This commit is contained in:
Takashi Kojo 2014-03-11 09:55:57 +09:00
commit 8ea2eec773
54 changed files with 1150 additions and 794 deletions

2
.gitignore vendored
View File

@ -41,6 +41,8 @@ output
mcapi/test mcapi/test
testsuite/testsuite testsuite/testsuite
tests/unit tests/unit
testsuite/testsuite.test
tests/unit.test
testsuite/*.der testsuite/*.der
testsuite/*.pem testsuite/*.pem
testsuite/*.raw testsuite/*.raw

View File

@ -76,8 +76,10 @@ if USE_VALGRIND
TESTS_ENVIRONMENT=./valgrind-error.sh TESTS_ENVIRONMENT=./valgrind-error.sh
endif endif
TEST_EXTENSIONS=.test
TESTS += $(check_PROGRAMS) TESTS += $(check_PROGRAMS)
test: check test: check
tests/unit.log: testsuite/testsuite.log
DISTCLEANFILES+= cyassl-config DISTCLEANFILES+= cyassl-config

24
README
View File

@ -35,11 +35,33 @@ before calling SSL_new(); Though it's not recommended.
*** end Notes *** *** end Notes ***
CyaSSL Release 2.9.0 (X/XX/XXXX) CyaSSL Release 2.9.0 (02/07/2014)
Release 2.9.0 CyaSSL has bug fixes and new features including: Release 2.9.0 CyaSSL has bug fixes and new features including:
- Freescale Kinetis RNGB support - Freescale Kinetis RNGB support
- Freescale Kinetis mmCAU support - Freescale Kinetis mmCAU support
- TLS Hello extensions
- ECC
- Secure Renegotiation (null)
- Truncated HMAC
- SCEP support
- PKCS #7 Enveloped data and signed data
- PKCS #10 Certificate Signing Request generation
- DTLS sliding window
- OCSP Improvements
- API change to integrate into Certificate Manager
- IPv4/IPv6 agnostic
- example client/server support for OCSP
- OCSP nonces are optional
- GMAC hashing
- Windows build additions
- Windows CYGWIN build fixes
- Updated test certificates
- Microchip MPLAB Harmony support
- Update autoconf scripts
- Additional X.509 inspection functions
- ECC encrypt/decrypt primitives
- ECC Certificate generation
The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
K53 Sub-Family Reference Manual: K53 Sub-Family Reference Manual:

View File

@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1) Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Dec 14 21:32:30 2013 GMT Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions: CRL extensions:
X509v3 CRL Number: X509v3 CRL Number:
87 3
No Revoked Certificates. Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
0f:16:d2:d6:62:f8:c0:db:b2:2c:de:9d:0a:10:72:0e:85:6e: 36:33:8d:75:7a:2c:40:dc:e2:64:71:de:1d:06:b4:0e:d3:98:
25:1d:38:20:1b:d5:66:d9:d3:9e:0e:a6:9e:e8:60:20:1c:b5: 63:05:79:84:53:76:9b:aa:51:70:a1:3a:ab:12:f7:da:69:70:
c9:ab:09:c3:a5:d5:c3:91:a3:9a:ff:44:40:68:da:7b:da:4a: 34:5b:4d:08:01:a6:3b:16:25:ac:3d:11:0c:80:94:bc:dc:b5:
3c:15:17:89:0a:49:b9:af:b2:ac:f0:e2:b5:0e:4d:c0:22:d7: 51:7c:84:11:65:d7:d2:24:16:f5:ac:11:0b:ea:72:62:4a:cb:
5e:c1:02:9e:f3:95:20:62:7c:88:d9:32:97:12:04:1a:6f:8c: 83:c1:6c:96:ec:6b:ce:1f:26:88:89:8a:74:90:fb:d3:67:91:
d8:7b:9f:0c:1e:91:fe:98:52:17:de:f2:ee:7c:66:e7:db:91: 8c:f7:ef:0e:ca:81:39:22:89:1a:52:75:d0:13:ba:ee:83:0c:
99:7a:f7:09:c9:15:16:3d:a2:1c:13:af:ad:e0:70:b8:6b:e5: 61:e9:b4:d8:f1:3f:80:77:29:d2:bb:7e:81:29:a8:fb:1f:ad:
dc:8e:f8:b5:ec:ff:f7:88:1b:ce:46:eb:22:ff:10:2f:ea:53: 92:91:bd:e9:b8:29:3f:a3:ec:44:b5:09:e5:03:3c:1b:2d:df:
f0:86:62:1a:ab:6f:4d:05:45:e8:5c:ba:b5:8d:0d:38:72:cd: 4c:27:45:94:da:be:50:dd:b9:78:3f:1f:92:92:59:a5:ad:5a:
df:a1:74:31:bb:ad:68:7d:56:be:d8:7e:7a:f5:ef:52:be:14: ef:95:71:ff:ca:ff:db:70:53:17:aa:00:40:9b:4c:ff:fb:be:
5c:6d:ed:b4:2a:c9:ab:97:ba:e8:93:c5:6b:79:66:c7:52:a8: 73:7a:8e:0f:07:9b:b9:14:fd:a4:b4:d7:79:4b:3e:ff:c6:90:
0d:62:dc:cb:e2:4c:e6:53:f4:c3:5c:ce:47:0f:39:46:9a:cb: ef:91:2e:a2:f3:ee:4b:1f:16:47:2a:a3:39:f9:b5:fd:74:fa:
82:d9:98:7d:69:41:aa:ac:6a:7a:e9:02:c9:9b:77:59:7f:6a: 8f:c4:15:8d:77:7f:46:78:6f:ba:a5:4e:bc:63:8f:39:63:c9:
90:54:10:8a:45:c7:49:5f:ca:be:66:6a:20:e1:cd:e8:10:09: 68:3d:8f:02:3a:4a:d0:d5:c4:47:6a:2c:4d:6c:d5:e2:a7:5f:
30:7e:16:44 35:ba:65:e4
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV MIIB/jCB5wIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIx CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIw
NDIxMzIzMFqgDjAMMAoGA1UdFAQDAgFXMA0GCSqGSIb3DQEBBQUAA4IBAQAPFtLW NzIwMTQwNlowFDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBAzAN
YvjA27Is3p0KEHIOhW4lHTggG9Vm2dOeDqae6GAgHLXJqwnDpdXDkaOa/0RAaNp7 BgkqhkiG9w0BAQUFAAOCAQEANjONdXosQNziZHHeHQa0DtOYYwV5hFN2m6pRcKE6
2ko8FReJCkm5r7Ks8OK1Dk3AItdewQKe85UgYnyI2TKXEgQab4zYe58MHpH+mFIX qxL32mlwNFtNCAGmOxYlrD0RDICUvNy1UXyEEWXX0iQW9awRC+pyYkrLg8Fsluxr
3vLufGbn25GZevcJyRUWPaIcE6+t4HC4a+Xcjvi17P/3iBvORusi/xAv6lPwhmIa zh8miImKdJD702eRjPfvDsqBOSKJGlJ10BO67oMMYem02PE/gHcp0rt+gSmo+x+t
q29NBUXoXLq1jQ04cs3foXQxu61ofVa+2H569e9SvhRcbe20Ksmrl7rok8VreWbH kpG96bgpP6PsRLUJ5QM8Gy3fTCdFlNq+UN25eD8fkpJZpa1a75Vx/8r/23BTF6oA
UqgNYtzL4kzmU/TDXM5HDzlGmsuC2Zh9aUGqrGp66QLJm3dZf2qQVBCKRcdJX8q+ QJtM//u+c3qODwebuRT9pLTXeUs+/8aQ75EuovPuSx8WRyqjOfm1/XT6j8QVjXd/
Zmog4c3oEAkwfhZE RnhvuqVOvGOPOWPJaD2PAjpK0NXER2osTWzV4qdfNbpl5A==
-----END X509 CRL----- -----END X509 CRL-----

View File

@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
Version 2 (0x1) Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Dec 14 21:32:30 2013 GMT Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions: CRL extensions:
X509v3 CRL Number: X509v3 CRL Number:
85 1
No Revoked Certificates. No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
4d:9c:63:22:02:91:fe:52:35:93:7c:b6:5b:e8:86:5a:29:a2: 4b:c1:68:4f:80:01:0e:ab:ff:c1:8f:5e:e5:3c:01:7a:fd:9c:
4d:9a:bc:d9:16:e0:8a:04:90:4d:ae:21:00:be:9c:81:5b:68: bb:21:b3:68:73:7c:e9:dc:c5:70:a8:fd:1b:74:27:c2:9e:7d:
6e:90:1a:fd:1a:37:70:85:50:f2:02:87:1c:38:f4:ef:9d:41: 11:9c:95:b9:fb:73:ac:50:bb:b7:4a:5e:f1:f3:44:b4:7c:b5:
f5:4f:53:66:d4:c0:22:80:00:82:7a:09:42:49:c3:1c:c9:4c: 21:0f:32:48:2e:b2:03:95:a7:09:6b:25:87:c3:1d:9c:3f:8f:
9f:92:f9:66:f4:21:1f:24:67:4f:83:6a:bd:3a:19:f1:04:99: 69:91:30:fb:e5:a1:b2:26:1a:ed:8f:73:06:2d:bd:bc:72:f4:
ea:30:05:bf:a7:3d:bf:71:ac:3e:3a:ba:2a:c5:05:12:53:eb: b8:bd:63:61:90:c7:91:2b:68:52:51:47:0d:d6:a1:79:b8:4b:
5c:6f:ed:2d:4b:c0:f5:00:e1:95:45:c9:62:b5:89:66:4b:2b: bc:30:57:94:fa:b7:49:80:1a:1f:4d:aa:a3:8b:cd:8f:5d:8e:
01:fc:66:29:a3:0a:9a:05:ae:f7:9f:51:2a:9c:3b:18:03:ed: ad:8b:d6:d1:5b:c1:cf:f2:0c:60:22:19:87:42:db:42:8b:aa:
c4:7c:33:62:93:30:49:ab:c4:d1:07:f4:18:ac:96:24:1e:c2: 47:36:4d:20:eb:cb:72:ce:4b:48:1b:f3:4d:0b:e0:f8:58:27:
fa:37:ed:82:db:06:66:8d:fb:25:93:35:7b:39:88:e8:8e:70: 65:60:e7:97:50:83:a9:80:58:62:a8:02:ac:4e:37:79:42:47:
e9:c8:be:00:c4:f7:a7:67:83:f8:3d:af:8b:71:5b:25:3b:1d: 65:aa:55:ca:7c:9a:9c:bf:6c:36:89:f3:f7:60:d3:30:be:d4:
56:cd:d0:15:86:31:d1:cb:57:3a:00:b5:1c:7c:3e:99:44:ce: ce:f1:af:41:7e:02:75:6e:82:86:96:b9:16:07:15:29:c0:65:
bc:89:a7:78:37:50:ed:a1:b6:16:cd:72:20:c9:1f:60:b2:8a: 4d:2f:13:4f:01:ec:47:f1:af:36:0a:d6:a1:dc:81:57:18:2d:
c5:62:30:26:f0:aa:b6:73:ca:8e:d6:ba:31:0a:21:a2:6e:40: 00:7b:d4:49:88:c0:61:81:0e:cd:a7:39:6a:53:2a:7c:91:3d:
4b:66:30:11 ac:62:8d:49
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
MjE0MjEzMjMwWqAOMAwwCgYDVR0UBAMCAVUwDQYJKoZIhvcNAQEFBQADggEBAE2c MjA3MjAxNDA2WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAEvB
YyICkf5SNZN8tlvohlopok2avNkW4IoEkE2uIQC+nIFbaG6QGv0aN3CFUPIChxw4 aE+AAQ6r/8GPXuU8AXr9nLshs2hzfOncxXCo/Rt0J8KefRGclbn7c6xQu7dKXvHz
9O+dQfVPU2bUwCKAAIJ6CUJJwxzJTJ+S+Wb0IR8kZ0+Dar06GfEEmeowBb+nPb9x RLR8tSEPMkgusgOVpwlrJYfDHZw/j2mRMPvlobImGu2PcwYtvbxy9Li9Y2GQx5Er
rD46uirFBRJT61xv7S1LwPUA4ZVFyWK1iWZLKwH8ZimjCpoFrvefUSqcOxgD7cR8 aFJRRw3WoXm4S7wwV5T6t0mAGh9NqqOLzY9djq2L1tFbwc/yDGAiGYdC20KLqkc2
M2KTMEmrxNEH9BisliQewvo37YLbBmaN+yWTNXs5iOiOcOnIvgDE96dng/g9r4tx TSDry3LOS0gb800L4PhYJ2Vg55dQg6mAWGKoAqxON3lCR2WqVcp8mpy/bDaJ8/dg
WyU7HVbN0BWGMdHLVzoAtRx8PplEzryJp3g3UO2hthbNciDJH2CyisViMCbwqrZz 0zC+1M7xr0F+AnVugoaWuRYHFSnAZU0vE08B7EfxrzYK1qHcgVcYLQB71EmIwGGB
yo7WujEKIaJuQEtmMBE= Ds2nOWpTKnyRPaxijUk=
-----END X509 CRL----- -----END X509 CRL-----

View File

@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
Version 2 (0x1) Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Dec 14 21:32:30 2013 GMT Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions: CRL extensions:
X509v3 CRL Number: X509v3 CRL Number:
86 2
Revoked Certificates: Revoked Certificates:
Serial Number: 02 Serial Number: 02
Revocation Date: Jun 17 21:32:30 2013 GMT Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
87:3b:bb:ac:6b:1a:e8:96:87:6f:a3:8e:39:77:28:01:a7:ea: 10:5d:b1:d0:79:d2:8a:15:2d:40:0b:44:d6:d9:df:58:73:eb:
76:36:c2:48:e2:41:02:3f:f3:f7:64:09:60:91:87:9e:57:74: 55:2c:81:fe:e1:7b:62:48:8f:34:c5:06:51:e5:e8:50:70:8c:
38:a0:c3:20:47:7d:82:4b:2c:34:23:fe:66:dc:2b:3e:8a:a1: 12:ba:e3:6e:fe:7d:0d:ce:44:08:9d:dc:d9:57:43:6c:54:12:
d9:e3:06:ec:75:0f:b1:ef:32:e2:28:ab:7d:40:2c:82:59:74: 82:d4:ed:6c:71:e5:74:44:bd:d1:a8:98:96:63:8b:68:5f:d2:
c9:95:b5:62:a6:6a:8e:34:e6:f6:f8:91:ff:aa:c1:21:93:79: 87:28:dd:99:4f:aa:ba:8e:18:9e:c4:4f:69:9e:66:13:03:28:
cb:6f:dc:be:94:21:b1:c8:dd:9e:b8:fe:ad:e8:50:6e:0d:76: 5f:3c:35:01:15:77:22:7c:ed:c5:4a:67:44:af:85:7f:df:8a:
92:32:54:51:96:cd:c7:be:d2:0f:6f:63:69:5f:b3:28:c1:57: fd:49:8b:e1:be:52:e3:ca:e8:ae:a3:ad:07:91:2c:51:c6:28:
0e:61:f7:62:81:9f:ea:e7:a5:14:89:41:56:63:46:da:bc:d8: 5f:26:17:14:39:5d:4e:21:9f:11:6f:c4:a2:ef:ef:b8:ec:27:
e0:78:44:c6:c7:1a:ab:1b:f1:0b:59:d5:4e:6d:14:bc:16:c2: af:45:ad:b9:ed:e0:14:09:60:a0:50:ee:dd:f7:b1:3e:58:c4:
02:43:06:0b:f4:16:6e:26:8c:36:09:61:0c:53:3f:72:85:64: 0d:e8:b5:0b:a9:0d:98:ad:7c:74:ab:1c:d6:fa:c8:7d:e7:5a:
33:4d:bf:70:44:c8:23:83:c3:51:98:a8:14:f7:b2:03:a1:7b: 3b:91:23:d5:62:ba:d4:e4:be:58:78:fe:09:ba:63:f6:9e:2c:
72:48:4d:24:d0:a8:a9:22:3d:9b:94:bf:24:24:01:6f:2e:4b: 3f:93:c2:fe:de:c5:00:21:50:39:91:ac:71:e6:fc:4a:37:a4:
2b:21:24:8f:64:46:20:79:45:b3:45:1a:4f:93:10:e1:8d:04: e4:e9:5e:e7:ac:8d:95:21:d6:76:aa:10:a8:3c:28:3e:ef:1c:
4c:8d:83:63:96:9f:28:c5:37:0f:10:8e:02:9b:4d:96:8b:ea: 64:58:e9:1e:f6:7e:54:f3:cb:bb:ed:6f:5d:27:5a:b1:4b:91:
a3:31:88:9f 8e:8c:67:7d
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMx GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUw
MjE0MjEzMjMwWjAUMBICAQIXDTEzMDYxNzIxMzIzMFqgDjAMMAoGA1UdFAQDAgFW MjA3MjAxNDA2WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEC
MA0GCSqGSIb3DQEBBQUAA4IBAQCHO7usaxrolodvo445dygBp+p2NsJI4kECP/P3 MA0GCSqGSIb3DQEBBQUAA4IBAQAQXbHQedKKFS1AC0TW2d9Yc+tVLIH+4XtiSI80
ZAlgkYeeV3Q4oMMgR32CSyw0I/5m3Cs+iqHZ4wbsdQ+x7zLiKKt9QCyCWXTJlbVi xQZR5ehQcIwSuuNu/n0NzkQIndzZV0NsVBKC1O1sceV0RL3RqJiWY4toX9KHKN2Z
pmqONOb2+JH/qsEhk3nLb9y+lCGxyN2euP6t6FBuDXaSMlRRls3HvtIPb2NpX7Mo T6q6jhiexE9pnmYTAyhfPDUBFXcifO3FSmdEr4V/34r9SYvhvlLjyuiuo60HkSxR
wVcOYfdigZ/q56UUiUFWY0bavNjgeETGxxqrG/ELWdVObRS8FsICQwYL9BZuJow2 xihfJhcUOV1OIZ8Rb8Si7++47CevRa257eAUCWCgUO7d97E+WMQN6LULqQ2YrXx0
CWEMUz9yhWQzTb9wRMgjg8NRmKgU97IDoXtySE0k0KipIj2blL8kJAFvLksrISSP qxzW+sh951o7kSPVYrrU5L5YeP4JumP2niw/k8L+3sUAIVA5kaxx5vxKN6Tk6V7n
ZEYgeUWzRRpPkxDhjQRMjYNjlp8oxTcPEI4Cm02Wi+qjMYif rI2VIdZ2qhCoPCg+7xxkWOke9n5U88u77W9dJ1qxS5GOjGd9
-----END X509 CRL----- -----END X509 CRL-----

View File

@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
Version 2 (0x1) Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Dec 14 21:32:30 2013 GMT Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions: CRL extensions:
X509v3 CRL Number: X509v3 CRL Number:
88 4
No Revoked Certificates. Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
30:45:02:21:00:eb:6e:1b:5d:f9:43:f9:67:5b:4e:d1:6d:30: 30:44:02:20:10:95:f9:c8:20:bc:7d:ce:79:6d:35:23:4c:82:
c7:c1:57:a3:e6:25:af:87:7a:77:8d:d9:89:47:1d:a4:64:0e: 8c:f5:8b:d1:4f:69:a9:5e:70:97:dd:bb:c2:67:13:46:b0:47:
21:02:20:11:20:49:d5:84:47:fa:12:61:46:ec:b6:db:0e:d0: 02:20:4f:1f:43:c2:cc:63:1c:6e:26:89:2d:e7:ce:69:45:6d:
9d:3d:95:24:4f:a3:43:ab:d0:ad:dd:d9:61:b7:49:e2:5e fb:8f:53:cd:1f:84:0f:93:fe:83:91:69:f2:91:c6:f9
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG MIIBNTCB3gIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
ARYOaW5mb0B5YXNzbC5jb20XDTEzMDYxNzIxMzIzMFoXDTEzMTIxNDIxMzIzMFqg ARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIwNzIwMTQwNlow
DjAMMAoGA1UdFAQDAgFYMAkGByqGSM49BAEDSAAwRQIhAOtuG135Q/lnW07RbTDH FDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBBDAJBgcqhkjOPQQB
wVej5iWvh3p3jdmJRx2kZA4hAiARIEnVhEf6EmFG7LbbDtCdPZUkT6NDq9Ct3dlh A0cAMEQCIBCV+cggvH3OeW01I0yCjPWL0U9pqV5wl927wmcTRrBHAiBPH0PCzGMc
t0niXg== biaJLefOaUVt+49TzR+ED5P+g5Fp8pHG+Q==
-----END X509 CRL----- -----END X509 CRL-----

View File

@ -2,23 +2,25 @@ Certificate Revocation List (CRL):
Version 2 (0x1) Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Jun 17 21:32:30 2013 GMT Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Dec 14 21:32:30 2013 GMT Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions: CRL extensions:
X509v3 CRL Number: X509v3 CRL Number:
89 5
No Revoked Certificates. Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1 Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:0c:78:df:c4:4b:8b:e0:70:15:4f:f6:7d:82:d6: 30:44:02:20:2a:2a:2c:ff:8a:0f:6a:74:57:b8:41:a8:5a:5c:
0d:dd:a5:a0:e2:6a:95:4b:2b:6b:29:14:15:ba:51:0d:e3:1f: 8c:7d:c1:7d:b1:76:a3:db:ff:22:1a:69:cd:80:8d:d5:e4:2a:
02:20:2b:4b:1d:7c:9d:2f:5a:01:3d:9b:c1:94:cd:10:86:fe: 02:20:2d:51:3e:01:5b:79:6c:f4:89:89:63:46:0b:65:44:46:
e2:9d:a0:b2:3c:97:10:ba:a6:56:43:78:b3:92:9b:0b 59:2d:42:3e:ba:a8:6d:08:4a:20:1f:9a:06:cc:a9:65
-----BEGIN X509 CRL----- -----BEGIN X509 CRL-----
MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK MIIBNzCB4AIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNjE3MjEzMjMwWhcNMTMxMjE0MjEzMjMw AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUwMjA3MjAxNDA2
WqAOMAwwCgYDVR0UBAMCAVkwCQYHKoZIzj0EAQNHADBEAiAMeN/ES4vgcBVP9n2C WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEFMAkGByqGSM49
1g3dpaDiapVLK2spFBW6UQ3jHwIgK0sdfJ0vWgE9m8GUzRCG/uKdoLI8lxC6plZD BAEDRwAwRAIgKios/4oPanRXuEGoWlyMfcF9sXaj2/8iGmnNgI3V5CoCIC1RPgFb
eLOSmws= eWz0iYljRgtlREZZLUI+uqhtCEogH5oGzKll
-----END X509 CRL----- -----END X509 CRL-----

View File

@ -5,7 +5,7 @@
# caCrl # caCrl
openssl ca -gencrl -crldays 180 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem openssl ca -gencrl -crldays 365 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# metadata # metadata
openssl crl -in crl.pem -text > tmp openssl crl -in crl.pem -text > tmp
@ -17,7 +17,7 @@ cp crl.pem ~/cyassl/certs/crl/crl.pem
openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# caCrl server revoked generation # caCrl server revoked generation
openssl ca -gencrl -crldays 180 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem openssl ca -gencrl -crldays 365 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
# metadata # metadata
openssl crl -in crl.revoked -text > tmp openssl crl -in crl.revoked -text > tmp
@ -29,7 +29,7 @@ cp crl.revoked ~/cyassl/certs/crl/crl.revoked
cp blank.index.txt demoCA/index.txt cp blank.index.txt demoCA/index.txt
# cliCrl # cliCrl
openssl ca -gencrl -crldays 180 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem openssl ca -gencrl -crldays 365 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
# metadata # metadata
openssl crl -in cliCrl.pem -text > tmp openssl crl -in cliCrl.pem -text > tmp
@ -38,7 +38,7 @@ mv tmp cliCrl.pem
cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
# eccCliCRL # eccCliCRL
openssl ca -gencrl -crldays 180 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem openssl ca -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
# metadata # metadata
openssl crl -in eccCliCRL.pem -text > tmp openssl crl -in eccCliCRL.pem -text > tmp
@ -47,7 +47,7 @@ mv tmp eccCliCRL.pem
cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
# eccSrvCRL # eccSrvCRL
openssl ca -gencrl -crldays 180 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem openssl ca -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
# metadata # metadata
openssl crl -in eccSrvCRL.pem -text > tmp openssl crl -in eccSrvCRL.pem -text > tmp

View File

@ -6,12 +6,10 @@
# #
# #
AC_INIT([cyassl],[2.8.6],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com]) AC_INIT([cyassl],[2.9.1],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
# using $targget_cpu to only turn on fastmath by default on x86_64
AC_CANONICAL_TARGET
AC_CANONICAL_HOST AC_CANONICAL_HOST
AC_CANONICAL_BUILD AC_CANONICAL_BUILD
@ -33,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning #shared library versioning
CYASSL_LIBRARY_VERSION=5:2:0 CYASSL_LIBRARY_VERSION=5:3:0
# | | | # | | |
# +------+ | +---+ # +------+ | +---+
# | | | # | | |
@ -104,7 +102,7 @@ OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL" DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
# Thread local storage # Thread local storage
AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) AX_TLS([AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"], [:])
# DEBUG # DEBUG
AX_DEBUG AX_DEBUG
@ -987,6 +985,19 @@ fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# PWDBASED # PWDBASED
AC_ARG_ENABLE([pwdbased], AC_ARG_ENABLE([pwdbased],
[ --enable-pwdbased Enable PWDBASED (default: disabled)], [ --enable-pwdbased Enable PWDBASED (default: disabled)],
@ -996,9 +1007,9 @@ AC_ARG_ENABLE([pwdbased],
if test "$ENABLED_PWDBASED" = "no" if test "$ENABLED_PWDBASED" = "no"
then then
if test "$ENABLED_OPENSSLEXTRA" = "yes" if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then then
# opensslextra needs pwdbased # opensslextra and webserver needs pwdbased
ENABLED_PWDBASED=yes ENABLED_PWDBASED=yes
else else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
@ -1042,19 +1053,6 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[ --enable-webserver Enable Web Server (default: disabled)],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# Filesystem Build # Filesystem Build
AC_ARG_ENABLE([filesystem], AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: enabled)], [ --enable-filesystem Enable Filesystem support (default: enabled)],
@ -1226,16 +1224,16 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_RENEGOTIATION_INDICATION"
fi fi
# Elliptic Curves Extensions # Supported Elliptic Curves Extensions
AC_ARG_ENABLE([ellipticcurves], AC_ARG_ENABLE([supportedcurves],
[ --enable-ellipticcurves Enable Elliptic Curves (default: disabled)], [ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)],
[ ENABLED_ELLIPTIC_CURVES=$enableval ], [ ENABLED_SUPPORTED_CURVES=$enableval ],
[ ENABLED_ELLIPTIC_CURVES=no ] [ ENABLED_SUPPORTED_CURVES=no ]
) )
if test "x$ENABLED_ELLIPTIC_CURVES" = "xyes" if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ELLIPTIC_CURVES" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
fi fi
# TLS Extensions # TLS Extensions
@ -1251,8 +1249,8 @@ then
ENABLED_MAX_FRAGMENT=yes ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes ENABLED_TRUNCATED_HMAC=yes
ENABLED_RENEGOTIATION_INDICATION=yes ENABLED_RENEGOTIATION_INDICATION=yes
ENABLED_ELLIPTIC_CURVES=yes ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_ELLIPTIC_CURVES" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_RENEGOTIATION_INDICATION -DHAVE_SUPPORTED_CURVES"
fi fi
# PKCS7 # PKCS7
@ -1340,10 +1338,39 @@ then
fi fi
# Certificate Service Support
AC_ARG_ENABLE([certservice],
[ --enable-certservice Enable cert service (default: disabled)],
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
# Requires ecc,certgen, and opensslextra make sure on
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DCYASSL_CERT_GEN"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DCYASSL_HAVE_CERT_SERVICE"
fi
# set fastmath default # set fastmath default
FASTMATH_DEFAULT=no FASTMATH_DEFAULT=no
if test "$target_cpu" = "x86_64" if test "$host_cpu" = "x86_64"
then then
FASTMATH_DEFAULT=yes FASTMATH_DEFAULT=yes
fi fi
@ -1398,7 +1425,6 @@ AC_ARG_ENABLE([examples],
[ ENABLED_EXAMPLES=yes ] [ ENABLED_EXAMPLES=yes ]
) )
AS_IF([test "x$ENABLED_SINGLETHREADED" = "xyes"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"]) AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
# certs still have sha signatures for now # certs still have sha signatures for now
@ -1527,16 +1553,6 @@ then
fi fi
LIB_SOCKET_NSL LIB_SOCKET_NSL
AC_ARG_ENABLE([gcc-hardening],
AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
[if test x$enableval = xyes; then
AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
AM_CFLAGS="$AM_CFLAGS -fwrapv -fPIE -Wstack-protector"
AM_CFLAGS="$AM_CFLAGS --param ssp-buffer-size=1"
LDFLAGS="$LDFLAGS -pie"
fi])
AX_HARDEN_CC_COMPILER_FLAGS AX_HARDEN_CC_COMPILER_FLAGS
# link to ws2_32 if on mingw # link to ws2_32 if on mingw
@ -1624,9 +1640,9 @@ echo ""
echo " * Installation prefix: $prefix" echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os" echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu" echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC_VERSION" echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS" echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX_VERSION" echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS" echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS" echo " * CPP Flags: $CPPFLAGS"
echo " * LIB Flags: $LIB" echo " * LIB Flags: $LIB"
@ -1689,7 +1705,7 @@ echo " * SNI: $ENABLED_SNI"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Elliptic Curves: $ENABLED_ELLIPTIC_CURVES" echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * All TLS Extensions: $ENABLED_TLSX" echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7" echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP" echo " * wolfSCEP $ENABLED_WOLFSCEP"

View File

@ -219,27 +219,27 @@ int benchmark_test(void *args)
#ifdef BENCH_EMBEDDED #ifdef BENCH_EMBEDDED
const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */ static const int numBlocks = 25; /* how many kB/megs to test (en/de)cryption */
const char blockType[] = "kB"; /* used in printf output */ static const char blockType[] = "kB"; /* used in printf output */
const int ntimes = 1; /* public key iterations */ static const int ntimes = 1; /* public key iterations */
const int genTimes = 5; static const int genTimes = 5;
const int agreeTimes = 5; static const int agreeTimes = 5;
#else #else
const int numBlocks = 5; static const int numBlocks = 5;
const char blockType[] = "megs"; static const char blockType[] = "megs";
const int ntimes = 100; static const int ntimes = 100;
const int genTimes = 100; static const int genTimes = 100;
const int agreeTimes = 100; static const int agreeTimes = 100;
#endif #endif
const byte key[] = static const byte key[] =
{ {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
}; };
const byte iv[] = static const byte iv[] =
{ {
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
@ -250,11 +250,11 @@ const byte iv[] =
/* use kB instead of mB for embedded benchmarking */ /* use kB instead of mB for embedded benchmarking */
#ifdef BENCH_EMBEDDED #ifdef BENCH_EMBEDDED
byte plain [1024]; static byte plain [1024];
byte cipher[1024]; static byte cipher[1024];
#else #else
byte plain [1024*1024]; static byte plain [1024*1024];
byte cipher[1024*1024]; static byte cipher[1024*1024];
#endif #endif
@ -294,8 +294,10 @@ void bench_aes(int show)
#endif #endif
byte additional[13]; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
byte tag[16]; static byte additional[13];
static byte tag[16];
#endif
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@ -675,7 +677,7 @@ void bench_blake2(void)
#if !defined(NO_RSA) || !defined(NO_DH) \ #if !defined(NO_RSA) || !defined(NO_DH) \
|| defined(CYASSL_KEYGEN) || defined(HAVE_ECC) || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
RNG rng; static RNG rng;
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
@ -684,7 +686,7 @@ RNG rng;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
defined(CYASSL_MDK_SHELL) defined(CYASSL_MDK_SHELL)
static char *certRSAname = "certs/rsa2048.der" ; static char *certRSAname = "certs/rsa2048.der" ;
void set_Bench_RSA_File(char * cert) { certRSAname = cert ; } static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; }
/* set by shell command */ /* set by shell command */
#elif defined(CYASSL_MDK_SHELL) #elif defined(CYASSL_MDK_SHELL)
/* nothing */ /* nothing */
@ -798,7 +800,7 @@ void bench_dh(void)
int i, ret; int i, ret;
byte tmp[1024]; byte tmp[1024];
size_t bytes; size_t bytes;
word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz; word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
byte pub[256]; /* for 2048 bit */ byte pub[256]; /* for 2048 bit */
byte priv[256]; /* for 2048 bit */ byte priv[256]; /* for 2048 bit */
@ -954,7 +956,7 @@ void bench_eccKeyAgree(void)
byte shared[1024]; byte shared[1024];
byte sig[1024]; byte sig[1024];
byte digest[32]; byte digest[32];
word32 x; word32 x = 0;
ecc_init(&genKey); ecc_init(&genKey);
ecc_init(&genKey2); ecc_init(&genKey2);
@ -996,7 +998,7 @@ void bench_eccKeyAgree(void)
/* make dummy digest */ /* make dummy digest */
for (i = 0; i < (int)sizeof(digest); i++) for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = i; digest[i] = (byte)i;
start = current_time(1); start = current_time(1);

View File

@ -318,6 +318,36 @@ __asm__( \
#define LOOP_START \ #define LOOP_START \
mu = c[x] * mp mu = c[x] * mp
#ifdef __thumb__
#define INNERMUL \
__asm__( \
" LDR r0,%1 \n\t" \
" ADDS r0,r0,%0 \n\t" \
" ITE CS \n\t" \
" MOVCS %0,#1 \n\t" \
" MOVCC %0,#0 \n\t" \
" UMLAL r0,%0,%3,%4 \n\t" \
" STR r0,%1 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"m"(_c[0]):"r0","cc");
#define PROPCARRY \
__asm__( \
" LDR r0,%1 \n\t" \
" ADDS r0,r0,%0 \n\t" \
" STR r0,%1 \n\t" \
" ITE CS \n\t" \
" MOVCS %0,#1 \n\t" \
" MOVCC %0,#0 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"m"(_c[0]):"r0","cc");
/* TAO thumb mode uses ite (if then else) to detect carry directly
* fixed unmatched constraint warning by changing 1 to m */
#else /* __thumb__ */
#define INNERMUL \ #define INNERMUL \
__asm__( \ __asm__( \
" LDR r0,%1 \n\t" \ " LDR r0,%1 \n\t" \
@ -337,6 +367,8 @@ __asm__( \
" MOVCC %0,#0 \n\t" \ " MOVCC %0,#0 \n\t" \
:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc"); :"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");
#endif /* __thumb__ */
#elif defined(TFM_PPC32) #elif defined(TFM_PPC32)
/* PPC32 */ /* PPC32 */
@ -725,9 +757,11 @@ __asm__( \
#define SQRADDSC(i, j) \ #define SQRADDSC(i, j) \
__asm__( \ __asm__( \
" UMULL %0,%1,%6,%7 \n\t" \ " UMULL %0,%1,%3,%4 \n\t" \
" SUB %2,%2,%2 \n\t" \ " SUB %2,%2,%2 \n\t" \
:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "cc"); :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "r"(i), "r"(j) : "cc");
/* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */
#define SQRADDAC(i, j) \ #define SQRADDAC(i, j) \
__asm__( \ __asm__( \

View File

@ -1519,8 +1519,9 @@ static int GetKey(DecodedCert* cert)
XMEMCPY(cert->publicKey, keyBlob, keyLen); XMEMCPY(cert->publicKey, keyBlob, keyLen);
cert->pubKeyStored = 1; cert->pubKeyStored = 1;
cert->pubKeySize = keyLen; cert->pubKeySize = keyLen;
return 0;
} }
break;
#endif /* HAVE_NTRU */ #endif /* HAVE_NTRU */
#ifdef HAVE_ECC #ifdef HAVE_ECC
case ECDSAk: case ECDSAk:
@ -1566,14 +1567,13 @@ static int GetKey(DecodedCert* cert)
cert->pubKeySize = length; cert->pubKeySize = length;
cert->srcIdx += length; cert->srcIdx += length;
return 0;
} }
break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
default: default:
return ASN_UNKNOWN_OID_E; return ASN_UNKNOWN_OID_E;
} }
return 0;
} }
@ -3084,6 +3084,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
{ {
word32 idx = 0; word32 idx = 0;
int length = 0; int length = 0;
byte b;
word32 oid; word32 oid;
CYASSL_ENTER("DecodeAuthInfo"); CYASSL_ENTER("DecodeAuthInfo");
@ -3091,35 +3092,26 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
/* Unwrap the list of AIAs */ /* Unwrap the list of AIAs */
if (GetSequence(input, &idx, &length, sz) < 0) return; if (GetSequence(input, &idx, &length, sz) < 0) return;
/* Unwrap a single AIA */ while (idx < (word32)sz) {
if (GetSequence(input, &idx, &length, sz) < 0) return; /* Unwrap a single AIA */
if (GetSequence(input, &idx, &length, sz) < 0) return;
oid = 0; oid = 0;
if (GetObjectId(input, &idx, &oid, sz) < 0) return; if (GetObjectId(input, &idx, &oid, sz) < 0) return;
/* Only supporting URIs right now. */ /* Only supporting URIs right now. */
if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) b = input[idx++];
{
idx++;
if (GetLength(input, &idx, &length, sz) < 0) return; if (GetLength(input, &idx, &length, sz) < 0) return;
cert->extAuthInfoSz = length; if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) &&
cert->extAuthInfo = input + idx; oid == AIA_OCSP_OID)
{
cert->extAuthInfoSz = length;
cert->extAuthInfo = input + idx;
break;
}
idx += length; idx += length;
} }
else
{
/* Skip anything else. */
idx++;
if (GetLength(input, &idx, &length, sz) < 0) return;
idx += length;
}
if (idx < (word32)sz)
{
CYASSL_MSG("\tThere are more Authority Information Access records, "
"but we only use first one.");
}
return; return;
} }
@ -3224,11 +3216,11 @@ static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
length--; length--;
if (length == 2) { if (length == 2) {
cert->extKeyUsage = (input[idx] << 8) | input[idx+1]; cert->extKeyUsage = (word16)((input[idx] << 8) | input[idx+1]);
cert->extKeyUsage >>= unusedBits; cert->extKeyUsage >>= unusedBits;
} }
else if (length == 1) else if (length == 1)
cert->extKeyUsage = (input[idx] << 1); cert->extKeyUsage = (word16)(input[idx] << 1);
return; return;
} }
@ -3290,9 +3282,7 @@ static void DecodeCertExtensions(DecodedCert* cert)
byte* input = cert->extensions; byte* input = cert->extensions;
int length; int length;
word32 oid; word32 oid;
byte critical; byte critical = 0;
(void)critical;
CYASSL_ENTER("DecodeCertExtensions"); CYASSL_ENTER("DecodeCertExtensions");
@ -3405,7 +3395,6 @@ static void DecodeCertExtensions(DecodedCert* cert)
} }
idx += length; idx += length;
} }
(void)critical;
CYASSL_LEAVE("DecodeCertExtensions", 0); CYASSL_LEAVE("DecodeCertExtensions", 0);
return; return;
@ -3432,7 +3421,8 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
cert->subjectCNStored = 1; cert->subjectCNStored = 1;
} }
if (cert->keyOID == RSAk && cert->pubKeySize > 0) { if (cert->keyOID == RSAk &&
cert->publicKey != NULL && cert->pubKeySize > 0) {
ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap, ptr = (char*) XMALLOC(cert->pubKeySize, cert->heap,
DYNAMIC_TYPE_PUBLIC_KEY); DYNAMIC_TYPE_PUBLIC_KEY);
if (ptr == NULL) if (ptr == NULL)

View File

@ -95,9 +95,9 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B]; e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B]; e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
b1 = (e1 << 2) | (e2 >> 4); b1 = (byte)((e1 << 2) | (e2 >> 4));
b2 = ((e2 & 0xF) << 4) | (e3 >> 2); b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
b3 = ((e3 & 0x3) << 6) | e4; b3 = (byte)(((e3 & 0x3) << 6) | e4);
out[i++] = b1; out[i++] = b1;
if (!pad3) if (!pad3)
@ -251,8 +251,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
/* encoded idx */ /* encoded idx */
byte e1 = b1 >> 2; byte e1 = b1 >> 2;
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4); byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
byte e3 = ((b2 & 0xF) << 2) | (b3 >> 6); byte e3 = (byte)(((b2 & 0xF) << 2) | (b3 >> 6));
byte e4 = b3 & 0x3F; byte e4 = b3 & 0x3F;
/* store */ /* store */
@ -281,8 +281,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
byte b2 = (twoBytes) ? in[j++] : 0; byte b2 = (twoBytes) ? in[j++] : 0;
byte e1 = b1 >> 2; byte e1 = b1 >> 2;
byte e2 = ((b1 & 0x3) << 4) | (b2 >> 4); byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
byte e3 = (b2 & 0xF) << 2; byte e3 = (byte)((b2 & 0xF) << 2);
ret = CEscape(escaped, e1, out, &i, *outLen, 0); ret = CEscape(escaped, e1, out, &i, *outLen, 0);
if (ret == 0) if (ret == 0)
@ -375,7 +375,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
if (b == BAD || b2 == BAD) if (b == BAD || b2 == BAD)
return ASN_INPUT_E; return ASN_INPUT_E;
out[outIdx++] = (b << 4) | b2; out[outIdx++] = (byte)((b << 4) | b2);
inLen -= 2; inLen -= 2;
} }

View File

@ -633,7 +633,7 @@ static const int bytebit[] = {
0200,0100,040,020,010,04,02,01 0200,0100,040,020,010,04,02,01
}; };
const word32 Spbox[8][64] = { static const word32 Spbox[8][64] = {
{ {
0x01010400,0x00000000,0x00010000,0x01010404, 0x01010400,0x00000000,0x00010000,0x01010404,
0x01010004,0x00010404,0x00000004,0x00010000, 0x01010004,0x00010404,0x00000004,0x00010000,

View File

@ -971,7 +971,8 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
mp_int mu; mp_int mu;
mp_digit mp; mp_digit mp;
unsigned long buf; unsigned long buf;
int first, bitbuf, bitcpy, bitcnt, mode, digidx; int first = 1, bitbuf = 0, bitcpy = 0, bitcnt = 0, mode = 0,
digidx = 0;
if (k == NULL || G == NULL || R == NULL || modulus == NULL) if (k == NULL || G == NULL || R == NULL || modulus == NULL)
return ECC_BAD_ARG_E; return ECC_BAD_ARG_E;

View File

@ -86,7 +86,6 @@ static int InitHmac(Hmac* hmac, int type)
default: default:
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
break;
} }
return 0; return 0;

View File

@ -161,7 +161,7 @@ void Md4Update(Md4* md4, const byte* data, word32 len)
if (md4->buffLen == MD4_BLOCK_SIZE) { if (md4->buffLen == MD4_BLOCK_SIZE) {
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE); ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif #endif
Transform(md4); Transform(md4);
AddLength(md4, MD4_BLOCK_SIZE); AddLength(md4, MD4_BLOCK_SIZE);
@ -185,7 +185,7 @@ void Md4Final(Md4* md4, byte* hash)
md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen; md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen;
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE); ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif #endif
Transform(md4); Transform(md4);
md4->buffLen = 0; md4->buffLen = 0;
@ -199,7 +199,7 @@ void Md4Final(Md4* md4, byte* hash)
/* store lengths */ /* store lengths */
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, MD4_BLOCK_SIZE); ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE);
#endif #endif
/* ! length ordering dependent on digest endian type ! */ /* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32)); XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32));

View File

@ -300,7 +300,7 @@ void Md5Update(Md5* md5, const byte* data, word32 len)
if (md5->buffLen == MD5_BLOCK_SIZE) { if (md5->buffLen == MD5_BLOCK_SIZE) {
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE); ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif #endif
XTRANSFORM(md5, local); XTRANSFORM(md5, local);
AddLength(md5, MD5_BLOCK_SIZE); AddLength(md5, MD5_BLOCK_SIZE);
@ -324,7 +324,7 @@ void Md5Final(Md5* md5, byte* hash)
md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen; md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE); ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif #endif
XTRANSFORM(md5, local); XTRANSFORM(md5, local);
md5->buffLen = 0; md5->buffLen = 0;
@ -338,7 +338,7 @@ void Md5Final(Md5* md5, byte* hash)
/* store lengths */ /* store lengths */
#if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, MD5_BLOCK_SIZE); ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
#endif #endif
/* ! length ordering dependent on digest endian type ! */ /* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32)); XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));

View File

@ -146,15 +146,6 @@ STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
#endif /* WORD64_AVAILABLE */ #endif /* WORD64_AVAILABLE */
STATIC INLINE void ByteReverseBytes(byte* out, const byte* in, word32 byteCount)
{
word32* op = (word32*)out;
const word32* ip = (const word32*)in;
ByteReverseWords(op, ip, byteCount);
}
STATIC INLINE void XorWords(word* r, const word* a, word32 n) STATIC INLINE void XorWords(word* r, const word* a, word32 n)
{ {
word32 i; word32 i;
@ -163,13 +154,16 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)
} }
STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count) STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
{ {
if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0) if (((word)buf | (word)mask | count) % CYASSL_WORD_SIZE == 0)
XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE); XorWords( (word*)buf, (const word*)mask, count / CYASSL_WORD_SIZE);
else { else {
word32 i; word32 i;
for (i = 0; i < count; i++) buf[i] ^= mask[i]; byte* b = (byte*)buf;
const byte* m = (const byte*)mask;
for (i = 0; i < count; i++) b[i] ^= m[i];
} }
} }
#undef STATIC #undef STATIC

View File

@ -631,6 +631,18 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0; return 0;
} }
#elif defined(CYASSL_TYTO)
int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
for (i = 0; i < sz; i++ )
output[i] = rand_gen();
return 0;
}
#elif defined(NO_DEV_RANDOM) #elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific GenerateSeed() here" #error "you need to write an os specific GenerateSeed() here"

View File

@ -295,7 +295,8 @@ void RipeMdUpdate(RipeMd* ripemd, const byte* data, word32 len)
if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) { if (ripemd->buffLen == RIPEMD_BLOCK_SIZE) {
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE); ByteReverseWords(ripemd->buffer, ripemd->buffer,
RIPEMD_BLOCK_SIZE);
#endif #endif
Transform(ripemd); Transform(ripemd);
AddLength(ripemd, RIPEMD_BLOCK_SIZE); AddLength(ripemd, RIPEMD_BLOCK_SIZE);
@ -319,7 +320,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen; ripemd->buffLen += RIPEMD_BLOCK_SIZE - ripemd->buffLen;
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE); ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
#endif #endif
Transform(ripemd); Transform(ripemd);
ripemd->buffLen = 0; ripemd->buffLen = 0;
@ -333,7 +334,7 @@ void RipeMdFinal(RipeMd* ripemd, byte* hash)
/* store lengths */ /* store lengths */
#ifdef BIG_ENDIAN_ORDER #ifdef BIG_ENDIAN_ORDER
ByteReverseBytes(local, local, RIPEMD_BLOCK_SIZE); ByteReverseWords(ripemd->buffer, ripemd->buffer, RIPEMD_BLOCK_SIZE);
#endif #endif
/* ! length ordering dependent on digest endian type ! */ /* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32)); XMEMCPY(&local[RIPEMD_PAD_SIZE], &ripemd->loLen, sizeof(word32));

View File

@ -311,7 +311,7 @@ void ShaUpdate(Sha* sha, const byte* data, word32 len)
if (sha->buffLen == SHA_BLOCK_SIZE) { if (sha->buffLen == SHA_BLOCK_SIZE) {
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE); ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif #endif
XTRANSFORM(sha, local); XTRANSFORM(sha, local);
AddLength(sha, SHA_BLOCK_SIZE); AddLength(sha, SHA_BLOCK_SIZE);
@ -335,7 +335,7 @@ void ShaFinal(Sha* sha, byte* hash)
sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen; sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE); ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif #endif
XTRANSFORM(sha, local); XTRANSFORM(sha, local);
sha->buffLen = 0; sha->buffLen = 0;
@ -349,7 +349,7 @@ void ShaFinal(Sha* sha, byte* hash)
/* store lengths */ /* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA_BLOCK_SIZE); ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
#endif #endif
/* ! length ordering dependent on digest endian type ! */ /* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32)); XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
@ -357,8 +357,9 @@ void ShaFinal(Sha* sha, byte* hash)
#ifdef FREESCALE_MMCAU #ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */ /* Kinetis requires only these bytes reversed */
ByteReverseBytes(&local[SHA_PAD_SIZE], &local[SHA_PAD_SIZE], ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32)); &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif #endif
XTRANSFORM(sha, local); XTRANSFORM(sha, local);

View File

@ -167,7 +167,8 @@ void Sha256Update(Sha256* sha256, const byte* data, word32 len)
if (sha256->buffLen == SHA256_BLOCK_SIZE) { if (sha256->buffLen == SHA256_BLOCK_SIZE) {
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); ByteReverseWords(sha256->buffer, sha256->buffer,
SHA256_BLOCK_SIZE);
#endif #endif
XTRANSFORM(sha256, local); XTRANSFORM(sha256, local);
AddLength(sha256, SHA256_BLOCK_SIZE); AddLength(sha256, SHA256_BLOCK_SIZE);
@ -191,7 +192,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen; sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif #endif
XTRANSFORM(sha256, local); XTRANSFORM(sha256, local);
sha256->buffLen = 0; sha256->buffLen = 0;
@ -205,7 +206,7 @@ void Sha256Final(Sha256* sha256, byte* hash)
/* store lengths */ /* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU) #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseBytes(local, local, SHA256_BLOCK_SIZE); ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif #endif
/* ! length ordering dependent on digest endian type ! */ /* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32)); XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
@ -214,8 +215,9 @@ void Sha256Final(Sha256* sha256, byte* hash)
#ifdef FREESCALE_MMCAU #ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */ /* Kinetis requires only these bytes reversed */
ByteReverseBytes(&local[SHA256_PAD_SIZE], &local[SHA256_PAD_SIZE], ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32)); &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif #endif
XTRANSFORM(sha256, local); XTRANSFORM(sha256, local);

View File

@ -2402,7 +2402,7 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* chars used in radix conversions */ /* chars used in radix conversions */
const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
static int fp_read_radix(fp_int *a, const char *str, int radix) static int fp_read_radix(fp_int *a, const char *str, int radix)
{ {

View File

@ -121,7 +121,9 @@
#define printf dc_log_printf #define printf dc_log_printf
#endif #endif
#include "ctaocrypt/test/test.h" #ifndef CYASSL_TYTO
#include "ctaocrypt/test/test.h"
#endif
typedef struct testVector { typedef struct testVector {
@ -2410,10 +2412,6 @@ int camellia_test(void)
{CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125} {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
}; };
if ((sizeof(pte) != CAMELLIA_BLOCK_SIZE) ||
(sizeof(ptc) != CAMELLIA_BLOCK_SIZE))
return -113;
testsSz = sizeof(testVectors)/sizeof(test_vector_t); testsSz = sizeof(testVectors)/sizeof(test_vector_t);
for (i = 0; i < testsSz; i++) { for (i = 0; i < testsSz; i++) {
CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
@ -3786,7 +3784,7 @@ int ecc_test(void)
/* test DSA sign hash */ /* test DSA sign hash */
for (i = 0; i < (int)sizeof(digest); i++) for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = i; digest[i] = (byte)i;
x = sizeof(sig); x = sizeof(sig);
ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA);

View File

@ -227,6 +227,11 @@ enum SepHardwareName_Sum {
HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
}; };
enum AuthInfo_Sum {
AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
};
enum VerifyType { enum VerifyType {
NO_VERIFY = 0, NO_VERIFY = 0,

View File

@ -42,13 +42,11 @@ CYASSL_LOCAL
word32 ByteReverseWord32(word32); word32 ByteReverseWord32(word32);
CYASSL_LOCAL CYASSL_LOCAL
void ByteReverseWords(word32*, const word32*, word32); void ByteReverseWords(word32*, const word32*, word32);
CYASSL_LOCAL
void ByteReverseBytes(byte*, const byte*, word32);
CYASSL_LOCAL CYASSL_LOCAL
void XorWords(word*, const word*, word32); void XorWords(word*, const word*, word32);
CYASSL_LOCAL CYASSL_LOCAL
void xorbuf(byte*, const byte*, word32); void xorbuf(void*, const void*, word32);
#ifdef WORD64_AVAILABLE #ifdef WORD64_AVAILABLE
CYASSL_LOCAL CYASSL_LOCAL

View File

@ -111,6 +111,77 @@ CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*); CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
/* filesystem abstraction layer, used by ssl.c */
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
#endif /* NO_FILESYSTEM */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

View File

@ -167,13 +167,25 @@
#define NO_FILESYSTEM #define NO_FILESYSTEM
#define CYASSL_USER_IO #define CYASSL_USER_IO
#define NO_DEV_RANDOM #define NO_DEV_RANDOM
#define HAVE_HKDF
#define NO_MAIN_DRIVER
#define CYASSL_LWIP
/* ECC and optimizations */
#define FREESCALE_MMCAU 1
#define HAVE_ECC #define HAVE_ECC
#define HAVE_ECC_ENCRYPT #define HAVE_ECC_ENCRYPT
#define ECC_SHAMIR
#define HAVE_HKDF
#define USE_FAST_MATH #define USE_FAST_MATH
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
#define TFM_ECC256
#define TFM_ARM
#define ECC_SHAMIR
#define FP_ECC
#define FP_ENTRIES 2
#define FP_LUT 4
#define FP_MAX_BITS 512 #define FP_MAX_BITS 512
/* remove features */
#define NO_OLD_TLS #define NO_OLD_TLS
#define NO_MD4 #define NO_MD4
#define NO_RABBIT #define NO_RABBIT

View File

@ -211,7 +211,9 @@ enum {
#endif #endif
#ifndef CTYPE_USER #ifndef CTYPE_USER
#include <ctype.h> #ifndef CYASSL_TYTO
#include <ctype.h>
#endif
#if defined(HAVE_ECC) || defined(HAVE_OCSP) #if defined(HAVE_ECC) || defined(HAVE_OCSP)
#define XTOUPPER(c) toupper((c)) #define XTOUPPER(c) toupper((c))
#define XISALPHA(c) isalpha((c)) #define XISALPHA(c) isalpha((c))

View File

@ -599,7 +599,9 @@ enum Misc {
COOKIE_SZ = 20, /* use a 20 byte cookie */ COOKIE_SZ = 20, /* use a 20 byte cookie */
SUITE_LEN = 2, /* cipher suite sz length */ SUITE_LEN = 2, /* cipher suite sz length */
ENUM_LEN = 1, /* always a byte */ ENUM_LEN = 1, /* always a byte */
OPAQUE16_LEN = 2, /* always 2 bytes */ OPAQUE8_LEN = 1, /* 1 byte */
OPAQUE16_LEN = 2, /* 2 bytes */
OPAQUE24_LEN = 3, /* 3 bytes */
COMP_LEN = 1, /* compression length */ COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */ CURVE_LEN = 2, /* ecc named curve length */
SERVER_ID_LEN = 20, /* server session id length */ SERVER_ID_LEN = 20, /* server session id length */
@ -1004,6 +1006,7 @@ struct OCSP_Entry {
struct CYASSL_OCSP { struct CYASSL_OCSP {
CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */ CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
OCSP_Entry* ocspList; /* OCSP response list */ OCSP_Entry* ocspList; /* OCSP response list */
CyaSSL_Mutex ocspLock; /* OCSP list lock */
}; };
#ifndef MAX_DATE_SIZE #ifndef MAX_DATE_SIZE
@ -1182,7 +1185,7 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
typedef struct EllipticCurve { typedef struct EllipticCurve {
word16 name; /* CurveNames */ word16 name; /* CurveNames */
@ -1190,14 +1193,14 @@ typedef struct EllipticCurve {
} EllipticCurve; } EllipticCurve;
CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name); CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
byte second); byte second);
#endif #endif
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_TLS_EXTENSIONS */ #endif /* HAVE_TLS_EXTENSIONS */

View File

@ -619,7 +619,7 @@ enum {
/* extras end */ /* extras end */
#ifndef NO_FILESYSTEM #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* CyaSSL extension, provide last error from SSL_get_error /* CyaSSL extension, provide last error from SSL_get_error
since not using thread storage error queue */ since not using thread storage error queue */
CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err); CYASSL_API void CyaSSL_ERR_print_errors_fp(FILE*, int err);
@ -824,8 +824,10 @@ CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
CYASSL_API CYASSL_X509* CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len); CyaSSL_X509_d2i(CYASSL_X509** x509, const unsigned char* in, int len);
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
CYASSL_API CYASSL_X509* #ifndef NO_STDIO_FILESYSTEM
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file); CYASSL_API CYASSL_X509*
CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
#endif
CYASSL_API CYASSL_X509* CYASSL_API CYASSL_X509*
CyaSSL_X509_load_certificate_file(const char* fname, int format); CyaSSL_X509_load_certificate_file(const char* fname, int format);
#endif #endif
@ -1244,7 +1246,7 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */ /* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
enum { enum {
CYASSL_ECC_SECP160R1 = 0x10, CYASSL_ECC_SECP160R1 = 0x10,
@ -1257,12 +1259,12 @@ enum {
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name); CYASSL_API int CyaSSL_UseSupportedCurve(CYASSL* ssl, unsigned short name);
CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, CYASSL_API int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx,
unsigned short name); unsigned short name);
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
#define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */
@ -1287,9 +1289,13 @@ CYASSL_API int CyaSSL_accept_ex(CYASSL*, HandShakeCallBack, TimeoutCallBack,
#ifdef CYASSL_HAVE_WOLFSCEP #ifdef CYASSL_HAVE_WOLFSCEP
CYASSL_API void CyaSSL_wolfSCEP(void); CYASSL_API void CyaSSL_wolfSCEP(void);
#endif /* CYASSL_HAVE_WOLFSCEP */ #endif /* CYASSL_HAVE_WOLFSCEP */
#ifdef CYASSL_HAVE_CERT_SERVICE
CYASSL_API void CyaSSL_cert_service(void);
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

View File

@ -167,8 +167,8 @@
#define crlPemDir "./certs/crl" #define crlPemDir "./certs/crl"
typedef struct tcp_ready { typedef struct tcp_ready {
int ready; /* predicate */ word16 ready; /* predicate */
int port; word16 port;
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_t mutex; pthread_mutex_t mutex;
pthread_cond_t cond; pthread_cond_t cond;
@ -290,7 +290,7 @@ static INLINE int mygetopt(int argc, char** argv, const char* optstring)
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
{ {
@ -566,7 +566,7 @@ static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
#endif /* !CYASSL_MDK_ARM */ #endif /* !CYASSL_MDK_ARM */
static INLINE void tcp_listen(SOCKET_T* sockfd, int* port, int useAnyAddr, static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
int udp) int udp)
{ {
SOCKADDR_IN_T addr; SOCKADDR_IN_T addr;
@ -628,7 +628,7 @@ static INLINE int udp_read_connect(SOCKET_T sockfd)
} }
static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
int useAnyAddr, int port, func_args* args) int useAnyAddr, word16 port, func_args* args)
{ {
SOCKADDR_IN_T addr; SOCKADDR_IN_T addr;
@ -679,7 +679,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
} }
static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
func_args* args, int port, int useAnyAddr, func_args* args, word16 port, int useAnyAddr,
int udp) int udp)
{ {
SOCKADDR_IN_T client; SOCKADDR_IN_T client;
@ -1154,7 +1154,8 @@ static INLINE int CurrentDir(const char* str)
if (ptr == NULL) if (ptr == NULL)
return; return;
mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); mt = (memoryTrack*)ptr;
--mt; /* same as minus sizeof(memoryTrack), removes header */
#ifdef DO_MEM_STATS #ifdef DO_MEM_STATS
ourMemStats.currentBytes -= mt->u.hint.thisSize; ourMemStats.currentBytes -= mt->u.hint.thisSize;
@ -1170,7 +1171,8 @@ static INLINE int CurrentDir(const char* str)
if (ptr) { if (ptr) {
/* if realloc is bigger, don't overread old ptr */ /* if realloc is bigger, don't overread old ptr */
memoryTrack* mt = (memoryTrack*)((byte*)ptr - sizeof(memoryTrack)); memoryTrack* mt = (memoryTrack*)ptr;
--mt; /* same as minus sizeof(memoryTrack), removes header */
if (mt->u.hint.thisSize < sz) if (mt->u.hint.thisSize < sz)
sz = mt->u.hint.thisSize; sz = mt->u.hint.thisSize;

View File

@ -26,8 +26,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBCYASSL_VERSION_STRING "2.8.6" #define LIBCYASSL_VERSION_STRING "2.9.1"
#define LIBCYASSL_VERSION_HEX 0x02008006 #define LIBCYASSL_VERSION_HEX 0x02009001
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -137,7 +137,7 @@ static void Usage(void)
#ifdef HAVE_SNI #ifdef HAVE_SNI
printf("-S <str> Use Host Name Indication\n"); printf("-S <str> Use Host Name Indication\n");
#endif #endif
#ifdef HAVE_MAXFRAGMENT #ifdef HAVE_MAX_FRAGMENT
printf("-L <num> Use Maximum Fragment Length [1-5]\n"); printf("-L <num> Use Maximum Fragment Length [1-5]\n");
#endif #endif
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
@ -178,7 +178,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
int input; int input;
int msgSz = (int)strlen(msg); int msgSz = (int)strlen(msg);
int port = yasslPort; word16 port = yasslPort;
char* host = (char*)yasslIP; char* host = (char*)yasslIP;
char* domain = (char*)"www.yassl.com"; char* domain = (char*)"www.yassl.com";
@ -296,7 +296,7 @@ THREAD_RETURN CYASSL_THREAD client_test(void* args)
break; break;
case 'p' : case 'p' :
port = atoi(myoptarg); port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0) if (port == 0)
err_sys("port number cannot be 0"); err_sys("port number cannot be 0");
@ -495,7 +495,7 @@ SWITCH_STAT {
useClientCert = 0; useClientCert = 0;
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif

View File

@ -60,7 +60,7 @@ void echoclient_test(void* args)
int sendSz; int sendSz;
int argc = 0; int argc = 0;
char** argv = 0; char** argv = 0;
int port = yasslPort; word16 port = yasslPort;
((func_args*)args)->return_code = -1; /* error state */ ((func_args*)args)->return_code = -1; /* error state */
@ -139,7 +139,7 @@ void echoclient_test(void* args)
#endif #endif
} }
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif

View File

@ -48,7 +48,7 @@
#define SVR_COMMAND_SIZE 256 #define SVR_COMMAND_SIZE 256
static void SignalReady(void* args, int port) static void SignalReady(void* args, word16 port)
{ {
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
/* signal ready to tcp_accept */ /* signal ready to tcp_accept */
@ -76,7 +76,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int outCreated = 0; int outCreated = 0;
int shutDown = 0; int shutDown = 0;
int useAnyAddr = 0; int useAnyAddr = 0;
int port = yasslPort; word16 port = yasslPort;
int argc = ((func_args*)args)->argc; int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv; char** argv = ((func_args*)args)->argv;
@ -125,7 +125,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
ctx = CyaSSL_CTX_new(method); ctx = CyaSSL_CTX_new(method);
/* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */ /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif

View File

@ -153,7 +153,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int version = SERVER_DEFAULT_VERSION; int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1; int doCliCertCheck = 1;
int useAnyAddr = 0; int useAnyAddr = 0;
int port = yasslPort; word16 port = yasslPort;
int usePsk = 0; int usePsk = 0;
int doDTLS = 0; int doDTLS = 0;
int useNtruKey = 0; int useNtruKey = 0;
@ -230,7 +230,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
break; break;
case 'p' : case 'p' :
port = atoi(myoptarg); port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0) if (port == 0)
err_sys("port number cannot be 0"); err_sys("port number cannot be 0");
@ -374,7 +374,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (fewerPackets) if (fewerPackets)
CyaSSL_CTX_set_group_messages(ctx); CyaSSL_CTX_set_group_messages(ctx);
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif

View File

@ -51,9 +51,7 @@ AC_DEFUN([AX_DEBUG],
[AS_HELP_STRING([--enable-debug], [AS_HELP_STRING([--enable-debug],
[Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])], [Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],
[ax_enable_debug=yes [ax_enable_debug=yes
AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.]) AC_DEFINE([DEBUG],[1],[Define to 1 to enable debugging code.])],
AX_ADD_AM_MACRO([--debug],[AM_YFLAGS])
AX_ADD_AM_MACRO([-D_GLIBCXX_DEBUG],[AM_CPPFLAGS])],
[ax_enable_debug=no [ax_enable_debug=no
AC_SUBST([MCHECK]) AC_SUBST([MCHECK])
AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])]) AC_DEFINE([DEBUG],[0],[Define to 1 to enable debugging code.])])

View File

@ -117,10 +117,11 @@
AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cflags_extra])
dnl Anything below this comment please keep sorted. dnl Anything below this comment please keep sorted.
AS_IF([test "$CC" = "clang"],[],[ AS_IF([test "$CC" = "clang"],[],[
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra])
@ -156,6 +157,7 @@
AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra]) AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
AX_APPEND_COMPILE_FLAGS([-fPIE],,[$ax_append_compile_cflags_extra])
AC_LANG_POP AC_LANG_POP
]) ])
@ -185,10 +187,11 @@
]) ])
AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cxxflags_extra])
dnl Anything below this comment please keep sorted. dnl Anything below this comment please keep sorted.
AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra])
AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra]) AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra])

View File

@ -44,7 +44,23 @@
# modified version of the Autoconf Macro, you may extend this special # modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well. # exception to the GPL to apply to your modified version as well.
#serial 10 #serial 11
# Define m4_ifblank and m4_ifnblank macros from introduced in
# autotools 2.64 m4sugar.m4 if using an earlier autotools.
ifdef([m4_ifblank], [], [
m4_define([m4_ifblank],
[m4_if(m4_translit([[$1]], [ ][ ][
]), [], [$2], [$3])])
])
ifdef([m4_ifnblank], [], [
m4_define([m4_ifnblank],
[m4_if(m4_translit([[$1]], [ ][ ][
]), [], [$3], [$2])])
])
AC_DEFUN([AX_TLS], [ AC_DEFUN([AX_TLS], [
AC_MSG_CHECKING(for thread local storage (TLS) class) AC_MSG_CHECKING(for thread local storage (TLS) class)

View File

@ -4,7 +4,15 @@ Version: @VERSION@
Release: 1 Release: 1
License: GPLv2 License: GPLv2
Group: System Environment/Libraries Group: System Environment/Libraries
BuildRequires: bison BuildRequires: gcc
BuildRequires: glibc
BuildRequires: glibc-common
BuildRequires: glibc-devel
BuildRequires: glibc-headers
BuildRequires: make
BuildRequires: pkgconfig
BuildRequires: sed
BuildRequires: tar
URL: http://www.yassl.com/yaSSL/Home.html URL: http://www.yassl.com/yaSSL/Home.html
Packager: Brian Aker <brian@tangent.org> Packager: Brian Aker <brian@tangent.org>
@ -61,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/libcyassl.la %{_libdir}/libcyassl.la
%{_libdir}/libcyassl.so %{_libdir}/libcyassl.so
%{_libdir}/libcyassl.so.5 %{_libdir}/libcyassl.so.5
%{_libdir}/libcyassl.so.5.0.2 %{_libdir}/libcyassl.so.5.0.3
%files devel %files devel
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -96,6 +104,8 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/ctaocrypt/misc.h %{_includedir}/cyassl/ctaocrypt/misc.h
%{_includedir}/cyassl/ctaocrypt/mpi_class.h %{_includedir}/cyassl/ctaocrypt/mpi_class.h
%{_includedir}/cyassl/ctaocrypt/mpi_superclass.h %{_includedir}/cyassl/ctaocrypt/mpi_superclass.h
%{_includedir}/cyassl/ctaocrypt/pkcs7.h
%{_includedir}/cyassl/ctaocrypt/port.h
%{_includedir}/cyassl/ctaocrypt/pwdbased.h %{_includedir}/cyassl/ctaocrypt/pwdbased.h
%{_includedir}/cyassl/ctaocrypt/rabbit.h %{_includedir}/cyassl/ctaocrypt/rabbit.h
%{_includedir}/cyassl/ctaocrypt/random.h %{_includedir}/cyassl/ctaocrypt/random.h
@ -109,7 +119,6 @@ mkdir -p $RPM_BUILD_ROOT/
%{_includedir}/cyassl/ctaocrypt/types.h %{_includedir}/cyassl/ctaocrypt/types.h
%{_includedir}/cyassl/ctaocrypt/visibility.h %{_includedir}/cyassl/ctaocrypt/visibility.h
%{_includedir}/cyassl/error.h %{_includedir}/cyassl/error.h
%{_includedir}/cyassl/internal.h
%{_includedir}/cyassl/ocsp.h %{_includedir}/cyassl/ocsp.h
%{_includedir}/cyassl/openssl/asn1.h %{_includedir}/cyassl/openssl/asn1.h
%{_includedir}/cyassl/openssl/bio.h %{_includedir}/cyassl/openssl/bio.h
@ -152,5 +161,5 @@ mkdir -p $RPM_BUILD_ROOT/
%{_libdir}/pkgconfig/cyassl.pc %{_libdir}/pkgconfig/cyassl.pc
%changelog %changelog
* Fri Oct 20 2012 Brian Aker <brian@tangent.org> - 0.1-1 * Fri Oct 20 2012 Brian Aker <brian@tangent.org>
- Initial package - Initial package

View File

@ -79,8 +79,7 @@ CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32, static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32);
word32);
static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32); static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
#if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(NO_RSA) || defined(HAVE_ECC)
static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32); static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
@ -232,7 +231,7 @@ static INLINE void c24to32(const word24 u24, word32* u32)
/* convert opaque to 16 bit integer */ /* convert opaque to 16 bit integer */
static INLINE void ato16(const byte* c, word16* u16) static INLINE void ato16(const byte* c, word16* u16)
{ {
*u16 = (c[0] << 8) | (c[1]); *u16 = (word16) ((c[0] << 8) | (c[1]));
} }
@ -368,7 +367,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ctx->eccTempKeySz = ECDHE_SIZE; ctx->eccTempKeySz = ECDHE_SIZE;
#endif #endif
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ctx->passwd_cb = 0; ctx->passwd_cb = 0;
ctx->userdata = 0; ctx->userdata = 0;
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@ -2827,7 +2826,7 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
/* verify record type here as well */ /* verify record type here as well */
switch ((enum ContentType)rh->type) { switch (rh->type) {
case handshake: case handshake:
case change_cipher_spec: case change_cipher_spec:
case application_data: case application_data:
@ -3732,7 +3731,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
CYASSL_ENTER("DoHandShakeMsgType"); CYASSL_ENTER("DoHandShakeMsgType");
/* make sure can read the message */
if (*inOutIdx + size > totalSz)
return INCOMPLETE_DATA;
HashInput(ssl, input + *inOutIdx, size); HashInput(ssl, input + *inOutIdx, size);
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
/* add name later, add on record and handshake header part back on */ /* add name later, add on record and handshake header part back on */
if (ssl->toInfoOn) { if (ssl->toInfoOn) {
@ -3829,12 +3833,12 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
case client_hello: case client_hello:
CYASSL_MSG("processing client hello"); CYASSL_MSG("processing client hello");
ret = DoClientHello(ssl, input, inOutIdx, totalSz, size); ret = DoClientHello(ssl, input, inOutIdx, size);
break; break;
case client_key_exchange: case client_key_exchange:
CYASSL_MSG("processing client key exchange"); CYASSL_MSG("processing client key exchange");
ret = DoClientKeyExchange(ssl, input, inOutIdx, totalSz); ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
break; break;
#if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(NO_RSA) || defined(HAVE_ECC)
@ -3849,6 +3853,7 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
default: default:
CYASSL_MSG("Unknown handshake message type"); CYASSL_MSG("Unknown handshake message type");
ret = UNKNOWN_HANDSHAKE_TYPE; ret = UNKNOWN_HANDSHAKE_TYPE;
break;
} }
CYASSL_LEAVE("DoHandShakeMsgType()", ret); CYASSL_LEAVE("DoHandShakeMsgType()", ret);
@ -3859,18 +3864,15 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
word32 totalSz) word32 totalSz)
{ {
byte type; byte type;
word32 size; word32 size;
int ret = 0; int ret = 0;
CYASSL_ENTER("DoHandShakeMsg()"); CYASSL_ENTER("DoHandShakeMsg()");
if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0) if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
return PARSE_ERROR; return PARSE_ERROR;
if (*inOutIdx + size > totalSz)
return INCOMPLETE_DATA;
ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
CYASSL_LEAVE("DoHandShakeMsg()", ret); CYASSL_LEAVE("DoHandShakeMsg()", ret);
@ -3945,7 +3947,6 @@ static int DtlsMsgDrain(CYASSL* ssl)
{ {
DtlsMsg* item = ssl->dtls_msg_list; DtlsMsg* item = ssl->dtls_msg_list;
int ret = 0; int ret = 0;
word32 idx = 0;
/* While there is an item in the store list, and it is the expected /* While there is an item in the store list, and it is the expected
* message, and it is complete, and there hasn't been an error in the * message, and it is complete, and there hasn't been an error in the
@ -3954,6 +3955,7 @@ static int DtlsMsgDrain(CYASSL* ssl)
ssl->keys.dtls_expected_peer_handshake_number == item->seq && ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
item->fragSz == item->sz && item->fragSz == item->sz &&
ret == 0) { ret == 0) {
word32 idx = 0;
ssl->keys.dtls_expected_peer_handshake_number++; ssl->keys.dtls_expected_peer_handshake_number++;
ret = DoHandShakeMsgType(ssl, item->msg, ret = DoHandShakeMsgType(ssl, item->msg,
&idx, item->type, item->sz, item->sz); &idx, item->type, item->sz, item->sz);
@ -4141,8 +4143,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
/* Store the type, version. Unfortunately, they are in /* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */ * the input buffer ahead of the plaintext. */
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) if (ssl->options.dtls) {
c16toa(ssl->keys.dtls_epoch, additional);
additionalSrc -= DTLS_HANDSHAKE_EXTRA; additionalSrc -= DTLS_HANDSHAKE_EXTRA;
}
#endif #endif
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
@ -4163,8 +4167,9 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
additional, AEAD_AUTH_DATA_SZ); additional, AEAD_AUTH_DATA_SZ);
AeadIncrementExpIV(ssl); AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break;
} }
break;
#endif #endif
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
@ -4181,7 +4186,6 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
case cyassl_rabbit: case cyassl_rabbit:
return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
break;
#endif #endif
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
@ -4278,7 +4282,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
/* sequence number field is 64-bits, we only use 32-bits */ /* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
#ifdef CYASSL_DTLS
if (ssl->options.dtls)
c16toa(ssl->keys.dtls_state.curEpoch, additional);
#endif
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
@ -4318,7 +4327,6 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
case cyassl_rabbit: case cyassl_rabbit:
return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
break;
#endif #endif
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
@ -4711,7 +4719,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap); RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
#endif #endif
level = input[(*inOutIdx)++]; level = input[(*inOutIdx)++];
code = (int)input[(*inOutIdx)++]; code = input[(*inOutIdx)++];
ssl->alert_history.last_rx.code = code; ssl->alert_history.last_rx.code = code;
ssl->alert_history.last_rx.level = level; ssl->alert_history.last_rx.level = level;
*type = code; *type = code;
@ -4870,7 +4878,7 @@ int ProcessReply(CYASSL* ssl)
#endif #endif
for (;;) { for (;;) {
switch ((processReply)ssl->options.processReply) { switch (ssl->options.processReply) {
/* in the CYASSL_SERVER case, get the first byte for detecting /* in the CYASSL_SERVER case, get the first byte for detecting
* old client hello */ * old client hello */
@ -4912,7 +4920,7 @@ int ProcessReply(CYASSL* ssl)
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
b1 = b1 =
ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
ssl->curSize = ((b0 & 0x7f) << 8) | b1; ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
} }
else { else {
ssl->options.processReply = getRecordLayerHeader; ssl->options.processReply = getRecordLayerHeader;
@ -5193,6 +5201,7 @@ int ProcessReply(CYASSL* ssl)
ssl->options.processReply = doProcessInit; ssl->options.processReply = doProcessInit;
continue; continue;
} }
default: default:
CYASSL_MSG("Bad process input state, programming error"); CYASSL_MSG("Bad process input state, programming error");
return INPUT_CASE_ERROR; return INPUT_CASE_ERROR;
@ -6370,7 +6379,7 @@ void SetErrorString(int error, char* str)
/* be sure to add to cipher_name_idx too !!!! */ /* be sure to add to cipher_name_idx too !!!! */
const char* const cipher_names[] = static const char* const cipher_names[] =
{ {
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
"RC4-SHA", "RC4-SHA",
@ -6689,7 +6698,7 @@ const char* const cipher_names[] =
/* cipher suite number that matches above name table */ /* cipher suite number that matches above name table */
int cipher_name_idx[] = static int cipher_name_idx[] =
{ {
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
@ -7470,29 +7479,38 @@ static void PickHashSigAlgo(CYASSL* ssl,
static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx, static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 helloSz) word32 helloSz)
{ {
byte b; byte b;
byte compression;
ProtocolVersion pv; ProtocolVersion pv;
word32 i = *inOutIdx; byte compression;
word32 begin = i; word32 i = *inOutIdx;
word32 begin = i;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo); if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
#endif #endif
XMEMCPY(&pv, input + i, sizeof(pv));
i += (word32)sizeof(pv); /* protocol version, random and session id length check */
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* protocol version */
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
i += OPAQUE16_LEN;
if (pv.minor > ssl->version.minor) { if (pv.minor > ssl->version.minor) {
CYASSL_MSG("Server using higher version, fatal error"); CYASSL_MSG("Server using higher version, fatal error");
return VERSION_ERROR; return VERSION_ERROR;
} }
else if (pv.minor < ssl->version.minor) { else if (pv.minor < ssl->version.minor) {
CYASSL_MSG("server using lower version"); CYASSL_MSG("server using lower version");
if (!ssl->options.downgrade) { if (!ssl->options.downgrade) {
CYASSL_MSG(" no downgrade allowed, fatal error"); CYASSL_MSG(" no downgrade allowed, fatal error");
return VERSION_ERROR; return VERSION_ERROR;
} }
else if (pv.minor == SSLv3_MINOR) {
if (pv.minor == SSLv3_MINOR) {
/* turn off tls */ /* turn off tls */
CYASSL_MSG(" downgrading to SSLv3"); CYASSL_MSG(" downgrading to SSLv3");
ssl->options.tls = 0; ssl->options.tls = 0;
@ -7510,14 +7528,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->version.minor = TLSv1_1_MINOR; ssl->version.minor = TLSv1_1_MINOR;
} }
} }
/* random */
XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
i += RAN_LEN; i += RAN_LEN;
/* session id */
b = input[i++]; b = input[i++];
if (b) {
if (b == ID_LEN) {
if ((i - begin) + ID_LEN > helloSz)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN)); XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
i += b; i += ID_LEN;
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
} }
else if (b) {
CYASSL_MSG("Invalid session ID size");
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
}
/* suite and compression */
if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
ssl->options.cipherSuite0 = input[i++]; ssl->options.cipherSuite0 = input[i++];
ssl->options.cipherSuite = input[i++]; ssl->options.cipherSuite = input[i++];
compression = input[i++]; compression = input[i++];
@ -7528,17 +7563,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
*inOutIdx = i; *inOutIdx = i;
/* tls extensions */
if ( (i - begin) < helloSz) { if ( (i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
if (IsTLS(ssl)) { if (IsTLS(ssl)) {
int ret = 0; int ret = 0;
word16 totalExtSz; word16 totalExtSz;
Suites clSuites; /* just for compatibility right now */ Suites clSuites; /* just for compatibility right now */
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
ato16(&input[i], &totalExtSz); ato16(&input[i], &totalExtSz);
i += LENGTH_SZ; i += OPAQUE16_LEN;
if (totalExtSz > helloSz + begin - i)
return INCOMPLETE_DATA; if ((i - begin) + totalExtSz > helloSz)
return BUFFER_ERROR;
if ((ret = TLSX_Parse(ssl, (byte *) input + i, if ((ret = TLSX_Parse(ssl, (byte *) input + i,
totalExtSz, 0, &clSuites))) totalExtSz, 0, &clSuites)))
@ -7549,7 +7590,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
else else
#endif #endif
*inOutIdx = begin + helloSz; /* skip extensions */ *inOutIdx = begin + helloSz; /* skip extensions */
} }
ssl->options.serverState = SERVER_HELLO_COMPLETE; ssl->options.serverState = SERVER_HELLO_COMPLETE;
@ -7558,7 +7599,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session.sessionID, ID_LEN) == 0) { ssl->session.sessionID, ID_LEN) == 0) {
if (SetCipherSpecs(ssl) == 0) { if (SetCipherSpecs(ssl) == 0) {
int ret = -1; int ret = -1;
XMEMCPY(ssl->arrays->masterSecret, XMEMCPY(ssl->arrays->masterSecret,
ssl->session.masterSecret, SECRET_LEN); ssl->session.masterSecret, SECRET_LEN);
#ifdef NO_OLD_TLS #ifdef NO_OLD_TLS
@ -7572,6 +7614,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ret = DeriveKeys(ssl); ret = DeriveKeys(ssl);
#endif #endif
ssl->options.serverState = SERVER_HELLODONE_COMPLETE; ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
return ret; return ret;
} }
else { else {
@ -7589,6 +7632,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
DtlsPoolReset(ssl); DtlsPoolReset(ssl);
} }
#endif #endif
return SetCipherSpecs(ssl); return SetCipherSpecs(ssl);
} }
@ -7828,8 +7872,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* rsa */ /* rsa */
if (sigAlgo == rsa_sa_algo) if (sigAlgo == rsa_sa_algo)
{ {
int ret; int ret = 0;
byte* out; byte* out = NULL;
byte doUserRsa = 0; byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
@ -7891,12 +7935,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig, if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig,
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
return VERIFY_SIGN_ERROR; return VERIFY_SIGN_ERROR;
} }
else { else {
if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0) if (ret != sizeof(hash) || !out || XMEMCMP(out,
hash, sizeof(hash)) != 0)
return VERIFY_SIGN_ERROR; return VERIFY_SIGN_ERROR;
} }
} else } else
@ -9774,7 +9819,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
} }
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
if (!TLSX_ValidateEllipticCurves(ssl, first, second)) { if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
CYASSL_MSG("Don't have matching curves"); CYASSL_MSG("Don't have matching curves");
return 0; return 0;
@ -9995,32 +10040,37 @@ static void PickHashSigAlgo(CYASSL* ssl,
static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
word32 totalSz, word32 helloSz) word32 helloSz)
{ {
byte b; byte b;
ProtocolVersion pv; ProtocolVersion pv;
Suites clSuites; Suites clSuites;
word32 i = *inOutIdx; word32 i = *inOutIdx;
word32 begin = i; word32 begin = i;
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
#endif #endif
/* make sure can read up to session */
if (i + sizeof(pv) + RAN_LEN + ENUM_LEN > totalSz)
return INCOMPLETE_DATA;
XMEMCPY(&pv, input + i, sizeof(pv)); /* protocol version, random and session id length check */
if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* protocol version */
XMEMCPY(&pv, input + i, OPAQUE16_LEN);
ssl->chVersion = pv; /* store */ ssl->chVersion = pv; /* store */
i += (word32)sizeof(pv); i += OPAQUE16_LEN;
if (ssl->version.minor > pv.minor) { if (ssl->version.minor > pv.minor) {
byte haveRSA = 0; byte haveRSA = 0;
byte havePSK = 0; byte havePSK = 0;
if (!ssl->options.downgrade) { if (!ssl->options.downgrade) {
CYASSL_MSG("Client trying to connect with lesser version"); CYASSL_MSG("Client trying to connect with lesser version");
return VERSION_ERROR; return VERSION_ERROR;
} }
if (pv.minor == SSLv3_MINOR) { if (pv.minor == SSLv3_MINOR) {
/* turn off tls */ /* turn off tls */
CYASSL_MSG(" downgrading to SSLv3"); CYASSL_MSG(" downgrading to SSLv3");
@ -10049,6 +10099,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
ssl->options.haveECDSAsig, ssl->options.haveStaticECC, ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ssl->options.side); ssl->options.side);
} }
/* random */ /* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
i += RAN_LEN; i += RAN_LEN;
@ -10062,79 +10113,105 @@ static void PickHashSigAlgo(CYASSL* ssl,
printf("\n"); printf("\n");
} }
#endif #endif
/* session id */ /* session id */
b = input[i++]; b = input[i++];
if (b) {
if (i + ID_LEN > totalSz) if (b == ID_LEN) {
return INCOMPLETE_DATA; if ((i - begin) + ID_LEN > helloSz)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN); XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
i += b; i += ID_LEN;
ssl->options.resuming= 1; /* client wants to resume */ ssl->options.resuming = 1; /* client wants to resume */
CYASSL_MSG("Client wants to resume session"); CYASSL_MSG("Client wants to resume session");
} }
else if (b) {
CYASSL_MSG("Invalid session ID size");
return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
}
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
/* cookie */ /* cookie */
if (ssl->options.dtls) { if (ssl->options.dtls) {
if ((i - begin) + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
b = input[i++]; b = input[i++];
if (b) { if (b) {
byte cookie[MAX_COOKIE_LEN]; byte cookie[MAX_COOKIE_LEN];
if (b > MAX_COOKIE_LEN) if (b > MAX_COOKIE_LEN)
return BUFFER_ERROR; return BUFFER_ERROR;
if (i + b > totalSz)
return INCOMPLETE_DATA; if ((i - begin) + b > helloSz)
return BUFFER_ERROR;
if (ssl->ctx->CBIOCookie == NULL) { if (ssl->ctx->CBIOCookie == NULL) {
CYASSL_MSG("Your Cookie callback is null, please set"); CYASSL_MSG("Your Cookie callback is null, please set");
return COOKIE_ERROR; return COOKIE_ERROR;
} }
if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ, if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
ssl->IOCB_CookieCtx) != COOKIE_SZ) ssl->IOCB_CookieCtx) != COOKIE_SZ)
|| (b != COOKIE_SZ) || (b != COOKIE_SZ)
|| (XMEMCMP(cookie, input + i, b) != 0)) { || (XMEMCMP(cookie, input + i, b) != 0)) {
return COOKIE_ERROR; return COOKIE_ERROR;
} }
i += b; i += b;
} }
} }
#endif #endif
if (i + LENGTH_SZ > totalSz)
return INCOMPLETE_DATA;
/* suites */ /* suites */
ato16(&input[i], &clSuites.suiteSz); if ((i - begin) + OPAQUE16_LEN > helloSz)
i += 2; return BUFFER_ERROR;
ato16(&input[i], &clSuites.suiteSz);
i += OPAQUE16_LEN;
/* suites and compression length check */
if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
return BUFFER_ERROR;
/* suites and comp len */
if (i + clSuites.suiteSz + ENUM_LEN > totalSz)
return INCOMPLETE_DATA;
if (clSuites.suiteSz > MAX_SUITE_SZ) if (clSuites.suiteSz > MAX_SUITE_SZ)
return BUFFER_ERROR; return BUFFER_ERROR;
XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
i += clSuites.suiteSz; i += clSuites.suiteSz;
clSuites.hashSigAlgoSz = 0; clSuites.hashSigAlgoSz = 0;
b = input[i++]; /* comp len */ /* compression length */
if (i + b > totalSz) b = input[i++];
return INCOMPLETE_DATA;
if ((i - begin) + b > helloSz)
return BUFFER_ERROR;
if (ssl->options.usingCompression) { if (ssl->options.usingCompression) {
int match = 0; int match = 0;
while (b--) { while (b--) {
byte comp = input[i++]; byte comp = input[i++];
if (comp == ZLIB_COMPRESSION) if (comp == ZLIB_COMPRESSION)
match = 1; match = 1;
} }
if (!match) { if (!match) {
CYASSL_MSG("Not matching compression, turning off"); CYASSL_MSG("Not matching compression, turning off");
ssl->options.usingCompression = 0; /* turn off */ ssl->options.usingCompression = 0; /* turn off */
} }
} }
else else
i += b; /* ignore, since we're not on */ i += b; /* ignore, since we're not on */
*inOutIdx = i; *inOutIdx = i;
if ( (i - begin) < helloSz) {
/* tls extensions */
if ((i - begin) < helloSz) {
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
if (IsTLS(ssl)) { if (IsTLS(ssl)) {
int ret = 0; int ret = 0;
@ -10144,10 +10221,14 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* Process the hello extension. Skip unsupported. */ /* Process the hello extension. Skip unsupported. */
word16 totalExtSz; word16 totalExtSz;
if ((i - begin) + OPAQUE16_LEN > helloSz)
return BUFFER_ERROR;
ato16(&input[i], &totalExtSz); ato16(&input[i], &totalExtSz);
i += LENGTH_SZ; i += OPAQUE16_LEN;
if (totalExtSz > helloSz + begin - i)
return INCOMPLETE_DATA; if ((i - begin) + totalExtSz > helloSz)
return BUFFER_ERROR;
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
if ((ret = TLSX_Parse(ssl, (byte *) input + i, if ((ret = TLSX_Parse(ssl, (byte *) input + i,
@ -10158,19 +10239,24 @@ static void PickHashSigAlgo(CYASSL* ssl,
#else #else
while (totalExtSz) { while (totalExtSz) {
word16 extId, extSz; word16 extId, extSz;
if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
return BUFFER_ERROR;
ato16(&input[i], &extId); ato16(&input[i], &extId);
i += LENGTH_SZ; i += OPAQUE16_LEN;
ato16(&input[i], &extSz); ato16(&input[i], &extSz);
i += EXT_ID_SZ; i += OPAQUE16_LEN;
if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ)
return INCOMPLETE_DATA; if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
return BUFFER_ERROR;
if (extId == HELLO_EXT_SIG_ALGO) { if (extId == HELLO_EXT_SIG_ALGO) {
ato16(&input[i], &clSuites.hashSigAlgoSz); ato16(&input[i], &clSuites.hashSigAlgoSz);
i += LENGTH_SZ; i += OPAQUE16_LEN;
if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ)
return INCOMPLETE_DATA; if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
return BUFFER_ERROR;
XMEMCPY(clSuites.hashSigAlgo, &input[i], XMEMCPY(clSuites.hashSigAlgo, &input[i],
min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
@ -10179,27 +10265,29 @@ static void PickHashSigAlgo(CYASSL* ssl,
else else
i += extSz; i += extSz;
totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz; totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
} }
#endif #endif
*inOutIdx = i; *inOutIdx = i;
} }
else else
*inOutIdx = begin + helloSz; /* skip extensions */ *inOutIdx = begin + helloSz; /* skip extensions */
} }
ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ssl->options.haveSessionId = 1; ssl->options.haveSessionId = 1;
/* ProcessOld uses same resume code */ /* ProcessOld uses same resume code */
if (ssl->options.resuming && (!ssl->options.dtls || if (ssl->options.resuming && (!ssl->options.dtls ||
ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */ ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
int ret = -1; int ret = -1;
CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
if (!session) { if (!session) {
CYASSL_MSG("Session lookup for resume failed"); CYASSL_MSG("Session lookup for resume failed");
ssl->options.resuming = 0; ssl->options.resuming = 0;
} else { }
else {
if (MatchSuite(ssl, &clSuites) < 0) { if (MatchSuite(ssl, &clSuites) < 0) {
CYASSL_MSG("Unsupported cipher suite, ClientHello"); CYASSL_MSG("Unsupported cipher suite, ClientHello");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
@ -10265,8 +10353,8 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* RSA */ /* RSA */
#ifndef NO_RSA #ifndef NO_RSA
if (ssl->peerRsaKeyPresent != 0) { if (ssl->peerRsaKeyPresent != 0) {
byte* out; byte* out = NULL;
int outLen; int outLen = 0;
byte doUserRsa = 0; byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
@ -10317,12 +10405,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig, if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0) min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
ret = 0; /* verified */ ret = 0; /* verified */
} }
else { else {
if (outLen == FINISHED_SZ && XMEMCMP(out, if (outLen == FINISHED_SZ && out && XMEMCMP(out,
&ssl->certHashes, FINISHED_SZ) == 0) &ssl->certHashes, FINISHED_SZ) == 0)
ret = 0; /* verified */ ret = 0; /* verified */
} }
@ -10476,18 +10564,19 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif #endif
static int DoClientKeyExchange(CYASSL* ssl, byte* input, static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx,
word32* inOutIdx, word32 totalSz) word32 size)
{ {
int ret = 0; int ret = 0;
word32 length = 0; word32 length = 0;
byte* out = NULL; byte* out = NULL;
word32 begin = *inOutIdx;
(void)length; /* shut up compiler warnings */ (void)length; /* shut up compiler warnings */
(void)out; (void)out;
(void)input; (void)input;
(void)inOutIdx; (void)inOutIdx;
(void)totalSz; (void)size;
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
CYASSL_MSG("Client sending keyexchange at wrong time"); CYASSL_MSG("Client sending keyexchange at wrong time");
@ -10516,15 +10605,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
{ {
word32 idx = 0; word32 idx = 0;
RsaKey key; RsaKey key;
byte* tmp = 0;
byte doUserRsa = 0; byte doUserRsa = 0;
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
#ifndef NO_RSA if (ssl->ctx->RsaDecCb)
if (ssl->ctx->RsaDecCb) doUserRsa = 1;
doUserRsa = 1; #endif
#endif /* NO_RSA */
#endif /*HAVE_PK_CALLBACKS */
InitRsaKey(&key, ssl->heap); InitRsaKey(&key, ssl->heap);
@ -10540,28 +10626,31 @@ static void PickHashSigAlgo(CYASSL* ssl,
if (ssl->options.tls) { if (ssl->options.tls) {
word16 check; word16 check;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
ato16(input + *inOutIdx, &check); ato16(input + *inOutIdx, &check);
if ((word32)check != length) { *inOutIdx += OPAQUE16_LEN;
if ((word32) check != length) {
CYASSL_MSG("RSA explicit size doesn't match"); CYASSL_MSG("RSA explicit size doesn't match");
FreeRsaKey(&key); FreeRsaKey(&key);
return RSA_PRIVATE_ERROR; return RSA_PRIVATE_ERROR;
} }
(*inOutIdx) += 2;
} }
tmp = input + *inOutIdx;
*inOutIdx += length;
if (*inOutIdx > totalSz) { if ((*inOutIdx - begin) + length > size) {
CYASSL_MSG("RSA message too big"); CYASSL_MSG("RSA message too big");
FreeRsaKey(&key); FreeRsaKey(&key);
return INCOMPLETE_DATA; return BUFFER_ERROR;
} }
if (doUserRsa) { if (doUserRsa) {
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
#ifndef NO_RSA #ifndef NO_RSA
ret = ssl->ctx->RsaDecCb(ssl, ret = ssl->ctx->RsaDecCb(ssl,
tmp, length, &out, input + *inOutIdx, length, &out,
ssl->buffers.key.buffer, ssl->buffers.key.buffer,
ssl->buffers.key.length, ssl->buffers.key.length,
ssl->RsaDecCtx); ssl->RsaDecCtx);
@ -10569,9 +10658,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif /*HAVE_PK_CALLBACKS */ #endif /*HAVE_PK_CALLBACKS */
} }
else { else {
ret = RsaPrivateDecryptInline(tmp, length, &out, &key); ret = RsaPrivateDecryptInline(input + *inOutIdx, length,
&out, &key);
} }
*inOutIdx += length;
if (ret == SECRET_LEN) { if (ret == SECRET_LEN) {
XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN); XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
if (ssl->arrays->preMasterSecret[0] != if (ssl->arrays->preMasterSecret[0] !=
@ -10597,36 +10689,46 @@ static void PickHashSigAlgo(CYASSL* ssl,
byte* pms = ssl->arrays->preMasterSecret; byte* pms = ssl->arrays->preMasterSecret;
word16 ci_sz; word16 ci_sz;
ato16(&input[*inOutIdx], &ci_sz); if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
*inOutIdx += LENGTH_SZ; return BUFFER_ERROR;
if (ci_sz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz); ato16(input + *inOutIdx, &ci_sz);
*inOutIdx += OPAQUE16_LEN;
if (ci_sz > MAX_PSK_ID_LEN)
return CLIENT_ID_ERROR;
if ((*inOutIdx - begin) + ci_sz > size)
return BUFFER_ERROR;
XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
*inOutIdx += ci_sz; *inOutIdx += ci_sz;
if (ci_sz < MAX_PSK_ID_LEN)
ssl->arrays->client_identity[ci_sz] = 0;
else
ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0;
ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key, ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN); MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 || if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
/* make psk pre master secret */ /* make psk pre master secret */
/* length of key + length 0s + length of key + key */ /* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms); c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += 2; pms += OPAQUE16_LEN;
XMEMSET(pms, 0, ssl->arrays->psk_keySz); XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz; pms += ssl->arrays->psk_keySz;
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += 2; c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ret = MakeMasterSecret(ssl); ret = MakeMasterSecret(ssl);
/* No further need for PSK */ /* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; ssl->arrays->psk_keySz = 0;
@ -10636,26 +10738,34 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
case ntru_kea: case ntru_kea:
{ {
word32 rc;
word16 cipherLen; word16 cipherLen;
word16 plainLen = sizeof(ssl->arrays->preMasterSecret); word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
byte* tmp;
if (!ssl->buffers.key.buffer) if (!ssl->buffers.key.buffer)
return NO_PRIVATE_KEY; return NO_PRIVATE_KEY;
ato16(&input[*inOutIdx], &cipherLen); if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
*inOutIdx += LENGTH_SZ; return BUFFER_ERROR;
ato16(input + *inOutIdx, &cipherLen);
*inOutIdx += OPAQUE16_LEN;
if (cipherLen > MAX_NTRU_ENCRYPT_SZ) if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
return NTRU_KEY_ERROR; return NTRU_KEY_ERROR;
tmp = input + *inOutIdx; if ((*inOutIdx - begin) + cipherLen > size)
rc = crypto_ntru_decrypt((word16)ssl->buffers.key.length, return BUFFER_ERROR;
ssl->buffers.key.buffer, cipherLen, tmp, &plainLen,
ssl->arrays->preMasterSecret);
if (rc != NTRU_OK || plainLen != SECRET_LEN) if (NTRU_OK != crypto_ntru_decrypt(
(word16) ssl->buffers.key.length,
ssl->buffers.key.buffer, cipherLen,
input + *inOutIdx, &plainLen,
ssl->arrays->preMasterSecret))
return NTRU_DECRYPT_ERROR; return NTRU_DECRYPT_ERROR;
if (plainLen != SECRET_LEN)
return NTRU_DECRYPT_ERROR;
*inOutIdx += cipherLen; *inOutIdx += cipherLen;
ssl->arrays->preMasterSz = plainLen; ssl->arrays->preMasterSz = plainLen;
@ -10666,18 +10776,23 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef HAVE_ECC #ifdef HAVE_ECC
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
word32 size; if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
word32 bLength = input[*inOutIdx]; /* one byte length */ return BUFFER_ERROR;
*inOutIdx += 1;
ret = ecc_import_x963(&input[*inOutIdx], length = input[*inOutIdx];
bLength, ssl->peerEccKey); *inOutIdx += OPAQUE8_LEN;
if (ret != 0)
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey))
return ECC_PEERKEY_ERROR; return ECC_PEERKEY_ERROR;
*inOutIdx += bLength;
*inOutIdx += length;
ssl->peerEccKeyPresent = 1; ssl->peerEccKeyPresent = 1;
size = sizeof(ssl->arrays->preMasterSecret); length = sizeof(ssl->arrays->preMasterSecret);
if (ssl->specs.static_ecdh) { if (ssl->specs.static_ecdh) {
ecc_key staticKey; ecc_key staticKey;
word32 i = 0; word32 i = 0;
@ -10685,17 +10800,21 @@ static void PickHashSigAlgo(CYASSL* ssl,
ecc_init(&staticKey); ecc_init(&staticKey);
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
&staticKey, ssl->buffers.key.length); &staticKey, ssl->buffers.key.length);
if (ret == 0) if (ret == 0)
ret = ecc_shared_secret(&staticKey, ssl->peerEccKey, ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
ssl->arrays->preMasterSecret, &size); ssl->arrays->preMasterSecret, &length);
ecc_free(&staticKey); ecc_free(&staticKey);
} }
else else
ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey, ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
ssl->arrays->preMasterSecret, &size); ssl->arrays->preMasterSecret, &length);
if (ret != 0) if (ret != 0)
return ECC_SHARED_ERROR; return ECC_SHARED_ERROR;
ssl->arrays->preMasterSz = size;
ssl->arrays->preMasterSz = length;
ret = MakeMasterSecret(ssl); ret = MakeMasterSecret(ssl);
} }
break; break;
@ -10703,15 +10822,17 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
case diffie_hellman_kea: case diffie_hellman_kea:
{ {
byte* clientPub;
word16 clientPubSz; word16 clientPubSz;
DhKey dhKey; DhKey dhKey;
ato16(&input[*inOutIdx], &clientPubSz); if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
*inOutIdx += LENGTH_SZ; return BUFFER_ERROR;
clientPub = &input[*inOutIdx]; ato16(input + *inOutIdx, &clientPubSz);
*inOutIdx += clientPubSz; *inOutIdx += OPAQUE16_LEN;
if ((*inOutIdx - begin) + clientPubSz > size)
return BUFFER_ERROR;
InitDhKey(&dhKey); InitDhKey(&dhKey);
ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
@ -10723,8 +10844,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
&ssl->arrays->preMasterSz, &ssl->arrays->preMasterSz,
ssl->buffers.serverDH_Priv.buffer, ssl->buffers.serverDH_Priv.buffer,
ssl->buffers.serverDH_Priv.length, ssl->buffers.serverDH_Priv.length,
clientPub, clientPubSz); input + *inOutIdx, clientPubSz);
FreeDhKey(&dhKey); FreeDhKey(&dhKey);
*inOutIdx += clientPubSz;
if (ret == 0) if (ret == 0)
ret = MakeMasterSecret(ssl); ret = MakeMasterSecret(ssl);
} }
@ -10737,6 +10861,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
break; break;
} }
/* No further need for PMS */ /* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0; ssl->arrays->preMasterSz = 0;
@ -10753,5 +10878,3 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif /* NO_CYASSL_SERVER */ #endif /* NO_CYASSL_SERVER */

View File

@ -37,6 +37,8 @@ int InitOCSP(CYASSL_OCSP* ocsp, CYASSL_CERT_MANAGER* cm)
CYASSL_ENTER("InitOCSP"); CYASSL_ENTER("InitOCSP");
XMEMSET(ocsp, 0, sizeof(*ocsp)); XMEMSET(ocsp, 0, sizeof(*ocsp));
ocsp->cm = cm; ocsp->cm = cm;
if (InitMutex(&ocsp->ocspLock) != 0)
return BAD_MUTEX_E;
return 0; return 0;
} }
@ -46,11 +48,9 @@ static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
{ {
CYASSL_ENTER("InitOCSP_Entry"); CYASSL_ENTER("InitOCSP_Entry");
ocspe->next = NULL; XMEMSET(ocspe, 0, sizeof(*ocspe));
XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE); XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE); XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
ocspe->status = NULL;
ocspe->totalStatus = 0;
return 0; return 0;
} }
@ -83,96 +83,21 @@ void FreeOCSP(CYASSL_OCSP* ocsp, int dynamic)
tmp = next; tmp = next;
} }
FreeMutex(&ocsp->ocspLock);
if (dynamic) if (dynamic)
XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP); XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP);
} }
static OCSP_Entry* find_ocsp_entry(CYASSL_OCSP* ocsp, DecodedCert* cert)
{
OCSP_Entry* entry = ocsp->ocspList;
while (entry)
{
if (XMEMCMP(entry->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(entry->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
{
CYASSL_MSG("Found OCSP responder");
break;
}
else
{
entry = entry->next;
}
}
if (entry == NULL)
{
CYASSL_MSG("Add a new OCSP entry");
entry = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (entry != NULL)
{
InitOCSP_Entry(entry, cert);
entry->next = ocsp->ocspList;
ocsp->ocspList = entry;
}
}
return entry;
}
static CertStatus* find_cert_status(OCSP_Entry* ocspe, DecodedCert* cert)
{
CertStatus* stat = ocspe->status;
while (stat)
{
if(stat->serialSz == cert->serialSz &&
(XMEMCMP(stat->serial, cert->serial, cert->serialSz) == 0))
{
break;
}
else
{
stat = stat->next;
}
}
if (stat == NULL)
{
stat = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (stat != NULL)
{
XMEMCPY(stat->serial, cert->serial, cert->serialSz);
stat->serialSz = cert->serialSz;
stat->status = -1;
stat->nextDate[0] = 0;
ocspe->totalStatus++;
stat->next = ocspe->status;
ocspe->status = stat;
}
}
return stat;
}
static int xstat2err(int stat) static int xstat2err(int stat)
{ {
switch (stat) { switch (stat) {
case CERT_GOOD: case CERT_GOOD:
return 0; return 0;
break;
case CERT_REVOKED: case CERT_REVOKED:
return OCSP_CERT_REVOKED; return OCSP_CERT_REVOKED;
break;
default: default:
return OCSP_CERT_UNKNOWN; return OCSP_CERT_UNKNOWN;
break;
} }
} }
@ -184,46 +109,73 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
byte* ocspRespBuf = NULL; byte* ocspRespBuf = NULL;
OcspRequest ocspRequest; OcspRequest ocspRequest;
OcspResponse ocspResponse; OcspResponse ocspResponse;
int result = 0; int result = -1;
OCSP_Entry* ocspe; OCSP_Entry* ocspe;
CertStatus* certStatus; CertStatus* certStatus = NULL;
CertStatus newStatus;
const char *url; const char *url;
int urlSz; int urlSz;
CYASSL_ENTER("CheckCertOCSP"); CYASSL_ENTER("CheckCertOCSP");
ocspe = find_ocsp_entry(ocsp, cert); if (LockMutex(&ocsp->ocspLock) != 0) {
CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
ocspe = ocsp->ocspList;
while (ocspe) {
if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
&& XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash,
SHA_DIGEST_SIZE) == 0)
break;
else
ocspe = ocspe->next;
}
if (ocspe == NULL) { if (ocspe == NULL) {
CYASSL_MSG("alloc OCSP entry failed"); ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
return MEMORY_ERROR; NULL, DYNAMIC_TYPE_OCSP_ENTRY);
if (ocspe != NULL) {
InitOCSP_Entry(ocspe, cert);
ocspe->next = ocsp->ocspList;
ocsp->ocspList = ocspe;
}
else {
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
}
else {
certStatus = ocspe->status;
while (certStatus) {
if (certStatus->serialSz == cert->serialSz &&
XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0)
break;
else
certStatus = certStatus->next;
}
} }
certStatus = find_cert_status(ocspe, cert); if (certStatus != NULL) {
if (certStatus == NULL)
{
CYASSL_MSG("alloc OCSP cert status failed");
return MEMORY_ERROR;
}
if (certStatus->status != -1)
{
if (!ValidateDate(certStatus->thisDate, if (!ValidateDate(certStatus->thisDate,
certStatus->thisDateFormat, BEFORE) || certStatus->thisDateFormat, BEFORE) ||
(certStatus->nextDate[0] == 0) || (certStatus->nextDate[0] == 0) ||
!ValidateDate(certStatus->nextDate, !ValidateDate(certStatus->nextDate,
certStatus->nextDateFormat, AFTER)) certStatus->nextDateFormat, AFTER)) {
{
CYASSL_MSG("\tinvalid status date, looking up cert"); CYASSL_MSG("\tinvalid status date, looking up cert");
certStatus->status = -1;
} }
else else {
{
CYASSL_MSG("\tusing cached status");
result = xstat2err(certStatus->status); result = xstat2err(certStatus->status);
UnLockMutex(&ocsp->ocspLock);
CYASSL_LEAVE("CheckCertOCSP", result);
return result; return result;
} }
} }
UnLockMutex(&ocsp->ocspLock);
if (ocsp->cm->ocspUseOverrideURL) { if (ocsp->cm->ocspUseOverrideURL) {
url = ocsp->cm->ocspOverrideURL; url = ocsp->cm->ocspOverrideURL;
if (url != NULL && url[0] != '\0') if (url != NULL && url[0] != '\0')
@ -236,57 +188,82 @@ int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert)
urlSz = cert->extAuthInfoSz; urlSz = cert->extAuthInfoSz;
} }
else { else {
CYASSL_MSG("\tcert doesn't have extAuthInfo, assuming CERT_GOOD"); /* cert doesn't have extAuthInfo, assuming CERT_GOOD */
return 0; return 0;
} }
ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER); ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
if (ocspReqBuf == NULL) { if (ocspReqBuf == NULL) {
CYASSL_MSG("\talloc OCSP request buffer failed"); CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR; return MEMORY_ERROR;
} }
InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce, InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce,
ocspReqBuf, ocspReqSz); ocspReqBuf, ocspReqSz);
ocspReqSz = EncodeOcspRequest(&ocspRequest); ocspReqSz = EncodeOcspRequest(&ocspRequest);
if (ocsp->cm->ocspIOCb) { if (ocsp->cm->ocspIOCb)
result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
ocspReqBuf, ocspReqSz, &ocspRespBuf); ocspReqBuf, ocspReqSz, &ocspRespBuf);
}
if (result >= 0 && ocspRespBuf) { if (result >= 0 && ocspRespBuf) {
InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, result); XMEMSET(&newStatus, 0, sizeof(CertStatus));
InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result);
OcspResponseDecode(&ocspResponse); OcspResponseDecode(&ocspResponse);
if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) { if (ocspResponse.responseStatus != OCSP_SUCCESSFUL)
CYASSL_MSG("OCSP Responder failure");
result = OCSP_LOOKUP_FAIL; result = OCSP_LOOKUP_FAIL;
} else { else {
if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) {
{
result = xstat2err(ocspResponse.status->status); result = xstat2err(ocspResponse.status->status);
if (LockMutex(&ocsp->ocspLock) != 0)
result = BAD_MUTEX_E;
else {
if (certStatus != NULL)
/* Replace existing certificate entry with updated */
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
else {
/* Save new certificate entry */
certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus),
NULL, DYNAMIC_TYPE_OCSP_STATUS);
if (certStatus != NULL) {
XMEMCPY(certStatus, &newStatus, sizeof(CertStatus));
certStatus->next = ocspe->status;
ocspe->status = certStatus;
ocspe->totalStatus++;
}
}
UnLockMutex(&ocsp->ocspLock);
}
} }
else else
{
CYASSL_MSG("OCSP Response incorrect for Request");
result = OCSP_LOOKUP_FAIL; result = OCSP_LOOKUP_FAIL;
}
} }
} }
else { else
result = OCSP_LOOKUP_FAIL; result = OCSP_LOOKUP_FAIL;
}
if (ocspReqBuf != NULL) { if (ocspReqBuf != NULL)
XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
}
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb) {
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
}
if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf);
CYASSL_LEAVE("CheckCertOCSP", result);
return result; return result;
} }
#else /* HAVE_OCSP */
#ifdef _MSC_VER
/* 4206 warning for blank file */
#pragma warning(disable: 4206)
#endif
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */

View File

@ -962,12 +962,13 @@ int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
/* Check IP Header for IPV4, TCP, and a registered server address */ /* Check IP Header for IPV4, TCP, and a registered server address */
/* returns 0 on success, -1 on error */ /* returns 0 on success, -1 on error */
static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error) static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
{ {
int version = IP_V(iphdr); int version = IP_V(iphdr);
TraceIP(iphdr); TraceIP(iphdr);
Trace(IP_CHECK_STR); Trace(IP_CHECK_STR);
if (version != IPV4) { if (version != IPV4) {
SetError(BAD_IPVER_STR, error, NULL, 0); SetError(BAD_IPVER_STR, error, NULL, 0);
return -1; return -1;
@ -988,6 +989,9 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, char* error)
info->src = iphdr->src; info->src = iphdr->src;
info->dst = iphdr->dst; info->dst = iphdr->dst;
if (info->total == 0)
info->total = length; /* reassembled may be off */
return 0; return 0;
} }
@ -1138,7 +1142,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes,
input += TICKET_HINT_LEN; /* skip over hint */ input += TICKET_HINT_LEN; /* skip over hint */
*sslBytes -= TICKET_HINT_LEN; *sslBytes -= TICKET_HINT_LEN;
len = (input[0] << 8) | input[1]; len = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ; input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ; *sslBytes -= LENGTH_SZ;
@ -1232,8 +1236,10 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
doResume = 1; doResume = 1;
if (session->ticketID && doResume) { if (session->ticketID && doResume) {
/* use ticketID to retrieve from session */ /* use ticketID to retrieve from session, prefer over sessionID */
XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN); XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
session->sslServer->options.haveSessionId = 1; /* may not have
actual sessionID */
} }
if (doResume ) { if (doResume ) {
@ -1345,7 +1351,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
len = (input[0] << 8) | input[1]; len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN; input += SUITE_LEN;
*sslBytes -= SUITE_LEN; *sslBytes -= SUITE_LEN;
/* make sure can read suites + comp len */ /* make sure can read suites + comp len */
@ -1378,7 +1384,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
len = (input[0] << 8) | input[1]; len = (word16)((input[0] << 8) | input[1]);
input += SUITE_LEN; input += SUITE_LEN;
*sslBytes -= SUITE_LEN; *sslBytes -= SUITE_LEN;
/* make sure can read through all extensions */ /* make sure can read through all extensions */
@ -1396,7 +1402,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
input += EXT_TYPE_SZ; input += EXT_TYPE_SZ;
*sslBytes -= EXT_TYPE_SZ; *sslBytes -= EXT_TYPE_SZ;
extLen = (input[0] << 8) | input[1]; extLen = (word16)((input[0] << 8) | input[1]);
input += LENGTH_SZ; input += LENGTH_SZ;
*sslBytes -= LENGTH_SZ; *sslBytes -= LENGTH_SZ;
@ -1696,8 +1702,8 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
InitSession(session); InitSession(session);
session->server = ipInfo->dst; session->server = ipInfo->dst;
session->client = ipInfo->src; session->client = ipInfo->src;
session->srvPort = tcpInfo->dstPort; session->srvPort = (word16)tcpInfo->dstPort;
session->cliPort = tcpInfo->srcPort; session->cliPort = (word16)tcpInfo->srcPort;
session->cliSeqStart = tcpInfo->sequence; session->cliSeqStart = tcpInfo->sequence;
session->cliExpected = 1; /* relative */ session->cliExpected = 1; /* relative */
session->lastUsed= time(NULL); session->lastUsed= time(NULL);
@ -1777,8 +1783,8 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
} }
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
*rhSize); (word16)*rhSize);
if (ret < 0) { if (ret < 0 && ret != MATCH_SUITE_ERROR) {
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
@ -1856,20 +1862,24 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
{ {
TraceHeader(); TraceHeader();
TracePacket(); TracePacket();
/* ip header */
if (length < IP_HDR_SZ) { if (length < IP_HDR_SZ) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
if (CheckIpHdr((IpHdr*)packet, ipInfo, error) != 0) if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1; return -1;
/* tcp header */
if (length < (ipInfo->length + TCP_HDR_SZ)) { if (length < (ipInfo->length + TCP_HDR_SZ)) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0) if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
return -1; return -1;
/* setup */
*sslFrame = packet + ipInfo->length + tcpInfo->length; *sslFrame = packet + ipInfo->length + tcpInfo->length;
if (*sslFrame > packet + length) { if (*sslFrame > packet + length) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
@ -2314,6 +2324,10 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
session->sslServer : session->sslClient; session->sslServer : session->sslClient;
doMessage: doMessage:
notEnough = 0; notEnough = 0;
if (sslBytes < 0) {
SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
if (sslBytes >= RECORD_HEADER_SZ) { if (sslBytes >= RECORD_HEADER_SZ) {
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) { if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);

128
src/ssl.c
View File

@ -623,27 +623,53 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
/* Elliptic Curves */ /* Elliptic Curves */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name) int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
{ {
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ssl->extensions, name); switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ssl->extensions, name);
} }
int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name) int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
{ {
if (ctx == NULL) if (ctx == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
return TLSX_UseEllipticCurve(&ctx->extensions, name); switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
return TLSX_UseSupportedCurve(&ctx->extensions, name);
} }
#endif /* NO_CYASSL_CLIENT */ #endif /* NO_CYASSL_CLIENT */
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
#ifndef CYASSL_LEANPSK #ifndef CYASSL_LEANPSK
@ -1167,7 +1193,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
info.consumed = 0; info.consumed = 0;
der.buffer = NULL; der.buffer = NULL;
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
if (pass) { if (pass) {
info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
if (info.ctx == NULL) if (info.ctx == NULL)
@ -1205,7 +1231,7 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
#ifndef NO_FILESYSTEM #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
void CyaSSL_ERR_print_errors_fp(FILE* fp, int err) void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
{ {
@ -1589,13 +1615,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */ static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
/* uses session mutex */ /* uses session mutex */
#endif /* NO_CLIENT_CACHE */ #endif /* NO_CLIENT_CACHE */
/* for persistance, if changes to layout need to increment and modify
save_session_cache() and restore_session_cache and memory versions too */
#define CYASSL_CACHE_VERSION 2
#endif /* NO_SESSION_CACHE */ #endif /* NO_SESSION_CACHE */
@ -1808,7 +1829,7 @@ int CyaSSL_Init(void)
} }
} }
#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
if (pkcs8Enc) { if (pkcs8Enc) {
int passwordSz; int passwordSz;
char password[80]; char password[80];
@ -2231,71 +2252,6 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
/* process a file with name fname into ctx of format and type /* process a file with name fname into ctx of format and type
userChain specifies a user certificate chain to pass during handshake */ userChain specifies a user certificate chain to pass during handshake */
@ -3494,6 +3450,10 @@ int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
#if defined(PERSIST_SESSION_CACHE) #if defined(PERSIST_SESSION_CACHE)
/* for persistance, if changes to layout need to increment and modify
save_session_cache() and restore_session_cache and memory versions too */
#define CYASSL_CACHE_VERSION 2
/* Session Cache Header information */ /* Session Cache Header information */
typedef struct { typedef struct {
int version; /* cache layout version id */ int version; /* cache layout version id */
@ -7916,6 +7876,8 @@ CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file) CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
{ {
CYASSL_X509* newX509 = NULL; CYASSL_X509* newX509 = NULL;
@ -7945,6 +7907,8 @@ CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
return newX509; return newX509;
} }
#endif /* NO_STDIO_FILESYSTEM */
CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
{ {
byte staticBuffer[FILE_BUFFER_SIZE]; byte staticBuffer[FILE_BUFFER_SIZE];
@ -11377,3 +11341,9 @@ void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
void CyaSSL_wolfSCEP(void) {} void CyaSSL_wolfSCEP(void) {}
#endif #endif
#ifdef CYASSL_HAVE_CERT_SERVICE
/* Used by autoconf to see if cert service is available */
void CyaSSL_cert_service(void) {}
#endif

View File

@ -608,7 +608,6 @@ static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
default: /* invalid type */ default: /* invalid type */
XFREE(sni, 0, DYNAMIC_TYPE_TLSX); XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
break;
} }
sni->type = type; sni->type = type;
@ -721,46 +720,38 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
if (!extension) if (!extension)
extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION); extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
if (!extension || !extension->data) { if (!extension || !extension->data)
if (!isRequest) { return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
CYASSL_MSG("Unexpected SNI response from server"); SNI response from server. */
}
return 0; /* not using SNI */ if (!isRequest)
} return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
Nothing else to do. */
if (!isRequest) {
if (length) {
CYASSL_MSG("SNI response should be empty!");
}
return 0; /* nothing to do */
}
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
if (OPAQUE16_LEN > length) if (OPAQUE16_LEN > length)
return INCOMPLETE_DATA; return BUFFER_ERROR;
ato16(input, &size); ato16(input, &size);
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
/* validating sni list length */ /* validating sni list length */
if (length != OPAQUE16_LEN + size) if (length != OPAQUE16_LEN + size)
return INCOMPLETE_DATA; return BUFFER_ERROR;
for (size = 0; offset < length; offset += size) { for (size = 0; offset < length; offset += size) {
SNI *sni; SNI *sni;
byte type = input[offset++]; byte type = input[offset++];
if (offset + OPAQUE16_LEN > length) if (offset + OPAQUE16_LEN > length)
return INCOMPLETE_DATA; return BUFFER_ERROR;
ato16(input + offset, &size); ato16(input + offset, &size);
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (offset + size > length) if (offset + size > length)
return INCOMPLETE_DATA; return BUFFER_ERROR;
if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) { if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
continue; /* not using this SNI type */ continue; /* not using this SNI type */
@ -905,34 +896,34 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += HANDSHAKE_HEADER_SZ; offset += HANDSHAKE_HEADER_SZ;
if (offset + len32 > helloSz) if (offset + len32 > helloSz)
return INCOMPLETE_DATA; return BUFFER_ERROR;
/* client hello */ /* client hello */
offset += VERSION_SZ + RAN_LEN; /* version, random */ offset += VERSION_SZ + RAN_LEN; /* version, random */
if (helloSz < offset + clientHello[offset]) if (helloSz < offset + clientHello[offset])
return INCOMPLETE_DATA; return BUFFER_ERROR;
offset += ENUM_LEN + clientHello[offset]; /* skip session id */ offset += ENUM_LEN + clientHello[offset]; /* skip session id */
/* cypher suites */ /* cypher suites */
if (helloSz < offset + OPAQUE16_LEN) if (helloSz < offset + OPAQUE16_LEN)
return INCOMPLETE_DATA; return BUFFER_ERROR;
ato16(clientHello + offset, &len16); ato16(clientHello + offset, &len16);
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (helloSz < offset + len16) if (helloSz < offset + len16)
return INCOMPLETE_DATA; return BUFFER_ERROR;
offset += len16; /* skip cypher suites */ offset += len16; /* skip cypher suites */
/* compression methods */ /* compression methods */
if (helloSz < offset + 1) if (helloSz < offset + 1)
return INCOMPLETE_DATA; return BUFFER_ERROR;
if (helloSz < offset + clientHello[offset]) if (helloSz < offset + clientHello[offset])
return INCOMPLETE_DATA; return BUFFER_ERROR;
offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */ offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
@ -944,7 +935,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (helloSz < offset + len16) if (helloSz < offset + len16)
return INCOMPLETE_DATA; return BUFFER_ERROR;
while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) { while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
word16 extType; word16 extType;
@ -957,7 +948,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (helloSz < offset + extLen) if (helloSz < offset + extLen)
return INCOMPLETE_DATA; return BUFFER_ERROR;
if (extType != SERVER_NAME_INDICATION) { if (extType != SERVER_NAME_INDICATION) {
offset += extLen; /* skip extension */ offset += extLen; /* skip extension */
@ -968,7 +959,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (helloSz < offset + listLen) if (helloSz < offset + listLen)
return INCOMPLETE_DATA; return BUFFER_ERROR;
while (listLen > ENUM_LEN + OPAQUE16_LEN) { while (listLen > ENUM_LEN + OPAQUE16_LEN) {
byte sniType = clientHello[offset++]; byte sniType = clientHello[offset++];
@ -978,7 +969,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (helloSz < offset + sniLen) if (helloSz < offset + sniLen)
return INCOMPLETE_DATA; return BUFFER_ERROR;
if (sniType != type) { if (sniType != type) {
offset += sniLen; offset += sniLen;
@ -1028,7 +1019,7 @@ static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest) byte isRequest)
{ {
if (length != ENUM_LEN) if (length != ENUM_LEN)
return INCOMPLETE_DATA; return BUFFER_ERROR;
switch (*input) { switch (*input) {
case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break; case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
@ -1135,7 +1126,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
byte isRequest) byte isRequest)
{ {
if (length != 0 || input == NULL) if (length != 0 || input == NULL)
return INCOMPLETE_DATA; return BUFFER_ERROR;
#ifndef NO_CYASSL_SERVER #ifndef NO_CYASSL_SERVER
if (isRequest) { if (isRequest) {
@ -1160,7 +1151,7 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
#ifndef HAVE_ECC #ifndef HAVE_ECC
#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \ #error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
@ -1258,21 +1249,21 @@ static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
(void) isRequest; /* shut up compiler! */ (void) isRequest; /* shut up compiler! */
if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) if (OPAQUE16_LEN > length || length % OPAQUE16_LEN)
return INCOMPLETE_DATA; return BUFFER_ERROR;
ato16(input, &offset); ato16(input, &offset);
/* validating curve list length */ /* validating curve list length */
if (length != OPAQUE16_LEN + offset) if (length != OPAQUE16_LEN + offset)
return INCOMPLETE_DATA; return BUFFER_ERROR;
while (offset) { while (offset) {
ato16(input + offset, &name); ato16(input + offset, &name);
offset -= OPAQUE16_LEN; offset -= OPAQUE16_LEN;
r = TLSX_UseEllipticCurve(&ssl->extensions, name); r = TLSX_UseSupportedCurve(&ssl->extensions, name);
if (r) return r; /* throw error */ if (r != SSL_SUCCESS) return r; /* throw error */
} }
return 0; return 0;
@ -1300,6 +1291,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break; case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break; case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break; case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
default: continue; /* unsupported curve */
} }
switch (second) { switch (second) {
@ -1371,7 +1363,7 @@ int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
#endif /* NO_CYASSL_SERVER */ #endif /* NO_CYASSL_SERVER */
int TLSX_UseEllipticCurve(TLSX** extensions, word16 name) int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
{ {
TLSX* extension = NULL; TLSX* extension = NULL;
EllipticCurve* curve = NULL; EllipticCurve* curve = NULL;
@ -1380,19 +1372,6 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
if (extensions == NULL) if (extensions == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
switch (name) {
case CYASSL_ECC_SECP160R1:
case CYASSL_ECC_SECP192R1:
case CYASSL_ECC_SECP224R1:
case CYASSL_ECC_SECP256R1:
case CYASSL_ECC_SECP384R1:
case CYASSL_ECC_SECP521R1:
break;
default:
return BAD_FUNC_ARG;
}
if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0) if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
return ret; return ret;
@ -1456,7 +1435,7 @@ int TLSX_UseEllipticCurve(TLSX** extensions, word16 name)
#define EC_PARSE(a, b, c, d) 0 #define EC_PARSE(a, b, c, d) 0
#define EC_VALIDATE_REQUEST(a, b) #define EC_VALIDATE_REQUEST(a, b)
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
TLSX* TLSX_Find(TLSX* list, TLSX_Type type) TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
{ {
@ -1717,7 +1696,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
word16 size; word16 size;
if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
return INCOMPLETE_DATA; return BUFFER_ERROR;
ato16(input + offset, &type); ato16(input + offset, &type);
offset += HELLO_EXT_TYPE_SZ; offset += HELLO_EXT_TYPE_SZ;
@ -1726,7 +1705,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
offset += OPAQUE16_LEN; offset += OPAQUE16_LEN;
if (offset + size > length) if (offset + size > length)
return INCOMPLETE_DATA; return BUFFER_ERROR;
switch (type) { switch (type) {
case SERVER_NAME_INDICATION: case SERVER_NAME_INDICATION:
@ -1760,7 +1739,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
ato16(input + offset, &suites->hashSigAlgoSz); ato16(input + offset, &suites->hashSigAlgoSz);
if (suites->hashSigAlgoSz > size - OPAQUE16_LEN) if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
return INCOMPLETE_DATA; return BUFFER_ERROR;
XMEMCPY(suites->hashSigAlgo, XMEMCPY(suites->hashSigAlgo,
input + offset + OPAQUE16_LEN, input + offset + OPAQUE16_LEN,
@ -1788,7 +1767,7 @@ int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
#elif defined(HAVE_SNI) \ #elif defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \ || defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUNCATED_HMAC) \ || defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_ELLIPTIC_CURVES) || defined(HAVE_SUPPORTED_CURVES)
#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined." #error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."

View File

@ -44,7 +44,9 @@ static int test_CyaSSL_CTX_load_verify_locations(void);
#ifndef NO_RSA #ifndef NO_RSA
static int test_server_CyaSSL_new(void); static int test_server_CyaSSL_new(void);
static int test_client_CyaSSL_new(void); static int test_client_CyaSSL_new(void);
#ifndef SINGLE_THREADED
static int test_CyaSSL_read_write(void); static int test_CyaSSL_read_write(void);
#endif /* SINGLE_THREADED */
#endif /* NO_RSA */ #endif /* NO_RSA */
#endif /* NO_FILESYSTEM */ #endif /* NO_FILESYSTEM */
#ifdef HAVE_SNI #ifdef HAVE_SNI
@ -56,9 +58,9 @@ static void test_CyaSSL_UseMaxFragment(void);
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
static void test_CyaSSL_UseTruncatedHMAC(void); static void test_CyaSSL_UseTruncatedHMAC(void);
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseEllipticCurve(void); static void test_CyaSSL_UseSupportedCurve(void);
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
/* test function helpers */ /* test function helpers */
static int test_method(CYASSL_METHOD *method, const char *name); static int test_method(CYASSL_METHOD *method, const char *name);
@ -107,7 +109,9 @@ int ApiTest(void)
#ifndef NO_RSA #ifndef NO_RSA
test_server_CyaSSL_new(); test_server_CyaSSL_new();
test_client_CyaSSL_new(); test_client_CyaSSL_new();
#ifndef SINGLE_THREADED
test_CyaSSL_read_write(); test_CyaSSL_read_write();
#endif /* SINGLE_THREADED */
#endif /* NO_RSA */ #endif /* NO_RSA */
#endif /* NO_FILESYSTEM */ #endif /* NO_FILESYSTEM */
#ifdef HAVE_SNI #ifdef HAVE_SNI
@ -119,9 +123,9 @@ int ApiTest(void)
#ifdef HAVE_TRUNCATED_HMAC #ifdef HAVE_TRUNCATED_HMAC
test_CyaSSL_UseTruncatedHMAC(); test_CyaSSL_UseTruncatedHMAC();
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
test_CyaSSL_UseEllipticCurve(); test_CyaSSL_UseSupportedCurve();
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
test_CyaSSL_Cleanup(); test_CyaSSL_Cleanup();
printf(" End API Tests\n"); printf(" End API Tests\n");
@ -542,8 +546,8 @@ static void test_CyaSSL_UseTruncatedHMAC(void)
} }
#endif /* HAVE_TRUNCATED_HMAC */ #endif /* HAVE_TRUNCATED_HMAC */
#ifdef HAVE_ELLIPTIC_CURVES #ifdef HAVE_SUPPORTED_CURVES
static void test_CyaSSL_UseEllipticCurve(void) static void test_CyaSSL_UseSupportedCurve(void)
{ {
CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); CYASSL_CTX *ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
CYASSL *ssl = CyaSSL_new(ctx); CYASSL *ssl = CyaSSL_new(ctx);
@ -553,21 +557,21 @@ static void test_CyaSSL_UseEllipticCurve(void)
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT
/* error cases */ /* error cases */
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1)); AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_CTX_UseEllipticCurve(ctx, 0)); AssertIntNE(1, CyaSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(1, CyaSSL_UseEllipticCurve(NULL, CYASSL_ECC_SECP160R1)); AssertIntNE(1, CyaSSL_UseSupportedCurve(NULL, CYASSL_ECC_SECP160R1));
AssertIntNE(1, CyaSSL_UseEllipticCurve(ssl, 0)); AssertIntNE(1, CyaSSL_UseSupportedCurve(ssl, 0));
/* success case */ /* success case */
AssertIntEQ(1, CyaSSL_CTX_UseEllipticCurve(ctx, CYASSL_ECC_SECP160R1)); AssertIntEQ(1, CyaSSL_CTX_UseSupportedCurve(ctx, CYASSL_ECC_SECP160R1));
AssertIntEQ(1, CyaSSL_UseEllipticCurve(ssl, CYASSL_ECC_SECP160R1)); AssertIntEQ(1, CyaSSL_UseSupportedCurve(ssl, CYASSL_ECC_SECP160R1));
#endif #endif
CyaSSL_free(ssl); CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx); CyaSSL_CTX_free(ctx);
} }
#endif /* HAVE_ELLIPTIC_CURVES */ #endif /* HAVE_SUPPORTED_CURVES */
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
/* Helper for testing CyaSSL_CTX_use_certificate_file() */ /* Helper for testing CyaSSL_CTX_use_certificate_file() */
@ -892,6 +896,8 @@ int test_client_CyaSSL_new(void)
} }
#ifndef SINGLE_THREADED
static int test_CyaSSL_read_write(void) static int test_CyaSSL_read_write(void)
{ {
/* The unit testing for read and write shall happen simutaneously, since /* The unit testing for read and write shall happen simutaneously, since
@ -923,6 +929,7 @@ static int test_CyaSSL_read_write(void)
InitTcpReady(&ready); InitTcpReady(&ready);
server_args.signal = &ready; server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread); start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args); wait_tcp_ready(&server_args);
test_client_nofail(&client_args); test_client_nofail(&client_args);
@ -942,7 +949,7 @@ static int test_CyaSSL_read_write(void)
FreeTcpReady(&ready); FreeTcpReady(&ready);
return test_result; return test_result;
}; }
#endif #endif
@ -950,6 +957,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
{ {
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0; SOCKET_T clientfd = 0;
word16 port = yasslPort;
CYASSL_METHOD* method = 0; CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0; CYASSL_CTX* ctx = 0;
@ -963,6 +971,11 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
method = CyaSSLv23_server_method(); method = CyaSSLv23_server_method();
ctx = CyaSSL_CTX_new(method); ctx = CyaSSL_CTX_new(method);
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx, CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
@ -990,7 +1003,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
goto done; goto done;
} }
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0);
CloseSocket(sockfd); CloseSocket(sockfd);
CyaSSL_set_fd(ssl, clientfd); CyaSSL_set_fd(ssl, clientfd);
@ -1074,7 +1087,7 @@ void test_client_nofail(void* args)
goto done2; goto done2;
} }
tcp_connect(&sockfd, yasslIP, yasslPort, 0); tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd); CyaSSL_set_fd(ssl, sockfd);
@ -1139,7 +1152,7 @@ void run_cyassl_client(void* args)
if (callbacks->ctx_ready) if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx); callbacks->ctx_ready(ctx);
tcp_connect(&sfd, yasslIP, yasslPort, 0); tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0);
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sfd); CyaSSL_set_fd(ssl, sfd);
@ -1178,6 +1191,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
CYASSL* ssl = NULL; CYASSL* ssl = NULL;
SOCKET_T sfd = 0; SOCKET_T sfd = 0;
SOCKET_T cfd = 0; SOCKET_T cfd = 0;
word16 port = yasslPort;
char msg[] = "I hear you fa shizzle!"; char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg); int len = (int) XSTRLEN(msg);
@ -1186,6 +1200,11 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
((func_args*)args)->return_code = TEST_FAIL; ((func_args*)args)->return_code = TEST_FAIL;
#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
!defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL)
port = 0;
#endif
CyaSSL_CTX_set_verify(ctx, CyaSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
@ -1207,7 +1226,7 @@ THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args)
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, yasslPort, 0, 0); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0);
CloseSocket(sfd); CloseSocket(sfd);
CyaSSL_set_fd(ssl, cfd); CyaSSL_set_fd(ssl, cfd);
@ -1268,6 +1287,7 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
/* RUN Server side */ /* RUN Server side */
InitTcpReady(&ready); InitTcpReady(&ready);
server_args.signal = &ready; server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_cyassl_server, &server_args, &serverThread); start_thread(run_cyassl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args); wait_tcp_ready(&server_args);
@ -1278,4 +1298,6 @@ void test_CyaSSL_client_server(callback_functions* client_callbacks,
FreeTcpReady(&ready); FreeTcpReady(&ready);
} }
#endif /* SINGLE_THREADED*/
#endif /* NO_FILESYSTEM */ #endif /* NO_FILESYSTEM */

View File

@ -4,20 +4,20 @@
if BUILD_EXAMPLES if BUILD_EXAMPLES
check_PROGRAMS += tests/unit check_PROGRAMS += tests/unit.test
noinst_PROGRAMS += tests/unit noinst_PROGRAMS += tests/unit.test
tests_unit_SOURCES = \ tests_unit_test_SOURCES = \
tests/unit.c \ tests/unit.c \
tests/api.c \ tests/api.c \
tests/suites.c \ tests/suites.c \
tests/hash.c \ tests/hash.c \
examples/client/client.c \ examples/client/client.c \
examples/server/server.c examples/server/server.c
tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
tests_unit_LDADD = src/libcyassl.la tests_unit_test_LDADD = src/libcyassl.la
tests_unit_DEPENDENCIES = src/libcyassl.la tests_unit_test_DEPENDENCIES = src/libcyassl.la
endif endif
EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \ EXTRA_DIST += tests/test.conf \
tests/test-dtls.conf tests/test-dtls.conf
DISTCLEANFILES+= tests/.libs/unit DISTCLEANFILES+= tests/.libs/unit.test

View File

@ -36,18 +36,20 @@
#define MAX_COMMAND_SZ 240 #define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80 #define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123 #define NOT_BUILT_IN -123
#define VERSION_TOO_OLD -124 #ifdef NO_OLD_TLS
#define VERSION_TOO_OLD -124
#endif
#include "examples/client/client.h" #include "examples/client/client.h"
#include "examples/server/server.h" #include "examples/server/server.h"
CYASSL_CTX* cipherSuiteCtx = NULL; static CYASSL_CTX* cipherSuiteCtx = NULL;
char nonblockFlag[] = "-N"; static char nonblockFlag[] = "-N";
char noVerifyFlag[] = "-d"; static char noVerifyFlag[] = "-d";
char portFlag[] = "-p"; static char portFlag[] = "-p";
char flagSep[] = " "; static char flagSep[] = " ";
char svrPort[] = "0"; static char svrPort[] = "0";
#ifdef NO_OLD_TLS #ifdef NO_OLD_TLS
@ -80,8 +82,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
int valid = 0; int valid = 0;
const char* find = "-l "; const char* find = "-l ";
char* begin = strstr(line, find); const char* begin = strstr(line, find);
char* end; const char* end;
suite[0] = '\0'; suite[0] = '\0';

View File

@ -42,10 +42,12 @@ int main(int argc, char** argv)
return ret; return ret;
} }
#ifndef SINGLE_THREADED
if ( (ret = SuiteTest()) != 0){ if ( (ret = SuiteTest()) != 0){
printf("suite test failed with %d\n", ret); printf("suite test failed with %d\n", ret);
return ret; return ret;
} }
#endif
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID); CspShutdown(CAVIUM_DEV_ID);
@ -55,9 +57,12 @@ int main(int argc, char** argv)
} }
void wait_tcp_ready(func_args* args) void wait_tcp_ready(func_args* args)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #ifdef SINGLE_THREADED
(void)args;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_lock(&args->signal->mutex); pthread_mutex_lock(&args->signal->mutex);
if (!args->signal->ready) if (!args->signal->ready)
@ -73,7 +78,11 @@ void wait_tcp_ready(func_args* args)
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread) void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #ifdef SINGLE_THREADED
(void)fun;
(void)args;
(void)thread;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_create(thread, 0, fun, args); pthread_create(thread, 0, fun, args);
return; return;
#else #else
@ -84,7 +93,9 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
void join_thread(THREAD_TYPE thread) void join_thread(THREAD_TYPE thread)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #ifdef SINGLE_THREADED
(void)thread;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_join(thread, 0); pthread_join(thread, 0);
#else #else
int res = WaitForSingleObject((HANDLE)thread, INFINITE); int res = WaitForSingleObject((HANDLE)thread, INFINITE);
@ -99,7 +110,8 @@ void InitTcpReady(tcp_ready* ready)
{ {
ready->ready = 0; ready->ready = 0;
ready->port = 0; ready->port = 0;
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #ifdef SINGLE_THREADED
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_init(&ready->mutex, 0); pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0); pthread_cond_init(&ready->cond, 0);
#endif #endif
@ -108,10 +120,13 @@ void InitTcpReady(tcp_ready* ready)
void FreeTcpReady(tcp_ready* ready) void FreeTcpReady(tcp_ready* ready)
{ {
#if defined(_POSIX_THREADS) && !defined(__MINGW32__) #ifdef SINGLE_THREADED
(void)ready;
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_destroy(&ready->mutex); pthread_mutex_destroy(&ready->mutex);
pthread_cond_destroy(&ready->cond); pthread_cond_destroy(&ready->cond);
#else #else
(void)ready; (void)ready;
#endif #endif
} }

View File

@ -4,22 +4,22 @@
if BUILD_EXAMPLES if BUILD_EXAMPLES
check_PROGRAMS += testsuite/testsuite check_PROGRAMS += testsuite/testsuite.test
noinst_PROGRAMS += testsuite/testsuite noinst_PROGRAMS += testsuite/testsuite.test
testsuite_testsuite_SOURCES = \ testsuite_testsuite_test_SOURCES = \
ctaocrypt/test/test.c \ ctaocrypt/test/test.c \
examples/client/client.c \ examples/client/client.c \
examples/echoclient/echoclient.c \ examples/echoclient/echoclient.c \
examples/echoserver/echoserver.c \ examples/echoserver/echoserver.c \
examples/server/server.c \ examples/server/server.c \
testsuite/testsuite.c testsuite/testsuite.c
testsuite_testsuite_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS)
testsuite_testsuite_LDADD = src/libcyassl.la testsuite_testsuite_test_LDADD = src/libcyassl.la
testsuite_testsuite_DEPENDENCIES = src/libcyassl.la testsuite_testsuite_test_DEPENDENCIES = src/libcyassl.la
endif endif
EXTRA_DIST += testsuite/testsuite.sln EXTRA_DIST += testsuite/testsuite.sln
EXTRA_DIST += testsuite/testsuite-ntru.vcproj EXTRA_DIST += testsuite/testsuite-ntru.vcproj
EXTRA_DIST += testsuite/testsuite.vcproj EXTRA_DIST += testsuite/testsuite.vcproj
EXTRA_DIST += input EXTRA_DIST += input
EXTRA_DIST += quit EXTRA_DIST += quit
DISTCLEANFILES+= testsuite/.libs/testsuite DISTCLEANFILES+= testsuite/.libs/testsuite.test

View File

@ -25,22 +25,18 @@
#include <cyassl/ctaocrypt/settings.h> #include <cyassl/ctaocrypt/settings.h>
#include <cyassl/openssl/ssl.h>
#include <cyassl/test.h> #include <cyassl/test.h>
#include <cyassl/ctaocrypt/sha256.h>
#include "ctaocrypt/test/test.h" #include "ctaocrypt/test/test.h"
#ifdef SINGLE_THREADED #ifndef SINGLE_THREADED
#error testsuite needs threads to run, please run ctaocrypt/test, \
and the examples/ individually #include <cyassl/openssl/ssl.h>
#endif #include <cyassl/ctaocrypt/sha256.h>
#include "examples/echoclient/echoclient.h" #include "examples/echoclient/echoclient.h"
#include "examples/echoserver/echoserver.h" #include "examples/echoserver/echoserver.h"
#include "examples/server/server.h" #include "examples/server/server.h"
#include "examples/client/client.h" #include "examples/client/client.h"
#include "ctaocrypt/test/test.h"
void file_test(const char* file, byte* hash); void file_test(const char* file, byte* hash);
@ -52,9 +48,9 @@ enum {
}; };
#ifndef USE_WINDOWS_API #ifndef USE_WINDOWS_API
const char outputName[] = "/tmp/output"; static const char outputName[] = "/tmp/output";
#else #else
const char outputName[] = "output"; static const char outputName[] = "output";
#endif #endif
@ -117,7 +113,7 @@ int main(int argc, char** argv)
myArgv[1] = argc1; myArgv[1] = argc1;
myArgv[2] = argc2; myArgv[2] = argc2;
echo_args.argc = NUMARGS; echo_args.argc = 3;
echo_args.argv = myArgv; echo_args.argv = myArgv;
strcpy(echo_args.argv[0], "echoclient"); strcpy(echo_args.argv[0], "echoclient");
@ -171,10 +167,16 @@ void simple_test(func_args* args)
THREAD_TYPE serverThread; THREAD_TYPE serverThread;
func_args svrArgs; func_args svrArgs;
char *svrArgv[NUMARGS]; char *svrArgv[9];
char argc0s[32]; char argc0s[32];
char argc1s[32]; char argc1s[32];
char argc2s[32]; char argc2s[32];
char argc3s[32];
char argc4s[32];
char argc5s[32];
char argc6s[32];
char argc7s[32];
char argc8s[32];
func_args cliArgs; func_args cliArgs;
char *cliArgv[NUMARGS]; char *cliArgv[NUMARGS];
@ -185,6 +187,12 @@ void simple_test(func_args* args)
svrArgv[0] = argc0s; svrArgv[0] = argc0s;
svrArgv[1] = argc1s; svrArgv[1] = argc1s;
svrArgv[2] = argc2s; svrArgv[2] = argc2s;
svrArgv[3] = argc3s;
svrArgv[4] = argc4s;
svrArgv[5] = argc5s;
svrArgv[6] = argc6s;
svrArgv[7] = argc7s;
svrArgv[8] = argc8s;
cliArgv[0] = argc0c; cliArgv[0] = argc0c;
cliArgv[1] = argc1c; cliArgv[1] = argc1c;
cliArgv[2] = argc2c; cliArgv[2] = argc2c;
@ -198,9 +206,16 @@ void simple_test(func_args* args)
strcpy(svrArgs.argv[0], "SimpleServer"); strcpy(svrArgs.argv[0], "SimpleServer");
#if !defined(USE_WINDOWS_API) && !defined(CYASSL_SNIFFER) #if !defined(USE_WINDOWS_API) && !defined(CYASSL_SNIFFER)
svrArgs.argc = NUMARGS; strcpy(svrArgs.argv[svrArgs.argc++], "-p");
strcpy(svrArgs.argv[1], "-p"); strcpy(svrArgs.argv[svrArgs.argc++], "0");
strcpy(svrArgs.argv[2], "0"); #endif
#ifdef HAVE_NTRU
strcpy(svrArgs.argv[svrArgs.argc++], "-d");
strcpy(svrArgs.argv[svrArgs.argc++], "-n");
strcpy(svrArgs.argv[svrArgs.argc++], "-c");
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-cert.pem");
strcpy(svrArgs.argv[svrArgs.argc++], "-k");
strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-key.raw");
#endif #endif
/* Set the last arg later, when it is known. */ /* Set the last arg later, when it is known. */
@ -317,3 +332,35 @@ void file_test(const char* file, byte* check)
} }
#else /* SINGLE_THREADED */
int myoptind = 0;
char* myoptarg = NULL;
int main(int argc, char** argv)
{
func_args server_args;
server_args.argc = argc;
server_args.argv = argv;
if (CurrentDir("testsuite") || CurrentDir("_build"))
ChangeDirBack(1);
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3); /* Xcode->Preferences->Locations->Locations*/
/* Derived Data Advanced -> Custom */
/* Relative to Workspace, Build/Products */
/* Debug or Release */
ctaocrypt_test(&server_args);
if (server_args.return_code != 0) return server_args.return_code;
printf("\nAll tests passed!\n");
return EXIT_SUCCESS;
}
#endif /* SINGLE_THREADED */