
|
#define XSEEK_END IO_SEEK_END
|
||||||
|
#define XBADFILE NULL
|
||||||
|
#elif defined(MICRIUM)
|
||||||
|
#include <fs.h>
|
||||||
|
#define XFILE FS_FILE*
|
||||||
|
#define XFOPEN fs_fopen
|
||||||
|
#define XFSEEK fs_fseek
|
||||||
|
#define XFTELL fs_ftell
|
||||||
|
#define XREWIND fs_rewind
|
||||||
|
#define XFREAD fs_fread
|
||||||
|
#define XFWRITE fs_fwrite
|
||||||
|
#define XFCLOSE fs_fclose
|
||||||
|
#define XSEEK_END FS_SEEK_END
|
||||||
|
#define XBADFILE NULL
|
||||||
|
#else
|
||||||
|
/* stdio, default case */
|
||||||
|
#define XFILE FILE*
|
||||||
|
#if defined(CYASSL_MDK_ARM)
|
||||||
|
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
|
||||||
|
#define XFOPEN CyaSSL_fopen
|
||||||
|
#else
|
||||||
|
#define XFOPEN fopen
|
||||||
|
#endif
|
||||||
|
#define XFSEEK fseek
|
||||||
|
#define XFTELL ftell
|
||||||
|
#define XREWIND rewind
|
||||||
|
#define XFREAD fread
|
||||||
|
#define XFWRITE fwrite
|
||||||
|
#define XFCLOSE fclose
|
||||||
|
#define XSEEK_END SEEK_END
|
||||||
|
#define XBADFILE NULL
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* NO_FILESYSTEM */
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
} /* extern "C" */
|
} /* extern "C" */
|
||||||
#endif
|
#endif
|
||||||
|
@ -167,13 +167,25 @@
|
|||||||
#define NO_FILESYSTEM
|
#define NO_FILESYSTEM
|
||||||
#define CYASSL_USER_IO
|
#define CYASSL_USER_IO
|
||||||
#define NO_DEV_RANDOM
|
#define NO_DEV_RANDOM
|
||||||
|
#define HAVE_HKDF
|
||||||
|
#define NO_MAIN_DRIVER
|
||||||
|
#define CYASSL_LWIP
|
||||||
|
|
||||||
|
/* ECC and optimizations */
|
||||||
|
#define FREESCALE_MMCAU 1
|
||||||
#define HAVE_ECC
|
#define HAVE_ECC
|
||||||
#define HAVE_ECC_ENCRYPT
|
#define HAVE_ECC_ENCRYPT
|
||||||
#define ECC_SHAMIR
|
|
||||||
#define HAVE_HKDF
|
|
||||||
#define USE_FAST_MATH
|
#define USE_FAST_MATH
|
||||||
#define TFM_TIMING_RESISTANT
|
#define TFM_TIMING_RESISTANT
|
||||||
|
#define TFM_ECC256
|
||||||
|
#define TFM_ARM
|
||||||
|
#define ECC_SHAMIR
|
||||||
|
#define FP_ECC
|
||||||
|
#define FP_ENTRIES 2
|
||||||
|
#define FP_LUT 4
|
||||||
#define FP_MAX_BITS 512
|
#define FP_MAX_BITS 512
|
||||||
|
|
||||||
|
/* remove features */
|
||||||
#define NO_OLD_TLS
|
#define NO_OLD_TLS
|
||||||
#define NO_MD4
|
#define NO_MD4
|
||||||
#define NO_RABBIT
|
#define NO_RABBIT
|
||||||
|
@ -211,7 +211,9 @@ enum {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef CTYPE_USER
|
#ifndef CTYPE_USER
|
||||||
|
#ifndef CYASSL_TYTO
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
#endif
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_OCSP)
|
#if defined(HAVE_ECC) || defined(HAVE_OCSP)
|
||||||
#define XTOUPPER(c) toupper((c))
|
#define XTOUPPER(c) toupper((c))
|
||||||
#define XISALPHA(c) isalpha((c))
|
#define XISALPHA(c) isalpha((c))
|
||||||
|
@ -599,7 +599,9 @@ enum Misc {
|
|||||||
COOKIE_SZ = 20, /* use a 20 byte cookie */
|
COOKIE_SZ = 20, /* use a 20 byte cookie */
|
||||||
SUITE_LEN = 2, /* cipher suite sz length */
|
SUITE_LEN = 2, /* cipher suite sz length */
|
||||||
ENUM_LEN = 1, /* always a byte */
|
ENUM_LEN = 1, /* always a byte */
|
||||||
OPAQUE16_LEN = 2, /* always 2 bytes */
|
OPAQUE8_LEN = 1, /* 1 byte */
|
||||||
|
OPAQUE16_LEN = 2, /* 2 bytes */
|
||||||
|
OPAQUE24_LEN = 3, /* 3 bytes */
|
||||||
COMP_LEN = 1, /* compression length */
|
COMP_LEN = 1, /* compression length */
|
||||||
CURVE_LEN = 2, /* ecc named curve length */
|
CURVE_LEN = 2, /* ecc named curve length */
|
||||||
SERVER_ID_LEN = 20, /* server session id length */
|
SERVER_ID_LEN = 20, /* server session id length */
|
||||||
@ -1004,6 +1006,7 @@ struct OCSP_Entry {
|
|||||||
struct CYASSL_OCSP {
|
struct CYASSL_OCSP {
|
||||||
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
|
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
|
||||||
OCSP_Entry* ocspList; /* OCSP response list */
|
OCSP_Entry* ocspList; /* OCSP response list */
|
||||||
|
CyaSSL_Mutex ocspLock; /* OCSP list lock */
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifndef MAX_DATE_SIZE
|
#ifndef MAX_DATE_SIZE
|
||||||
@ -1182,7 +1185,7 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
|
|||||||
|
|
||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
|
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
|
|
||||||
typedef struct EllipticCurve {
|
typedef struct EllipticCurve {
|
||||||
word16 name; /* CurveNames */
|
word16 name; /* CurveNames */
|
||||||
@ -1190,14 +1193,14 @@ typedef struct EllipticCurve {
|
|||||||
|
|
||||||
} EllipticCurve;
|
} EllipticCurve;
|
||||||
|
|
||||||
CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name);
|
CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
|
||||||
|
|
||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
|
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
|
||||||
byte second);
|
byte second);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
#endif /* HAVE_TLS_EXTENSIONS */
|
#endif /* HAVE_TLS_EXTENSIONS */
|
||||||
|
|
||||||
|
16
cyassl/ssl.h
16
cyassl/ssl.h
@ -619,7 +619,7 @@ enum {
|
|||||||
|
|
||||||
/* extras end */
|
/* extras end */
|
||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||||
/* CyaSSL extension, provide last error from SSL_get_error
|
/* CyaSSL extension, provide last error from SSL_get_error
|
||||||
since not using thread storage error queue */
|
since not using thread storage error queue */
|
||||||
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
|
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
|
||||||
@ -824,8 +824,10 @@ CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
|
|||||||
CYASSL_API CYASSL_X509*
|
CYASSL_API CYASSL_X509*
|
||||||
CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
|
CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
|
#ifndef NO_STDIO_FILESYSTEM
|
||||||
CYASSL_API CYASSL_X509*
|
CYASSL_API CYASSL_X509*
|
||||||
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
|
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
|
||||||
|
#endif
|
||||||
CYASSL_API CYASSL_X509*
|
CYASSL_API CYASSL_X509*
|
||||||
CyaSSL_X509_load_certificate_file(const char* fname, int format);
|
CyaSSL_X509_load_certificate_file(const char* fname, int format);
|
||||||
#endif
|
#endif
|
||||||
@ -1244,7 +1246,7 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
|
|||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
|
|
||||||
/* Elliptic Curves */
|
/* Elliptic Curves */
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
|
|
||||||
enum {
|
enum {
|
||||||
CYASSL_ECC_SECP160R1 = 0x10,
|
CYASSL_ECC_SECP160R1 = 0x10,
|
||||||
@ -1257,12 +1259,12 @@ enum {
|
|||||||
|
|
||||||
#ifndef NO_CYASSL_CLIENT
|
#ifndef NO_CYASSL_CLIENT
|
||||||
|
|
||||||
CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name);
|
CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name);
|
||||||
CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx,
|
CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx,
|
||||||
unsigned short name);
|
unsigned short name);
|
||||||
|
|
||||||
#endif /* NO_CYASSL_CLIENT */
|
#endif /* NO_CYASSL_CLIENT */
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
|
|
||||||
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
|
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
|
||||||
@ -1290,6 +1292,10 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
|
|||||||
CYASSL_API void CyaSSL_wolfSCEP(void);
|
CYASSL_API void CyaSSL_wolfSCEP(void);
|
||||||
#endif /* CYASSL_HAVE_WOLFSCEP */
|
#endif /* CYASSL_HAVE_WOLFSCEP */
|
||||||
|
|
||||||
|
#ifdef CYASSL_HAVE_CERT_SERVICE
|
||||||
|
CYASSL_API void CyaSSL_cert_service(void);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
} /* extern "C" */
|
} /* extern "C" */
|
||||||
|
@ -167,8 +167,8 @@
|
|||||||
#define crlPemDir "./certs/crl"
|
#define crlPemDir "./certs/crl"
|
||||||
|
|
||||||
typedef struct tcp_ready {
|
typedef struct tcp_ready {
|
||||||
int ready; /* predicate */
|
word16 ready; /* predicate */
|
||||||
int port;
|
word16 port;
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_mutex_t mutex;
|
pthread_mutex_t mutex;
|
||||||
pthread_cond_t cond;
|
pthread_cond_t cond;
|
||||||
@ -290,7 +290,7 @@ static INLINE int mygetopt(int argc, char** argv, const char* optstring)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
|
|
||||||
static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
|
static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
|
||||||
{
|
{
|
||||||
@ -566,7 +566,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
|
|||||||
#endif /* !CYASSL_MDK_ARM */
|
#endif /* !CYASSL_MDK_ARM */
|
||||||
|
|
||||||
|
|
||||||
static INLINE void tcp_listen(SOCKET_T* sockfd, int* port, int useAnyAddr,
|
static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
|
||||||
int udp)
|
int udp)
|
||||||
{
|
{
|
||||||
SOCKADDR_IN_T addr;
|
SOCKADDR_IN_T addr;
|
||||||
@ -628,7 +628,7 @@ static INLINE int udp_read_connect(SOCKET_T sockfd)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||||
int useAnyAddr, int port, func_args* args)
|
int useAnyAddr, word16 port, func_args* args)
|
||||||
{
|
{
|
||||||
SOCKADDR_IN_T addr;
|
SOCKADDR_IN_T addr;
|
||||||
|
|
||||||
@ -679,7 +679,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
|
||||||
func_args* args, int port, int useAnyAddr,
|
func_args* args, word16 port, int useAnyAddr,
|
||||||
int udp)
|
int udp)
|
||||||
{
|
{
|
||||||
SOCKADDR_IN_T client;
|
SOCKADDR_IN_T client;
|
||||||
@ -1154,7 +1154,8 @@ static INLINE int CurrentDir(const char* str)
|
|||||||
if (ptr == NULL)
|
if (ptr == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
|
mt = (memoryTrack*)ptr;
|
||||||
|
--mt; /* same as minus sizeof(memoryTrack), removes header */
|
||||||
|
|
||||||
#ifdef DO_MEM_STATS
|
#ifdef DO_MEM_STATS
|
||||||
ourMemStats.currentBytes -= mt->u.hint.thisSize;
|
ourMemStats.currentBytes -= mt->u.hint.thisSize;
|
||||||
@ -1170,7 +1171,8 @@ static INLINE int CurrentDir(const char* str)
|
|||||||
|
|
||||||
if (ptr) {
|
if (ptr) {
|
||||||
/* if realloc is bigger, don't overread old ptr */
|
/* if realloc is bigger, don't overread old ptr */
|
||||||
memoryTrack* mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack));
|
memoryTrack* mt = (memoryTrack*)ptr;
|
||||||
|
--mt; /* same as minus sizeof(memoryTrack), removes header */
|
||||||
|
|
||||||
if (mt->u.hint.thisSize < sz)
|
if (mt->u.hint.thisSize < sz)
|
||||||
sz = mt->u.hint.thisSize;
|
sz = mt->u.hint.thisSize;
|
||||||
|
@ -26,8 +26,8 @@
|
|||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define LIBCYASSL_VERSION_STRING "2.8.6"
|
#define LIBCYASSL_VERSION_STRING "2.9.1"
|
||||||
#define LIBCYASSL_VERSION_HEX 0x02008006
|
#define LIBCYASSL_VERSION_HEX 0x02009001
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
@ -137,7 +137,7 @@ static void Usage(void)
|
|||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
printf("-S <str> Use Host Name Indication\n");
|
printf("-S <str> Use Host Name Indication\n");
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_MAXFRAGMENT
|
#ifdef HAVE_MAX_FRAGMENT
|
||||||
printf("-L <num> Use Maximum Fragment Length [1-5]\n");
|
printf("-L <num> Use Maximum Fragment Length [1-5]\n");
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_TRUNCATED_HMAC
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
@ -178,7 +178,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||||||
int input;
|
int input;
|
||||||
int msgSz = (int)strlen(msg);
|
int msgSz = (int)strlen(msg);
|
||||||
|
|
||||||
int port = yasslPort;
|
word16 port = yasslPort;
|
||||||
char* host = (char*)yasslIP;
|
char* host = (char*)yasslIP;
|
||||||
char* domain = (char*)"www.yassl.com";
|
char* domain = (char*)"www.yassl.com";
|
||||||
|
|
||||||
@ -296,7 +296,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'p' :
|
case 'p' :
|
||||||
port = atoi(myoptarg);
|
port = (word16)atoi(myoptarg);
|
||||||
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
||||||
if (port == 0)
|
if (port == 0)
|
||||||
err_sys("port number cannot be 0");
|
err_sys("port number cannot be 0");
|
||||||
@ -495,7 +495,7 @@ SWITCH_STAT {
|
|||||||
useClientCert = 0;
|
useClientCert = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ void echoclient_test(void* args)
|
|||||||
int sendSz;
|
int sendSz;
|
||||||
int argc = 0;
|
int argc = 0;
|
||||||
char** argv = 0;
|
char** argv = 0;
|
||||||
int port = yasslPort;
|
word16 port = yasslPort;
|
||||||
|
|
||||||
((func_args*)args)->return_code = -1; /* error state */
|
((func_args*)args)->return_code = -1; /* error state */
|
||||||
|
|
||||||
@ -139,7 +139,7 @@ void echoclient_test(void* args)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
|
|
||||||
#define SVR_COMMAND_SIZE 256
|
#define SVR_COMMAND_SIZE 256
|
||||||
|
|
||||||
static void SignalReady(void* args, int port)
|
static void SignalReady(void* args, word16 port)
|
||||||
{
|
{
|
||||||
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
|
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
|
||||||
/* signal ready to tcp_accept */
|
/* signal ready to tcp_accept */
|
||||||
@ -76,7 +76,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||||||
int outCreated = 0;
|
int outCreated = 0;
|
||||||
int shutDown = 0;
|
int shutDown = 0;
|
||||||
int useAnyAddr = 0;
|
int useAnyAddr = 0;
|
||||||
int port = yasslPort;
|
word16 port = yasslPort;
|
||||||
int argc = ((func_args*)args)->argc;
|
int argc = ((func_args*)args)->argc;
|
||||||
char** argv = ((func_args*)args)->argv;
|
char** argv = ((func_args*)args)->argv;
|
||||||
|
|
||||||
@ -125,7 +125,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||||||
ctx = CyaSSL_CTX_new(method);
|
ctx = CyaSSL_CTX_new(method);
|
||||||
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
|
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
int version = SERVER_DEFAULT_VERSION;
|
int version = SERVER_DEFAULT_VERSION;
|
||||||
int doCliCertCheck = 1;
|
int doCliCertCheck = 1;
|
||||||
int useAnyAddr = 0;
|
int useAnyAddr = 0;
|
||||||
int port = yasslPort;
|
word16 port = yasslPort;
|
||||||
int usePsk = 0;
|
int usePsk = 0;
|
||||||
int doDTLS = 0;
|
int doDTLS = 0;
|
||||||
int useNtruKey = 0;
|
int useNtruKey = 0;
|
||||||
@ -230,7 +230,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'p' :
|
case 'p' :
|
||||||
port = atoi(myoptarg);
|
port = (word16)atoi(myoptarg);
|
||||||
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
|
||||||
if (port == 0)
|
if (port == 0)
|
||||||
err_sys("port number cannot be 0");
|
err_sys("port number cannot be 0");
|
||||||
@ -374,7 +374,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
if (fewerPackets)
|
if (fewerPackets)
|
||||||
CyaSSL_CTX_set_group_messages(ctx);
|
CyaSSL_CTX_set_group_messages(ctx);
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -51,9 +51,7 @@ AC_DEFUN([AX_DEBUG],
|
|||||||
[AS_HELP_STRING([--enable-debug],
|
[AS_HELP_STRING([--enable-debug],
|
||||||
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],
|
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],
|
||||||
[ax_enable_debug=yes
|
[ax_enable_debug=yes
|
||||||
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])
|
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])],
|
||||||
AX_ADD_AM_MACRO([--debug],[AM_YFLAGS])
|
|
||||||
AX_ADD_AM_MACRO([-D_GLIBCXX_DEBUG],[AM_CPPFLAGS])],
|
|
||||||
[ax_enable_debug=no
|
[ax_enable_debug=no
|
||||||
AC_SUBST([MCHECK])
|
AC_SUBST([MCHECK])
|
||||||
AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])])
|
AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])])
|
||||||
|
@ -117,10 +117,11 @@
|
|||||||
AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra])
|
||||||
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra])
|
||||||
|
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cflags_extra])
|
||||||
dnl Anything below this comment please keep sorted.
|
dnl Anything below this comment please keep sorted.
|
||||||
AS_IF([test "$CC" = "clang"],[],[
|
AS_IF([test "$CC" = "clang"],[],[
|
||||||
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra])
|
||||||
@ -156,6 +157,7 @@
|
|||||||
AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
|
||||||
|
AX_APPEND_COMPILE_FLAGS([-fPIE],,[$ax_append_compile_cflags_extra])
|
||||||
AC_LANG_POP
|
AC_LANG_POP
|
||||||
])
|
])
|
||||||
|
|
||||||
@ -185,10 +187,11 @@
|
|||||||
])
|
])
|
||||||
|
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cxxflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra])
|
||||||
|
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cxxflags_extra])
|
||||||
dnl Anything below this comment please keep sorted.
|
dnl Anything below this comment please keep sorted.
|
||||||
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra])
|
||||||
AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra])
|
AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra])
|
||||||
|
18
m4/ax_tls.m4
18
m4/ax_tls.m4
@ -44,7 +44,23 @@
|
|||||||
# modified version of the Autoconf Macro, you may extend this special
|
# modified version of the Autoconf Macro, you may extend this special
|
||||||
# exception to the GPL to apply to your modified version as well.
|
# exception to the GPL to apply to your modified version as well.
|
||||||
|
|
||||||
#serial 10
|
#serial 11
|
||||||
|
|
||||||
|
# Define m4_ifblank and m4_ifnblank macros from introduced in
|
||||||
|
# autotools 2.64 m4sugar.m4 if using an earlier autotools.
|
||||||
|
|
||||||
|
ifdef([m4_ifblank], [], [
|
||||||
|
m4_define([m4_ifblank],
|
||||||
|
[m4_if(m4_translit([[$1]], [ ][ ][
|
||||||
|
]), [], [$2], [$3])])
|
||||||
|
])
|
||||||
|
|
||||||
|
|
||||||
|
ifdef([m4_ifnblank], [], [
|
||||||
|
m4_define([m4_ifnblank],
|
||||||
|
[m4_if(m4_translit([[$1]], [ ][ ][
|
||||||
|
]), [], [$3], [$2])])
|
||||||
|
])
|
||||||
|
|
||||||
AC_DEFUN([AX_TLS], [
|
AC_DEFUN([AX_TLS], [
|
||||||
AC_MSG_CHECKING(for thread local storage (TLS) class)
|
AC_MSG_CHECKING(for thread local storage (TLS) class)
|
||||||
|
17
rpm/spec.in
17
rpm/spec.in
@ -4,7 +4,15 @@ Version: @VERSION@
|
|||||||
Release: 1
|
Release: 1
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
BuildRequires: bison
|
BuildRequires: gcc
|
||||||
|
BuildRequires: glibc
|
||||||
|
BuildRequires: glibc-common
|
||||||
|
BuildRequires: glibc-devel
|
||||||
|
BuildRequires: glibc-headers
|
||||||
|
BuildRequires: make
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: sed
|
||||||
|
BuildRequires: tar
|
||||||
URL: http://www.yassl.com/yaSSL/Home.html
|
URL: http://www.yassl.com/yaSSL/Home.html
|
||||||
|
|
||||||
Packager: Brian Aker <brian@tangent.org>
|
Packager: Brian Aker <brian@tangent.org>
|
||||||
@ -61,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
|
|||||||
%{_libdir}/libcyassl.la
|
%{_libdir}/libcyassl.la
|
||||||
%{_libdir}/libcyassl.so
|
%{_libdir}/libcyassl.so
|
||||||
%{_libdir}/libcyassl.so.5
|
%{_libdir}/libcyassl.so.5
|
||||||
%{_libdir}/libcyassl.so.5.0.2
|
%{_libdir}/libcyassl.so.5.0.3
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
@ -96,6 +104,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
|||||||
%{_includedir}/cyassl/ctaocrypt/misc.h
|
%{_includedir}/cyassl/ctaocrypt/misc.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/mpi_class.h
|
%{_includedir}/cyassl/ctaocrypt/mpi_class.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/mpi_superclass.h
|
%{_includedir}/cyassl/ctaocrypt/mpi_superclass.h
|
||||||
|
%{_includedir}/cyassl/ctaocrypt/pkcs7.h
|
||||||
|
%{_includedir}/cyassl/ctaocrypt/port.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/pwdbased.h
|
%{_includedir}/cyassl/ctaocrypt/pwdbased.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/rabbit.h
|
%{_includedir}/cyassl/ctaocrypt/rabbit.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/random.h
|
%{_includedir}/cyassl/ctaocrypt/random.h
|
||||||
@ -109,7 +119,6 @@ mkdir -p $RPM_BUILD_ROOT/
|
|||||||
%{_includedir}/cyassl/ctaocrypt/types.h
|
%{_includedir}/cyassl/ctaocrypt/types.h
|
||||||
%{_includedir}/cyassl/ctaocrypt/visibility.h
|
%{_includedir}/cyassl/ctaocrypt/visibility.h
|
||||||
%{_includedir}/cyassl/error.h
|
%{_includedir}/cyassl/error.h
|
||||||
%{_includedir}/cyassl/internal.h
|
|
||||||
%{_includedir}/cyassl/ocsp.h
|
%{_includedir}/cyassl/ocsp.h
|
||||||
%{_includedir}/cyassl/openssl/asn1.h
|
%{_includedir}/cyassl/openssl/asn1.h
|
||||||
%{_includedir}/cyassl/openssl/bio.h
|
%{_includedir}/cyassl/openssl/bio.h
|
||||||
@ -152,5 +161,5 @@ mkdir -p $RPM_BUILD_ROOT/
|
|||||||
%{_libdir}/pkgconfig/cyassl.pc
|
%{_libdir}/pkgconfig/cyassl.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Oct 20 2012 Brian Aker <brian@tangent.org> - 0.1-1
|
* Fri Oct 20 2012 Brian Aker <brian@tangent.org>
|
||||||
- Initial package
|
- Initial package
|
||||||
|
373
src/internal.c
373
src/internal.c
@ -79,8 +79,7 @@ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
|
|||||||
|
|
||||||
|
|
||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32,
|
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32);
|
||||||
word32);
|
|
||||||
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
|
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
|
||||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||||
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
|
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
|
||||||
@ -232,7 +231,7 @@ static INLINE void c24to32(const word24 u24, word32* u32)
|
|||||||
/* convert opaque to 16 bit integer */
|
/* convert opaque to 16 bit integer */
|
||||||
static INLINE void ato16(const byte* c, word16* u16)
|
static INLINE void ato16(const byte* c, word16* u16)
|
||||||
{
|
{
|
||||||
*u16 = (c[0] << 8) | (c[1]);
|
*u16 = (word16) ((c[0] << 8) | (c[1]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -368,7 +367,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||||||
ctx->eccTempKeySz = ECDHE_SIZE;
|
ctx->eccTempKeySz = ECDHE_SIZE;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
ctx->passwd_cb = 0;
|
ctx->passwd_cb = 0;
|
||||||
ctx->userdata = 0;
|
ctx->userdata = 0;
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
@ -2827,7 +2826,7 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* verify record type here as well */
|
/* verify record type here as well */
|
||||||
switch ((enum ContentType)rh->type) {
|
switch (rh->type) {
|
||||||
case handshake:
|
case handshake:
|
||||||
case change_cipher_spec:
|
case change_cipher_spec:
|
||||||
case application_data:
|
case application_data:
|
||||||
@ -3732,7 +3731,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
|
|
||||||
CYASSL_ENTER("DoHandShakeMsgType");
|
CYASSL_ENTER("DoHandShakeMsgType");
|
||||||
|
|
||||||
|
/* make sure can read the message */
|
||||||
|
if (*inOutIdx + size > totalSz)
|
||||||
|
return INCOMPLETE_DATA;
|
||||||
|
|
||||||
HashInput(ssl, input + *inOutIdx, size);
|
HashInput(ssl, input + *inOutIdx, size);
|
||||||
|
|
||||||
#ifdef CYASSL_CALLBACKS
|
#ifdef CYASSL_CALLBACKS
|
||||||
/* add name later, add on record and handshake header part back on */
|
/* add name later, add on record and handshake header part back on */
|
||||||
if (ssl->toInfoOn) {
|
if (ssl->toInfoOn) {
|
||||||
@ -3829,12 +3833,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
case client_hello:
|
case client_hello:
|
||||||
CYASSL_MSG("processing client hello");
|
CYASSL_MSG("processing client hello");
|
||||||
ret = DoClientHello(ssl, input, inOutIdx, totalSz, size);
|
ret = DoClientHello(ssl, input, inOutIdx, size);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case client_key_exchange:
|
case client_key_exchange:
|
||||||
CYASSL_MSG("processing client key exchange");
|
CYASSL_MSG("processing client key exchange");
|
||||||
ret = DoClientKeyExchange(ssl, input, inOutIdx, totalSz);
|
ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
#if !defined(NO_RSA) || defined(HAVE_ECC)
|
||||||
@ -3849,6 +3853,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
default:
|
default:
|
||||||
CYASSL_MSG("Unknown handshake message type");
|
CYASSL_MSG("Unknown handshake message type");
|
||||||
ret = UNKNOWN_HANDSHAKE_TYPE;
|
ret = UNKNOWN_HANDSHAKE_TYPE;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
CYASSL_LEAVE("DoHandShakeMsgType()", ret);
|
CYASSL_LEAVE("DoHandShakeMsgType()", ret);
|
||||||
@ -3868,9 +3873,6 @@ static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
|
if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
|
||||||
return PARSE_ERROR;
|
return PARSE_ERROR;
|
||||||
|
|
||||||
if (*inOutIdx + size > totalSz)
|
|
||||||
return INCOMPLETE_DATA;
|
|
||||||
|
|
||||||
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
|
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
|
||||||
|
|
||||||
CYASSL_LEAVE("DoHandShakeMsg()", ret);
|
CYASSL_LEAVE("DoHandShakeMsg()", ret);
|
||||||
@ -3945,7 +3947,6 @@ static int DtlsMsgDrain(CYASSL* ssl)
|
|||||||
{
|
{
|
||||||
DtlsMsg* item = ssl->dtls_msg_list;
|
DtlsMsg* item = ssl->dtls_msg_list;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
word32 idx = 0;
|
|
||||||
|
|
||||||
/* While there is an item in the store list, and it is the expected
|
/* While there is an item in the store list, and it is the expected
|
||||||
* message, and it is complete, and there hasn't been an error in the
|
* message, and it is complete, and there hasn't been an error in the
|
||||||
@ -3954,6 +3955,7 @@ static int DtlsMsgDrain(CYASSL* ssl)
|
|||||||
ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
|
ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
|
||||||
item->fragSz == item->sz &&
|
item->fragSz == item->sz &&
|
||||||
ret == 0) {
|
ret == 0) {
|
||||||
|
word32 idx = 0;
|
||||||
ssl->keys.dtls_expected_peer_handshake_number++;
|
ssl->keys.dtls_expected_peer_handshake_number++;
|
||||||
ret = DoHandShakeMsgType(ssl, item->msg,
|
ret = DoHandShakeMsgType(ssl, item->msg,
|
||||||
&idx, item->type, item->sz, item->sz);
|
&idx, item->type, item->sz, item->sz);
|
||||||
@ -4141,8 +4143,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
|||||||
/* Store the type, version. Unfortunately, they are in
|
/* Store the type, version. Unfortunately, they are in
|
||||||
* the input buffer ahead of the plaintext. */
|
* the input buffer ahead of the plaintext. */
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (ssl->options.dtls)
|
if (ssl->options.dtls) {
|
||||||
|
c16toa(ssl->keys.dtls_epoch, additional);
|
||||||
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
|
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
|
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
|
||||||
|
|
||||||
@ -4163,8 +4167,9 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
|||||||
additional, AEAD_AUTH_DATA_SZ);
|
additional, AEAD_AUTH_DATA_SZ);
|
||||||
AeadIncrementExpIV(ssl);
|
AeadIncrementExpIV(ssl);
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_CAMELLIA
|
#ifdef HAVE_CAMELLIA
|
||||||
@ -4181,7 +4186,6 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
|||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
case cyassl_rabbit:
|
case cyassl_rabbit:
|
||||||
return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
|
return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_NULL_CIPHER
|
#ifdef HAVE_NULL_CIPHER
|
||||||
@ -4279,6 +4283,11 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
/* sequence number field is 64-bits, we only use 32-bits */
|
/* sequence number field is 64-bits, we only use 32-bits */
|
||||||
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
||||||
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
|
if (ssl->options.dtls)
|
||||||
|
c16toa(ssl->keys.dtls_state.curEpoch, additional);
|
||||||
|
#endif
|
||||||
|
|
||||||
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
||||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||||
@ -4318,7 +4327,6 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
case cyassl_rabbit:
|
case cyassl_rabbit:
|
||||||
return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
|
return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_NULL_CIPHER
|
#ifdef HAVE_NULL_CIPHER
|
||||||
@ -4711,7 +4719,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
|
|||||||
RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
|
RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
|
||||||
#endif
|
#endif
|
||||||
level = input[(*inOutIdx)++];
|
level = input[(*inOutIdx)++];
|
||||||
code = (int)input[(*inOutIdx)++];
|
code = input[(*inOutIdx)++];
|
||||||
ssl->alert_history.last_rx.code = code;
|
ssl->alert_history.last_rx.code = code;
|
||||||
ssl->alert_history.last_rx.level = level;
|
ssl->alert_history.last_rx.level = level;
|
||||||
*type = code;
|
*type = code;
|
||||||
@ -4870,7 +4878,7 @@ int ProcessReply(CYASSL* ssl)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
switch ((processReply)ssl->options.processReply) {
|
switch (ssl->options.processReply) {
|
||||||
|
|
||||||
/* in the CYASSL_SERVER case, get the first byte for detecting
|
/* in the CYASSL_SERVER case, get the first byte for detecting
|
||||||
* old client hello */
|
* old client hello */
|
||||||
@ -4912,7 +4920,7 @@ int ProcessReply(CYASSL* ssl)
|
|||||||
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
||||||
b1 =
|
b1 =
|
||||||
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
|
||||||
ssl->curSize = ((b0 & 0x7f) << 8) | b1;
|
ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ssl->options.processReply = getRecordLayerHeader;
|
ssl->options.processReply = getRecordLayerHeader;
|
||||||
@ -5193,6 +5201,7 @@ int ProcessReply(CYASSL* ssl)
|
|||||||
ssl->options.processReply = doProcessInit;
|
ssl->options.processReply = doProcessInit;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("Bad process input state, programming error");
|
CYASSL_MSG("Bad process input state, programming error");
|
||||||
return INPUT_CASE_ERROR;
|
return INPUT_CASE_ERROR;
|
||||||
@ -6370,7 +6379,7 @@ void SetErrorString(int error, char* str)
|
|||||||
|
|
||||||
|
|
||||||
/* be sure to add to cipher_name_idx too !!!! */
|
/* be sure to add to cipher_name_idx too !!!! */
|
||||||
const char* const cipher_names[] =
|
static const char* const cipher_names[] =
|
||||||
{
|
{
|
||||||
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||||
"RC4-SHA",
|
"RC4-SHA",
|
||||||
@ -6689,7 +6698,7 @@ const char* const cipher_names[] =
|
|||||||
|
|
||||||
|
|
||||||
/* cipher suite number that matches above name table */
|
/* cipher suite number that matches above name table */
|
||||||
int cipher_name_idx[] =
|
static int cipher_name_idx[] =
|
||||||
{
|
{
|
||||||
|
|
||||||
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||||
@ -7471,8 +7480,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
word32 helloSz)
|
word32 helloSz)
|
||||||
{
|
{
|
||||||
byte b;
|
byte b;
|
||||||
byte compression;
|
|
||||||
ProtocolVersion pv;
|
ProtocolVersion pv;
|
||||||
|
byte compression;
|
||||||
word32 i = *inOutIdx;
|
word32 i = *inOutIdx;
|
||||||
word32 begin = i;
|
word32 begin = i;
|
||||||
|
|
||||||
@ -7480,19 +7489,28 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
|
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
|
||||||
if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
|
if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
|
||||||
#endif
|
#endif
|
||||||
XMEMCPY(&pv, input + i, sizeof(pv));
|
|
||||||
i += (word32)sizeof(pv);
|
/* protocol version, random and session id length check */
|
||||||
|
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
/* protocol version */
|
||||||
|
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
|
||||||
|
i += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (pv.minor > ssl->version.minor) {
|
if (pv.minor > ssl->version.minor) {
|
||||||
CYASSL_MSG("Server using higher version, fatal error");
|
CYASSL_MSG("Server using higher version, fatal error");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
else if (pv.minor < ssl->version.minor) {
|
else if (pv.minor < ssl->version.minor) {
|
||||||
CYASSL_MSG("server using lower version");
|
CYASSL_MSG("server using lower version");
|
||||||
|
|
||||||
if (!ssl->options.downgrade) {
|
if (!ssl->options.downgrade) {
|
||||||
CYASSL_MSG(" no downgrade allowed, fatal error");
|
CYASSL_MSG(" no downgrade allowed, fatal error");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
else if (pv.minor == SSLv3_MINOR) {
|
|
||||||
|
if (pv.minor == SSLv3_MINOR) {
|
||||||
/* turn off tls */
|
/* turn off tls */
|
||||||
CYASSL_MSG(" downgrading to SSLv3");
|
CYASSL_MSG(" downgrading to SSLv3");
|
||||||
ssl->options.tls = 0;
|
ssl->options.tls = 0;
|
||||||
@ -7510,14 +7528,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
ssl->version.minor = TLSv1_1_MINOR;
|
ssl->version.minor = TLSv1_1_MINOR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* random */
|
||||||
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
|
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
|
||||||
i += RAN_LEN;
|
i += RAN_LEN;
|
||||||
|
|
||||||
|
/* session id */
|
||||||
b = input[i++];
|
b = input[i++];
|
||||||
if (b) {
|
|
||||||
|
if (b == ID_LEN) {
|
||||||
|
if ((i - begin) + ID_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
|
XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
|
||||||
i += b;
|
i += ID_LEN;
|
||||||
ssl->options.haveSessionId = 1;
|
ssl->options.haveSessionId = 1;
|
||||||
}
|
}
|
||||||
|
else if (b) {
|
||||||
|
CYASSL_MSG("Invalid session ID size");
|
||||||
|
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* suite and compression */
|
||||||
|
if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ssl->options.cipherSuite0 = input[i++];
|
ssl->options.cipherSuite0 = input[i++];
|
||||||
ssl->options.cipherSuite = input[i++];
|
ssl->options.cipherSuite = input[i++];
|
||||||
compression = input[i++];
|
compression = input[i++];
|
||||||
@ -7528,6 +7563,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
*inOutIdx = i;
|
*inOutIdx = i;
|
||||||
|
|
||||||
|
/* tls extensions */
|
||||||
if ( (i - begin) < helloSz) {
|
if ( (i - begin) < helloSz) {
|
||||||
#ifdef HAVE_TLS_EXTENSIONS
|
#ifdef HAVE_TLS_EXTENSIONS
|
||||||
if (IsTLS(ssl)) {
|
if (IsTLS(ssl)) {
|
||||||
@ -7535,10 +7572,14 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
word16 totalExtSz;
|
word16 totalExtSz;
|
||||||
Suites clSuites; /* just for compatibility right now */
|
Suites clSuites; /* just for compatibility right now */
|
||||||
|
|
||||||
|
if ((i - begin) + OPAQUE16_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(&input[i], &totalExtSz);
|
ato16(&input[i], &totalExtSz);
|
||||||
i += LENGTH_SZ;
|
i += OPAQUE16_LEN;
|
||||||
if (totalExtSz > helloSz + begin - i)
|
|
||||||
return INCOMPLETE_DATA;
|
if ((i - begin) + totalExtSz > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
|
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
|
||||||
totalExtSz, 0, &clSuites)))
|
totalExtSz, 0, &clSuites)))
|
||||||
@ -7559,6 +7600,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
ssl->session.sessionID, ID_LEN) == 0) {
|
ssl->session.sessionID, ID_LEN) == 0) {
|
||||||
if (SetCipherSpecs(ssl) == 0) {
|
if (SetCipherSpecs(ssl) == 0) {
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
XMEMCPY(ssl->arrays->masterSecret,
|
XMEMCPY(ssl->arrays->masterSecret,
|
||||||
ssl->session.masterSecret, SECRET_LEN);
|
ssl->session.masterSecret, SECRET_LEN);
|
||||||
#ifdef NO_OLD_TLS
|
#ifdef NO_OLD_TLS
|
||||||
@ -7572,6 +7614,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
ret = DeriveKeys(ssl);
|
ret = DeriveKeys(ssl);
|
||||||
#endif
|
#endif
|
||||||
ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
|
ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -7589,6 +7632,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
DtlsPoolReset(ssl);
|
DtlsPoolReset(ssl);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return SetCipherSpecs(ssl);
|
return SetCipherSpecs(ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -7828,8 +7872,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
/* rsa */
|
/* rsa */
|
||||||
if (sigAlgo == rsa_sa_algo)
|
if (sigAlgo == rsa_sa_algo)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = 0;
|
||||||
byte* out;
|
byte* out = NULL;
|
||||||
byte doUserRsa = 0;
|
byte doUserRsa = 0;
|
||||||
|
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
@ -7891,12 +7935,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
|
|
||||||
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||||
|
|
||||||
if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig,
|
if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig,
|
||||||
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
|
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
|
||||||
return VERIFY_SIGN_ERROR;
|
return VERIFY_SIGN_ERROR;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0)
|
if (ret != sizeof(hash) || !out || XMEMCMP(out,
|
||||||
|
hash, sizeof(hash)) != 0)
|
||||||
return VERIFY_SIGN_ERROR;
|
return VERIFY_SIGN_ERROR;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
@ -9774,7 +9819,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
|
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
|
||||||
CYASSL_MSG("Don't have matching curves");
|
CYASSL_MSG("Don't have matching curves");
|
||||||
return 0;
|
return 0;
|
||||||
@ -9995,7 +10040,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
|
|
||||||
|
|
||||||
static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
||||||
word32 totalSz, word32 helloSz)
|
word32 helloSz)
|
||||||
{
|
{
|
||||||
byte b;
|
byte b;
|
||||||
ProtocolVersion pv;
|
ProtocolVersion pv;
|
||||||
@ -10007,20 +10052,25 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
|
if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
|
||||||
if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
|
if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
|
||||||
#endif
|
#endif
|
||||||
/* make sure can read up to session */
|
|
||||||
if (i + sizeof(pv) + RAN_LEN + ENUM_LEN > totalSz)
|
|
||||||
return INCOMPLETE_DATA;
|
|
||||||
|
|
||||||
XMEMCPY(&pv, input + i, sizeof(pv));
|
/* protocol version, random and session id length check */
|
||||||
|
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
/* protocol version */
|
||||||
|
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
|
||||||
ssl->chVersion = pv; /* store */
|
ssl->chVersion = pv; /* store */
|
||||||
i += (word32)sizeof(pv);
|
i += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (ssl->version.minor > pv.minor) {
|
if (ssl->version.minor > pv.minor) {
|
||||||
byte haveRSA = 0;
|
byte haveRSA = 0;
|
||||||
byte havePSK = 0;
|
byte havePSK = 0;
|
||||||
|
|
||||||
if (!ssl->options.downgrade) {
|
if (!ssl->options.downgrade) {
|
||||||
CYASSL_MSG("Client trying to connect with lesser version");
|
CYASSL_MSG("Client trying to connect with lesser version");
|
||||||
return VERSION_ERROR;
|
return VERSION_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pv.minor == SSLv3_MINOR) {
|
if (pv.minor == SSLv3_MINOR) {
|
||||||
/* turn off tls */
|
/* turn off tls */
|
||||||
CYASSL_MSG(" downgrading to SSLv3");
|
CYASSL_MSG(" downgrading to SSLv3");
|
||||||
@ -10049,6 +10099,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
||||||
ssl->options.side);
|
ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* random */
|
/* random */
|
||||||
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
|
||||||
i += RAN_LEN;
|
i += RAN_LEN;
|
||||||
@ -10062,69 +10113,93 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* session id */
|
/* session id */
|
||||||
b = input[i++];
|
b = input[i++];
|
||||||
if (b) {
|
|
||||||
if (i + ID_LEN > totalSz)
|
if (b == ID_LEN) {
|
||||||
return INCOMPLETE_DATA;
|
if ((i - begin) + ID_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
|
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
|
||||||
i += b;
|
i += ID_LEN;
|
||||||
ssl->options.resuming = 1; /* client wants to resume */
|
ssl->options.resuming = 1; /* client wants to resume */
|
||||||
CYASSL_MSG("Client wants to resume session");
|
CYASSL_MSG("Client wants to resume session");
|
||||||
}
|
}
|
||||||
|
else if (b) {
|
||||||
|
CYASSL_MSG("Invalid session ID size");
|
||||||
|
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
/* cookie */
|
/* cookie */
|
||||||
if (ssl->options.dtls) {
|
if (ssl->options.dtls) {
|
||||||
|
|
||||||
|
if ((i - begin) + OPAQUE8_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
b = input[i++];
|
b = input[i++];
|
||||||
|
|
||||||
if (b) {
|
if (b) {
|
||||||
byte cookie[MAX_COOKIE_LEN];
|
byte cookie[MAX_COOKIE_LEN];
|
||||||
|
|
||||||
if (b > MAX_COOKIE_LEN)
|
if (b > MAX_COOKIE_LEN)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
if (i + b > totalSz)
|
|
||||||
return INCOMPLETE_DATA;
|
if ((i - begin) + b > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (ssl->ctx->CBIOCookie == NULL) {
|
if (ssl->ctx->CBIOCookie == NULL) {
|
||||||
CYASSL_MSG("Your Cookie callback is null, please set");
|
CYASSL_MSG("Your Cookie callback is null, please set");
|
||||||
return COOKIE_ERROR;
|
return COOKIE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
|
if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
|
||||||
ssl->IOCB_CookieCtx) != COOKIE_SZ)
|
ssl->IOCB_CookieCtx) != COOKIE_SZ)
|
||||||
|| (b != COOKIE_SZ)
|
|| (b != COOKIE_SZ)
|
||||||
|| (XMEMCMP(cookie, input + i, b) != 0)) {
|
|| (XMEMCMP(cookie, input + i, b) != 0)) {
|
||||||
return COOKIE_ERROR;
|
return COOKIE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
i += b;
|
i += b;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (i + LENGTH_SZ > totalSz)
|
|
||||||
return INCOMPLETE_DATA;
|
|
||||||
/* suites */
|
/* suites */
|
||||||
ato16(&input[i], &clSuites.suiteSz);
|
if ((i - begin) + OPAQUE16_LEN > helloSz)
|
||||||
i += 2;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
ato16(&input[i], &clSuites.suiteSz);
|
||||||
|
i += OPAQUE16_LEN;
|
||||||
|
|
||||||
|
/* suites and compression length check */
|
||||||
|
if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
/* suites and comp len */
|
|
||||||
if (i + clSuites.suiteSz + ENUM_LEN > totalSz)
|
|
||||||
return INCOMPLETE_DATA;
|
|
||||||
if (clSuites.suiteSz > MAX_SUITE_SZ)
|
if (clSuites.suiteSz > MAX_SUITE_SZ)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
|
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
|
||||||
i += clSuites.suiteSz;
|
i += clSuites.suiteSz;
|
||||||
clSuites.hashSigAlgoSz = 0;
|
clSuites.hashSigAlgoSz = 0;
|
||||||
|
|
||||||
b = input[i++]; /* comp len */
|
/* compression length */
|
||||||
if (i + b > totalSz)
|
b = input[i++];
|
||||||
return INCOMPLETE_DATA;
|
|
||||||
|
if ((i - begin) + b > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (ssl->options.usingCompression) {
|
if (ssl->options.usingCompression) {
|
||||||
int match = 0;
|
int match = 0;
|
||||||
|
|
||||||
while (b--) {
|
while (b--) {
|
||||||
byte comp = input[i++];
|
byte comp = input[i++];
|
||||||
|
|
||||||
if (comp == ZLIB_COMPRESSION)
|
if (comp == ZLIB_COMPRESSION)
|
||||||
match = 1;
|
match = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!match) {
|
if (!match) {
|
||||||
CYASSL_MSG("Not matching compression, turning off");
|
CYASSL_MSG("Not matching compression, turning off");
|
||||||
ssl->options.usingCompression = 0; /* turn off */
|
ssl->options.usingCompression = 0; /* turn off */
|
||||||
@ -10134,6 +10209,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
i += b; /* ignore, since we're not on */
|
i += b; /* ignore, since we're not on */
|
||||||
|
|
||||||
*inOutIdx = i;
|
*inOutIdx = i;
|
||||||
|
|
||||||
|
/* tls extensions */
|
||||||
if ((i - begin) < helloSz) {
|
if ((i - begin) < helloSz) {
|
||||||
#ifdef HAVE_TLS_EXTENSIONS
|
#ifdef HAVE_TLS_EXTENSIONS
|
||||||
if (IsTLS(ssl)) {
|
if (IsTLS(ssl)) {
|
||||||
@ -10144,10 +10221,14 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
/* Process the hello extension. Skip unsupported. */
|
/* Process the hello extension. Skip unsupported. */
|
||||||
word16 totalExtSz;
|
word16 totalExtSz;
|
||||||
|
|
||||||
|
if ((i - begin) + OPAQUE16_LEN > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(&input[i], &totalExtSz);
|
ato16(&input[i], &totalExtSz);
|
||||||
i += LENGTH_SZ;
|
i += OPAQUE16_LEN;
|
||||||
if (totalExtSz > helloSz + begin - i)
|
|
||||||
return INCOMPLETE_DATA;
|
if ((i - begin) + totalExtSz > helloSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
#ifdef HAVE_TLS_EXTENSIONS
|
#ifdef HAVE_TLS_EXTENSIONS
|
||||||
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
|
if ((ret = TLSX_Parse(ssl, (byte *) input + i,
|
||||||
@ -10159,18 +10240,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
while (totalExtSz) {
|
while (totalExtSz) {
|
||||||
word16 extId, extSz;
|
word16 extId, extSz;
|
||||||
|
|
||||||
|
if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(&input[i], &extId);
|
ato16(&input[i], &extId);
|
||||||
i += LENGTH_SZ;
|
i += OPAQUE16_LEN;
|
||||||
ato16(&input[i], &extSz);
|
ato16(&input[i], &extSz);
|
||||||
i += EXT_ID_SZ;
|
i += OPAQUE16_LEN;
|
||||||
if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ)
|
|
||||||
return INCOMPLETE_DATA;
|
if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (extId == HELLO_EXT_SIG_ALGO) {
|
if (extId == HELLO_EXT_SIG_ALGO) {
|
||||||
ato16(&input[i], &clSuites.hashSigAlgoSz);
|
ato16(&input[i], &clSuites.hashSigAlgoSz);
|
||||||
i += LENGTH_SZ;
|
i += OPAQUE16_LEN;
|
||||||
if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ)
|
|
||||||
return INCOMPLETE_DATA;
|
if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
XMEMCPY(clSuites.hashSigAlgo, &input[i],
|
XMEMCPY(clSuites.hashSigAlgo, &input[i],
|
||||||
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
|
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
|
||||||
@ -10179,7 +10265,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
else
|
else
|
||||||
i += extSz;
|
i += extSz;
|
||||||
|
|
||||||
totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz;
|
totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
*inOutIdx = i;
|
*inOutIdx = i;
|
||||||
@ -10189,17 +10275,19 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
|
ssl->options.clientState = CLIENT_HELLO_COMPLETE;
|
||||||
|
|
||||||
ssl->options.haveSessionId = 1;
|
ssl->options.haveSessionId = 1;
|
||||||
|
|
||||||
/* ProcessOld uses same resume code */
|
/* ProcessOld uses same resume code */
|
||||||
if (ssl->options.resuming && (!ssl->options.dtls ||
|
if (ssl->options.resuming && (!ssl->options.dtls ||
|
||||||
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
|
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
|
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
|
||||||
|
|
||||||
if (!session) {
|
if (!session) {
|
||||||
CYASSL_MSG("Session lookup for resume failed");
|
CYASSL_MSG("Session lookup for resume failed");
|
||||||
ssl->options.resuming = 0;
|
ssl->options.resuming = 0;
|
||||||
} else {
|
}
|
||||||
|
else {
|
||||||
if (MatchSuite(ssl, &clSuites) < 0) {
|
if (MatchSuite(ssl, &clSuites) < 0) {
|
||||||
CYASSL_MSG("Unsupported cipher suite, ClientHello");
|
CYASSL_MSG("Unsupported cipher suite, ClientHello");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
@ -10265,8 +10353,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
/* RSA */
|
/* RSA */
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
if (ssl->peerRsaKeyPresent != 0) {
|
if (ssl->peerRsaKeyPresent != 0) {
|
||||||
byte* out;
|
byte* out = NULL;
|
||||||
int outLen;
|
int outLen = 0;
|
||||||
byte doUserRsa = 0;
|
byte doUserRsa = 0;
|
||||||
|
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
@ -10317,12 +10405,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
|
|
||||||
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||||
|
|
||||||
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,
|
if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
|
||||||
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
|
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
|
||||||
ret = 0; /* verified */
|
ret = 0; /* verified */
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (outLen == FINISHED_SZ && XMEMCMP(out,
|
if (outLen == FINISHED_SZ && out && XMEMCMP(out,
|
||||||
&ssl->certHashes, FINISHED_SZ) == 0)
|
&ssl->certHashes, FINISHED_SZ) == 0)
|
||||||
ret = 0; /* verified */
|
ret = 0; /* verified */
|
||||||
}
|
}
|
||||||
@ -10476,18 +10564,19 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int DoClientKeyExchange(CYASSL* ssl, byte* input,
|
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx,
|
||||||
word32* inOutIdx, word32 totalSz)
|
word32 size)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
word32 length = 0;
|
word32 length = 0;
|
||||||
byte* out = NULL;
|
byte* out = NULL;
|
||||||
|
word32 begin = *inOutIdx;
|
||||||
|
|
||||||
(void)length; /* shut up compiler warnings */
|
(void)length; /* shut up compiler warnings */
|
||||||
(void)out;
|
(void)out;
|
||||||
(void)input;
|
(void)input;
|
||||||
(void)inOutIdx;
|
(void)inOutIdx;
|
||||||
(void)totalSz;
|
(void)size;
|
||||||
|
|
||||||
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
|
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
|
||||||
CYASSL_MSG("Client sending keyexchange at wrong time");
|
CYASSL_MSG("Client sending keyexchange at wrong time");
|
||||||
@ -10516,15 +10605,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
{
|
{
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
RsaKey key;
|
RsaKey key;
|
||||||
byte* tmp = 0;
|
|
||||||
byte doUserRsa = 0;
|
byte doUserRsa = 0;
|
||||||
|
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
#ifndef NO_RSA
|
|
||||||
if (ssl->ctx->RsaDecCb)
|
if (ssl->ctx->RsaDecCb)
|
||||||
doUserRsa = 1;
|
doUserRsa = 1;
|
||||||
#endif /* NO_RSA */
|
#endif
|
||||||
#endif /*HAVE_PK_CALLBACKS */
|
|
||||||
|
|
||||||
InitRsaKey(&key, ssl->heap);
|
InitRsaKey(&key, ssl->heap);
|
||||||
|
|
||||||
@ -10540,28 +10626,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
|
|
||||||
if (ssl->options.tls) {
|
if (ssl->options.tls) {
|
||||||
word16 check;
|
word16 check;
|
||||||
|
|
||||||
|
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(input + *inOutIdx, &check);
|
ato16(input + *inOutIdx, &check);
|
||||||
|
*inOutIdx += OPAQUE16_LEN;
|
||||||
|
|
||||||
if ((word32) check != length) {
|
if ((word32) check != length) {
|
||||||
CYASSL_MSG("RSA explicit size doesn't match");
|
CYASSL_MSG("RSA explicit size doesn't match");
|
||||||
FreeRsaKey(&key);
|
FreeRsaKey(&key);
|
||||||
return RSA_PRIVATE_ERROR;
|
return RSA_PRIVATE_ERROR;
|
||||||
}
|
}
|
||||||
(*inOutIdx) += 2;
|
|
||||||
}
|
}
|
||||||
tmp = input + *inOutIdx;
|
|
||||||
*inOutIdx += length;
|
|
||||||
|
|
||||||
if (*inOutIdx > totalSz) {
|
if ((*inOutIdx - begin) + length > size) {
|
||||||
CYASSL_MSG("RSA message too big");
|
CYASSL_MSG("RSA message too big");
|
||||||
FreeRsaKey(&key);
|
FreeRsaKey(&key);
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (doUserRsa) {
|
if (doUserRsa) {
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
ret = ssl->ctx->RsaDecCb(ssl,
|
ret = ssl->ctx->RsaDecCb(ssl,
|
||||||
tmp, length, &out,
|
input + *inOutIdx, length, &out,
|
||||||
ssl->buffers.key.buffer,
|
ssl->buffers.key.buffer,
|
||||||
ssl->buffers.key.length,
|
ssl->buffers.key.length,
|
||||||
ssl->RsaDecCtx);
|
ssl->RsaDecCtx);
|
||||||
@ -10569,9 +10658,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
#endif /*HAVE_PK_CALLBACKS */
|
#endif /*HAVE_PK_CALLBACKS */
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = RsaPrivateDecryptInline(tmp, length, &out, &key);
|
ret = RsaPrivateDecryptInline(input + *inOutIdx, length,
|
||||||
|
&out, &key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*inOutIdx += length;
|
||||||
|
|
||||||
if (ret == SECRET_LEN) {
|
if (ret == SECRET_LEN) {
|
||||||
XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
|
XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
|
||||||
if (ssl->arrays->preMasterSecret[0] !=
|
if (ssl->arrays->preMasterSecret[0] !=
|
||||||
@ -10597,20 +10689,26 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
byte* pms = ssl->arrays->preMasterSecret;
|
byte* pms = ssl->arrays->preMasterSecret;
|
||||||
word16 ci_sz;
|
word16 ci_sz;
|
||||||
|
|
||||||
ato16(&input[*inOutIdx], &ci_sz);
|
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
||||||
*inOutIdx += LENGTH_SZ;
|
return BUFFER_ERROR;
|
||||||
if (ci_sz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
|
|
||||||
|
|
||||||
XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz);
|
ato16(input + *inOutIdx, &ci_sz);
|
||||||
|
*inOutIdx += OPAQUE16_LEN;
|
||||||
|
|
||||||
|
if (ci_sz > MAX_PSK_ID_LEN)
|
||||||
|
return CLIENT_ID_ERROR;
|
||||||
|
|
||||||
|
if ((*inOutIdx - begin) + ci_sz > size)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
|
||||||
*inOutIdx += ci_sz;
|
*inOutIdx += ci_sz;
|
||||||
if (ci_sz < MAX_PSK_ID_LEN)
|
|
||||||
ssl->arrays->client_identity[ci_sz] = 0;
|
|
||||||
else
|
|
||||||
ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0;
|
|
||||||
|
|
||||||
|
ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
|
||||||
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
|
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
|
||||||
ssl->arrays->client_identity, ssl->arrays->psk_key,
|
ssl->arrays->client_identity, ssl->arrays->psk_key,
|
||||||
MAX_PSK_KEY_LEN);
|
MAX_PSK_KEY_LEN);
|
||||||
|
|
||||||
if (ssl->arrays->psk_keySz == 0 ||
|
if (ssl->arrays->psk_keySz == 0 ||
|
||||||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
|
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
|
||||||
return PSK_KEY_ERROR;
|
return PSK_KEY_ERROR;
|
||||||
@ -10618,15 +10716,19 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
/* make psk pre master secret */
|
/* make psk pre master secret */
|
||||||
/* length of key + length 0s + length of key + key */
|
/* length of key + length 0s + length of key + key */
|
||||||
c16toa((word16) ssl->arrays->psk_keySz, pms);
|
c16toa((word16) ssl->arrays->psk_keySz, pms);
|
||||||
pms += 2;
|
pms += OPAQUE16_LEN;
|
||||||
|
|
||||||
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
|
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
|
||||||
pms += ssl->arrays->psk_keySz;
|
pms += ssl->arrays->psk_keySz;
|
||||||
|
|
||||||
c16toa((word16) ssl->arrays->psk_keySz, pms);
|
c16toa((word16) ssl->arrays->psk_keySz, pms);
|
||||||
pms += 2;
|
pms += OPAQUE16_LEN;
|
||||||
|
|
||||||
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
|
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
|
||||||
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
|
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
|
||||||
|
|
||||||
ret = MakeMasterSecret(ssl);
|
ret = MakeMasterSecret(ssl);
|
||||||
|
|
||||||
/* No further need for PSK */
|
/* No further need for PSK */
|
||||||
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
|
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
|
||||||
ssl->arrays->psk_keySz = 0;
|
ssl->arrays->psk_keySz = 0;
|
||||||
@ -10636,26 +10738,34 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
#ifdef HAVE_NTRU
|
#ifdef HAVE_NTRU
|
||||||
case ntru_kea:
|
case ntru_kea:
|
||||||
{
|
{
|
||||||
word32 rc;
|
|
||||||
word16 cipherLen;
|
word16 cipherLen;
|
||||||
word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
|
word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
|
||||||
byte* tmp;
|
|
||||||
|
|
||||||
if (!ssl->buffers.key.buffer)
|
if (!ssl->buffers.key.buffer)
|
||||||
return NO_PRIVATE_KEY;
|
return NO_PRIVATE_KEY;
|
||||||
|
|
||||||
ato16(&input[*inOutIdx], &cipherLen);
|
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
||||||
*inOutIdx += LENGTH_SZ;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
ato16(input + *inOutIdx, &cipherLen);
|
||||||
|
*inOutIdx += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
|
if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
|
||||||
return NTRU_KEY_ERROR;
|
return NTRU_KEY_ERROR;
|
||||||
|
|
||||||
tmp = input + *inOutIdx;
|
if ((*inOutIdx - begin) + cipherLen > size)
|
||||||
rc = crypto_ntru_decrypt((word16)ssl->buffers.key.length,
|
return BUFFER_ERROR;
|
||||||
ssl->buffers.key.buffer, cipherLen, tmp, &plainLen,
|
|
||||||
ssl->arrays->preMasterSecret);
|
|
||||||
|
|
||||||
if (rc != NTRU_OK || plainLen != SECRET_LEN)
|
if (NTRU_OK != crypto_ntru_decrypt(
|
||||||
|
(word16) ssl->buffers.key.length,
|
||||||
|
ssl->buffers.key.buffer, cipherLen,
|
||||||
|
input + *inOutIdx, &plainLen,
|
||||||
|
ssl->arrays->preMasterSecret))
|
||||||
return NTRU_DECRYPT_ERROR;
|
return NTRU_DECRYPT_ERROR;
|
||||||
|
|
||||||
|
if (plainLen != SECRET_LEN)
|
||||||
|
return NTRU_DECRYPT_ERROR;
|
||||||
|
|
||||||
*inOutIdx += cipherLen;
|
*inOutIdx += cipherLen;
|
||||||
|
|
||||||
ssl->arrays->preMasterSz = plainLen;
|
ssl->arrays->preMasterSz = plainLen;
|
||||||
@ -10666,18 +10776,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
case ecc_diffie_hellman_kea:
|
case ecc_diffie_hellman_kea:
|
||||||
{
|
{
|
||||||
word32 size;
|
if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
|
||||||
word32 bLength = input[*inOutIdx]; /* one byte length */
|
return BUFFER_ERROR;
|
||||||
*inOutIdx += 1;
|
|
||||||
|
|
||||||
ret = ecc_import_x963(&input[*inOutIdx],
|
length = input[*inOutIdx];
|
||||||
bLength, ssl->peerEccKey);
|
*inOutIdx += OPAQUE8_LEN;
|
||||||
if (ret != 0)
|
|
||||||
|
if ((*inOutIdx - begin) + length > size)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey))
|
||||||
return ECC_PEERKEY_ERROR;
|
return ECC_PEERKEY_ERROR;
|
||||||
*inOutIdx += bLength;
|
|
||||||
|
*inOutIdx += length;
|
||||||
ssl->peerEccKeyPresent = 1;
|
ssl->peerEccKeyPresent = 1;
|
||||||
|
|
||||||
size = sizeof(ssl->arrays->preMasterSecret);
|
length = sizeof(ssl->arrays->preMasterSecret);
|
||||||
|
|
||||||
if (ssl->specs.static_ecdh) {
|
if (ssl->specs.static_ecdh) {
|
||||||
ecc_key staticKey;
|
ecc_key staticKey;
|
||||||
word32 i = 0;
|
word32 i = 0;
|
||||||
@ -10685,17 +10800,21 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
ecc_init(&staticKey);
|
ecc_init(&staticKey);
|
||||||
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
|
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
|
||||||
&staticKey, ssl->buffers.key.length);
|
&staticKey, ssl->buffers.key.length);
|
||||||
|
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
|
ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
|
||||||
ssl->arrays->preMasterSecret, &size);
|
ssl->arrays->preMasterSecret, &length);
|
||||||
|
|
||||||
ecc_free(&staticKey);
|
ecc_free(&staticKey);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
|
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
|
||||||
ssl->arrays->preMasterSecret, &size);
|
ssl->arrays->preMasterSecret, &length);
|
||||||
|
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ECC_SHARED_ERROR;
|
return ECC_SHARED_ERROR;
|
||||||
ssl->arrays->preMasterSz = size;
|
|
||||||
|
ssl->arrays->preMasterSz = length;
|
||||||
ret = MakeMasterSecret(ssl);
|
ret = MakeMasterSecret(ssl);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -10703,15 +10822,17 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
case diffie_hellman_kea:
|
case diffie_hellman_kea:
|
||||||
{
|
{
|
||||||
byte* clientPub;
|
|
||||||
word16 clientPubSz;
|
word16 clientPubSz;
|
||||||
DhKey dhKey;
|
DhKey dhKey;
|
||||||
|
|
||||||
ato16(&input[*inOutIdx], &clientPubSz);
|
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
||||||
*inOutIdx += LENGTH_SZ;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
clientPub = &input[*inOutIdx];
|
ato16(input + *inOutIdx, &clientPubSz);
|
||||||
*inOutIdx += clientPubSz;
|
*inOutIdx += OPAQUE16_LEN;
|
||||||
|
|
||||||
|
if ((*inOutIdx - begin) + clientPubSz > size)
|
||||||
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
InitDhKey(&dhKey);
|
InitDhKey(&dhKey);
|
||||||
ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
|
ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
|
||||||
@ -10723,8 +10844,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
&ssl->arrays->preMasterSz,
|
&ssl->arrays->preMasterSz,
|
||||||
ssl->buffers.serverDH_Priv.buffer,
|
ssl->buffers.serverDH_Priv.buffer,
|
||||||
ssl->buffers.serverDH_Priv.length,
|
ssl->buffers.serverDH_Priv.length,
|
||||||
clientPub, clientPubSz);
|
input + *inOutIdx, clientPubSz);
|
||||||
FreeDhKey(&dhKey);
|
FreeDhKey(&dhKey);
|
||||||
|
|
||||||
|
*inOutIdx += clientPubSz;
|
||||||
|
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = MakeMasterSecret(ssl);
|
ret = MakeMasterSecret(ssl);
|
||||||
}
|
}
|
||||||
@ -10737,6 +10861,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* No further need for PMS */
|
/* No further need for PMS */
|
||||||
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
|
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
|
||||||
ssl->arrays->preMasterSz = 0;
|
ssl->arrays->preMasterSz = 0;
|
||||||
@ -10753,5 +10878,3 @@ static void PickHashSigAlgo(CYASSL* ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#endif /* NO_CYASSL_SERVER */
|
#endif /* NO_CYASSL_SERVER */
|
||||||
|
|
||||||
|
|
||||||
|
211
src/ocsp.c
211
src/ocsp.c
@ -37,6 +37,8 @@ int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
|
|||||||
CYASSL_ENTER("InitOCSP");
|
CYASSL_ENTER("InitOCSP");
|
||||||
XMEMSET(ocsp, 0, sizeof(*ocsp));
|
XMEMSET(ocsp, 0, sizeof(*ocsp));
|
||||||
ocsp->cm = cm;
|
ocsp->cm = cm;
|
||||||
|
if (InitMutex(&ocsp->ocspLock) != 0)
|
||||||
|
return BAD_MUTEX_E;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -46,11 +48,9 @@ static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
|
|||||||
{
|
{
|
||||||
CYASSL_ENTER("InitOCSP_Entry");
|
CYASSL_ENTER("InitOCSP_Entry");
|
||||||
|
|
||||||
ocspe->next = NULL;
|
XMEMSET(ocspe, 0, sizeof(*ocspe));
|
||||||
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
|
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
|
||||||
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
|
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
|
||||||
ocspe->status = NULL;
|
|
||||||
ocspe->totalStatus = 0;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -83,96 +83,21 @@ void FreeOCSP(CYASSL_OCSP* ocsp, int dynamic)
|
|||||||
tmp = next;
|
tmp = next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
FreeMutex(&ocsp->ocspLock);
|
||||||
if (dynamic)
|
if (dynamic)
|
||||||
XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
|
XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static OCSP_Entry* find_ocsp_entry(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|
||||||
{
|
|
||||||
OCSP_Entry* entry = ocsp->ocspList;
|
|
||||||
|
|
||||||
while (entry)
|
|
||||||
{
|
|
||||||
if (XMEMCMP(entry->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
|
|
||||||
&& XMEMCMP(entry->issuerKeyHash, cert->issuerKeyHash,
|
|
||||||
SHA_DIGEST_SIZE) == 0)
|
|
||||||
{
|
|
||||||
CYASSL_MSG("Found OCSP responder");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
entry = entry->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (entry == NULL)
|
|
||||||
{
|
|
||||||
CYASSL_MSG("Add a new OCSP entry");
|
|
||||||
entry = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
|
|
||||||
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
|
|
||||||
if (entry != NULL)
|
|
||||||
{
|
|
||||||
InitOCSP_Entry(entry, cert);
|
|
||||||
entry->next = ocsp->ocspList;
|
|
||||||
ocsp->ocspList = entry;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return entry;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static CertStatus* find_cert_status(OCSP_Entry* ocspe, DecodedCert* cert)
|
|
||||||
{
|
|
||||||
CertStatus* stat = ocspe->status;
|
|
||||||
|
|
||||||
while (stat)
|
|
||||||
{
|
|
||||||
if(stat->serialSz == cert->serialSz &&
|
|
||||||
(XMEMCMP(stat->serial, cert->serial, cert->serialSz) == 0))
|
|
||||||
{
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
stat = stat->next;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (stat == NULL)
|
|
||||||
{
|
|
||||||
stat = (CertStatus*)XMALLOC(sizeof(CertStatus),
|
|
||||||
NULL, DYNAMIC_TYPE_OCSP_STATUS);
|
|
||||||
if (stat != NULL)
|
|
||||||
{
|
|
||||||
XMEMCPY(stat->serial, cert->serial, cert->serialSz);
|
|
||||||
stat->serialSz = cert->serialSz;
|
|
||||||
stat->status = -1;
|
|
||||||
stat->nextDate[0] = 0;
|
|
||||||
ocspe->totalStatus++;
|
|
||||||
|
|
||||||
stat->next = ocspe->status;
|
|
||||||
ocspe->status = stat;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return stat;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static int xstat2err(int stat)
|
static int xstat2err(int stat)
|
||||||
{
|
{
|
||||||
switch (stat) {
|
switch (stat) {
|
||||||
case CERT_GOOD:
|
case CERT_GOOD:
|
||||||
return 0;
|
return 0;
|
||||||
break;
|
|
||||||
case CERT_REVOKED:
|
case CERT_REVOKED:
|
||||||
return OCSP_CERT_REVOKED;
|
return OCSP_CERT_REVOKED;
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
return OCSP_CERT_UNKNOWN;
|
return OCSP_CERT_UNKNOWN;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -184,46 +109,73 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||||||
byte* ocspRespBuf = NULL;
|
byte* ocspRespBuf = NULL;
|
||||||
OcspRequest ocspRequest;
|
OcspRequest ocspRequest;
|
||||||
OcspResponse ocspResponse;
|
OcspResponse ocspResponse;
|
||||||
int result = 0;
|
int result = -1;
|
||||||
OCSP_Entry* ocspe;
|
OCSP_Entry* ocspe;
|
||||||
CertStatus* certStatus;
|
CertStatus* certStatus = NULL;
|
||||||
|
CertStatus newStatus;
|
||||||
const char *url;
|
const char *url;
|
||||||
int urlSz;
|
int urlSz;
|
||||||
|
|
||||||
CYASSL_ENTER("CheckCertOCSP");
|
CYASSL_ENTER("CheckCertOCSP");
|
||||||
|
|
||||||
ocspe = find_ocsp_entry(ocsp, cert);
|
if (LockMutex(&ocsp->ocspLock) != 0) {
|
||||||
|
CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
|
||||||
|
return BAD_MUTEX_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
ocspe = ocsp->ocspList;
|
||||||
|
while (ocspe) {
|
||||||
|
if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
|
||||||
|
&& XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash,
|
||||||
|
SHA_DIGEST_SIZE) == 0)
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
ocspe = ocspe->next;
|
||||||
|
}
|
||||||
|
|
||||||
if (ocspe == NULL) {
|
if (ocspe == NULL) {
|
||||||
CYASSL_MSG("alloc OCSP entry failed");
|
ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
|
||||||
|
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
|
||||||
|
if (ocspe != NULL) {
|
||||||
|
InitOCSP_Entry(ocspe, cert);
|
||||||
|
ocspe->next = ocsp->ocspList;
|
||||||
|
ocsp->ocspList = ocspe;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
UnLockMutex(&ocsp->ocspLock);
|
||||||
|
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||||
return MEMORY_ERROR;
|
return MEMORY_ERROR;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
certStatus = find_cert_status(ocspe, cert);
|
else {
|
||||||
if (certStatus == NULL)
|
certStatus = ocspe->status;
|
||||||
{
|
while (certStatus) {
|
||||||
CYASSL_MSG("alloc OCSP cert status failed");
|
if (certStatus->serialSz == cert->serialSz &&
|
||||||
return MEMORY_ERROR;
|
XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0)
|
||||||
|
break;
|
||||||
|
else
|
||||||
|
certStatus = certStatus->next;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (certStatus->status != -1)
|
if (certStatus != NULL) {
|
||||||
{
|
|
||||||
if (!ValidateDate(certStatus->thisDate,
|
if (!ValidateDate(certStatus->thisDate,
|
||||||
certStatus->thisDateFormat, BEFORE) ||
|
certStatus->thisDateFormat, BEFORE) ||
|
||||||
(certStatus->nextDate[0] == 0) ||
|
(certStatus->nextDate[0] == 0) ||
|
||||||
!ValidateDate(certStatus->nextDate,
|
!ValidateDate(certStatus->nextDate,
|
||||||
certStatus->nextDateFormat, AFTER))
|
certStatus->nextDateFormat, AFTER)) {
|
||||||
{
|
|
||||||
CYASSL_MSG("\tinvalid status date, looking up cert");
|
CYASSL_MSG("\tinvalid status date, looking up cert");
|
||||||
certStatus->status = -1;
|
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
{
|
|
||||||
CYASSL_MSG("\tusing cached status");
|
|
||||||
result = xstat2err(certStatus->status);
|
result = xstat2err(certStatus->status);
|
||||||
|
UnLockMutex(&ocsp->ocspLock);
|
||||||
|
CYASSL_LEAVE("CheckCertOCSP", result);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
UnLockMutex(&ocsp->ocspLock);
|
||||||
|
|
||||||
if (ocsp->cm->ocspUseOverrideURL) {
|
if (ocsp->cm->ocspUseOverrideURL) {
|
||||||
url = ocsp->cm->ocspOverrideURL;
|
url = ocsp->cm->ocspOverrideURL;
|
||||||
if (url != NULL && url[0] != '\0')
|
if (url != NULL && url[0] != '\0')
|
||||||
@ -236,57 +188,82 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
|
|||||||
urlSz = cert->extAuthInfoSz;
|
urlSz = cert->extAuthInfoSz;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
CYASSL_MSG("\tcert doesn't have extAuthInfo, assuming CERT_GOOD");
|
/* cert doesn't have extAuthInfo, assuming CERT_GOOD */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
||||||
if (ocspReqBuf == NULL) {
|
if (ocspReqBuf == NULL) {
|
||||||
CYASSL_MSG("\talloc OCSP request buffer failed");
|
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
|
||||||
return MEMORY_ERROR;
|
return MEMORY_ERROR;
|
||||||
}
|
}
|
||||||
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
|
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
|
||||||
ocspReqBuf, ocspReqSz);
|
ocspReqBuf, ocspReqSz);
|
||||||
ocspReqSz = EncodeOcspRequest(&ocspRequest);
|
ocspReqSz = EncodeOcspRequest(&ocspRequest);
|
||||||
|
|
||||||
if (ocsp->cm->ocspIOCb) {
|
if (ocsp->cm->ocspIOCb)
|
||||||
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
|
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
|
||||||
ocspReqBuf, ocspReqSz, &ocspRespBuf);
|
ocspReqBuf, ocspReqSz, &ocspRespBuf);
|
||||||
}
|
|
||||||
|
|
||||||
if (result >= 0 && ocspRespBuf) {
|
if (result >= 0 && ocspRespBuf) {
|
||||||
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result);
|
XMEMSET(&newStatus, 0, sizeof(CertStatus));
|
||||||
|
|
||||||
|
InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result);
|
||||||
OcspResponseDecode(&ocspResponse);
|
OcspResponseDecode(&ocspResponse);
|
||||||
|
|
||||||
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) {
|
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL)
|
||||||
CYASSL_MSG("OCSP Responder failure");
|
|
||||||
result = OCSP_LOOKUP_FAIL;
|
result = OCSP_LOOKUP_FAIL;
|
||||||
} else {
|
else {
|
||||||
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0)
|
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) {
|
||||||
{
|
|
||||||
result = xstat2err(ocspResponse.status->status);
|
result = xstat2err(ocspResponse.status->status);
|
||||||
|
|
||||||
|
if (LockMutex(&ocsp->ocspLock) != 0)
|
||||||
|
result = BAD_MUTEX_E;
|
||||||
|
else {
|
||||||
|
if (certStatus != NULL)
|
||||||
|
/* Replace existing certificate entry with updated */
|
||||||
|
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
|
||||||
|
else {
|
||||||
|
/* Save new certificate entry */
|
||||||
|
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
|
||||||
|
NULL, DYNAMIC_TYPE_OCSP_STATUS);
|
||||||
|
if (certStatus != NULL) {
|
||||||
|
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
|
||||||
|
certStatus->next = ocspe->status;
|
||||||
|
ocspe->status = certStatus;
|
||||||
|
ocspe->totalStatus++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
UnLockMutex(&ocsp->ocspLock);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
|
||||||
CYASSL_MSG("OCSP Response incorrect for Request");
|
|
||||||
result = OCSP_LOOKUP_FAIL;
|
result = OCSP_LOOKUP_FAIL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
else
|
||||||
else {
|
|
||||||
result = OCSP_LOOKUP_FAIL;
|
result = OCSP_LOOKUP_FAIL;
|
||||||
}
|
|
||||||
|
|
||||||
if (ocspReqBuf != NULL) {
|
if (ocspReqBuf != NULL)
|
||||||
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
|
||||||
}
|
|
||||||
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb) {
|
|
||||||
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
|
||||||
|
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
|
||||||
|
|
||||||
|
CYASSL_LEAVE("CheckCertOCSP", result);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#else /* HAVE_OCSP */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
/* 4206 warning for blank file */
|
||||||
|
#pragma warning(disable: 4206)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#endif /* HAVE_OCSP */
|
#endif /* HAVE_OCSP */
|
||||||
|
|
||||||
|
@ -962,12 +962,13 @@ int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
|
|||||||
|
|
||||||
/* Check IP Header for IPV4, TCP, and a registered server address */
|
/* Check IP Header for IPV4, TCP, and a registered server address */
|
||||||
/* returns 0 on success, -1 on error */
|
/* returns 0 on success, -1 on error */
|
||||||
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
|
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
|
||||||
{
|
{
|
||||||
int version = IP_V(iphdr);
|
int version = IP_V(iphdr);
|
||||||
|
|
||||||
TraceIP(iphdr);
|
TraceIP(iphdr);
|
||||||
Trace(IP_CHECK_STR);
|
Trace(IP_CHECK_STR);
|
||||||
|
|
||||||
if (version != IPV4) {
|
if (version != IPV4) {
|
||||||
SetError(BAD_IPVER_STR, error, NULL, 0);
|
SetError(BAD_IPVER_STR, error, NULL, 0);
|
||||||
return -1;
|
return -1;
|
||||||
@ -988,6 +989,9 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
|
|||||||
info->src = iphdr->src;
|
info->src = iphdr->src;
|
||||||
info->dst = iphdr->dst;
|
info->dst = iphdr->dst;
|
||||||
|
|
||||||
|
if (info->total == 0)
|
||||||
|
info->total = length; /* reassembled may be off */
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1138,7 +1142,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
|
|||||||
input += TICKET_HINT_LEN; /* skip over hint */
|
input += TICKET_HINT_LEN; /* skip over hint */
|
||||||
*sslBytes -= TICKET_HINT_LEN;
|
*sslBytes -= TICKET_HINT_LEN;
|
||||||
|
|
||||||
len = (input[0] << 8) | input[1];
|
len = (word16)((input[0] << 8) | input[1]);
|
||||||
input += LENGTH_SZ;
|
input += LENGTH_SZ;
|
||||||
*sslBytes -= LENGTH_SZ;
|
*sslBytes -= LENGTH_SZ;
|
||||||
|
|
||||||
@ -1232,8 +1236,10 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
|
|||||||
doResume = 1;
|
doResume = 1;
|
||||||
|
|
||||||
if (session->ticketID && doResume) {
|
if (session->ticketID && doResume) {
|
||||||
/* use ticketID to retrieve from session */
|
/* use ticketID to retrieve from session, prefer over sessionID */
|
||||||
XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
|
XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
|
||||||
|
session->sslServer->options.haveSessionId = 1; /* may not have
|
||||||
|
actual sessionID */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (doResume ) {
|
if (doResume ) {
|
||||||
@ -1345,7 +1351,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
|||||||
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
len = (input[0] << 8) | input[1];
|
len = (word16)((input[0] << 8) | input[1]);
|
||||||
input += SUITE_LEN;
|
input += SUITE_LEN;
|
||||||
*sslBytes -= SUITE_LEN;
|
*sslBytes -= SUITE_LEN;
|
||||||
/* make sure can read suites + comp len */
|
/* make sure can read suites + comp len */
|
||||||
@ -1378,7 +1384,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
|||||||
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
len = (input[0] << 8) | input[1];
|
len = (word16)((input[0] << 8) | input[1]);
|
||||||
input += SUITE_LEN;
|
input += SUITE_LEN;
|
||||||
*sslBytes -= SUITE_LEN;
|
*sslBytes -= SUITE_LEN;
|
||||||
/* make sure can read through all extensions */
|
/* make sure can read through all extensions */
|
||||||
@ -1396,7 +1402,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
|
|||||||
input += EXT_TYPE_SZ;
|
input += EXT_TYPE_SZ;
|
||||||
*sslBytes -= EXT_TYPE_SZ;
|
*sslBytes -= EXT_TYPE_SZ;
|
||||||
|
|
||||||
extLen = (input[0] << 8) | input[1];
|
extLen = (word16)((input[0] << 8) | input[1]);
|
||||||
input += LENGTH_SZ;
|
input += LENGTH_SZ;
|
||||||
*sslBytes -= LENGTH_SZ;
|
*sslBytes -= LENGTH_SZ;
|
||||||
|
|
||||||
@ -1696,8 +1702,8 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
|
|||||||
InitSession(session);
|
InitSession(session);
|
||||||
session->server = ipInfo->dst;
|
session->server = ipInfo->dst;
|
||||||
session->client = ipInfo->src;
|
session->client = ipInfo->src;
|
||||||
session->srvPort = tcpInfo->dstPort;
|
session->srvPort = (word16)tcpInfo->dstPort;
|
||||||
session->cliPort = tcpInfo->srcPort;
|
session->cliPort = (word16)tcpInfo->srcPort;
|
||||||
session->cliSeqStart = tcpInfo->sequence;
|
session->cliSeqStart = tcpInfo->sequence;
|
||||||
session->cliExpected = 1; /* relative */
|
session->cliExpected = 1; /* relative */
|
||||||
session->lastUsed= time(NULL);
|
session->lastUsed= time(NULL);
|
||||||
@ -1777,8 +1783,8 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
|
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
|
||||||
*rhSize);
|
(word16)*rhSize);
|
||||||
if (ret < 0) {
|
if (ret < 0 && ret != MATCH_SUITE_ERROR) {
|
||||||
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -1856,13 +1862,16 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
|
|||||||
{
|
{
|
||||||
TraceHeader();
|
TraceHeader();
|
||||||
TracePacket();
|
TracePacket();
|
||||||
|
|
||||||
|
/* ip header */
|
||||||
if (length < IP_HDR_SZ) {
|
if (length < IP_HDR_SZ) {
|
||||||
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (CheckIpHdr((IpHdr*)packet, ipInfo, error) != 0)
|
if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
/* tcp header */
|
||||||
if (length < (ipInfo->length + TCP_HDR_SZ)) {
|
if (length < (ipInfo->length + TCP_HDR_SZ)) {
|
||||||
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
||||||
return -1;
|
return -1;
|
||||||
@ -1870,6 +1879,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
|
|||||||
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
|
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
/* setup */
|
||||||
*sslFrame = packet + ipInfo->length + tcpInfo->length;
|
*sslFrame = packet + ipInfo->length + tcpInfo->length;
|
||||||
if (*sslFrame > packet + length) {
|
if (*sslFrame > packet + length) {
|
||||||
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
||||||
@ -2314,6 +2324,10 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
|
|||||||
session->sslServer : session->sslClient;
|
session->sslServer : session->sslClient;
|
||||||
doMessage:
|
doMessage:
|
||||||
notEnough = 0;
|
notEnough = 0;
|
||||||
|
if (sslBytes < 0) {
|
||||||
|
SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (sslBytes >= RECORD_HEADER_SZ) {
|
if (sslBytes >= RECORD_HEADER_SZ) {
|
||||||
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
|
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
|
||||||
SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
|
SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
|
||||||
|
128
src/ssl.c
128
src/ssl.c
@ -623,27 +623,53 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
|
|||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
|
|
||||||
/* Elliptic Curves */
|
/* Elliptic Curves */
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
#ifndef NO_CYASSL_CLIENT
|
#ifndef NO_CYASSL_CLIENT
|
||||||
|
|
||||||
int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name)
|
int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
|
||||||
{
|
{
|
||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
return TLSX_UseEllipticCurve(&ssl->extensions, name);
|
switch (name) {
|
||||||
|
case CYASSL_ECC_SECP160R1:
|
||||||
|
case CYASSL_ECC_SECP192R1:
|
||||||
|
case CYASSL_ECC_SECP224R1:
|
||||||
|
case CYASSL_ECC_SECP256R1:
|
||||||
|
case CYASSL_ECC_SECP384R1:
|
||||||
|
case CYASSL_ECC_SECP521R1:
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name)
|
return TLSX_UseSupportedCurve(&ssl->extensions, name);
|
||||||
|
}
|
||||||
|
|
||||||
|
int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
|
||||||
{
|
{
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
return TLSX_UseEllipticCurve(&ctx->extensions, name);
|
switch (name) {
|
||||||
|
case CYASSL_ECC_SECP160R1:
|
||||||
|
case CYASSL_ECC_SECP192R1:
|
||||||
|
case CYASSL_ECC_SECP224R1:
|
||||||
|
case CYASSL_ECC_SECP256R1:
|
||||||
|
case CYASSL_ECC_SECP384R1:
|
||||||
|
case CYASSL_ECC_SECP521R1:
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
|
return TLSX_UseSupportedCurve(&ctx->extensions, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* NO_CYASSL_CLIENT */
|
#endif /* NO_CYASSL_CLIENT */
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
|
|
||||||
#ifndef CYASSL_LEANPSK
|
#ifndef CYASSL_LEANPSK
|
||||||
@ -1167,7 +1193,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
|
|||||||
info.consumed = 0;
|
info.consumed = 0;
|
||||||
der.buffer = NULL;
|
der.buffer = NULL;
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
if (pass) {
|
if (pass) {
|
||||||
info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
|
info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
|
||||||
if (info.ctx == NULL)
|
if (info.ctx == NULL)
|
||||||
@ -1205,7 +1231,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||||
|
|
||||||
void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
|
void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
|
||||||
{
|
{
|
||||||
@ -1589,13 +1615,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
|
|
||||||
static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
|
static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
|
||||||
/* uses session mutex */
|
/* uses session mutex */
|
||||||
|
|
||||||
#endif /* NO_CLIENT_CACHE */
|
#endif /* NO_CLIENT_CACHE */
|
||||||
|
|
||||||
/* for persistance, if changes to layout need to increment and modify
|
|
||||||
save_session_cache() and restore_session_cache and memory versions too */
|
|
||||||
#define CYASSL_CACHE_VERSION 2
|
|
||||||
|
|
||||||
#endif /* NO_SESSION_CACHE */
|
#endif /* NO_SESSION_CACHE */
|
||||||
|
|
||||||
|
|
||||||
@ -1808,7 +1829,7 @@ int CyaSSL_Init(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
|
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
|
||||||
if (pkcs8Enc) {
|
if (pkcs8Enc) {
|
||||||
int passwordSz;
|
int passwordSz;
|
||||||
char password[80];
|
char password[80];
|
||||||
@ -2231,71 +2252,6 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
|
|||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
|
|
||||||
#if defined(EBSNET)
|
|
||||||
#define XFILE int
|
|
||||||
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
|
|
||||||
#define XFSEEK vf_lseek
|
|
||||||
#define XFTELL vf_tell
|
|
||||||
#define XREWIND vf_rewind
|
|
||||||
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
|
|
||||||
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
|
|
||||||
#define XFCLOSE vf_close
|
|
||||||
#define XSEEK_END VSEEK_END
|
|
||||||
#define XBADFILE -1
|
|
||||||
#elif defined(LSR_FS)
|
|
||||||
#include <fs.h>
|
|
||||||
#define XFILE struct fs_file*
|
|
||||||
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
|
|
||||||
#define XFSEEK(F, O, W) (void)F
|
|
||||||
#define XFTELL(F) (F)->len
|
|
||||||
#define XREWIND(F) (void)F
|
|
||||||
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
|
|
||||||
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
|
|
||||||
#define XFCLOSE fs_close
|
|
||||||
#define XSEEK_END 0
|
|
||||||
#define XBADFILE NULL
|
|
||||||
#elif defined(FREESCALE_MQX)
|
|
||||||
#define XFILE MQX_FILE_PTR
|
|
||||||
#define XFOPEN fopen
|
|
||||||
#define XFSEEK fseek
|
|
||||||
#define XFTELL ftell
|
|
||||||
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
|
|
||||||
#define XFREAD fread
|
|
||||||
#define XFWRITE fwrite
|
|
||||||
#define XFCLOSE fclose
|
|
||||||
#define XSEEK_END IO_SEEK_END
|
|
||||||
#define XBADFILE NULL
|
|
||||||
#elif defined(MICRIUM)
|
|
||||||
#include <fs.h>
|
|
||||||
#define XFILE FS_FILE*
|
|
||||||
#define XFOPEN fs_fopen
|
|
||||||
#define XFSEEK fs_fseek
|
|
||||||
#define XFTELL fs_ftell
|
|
||||||
#define XREWIND fs_rewind
|
|
||||||
#define XFREAD fs_fread
|
|
||||||
#define XFWRITE fs_fwrite
|
|
||||||
#define XFCLOSE fs_fclose
|
|
||||||
#define XSEEK_END FS_SEEK_END
|
|
||||||
#define XBADFILE NULL
|
|
||||||
#else
|
|
||||||
/* stdio, default case */
|
|
||||||
#define XFILE FILE*
|
|
||||||
#if defined(CYASSL_MDK_ARM)
|
|
||||||
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
|
|
||||||
#define XFOPEN CyaSSL_fopen
|
|
||||||
#else
|
|
||||||
#define XFOPEN fopen
|
|
||||||
#endif
|
|
||||||
#define XFSEEK fseek
|
|
||||||
#define XFTELL ftell
|
|
||||||
#define XREWIND rewind
|
|
||||||
#define XFREAD fread
|
|
||||||
#define XFWRITE fwrite
|
|
||||||
#define XFCLOSE fclose
|
|
||||||
#define XSEEK_END SEEK_END
|
|
||||||
#define XBADFILE NULL
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
/* process a file with name fname into ctx of format and type
|
/* process a file with name fname into ctx of format and type
|
||||||
userChain specifies a user certificate chain to pass during handshake */
|
userChain specifies a user certificate chain to pass during handshake */
|
||||||
@ -3494,6 +3450,10 @@ int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
|
|||||||
|
|
||||||
#if defined(PERSIST_SESSION_CACHE)
|
#if defined(PERSIST_SESSION_CACHE)
|
||||||
|
|
||||||
|
/* for persistance, if changes to layout need to increment and modify
|
||||||
|
save_session_cache() and restore_session_cache and memory versions too */
|
||||||
|
#define CYASSL_CACHE_VERSION 2
|
||||||
|
|
||||||
/* Session Cache Header information */
|
/* Session Cache Header information */
|
||||||
typedef struct {
|
typedef struct {
|
||||||
int version; /* cache layout version id */
|
int version; /* cache layout version id */
|
||||||
@ -7916,6 +7876,8 @@ CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
|
|||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
|
|
||||||
|
#ifndef NO_STDIO_FILESYSTEM
|
||||||
|
|
||||||
CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
|
CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
|
||||||
{
|
{
|
||||||
CYASSL_X509* newX509 = NULL;
|
CYASSL_X509* newX509 = NULL;
|
||||||
@ -7945,6 +7907,8 @@ CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
|
|||||||
return newX509;
|
return newX509;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* NO_STDIO_FILESYSTEM */
|
||||||
|
|
||||||
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
|
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
|
||||||
{
|
{
|
||||||
byte staticBuffer[FILE_BUFFER_SIZE];
|
byte staticBuffer[FILE_BUFFER_SIZE];
|
||||||
@ -11377,3 +11341,9 @@ void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
|
|||||||
void CyaSSL_wolfSCEP(void) {}
|
void CyaSSL_wolfSCEP(void) {}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CYASSL_HAVE_CERT_SERVICE
|
||||||
|
/* Used by autoconf to see if cert service is available */
|
||||||
|
void CyaSSL_cert_service(void) {}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
89
src/tls.c
89
src/tls.c
@ -608,7 +608,6 @@ static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
|
|||||||
default: /* invalid type */
|
default: /* invalid type */
|
||||||
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
|
XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sni->type = type;
|
sni->type = type;
|
||||||
@ -721,46 +720,38 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
if (!extension)
|
if (!extension)
|
||||||
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
|
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
|
||||||
|
|
||||||
if (!extension || !extension->data) {
|
if (!extension || !extension->data)
|
||||||
if (!isRequest) {
|
return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
|
||||||
CYASSL_MSG("Unexpected SNI response from server");
|
SNI response from server. */
|
||||||
}
|
|
||||||
|
|
||||||
return 0; /* not using SNI */
|
if (!isRequest)
|
||||||
}
|
return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
|
||||||
|
Nothing else to do. */
|
||||||
if (!isRequest) {
|
|
||||||
if (length) {
|
|
||||||
CYASSL_MSG("SNI response should be empty!");
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0; /* nothing to do */
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
|
|
||||||
if (OPAQUE16_LEN > length)
|
if (OPAQUE16_LEN > length)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(input, &size);
|
ato16(input, &size);
|
||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
/* validating sni list length */
|
/* validating sni list length */
|
||||||
if (length != OPAQUE16_LEN + size)
|
if (length != OPAQUE16_LEN + size)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
for (size = 0; offset < length; offset += size) {
|
for (size = 0; offset < length; offset += size) {
|
||||||
SNI *sni;
|
SNI *sni;
|
||||||
byte type = input[offset++];
|
byte type = input[offset++];
|
||||||
|
|
||||||
if (offset + OPAQUE16_LEN > length)
|
if (offset + OPAQUE16_LEN > length)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(input + offset, &size);
|
ato16(input + offset, &size);
|
||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (offset + size > length)
|
if (offset + size > length)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
|
if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
|
||||||
continue; /* not using this SNI type */
|
continue; /* not using this SNI type */
|
||||||
@ -905,34 +896,34 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
|||||||
offset += HANDSHAKE_HEADER_SZ;
|
offset += HANDSHAKE_HEADER_SZ;
|
||||||
|
|
||||||
if (offset + len32 > helloSz)
|
if (offset + len32 > helloSz)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
/* client hello */
|
/* client hello */
|
||||||
offset += VERSION_SZ + RAN_LEN; /* version, random */
|
offset += VERSION_SZ + RAN_LEN; /* version, random */
|
||||||
|
|
||||||
if (helloSz < offset + clientHello[offset])
|
if (helloSz < offset + clientHello[offset])
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
offset += ENUM_LEN + clientHello[offset]; /* skip session id */
|
offset += ENUM_LEN + clientHello[offset]; /* skip session id */
|
||||||
|
|
||||||
/* cypher suites */
|
/* cypher suites */
|
||||||
if (helloSz < offset + OPAQUE16_LEN)
|
if (helloSz < offset + OPAQUE16_LEN)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(clientHello + offset, &len16);
|
ato16(clientHello + offset, &len16);
|
||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (helloSz < offset + len16)
|
if (helloSz < offset + len16)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
offset += len16; /* skip cypher suites */
|
offset += len16; /* skip cypher suites */
|
||||||
|
|
||||||
/* compression methods */
|
/* compression methods */
|
||||||
if (helloSz < offset + 1)
|
if (helloSz < offset + 1)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (helloSz < offset + clientHello[offset])
|
if (helloSz < offset + clientHello[offset])
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
|
offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
|
||||||
|
|
||||||
@ -944,7 +935,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
|||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (helloSz < offset + len16)
|
if (helloSz < offset + len16)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
|
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
|
||||||
word16 extType;
|
word16 extType;
|
||||||
@ -957,7 +948,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
|||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (helloSz < offset + extLen)
|
if (helloSz < offset + extLen)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (extType != SERVER_NAME_INDICATION) {
|
if (extType != SERVER_NAME_INDICATION) {
|
||||||
offset += extLen; /* skip extension */
|
offset += extLen; /* skip extension */
|
||||||
@ -968,7 +959,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
|||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (helloSz < offset + listLen)
|
if (helloSz < offset + listLen)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
while (listLen > ENUM_LEN + OPAQUE16_LEN) {
|
while (listLen > ENUM_LEN + OPAQUE16_LEN) {
|
||||||
byte sniType = clientHello[offset++];
|
byte sniType = clientHello[offset++];
|
||||||
@ -978,7 +969,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
|
|||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (helloSz < offset + sniLen)
|
if (helloSz < offset + sniLen)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
if (sniType != type) {
|
if (sniType != type) {
|
||||||
offset += sniLen;
|
offset += sniLen;
|
||||||
@ -1028,7 +1019,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
byte isRequest)
|
byte isRequest)
|
||||||
{
|
{
|
||||||
if (length != ENUM_LEN)
|
if (length != ENUM_LEN)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
switch (*input) {
|
switch (*input) {
|
||||||
case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
|
case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
|
||||||
@ -1135,7 +1126,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
byte isRequest)
|
byte isRequest)
|
||||||
{
|
{
|
||||||
if (length != 0 || input == NULL)
|
if (length != 0 || input == NULL)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
#ifndef NO_CYASSL_SERVER
|
#ifndef NO_CYASSL_SERVER
|
||||||
if (isRequest) {
|
if (isRequest) {
|
||||||
@ -1160,7 +1151,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
|
|
||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
|
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
|
|
||||||
#ifndef HAVE_ECC
|
#ifndef HAVE_ECC
|
||||||
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
|
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
|
||||||
@ -1258,21 +1249,21 @@ static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
|
|||||||
(void) isRequest; /* shut up compiler! */
|
(void) isRequest; /* shut up compiler! */
|
||||||
|
|
||||||
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
|
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(input, &offset);
|
ato16(input, &offset);
|
||||||
|
|
||||||
/* validating curve list length */
|
/* validating curve list length */
|
||||||
if (length != OPAQUE16_LEN + offset)
|
if (length != OPAQUE16_LEN + offset)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
while (offset) {
|
while (offset) {
|
||||||
ato16(input + offset, &name);
|
ato16(input + offset, &name);
|
||||||
offset -= OPAQUE16_LEN;
|
offset -= OPAQUE16_LEN;
|
||||||
|
|
||||||
r = TLSX_UseEllipticCurve(&ssl->extensions, name);
|
r = TLSX_UseSupportedCurve(&ssl->extensions, name);
|
||||||
|
|
||||||
if (r) return r; /* throw error */
|
if (r != SSL_SUCCESS) return r; /* throw error */
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -1300,6 +1291,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
|
|||||||
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
|
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
|
||||||
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
|
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
|
||||||
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
|
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
|
||||||
|
default: continue; /* unsupported curve */
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (second) {
|
switch (second) {
|
||||||
@ -1371,7 +1363,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
|
|||||||
|
|
||||||
#endif /* NO_CYASSL_SERVER */
|
#endif /* NO_CYASSL_SERVER */
|
||||||
|
|
||||||
int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
|
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
|
||||||
{
|
{
|
||||||
TLSX* extension = NULL;
|
TLSX* extension = NULL;
|
||||||
EllipticCurve* curve = NULL;
|
EllipticCurve* curve = NULL;
|
||||||
@ -1380,19 +1372,6 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
|
|||||||
if (extensions == NULL)
|
if (extensions == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
switch (name) {
|
|
||||||
case CYASSL_ECC_SECP160R1:
|
|
||||||
case CYASSL_ECC_SECP192R1:
|
|
||||||
case CYASSL_ECC_SECP224R1:
|
|
||||||
case CYASSL_ECC_SECP256R1:
|
|
||||||
case CYASSL_ECC_SECP384R1:
|
|
||||||
case CYASSL_ECC_SECP521R1:
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
|
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@ -1456,7 +1435,7 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
|
|||||||
#define EC_PARSE(a, b, c, d) 0
|
#define EC_PARSE(a, b, c, d) 0
|
||||||
#define EC_VALIDATE_REQUEST(a, b)
|
#define EC_VALIDATE_REQUEST(a, b)
|
||||||
|
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
|
TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
|
||||||
{
|
{
|
||||||
@ -1717,7 +1696,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|
|||||||
word16 size;
|
word16 size;
|
||||||
|
|
||||||
if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
|
if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
ato16(input + offset, &type);
|
ato16(input + offset, &type);
|
||||||
offset += HELLO_EXT_TYPE_SZ;
|
offset += HELLO_EXT_TYPE_SZ;
|
||||||
@ -1726,7 +1705,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|
|||||||
offset += OPAQUE16_LEN;
|
offset += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (offset + size > length)
|
if (offset + size > length)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case SERVER_NAME_INDICATION:
|
case SERVER_NAME_INDICATION:
|
||||||
@ -1760,7 +1739,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|
|||||||
ato16(input + offset, &suites->hashSigAlgoSz);
|
ato16(input + offset, &suites->hashSigAlgoSz);
|
||||||
|
|
||||||
if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
|
if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
|
||||||
return INCOMPLETE_DATA;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
XMEMCPY(suites->hashSigAlgo,
|
XMEMCPY(suites->hashSigAlgo,
|
||||||
input + offset + OPAQUE16_LEN,
|
input + offset + OPAQUE16_LEN,
|
||||||
@ -1788,7 +1767,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
|
|||||||
#elif defined(HAVE_SNI) \
|
#elif defined(HAVE_SNI) \
|
||||||
|| defined(HAVE_MAX_FRAGMENT) \
|
|| defined(HAVE_MAX_FRAGMENT) \
|
||||||
|| defined(HAVE_TRUNCATED_HMAC) \
|
|| defined(HAVE_TRUNCATED_HMAC) \
|
||||||
|| defined(HAVE_ELLIPTIC_CURVES)
|
|| defined(HAVE_SUPPORTED_CURVES)
|
||||||
|
|
||||||
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
|
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
|
||||||
|
|
||||||
|
62
tests/api.c
62
tests/api.c
@ -44,7 +44,9 @@ static int test_CyaSSL_CTX_load_verify_locations(void);
|
|||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
static int test_server_CyaSSL_new(void);
|
static int test_server_CyaSSL_new(void);
|
||||||
static int test_client_CyaSSL_new(void);
|
static int test_client_CyaSSL_new(void);
|
||||||
|
#ifndef SINGLE_THREADED
|
||||||
static int test_CyaSSL_read_write(void);
|
static int test_CyaSSL_read_write(void);
|
||||||
|
#endif /* SINGLE_THREADED */
|
||||||
#endif /* NO_RSA */
|
#endif /* NO_RSA */
|
||||||
#endif /* NO_FILESYSTEM */
|
#endif /* NO_FILESYSTEM */
|
||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
@ -56,9 +58,9 @@ static void test_CyaSSL_UseMaxFragment(void);
|
|||||||
#ifdef HAVE_TRUNCATED_HMAC
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
static void test_CyaSSL_UseTruncatedHMAC(void);
|
static void test_CyaSSL_UseTruncatedHMAC(void);
|
||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
static void test_CyaSSL_UseEllipticCurve(void);
|
static void test_CyaSSL_UseSupportedCurve(void);
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
/* test function helpers */
|
/* test function helpers */
|
||||||
static int test_method(CYASSL_METHOD *method, const char *name);
|
static int test_method(CYASSL_METHOD *method, const char *name);
|
||||||
@ -107,7 +109,9 @@ int ApiTest(void)
|
|||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
test_server_CyaSSL_new();
|
test_server_CyaSSL_new();
|
||||||
test_client_CyaSSL_new();
|
test_client_CyaSSL_new();
|
||||||
|
#ifndef SINGLE_THREADED
|
||||||
test_CyaSSL_read_write();
|
test_CyaSSL_read_write();
|
||||||
|
#endif /* SINGLE_THREADED */
|
||||||
#endif /* NO_RSA */
|
#endif /* NO_RSA */
|
||||||
#endif /* NO_FILESYSTEM */
|
#endif /* NO_FILESYSTEM */
|
||||||
#ifdef HAVE_SNI
|
#ifdef HAVE_SNI
|
||||||
@ -119,9 +123,9 @@ int ApiTest(void)
|
|||||||
#ifdef HAVE_TRUNCATED_HMAC
|
#ifdef HAVE_TRUNCATED_HMAC
|
||||||
test_CyaSSL_UseTruncatedHMAC();
|
test_CyaSSL_UseTruncatedHMAC();
|
||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
test_CyaSSL_UseEllipticCurve();
|
test_CyaSSL_UseSupportedCurve();
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
test_CyaSSL_Cleanup();
|
test_CyaSSL_Cleanup();
|
||||||
printf(" End API Tests\n");
|
printf(" End API Tests\n");
|
||||||
|
|
||||||
@ -542,8 +546,8 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
|
|||||||
}
|
}
|
||||||
#endif /* HAVE_TRUNCATED_HMAC */
|
#endif /* HAVE_TRUNCATED_HMAC */
|
||||||
|
|
||||||
#ifdef HAVE_ELLIPTIC_CURVES
|
#ifdef HAVE_SUPPORTED_CURVES
|
||||||
static void test_CyaSSL_UseEllipticCurve(void)
|
static void test_CyaSSL_UseSupportedCurve(void)
|
||||||
{
|
{
|
||||||
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
|
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
|
||||||
CYASSL *ssl = CyaSSL_new(ctx);
|
CYASSL *ssl = CyaSSL_new(ctx);
|
||||||
@ -553,21 +557,21 @@ static void test_CyaSSL_UseEllipticCurve(void)
|
|||||||
|
|
||||||
#ifndef NO_CYASSL_CLIENT
|
#ifndef NO_CYASSL_CLIENT
|
||||||
/* error cases */
|
/* error cases */
|
||||||
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
|
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
|
||||||
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(ctx, 0));
|
AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
|
||||||
|
|
||||||
AssertIntNE(1, CyaSSL_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1));
|
AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
|
||||||
AssertIntNE(1, CyaSSL_UseEllipticCurve(ssl, 0));
|
AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0));
|
||||||
|
|
||||||
/* success case */
|
/* success case */
|
||||||
AssertIntEQ(1, CyaSSL_CTX_UseEllipticCurve(ctx, CYASSL_ECC_SECP160R1));
|
AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
|
||||||
AssertIntEQ(1, CyaSSL_UseEllipticCurve(ssl, CYASSL_ECC_SECP160R1));
|
AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
CyaSSL_free(ssl);
|
CyaSSL_free(ssl);
|
||||||
CyaSSL_CTX_free(ctx);
|
CyaSSL_CTX_free(ctx);
|
||||||
}
|
}
|
||||||
#endif /* HAVE_ELLIPTIC_CURVES */
|
#endif /* HAVE_SUPPORTED_CURVES */
|
||||||
|
|
||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||||
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
|
/* Helper for testing CyaSSL_CTX_use_certificate_file() */
|
||||||
@ -892,6 +896,8 @@ int test_client_CyaSSL_new(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef SINGLE_THREADED
|
||||||
|
|
||||||
static int test_CyaSSL_read_write(void)
|
static int test_CyaSSL_read_write(void)
|
||||||
{
|
{
|
||||||
/* The unit testing for read and write shall happen simutaneously, since
|
/* The unit testing for read and write shall happen simutaneously, since
|
||||||
@ -923,6 +929,7 @@ static int test_CyaSSL_read_write(void)
|
|||||||
|
|
||||||
InitTcpReady(&ready);
|
InitTcpReady(&ready);
|
||||||
server_args.signal = &ready;
|
server_args.signal = &ready;
|
||||||
|
client_args.signal = &ready;
|
||||||
start_thread(test_server_nofail, &server_args, &serverThread);
|
start_thread(test_server_nofail, &server_args, &serverThread);
|
||||||
wait_tcp_ready(&server_args);
|
wait_tcp_ready(&server_args);
|
||||||
test_client_nofail(&client_args);
|
test_client_nofail(&client_args);
|
||||||
@ -942,7 +949,7 @@ static int test_CyaSSL_read_write(void)
|
|||||||
FreeTcpReady(&ready);
|
FreeTcpReady(&ready);
|
||||||
|
|
||||||
return test_result;
|
return test_result;
|
||||||
};
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -950,6 +957,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
|
|||||||
{
|
{
|
||||||
SOCKET_T sockfd = 0;
|
SOCKET_T sockfd = 0;
|
||||||
SOCKET_T clientfd = 0;
|
SOCKET_T clientfd = 0;
|
||||||
|
word16 port = yasslPort;
|
||||||
|
|
||||||
CYASSL_METHOD* method = 0;
|
CYASSL_METHOD* method = 0;
|
||||||
CYASSL_CTX* ctx = 0;
|
CYASSL_CTX* ctx = 0;
|
||||||
@ -963,6 +971,11 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
|
|||||||
method = CyaSSLv23_server_method();
|
method = CyaSSLv23_server_method();
|
||||||
ctx = CyaSSL_CTX_new(method);
|
ctx = CyaSSL_CTX_new(method);
|
||||||
|
|
||||||
|
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
|
||||||
|
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
|
||||||
|
port = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
CyaSSL_CTX_set_verify(ctx,
|
CyaSSL_CTX_set_verify(ctx,
|
||||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
|
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
|
||||||
|
|
||||||
@ -990,7 +1003,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
ssl = CyaSSL_new(ctx);
|
ssl = CyaSSL_new(ctx);
|
||||||
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
|
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0);
|
||||||
CloseSocket(sockfd);
|
CloseSocket(sockfd);
|
||||||
|
|
||||||
CyaSSL_set_fd(ssl, clientfd);
|
CyaSSL_set_fd(ssl, clientfd);
|
||||||
@ -1074,7 +1087,7 @@ void test_client_nofail(void* args)
|
|||||||
goto done2;
|
goto done2;
|
||||||
}
|
}
|
||||||
|
|
||||||
tcp_connect(&sockfd, yasslIP, yasslPort, 0);
|
tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0);
|
||||||
|
|
||||||
ssl = CyaSSL_new(ctx);
|
ssl = CyaSSL_new(ctx);
|
||||||
CyaSSL_set_fd(ssl, sockfd);
|
CyaSSL_set_fd(ssl, sockfd);
|
||||||
@ -1139,7 +1152,7 @@ void run_cyassl_client(void* args)
|
|||||||
if (callbacks->ctx_ready)
|
if (callbacks->ctx_ready)
|
||||||
callbacks->ctx_ready(ctx);
|
callbacks->ctx_ready(ctx);
|
||||||
|
|
||||||
tcp_connect(&sfd, yasslIP, yasslPort, 0);
|
tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0);
|
||||||
|
|
||||||
ssl = CyaSSL_new(ctx);
|
ssl = CyaSSL_new(ctx);
|
||||||
CyaSSL_set_fd(ssl, sfd);
|
CyaSSL_set_fd(ssl, sfd);
|
||||||
@ -1178,6 +1191,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
|
|||||||
CYASSL* ssl = NULL;
|
CYASSL* ssl = NULL;
|
||||||
SOCKET_T sfd = 0;
|
SOCKET_T sfd = 0;
|
||||||
SOCKET_T cfd = 0;
|
SOCKET_T cfd = 0;
|
||||||
|
word16 port = yasslPort;
|
||||||
|
|
||||||
char msg[] = "I hear you fa shizzle!";
|
char msg[] = "I hear you fa shizzle!";
|
||||||
int len = (int) XSTRLEN(msg);
|
int len = (int) XSTRLEN(msg);
|
||||||
@ -1186,6 +1200,11 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
|
|||||||
|
|
||||||
((func_args*)args)->return_code = TEST_FAIL;
|
((func_args*)args)->return_code = TEST_FAIL;
|
||||||
|
|
||||||
|
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
|
||||||
|
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
|
||||||
|
port = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
CyaSSL_CTX_set_verify(ctx,
|
CyaSSL_CTX_set_verify(ctx,
|
||||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
|
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
|
||||||
|
|
||||||
@ -1207,7 +1226,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
|
|||||||
|
|
||||||
ssl = CyaSSL_new(ctx);
|
ssl = CyaSSL_new(ctx);
|
||||||
|
|
||||||
tcp_accept(&sfd, &cfd, (func_args*)args, yasslPort, 0, 0);
|
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0);
|
||||||
CloseSocket(sfd);
|
CloseSocket(sfd);
|
||||||
|
|
||||||
CyaSSL_set_fd(ssl, cfd);
|
CyaSSL_set_fd(ssl, cfd);
|
||||||
@ -1268,6 +1287,7 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
|
|||||||
/* RUN Server side */
|
/* RUN Server side */
|
||||||
InitTcpReady(&ready);
|
InitTcpReady(&ready);
|
||||||
server_args.signal = &ready;
|
server_args.signal = &ready;
|
||||||
|
client_args.signal = &ready;
|
||||||
start_thread(run_cyassl_server, &server_args, &serverThread);
|
start_thread(run_cyassl_server, &server_args, &serverThread);
|
||||||
wait_tcp_ready(&server_args);
|
wait_tcp_ready(&server_args);
|
||||||
|
|
||||||
@ -1278,4 +1298,6 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
|
|||||||
FreeTcpReady(&ready);
|
FreeTcpReady(&ready);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* SINGLE_THREADED*/
|
||||||
|
|
||||||
#endif /* NO_FILESYSTEM */
|
#endif /* NO_FILESYSTEM */
|
||||||
|
@ -4,20 +4,20 @@
|
|||||||
|
|
||||||
|
|
||||||
if BUILD_EXAMPLES
|
if BUILD_EXAMPLES
|
||||||
check_PROGRAMS += tests/unit
|
check_PROGRAMS += tests/unit.test
|
||||||
noinst_PROGRAMS += tests/unit
|
noinst_PROGRAMS += tests/unit.test
|
||||||
tests_unit_SOURCES = \
|
tests_unit_test_SOURCES = \
|
||||||
tests/unit.c \
|
tests/unit.c \
|
||||||
tests/api.c \
|
tests/api.c \
|
||||||
tests/suites.c \
|
tests/suites.c \
|
||||||
tests/hash.c \
|
tests/hash.c \
|
||||||
examples/client/client.c \
|
examples/client/client.c \
|
||||||
examples/server/server.c
|
examples/server/server.c
|
||||||
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
|
tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
|
||||||
tests_unit_LDADD = src/libcyassl.la
|
tests_unit_test_LDADD = src/libcyassl.la
|
||||||
tests_unit_DEPENDENCIES = src/libcyassl.la
|
tests_unit_test_DEPENDENCIES = src/libcyassl.la
|
||||||
endif
|
endif
|
||||||
EXTRA_DIST += tests/unit.h
|
EXTRA_DIST += tests/unit.h
|
||||||
EXTRA_DIST += tests/test.conf \
|
EXTRA_DIST += tests/test.conf \
|
||||||
tests/test-dtls.conf
|
tests/test-dtls.conf
|
||||||
DISTCLEANFILES+= tests/.libs/unit
|
DISTCLEANFILES+= tests/.libs/unit.test
|
||||||
|
@ -36,18 +36,20 @@
|
|||||||
#define MAX_COMMAND_SZ 240
|
#define MAX_COMMAND_SZ 240
|
||||||
#define MAX_SUITE_SZ 80
|
#define MAX_SUITE_SZ 80
|
||||||
#define NOT_BUILT_IN -123
|
#define NOT_BUILT_IN -123
|
||||||
|
#ifdef NO_OLD_TLS
|
||||||
#define VERSION_TOO_OLD -124
|
#define VERSION_TOO_OLD -124
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "examples/client/client.h"
|
#include "examples/client/client.h"
|
||||||
#include "examples/server/server.h"
|
#include "examples/server/server.h"
|
||||||
|
|
||||||
|
|
||||||
CYASSL_CTX* cipherSuiteCtx = NULL;
|
static CYASSL_CTX* cipherSuiteCtx = NULL;
|
||||||
char nonblockFlag[] = "-N";
|
static char nonblockFlag[] = "-N";
|
||||||
char noVerifyFlag[] = "-d";
|
static char noVerifyFlag[] = "-d";
|
||||||
char portFlag[] = "-p";
|
static char portFlag[] = "-p";
|
||||||
char flagSep[] = " ";
|
static char flagSep[] = " ";
|
||||||
char svrPort[] = "0";
|
static char svrPort[] = "0";
|
||||||
|
|
||||||
|
|
||||||
#ifdef NO_OLD_TLS
|
#ifdef NO_OLD_TLS
|
||||||
@ -80,8 +82,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
|
|||||||
int valid = 0;
|
int valid = 0;
|
||||||
|
|
||||||
const char* find = "-l ";
|
const char* find = "-l ";
|
||||||
char* begin = strstr(line, find);
|
const char* begin = strstr(line, find);
|
||||||
char* end;
|
const char* end;
|
||||||
|
|
||||||
suite[0] = '\0';
|
suite[0] = '\0';
|
||||||
|
|
||||||
|
25
tests/unit.c
25
tests/unit.c
@ -42,10 +42,12 @@ int main(int argc, char** argv)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef SINGLE_THREADED
|
||||||
if ( (ret = SuiteTest()) != 0){
|
if ( (ret = SuiteTest()) != 0){
|
||||||
printf("suite test failed with %d\n", ret);
|
printf("suite test failed with %d\n", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_CAVIUM
|
#ifdef HAVE_CAVIUM
|
||||||
CspShutdown(CAVIUM_DEV_ID);
|
CspShutdown(CAVIUM_DEV_ID);
|
||||||
@ -55,9 +57,12 @@ int main(int argc, char** argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void wait_tcp_ready(func_args* args)
|
void wait_tcp_ready(func_args* args)
|
||||||
{
|
{
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#ifdef SINGLE_THREADED
|
||||||
|
(void)args;
|
||||||
|
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_mutex_lock(&args->signal->mutex);
|
pthread_mutex_lock(&args->signal->mutex);
|
||||||
|
|
||||||
if (!args->signal->ready)
|
if (!args->signal->ready)
|
||||||
@ -73,7 +78,11 @@ void wait_tcp_ready(func_args* args)
|
|||||||
|
|
||||||
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
|
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
|
||||||
{
|
{
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#ifdef SINGLE_THREADED
|
||||||
|
(void)fun;
|
||||||
|
(void)args;
|
||||||
|
(void)thread;
|
||||||
|
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_create(thread, 0, fun, args);
|
pthread_create(thread, 0, fun, args);
|
||||||
return;
|
return;
|
||||||
#else
|
#else
|
||||||
@ -84,7 +93,9 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
|
|||||||
|
|
||||||
void join_thread(THREAD_TYPE thread)
|
void join_thread(THREAD_TYPE thread)
|
||||||
{
|
{
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#ifdef SINGLE_THREADED
|
||||||
|
(void)thread;
|
||||||
|
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_join(thread, 0);
|
pthread_join(thread, 0);
|
||||||
#else
|
#else
|
||||||
int res = WaitForSingleObject((HANDLE)thread, INFINITE);
|
int res = WaitForSingleObject((HANDLE)thread, INFINITE);
|
||||||
@ -99,7 +110,8 @@ void InitTcpReady(tcp_ready* ready)
|
|||||||
{
|
{
|
||||||
ready->ready = 0;
|
ready->ready = 0;
|
||||||
ready->port = 0;
|
ready->port = 0;
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#ifdef SINGLE_THREADED
|
||||||
|
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_mutex_init(&ready->mutex, 0);
|
pthread_mutex_init(&ready->mutex, 0);
|
||||||
pthread_cond_init(&ready->cond, 0);
|
pthread_cond_init(&ready->cond, 0);
|
||||||
#endif
|
#endif
|
||||||
@ -108,10 +120,13 @@ void InitTcpReady(tcp_ready* ready)
|
|||||||
|
|
||||||
void FreeTcpReady(tcp_ready* ready)
|
void FreeTcpReady(tcp_ready* ready)
|
||||||
{
|
{
|
||||||
#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
#ifdef SINGLE_THREADED
|
||||||
|
(void)ready;
|
||||||
|
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||||
pthread_mutex_destroy(&ready->mutex);
|
pthread_mutex_destroy(&ready->mutex);
|
||||||
pthread_cond_destroy(&ready->cond);
|
pthread_cond_destroy(&ready->cond);
|
||||||
#else
|
#else
|
||||||
(void)ready;
|
(void)ready;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,22 +4,22 @@
|
|||||||
|
|
||||||
|
|
||||||
if BUILD_EXAMPLES
|
if BUILD_EXAMPLES
|
||||||
check_PROGRAMS += testsuite/testsuite
|
check_PROGRAMS += testsuite/testsuite.test
|
||||||
noinst_PROGRAMS += testsuite/testsuite
|
noinst_PROGRAMS += testsuite/testsuite.test
|
||||||
testsuite_testsuite_SOURCES = \
|
testsuite_testsuite_test_SOURCES = \
|
||||||
ctaocrypt/test/test.c \
|
ctaocrypt/test/test.c \
|
||||||
examples/client/client.c \
|
examples/client/client.c \
|
||||||
examples/echoclient/echoclient.c \
|
examples/echoclient/echoclient.c \
|
||||||
examples/echoserver/echoserver.c \
|
examples/echoserver/echoserver.c \
|
||||||
examples/server/server.c \
|
examples/server/server.c \
|
||||||
testsuite/testsuite.c
|
testsuite/testsuite.c
|
||||||
testsuite_testsuite_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
|
testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
|
||||||
testsuite_testsuite_LDADD = src/libcyassl.la
|
testsuite_testsuite_test_LDADD = src/libcyassl.la
|
||||||
testsuite_testsuite_DEPENDENCIES = src/libcyassl.la
|
testsuite_testsuite_test_DEPENDENCIES = src/libcyassl.la
|
||||||
endif
|
endif
|
||||||
EXTRA_DIST += testsuite/testsuite.sln
|
EXTRA_DIST += testsuite/testsuite.sln
|
||||||
EXTRA_DIST += testsuite/testsuite-ntru.vcproj
|
EXTRA_DIST += testsuite/testsuite-ntru.vcproj
|
||||||
EXTRA_DIST += testsuite/testsuite.vcproj
|
EXTRA_DIST += testsuite/testsuite.vcproj
|
||||||
EXTRA_DIST += input
|
EXTRA_DIST += input
|
||||||
EXTRA_DIST += quit
|
EXTRA_DIST += quit
|
||||||
DISTCLEANFILES+= testsuite/.libs/testsuite
|
DISTCLEANFILES+= testsuite/.libs/testsuite.test
|
||||||
|
@ -25,22 +25,18 @@
|
|||||||
|
|
||||||
#include <cyassl/ctaocrypt/settings.h>
|
#include <cyassl/ctaocrypt/settings.h>
|
||||||
|
|
||||||
#include <cyassl/openssl/ssl.h>
|
|
||||||
#include <cyassl/test.h>
|
#include <cyassl/test.h>
|
||||||
#include <cyassl/ctaocrypt/sha256.h>
|
|
||||||
|
|
||||||
#include "ctaocrypt/test/test.h"
|
#include "ctaocrypt/test/test.h"
|
||||||
|
|
||||||
#ifdef SINGLE_THREADED
|
#ifndef SINGLE_THREADED
|
||||||
#error testsuite needs threads to run, please run ctaocrypt/test, \
|
|
||||||
and the examples/ individually
|
#include <cyassl/openssl/ssl.h>
|
||||||
#endif
|
#include <cyassl/ctaocrypt/sha256.h>
|
||||||
|
|
||||||
#include "examples/echoclient/echoclient.h"
|
#include "examples/echoclient/echoclient.h"
|
||||||
#include "examples/echoserver/echoserver.h"
|
#include "examples/echoserver/echoserver.h"
|
||||||
#include "examples/server/server.h"
|
#include "examples/server/server.h"
|
||||||
#include "examples/client/client.h"
|
#include "examples/client/client.h"
|
||||||
#include "ctaocrypt/test/test.h"
|
|
||||||
|
|
||||||
|
|
||||||
void file_test(const char* file, byte* hash);
|
void file_test(const char* file, byte* hash);
|
||||||
@ -52,9 +48,9 @@ enum {
|
|||||||
};
|
};
|
||||||
|
|
||||||
#ifndef USE_WINDOWS_API
|
#ifndef USE_WINDOWS_API
|
||||||
const char outputName[] = "/tmp/output";
|
static const char outputName[] = "/tmp/output";
|
||||||
#else
|
#else
|
||||||
const char outputName[] = "output";
|
static const char outputName[] = "output";
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
@ -117,7 +113,7 @@ int main(int argc, char** argv)
|
|||||||
myArgv[1] = argc1;
|
myArgv[1] = argc1;
|
||||||
myArgv[2] = argc2;
|
myArgv[2] = argc2;
|
||||||
|
|
||||||
echo_args.argc = NUMARGS;
|
echo_args.argc = 3;
|
||||||
echo_args.argv = myArgv;
|
echo_args.argv = myArgv;
|
||||||
|
|
||||||
strcpy(echo_args.argv[0], "echoclient");
|
strcpy(echo_args.argv[0], "echoclient");
|
||||||
@ -171,10 +167,16 @@ void simple_test(func_args* args)
|
|||||||
THREAD_TYPE serverThread;
|
THREAD_TYPE serverThread;
|
||||||
|
|
||||||
func_args svrArgs;
|
func_args svrArgs;
|
||||||
char *svrArgv[NUMARGS];
|
char *svrArgv[9];
|
||||||
char argc0s[32];
|
char argc0s[32];
|
||||||
char argc1s[32];
|
char argc1s[32];
|
||||||
char argc2s[32];
|
char argc2s[32];
|
||||||
|
char argc3s[32];
|
||||||
|
char argc4s[32];
|
||||||
|
char argc5s[32];
|
||||||
|
char argc6s[32];
|
||||||
|
char argc7s[32];
|
||||||
|
char argc8s[32];
|
||||||
|
|
||||||
func_args cliArgs;
|
func_args cliArgs;
|
||||||
char *cliArgv[NUMARGS];
|
char *cliArgv[NUMARGS];
|
||||||
@ -185,6 +187,12 @@ void simple_test(func_args* args)
|
|||||||
svrArgv[0] = argc0s;
|
svrArgv[0] = argc0s;
|
||||||
svrArgv[1] = argc1s;
|
svrArgv[1] = argc1s;
|
||||||
svrArgv[2] = argc2s;
|
svrArgv[2] = argc2s;
|
||||||
|
svrArgv[3] = argc3s;
|
||||||
|
svrArgv[4] = argc4s;
|
||||||
|
svrArgv[5] = argc5s;
|
||||||
|
svrArgv[6] = argc6s;
|
||||||
|
svrArgv[7] = argc7s;
|
||||||
|
svrArgv[8] = argc8s;
|
||||||
cliArgv[0] = argc0c;
|
cliArgv[0] = argc0c;
|
||||||
cliArgv[1] = argc1c;
|
cliArgv[1] = argc1c;
|
||||||
cliArgv[2] = argc2c;
|
cliArgv[2] = argc2c;
|
||||||
@ -198,9 +206,16 @@ void simple_test(func_args* args)
|
|||||||
|
|
||||||
strcpy(svrArgs.argv[0], "SimpleServer");
|
strcpy(svrArgs.argv[0], "SimpleServer");
|
||||||
#if !defined(USE_WINDOWS_API) && !defined(CYASSL_SNIFFER)
|
#if !defined(USE_WINDOWS_API) && !defined(CYASSL_SNIFFER)
|
||||||
svrArgs.argc = NUMARGS;
|
strcpy(svrArgs.argv[svrArgs.argc++], "-p");
|
||||||
strcpy(svrArgs.argv[1], "-p");
|
strcpy(svrArgs.argv[svrArgs.argc++], "0");
|
||||||
strcpy(svrArgs.argv[2], "0");
|
#endif
|
||||||
|
#ifdef HAVE_NTRU
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "-d");
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "-n");
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "-c");
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-cert.pem");
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "-k");
|
||||||
|
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-key.raw");
|
||||||
#endif
|
#endif
|
||||||
/* Set the last arg later, when it is known. */
|
/* Set the last arg later, when it is known. */
|
||||||
|
|
||||||
@ -317,3 +332,35 @@ void file_test(const char* file, byte* check)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#else /* SINGLE_THREADED */
|
||||||
|
|
||||||
|
|
||||||
|
int myoptind = 0;
|
||||||
|
char* myoptarg = NULL;
|
||||||
|
|
||||||
|
|
||||||
|
int main(int argc, char** argv)
|
||||||
|
{
|
||||||
|
func_args server_args;
|
||||||
|
|
||||||
|
server_args.argc = argc;
|
||||||
|
server_args.argv = argv;
|
||||||
|
|
||||||
|
if (CurrentDir("testsuite") || CurrentDir("_build"))
|
||||||
|
ChangeDirBack(1);
|
||||||
|
else if (CurrentDir("Debug") || CurrentDir("Release"))
|
||||||
|
ChangeDirBack(3); /* Xcode->Preferences->Locations->Locations*/
|
||||||
|
/* Derived Data Advanced -> Custom */
|
||||||
|
/* Relative to Workspace, Build/Products */
|
||||||
|
/* Debug or Release */
|
||||||
|
|
||||||
|
ctaocrypt_test(&server_args);
|
||||||
|
if (server_args.return_code != 0) return server_args.return_code;
|
||||||
|
|
||||||
|
printf("\nAll tests passed!\n");
|
||||||
|
return EXIT_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* SINGLE_THREADED */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user